diff --git a/README.md b/README.md
index d9f2dbb..aeb3d24 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,12 @@ Interfaces to L3 servers should have the tenant custom field defined:
 
 The tenant determines which prefixes can be received on this interface. It is important that all user‐facing ports either have a tenant defined or are disabled. Interfaces without a tenant are assumed to connect to fabric and allow all prefixes. TODO make previous sentence untrue and delete it
 
+By default L3 servers are not allowed to announce EVPN routes to fabric. To allow receiving EVPN routes from servers on certain interfaces (e.g. from Proxmox nodes), list them in config context on leaf switches:
+
+    {
+        ifaces_evpn: ["swp9s0", "swp9s1", "swp9s2", "swp21", "swp22", "swp23", "swp24"]
+    }
+
 #### L2 setup
 
 For leaf switches providing L2 access we must add a single `bridge` interface. If no VLANs are explicitly set, the bridge will allow any VLAN allowed on at least one of its ports. Otherwise it will only allow the specified VLANs.