Add FreeRADIUS container for dynamic VLAN assignment

Add a FreeRADIUS server on the management network (172.16.0.200)
with test users mapped to existing VLANs (40, 34, 78) for future
802.1X/MAB dynamic VLAN assignment on access switches.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

evpn-lab.clab.yml

@@ -176,6 +176,15 @@ topology:
                 - ip addr add 10.78.78.104/24 dev bond0.78
                 - ip route add 10.34.34.0/24 via 10.78.78.1
 
+        # FreeRADIUS server for dynamic VLAN assignment
+        freeradius:
+            kind: linux
+            mgmt-ipv4: 172.16.0.200
+            image: freeradius/freeradius-server:latest
+            binds:
+                - hosts/freeradius/clients.conf:/etc/raddb/clients.conf
+                - hosts/freeradius/authorize:/etc/raddb/mods-config/files/authorize
+
     links:
         # Spine1 to Leaf connections (underlay fabric)
         - endpoints: ["spine1:eth1", "leaf1:eth11"]

hosts/freeradius/authorize

@@ -0,0 +1,19 @@
+host1_user	Cleartext-Password := "host1pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "40"
+
+host2_user	Cleartext-Password := "host2pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "34"
+
+host3_user	Cleartext-Password := "host3pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "40"
+
+host4_user	Cleartext-Password := "host4pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "78"

hosts/freeradius/clients.conf

@@ -0,0 +1,5 @@
+client management_network {
+    ipaddr = 172.16.0.0/24
+    secret = arista123
+    shortname = evpn-switches
+}