summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-04-23 13:02:27 +0200
committerChristian Poessinger <christian@poessinger.com>2019-04-23 13:02:27 +0200
commit69a1f61badf11f8324468c3caee033d779c3811d (patch)
tree0d9b0845bc75f347db6869a9421ba56100dd1954
parentc0a077b7456bb6a3d43f4b0e2a748d93607be40e (diff)
downloadvyos-documentation-69a1f61badf11f8324468c3caee033d779c3811d.tar.gz
vyos-documentation-69a1f61badf11f8324468c3caee033d779c3811d.zip
Login: specify RADIUS source address
-rw-r--r--docs/system/system-users.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/system/system-users.rst b/docs/system/system-users.rst
index 67786f20..acffb974 100644
--- a/docs/system/system-users.rst
+++ b/docs/system/system-users.rst
@@ -95,3 +95,16 @@ This configuration results in:
radius-server 192.168.1.3 {
secret s3cr3t0816
}
+
+Source Address
+**************
+
+RADIUS servers could be hardened by only allowing certain IP addresses to connect.
+As of this the source address of each RADIUS query can be configured. If this is
+not set incoming connections to the RADIUS server will use the nearest interface
+address pointing towards the RADIUS server - making it error prone on e.g. OSPF
+networks when a link fails.
+
+.. code-block:: sh
+
+ set system login radius-source-address 192.168.1.254