Merge remote-tracking branch 'origin/stage'

Cumulus Docs Auto Merge · Cumulus Docs Auto Merge · commit c658ba9ce1f5 · 2026-02-24T22:06:24.000Z
diff --git a/content/cumulus-linux-516/Whats-New/_index.md b/content/cumulus-linux-516/Whats-New/_index.md
@@ -65,6 +65,12 @@ To upgrade to Cumulus Linux 5.16 from a release that does not support package up
 Cumulus Linux 5.16 does not support online package upgrade; you can use offline package upgrade instead.
 {{%/notice%}}
 
+### Significant NVUE Command and API Updates
+
+{{%notice warning%}}
+To align with a long-term vision of a common interface between Cumulus Linux, NVIDIA OS (NVOS), and Host-Based Networking, Cumulus Linux 5.15 included significant NVUE command and API updates. If you are upgrading to Cumulus Linux 5.16 from Cumulus Linux 5.14 or earlier, review the list of {{<exlink url="https://docs.nvidia.com/networking-ethernet-software/cumulus-linux-515/Whats-New/New-and-Changed-NVUE-Commands/" text="New, Changed, and Deprecated NVUE Commands in Cumulus Linux 5.15">}} before you upgrade to ensure a smooth transition.
+{{%/notice%}}
+
 ### Maximum Number of NVUE Revisions
 
 Cumulus Linux includes an option to set the {{<link url="NVUE-CLI/#maximum-revisions-limit" text="maximum number of revisions">}} after which NVUE deletes older revisions automatically. The default setting is 100. If you upgrade to Cumulus Linux 5.16 from 5.12 or earlier, the first time you run `nv set` or `nv unset` commands, NVUE deletes older revisions if the number of revisions on the switch is greater than 100.
diff --git a/content/cumulus-linux-517/Layer-1-and-Switch-Ports/802.1X-Interfaces.md b/content/cumulus-linux-517/Layer-1-and-Switch-Ports/802.1X-Interfaces.md
@@ -446,7 +446,8 @@ Dynamic VRF assignment on 802.1X enables layer 3 ports to be authenticated and a
 You can use dynamic VRF assignment to place users or devices dynamically into different VRFs based on authentication, policies, or network conditions. This approach is commonly used in multi-tenant environments, service provider networks, enterprise security, and VPN segmentation.
 
 {{%notice note%}}
-VRFs coming in on the Radius authentication message must already exist on the switch.
+- VRFs coming in on the Radius authentication message must already exist on the switch.
+- Dynamic VRF assignment is supported in {{<link url="#host-modes" text="multi host mode">}} only.
 {{%/notice%}}
 
 {{< tabs "TabID451 ">}}
diff --git a/content/cumulus-linux-517/Network-Virtualization/Ethernet-Virtual-Private-Network-EVPN/_index.md b/content/cumulus-linux-517/Network-Virtualization/Ethernet-Virtual-Private-Network-EVPN/_index.md
@@ -36,7 +36,6 @@ Cumulus Linux fully supports EVPN as the control plane for VXLAN, including for
   - Dual stack VXLAN mode (with both an IPv4 and IPv6 VTEP source address).
   - MLAG.
   - Static VXLAN tunnels.
-  - Downstream VNIs.
   - The NVUE `nv set nve vxlan source address` command `auto` setting, which is applicable only for IPv4 VXLAN tunnels. If you want to configure IPv6 VXLAN tunnels, you must set the VXLAN source IP address manually as an IPv6 GUA address.
 
   {{%notice note%}}
diff --git a/content/cumulus-linux-517/System-Configuration/Authentication-Authorization-and-Accounting/TACACS.md b/content/cumulus-linux-517/System-Configuration/Authentication-Authorization-and-Accounting/TACACS.md
@@ -485,7 +485,7 @@ cumulus@switch:~$ sudo rm ~tacacs0/bin/*
 
 ## Server-side Per-command Authorization
 
-Whe you use server-side per-command authorization, Cumulus Linux sends every command that the TACACS+ user enters to the TACACS server for authorization before executing the command. The TACACS server is the sole authority on which commands are permitted; you don't need to configure local per-command configuration on the switch.
+Whe you use server-side per-command authorization, Cumulus Linux sends every command that the TACACS+ user enters to the TACACS server for authorization before executing the command.
 
 {{%notice note%}}
 - You can use server-side per-command authorization together with specific command authorization so that Cumulus Linux authorizes certain commands locally and forwards all other commands *only* to the TACACS server.
@@ -497,17 +497,17 @@ By default, server-side per-command authorization is disabled for all privilege
 
 To enable server-side per-command authorization for a TACACS privilege level, run the `nv set system aaa tacacs authorization <priority-id> all-commands enabled` command.
 
-The following example enables server-side authorization for all commands at privilege level 15:
+The following example enables server-side authorization for all commands at privilege level 0:
 
 ```
-cumulus@switch:~$ nv set system aaa tacacs authorization 15 all-commands enabled
+cumulus@switch:~$ nv set system aaa tacacs authorization 0 all-commands enabled
 cumulus@switch:~$ nv config apply
 ```
 
-To disable server-side per-command authorization for a TACACS privilege level and revert to local command authorization only, run the `nv set system aaa tacacs authorization <priority-id> all-commands disabled` command:
+To disable server-side per-command authorization for a TACACS privilege level, run the `nv set system aaa tacacs authorization <priority-id> all-commands disabled` command:
 
 ```
-cumulus@switch:~$ nv set system aaa tacacs authorization 15 all-commands disabled
+cumulus@switch:~$ nv set system aaa tacacs authorization 0 all-commands disabled
 cumulus@switch:~$ nv config apply
 ```
 
