diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ethernet-interfaces.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ethernet-interfaces.md
index 1d4845fede8..7a067277950 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ethernet-interfaces.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/ethernet-interfaces.md
@@ -266,7 +266,7 @@
| [ - from](## "ethernet_interfaces.[].vlan_translations.[].from") | String | | | | List of vlans as string (only one vlan if direction is "both"). |
| [ to](## "ethernet_interfaces.[].vlan_translations.[].to") | Integer | | | | VLAN ID. |
| [ direction](## "ethernet_interfaces.[].vlan_translations.[].direction") | String | | `both` | Valid Values:
- in
- out
- both | |
- | [ dot1x](## "ethernet_interfaces.[].dot1x") | Dictionary | | | | |
+ | [ dot1x](## "ethernet_interfaces.[].dot1x") | Dictionary | | | | 802.1x |
| [ port_control](## "ethernet_interfaces.[].dot1x.port_control") | String | | | Valid Values:
- auto
- force-authorized
- force-unauthorized | |
| [ port_control_force_authorized_phone](## "ethernet_interfaces.[].dot1x.port_control_force_authorized_phone") | Boolean | | | | |
| [ reauthentication](## "ethernet_interfaces.[].dot1x.reauthentication") | Boolean | | | | |
@@ -1038,6 +1038,8 @@
# VLAN ID.
to:
direction:
+
+ # 802.1x
dot1x:
port_control:
port_control_force_authorized_phone:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/connected-endpoints.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/connected-endpoints.md
index 0f404a257f5..2e122f788f8 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/connected-endpoints.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/connected-endpoints.md
@@ -66,16 +66,41 @@
| [ enabled](## ".[].adapters.[].dot1x.mac_based_authentication.enabled") | Boolean | | | | |
| [ always](## ".[].adapters.[].dot1x.mac_based_authentication.always") | Boolean | | | | |
| [ host_mode_common](## ".[].adapters.[].dot1x.mac_based_authentication.host_mode_common") | Boolean | | | | |
+ | [ mac_based_access_list](## ".[].adapters.[].dot1x.mac_based_access_list") | Boolean | | | | Operate interface in per-mac access-list mode. |
| [ timeout](## ".[].adapters.[].dot1x.timeout") | Dictionary | | | | |
| [ idle_host](## ".[].adapters.[].dot1x.timeout.idle_host") | Integer | | | Min: 10
Max: 65535 | |
| [ quiet_period](## ".[].adapters.[].dot1x.timeout.quiet_period") | Integer | | | Min: 1
Max: 65535 | |
- | [ reauth_period](## ".[].adapters.[].dot1x.timeout.reauth_period") | String | | | | Range 60-4294967295 or "server". |
+ | [ reauth_period](## ".[].adapters.[].dot1x.timeout.reauth_period") | String | | | | Value can be 60-4294967295 or 'server'. |
| [ reauth_timeout_ignore](## ".[].adapters.[].dot1x.timeout.reauth_timeout_ignore") | Boolean | | | | |
| [ tx_period](## ".[].adapters.[].dot1x.timeout.tx_period") | Integer | | | Min: 1
Max: 65535 | |
| [ reauthorization_request_limit](## ".[].adapters.[].dot1x.reauthorization_request_limit") | Integer | | | Min: 1
Max: 10 | |
| [ unauthorized](## ".[].adapters.[].dot1x.unauthorized") | Dictionary | | | | |
| [ access_vlan_membership_egress](## ".[].adapters.[].dot1x.unauthorized.access_vlan_membership_egress") | Boolean | | | | |
| [ native_vlan_membership_egress](## ".[].adapters.[].dot1x.unauthorized.native_vlan_membership_egress") | Boolean | | | | |
+ | [ eapol](## ".[].adapters.[].dot1x.eapol") | Dictionary | | | | |
+ | [ disabled](## ".[].adapters.[].dot1x.eapol.disabled") | Boolean | | | | |
+ | [ authentication_failure_fallback_mba](## ".[].adapters.[].dot1x.eapol.authentication_failure_fallback_mba") | Dictionary | | | | |
+ | [ enabled](## ".[].adapters.[].dot1x.eapol.authentication_failure_fallback_mba.enabled") | Boolean | | | | |
+ | [ timeout](## ".[].adapters.[].dot1x.eapol.authentication_failure_fallback_mba.timeout") | Integer | | | Min: 0
Max: 65535 | |
+ | [ aaa](## ".[].adapters.[].dot1x.aaa") | Dictionary | | | | |
+ | [ unresponsive](## ".[].adapters.[].dot1x.aaa.unresponsive") | Dictionary | | | | Configure AAA timeout options. |
+ | [ eap_response](## ".[].adapters.[].dot1x.aaa.unresponsive.eap_response") | String | | | Valid Values:
- success
- disabled | EAP response to send. EOS default is `success`. |
+ | [ action](## ".[].adapters.[].dot1x.aaa.unresponsive.action") | Dictionary | | | | Set action for supplicant when AAA times out. |
+ | [ traffic_allow_access_list](## ".[].adapters.[].dot1x.aaa.unresponsive.action.traffic_allow_access_list") | String | | | | Name of standard access-list to apply when AAA times out. |
+ | [ apply_cached_results](## ".[].adapters.[].dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean | | | | Use results from a previous AAA response. |
+ | [ cached_results_timeout](## ".[].adapters.[].dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary | | | | |
+ | [ time_duration](## ".[].adapters.[].dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer | | | Min: 1 | Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds |
+ | [ time_duration_unit](## ".[].adapters.[].dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required | | Valid Values:
- days
- hours
- minutes
- seconds | |
+ | [ apply_alternate](## ".[].adapters.[].dot1x.aaa.unresponsive.action.apply_alternate") | Boolean | | | | Apply alternate action if primary action fails.
eg. aaa unresponsive action apply cached-results else traffic allow |
+ | [ traffic_allow](## ".[].adapters.[].dot1x.aaa.unresponsive.action.traffic_allow") | Boolean | | | | Set action for supplicant traffic when AAA times out. |
+ | [ traffic_allow_vlan](## ".[].adapters.[].dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer | | | Min: 1
Max: 4094 | |
+ | [ phone_action](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action") | Dictionary | | | | Set action for supplicant when AAA times out. |
+ | [ apply_cached_results](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean | | | | Use results from a previous AAA response. |
+ | [ cached_results_timeout](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary | | | | |
+ | [ time_duration](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer | | | Min: 1 | Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds |
+ | [ time_duration_unit](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required | | Valid Values:
- days
- hours
- minutes
- seconds | |
+ | [ apply_alternate](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean | | | | Apply alternate action if primary action fails.
eg. aaa unresponsive phone action apply cached-results else traffic allow |
+ | [ traffic_allow](## ".[].adapters.[].dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean | | | | Set action for supplicant traffic when AAA times out. |
| [ poe](## ".[].adapters.[].poe") | Dictionary | | | | Power Over Ethernet settings applied on port. Only configured if platform supports PoE. |
| [ disabled](## ".[].adapters.[].poe.disabled") | Boolean | | `False` | | Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS. |
| [ priority](## ".[].adapters.[].poe.priority") | String | | | Valid Values:
- critical
- high
- medium
- low | Prioritize a port's power in the event that one of the switch's power supplies loses power. |
@@ -319,11 +344,14 @@
enabled:
always:
host_mode_common:
+
+ # Operate interface in per-mac access-list mode.
+ mac_based_access_list:
timeout:
idle_host:
quiet_period:
- # Range 60-4294967295 or "server".
+ # Value can be 60-4294967295 or 'server'.
reauth_period:
reauth_timeout_ignore:
tx_period:
@@ -331,6 +359,66 @@
unauthorized:
access_vlan_membership_egress:
native_vlan_membership_egress:
+ eapol:
+ disabled:
+ authentication_failure_fallback_mba:
+ enabled:
+ timeout:
+ aaa:
+
+ # Configure AAA timeout options.
+ unresponsive:
+
+ # EAP response to send. EOS default is `success`.
+ eap_response:
+
+ # Set action for supplicant when AAA times out.
+ action:
+
+ # Name of standard access-list to apply when AAA times out.
+ traffic_allow_access_list:
+
+ # Use results from a previous AAA response.
+ apply_cached_results:
+ cached_results_timeout:
+
+ # Enable caching for a specific duration -
+ # <1-10000> duration in days
+ # <1-14400000> duration in minutes
+ # <1-240000> duration in hours
+ # <1-864000000> duration in seconds
+ time_duration: =1>
+ time_duration_unit:
+
+ # Apply alternate action if primary action fails.
+ # eg. aaa unresponsive action apply cached-results else traffic allow
+ apply_alternate:
+
+ # Set action for supplicant traffic when AAA times out.
+ traffic_allow:
+ traffic_allow_vlan:
+
+ # Set action for supplicant when AAA times out.
+ phone_action:
+
+ # Use results from a previous AAA response.
+ apply_cached_results:
+ cached_results_timeout:
+
+ # Enable caching for a specific duration -
+ # <1-10000> duration in days
+ # <1-14400000> duration in minutes
+ # <1-240000> duration in hours
+ # <1-864000000> duration in seconds
+ time_duration: =1>
+ time_duration_unit:
+
+ # Apply alternate action if primary action fails.
+ # eg. aaa unresponsive phone action apply cached-results else traffic allow
+ apply_alternate:
+
+ # Set action for supplicant traffic when AAA times out.
+ traffic_allow:
# Power Over Ethernet settings applied on port. Only configured if platform supports PoE.
poe:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-ports.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-ports.md
index e41613d7cc7..55fef548e12 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-ports.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-ports.md
@@ -61,16 +61,41 @@
| [ enabled](## "network_ports.[].dot1x.mac_based_authentication.enabled") | Boolean | | | | |
| [ always](## "network_ports.[].dot1x.mac_based_authentication.always") | Boolean | | | | |
| [ host_mode_common](## "network_ports.[].dot1x.mac_based_authentication.host_mode_common") | Boolean | | | | |
+ | [ mac_based_access_list](## "network_ports.[].dot1x.mac_based_access_list") | Boolean | | | | Operate interface in per-mac access-list mode. |
| [ timeout](## "network_ports.[].dot1x.timeout") | Dictionary | | | | |
| [ idle_host](## "network_ports.[].dot1x.timeout.idle_host") | Integer | | | Min: 10
Max: 65535 | |
| [ quiet_period](## "network_ports.[].dot1x.timeout.quiet_period") | Integer | | | Min: 1
Max: 65535 | |
- | [ reauth_period](## "network_ports.[].dot1x.timeout.reauth_period") | String | | | | Range 60-4294967295 or "server". |
+ | [ reauth_period](## "network_ports.[].dot1x.timeout.reauth_period") | String | | | | Value can be 60-4294967295 or 'server'. |
| [ reauth_timeout_ignore](## "network_ports.[].dot1x.timeout.reauth_timeout_ignore") | Boolean | | | | |
| [ tx_period](## "network_ports.[].dot1x.timeout.tx_period") | Integer | | | Min: 1
Max: 65535 | |
| [ reauthorization_request_limit](## "network_ports.[].dot1x.reauthorization_request_limit") | Integer | | | Min: 1
Max: 10 | |
| [ unauthorized](## "network_ports.[].dot1x.unauthorized") | Dictionary | | | | |
| [ access_vlan_membership_egress](## "network_ports.[].dot1x.unauthorized.access_vlan_membership_egress") | Boolean | | | | |
| [ native_vlan_membership_egress](## "network_ports.[].dot1x.unauthorized.native_vlan_membership_egress") | Boolean | | | | |
+ | [ eapol](## "network_ports.[].dot1x.eapol") | Dictionary | | | | |
+ | [ disabled](## "network_ports.[].dot1x.eapol.disabled") | Boolean | | | | |
+ | [ authentication_failure_fallback_mba](## "network_ports.[].dot1x.eapol.authentication_failure_fallback_mba") | Dictionary | | | | |
+ | [ enabled](## "network_ports.[].dot1x.eapol.authentication_failure_fallback_mba.enabled") | Boolean | | | | |
+ | [ timeout](## "network_ports.[].dot1x.eapol.authentication_failure_fallback_mba.timeout") | Integer | | | Min: 0
Max: 65535 | |
+ | [ aaa](## "network_ports.[].dot1x.aaa") | Dictionary | | | | |
+ | [ unresponsive](## "network_ports.[].dot1x.aaa.unresponsive") | Dictionary | | | | Configure AAA timeout options. |
+ | [ eap_response](## "network_ports.[].dot1x.aaa.unresponsive.eap_response") | String | | | Valid Values:
- success
- disabled | EAP response to send. EOS default is `success`. |
+ | [ action](## "network_ports.[].dot1x.aaa.unresponsive.action") | Dictionary | | | | Set action for supplicant when AAA times out. |
+ | [ traffic_allow_access_list](## "network_ports.[].dot1x.aaa.unresponsive.action.traffic_allow_access_list") | String | | | | Name of standard access-list to apply when AAA times out. |
+ | [ apply_cached_results](## "network_ports.[].dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean | | | | Use results from a previous AAA response. |
+ | [ cached_results_timeout](## "network_ports.[].dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary | | | | |
+ | [ time_duration](## "network_ports.[].dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer | | | Min: 1 | Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds |
+ | [ time_duration_unit](## "network_ports.[].dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required | | Valid Values:
- days
- hours
- minutes
- seconds | |
+ | [ apply_alternate](## "network_ports.[].dot1x.aaa.unresponsive.action.apply_alternate") | Boolean | | | | Apply alternate action if primary action fails.
eg. aaa unresponsive action apply cached-results else traffic allow |
+ | [ traffic_allow](## "network_ports.[].dot1x.aaa.unresponsive.action.traffic_allow") | Boolean | | | | Set action for supplicant traffic when AAA times out. |
+ | [ traffic_allow_vlan](## "network_ports.[].dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer | | | Min: 1
Max: 4094 | |
+ | [ phone_action](## "network_ports.[].dot1x.aaa.unresponsive.phone_action") | Dictionary | | | | Set action for supplicant when AAA times out. |
+ | [ apply_cached_results](## "network_ports.[].dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean | | | | Use results from a previous AAA response. |
+ | [ cached_results_timeout](## "network_ports.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary | | | | |
+ | [ time_duration](## "network_ports.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer | | | Min: 1 | Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds |
+ | [ time_duration_unit](## "network_ports.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required | | Valid Values:
- days
- hours
- minutes
- seconds | |
+ | [ apply_alternate](## "network_ports.[].dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean | | | | Apply alternate action if primary action fails.
eg. aaa unresponsive phone action apply cached-results else traffic allow |
+ | [ traffic_allow](## "network_ports.[].dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean | | | | Set action for supplicant traffic when AAA times out. |
| [ poe](## "network_ports.[].poe") | Dictionary | | | | Power Over Ethernet settings applied on port. Only configured if platform supports PoE. |
| [ disabled](## "network_ports.[].poe.disabled") | Boolean | | `False` | | Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS. |
| [ priority](## "network_ports.[].poe.priority") | String | | | Valid Values:
- critical
- high
- medium
- low | Prioritize a port's power in the event that one of the switch's power supplies loses power. |
@@ -293,11 +318,14 @@
enabled:
always:
host_mode_common:
+
+ # Operate interface in per-mac access-list mode.
+ mac_based_access_list:
timeout:
idle_host:
quiet_period:
- # Range 60-4294967295 or "server".
+ # Value can be 60-4294967295 or 'server'.
reauth_period:
reauth_timeout_ignore:
tx_period:
@@ -305,6 +333,66 @@
unauthorized:
access_vlan_membership_egress:
native_vlan_membership_egress:
+ eapol:
+ disabled:
+ authentication_failure_fallback_mba:
+ enabled:
+ timeout:
+ aaa:
+
+ # Configure AAA timeout options.
+ unresponsive:
+
+ # EAP response to send. EOS default is `success`.
+ eap_response:
+
+ # Set action for supplicant when AAA times out.
+ action:
+
+ # Name of standard access-list to apply when AAA times out.
+ traffic_allow_access_list:
+
+ # Use results from a previous AAA response.
+ apply_cached_results:
+ cached_results_timeout:
+
+ # Enable caching for a specific duration -
+ # <1-10000> duration in days
+ # <1-14400000> duration in minutes
+ # <1-240000> duration in hours
+ # <1-864000000> duration in seconds
+ time_duration: =1>
+ time_duration_unit:
+
+ # Apply alternate action if primary action fails.
+ # eg. aaa unresponsive action apply cached-results else traffic allow
+ apply_alternate:
+
+ # Set action for supplicant traffic when AAA times out.
+ traffic_allow:
+ traffic_allow_vlan:
+
+ # Set action for supplicant when AAA times out.
+ phone_action:
+
+ # Use results from a previous AAA response.
+ apply_cached_results:
+ cached_results_timeout:
+
+ # Enable caching for a specific duration -
+ # <1-10000> duration in days
+ # <1-14400000> duration in minutes
+ # <1-240000> duration in hours
+ # <1-864000000> duration in seconds
+ time_duration: =1>
+ time_duration_unit:
+
+ # Apply alternate action if primary action fails.
+ # eg. aaa unresponsive phone action apply cached-results else traffic allow
+ apply_alternate:
+
+ # Set action for supplicant traffic when AAA times out.
+ traffic_allow:
# Power Over Ethernet settings applied on port. Only configured if platform supports PoE.
poe:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/port-profiles.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/port-profiles.md
index 05fa92ee043..8a6b1640b58 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/port-profiles.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/port-profiles.md
@@ -57,16 +57,41 @@
| [ enabled](## "port_profiles.[].dot1x.mac_based_authentication.enabled") | Boolean | | | | |
| [ always](## "port_profiles.[].dot1x.mac_based_authentication.always") | Boolean | | | | |
| [ host_mode_common](## "port_profiles.[].dot1x.mac_based_authentication.host_mode_common") | Boolean | | | | |
+ | [ mac_based_access_list](## "port_profiles.[].dot1x.mac_based_access_list") | Boolean | | | | Operate interface in per-mac access-list mode. |
| [ timeout](## "port_profiles.[].dot1x.timeout") | Dictionary | | | | |
| [ idle_host](## "port_profiles.[].dot1x.timeout.idle_host") | Integer | | | Min: 10
Max: 65535 | |
| [ quiet_period](## "port_profiles.[].dot1x.timeout.quiet_period") | Integer | | | Min: 1
Max: 65535 | |
- | [ reauth_period](## "port_profiles.[].dot1x.timeout.reauth_period") | String | | | | Range 60-4294967295 or "server". |
+ | [ reauth_period](## "port_profiles.[].dot1x.timeout.reauth_period") | String | | | | Value can be 60-4294967295 or 'server'. |
| [ reauth_timeout_ignore](## "port_profiles.[].dot1x.timeout.reauth_timeout_ignore") | Boolean | | | | |
| [ tx_period](## "port_profiles.[].dot1x.timeout.tx_period") | Integer | | | Min: 1
Max: 65535 | |
| [ reauthorization_request_limit](## "port_profiles.[].dot1x.reauthorization_request_limit") | Integer | | | Min: 1
Max: 10 | |
| [ unauthorized](## "port_profiles.[].dot1x.unauthorized") | Dictionary | | | | |
| [ access_vlan_membership_egress](## "port_profiles.[].dot1x.unauthorized.access_vlan_membership_egress") | Boolean | | | | |
| [ native_vlan_membership_egress](## "port_profiles.[].dot1x.unauthorized.native_vlan_membership_egress") | Boolean | | | | |
+ | [ eapol](## "port_profiles.[].dot1x.eapol") | Dictionary | | | | |
+ | [ disabled](## "port_profiles.[].dot1x.eapol.disabled") | Boolean | | | | |
+ | [ authentication_failure_fallback_mba](## "port_profiles.[].dot1x.eapol.authentication_failure_fallback_mba") | Dictionary | | | | |
+ | [ enabled](## "port_profiles.[].dot1x.eapol.authentication_failure_fallback_mba.enabled") | Boolean | | | | |
+ | [ timeout](## "port_profiles.[].dot1x.eapol.authentication_failure_fallback_mba.timeout") | Integer | | | Min: 0
Max: 65535 | |
+ | [ aaa](## "port_profiles.[].dot1x.aaa") | Dictionary | | | | |
+ | [ unresponsive](## "port_profiles.[].dot1x.aaa.unresponsive") | Dictionary | | | | Configure AAA timeout options. |
+ | [ eap_response](## "port_profiles.[].dot1x.aaa.unresponsive.eap_response") | String | | | Valid Values:
- success
- disabled | EAP response to send. EOS default is `success`. |
+ | [ action](## "port_profiles.[].dot1x.aaa.unresponsive.action") | Dictionary | | | | Set action for supplicant when AAA times out. |
+ | [ traffic_allow_access_list](## "port_profiles.[].dot1x.aaa.unresponsive.action.traffic_allow_access_list") | String | | | | Name of standard access-list to apply when AAA times out. |
+ | [ apply_cached_results](## "port_profiles.[].dot1x.aaa.unresponsive.action.apply_cached_results") | Boolean | | | | Use results from a previous AAA response. |
+ | [ cached_results_timeout](## "port_profiles.[].dot1x.aaa.unresponsive.action.cached_results_timeout") | Dictionary | | | | |
+ | [ time_duration](## "port_profiles.[].dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration") | Integer | | | Min: 1 | Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds |
+ | [ time_duration_unit](## "port_profiles.[].dot1x.aaa.unresponsive.action.cached_results_timeout.time_duration_unit") | String | Required | | Valid Values:
- days
- hours
- minutes
- seconds | |
+ | [ apply_alternate](## "port_profiles.[].dot1x.aaa.unresponsive.action.apply_alternate") | Boolean | | | | Apply alternate action if primary action fails.
eg. aaa unresponsive action apply cached-results else traffic allow |
+ | [ traffic_allow](## "port_profiles.[].dot1x.aaa.unresponsive.action.traffic_allow") | Boolean | | | | Set action for supplicant traffic when AAA times out. |
+ | [ traffic_allow_vlan](## "port_profiles.[].dot1x.aaa.unresponsive.action.traffic_allow_vlan") | Integer | | | Min: 1
Max: 4094 | |
+ | [ phone_action](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action") | Dictionary | | | | Set action for supplicant when AAA times out. |
+ | [ apply_cached_results](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action.apply_cached_results") | Boolean | | | | Use results from a previous AAA response. |
+ | [ cached_results_timeout](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout") | Dictionary | | | | |
+ | [ time_duration](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration") | Integer | | | Min: 1 | Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds |
+ | [ time_duration_unit](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action.cached_results_timeout.time_duration_unit") | String | Required | | Valid Values:
- days
- hours
- minutes
- seconds | |
+ | [ apply_alternate](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action.apply_alternate") | Boolean | | | | Apply alternate action if primary action fails.
eg. aaa unresponsive phone action apply cached-results else traffic allow |
+ | [ traffic_allow](## "port_profiles.[].dot1x.aaa.unresponsive.phone_action.traffic_allow") | Boolean | | | | Set action for supplicant traffic when AAA times out. |
| [ poe](## "port_profiles.[].poe") | Dictionary | | | | Power Over Ethernet settings applied on port. Only configured if platform supports PoE. |
| [ disabled](## "port_profiles.[].poe.disabled") | Boolean | | `False` | | Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS. |
| [ priority](## "port_profiles.[].poe.priority") | String | | | Valid Values:
- critical
- high
- medium
- low | Prioritize a port's power in the event that one of the switch's power supplies loses power. |
@@ -275,11 +300,14 @@
enabled:
always:
host_mode_common:
+
+ # Operate interface in per-mac access-list mode.
+ mac_based_access_list:
timeout:
idle_host:
quiet_period:
- # Range 60-4294967295 or "server".
+ # Value can be 60-4294967295 or 'server'.
reauth_period:
reauth_timeout_ignore:
tx_period:
@@ -287,6 +315,66 @@
unauthorized:
access_vlan_membership_egress:
native_vlan_membership_egress:
+ eapol:
+ disabled:
+ authentication_failure_fallback_mba:
+ enabled:
+ timeout:
+ aaa:
+
+ # Configure AAA timeout options.
+ unresponsive:
+
+ # EAP response to send. EOS default is `success`.
+ eap_response:
+
+ # Set action for supplicant when AAA times out.
+ action:
+
+ # Name of standard access-list to apply when AAA times out.
+ traffic_allow_access_list:
+
+ # Use results from a previous AAA response.
+ apply_cached_results:
+ cached_results_timeout:
+
+ # Enable caching for a specific duration -
+ # <1-10000> duration in days
+ # <1-14400000> duration in minutes
+ # <1-240000> duration in hours
+ # <1-864000000> duration in seconds
+ time_duration: =1>
+ time_duration_unit:
+
+ # Apply alternate action if primary action fails.
+ # eg. aaa unresponsive action apply cached-results else traffic allow
+ apply_alternate:
+
+ # Set action for supplicant traffic when AAA times out.
+ traffic_allow:
+ traffic_allow_vlan:
+
+ # Set action for supplicant when AAA times out.
+ phone_action:
+
+ # Use results from a previous AAA response.
+ apply_cached_results:
+ cached_results_timeout:
+
+ # Enable caching for a specific duration -
+ # <1-10000> duration in days
+ # <1-14400000> duration in minutes
+ # <1-240000> duration in hours
+ # <1-864000000> duration in seconds
+ time_duration: =1>
+ time_duration_unit:
+
+ # Apply alternate action if primary action fails.
+ # eg. aaa unresponsive phone action apply cached-results else traffic allow
+ apply_alternate:
+
+ # Set action for supplicant traffic when AAA times out.
+ traffic_allow:
# Power Over Ethernet settings applied on port. Only configured if platform supports PoE.
poe:
diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
index 940d979aa6c..e0b5760c17b 100644
--- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
+++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml
@@ -3070,6 +3070,7 @@ keys:
default: both
dot1x:
type: dict
+ description: 802.1x
keys:
port_control:
type: str
diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
index 4d74f1d6c82..6073a23fd50 100644
--- a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
+++ b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/ethernet_interfaces.schema.yml
@@ -965,6 +965,7 @@ keys:
default: "both"
dot1x:
type: dict
+ description: 802.1x
keys:
port_control:
type: str
diff --git a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
index aebad72bb98..54e7848343d 100644
--- a/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
+++ b/python-avd/pyavd/_eos_designs/schema/eos_designs.schema.yml
@@ -5247,99 +5247,7 @@ $defs:
'
dot1x:
type: dict
- description: 802.1x
- keys:
- port_control:
- type: str
- valid_values:
- - auto
- - force-authorized
- - force-unauthorized
- port_control_force_authorized_phone:
- type: bool
- reauthentication:
- type: bool
- pae:
- type: dict
- keys:
- mode:
- type: str
- valid_values:
- - authenticator
- authentication_failure:
- type: dict
- keys:
- action:
- type: str
- valid_values:
- - allow
- - drop
- allow_vlan:
- type: int
- convert_types:
- - str
- min: 1
- max: 4094
- host_mode:
- type: dict
- keys:
- mode:
- type: str
- valid_values:
- - multi-host
- - single-host
- multi_host_authenticated:
- type: bool
- mac_based_authentication:
- type: dict
- keys:
- enabled:
- type: bool
- always:
- type: bool
- host_mode_common:
- type: bool
- timeout:
- type: dict
- keys:
- idle_host:
- type: int
- convert_types:
- - str
- min: 10
- max: 65535
- quiet_period:
- type: int
- convert_types:
- - str
- min: 1
- max: 65535
- reauth_period:
- type: str
- convert_types:
- - int
- description: Range 60-4294967295 or "server".
- reauth_timeout_ignore:
- type: bool
- tx_period:
- type: int
- convert_types:
- - str
- min: 1
- max: 65535
- reauthorization_request_limit:
- type: int
- convert_types:
- - str
- min: 1
- max: 10
- unauthorized:
- type: dict
- keys:
- access_vlan_membership_egress:
- type: bool
- native_vlan_membership_egress:
- type: bool
+ $ref: eos_cli_config_gen#/keys/ethernet_interfaces/items/keys/dot1x
poe:
$ref: eos_cli_config_gen#/keys/ethernet_interfaces/items/keys/poe
type: dict
diff --git a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_adapter_config.schema.yml b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_adapter_config.schema.yml
index 7e1283564a5..9eb5ef43d0c 100644
--- a/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_adapter_config.schema.yml
+++ b/python-avd/pyavd/_eos_designs/schema/schema_fragments/defs_adapter_config.schema.yml
@@ -174,99 +174,7 @@ $defs:
Optional if default link_tracking settings are configured on the node.
dot1x:
type: dict
- description: 802.1x
- keys:
- port_control:
- type: str
- valid_values:
- - "auto"
- - "force-authorized"
- - "force-unauthorized"
- port_control_force_authorized_phone:
- type: bool
- reauthentication:
- type: bool
- pae:
- type: dict
- keys:
- mode:
- type: str
- valid_values:
- - "authenticator"
- authentication_failure:
- type: dict
- keys:
- action:
- type: str
- valid_values:
- - "allow"
- - "drop"
- allow_vlan:
- type: int
- convert_types:
- - str
- min: 1
- max: 4094
- host_mode:
- type: dict
- keys:
- mode:
- type: str
- valid_values:
- - "multi-host"
- - "single-host"
- multi_host_authenticated:
- type: bool
- mac_based_authentication:
- type: dict
- keys:
- enabled:
- type: bool
- always:
- type: bool
- host_mode_common:
- type: bool
- timeout:
- type: dict
- keys:
- idle_host:
- type: int
- convert_types:
- - str
- min: 10
- max: 65535
- quiet_period:
- type: int
- convert_types:
- - str
- min: 1
- max: 65535
- reauth_period:
- type: str
- convert_types:
- - int
- description: Range 60-4294967295 or "server".
- reauth_timeout_ignore:
- type: bool
- tx_period:
- type: int
- convert_types:
- - str
- min: 1
- max: 65535
- reauthorization_request_limit:
- type: int
- convert_types:
- - str
- min: 1
- max: 10
- unauthorized:
- type: dict
- keys:
- access_vlan_membership_egress:
- type: bool
- native_vlan_membership_egress:
- type: bool
+ $ref: eos_cli_config_gen#/keys/ethernet_interfaces/items/keys/dot1x
poe:
$ref: eos_cli_config_gen#/keys/ethernet_interfaces/items/keys/poe
type: dict