From 78b11eaa64102ec3654b2000c5b1bc01232d8f2a Mon Sep 17 00:00:00 2001
From: Damien <damien@arnodo.fr>
Date: Tue, 31 Mar 2026 16:01:00 +0000
Subject: [PATCH] Add FreeRADIUS container for dynamic VLAN assignment

Add a FreeRADIUS server on the management network (172.16.0.200)
with test users mapped to existing VLANs (40, 34, 78) for future
802.1X/MAB dynamic VLAN assignment on access switches.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 evpn-lab.clab.yml             |  9 +++++++++
 hosts/freeradius/authorize    | 19 +++++++++++++++++++
 hosts/freeradius/clients.conf |  5 +++++
 3 files changed, 33 insertions(+)
 create mode 100644 hosts/freeradius/authorize
 create mode 100644 hosts/freeradius/clients.conf

diff --git a/evpn-lab.clab.yml b/evpn-lab.clab.yml
index 9467cd0..add2749 100644
--- a/evpn-lab.clab.yml
+++ b/evpn-lab.clab.yml
@@ -176,6 +176,15 @@ topology:
                 - ip addr add 10.78.78.104/24 dev bond0.78
                 - ip route add 10.34.34.0/24 via 10.78.78.1
 
+        # FreeRADIUS server for dynamic VLAN assignment
+        freeradius:
+            kind: linux
+            mgmt-ipv4: 172.16.0.200
+            image: freeradius/freeradius-server:latest
+            binds:
+                - hosts/freeradius/clients.conf:/etc/raddb/clients.conf
+                - hosts/freeradius/authorize:/etc/raddb/mods-config/files/authorize
+
     links:
         # Spine1 to Leaf connections (underlay fabric)
         - endpoints: ["spine1:eth1", "leaf1:eth11"]
diff --git a/hosts/freeradius/authorize b/hosts/freeradius/authorize
new file mode 100644
index 0000000..1ed5fb3
--- /dev/null
+++ b/hosts/freeradius/authorize
@@ -0,0 +1,19 @@
+host1_user	Cleartext-Password := "host1pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "40"
+
+host2_user	Cleartext-Password := "host2pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "34"
+
+host3_user	Cleartext-Password := "host3pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "40"
+
+host4_user	Cleartext-Password := "host4pass"
+	Tunnel-Type = VLAN,
+	Tunnel-Medium-Type = IEEE-802,
+	Tunnel-Private-Group-Id = "78"
diff --git a/hosts/freeradius/clients.conf b/hosts/freeradius/clients.conf
new file mode 100644
index 0000000..90922cb
--- /dev/null
+++ b/hosts/freeradius/clients.conf
@@ -0,0 +1,5 @@
+client management_network {
+    ipaddr = 172.16.0.0/24
+    secret = arista123
+    shortname = evpn-switches
+}