Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_cli_config_gen): Add support for radius proxy #4965

Open
1 task done
kmueller68 opened this issue Feb 3, 2025 · 0 comments
Open
1 task done

Feat(eos_cli_config_gen): Add support for radius proxy #4965

kmueller68 opened this issue Feb 3, 2025 · 0 comments
Labels
type: enhancement New feature or request

Comments

@kmueller68
Copy link
Contributor

Enhancement summary

Add support for configuring radius proxy for campus wifi and nac environments.
Radius proxy is available in EOS since 4.31.2F.
https://www.arista.com/en/support/toi/eos-4-31-2f/19037-radius-proxy
https://arista.my.site.com/AristaCommunity/s/article/Deploying-RADIUS-Proxy-on-Arista-Tunnel-Aggregator-Switches

We will start using this function now in two current campus lan & wifi projects on the central tunnel-aggregator VTEP switches.

Which component of AVD is impacted

eos_cli_config_gen

Use case example

radius proxy
   dynamic-authorization
   client key 7 0870151C514A5243445E
   client session idle-timeout 60 seconds
   !
   client group cg1
      client ipv4 1.1.1.1 vrf red
      client ipv4 10.10.10.0/24 vrf red key 7 065F57761A1B5D4A5746
      client ipv6 A:B:C:D:E:F:G:H vrf red key 7 065F57761A1B5D4A5746
      client ipv6 A:B:C:D:E:F:G:H/I vrf red
      client host hostname vrf blue key 7 014254570F5E5058791517
      server group sg1 sg2 sg3

Describe the solution you would like


radius_proxy:
  client_groups:
    - group: <str; unique>
      server_group: <str;	multiple group names separated by space>

      # Encrypted key - only type 7 supported.
      key: <str; optional>

      hosts:
        # Hostname
        - host:  <str; unique>
          vrf: <str; required>
          # Encrypted key - only type 7 supported.
          key: <str; optional>

      prefixes_ipv4:
        # IPv4 address "A.B.C.D" or prefix "A.B.C.D/E"
        - prefix: <str; unique>
          vrf: <str; required>
          # Encrypted key - only type 7 supported.
          key: <str; optional>

      prefixes_ipv6:
        # IPv6 address "A:B:C:D:E:F:G:H" prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; unique>
          vrf: <str; required>
          # Encrypted key - only type 7 supported.
          key: <str; optional>

  # Encrypted key - only type 7 supported.
  client_key: <str>

  client_session_idle_timeout: <int; 1 - 86400 seconds>

  dynamic_authorization: <bool>

Describe alternatives you have considered

eos_cli does the job but it's not pretty.

Additional context

No response

Contributing Guide

  • I agree to follow this project's Code of Conduct
@kmueller68 kmueller68 added the type: enhancement New feature or request label Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kmueller68