From ebcc7641c739ac22e597ee702d63d13bb21d73b5 Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Thu, 14 Mar 2024 15:19:26 +0530
Subject: [PATCH 1/7] Feat(eos_cli_config_gen): add aaa unresponsive action
 under global dot1x

---
 .../intended/configs/dot1x.cfg                |   4 +
 .../inventory/host_vars/dot1x.yml             |  11 ++
 .../eos_cli_config_gen/docs/tables/dot1x.md   |  34 +++++
 .../eos_cli_config_gen.jsonschema.json        | 128 ++++++++++++++++++
 .../schemas/eos_cli_config_gen.schema.yml     |  63 +++++++++
 .../schemas/schema_fragments/dot1x.schema.yml |  63 +++++++++
 .../eos_cli_config_gen/templates/eos/dot1x.j2 |  29 ++++
 7 files changed, 332 insertions(+)

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
index 09216430685..b433a6e1803 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
@@ -20,5 +20,9 @@ dot1x
    mac based authentication hold period 300 seconds
    radius av-pair service-type
    radius av-pair framed-mtu 1500
+aaa unresponsive phone action traffic allow
+aaa unresponsive action apply cached-results timeout 10 hours
+aaa unresponsive eap response success
+aaa unresponsive recovery action reauthenticate
 !
 end
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
index cbaae557386..91f38116976 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
@@ -10,3 +10,14 @@ dot1x:
   radius_av_pair:
     service_type: true
     framed_mtu: 1500
+  aaa:
+    unresponsive:
+      eap_response: success
+      action:
+        apply_cached_results: true
+        cached_results_timeout:
+          time_duration: 10
+          time_duration_unit: hours
+      phone_action:
+        traffic_allow: true
+      recovery_action_reauthenticate: true
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
index d65c95dd4fc..92fc03b08a2 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
@@ -18,6 +18,23 @@
     | [<samp>&nbsp;&nbsp;radius_av_pair</samp>](## "dot1x.radius_av_pair") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;service_type</samp>](## "dot1x.radius_av_pair.service_type") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;framed_mtu</samp>](## "dot1x.radius_av_pair.framed_mtu") | Integer |  |  | Min: 68<br>Max: 9236 |  |
+    | [<samp>&nbsp;&nbsp;aaa</samp>](## "dot1x.aaa") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;unresponsive</samp>](## "dot1x.aaa.unresponsive") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap_response</samp>](## "dot1x.aaa.unresponsive.eap_response") | String |  |  | Valid Values:<br>- <code>success</code><br>- <code>disabled</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "dot1x.aaa.unresponsive.action") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow_vlan</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phone_action</samp>](## "dot1x.aaa.unresponsive.phone_action") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;recovery_action_reauthenticate</samp>](## "dot1x.aaa.unresponsive.recovery_action_reauthenticate") | Boolean |  |  |  |  |
 
 === "YAML"
 
@@ -33,4 +50,21 @@
       radius_av_pair:
         service_type: <bool>
         framed_mtu: <int; 68-9236>
+      aaa:
+        unresponsive:
+          eap_response: <str; "success" | "disabled">
+          action:
+            apply_cached_results: <bool>
+            cached_results_timeout:
+              time_duration: <int; >=1>
+              time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
+            traffic_allow: <bool>
+            traffic_allow_vlan: <int>
+          phone_action:
+            apply_cached_results: <bool>
+            cached_results_timeout:
+              time_duration: <int; >=1>
+              time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
+            traffic_allow: <bool>
+          recovery_action_reauthenticate: <bool>
     ```
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
index ce76381f42f..1af3f97a40d 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
@@ -2136,6 +2136,134 @@
             "^_.+$": {}
           },
           "title": "Radius Av Pair"
+        },
+        "aaa": {
+          "type": "object",
+          "properties": {
+            "unresponsive": {
+              "type": "object",
+              "properties": {
+                "eap_response": {
+                  "type": "string",
+                  "enum": [
+                    "success",
+                    "disabled"
+                  ],
+                  "title": "Eap Response"
+                },
+                "action": {
+                  "type": "object",
+                  "properties": {
+                    "apply_cached_results": {
+                      "type": "boolean",
+                      "title": "Apply Cached Results"
+                    },
+                    "cached_results_timeout": {
+                      "type": "object",
+                      "properties": {
+                        "time_duration": {
+                          "type": "integer",
+                          "minimum": 1,
+                          "title": "Time Duration"
+                        },
+                        "time_duration_unit": {
+                          "type": "string",
+                          "enum": [
+                            "days",
+                            "hours",
+                            "minutes",
+                            "seconds"
+                          ],
+                          "title": "Time Duration Unit"
+                        }
+                      },
+                      "required": [
+                        "time_duration_unit"
+                      ],
+                      "additionalProperties": false,
+                      "patternProperties": {
+                        "^_.+$": {}
+                      },
+                      "title": "Cached Results Timeout"
+                    },
+                    "traffic_allow": {
+                      "type": "boolean",
+                      "title": "Traffic Allow"
+                    },
+                    "traffic_allow_vlan": {
+                      "type": "integer",
+                      "title": "Traffic Allow VLAN"
+                    }
+                  },
+                  "additionalProperties": false,
+                  "patternProperties": {
+                    "^_.+$": {}
+                  },
+                  "title": "Action"
+                },
+                "phone_action": {
+                  "type": "object",
+                  "properties": {
+                    "apply_cached_results": {
+                      "type": "boolean",
+                      "title": "Apply Cached Results"
+                    },
+                    "cached_results_timeout": {
+                      "type": "object",
+                      "properties": {
+                        "time_duration": {
+                          "type": "integer",
+                          "minimum": 1,
+                          "title": "Time Duration"
+                        },
+                        "time_duration_unit": {
+                          "type": "string",
+                          "enum": [
+                            "days",
+                            "hours",
+                            "minutes",
+                            "seconds"
+                          ],
+                          "title": "Time Duration Unit"
+                        }
+                      },
+                      "required": [
+                        "time_duration_unit"
+                      ],
+                      "additionalProperties": false,
+                      "patternProperties": {
+                        "^_.+$": {}
+                      },
+                      "title": "Cached Results Timeout"
+                    },
+                    "traffic_allow": {
+                      "type": "boolean",
+                      "title": "Traffic Allow"
+                    }
+                  },
+                  "additionalProperties": false,
+                  "patternProperties": {
+                    "^_.+$": {}
+                  },
+                  "title": "Phone Action"
+                },
+                "recovery_action_reauthenticate": {
+                  "type": "boolean",
+                  "title": "Recovery Action Reauthenticate"
+                }
+              },
+              "additionalProperties": false,
+              "patternProperties": {
+                "^_.+$": {}
+              },
+              "title": "Unresponsive"
+            }
+          },
+          "additionalProperties": false,
+          "patternProperties": {
+            "^_.+$": {}
+          },
+          "title": "AAA"
         }
       },
       "additionalProperties": false,
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
index b47268f401f..3a7e1c5a0cc 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
@@ -1521,6 +1521,69 @@ keys:
             max: 9236
             convert_types:
             - str
+      aaa:
+        type: dict
+        keys:
+          unresponsive:
+            type: dict
+            keys:
+              eap_response:
+                type: str
+                valid_values:
+                - success
+                - disabled
+              action:
+                type: dict
+                keys:
+                  apply_cached_results:
+                    type: bool
+                  cached_results_timeout:
+                    type: dict
+                    keys:
+                      time_duration:
+                        type: int
+                        convert_types:
+                        - str
+                        min: 1
+                      time_duration_unit:
+                        type: str
+                        required: true
+                        valid_values:
+                        - days
+                        - hours
+                        - minutes
+                        - seconds
+                  traffic_allow:
+                    type: bool
+                  traffic_allow_vlan:
+                    type: int
+                    convert_types:
+                    - str
+              phone_action:
+                type: dict
+                keys:
+                  apply_cached_results:
+                    type: bool
+                  cached_results_timeout:
+                    type: dict
+                    keys:
+                      time_duration:
+                        type: int
+                        convert_types:
+                        - str
+                        min: 1
+                      time_duration_unit:
+                        type: str
+                        required: true
+                        valid_values:
+                        - days
+                        - hours
+                        - minutes
+                        - seconds
+                  traffic_allow:
+                    type: bool
+              recovery_action_reauthenticate:
+                type: bool
   dps_interfaces:
     type: list
     primary_key: name
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
index fb0ac0a55da..921837f4683 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
@@ -44,3 +44,66 @@ keys:
             max: 9236
             convert_types:
               - str
+      aaa:
+        type: dict
+        keys:
+          unresponsive:
+            type: dict
+            keys:
+              eap_response:
+                type: str
+                valid_values:
+                  - "success"
+                  - "disabled"
+              action:
+                type: dict
+                keys:
+                  apply_cached_results:
+                    type: bool
+                  cached_results_timeout:
+                    type: dict
+                    keys:
+                      time_duration:
+                        type: int
+                        convert_types:
+                          - str
+                        min: 1
+                      time_duration_unit:
+                        type: str
+                        required: true
+                        valid_values:
+                          - "days"
+                          - "hours"
+                          - "minutes"
+                          - "seconds"
+                  traffic_allow:
+                    type: bool
+                  traffic_allow_vlan:
+                    type: int
+                    convert_types:
+                      - str
+              phone_action:
+                type: dict
+                keys:
+                  apply_cached_results:
+                    type: bool
+                  cached_results_timeout:
+                    type: dict
+                    keys:
+                      time_duration:
+                        type: int
+                        convert_types:
+                          - str
+                        min: 1
+                      time_duration_unit:
+                        type: str
+                        required: true
+                        valid_values:
+                          - "days"
+                          - "hours"
+                          - "minutes"
+                          - "seconds"
+                  traffic_allow:
+                    type: bool
+              recovery_action_reauthenticate:
+                type: bool
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
index 788c5a9466d..57d4717309b 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
@@ -37,4 +37,33 @@ dot1x
 {%             endif %}
 {%         endif %}
 {%     endif %}
+{%     if dot1x.aaa.unresponsive is arista.avd.defined %}
+{%         set aaa_config = "aaa unresponsive" %}
+{%         if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{{ aaa_config }} phone action traffic allow
+{%         elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
+{%             if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }}
+{%             else %}
+{{ aaa_config }} phone action apply cached-results
+{%             endif %}
+{%         endif %}
+{%         if dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
+{{ aaa_config }} action traffic allow
+{%         elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
+{{ aaa_config }} action traffic allow vlan {{ dot1x.aaa.unresponsive.action.traffic_allow_vlan }}
+{%         elif dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) %}
+{%             if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }}
+{%             else %}
+{{ aaa_config }} action apply cached-results
+{%             endif %}
+{%         endif %}
+{%         if dot1x.aaa.unresponsive.eap_response is arista.avd.defined %}
+{{ aaa_config }} eap response {{ dot1x.aaa.unresponsive.eap_response }}
+{%         endif %}
+{%         if dot1x.aaa.unresponsive.recovery_action_reauthenticate is arista.avd.defined(true) %}
+{{ aaa_config }} recovery action reauthenticate
+{%         endif %}
+{%     endif %}
 {% endif %}

From 8196c5abc5113c972f0ebc1bdd0bf9698afc4d7a Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Thu, 21 Mar 2024 11:27:07 +0530
Subject: [PATCH 2/7] Adding alternate apply option

---
 .../intended/configs/dot1x.cfg                |  4 +-
 .../inventory/host_vars/dot1x.yml             |  4 +-
 .../eos_cli_config_gen/docs/tables/dot1x.md   | 40 +++++++++++++++----
 .../eos_cli_config_gen.jsonschema.json        | 18 +++++++++
 .../schemas/eos_cli_config_gen.schema.yml     | 16 ++++++++
 .../schemas/schema_fragments/dot1x.schema.yml | 14 +++++++
 .../eos_cli_config_gen/templates/eos/dot1x.j2 | 25 +++++++++++-
 7 files changed, 108 insertions(+), 13 deletions(-)

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
index b433a6e1803..b5adf5e1913 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
@@ -20,8 +20,8 @@ dot1x
    mac based authentication hold period 300 seconds
    radius av-pair service-type
    radius av-pair framed-mtu 1500
-aaa unresponsive phone action traffic allow
-aaa unresponsive action apply cached-results timeout 10 hours
+aaa unresponsive phone action apply cached-results else traffic allow
+aaa unresponsive action traffic allow vlan 10
 aaa unresponsive eap response success
 aaa unresponsive recovery action reauthenticate
 !
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
index 91f38116976..907d2a55b4f 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
@@ -14,10 +14,12 @@ dot1x:
     unresponsive:
       eap_response: success
       action:
-        apply_cached_results: true
+        traffic_allow_vlan: 10
         cached_results_timeout:
           time_duration: 10
           time_duration_unit: hours
       phone_action:
+        apply_cached_results: true
         traffic_allow: true
+        apply_alternate: true
       recovery_action_reauthenticate: true
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
index 92fc03b08a2..6b812f82092 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
@@ -18,22 +18,24 @@
     | [<samp>&nbsp;&nbsp;radius_av_pair</samp>](## "dot1x.radius_av_pair") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;service_type</samp>](## "dot1x.radius_av_pair.service_type") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;framed_mtu</samp>](## "dot1x.radius_av_pair.framed_mtu") | Integer |  |  | Min: 68<br>Max: 9236 |  |
-    | [<samp>&nbsp;&nbsp;aaa</samp>](## "dot1x.aaa") | Dictionary |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;unresponsive</samp>](## "dot1x.aaa.unresponsive") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;aaa</samp>](## "dot1x.aaa") | Dictionary |  |  |  | Configure AAA parameters. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;unresponsive</samp>](## "dot1x.aaa.unresponsive") | Dictionary |  |  |  | Configure AAA timeout options. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap_response</samp>](## "dot1x.aaa.unresponsive.eap_response") | String |  |  | Valid Values:<br>- <code>success</code><br>- <code>disabled</code> |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "dot1x.aaa.unresponsive.action") | Dictionary |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "dot1x.aaa.unresponsive.action") | Dictionary |  |  |  | Set action for supplicant when AAA times out. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean |  |  |  | Use results from a previous AAA response. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow_vlan</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phone_action</samp>](## "dot1x.aaa.unresponsive.phone_action") | Dictionary |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phone_action</samp>](## "dot1x.aaa.unresponsive.phone_action") | Dictionary |  |  |  | Set action for supplicant when AAA times out. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean |  |  |  | Use results from a previous AAA response. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;recovery_action_reauthenticate</samp>](## "dot1x.aaa.unresponsive.recovery_action_reauthenticate") | Boolean |  |  |  |  |
 
 === "YAML"
@@ -50,21 +52,43 @@
       radius_av_pair:
         service_type: <bool>
         framed_mtu: <int; 68-9236>
+
+      # Configure AAA parameters.
       aaa:
+
+        # Configure AAA timeout options.
         unresponsive:
           eap_response: <str; "success" | "disabled">
+
+          # Set action for supplicant when AAA times out.
           action:
+
+            # Use results from a previous AAA response.
             apply_cached_results: <bool>
             cached_results_timeout:
               time_duration: <int; >=1>
               time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
+
+            # Apply alternate action if primary action fails.
+            apply_alternate: <bool>
+
+            # Set action for supplicant traffic when AAA times out.
             traffic_allow: <bool>
             traffic_allow_vlan: <int>
+
+          # Set action for supplicant when AAA times out.
           phone_action:
+
+            # Use results from a previous AAA response.
             apply_cached_results: <bool>
             cached_results_timeout:
               time_duration: <int; >=1>
               time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
+
+            # Apply alternate action if primary action fails.
+            apply_alternate: <bool>
+
+            # Set action for supplicant traffic when AAA times out.
             traffic_allow: <bool>
           recovery_action_reauthenticate: <bool>
     ```
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
index 1af3f97a40d..7e977db9b28 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
@@ -2139,9 +2139,11 @@
         },
         "aaa": {
           "type": "object",
+          "description": "Configure AAA parameters.",
           "properties": {
             "unresponsive": {
               "type": "object",
+              "description": "Configure AAA timeout options.",
               "properties": {
                 "eap_response": {
                   "type": "string",
@@ -2153,9 +2155,11 @@
                 },
                 "action": {
                   "type": "object",
+                  "description": "Set action for supplicant when AAA times out.",
                   "properties": {
                     "apply_cached_results": {
                       "type": "boolean",
+                      "description": "Use results from a previous AAA response.",
                       "title": "Apply Cached Results"
                     },
                     "cached_results_timeout": {
@@ -2186,8 +2190,14 @@
                       },
                       "title": "Cached Results Timeout"
                     },
+                    "apply_alternate": {
+                      "type": "boolean",
+                      "description": "Apply alternate action if primary action fails.",
+                      "title": "Apply Alternate"
+                    },
                     "traffic_allow": {
                       "type": "boolean",
+                      "description": "Set action for supplicant traffic when AAA times out.",
                       "title": "Traffic Allow"
                     },
                     "traffic_allow_vlan": {
@@ -2203,9 +2213,11 @@
                 },
                 "phone_action": {
                   "type": "object",
+                  "description": "Set action for supplicant when AAA times out.",
                   "properties": {
                     "apply_cached_results": {
                       "type": "boolean",
+                      "description": "Use results from a previous AAA response.",
                       "title": "Apply Cached Results"
                     },
                     "cached_results_timeout": {
@@ -2236,7 +2248,13 @@
                       },
                       "title": "Cached Results Timeout"
                     },
+                    "apply_alternate": {
+                      "type": "boolean",
+                      "description": "Apply alternate action if primary action fails.",
+                      "title": "Apply Alternate"
+                    },
                     "traffic_allow": {
+                      "description": "Set action for supplicant traffic when AAA times out.",
                       "type": "boolean",
                       "title": "Traffic Allow"
                     }
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
index 3a7e1c5a0cc..864494690a7 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
@@ -1523,9 +1523,11 @@ keys:
             - str
       aaa:
         type: dict
+        description: Configure AAA parameters.
         keys:
           unresponsive:
             type: dict
+            description: Configure AAA timeout options.
             keys:
               eap_response:
                 type: str
@@ -1534,9 +1536,11 @@ keys:
                 - disabled
               action:
                 type: dict
+                description: Set action for supplicant when AAA times out.
                 keys:
                   apply_cached_results:
                     type: bool
+                    description: Use results from a previous AAA response.
                   cached_results_timeout:
                     type: dict
                     keys:
@@ -1553,17 +1557,24 @@ keys:
                         - hours
                         - minutes
                         - seconds
+                  apply_alternate:
+                    type: bool
+                    description: Apply alternate action if primary action fails.
                   traffic_allow:
                     type: bool
+                    description: Set action for supplicant traffic when AAA times
+                      out.
                   traffic_allow_vlan:
                     type: int
                     convert_types:
                     - str
               phone_action:
                 type: dict
+                description: Set action for supplicant when AAA times out.
                 keys:
                   apply_cached_results:
                     type: bool
+                    description: Use results from a previous AAA response.
                   cached_results_timeout:
                     type: dict
                     keys:
@@ -1580,7 +1591,12 @@ keys:
                         - hours
                         - minutes
                         - seconds
+                  apply_alternate:
+                    type: bool
+                    description: Apply alternate action if primary action fails.
                   traffic_allow:
+                    description: Set action for supplicant traffic when AAA times
+                      out.
                     type: bool
               recovery_action_reauthenticate:
                 type: bool
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
index 921837f4683..fd9a3e1d1a2 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
@@ -46,9 +46,11 @@ keys:
               - str
       aaa:
         type: dict
+        description: Configure AAA parameters.
         keys:
           unresponsive:
             type: dict
+            description: Configure AAA timeout options.
             keys:
               eap_response:
                 type: str
@@ -57,9 +59,11 @@ keys:
                   - "disabled"
               action:
                 type: dict
+                description: Set action for supplicant when AAA times out.
                 keys:
                   apply_cached_results:
                     type: bool
+                    description: Use results from a previous AAA response.
                   cached_results_timeout:
                     type: dict
                     keys:
@@ -76,17 +80,23 @@ keys:
                           - "hours"
                           - "minutes"
                           - "seconds"
+                  apply_alternate:
+                    type: bool
+                    description: Apply alternate action if primary action fails.
                   traffic_allow:
                     type: bool
+                    description: Set action for supplicant traffic when AAA times out.
                   traffic_allow_vlan:
                     type: int
                     convert_types:
                       - str
               phone_action:
                 type: dict
+                description: Set action for supplicant when AAA times out.
                 keys:
                   apply_cached_results:
                     type: bool
+                    description: Use results from a previous AAA response.
                   cached_results_timeout:
                     type: dict
                     keys:
@@ -103,7 +113,11 @@ keys:
                           - "hours"
                           - "minutes"
                           - "seconds"
+                  apply_alternate:
+                    type: bool
+                    description: Apply alternate action if primary action fails.
                   traffic_allow:
+                    description: Set action for supplicant traffic when AAA times out.
                     type: bool
               recovery_action_reauthenticate:
                 type: bool
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
index 57d4717309b..fece6a6059b 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
@@ -39,7 +39,15 @@ dot1x
 {%     endif %}
 {%     if dot1x.aaa.unresponsive is arista.avd.defined %}
 {%         set aaa_config = "aaa unresponsive" %}
-{%         if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%         if dot1x.aaa.unresponsive.phone_action.apply_alternate is arista.avd.defined(true) %}
+{%             if dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) and dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                 if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }} else traffic allow
+{%                 else %}
+{{ aaa_config }} phone action apply cached-results else traffic allow
+{%                 endif %}
+{%             endif %}
+{%         elif dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
 {{ aaa_config }} phone action traffic allow
 {%         elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
 {%             if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
@@ -48,7 +56,20 @@ dot1x
 {{ aaa_config }} phone action apply cached-results
 {%             endif %}
 {%         endif %}
-{%         if dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
+{%         if dot1x.aaa.unresponsive.action.apply_alternate is arista.avd.defined(true) %}
+{%             if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                 set traffic = "traffic allow" %}
+{%             elif dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan is arista.avd.defined %}
+{%                 set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan %}
+{%             endif %}
+{%             if dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) and (dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) or dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined) %}
+{%                 if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }} else {{ traffic }}
+{%                 else %}
+{{ aaa_config }} action apply cached-results else {{ traffic }}
+{%                 endif %}
+{%             endif %}
+{%         elif dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
 {{ aaa_config }} action traffic allow
 {%         elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
 {{ aaa_config }} action traffic allow vlan {{ dot1x.aaa.unresponsive.action.traffic_allow_vlan }}

From 251bc1da3711fa1bc31db3ac26e56ccfd94e7df0 Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Thu, 21 Mar 2024 12:22:03 +0530
Subject: [PATCH 3/7] Fixing indentation and sequence

---
 .../intended/configs/dot1x.cfg                |   8 +-
 .../eos_cli_config_gen/templates/eos/dot1x.j2 | 102 +++++++++---------
 2 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
index b5adf5e1913..2b05babed3c 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
@@ -16,13 +16,13 @@ dot1x system-auth-control
 dot1x protocol lldp bypass
 dot1x dynamic-authorization
 dot1x
+   aaa unresponsive phone action apply cached-results else traffic allow
+   aaa unresponsive action traffic allow vlan 10
+   aaa unresponsive eap response success
+   aaa unresponsive recovery action reauthenticate
    mac based authentication delay 300 seconds
    mac based authentication hold period 300 seconds
    radius av-pair service-type
    radius av-pair framed-mtu 1500
-aaa unresponsive phone action apply cached-results else traffic allow
-aaa unresponsive action traffic allow vlan 10
-aaa unresponsive eap response success
-aaa unresponsive recovery action reauthenticate
 !
 end
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
index fece6a6059b..147fd3860d7 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
@@ -18,8 +18,58 @@ dot1x protocol bpdu bypass
 {%     if dot1x.dynamic_authorization is arista.avd.defined(true) %}
 dot1x dynamic-authorization
 {%     endif %}
-{%     if dot1x.mac_based_authentication is arista.avd.defined or dot1x.radius_av_pair is arista.avd.defined %}
+{%     if dot1x.mac_based_authentication is arista.avd.defined or dot1x.radius_av_pair is arista.avd.defined or dot1x.aaa.unresponsive is arista.avd.defined %}
 dot1x
+{%         if dot1x.aaa.unresponsive is arista.avd.defined %}
+{%             set aaa_config = "aaa unresponsive" %}
+{%             if dot1x.aaa.unresponsive.phone_action.apply_alternate is arista.avd.defined(true) %}
+{%                 if dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) and dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                     if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+   {{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }} else traffic allow
+{%                     else %}
+   {{ aaa_config }} phone action apply cached-results else traffic allow
+{%                     endif %}
+{%                 endif %}
+{%             elif dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+   {{ aaa_config }} phone action traffic allow
+{%             elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
+{%                 if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+   {{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }}
+{%                 else %}
+   {{ aaa_config }} phone action apply cached-results
+{%                 endif %}
+{%             endif %}
+{%             if dot1x.aaa.unresponsive.action.apply_alternate is arista.avd.defined(true) %}
+{%                 if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                     set traffic = "traffic allow" %}
+{%                 elif dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan is arista.avd.defined %}
+{%                     set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan %}
+{%                 endif %}
+{%                 if dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) and (dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) or dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined) %}
+{%                     if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+   {{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }} else {{ traffic }}
+{%                     else %}
+   {{ aaa_config }} action apply cached-results else {{ traffic }}
+{%                     endif %}
+{%                 endif %}
+{%             elif dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
+   {{ aaa_config }} action traffic allow
+{%             elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
+   {{ aaa_config }} action traffic allow vlan {{ dot1x.aaa.unresponsive.action.traffic_allow_vlan }}
+{%             elif dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) %}
+{%                 if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+   {{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }}
+{%                 else %}
+   {{ aaa_config }} action apply cached-results
+{%                 endif %}
+{%             endif %}
+{%             if dot1x.aaa.unresponsive.eap_response is arista.avd.defined %}
+   {{ aaa_config }} eap response {{ dot1x.aaa.unresponsive.eap_response }}
+{%             endif %}
+{%             if dot1x.aaa.unresponsive.recovery_action_reauthenticate is arista.avd.defined(true) %}
+   {{ aaa_config }} recovery action reauthenticate
+{%             endif %}
+{%         endif %}
 {%         if dot1x.mac_based_authentication is arista.avd.defined %}
 {%             if dot1x.mac_based_authentication.delay is arista.avd.defined %}
    mac based authentication delay {{ dot1x.mac_based_authentication.delay }} seconds
@@ -37,54 +87,4 @@ dot1x
 {%             endif %}
 {%         endif %}
 {%     endif %}
-{%     if dot1x.aaa.unresponsive is arista.avd.defined %}
-{%         set aaa_config = "aaa unresponsive" %}
-{%         if dot1x.aaa.unresponsive.phone_action.apply_alternate is arista.avd.defined(true) %}
-{%             if dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) and dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{%                 if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }} else traffic allow
-{%                 else %}
-{{ aaa_config }} phone action apply cached-results else traffic allow
-{%                 endif %}
-{%             endif %}
-{%         elif dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{{ aaa_config }} phone action traffic allow
-{%         elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
-{%             if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }}
-{%             else %}
-{{ aaa_config }} phone action apply cached-results
-{%             endif %}
-{%         endif %}
-{%         if dot1x.aaa.unresponsive.action.apply_alternate is arista.avd.defined(true) %}
-{%             if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{%                 set traffic = "traffic allow" %}
-{%             elif dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan is arista.avd.defined %}
-{%                 set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan %}
-{%             endif %}
-{%             if dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) and (dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) or dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined) %}
-{%                 if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }} else {{ traffic }}
-{%                 else %}
-{{ aaa_config }} action apply cached-results else {{ traffic }}
-{%                 endif %}
-{%             endif %}
-{%         elif dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
-{{ aaa_config }} action traffic allow
-{%         elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
-{{ aaa_config }} action traffic allow vlan {{ dot1x.aaa.unresponsive.action.traffic_allow_vlan }}
-{%         elif dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) %}
-{%             if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }}
-{%             else %}
-{{ aaa_config }} action apply cached-results
-{%             endif %}
-{%         endif %}
-{%         if dot1x.aaa.unresponsive.eap_response is arista.avd.defined %}
-{{ aaa_config }} eap response {{ dot1x.aaa.unresponsive.eap_response }}
-{%         endif %}
-{%         if dot1x.aaa.unresponsive.recovery_action_reauthenticate is arista.avd.defined(true) %}
-{{ aaa_config }} recovery action reauthenticate
-{%         endif %}
-{%     endif %}
 {% endif %}

From a22c9ed8c64fc1caeb845822e0800d8409c8cc3c Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Thu, 21 Mar 2024 16:22:40 +0530
Subject: [PATCH 4/7] Refactoring the template

---
 .../eos_cli_config_gen/templates/eos/dot1x.j2 | 72 ++++++++++---------
 1 file changed, 39 insertions(+), 33 deletions(-)

diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
index 147fd3860d7..f3e2d728bb6 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
@@ -22,46 +22,52 @@ dot1x dynamic-authorization
 dot1x
 {%         if dot1x.aaa.unresponsive is arista.avd.defined %}
 {%             set aaa_config = "aaa unresponsive" %}
-{%             if dot1x.aaa.unresponsive.phone_action.apply_alternate is arista.avd.defined(true) %}
-{%                 if dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) and dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%             if dot1x.aaa.unresponsive.phone_action is arista.avd.defined %}
+{%                 set aaa_config_phone = aaa_config ~ " phone action" %}
+{%                 if dot1x.aaa.unresponsive.phone_action.apply_alternate is arista.avd.defined(true) %}
+{%                     if dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) and dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                         set aaa_config_phone = aaa_config_phone ~ " apply cached-results" %}
+{%                         if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{%                             set aaa_config_phone = aaa_config_phone ~ " timeout " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit %}
+{%                         endif %}
+{%                         set aaa_config_phone = aaa_config_phone ~ " else traffic allow" %}
+{%                     endif %}
+{%                 elif dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                     set aaa_config_phone = aaa_config_phone ~ " traffic allow" %}
+{%                 elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
+{%                     set aaa_config_phone = aaa_config_phone ~ " apply cached-results" %}
 {%                     if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-   {{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }} else traffic allow
-{%                     else %}
-   {{ aaa_config }} phone action apply cached-results else traffic allow
+{%                         set aaa_config_phone = aaa_config_phone ~ " timeout " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit %}
 {%                     endif %}
 {%                 endif %}
-{%             elif dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-   {{ aaa_config }} phone action traffic allow
-{%             elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
-{%                 if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-   {{ aaa_config }} phone action apply cached-results timeout {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit }}
-{%                 else %}
-   {{ aaa_config }} phone action apply cached-results
-{%                 endif %}
+   {{ aaa_config_phone }}
 {%             endif %}
-{%             if dot1x.aaa.unresponsive.action.apply_alternate is arista.avd.defined(true) %}
-{%                 if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{%                     set traffic = "traffic allow" %}
-{%                 elif dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan is arista.avd.defined %}
-{%                     set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan %}
-{%                 endif %}
-{%                 if dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) and (dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) or dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined) %}
+{%             if dot1x.aaa.unresponsive.action is arista.avd.defined %}
+{%                 set aaa_config_action = aaa_config ~ " action" %}
+{%                 if dot1x.aaa.unresponsive.action.apply_alternate is arista.avd.defined(true) %}
+{%                     if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
+{%                         set traffic = "traffic allow" %}
+{%                     elif dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan is arista.avd.defined %}
+{%                         set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan %}
+{%                     endif %}
+{%                     if dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) and (dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) or dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined) %}
+{%                         set aaa_config_action = aaa_config_action ~ " apply cached-results" %}
+{%                         if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{%                             set aaa_config_action = aaa_config_action ~ " timeout " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit %}
+{%                         endif %}
+{%                         set aaa_config_action = aaa_config_action ~ " else " ~ traffic %}
+{%                     endif %}
+{%                 elif dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
+{%                     set aaa_config_action = aaa_config_action ~ " traffic allow" %}
+{%                 elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
+{%                     set aaa_config_action = aaa_config_action ~ " traffic allow vlan " ~ dot1x.aaa.unresponsive.action.traffic_allow_vlan %}
+{%                 elif dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) %}
+{%                     set aaa_config_action = aaa_config_action ~ " apply cached-results" %}
 {%                     if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-   {{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }} else {{ traffic }}
-{%                     else %}
-   {{ aaa_config }} action apply cached-results else {{ traffic }}
+{%                         set aaa_config_action = aaa_config_action ~ " timeout " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit %}
 {%                     endif %}
 {%                 endif %}
-{%             elif dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
-   {{ aaa_config }} action traffic allow
-{%             elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
-   {{ aaa_config }} action traffic allow vlan {{ dot1x.aaa.unresponsive.action.traffic_allow_vlan }}
-{%             elif dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) %}
-{%                 if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-   {{ aaa_config }} action apply cached-results timeout {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration }} {{ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit }}
-{%                 else %}
-   {{ aaa_config }} action apply cached-results
-{%                 endif %}
+   {{ aaa_config_action }}
 {%             endif %}
 {%             if dot1x.aaa.unresponsive.eap_response is arista.avd.defined %}
    {{ aaa_config }} eap response {{ dot1x.aaa.unresponsive.eap_response }}

From 0576dabdeceda06e8f5d9c6507582d26f60c2a85 Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Fri, 22 Mar 2024 11:30:07 +0530
Subject: [PATCH 5/7] Adding description for timeout and eap response

---
 .../eos_cli_config_gen/docs/tables/dot1x.md   | 20 ++++++++++++++++---
 .../eos_cli_config_gen.jsonschema.json        |  3 +++
 .../schemas/eos_cli_config_gen.schema.yml     | 19 ++++++++++++++++++
 .../schemas/schema_fragments/dot1x.schema.yml | 13 ++++++++++++
 4 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
index 6b812f82092..01a284b8ab7 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
@@ -20,11 +20,11 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;framed_mtu</samp>](## "dot1x.radius_av_pair.framed_mtu") | Integer |  |  | Min: 68<br>Max: 9236 |  |
     | [<samp>&nbsp;&nbsp;aaa</samp>](## "dot1x.aaa") | Dictionary |  |  |  | Configure AAA parameters. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;unresponsive</samp>](## "dot1x.aaa.unresponsive") | Dictionary |  |  |  | Configure AAA timeout options. |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap_response</samp>](## "dot1x.aaa.unresponsive.eap_response") | String |  |  | Valid Values:<br>- <code>success</code><br>- <code>disabled</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap_response</samp>](## "dot1x.aaa.unresponsive.eap_response") | String |  |  | Valid Values:<br>- <code>success</code><br>- <code>disabled</code> | EAP response to send. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;action</samp>](## "dot1x.aaa.unresponsive.action") | Dictionary |  |  |  | Set action for supplicant when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean |  |  |  | Use results from a previous AAA response. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 | Enable caching for a specific duration -<br><1-10000>      duration in days<br><1-14400000>   duration in minutes<br><1-240000>     duration in hours<br><1-864000000>  duration in seconds |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
@@ -32,7 +32,7 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phone_action</samp>](## "dot1x.aaa.unresponsive.phone_action") | Dictionary |  |  |  | Set action for supplicant when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean |  |  |  | Use results from a previous AAA response. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary |  |  |  |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 | Enable caching for a specific duration -<br><1-10000>      duration in days<br><1-14400000>   duration in minutes<br><1-240000>     duration in hours<br><1-864000000>  duration in seconds |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
@@ -58,6 +58,8 @@
 
         # Configure AAA timeout options.
         unresponsive:
+
+          # EAP response to send.
           eap_response: <str; "success" | "disabled">
 
           # Set action for supplicant when AAA times out.
@@ -66,6 +68,12 @@
             # Use results from a previous AAA response.
             apply_cached_results: <bool>
             cached_results_timeout:
+
+              # Enable caching for a specific duration -
+              # <1-10000>      duration in days
+              # <1-14400000>   duration in minutes
+              # <1-240000>     duration in hours
+              # <1-864000000>  duration in seconds
               time_duration: <int; >=1>
               time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
 
@@ -82,6 +90,12 @@
             # Use results from a previous AAA response.
             apply_cached_results: <bool>
             cached_results_timeout:
+
+              # Enable caching for a specific duration -
+              # <1-10000>      duration in days
+              # <1-14400000>   duration in minutes
+              # <1-240000>     duration in hours
+              # <1-864000000>  duration in seconds
               time_duration: <int; >=1>
               time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
 
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
index 7e977db9b28..6c13849fd32 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
@@ -2147,6 +2147,7 @@
               "properties": {
                 "eap_response": {
                   "type": "string",
+                  "description": "EAP response to send.",
                   "enum": [
                     "success",
                     "disabled"
@@ -2168,6 +2169,7 @@
                         "time_duration": {
                           "type": "integer",
                           "minimum": 1,
+                          "description": "Enable caching for a specific duration -\n<1-10000>      duration in days\n<1-14400000>   duration in minutes\n<1-240000>     duration in hours\n<1-864000000>  duration in seconds",
                           "title": "Time Duration"
                         },
                         "time_duration_unit": {
@@ -2226,6 +2228,7 @@
                         "time_duration": {
                           "type": "integer",
                           "minimum": 1,
+                          "description": "Enable caching for a specific duration -\n<1-10000>      duration in days\n<1-14400000>   duration in minutes\n<1-240000>     duration in hours\n<1-864000000>  duration in seconds",
                           "title": "Time Duration"
                         },
                         "time_duration_unit": {
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
index 864494690a7..c0afd06bc6b 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
@@ -1531,6 +1531,7 @@ keys:
             keys:
               eap_response:
                 type: str
+                description: EAP response to send.
                 valid_values:
                 - success
                 - disabled
@@ -1549,6 +1550,15 @@ keys:
                         convert_types:
                         - str
                         min: 1
+                        description: 'Enable caching for a specific duration -
+
+                          <1-10000>      duration in days
+
+                          <1-14400000>   duration in minutes
+
+                          <1-240000>     duration in hours
+
+                          <1-864000000>  duration in seconds'
                       time_duration_unit:
                         type: str
                         required: true
@@ -1583,6 +1593,15 @@ keys:
                         convert_types:
                         - str
                         min: 1
+                        description: 'Enable caching for a specific duration -
+
+                          <1-10000>      duration in days
+
+                          <1-14400000>   duration in minutes
+
+                          <1-240000>     duration in hours
+
+                          <1-864000000>  duration in seconds'
                       time_duration_unit:
                         type: str
                         required: true
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
index fd9a3e1d1a2..c94383d1fa2 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
@@ -54,6 +54,7 @@ keys:
             keys:
               eap_response:
                 type: str
+                description: EAP response to send.
                 valid_values:
                   - "success"
                   - "disabled"
@@ -72,6 +73,12 @@ keys:
                         convert_types:
                           - str
                         min: 1
+                        description: |-
+                          Enable caching for a specific duration -
+                          <1-10000>      duration in days
+                          <1-14400000>   duration in minutes
+                          <1-240000>     duration in hours
+                          <1-864000000>  duration in seconds
                       time_duration_unit:
                         type: str
                         required: true
@@ -105,6 +112,12 @@ keys:
                         convert_types:
                           - str
                         min: 1
+                        description: |-
+                          Enable caching for a specific duration -
+                          <1-10000>      duration in days
+                          <1-14400000>   duration in minutes
+                          <1-240000>     duration in hours
+                          <1-864000000>  duration in seconds
                       time_duration_unit:
                         type: str
                         required: true

From 40b8c24693e05cb03acc5a3a4bb98fbf18cc49fc Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Tue, 26 Mar 2024 13:09:40 +0530
Subject: [PATCH 6/7] Refactoring the template

---
 .../intended/configs/dot1x.cfg                |  2 +-
 .../inventory/host_vars/dot1x.yml             |  4 +-
 .../eos_cli_config_gen/templates/eos/dot1x.j2 | 66 +++++++------------
 3 files changed, 26 insertions(+), 46 deletions(-)

diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
index 2b05babed3c..75f72275da3 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg
@@ -16,7 +16,7 @@ dot1x system-auth-control
 dot1x protocol lldp bypass
 dot1x dynamic-authorization
 dot1x
-   aaa unresponsive phone action apply cached-results else traffic allow
+   aaa unresponsive phone action apply cached-results timeout 10 hours else traffic allow
    aaa unresponsive action traffic allow vlan 10
    aaa unresponsive eap response success
    aaa unresponsive recovery action reauthenticate
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
index 907d2a55b4f..798916187b2 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml
@@ -15,11 +15,11 @@ dot1x:
       eap_response: success
       action:
         traffic_allow_vlan: 10
+      phone_action:
+        apply_cached_results: true
         cached_results_timeout:
           time_duration: 10
           time_duration_unit: hours
-      phone_action:
-        apply_cached_results: true
         traffic_allow: true
         apply_alternate: true
       recovery_action_reauthenticate: true
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
index f3e2d728bb6..f8042db0832 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
@@ -22,52 +22,32 @@ dot1x dynamic-authorization
 dot1x
 {%         if dot1x.aaa.unresponsive is arista.avd.defined %}
 {%             set aaa_config = "aaa unresponsive" %}
-{%             if dot1x.aaa.unresponsive.phone_action is arista.avd.defined %}
-{%                 set aaa_config_phone = aaa_config ~ " phone action" %}
-{%                 if dot1x.aaa.unresponsive.phone_action.apply_alternate is arista.avd.defined(true) %}
-{%                     if dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) and dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{%                         set aaa_config_phone = aaa_config_phone ~ " apply cached-results" %}
-{%                         if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{%                             set aaa_config_phone = aaa_config_phone ~ " timeout " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit %}
+{%             if dot1x.aaa.unresponsive.phone_action is arista.avd.defined or dot1x.aaa.unresponsive.action is arista.avd.defined %}
+{%                 set actions = [{'name': 'phone_action', 'config': aaa_config ~ ' phone action'}, {'name': 'action', 'config': aaa_config ~ ' action'}] %}
+{%                 for action in actions %}
+{%                     if dot1x.aaa.unresponsive[action.name] is arista.avd.defined %}
+{%                         set aaa_action_config = action.config %}
+{%                         if dot1x.aaa.unresponsive[action.name].apply_cached_results is arista.avd.defined(true) %}
+{%                             set action_apply_config = "apply cached-results" %}
+{%                             if dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{%                                 set action_apply_config = action_apply_config ~ " timeout " ~ dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit %}
+{%                             endif %}
 {%                         endif %}
-{%                         set aaa_config_phone = aaa_config_phone ~ " else traffic allow" %}
-{%                     endif %}
-{%                 elif dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{%                     set aaa_config_phone = aaa_config_phone ~ " traffic allow" %}
-{%                 elif dot1x.aaa.unresponsive.phone_action.apply_cached_results is arista.avd.defined(true) %}
-{%                     set aaa_config_phone = aaa_config_phone ~ " apply cached-results" %}
-{%                     if dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{%                         set aaa_config_phone = aaa_config_phone ~ " timeout " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit %}
-{%                     endif %}
-{%                 endif %}
-   {{ aaa_config_phone }}
-{%             endif %}
-{%             if dot1x.aaa.unresponsive.action is arista.avd.defined %}
-{%                 set aaa_config_action = aaa_config ~ " action" %}
-{%                 if dot1x.aaa.unresponsive.action.apply_alternate is arista.avd.defined(true) %}
-{%                     if dot1x.aaa.unresponsive.phone_action.traffic_allow is arista.avd.defined(true) %}
-{%                         set traffic = "traffic allow" %}
-{%                     elif dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan is arista.avd.defined %}
-{%                         set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive.phone_action.traffic_allow_vlan %}
-{%                     endif %}
-{%                     if dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) and (dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) or dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined) %}
-{%                         set aaa_config_action = aaa_config_action ~ " apply cached-results" %}
-{%                         if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{%                             set aaa_config_action = aaa_config_action ~ " timeout " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit %}
+{%                         if dot1x.aaa.unresponsive[action.name].traffic_allow is arista.avd.defined(true) %}
+{%                             set traffic = "traffic allow" %}
+{%                         elif dot1x.aaa.unresponsive[action.name].traffic_allow_vlan is arista.avd.defined %}
+{%                             set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive[action.name].traffic_allow_vlan %}
 {%                         endif %}
-{%                         set aaa_config_action = aaa_config_action ~ " else " ~ traffic %}
-{%                     endif %}
-{%                 elif dot1x.aaa.unresponsive.action.traffic_allow is arista.avd.defined(true) %}
-{%                     set aaa_config_action = aaa_config_action ~ " traffic allow" %}
-{%                 elif dot1x.aaa.unresponsive.action.traffic_allow_vlan is arista.avd.defined %}
-{%                     set aaa_config_action = aaa_config_action ~ " traffic allow vlan " ~ dot1x.aaa.unresponsive.action.traffic_allow_vlan %}
-{%                 elif dot1x.aaa.unresponsive.action.apply_cached_results is arista.avd.defined(true) %}
-{%                     set aaa_config_action = aaa_config_action ~ " apply cached-results" %}
-{%                     if dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{%                         set aaa_config_action = aaa_config_action ~ " timeout " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit %}
+{%                         if dot1x.aaa.unresponsive[action.name].apply_alternate is arista.avd.defined(true) and action_apply_config is arista.avd.defined and traffic is arista.avd.defined %}
+{%                             set aaa_action_config = aaa_action_config ~ " " ~ action_apply_config ~ " else " ~ traffic %}
+{%                         elif action_apply_config is arista.avd.defined %}
+{%                             set aaa_action_config = aaa_action_config ~ " " ~ action_apply_config %}
+{%                         elif traffic is arista.avd.defined %}
+{%                             set aaa_action_config = aaa_action_config ~ " " ~ traffic %}
+{%                         endif %}
+   {{ aaa_action_config }}
 {%                     endif %}
-{%                 endif %}
-   {{ aaa_config_action }}
+{%                 endfor %}
 {%             endif %}
 {%             if dot1x.aaa.unresponsive.eap_response is arista.avd.defined %}
    {{ aaa_config }} eap response {{ dot1x.aaa.unresponsive.eap_response }}

From 32b410ed33732e9596506986c3af720d1914d267 Mon Sep 17 00:00:00 2001
From: Shivani-gslab <schourasiya-ext@arista.com>
Date: Mon, 8 Apr 2024 15:04:07 +0530
Subject: [PATCH 7/7] Adding min-max range for vlan and updating template to
 fix incomplete config generation

---
 .../eos_cli_config_gen/docs/tables/dot1x.md   | 10 +++--
 .../eos_cli_config_gen.jsonschema.json        |  6 ++-
 .../schemas/eos_cli_config_gen.schema.yml     | 12 +++++-
 .../schemas/schema_fragments/dot1x.schema.yml | 10 ++++-
 .../eos_cli_config_gen/templates/eos/dot1x.j2 | 38 ++++++++++---------
 5 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
index 01a284b8ab7..05736d45bca 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md
@@ -26,15 +26,15 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 | Enable caching for a specific duration -<br><1-10000>      duration in days<br><1-14400000>   duration in minutes<br><1-240000>     duration in hours<br><1-864000000>  duration in seconds |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails.<br>eg. aaa unresponsive action apply cached-results else traffic allow |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow_vlan</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow_vlan</samp>](## "dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer |  |  | Min: 1<br>Max: 4094 |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;phone_action</samp>](## "dot1x.aaa.unresponsive.phone_action") | Dictionary |  |  |  | Set action for supplicant when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_cached_results</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean |  |  |  | Use results from a previous AAA response. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cached_results_timeout</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer |  |  | Min: 1 | Enable caching for a specific duration -<br><1-10000>      duration in days<br><1-14400000>   duration in minutes<br><1-240000>     duration in hours<br><1-864000000>  duration in seconds |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;time_duration_unit</samp>](## "dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required |  | Valid Values:<br>- <code>days</code><br>- <code>hours</code><br>- <code>minutes</code><br>- <code>seconds</code> |  |
-    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;apply_alternate</samp>](## "dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean |  |  |  | Apply alternate action if primary action fails.<br>eg. aaa unresponsive phone action apply cached-results else traffic allow |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;recovery_action_reauthenticate</samp>](## "dot1x.aaa.unresponsive.recovery_action_reauthenticate") | Boolean |  |  |  |  |
 
@@ -78,11 +78,12 @@
               time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
 
             # Apply alternate action if primary action fails.
+            # eg. aaa unresponsive action apply cached-results else traffic allow
             apply_alternate: <bool>
 
             # Set action for supplicant traffic when AAA times out.
             traffic_allow: <bool>
-            traffic_allow_vlan: <int>
+            traffic_allow_vlan: <int; 1-4094>
 
           # Set action for supplicant when AAA times out.
           phone_action:
@@ -100,6 +101,7 @@
               time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
 
             # Apply alternate action if primary action fails.
+            # eg. aaa unresponsive phone action apply cached-results else traffic allow
             apply_alternate: <bool>
 
             # Set action for supplicant traffic when AAA times out.
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
index 6c13849fd32..3f89231b0e4 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
@@ -2194,7 +2194,7 @@
                     },
                     "apply_alternate": {
                       "type": "boolean",
-                      "description": "Apply alternate action if primary action fails.",
+                      "description": "Apply alternate action if primary action fails.\neg. aaa unresponsive action apply cached-results else traffic allow",
                       "title": "Apply Alternate"
                     },
                     "traffic_allow": {
@@ -2204,6 +2204,8 @@
                     },
                     "traffic_allow_vlan": {
                       "type": "integer",
+                      "minimum": 1,
+                      "maximum": 4094,
                       "title": "Traffic Allow VLAN"
                     }
                   },
@@ -2253,7 +2255,7 @@
                     },
                     "apply_alternate": {
                       "type": "boolean",
-                      "description": "Apply alternate action if primary action fails.",
+                      "description": "Apply alternate action if primary action fails.\neg. aaa unresponsive phone action apply cached-results else traffic allow",
                       "title": "Apply Alternate"
                     },
                     "traffic_allow": {
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
index c0afd06bc6b..4ee392e7a69 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
@@ -1569,7 +1569,10 @@ keys:
                         - seconds
                   apply_alternate:
                     type: bool
-                    description: Apply alternate action if primary action fails.
+                    description: 'Apply alternate action if primary action fails.
+
+                      eg. aaa unresponsive action apply cached-results else traffic
+                      allow'
                   traffic_allow:
                     type: bool
                     description: Set action for supplicant traffic when AAA times
@@ -1578,6 +1581,8 @@ keys:
                     type: int
                     convert_types:
                     - str
+                    min: 1
+                    max: 4094
               phone_action:
                 type: dict
                 description: Set action for supplicant when AAA times out.
@@ -1612,7 +1617,10 @@ keys:
                         - seconds
                   apply_alternate:
                     type: bool
-                    description: Apply alternate action if primary action fails.
+                    description: 'Apply alternate action if primary action fails.
+
+                      eg. aaa unresponsive phone action apply cached-results else
+                      traffic allow'
                   traffic_allow:
                     description: Set action for supplicant traffic when AAA times
                       out.
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
index c94383d1fa2..5415e951114 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/dot1x.schema.yml
@@ -89,7 +89,9 @@ keys:
                           - "seconds"
                   apply_alternate:
                     type: bool
-                    description: Apply alternate action if primary action fails.
+                    description: |-
+                      Apply alternate action if primary action fails.
+                      eg. aaa unresponsive action apply cached-results else traffic allow
                   traffic_allow:
                     type: bool
                     description: Set action for supplicant traffic when AAA times out.
@@ -97,6 +99,8 @@ keys:
                     type: int
                     convert_types:
                       - str
+                    min: 1
+                    max: 4094
               phone_action:
                 type: dict
                 description: Set action for supplicant when AAA times out.
@@ -128,7 +132,9 @@ keys:
                           - "seconds"
                   apply_alternate:
                     type: bool
-                    description: Apply alternate action if primary action fails.
+                    description: |-
+                      Apply alternate action if primary action fails.
+                      eg. aaa unresponsive phone action apply cached-results else traffic allow
                   traffic_allow:
                     description: Set action for supplicant traffic when AAA times out.
                     type: bool
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
index f8042db0832..c9bfabedbda 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/dot1x.j2
@@ -27,25 +27,29 @@ dot1x
 {%                 for action in actions %}
 {%                     if dot1x.aaa.unresponsive[action.name] is arista.avd.defined %}
 {%                         set aaa_action_config = action.config %}
-{%                         if dot1x.aaa.unresponsive[action.name].apply_cached_results is arista.avd.defined(true) %}
-{%                             set action_apply_config = "apply cached-results" %}
-{%                             if dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit is arista.avd.defined %}
-{%                                 set action_apply_config = action_apply_config ~ " timeout " ~ dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit %}
+{%                         if dot1x.aaa.unresponsive[action.name].apply_cached_results is arista.avd.defined(true) or
+                              dot1x.aaa.unresponsive[action.name].traffic_allow is arista.avd.defined(true) or
+                              dot1x.aaa.unresponsive[action.name].traffic_allow_vlan is arista.avd.defined %}
+{%                             if dot1x.aaa.unresponsive[action.name].apply_cached_results is arista.avd.defined(true) %}
+{%                                 set action_apply_config = "apply cached-results" %}
+{%                                 if dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration is arista.avd.defined and dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit is arista.avd.defined %}
+{%                                     set action_apply_config = action_apply_config ~ " timeout " ~ dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration ~ " " ~ dot1x.aaa.unresponsive[action.name].cached_results_timeout.time_duration_unit %}
+{%                                 endif %}
+{%                             endif %}
+{%                             if dot1x.aaa.unresponsive[action.name].traffic_allow is arista.avd.defined(true) %}
+{%                                 set traffic = "traffic allow" %}
+{%                             elif dot1x.aaa.unresponsive[action.name].traffic_allow_vlan is arista.avd.defined %}
+{%                                 set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive[action.name].traffic_allow_vlan %}
+{%                             endif %}
+{%                             if dot1x.aaa.unresponsive[action.name].apply_alternate is arista.avd.defined(true) and action_apply_config is arista.avd.defined and traffic is arista.avd.defined %}
+{%                                 set aaa_action_config = aaa_action_config ~ " " ~ action_apply_config ~ " else " ~ traffic %}
+{%                             elif action_apply_config is arista.avd.defined %}
+{%                                 set aaa_action_config = aaa_action_config ~ " " ~ action_apply_config %}
+{%                             elif traffic is arista.avd.defined %}
+{%                                 set aaa_action_config = aaa_action_config ~ " " ~ traffic %}
 {%                             endif %}
-{%                         endif %}
-{%                         if dot1x.aaa.unresponsive[action.name].traffic_allow is arista.avd.defined(true) %}
-{%                             set traffic = "traffic allow" %}
-{%                         elif dot1x.aaa.unresponsive[action.name].traffic_allow_vlan is arista.avd.defined %}
-{%                             set traffic = "traffic allow vlan " ~ dot1x.aaa.unresponsive[action.name].traffic_allow_vlan %}
-{%                         endif %}
-{%                         if dot1x.aaa.unresponsive[action.name].apply_alternate is arista.avd.defined(true) and action_apply_config is arista.avd.defined and traffic is arista.avd.defined %}
-{%                             set aaa_action_config = aaa_action_config ~ " " ~ action_apply_config ~ " else " ~ traffic %}
-{%                         elif action_apply_config is arista.avd.defined %}
-{%                             set aaa_action_config = aaa_action_config ~ " " ~ action_apply_config %}
-{%                         elif traffic is arista.avd.defined %}
-{%                             set aaa_action_config = aaa_action_config ~ " " ~ traffic %}
-{%                         endif %}
    {{ aaa_action_config }}
+{%                         endif %}
 {%                     endif %}
 {%                 endfor %}
 {%             endif %}