Feat(eos_cli_config_gen): Add support for dot1x captive portal and supplicant commands

ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/dot1x.md

@@ -56,3 +56,27 @@ interface Management1
 | Service type | Framed MTU |
 | ------------ | ---------- |
 | True | 1500 |
+
+#### 802.1X Captive-portal authentication
+
+| Authentication Attribute | Value |
+| ------------------------ | ----- |
+| URL | http://portal-nacm08/captiveredirect/ |
+| SSL profile | Profile1 |
+| IPv4 Access-list | ACL |
+| Start limit | Infinite |
+
+#### 802.1X Dot1x supplicant
+
+| Attribute | Value |
+| --------- | ----- |
+| Logging | True |
+| Disconnect cached-results timeout | 79 seconds |
+
+##### 802.1X Dot1x supplicant profiles
+
+| Profile | EAP Method | Identity | SSL Profile |
+| ------- | ---------- | -------- | ----------- |
+| Profile1 | tls | user_id1 | PF1 |
+| Profile2 | - | user_id2 | - |
+| Profile3 | - | - | PF2 |

ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/dot1x.cfg

@@ -16,6 +16,18 @@ dot1x system-auth-control
 dot1x protocol lldp bypass
 dot1x dynamic-authorization
 dot1x
+   supplicant profile Profile1
+      identity user_id1
+      eap-method tls
+      passphrase 0 1048080A02
+      ssl profile PF1
+   !
+   supplicant profile Profile2
+      identity user_id2
+      passphrase 7 1048080A01
+   !
+   supplicant profile Profile3
+      ssl profile PF2
    aaa unresponsive phone action apply cached-results timeout 10 hours else traffic allow
    aaa unresponsive action traffic allow vlan 10
    aaa unresponsive eap response success
@@ -25,5 +37,10 @@ dot1x
    mac based authentication hold period 300 seconds
    radius av-pair service-type
    radius av-pair framed-mtu 1500
+   supplicant disconnect cached-results timeout 79 seconds
+   captive-portal url http://portal-nacm08/captiveredirect/ ssl profile Profile1
+   captive-portal access-list ipv4 ACL
+   captive-portal start limit infinite
+   supplicant logging
 !
 end

ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/dot1x.yml

@@ -24,3 +24,24 @@ dot1x:
         apply_alternate: true
       recovery_action_reauthenticate: true
     accounting_update_interval: 6
+  captive_portal:
+    enabled: true
+    url: http://portal-nacm08/captiveredirect/
+    ssl_profile: Profile1
+    start_limit_infinite: true
+    access_list_ipv4: ACL
+  supplicant:
+    profiles:
+      - name: Profile1
+        eap_method: tls
+        identity: user_id1
+        passphrase_type: 0
+        passphrase: 1048080A02
+        ssl_profile: PF1
+      - name: Profile2
+        identity: user_id2
+        passphrase: 1048080A01
+      - name: Profile3
+        ssl_profile: PF2
+    logging: true
+    disconnect_cached_results_timeout: 79

ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/dot1x.md

@@ -38,6 +38,22 @@
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;traffic_allow</samp>](## "dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean |  |  |  | Set action for supplicant traffic when AAA times out. |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;recovery_action_reauthenticate</samp>](## "dot1x.aaa.unresponsive.recovery_action_reauthenticate") | Boolean |  |  |  |  |
     | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;accounting_update_interval</samp>](## "dot1x.aaa.accounting_update_interval") | Integer |  |  | Min: 5<br>Max: 65535 | Interval period in seconds. |
+    | [<samp>&nbsp;&nbsp;captive_portal</samp>](## "dot1x.captive_portal") | Dictionary |  |  |  | Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;enabled</samp>](## "dot1x.captive_portal.enabled") | Boolean |  |  |  | The `enabled` key is mutually exclusive with `url` and `ssl_profile`. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;url</samp>](## "dot1x.captive_portal.url") | String |  |  |  | Supported URL type:<br>  - http: http://<hostname>[:<port>]<br>  - https: https://<hostname>[:<port>] |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;ssl_profile</samp>](## "dot1x.captive_portal.ssl_profile") | String |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;start_limit_infinite</samp>](## "dot1x.captive_portal.start_limit_infinite") | Boolean |  |  |  | Set captive-portal start limit to infinte. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;access_list_ipv4</samp>](## "dot1x.captive_portal.access_list_ipv4") | String |  |  |  | Standard access-list name. |
+    | [<samp>&nbsp;&nbsp;supplicant</samp>](## "dot1x.supplicant") | Dictionary |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;profiles</samp>](## "dot1x.supplicant.profiles") | List, items: Dictionary |  |  |  | Dot1x supplicant profiles. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;name</samp>](## "dot1x.supplicant.profiles.[].name") | String | Required, Unique |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;eap_method</samp>](## "dot1x.supplicant.profiles.[].eap_method") | String |  |  | Valid Values:<br>- <code>fast</code><br>- <code>tls</code> | Extensible Authentication Protocol method:<br>  - EAP Flexible Authentication via Secure Tunneling.<br>  - EAP with Transport Layer Security. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;identity</samp>](## "dot1x.supplicant.profiles.[].identity") | String |  |  |  | User identity. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;passphrase_type</samp>](## "dot1x.supplicant.profiles.[].passphrase_type") | String |  | `7` | Valid Values:<br>- <code>0</code><br>- <code>7</code><br>- <code>8a</code> |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;passphrase</samp>](## "dot1x.supplicant.profiles.[].passphrase") | String |  |  |  | Extensible Authentication Protocol password. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ssl_profile</samp>](## "dot1x.supplicant.profiles.[].ssl_profile") | String |  |  |  |  |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;logging</samp>](## "dot1x.supplicant.logging") | Boolean |  |  |  | Enable supplicant logging. |
+    | [<samp>&nbsp;&nbsp;&nbsp;&nbsp;disconnect_cached_results_timeout</samp>](## "dot1x.supplicant.disconnect_cached_results_timeout") | Integer |  |  | Min: 60<br>Max: 65535 | Timeout in seconds for removing a disconnected supplicant. |
 
 === "YAML"
 
@@ -111,4 +127,46 @@
 
         # Interval period in seconds.
         accounting_update_interval: <int; 5-65535>
+
+      # Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal.
+      captive_portal:
+
+        # The `enabled` key is mutually exclusive with `url` and `ssl_profile`.
+        enabled: <bool>
+
+        # Supported URL type:
+        #   - http: http://<hostname>[:<port>]
+        #   - https: https://<hostname>[:<port>]
+        url: <str>
+        ssl_profile: <str>
+
+        # Set captive-portal start limit to infinte.
+        start_limit_infinite: <bool>
+
+        # Standard access-list name.
+        access_list_ipv4: <str>
+      supplicant:
+
+        # Dot1x supplicant profiles.
+        profiles:
+          - name: <str; required; unique>
+
+            # Extensible Authentication Protocol method:
+            #   - EAP Flexible Authentication via Secure Tunneling.
+            #   - EAP with Transport Layer Security.
+            eap_method: <str; "fast" | "tls">
+
+            # User identity.
+            identity: <str>
+            passphrase_type: <str; "0" | "7" | "8a"; default="7">
+
+            # Extensible Authentication Protocol password.
+            passphrase: <str>
+            ssl_profile: <str>
+
+        # Enable supplicant logging.
+        logging: <bool>
+
+        # Timeout in seconds for removing a disconnected supplicant.
+        disconnect_cached_results_timeout: <int; 60-65535>
     ```