+| Configure MACIP ACLs
+| | [Documentation]
+| | ... | Configure MACIP ACL with required number of not-hitting permit ACEs
+| | ... | plus two hitting ACEs for both traffic directions.
+| | ...
+| | ... | *Arguments:*
+| | ... | - dut_node - DUT node. Type: dictionary
+| | ... | - dut_if1 - DUT node interface1 name (Optional). Type: string
+| | ... | - dut_if2 - DUT node interface2 name (Optional). Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Configure MACIP ACLs \| ${nodes['DUT1']} \| GigabitEthernet0/7/0 \
+| | ... | \| GigabitEthernet0/8/0 \|
+| | ...
+| | ... | _NOTE:_ This KW uses following test case variables:
+| | ... | - ${src_ip_start} - Source IP address start. Type: string
+| | ... | - ${ip_step} - IP address step. Type: string
+| | ... | - ${src_mac_start} - Source MAC address start in format with colons.
+| | ... | Type: string
+| | ... | - ${src_mac_step} - Source MAC address step. Type: string
+| | ... | - ${src_mac_mask} - Source MAC address mask. 00:00:00:00:00:00 is a
+| | ... | wildcard mask. Type: string
+| | ... | - ${no_hit_aces_number} - Number of not-hitting ACEs to be configured.
+| | ... | Type: integer
+| | ... | - ${acl_action} - Action for the rule - deny, permit, permit+reflect.
+| | ... | Type: string
+| | ... | - ${tg_stream1_subnet} - IP subnet used by TG in direction 0->1.
+| | ... | Type: string
+| | ... | - ${tg_stream2_subnet} - IP subnet used by TG in direction 1->0.
+| | ... | Type: string
+| | ... | - ${tg_stream1_mac} - Source MAC address of traffic stream 1.
+| | ... | Type: string
+| | ... | - ${tg_stream2_mac} - Source MAC address of traffic stream 2.
+| | ... | Type: string
+| | ... | - ${tg_mac_mask} - MAC address mask for traffic streams.
+| | ... | 00:00:00:00:00:00 is a wildcard mask. Type: string
+| | ...
+| | [Arguments] | ${dut} | ${dut_if1}=${None} | ${dut_if2}=${None}
+| | ...
+| | ${src_ip_int} = | IP To Int | ${src_ip_start}
+| | ${src_ip_int} = | Evaluate | ${src_ip_int} - ${ip_step}
+| | ...
+| | ${ip_limit} = | Set Variable | 255.255.255.255
+| | ${ip_limit_int} = | IP To Int | ${ip_limit}
+| | ...
+| | ${src_mac_int} = | Mac To Int | ${src_mac_start}
+| | ${src_mac_int} = | Evaluate | ${src_mac_int} - ${src_mac_step}
+| | ...
+| | ${mac_limit} = | Set Variable | ff:ff:ff:ff:ff:ff
+| | ${mac_limit_int} = | Mac To Int | ${mac_limit}
+| | ...
+| | ${acl}= | Set Variable | ipv4 permit
+| | :FOR | ${nr} | IN RANGE | 0 | ${no_hit_aces_number}
+| | | ${src_ip_int} = | Evaluate | ${src_ip_int} + ${ip_step}
+| | | ${src_mac_int} = | Evaluate | ${src_mac_int} + ${src_mac_step}
+| | | ${ipv4_limit_reached}= | Set Variable If
+| | | ... | ${src_ip_int} > ${ip_limit_int} | ${TRUE}
+| | | ${mac_limit_reached}= | Set Variable If
+| | | ... | ${src_mac_int} > ${mac_limit_int} | ${TRUE}
+| | | Run Keyword If | '${ipv4_limit_reached}' == '${TRUE}' | Log
+| | | ... | Can't do more iterations - IPv4 address limit has been reached.
+| | | ... | WARN
+| | | Run Keyword If | '${mac_limit_reached}' == '${TRUE}' | Log
+| | | ... | Can't do more iterations - MAC address limit has been reached.
+| | | ... | WARN
+| | | ${src_ip} = | Run Keyword If | '${ipv4_limit_reached}' == '${TRUE}'
+| | | ... | Set Variable | ${ip_limit}
+| | | ... | ELSE | Int To IP | ${src_ip_int}
+| | | ${src_mac}= | Run Keyword If | '${mac_limit_reached}' == '${TRUE}'
+| | | ... | Set Variable | ${mac_limit}
+| | | ... | ELSE | Int To Mac | ${src_mac_int}
+| | | ${acl}= | Catenate | ${acl} | ip ${src_ip}/32
+| | | ... | mac ${src_mac} | mask ${src_mac_mask},
+| | | Exit For Loop If | '${ipv4_limit_reached}' == '${TRUE}' or '${mac_limit_reached}' == '${TRUE}'
+| | ${acl0}= | Catenate | ${acl}
+| | ... | ipv4 ${acl_action} ip ${tg_stream1_subnet} mac ${tg_stream1_mac}
+| | ... | mask ${tg_mac_mask}
+| | ${acl1}= | Catenate | ${acl}
+| | ... | ipv4 ${acl_action} ip ${tg_stream2_subnet} mac ${tg_stream2_mac}
+| | ... | mask ${tg_mac_mask}
+| | Add Macip Acl Multi Entries | ${dut} | rules=${acl0}
+| | Add Macip Acl Multi Entries | ${dut} | rules=${acl1}
+| | ${acl_idx}= | Set Variable | 0
+| | Run Keyword Unless | '${dut_if1}' == '${NONE}'
+| | ... | Add Del Macip Acl Interface | ${dut} | ${dut_if1} | add | ${acl_idx}
+| | ${acl_idx}= | Set Variable | 1
+| | Run Keyword Unless | '${dut_if2}' == '${NONE}'
+| | ... | Add Del Macip Acl Interface | ${dut} | ${dut_if2} | add | ${acl_idx}
+
+| Initialize L2 bridge domain with MACIP ACLs on DUT1 in 3-node circular topology
+| | [Documentation]
+| | ... | Setup L2BD topology by adding two interfaces on DUT1 into bridge
+| | ... | domain that is created automatically with index 1. Learning is
+| | ... | enabled. Interfaces are brought up. Apply required MACIP ACL rules to
+| | ... | DUT1 interfaces.
+| | ...
+| | ... | *Arguments:*
+| | ... | _None_
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Initialize L2 bridge domain with MACIP ACLs on DUT1 in 3-node \
+| | ... | circular topology \|
+| | ...
+| | ... | _NOTE 1:_ This KW uses following test case variables:
+| | ... | - ${tg} - TG node.
+| | ... | - ${dut1} - DUT1 node.
+| | ... | - ${dut2} - DUT2 node.
+| | ... | - ${tg_if1} - TG interface towards DUT1.
+| | ... | - ${tg_if2} - TG interface towards DUT2.
+| | ... | - ${dut1_if1} - DUT1 interface towards TG.
+| | ... | - ${dut1_if2} - DUT1 interface towards DUT2.
+| | ... | - ${dut2_if1} - DUT2 interface towards DUT1.
+| | ... | - ${dut2_if2} - DUT2 interface towards TG.
+| | ...
+| | Configure L2BD forwarding | ${dut1} | ${dut1_if1} | ${dut1_if2}
+| | Configure L2XC | ${dut2} | ${dut2_if1} | ${dut2_if2}
+| | All Vpp Interfaces Ready Wait | ${nodes}
+| | Configure MACIP ACLs | ${dut1} | ${dut1_if1} | ${dut1_if2}
+