Merge branch '517' into ania-stage

Author: cumulusAnia

content/cumulus-linux-517/Layer-1-and-Switch-Ports/802.1X-Interfaces.md

@@ -446,7 +446,8 @@ Dynamic VRF assignment on 802.1X enables layer 3 ports to be authenticated and a
 You can use dynamic VRF assignment to place users or devices dynamically into different VRFs based on authentication, policies, or network conditions. This approach is commonly used in multi-tenant environments, service provider networks, enterprise security, and VPN segmentation.
 
 {{%notice note%}}
-VRFs coming in on the Radius authentication message must already exist on the switch.
+- VRFs coming in on the Radius authentication message must already exist on the switch.
+- Dynamic VRF assignment is supported in {{<link url="#host-modes" text="multi host mode">}} only.
 {{%/notice%}}
 
 {{< tabs "TabID451 ">}}

content/cumulus-linux-517/Network-Virtualization/Ethernet-Virtual-Private-Network-EVPN/_index.md

@@ -36,7 +36,6 @@ Cumulus Linux fully supports EVPN as the control plane for VXLAN, including for
   - Dual stack VXLAN mode (with both an IPv4 and IPv6 VTEP source address).
   - MLAG.
   - Static VXLAN tunnels.
-  - Downstream VNIs.
   - The NVUE `nv set nve vxlan source address` command `auto` setting, which is applicable only for IPv4 VXLAN tunnels. If you want to configure IPv6 VXLAN tunnels, you must set the VXLAN source IP address manually as an IPv6 GUA address.
 
   {{%notice note%}}

content/cumulus-linux-517/System-Configuration/Authentication-Authorization-and-Accounting/TACACS.md

@@ -485,7 +485,7 @@ cumulus@switch:~$ sudo rm ~tacacs0/bin/*
 
 ## Server-side Per-command Authorization
 
-Whe you use server-side per-command authorization, Cumulus Linux sends every command that the TACACS+ user enters to the TACACS server for authorization before executing the command. The TACACS server is the sole authority on which commands are permitted; you don't need to configure local per-command configuration on the switch.
+Whe you use server-side per-command authorization, Cumulus Linux sends every command that the TACACS+ user enters to the TACACS server for authorization before executing the command.
 
 {{%notice note%}}
 - You can use server-side per-command authorization together with specific command authorization so that Cumulus Linux authorizes certain commands locally and forwards all other commands *only* to the TACACS server.
@@ -497,17 +497,17 @@ By default, server-side per-command authorization is disabled for all privilege
 
 To enable server-side per-command authorization for a TACACS privilege level, run the `nv set system aaa tacacs authorization <priority-id> all-commands enabled` command.
 
-The following example enables server-side authorization for all commands at privilege level 15:
+The following example enables server-side authorization for all commands at privilege level 0:
 
 ```
-cumulus@switch:~$ nv set system aaa tacacs authorization 15 all-commands enabled
+cumulus@switch:~$ nv set system aaa tacacs authorization 0 all-commands enabled
 cumulus@switch:~$ nv config apply
 ```
 
-To disable server-side per-command authorization for a TACACS privilege level and revert to local command authorization only, run the `nv set system aaa tacacs authorization <priority-id> all-commands disabled` command:
+To disable server-side per-command authorization for a TACACS privilege level, run the `nv set system aaa tacacs authorization <priority-id> all-commands disabled` command:
 
 ```
-cumulus@switch:~$ nv set system aaa tacacs authorization 15 all-commands disabled
+cumulus@switch:~$ nv set system aaa tacacs authorization 0 all-commands disabled
 cumulus@switch:~$ nv config apply
 ```