diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-04-23 13:02:27 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-04-23 13:02:27 +0200 |
commit | 69a1f61badf11f8324468c3caee033d779c3811d (patch) | |
tree | 0d9b0845bc75f347db6869a9421ba56100dd1954 | |
parent | c0a077b7456bb6a3d43f4b0e2a748d93607be40e (diff) | |
download | vyos-documentation-69a1f61badf11f8324468c3caee033d779c3811d.tar.gz vyos-documentation-69a1f61badf11f8324468c3caee033d779c3811d.zip |
Login: specify RADIUS source address
-rw-r--r-- | docs/system/system-users.rst | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/system/system-users.rst b/docs/system/system-users.rst index 67786f20..acffb974 100644 --- a/docs/system/system-users.rst +++ b/docs/system/system-users.rst @@ -95,3 +95,16 @@ This configuration results in: radius-server 192.168.1.3 { secret s3cr3t0816 } + +Source Address +************** + +RADIUS servers could be hardened by only allowing certain IP addresses to connect. +As of this the source address of each RADIUS query can be configured. If this is +not set incoming connections to the RADIUS server will use the nearest interface +address pointing towards the RADIUS server - making it error prone on e.g. OSPF +networks when a link fails. + +.. code-block:: sh + + set system login radius-source-address 192.168.1.254 |