diff --git a/Kconfig b/Kconfig
index 8994be3b5dd5b98bdffd3b2d7759aac173d05b38..21f6a2a995209e2c56fa98ac195ea33c9906bfd7 100644
--- a/Kconfig
+++ b/Kconfig
@@ -1241,3 +1241,49 @@ endmenu
 source Kconfig_vlans.in
 
 
+config RVLAN_DAEMON
+	bool "Run the 'radius-vlan' authorization daemon"
+	help
+	  If the program runs, it implements a subset of 802.1X
+
+config RVLAN_PMASK
+	string "A port mask, as hex number, to be monitored by radiusvlan"
+	default "ffffffff"
+	help
+	  The string must be a number, with or without leading 0x.
+	  Port "wri1" is selected by bit 0 and so on until bit 17.
+	  The mask is used to disable monitoring on some ports.
+	  All ports not configured as 'access' are never monitored,
+	  irrespective of this mask.
+
+config RVLAN_AUTH_VLAN
+	int "Default vlan to be used for ports during radius authorization"
+	range 1 4094
+	default 4094
+
+config RVLAN_NOAUTH_VLAN
+	int "Vlan to be used for ports whose authorization is denied"
+	range 1 4094
+	default 4094
+
+config RVLAN_OBEY_DOTCONFIG
+	bool "When auth is ok, ignore radius' vlan and obey dot-cofig instead"
+	default N
+	help
+	  In some installations the radius server os only used to allow/deny
+	  a port to be configured in the WR network.  When this happens,
+	  the vlan number it returns must be ignored, and we obey what
+	  is configured in dot-config instead (e.g. CONFIG_VLANS_PORT03_VID)
+
+config RVLAN_RADIUS_SERVERS
+	string "IP Address(es) of the radius server(s)"
+	default "192.168.16.181,192.168.16.182"
+	help
+	  This is an IPV4 address or a list of them.
+	  e.g. "192.168.16.181,192.168.16.182"
+
+config RVLAN_RADIUS_SECRET
+	string "The shared secret to encrypt radius queries"
+	default "our-secret"
+	help
+	  The secret string used by radclient as called by radiusvlan