    !!! ACL rules allowing incoming tcp/57411 for the eda-discovery grpc server
    acl {
        acl-filter cpm type ipv4 {
            statistics-per-entry true
            entry 10 {
                description "Accept incoming ICMP unreachable messages"
                match {
                    ipv4 {
                        protocol icmp
                        icmp {
                            type dest-unreachable
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 20 {
                description "Accept incoming ICMP time-exceeded messages"
                match {
                    ipv4 {
                        protocol icmp
                        icmp {
                            type time-exceeded
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 40 {
                description "Accept incoming ICMP echo messages"
                match {
                    ipv4 {
                        protocol icmp
                        icmp {
                            type echo
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 50 {
                description "Accept incoming ICMP echo-reply messages"
                match {
                    ipv4 {
                        protocol icmp
                        icmp {
                            type echo-reply
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 60 {
                description "Accept incoming SSH when the other host initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 22
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 70 {
                description "Accept incoming SSH when this router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 22
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 88 {
                description "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 23
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 98 {
                description "Containerlab-added rule: Accept incoming Telnet when this router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 23
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 100 {
                description "Accept incoming TACACS+ when the other host initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 49
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 110 {
                description "Accept incoming TACACS+ when this router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 49
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 120 {
                description "Accept incoming DNS response messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 53
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 130 {
                description "Accept incoming DHCP messages targeted for BOOTP/DHCP client"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 68
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 158 {
                description "Containerlab-added rule: Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 80
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 160 {
                description "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 80
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 170 {
                description "Accept incoming NTP messages from servers"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 123
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 180 {
                description "Accept incoming SNMP GET/GETNEXT messages from servers"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 161
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 190 {
                description "Accept incoming BGP when the other router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 179
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 200 {
                description "Accept incoming BGP when this router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 179
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 210 {
                description "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 443
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 220 {
                description "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 443
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 230 {
                description "Accept incoming single-hop BFD session messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 3784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 240 {
                description "Accept incoming multi-hop BFD session messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 4784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 250 {
                description "Accept incoming uBFD session messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 6784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 260 {
                description "Accept incoming gRPC messages when the other host initiates the TCP connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57400
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 270 {
                description "Accept incoming UDP traceroute messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            range {
                                start 33434
                                end 33464
                            }
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 290 {
                description "Accept incoming OSPF messages"
                match {
                    ipv4 {
                        protocol 89
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 300 {
                description "Accept incoming DHCP relay messages targeted for BOOTP/DHCP server"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 67
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 310 {
                description "Accept ICMP fragment packets"
                match {
                    ipv4 {
                        fragment true
                        protocol icmp
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 320 {
                description "Accept incoming LDP packets"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 646
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 330 {
                description "Accept incoming LDP packets with source-port 646"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 646
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 340 {
                description "Accept incoming LDP packets with destination-port 646"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 646
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 355 {
                description "Containerlab-added rule: Accept incoming gRPC over port 50052 for the eda-discovery gRPC server"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 50052
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 356 {
                description "Containerlab-added rule: Accept incoming gRPC over port 57410 for the eda-mgmt gRPC server"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57410
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 357 {
                description "Containerlab-added rule: Accept incoming gRPC over port 57411 for the eda-mgmt gRPC server"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57411
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 358 {
                description "Containerlab-added rule: Accept incoming gRPC over port 57401 for the insecure-mgmt gRPC server"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57401
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 370 {
                description "Accept incoming IGMP packets"
                match {
                    ipv4 {
                        protocol igmp
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 380 {
                description "Accept incoming PIM packets"
                match {
                    ipv4 {
                        protocol pim
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 390 {
                description "Accept incoming RADIUS AAA packets"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        source-port {
                            range {
                                start 1812
                                end 1813
                            }
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 400 {
                description "Accept incoming SSH connections on the default NETCONF port 830"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 830
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 410 {
                description "Accept incoming PTP messages with destination-ports 319 and 320"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            range {
                                start 319
                                end 320
                            }
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 420 {
                description "Accept incoming PCEP packets with destination-port 4189"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 4189
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 430 {
                description "Accept incoming SBFD session messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 7784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 440 {
                description "Accept incoming SBFD session messages"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 7784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 450 {
                description "Accept incoming LSP MPLS Echo requests and replies"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 3503
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 460 {
                description "Accept incoming LSP MPLS Echo requests and replies"
                match {
                    ipv4 {
                        protocol udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 3503
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 470 {
                description "Accept incoming TWAMP Control connection"
                match {
                    ipv4 {
                        protocol tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 862
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 550 {
                description "Accept incoming VRRP Control packets"
                match {
                    ipv4 {
                        protocol vrrp
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 1000 {
                description "Drop all else"
                action {
                    log true
                    drop {
                    }
                }
            }
        }
        acl-filter cpm type ipv6 {
            statistics-per-entry true
            entry 10 {
                description "Accept incoming ICMPv6 unreachable messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type dest-unreachable
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 20 {
                description "Accept incoming ICMPv6 packet-too-big messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type packet-too-big
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 30 {
                description "Accept incoming ICMPv6 time-exceeded messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type time-exceeded
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 50 {
                description "Accept incoming ICMPv6 echo-request messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type echo-request
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 60 {
                description "Accept incoming ICMPv6 echo-reply messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type echo-reply
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 70 {
                description "Accept incoming ICMPv6 router-advertisement messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type router-advertise
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 80 {
                description "Accept incoming ICMPv6 neighbor-solicitation messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type neighbor-solicit
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 90 {
                description "Accept incoming ICMPv6 neighbor-advertisement messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type neighbor-advertise
                        }
                    }
                }
                action {
                    accept {
                        rate-limit {
                            system-cpu-policer icmp
                        }
                    }
                }
            }
            entry 100 {
                description "Accept incoming SSH when the other host initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 22
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 110 {
                description "Accept incoming SSH when this router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 22
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 128 {
                description "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 23
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 138 {
                description "Containerlab-added rule: Accept incoming Telnet when this router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 23
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 140 {
                description "Accept incoming TACACS+ when the other host initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 49
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 150 {
                description "Accept incoming TACACS+ when this router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 49
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 160 {
                description "Accept incoming DNS response messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 53
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 188 {
                description "Containerlab-added rule: Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 80
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 190 {
                description "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 80
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 200 {
                description "Accept incoming NTP messages from servers"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 123
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 210 {
                description "Accept incoming SNMP GET/GETNEXT messages from servers"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 161
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 220 {
                description "Accept incoming BGP when the other router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 179
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 230 {
                description "Accept incoming BGP when this router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 179
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 240 {
                description "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 443
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 250 {
                description "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 443
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 260 {
                description "Accept incoming DHCPv6 client messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 546
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 270 {
                description "Accept incoming single-hop BFD session messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 3784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 280 {
                description "Accept incoming multi-hop BFD session messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 4784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 290 {
                description "Accept incoming uBFD session messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 6784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 300 {
                description "Accept incoming gRPC messages when the other host initiates the TCP connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57400
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 310 {
                description "Accept incoming UDP traceroute messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            range {
                                start 33434
                                end 33464
                            }
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 320 {
                description "Accept incoming IPV6 hop-in-hop messages"
                match {
                    ipv6 {
                        next-header 0
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 340 {
                description "Accept incoming OSPF messages"
                match {
                    ipv6 {
                        next-header 89
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 350 {
                description "Accept incoming DHCPv6 relay messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 547
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 365 {
                description "Containerlab-added rule: Accept incoming gRPC over port 50052 for the eda-discovery gRPC server"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 50052
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 366 {
                description "Containerlab-added rule: Accept incoming gRPC over port 57410 for the eda-mgmt gRPC server"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57410
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 367 {
                description "Containerlab-added rule: Accept incoming gRPC over port 57411 for the eda-mgmt gRPC server"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57411
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 368 {
                description "Containerlab-added rule: Accept incoming gRPC over port 57401 for the insecure-mgmt gRPC server"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 57401
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 380 {
                description "Accept incoming MLDv1 report messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type mld-report
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 390 {
                description "Accept incoming MLDv2 report messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type mld-v2
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 400 {
                description "Accept incoming MLDv1 done messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type mld-done
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 410 {
                description "Accept incoming MLD query messages"
                match {
                    ipv6 {
                        next-header icmp6
                        icmp6 {
                            type mld-query
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 420 {
                description "Accept incoming PIM messages"
                match {
                    ipv6 {
                        next-header pim
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 430 {
                description "Accept incoming RADIUS AAA messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        source-port {
                            range {
                                start 1812
                                end 1813
                            }
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 440 {
                description "Accept incoming SSH connections on the default NETCONF port 830"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 830
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 450 {
                description "Accept incoming PTP messages with destination-ports 319 and 320"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            range {
                                start 319
                                end 320
                            }
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 460 {
                description "Accept incoming PCEP packets with destination-port 4189"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 4189
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 470 {
                description "Accept incoming SBFD session messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 7784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 480 {
                description "Accept incoming SBFD session messages"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 7784
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 490 {
                description "Accept incoming LDP packets"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 646
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 500 {
                description "Accept incoming LDP packets with source-port 646"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 646
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 510 {
                description "Accept incoming LDP packets with destination-port 646"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 646
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 520 {
                description "Accept incoming TWAMP Control connection"
                match {
                    ipv6 {
                        next-header tcp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 862
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 530 {
                description "Accept incoming LSP MPLS Echo requests and replies"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        destination-port {
                            operator eq
                            value 3503
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 540 {
                description "Accept incoming LSP MPLS Echo requests and replies"
                match {
                    ipv6 {
                        next-header udp
                    }
                    transport {
                        source-port {
                            operator eq
                            value 3503
                        }
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 550 {
                description "Accept incoming VRRP Control packets"
                match {
                    ipv6 {
                        next-header vrrp
                    }
                }
                action {
                    accept {
                    }
                }
            }
            entry 1000 {
                description "Drop all else"
                action {
                    log true
                    drop {
                    }
                }
            }
        }
        policers {
            system-cpu-policer icmp {
                entry-specific false
                peak-packet-rate 1000
                max-packet-burst 1000
            }
        }
    }
    bfd {
        subinterface ethernet-1/1.0 {
            ### desired-minimum-transmit-interval override to minimum 1000000us
            ##  required-minimum-receive override to minimum 1000000us
            admin-state enable
            desired-minimum-transmit-interval 300000
            required-minimum-receive 300000
            detection-multiplier 3
        }
        subinterface ethernet-1/2.0 {
            ### desired-minimum-transmit-interval override to minimum 1000000us
            ##  required-minimum-receive override to minimum 1000000us
            admin-state enable
            desired-minimum-transmit-interval 300000
            required-minimum-receive 300000
            detection-multiplier 3
        }
        subinterface ethernet-1/3.0 {
            admin-state enable
        }
        subinterface ethernet-1/4.0 {
            admin-state enable
        }
        subinterface ethernet-1/5.0 {
            admin-state enable
        }
        subinterface ethernet-1/6.0 {
            admin-state enable
        }
    }
    interface ethernet-1/1 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.0.1.0/31 {
                }
            }
        }
    }
    interface ethernet-1/2 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.0.1.2/31 {
                }
            }
        }
    }
    interface ethernet-1/3 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.0.1.4/31 {
                }
            }
        }
    }
    interface ethernet-1/4 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.0.1.6/31 {
                }
            }
        }
    }
    interface ethernet-1/5 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.0.1.8/31 {
                }
            }
        }
    }
    interface ethernet-1/6 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.0.1.10/31 {
                }
            }
        }
    }
    interface mgmt0 {
        admin-state enable
        subinterface 0 {
            admin-state enable
            ipv4 {
                admin-state enable
                dhcp-client {
                }
            }
            ipv6 {
                admin-state enable
                dhcp-client {
                }
            }
        }
    }
    interface system0 {
        admin-state enable
        subinterface 0 {
            ipv4 {
                admin-state enable
                address 10.255.0.1/32 {
                }
            }
        }
    }
    system {
        management {
            openconfig {
                admin-state enable
            }
        }
        control-plane-traffic {
            input {
                acl {
                    acl-filter cpm type ipv4 {
                    }
                    acl-filter cpm type ipv6 {
                    }
                }
            }
        }
        aaa {
            authentication {
                idle-timeout 7200
                authentication-method [
                    local
                ]
                admin-user {
                    ssh-key [
                        "<REDACTED-SSH-KEY>"
                    ]
                }
                linuxadmin-user {
                    password $y$j9T$XvJnmFLaz/uudk.SUG0.J0$K4un1F9/0nyiPJmBAPKhWooaRb7bKSkeItXyVnnlTSC
                    ssh-key [
                        "<REDACTED-SSH-KEY>"
                    ]
                }
            }
            server-group local {
                type local
            }
        }
        ssh-server mgmt {
            admin-state enable
            network-instance mgmt
            use-credentialz true
        }
        ssh-server mgmt-netconf {
            admin-state enable
            network-instance mgmt
            port 830
            disable-shell true
        }
        lldp {
            admin-state enable
        }
        tls {
            server-profile clab-profile {
                key $aes1$ATCAYFoTT/48FW8=$8Og07in7zKRHo+546ml0qbvUs5ZNLbbV7fFs0VJBGvkwtbOLF36vPFNOcmuhZKgcBMcR8eTT8zlmC3TsflXoOeIpFd01NslvwO69mB7sJaBMbvaXaDehqhvhd0nZnWyXSHHQqWB9oh0c8FzUTzQ4PhAc8zy0fbflNk0VqtzRRh/fuxwQnfvYkvwyjJH8GIuFy8EF47ZLSOz0rwE6t7Jq9USw7d7veI29jv/dn1Le2gbyDSfR16otFGzMHm1CqiANOd8FSmj42XHNkVGVt4OA4/LqmTnX6SrTdydRJ4AYaK2xsBpXAg4+9BdU5vwsmVfotAzQXahnxD/I2xiW1CqyOA7lOIoo1XfJq36NCc8FNCopCvmxN2vy3ntv2Dtd9mb/O+SPbrQXMHxbScFNQVv03R8+f9drUICIMPKdfFQXs7VOIQ9BPssU1fa3qbG21u6YXkcOLZh9nFi6MBRSjBMF0aWS4L+XAAls0FjM0jNa1uvw0XludtrsEtTl9WCyK3JY7QA9cyg3/nKDDz0E5q3HzXf2roYjgF7Qab5sN8LlwF2WXjy55YpWBlWKJGaEtzwPT63ueGgdbzJadjKv+YN4BiCQt3Vu5blxqi9vk4JBhDMM7fhfZYnZxwz9S4hQk44oI+aNX0WVLhItFn1ym4PV7REhgg+VGlpSr6eVkjwnPzetC5DXMcNL3XtRb+5DxY2qOH+igUwljG1wxD2p8PXE19xQ6YM6aPwKpXr29fQePmflgIjsC6iaFd/ZV9zyBQuSgMbGAHh2/ylw4zjC0vXk2DcnjKMzHHAFYwomuth5FxC2LG11CFRgyMtYBMbpuL0ekQ8aEdctLyTiULO1vgpqIEHGWFatWmtkg7oODaMY8w1xagVx9QbOiMS1cJTFJVVYpMVeWnTrzmUjJOFxWKQyMd/TIOyhVdBm+VEWos5DKPuCGHhnjpFijkH2pVjyvmzcgCFPBG7DR249dlKduH79Zpxtp5EADwccEESjXxpcl7oI6GnntB96r4PrlDnc6URIVIQ/YHeVsbB7e98qvpzj3xrw/dbKV9tgeeC1xgIh4bstdGzev52QjZI3wEbOmQG79GdM9HxquFRqB1OPxcFdPuZ9HxqbQ+0uOGImphrfnpgE3oSbEOLQT3kHxKGSkiLoaljtO4SVdznhrgvcmpXvfcb1Ehuc+t3HdjFDBOpTA6qj3IQj8ZMOa1Z6vRLgnicFv6T18BQo7DMG+xHtK9iPMC2ZtwyXOxDtBWwZIfOyctR72IAxY7JPaqV+jigloo1KVE95mgcsJOmfFm0NJjEumIKUkx5wP5bAgN3GiUlAqL0IzHLdtPUcW40jQ5HB24UJQCUyj336X1cUzgsBYioHDikDcntf8Jw0u2eCrGvLZWY+rjZMQge2i5Zx4CPupTdVLjGTzFqf8m6RPsBcYlS/R8XDJ2ZL3iTb10ZIyD2p9OCXcF9BQtVRmOalKTeS2dH9N+oevZltAUhEGKNWJw9YcZXDAkoTMgM1OXRKUtoV6HZ57kRe6k6e90WE9PHYMgaey9+uxoGuKnrKKbG9n3E5JYVmJwkuqiAQ2GPOBNEJTaUx1GaXWxqw2fPa/AT1oAUhrzsGWhVGT6kCnBMfLamm37pcyQuMDkTe13vfvleGEGcBSGAnTuQfi6xay5TB1oCFC/FTeqfM/RrOHTynWHLTx0JI9URNK358oRkc/vcXkbvPfpXt5SCkD4RAFYtPwixx7xvn30gyR5Imue+HNPVPAfEKtOnKJ6nqXZZdfQwC6VaUEGFLnv2NE53qJkZbfGewk4gJEme//EIB1+ra9wdaXd6xGwige4HMCJ1Zu3p8cb16RNCL2oqGGA4b6X+9B8ofhggc2yWN2DI04gYq/0XO8oAuAuZmdZigNFlordHXlpGTLMCMCvBKK/dt0rW8jbAutpAGZzIXxWwfGm/zsuAhtF1e7pyktlr1zDZNkwugjYIon6XWGRMdL9If7EFrjAyhnnE4CszKFzD476DKsAtbRTAqXM3D3H3gvEDVrLYzjVSxFCG8x0n1AqxeA6i5IK8+N2CvLQOO/amLvUAD4eYwf5pDgAIGGLPi9SK6GFtJIFAt5bakEIclyqqRjXK6HWdDL2ydlJYvBG8Tks1HtyQ8IbWoA4fTg/RDhP7+d1lc/vrh6taZEweYb4T6VrUTseS3r7soINj6LBHDdXx5OBeQ1ecQJ1EAv4mbtGLbwxRKFH17HQBZ4x+182RVvDAM7rBT
                certificate "-----BEGIN CERTIFICATE-----
<REDACTED-CERTIFICATE>
-----END CERTIFICATE-----
"
                authenticate-client false
            }
        }
        grpc-server eda-discovery {
            admin-state enable
            rate-limit 65535
            session-limit 1024
            metadata-authentication true
            default-tls-profile true
            network-instance mgmt
            port 50052
            services [
                gnmi
                gnsi
            ]
        }
        grpc-server eda-insecure-mgmt {
            admin-state enable
            rate-limit 65535
            session-limit 1024
            metadata-authentication true
            port 57411
            services [
                gnmi
                gnoi
                gnsi
            ]
        }
        grpc-server eda-mgmt {
            ### Unable to retrieve TLS profile 'EDA'
            admin-state enable
            rate-limit 65535
            session-limit 1024
            metadata-authentication true
            tls-profile EDA
            network-instance mgmt
            port 57410
            services [
                gnmi
                gnoi
                gnsi
            ]
        }
        grpc-server insecure-mgmt {
            admin-state enable
            rate-limit 65000
            network-instance mgmt
            port 57401
            trace-options [
                request
                response
                common
            ]
            services [
                gnmi
                gnoi
                gnsi
                gribi
                p4rt
            ]
            unix-socket {
                admin-state enable
            }
        }
        grpc-server mgmt {
            admin-state enable
            rate-limit 65000
            tls-profile clab-profile
            network-instance mgmt
            trace-options [
                request
                response
                common
            ]
            services [
                gnmi
                gnoi
                gnsi
                gribi
                p4rt
            ]
            unix-socket {
                admin-state enable
            }
        }
        json-rpc-server {
            admin-state enable
            network-instance mgmt {
                http {
                    admin-state enable
                }
                https {
                    admin-state enable
                    tls-profile clab-profile
                }
            }
        }
        dns {
            network-instance mgmt
            server-list [
                192.168.65.7
            ]
        }
        snmp {
            access-group SNMPv2-RO-Community {
                security-level no-auth-no-priv
                community-entry RO-Community {
                    community $aes1$AWDtWxLrf+31O28=$69YUYoaESnu9CsLVbxYtUw==
                }
            }
            network-instance mgmt {
                admin-state enable
            }
        }
        banner {
            login-banner "................................................................
:                  Welcome to Nokia SR Linux!                  :
:              Open Network OS for the NetOps era.             :
:                                                              :
:    This is a freely distributed official container image.    :
:                      Use it - Share it                       :
:                                                              :
: Get started: https://learn.srlinux.dev                       :
: Container:   https://go.srlinux.dev/container-image          :
: Docs:        https://doc.srlinux.dev/24-10                   :
: Rel. notes:  https://doc.srlinux.dev/rn24-10-3               :
: YANG:        https://yang.srlinux.dev/v24.10.3               :
: Discord:     https://go.srlinux.dev/discord                  :
: Contact:     https://go.srlinux.dev/contact-sales            :
................................................................
"
        }
        logging {
            buffer messages {
                rotate 3
                size 10000000
                facility local6 {
                    priority {
                        match-above informational
                    }
                }
            }
            buffer system {
                facility auth {
                    priority {
                        match-above warning
                    }
                }
                facility cron {
                    priority {
                        match-above warning
                    }
                }
                facility daemon {
                    priority {
                        match-above warning
                    }
                }
                facility ftp {
                    priority {
                        match-above warning
                    }
                }
                facility kern {
                    priority {
                        match-above warning
                    }
                }
                facility lpr {
                    priority {
                        match-above warning
                    }
                }
                facility mail {
                    priority {
                        match-above warning
                    }
                }
                facility news {
                    priority {
                        match-above warning
                    }
                }
                facility syslog {
                    priority {
                        match-above warning
                    }
                }
                facility user {
                    priority {
                        match-above warning
                    }
                }
                facility uucp {
                    priority {
                        match-above warning
                    }
                }
                facility local0 {
                    priority {
                        match-above warning
                    }
                }
                facility local1 {
                    priority {
                        match-above warning
                    }
                }
                facility local2 {
                    priority {
                        match-above warning
                    }
                }
                facility local3 {
                    priority {
                        match-above warning
                    }
                }
                facility local4 {
                    priority {
                        match-above warning
                    }
                }
                facility local5 {
                    priority {
                        match-above warning
                    }
                }
                facility local7 {
                    priority {
                        match-above warning
                    }
                }
            }
            file messages {
                rotate 3
                size 10000000
                facility local6 {
                    priority {
                        match-above warning
                    }
                }
            }
        }
        netconf-server mgmt {
            admin-state enable
            ssh-server mgmt-netconf
        }
    }
    network-instance default {
        type default
        admin-state enable
        interface ethernet-1/1.0 {
        }
        interface ethernet-1/2.0 {
        }
        interface ethernet-1/3.0 {
        }
        interface ethernet-1/4.0 {
        }
        interface ethernet-1/5.0 {
        }
        interface ethernet-1/6.0 {
        }
        interface system0.0 {
        }
        protocols {
            bgp {
                autonomous-system 65100
                router-id 10.255.0.1
                afi-safi evpn {
                    admin-state enable
                }
                afi-safi ipv4-unicast {
                    admin-state enable
                }
                group overlay-rr {
                    peer-as 65199
                    afi-safi evpn {
                        admin-state enable
                    }
                    afi-safi ipv4-unicast {
                        admin-state disable
                    }
                    local-as {
                        as-number 65199
                    }
                    route-reflector {
                        client true
                        cluster-id 10.255.0.1
                    }
                    transport {
                        local-address 10.255.0.1
                    }
                }
                group underlay-leafs {
                    export-policy [
                        accept-all
                    ]
                    import-policy [
                        accept-all
                    ]
                    failure-detection {
                        enable-bfd true
                        fast-failover true
                    }
                }
                neighbor 10.0.1.1 {
                    admin-state enable
                    peer-as 65001
                    peer-group underlay-leafs
                }
                neighbor 10.0.1.3 {
                    admin-state enable
                    peer-as 65002
                    peer-group underlay-leafs
                }
                neighbor 10.0.1.5 {
                    admin-state enable
                    peer-as 65003
                    peer-group underlay-leafs
                }
                neighbor 10.0.1.7 {
                    admin-state enable
                    peer-as 65004
                    peer-group underlay-leafs
                }
                neighbor 10.0.1.9 {
                    admin-state enable
                    peer-as 65005
                    peer-group underlay-leafs
                }
                neighbor 10.0.1.11 {
                    admin-state enable
                    peer-as 65006
                    peer-group underlay-leafs
                }
                neighbor 10.255.1.1 {
                    description "leaf1 EVPN"
                    peer-group overlay-rr
                }
                neighbor 10.255.1.2 {
                    description "leaf2 EVPN"
                    peer-group overlay-rr
                }
                neighbor 10.255.1.3 {
                    description "leaf3 EVPN"
                    peer-group overlay-rr
                }
                neighbor 10.255.1.4 {
                    description "leaf4 EVPN"
                    peer-group overlay-rr
                }
                neighbor 10.255.1.5 {
                    description "leaf5 EVPN"
                    peer-group overlay-rr
                }
                neighbor 10.255.1.6 {
                    description "leaf6 EVPN"
                    peer-group overlay-rr
                }
            }
        }
    }
    network-instance mgmt {
        type ip-vrf
        admin-state enable
        description "Management network instance"
        interface mgmt0.0 {
        }
        protocols {
            linux {
                import-routes true
                export-routes true
                export-neighbors true
            }
        }
    }
    routing-policy {
        policy accept-all {
            default-action {
                policy-result accept
            }
        }
        policy export-loopback {
            statement 10 {
                match {
                    protocol local
                }
                action {
                    policy-result accept
                }
            }
        }
    }
