Feat(eos_cli_config_gen): Added dot1x radius av-pair lldp and `dhcp…

…` command support (#4618)
aristanetworks · Oct 28, 2024 · 2b115f7 · 2b115f7
1 parent c67f95e
commit 2b115f7
Show file tree

Hide file tree

Showing 6 changed files with 210 additions and 5 deletions.
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
@@ -25,6 +25,11 @@ dot1x
    captive-portal url http://portal-nacm08/captiveredirect/ ssl profile Profile1
    captive-portal access-list ipv4 ACL
    captive-portal start limit infinite
+   radius av-pair lldp system-name auth-only
+   radius av-pair lldp system-description auth-only
+   radius av-pair dhcp hostname auth-only
+   radius av-pair dhcp parameter-request-list auth-only
+   radius av-pair dhcp vendor-class-id auth-only
    supplicant logging
 !
 interface Management1

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
@@ -10,6 +10,23 @@ dot1x:
   radius_av_pair:
     service_type: true
     framed_mtu: 1500
+    lldp:
+      system_name:
+        enabled: true
+        auth_only: true
+      system_description:
+        enabled: true
+        auth_only: true
+    dhcp:
+      hostname:
+        enabled: true
+        auth_only: true
+      parameter_request_list:
+        enabled: true
+        auth_only: true
+      vendor_class_id:
+        enabled: true
+        auth_only: true
   aaa:
     unresponsive:
       eap_response: success

diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/dot1x.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/dot1x.j2
@@ -75,13 +75,11 @@ dot1x
    mac based authentication hold period {{ dot1x.mac_based_authentication.hold_period }} seconds
 {%             endif %}
 {%         endif %}
-{%         if dot1x.radius_av_pair is arista.avd.defined %}
-{%             if dot1x.radius_av_pair.service_type is arista.avd.defined(true) %}
+{%         if dot1x.radius_av_pair.service_type is arista.avd.defined(true) %}
    radius av-pair service-type
-{%             endif %}
-{%             if dot1x.radius_av_pair.framed_mtu is arista.avd.defined %}
+{%         endif %}
+{%         if dot1x.radius_av_pair.framed_mtu is arista.avd.defined %}
    radius av-pair framed-mtu {{ dot1x.radius_av_pair.framed_mtu }}
-{%             endif %}
 {%         endif %}
 {%         if dot1x.radius_av_pair_username_format.delimiter is arista.avd.defined and dot1x.radius_av_pair_username_format.mac_string_case is arista.avd.defined %}
    mac-based-auth radius av-pair user-name delimiter {{ dot1x.radius_av_pair_username_format.delimiter }} {{ dot1x.radius_av_pair_username_format.mac_string_case }}
@@ -108,6 +106,45 @@ dot1x
    captive-portal start limit infinite
 {%             endif %}
 {%         endif %}
+{%         if dot1x.radius_av_pair.lldp is arista.avd.defined %}
+{%             if dot1x.radius_av_pair.lldp.system_name.enabled is arista.avd.defined(true) %}
+{%                 set av_pair_lldp = "radius av-pair lldp system-name" %}
+{%                 if dot1x.radius_av_pair.lldp.system_name.auth_only is arista.avd.defined(true) %}
+{%                     set av_pair_lldp = av_pair_lldp ~ " auth-only" %}
+{%                 endif %}
+   {{ av_pair_lldp }}
+{%             endif %}
+{%             if dot1x.radius_av_pair.lldp.system_description.enabled is arista.avd.defined(true) %}
+{%                 set av_pair_lldp = "radius av-pair lldp system-description" %}
+{%                 if dot1x.radius_av_pair.lldp.system_description.auth_only is arista.avd.defined(true) %}
+{%                     set av_pair_lldp = av_pair_lldp ~ " auth-only" %}
+{%                 endif %}
+   {{ av_pair_lldp }}
+{%             endif %}
+{%         endif %}
+{%         if dot1x.radius_av_pair.dhcp is arista.avd.defined %}
+{%             if dot1x.radius_av_pair.dhcp.hostname.enabled is arista.avd.defined(true) %}
+{%                 set av_pair_dhcp = "radius av-pair dhcp hostname" %}
+{%                 if dot1x.radius_av_pair.dhcp.hostname.auth_only is arista.avd.defined(true) %}
+{%                     set av_pair_dhcp = av_pair_dhcp ~ " auth-only" %}
+{%                 endif %}
+   {{ av_pair_dhcp }}
+{%             endif %}
+{%             if dot1x.radius_av_pair.dhcp.parameter_request_list.enabled is arista.avd.defined(true) %}
+{%                 set av_pair_dhcp = "radius av-pair dhcp parameter-request-list" %}
+{%                 if dot1x.radius_av_pair.dhcp.parameter_request_list.auth_only is arista.avd.defined(true) %}
+{%                     set av_pair_dhcp = av_pair_dhcp ~ " auth-only" %}
+{%                 endif %}
+   {{ av_pair_dhcp }}
+{%             endif %}
+{%             if dot1x.radius_av_pair.dhcp.vendor_class_id.enabled is arista.avd.defined(true) %}
+{%                 set av_pair_dhcp = "radius av-pair dhcp vendor-class-id" %}
+{%                 if dot1x.radius_av_pair.dhcp.vendor_class_id.auth_only is arista.avd.defined(true) %}
+{%                     set av_pair_dhcp = av_pair_dhcp ~ " auth-only" %}
+{%                 endif %}
+   {{ av_pair_dhcp }}
+{%             endif %}
+{%         endif %}
 {%         if dot1x.supplicant.logging is arista.avd.defined(true) %}
    supplicant logging
 {%         endif %}

diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/dot1x.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/dot1x.schema.yml
@@ -64,6 +64,57 @@ keys:
             max: 9236
             convert_types:
               - str
+          lldp:
+            type: dict
+            keys:
+              system_name:
+                description: LLDP system name (LLDP TLV 5) av-pair.
+                type: dict
+                keys:
+                  enabled:
+                    type: bool
+                    required: true
+                  auth_only:
+                    type: bool
+              system_description:
+                description: LLDP system description (LLDP TLV 6) av-pair.
+                type: dict
+                keys:
+                  enabled:
+                    type: bool
+                    required: true
+                  auth_only:
+                    type: bool
+          dhcp:
+            type: dict
+            keys:
+              hostname:
+                description: Hostname (DHCP Option 12).
+                type: dict
+                keys:
+                  enabled:
+                    type: bool
+                    required: true
+                  auth_only:
+                    type: bool
+              parameter_request_list:
+                description: Parameters requested by host (DHCP Option 55).
+                type: dict
+                keys:
+                  enabled:
+                    type: bool
+                    required: true
+                  auth_only:
+                    type: bool
+              vendor_class_id:
+                description: Vendor class identifier (DHCP Option 60).
+                type: dict
+                keys:
+                  enabled:
+                    type: bool
+                    required: true
+                  auth_only:
+                    type: bool
       aaa:
         type: dict
         description: Configure AAA parameters.