openconfig-aaa-radius.yang & openconfig-aaa-tacacs.yang support for source-interface type
smitharajan opened this issue · 4 comments
Hi,
Currently these yangs support only source-adderss
leaf source-address {
type oc-inet:ip-address;
description
"Source IP address to use in messages to the TACACS server";
}
Is there a plan to support source-interface type support(like ethernet , ve , portchannel) along with source-address.
If so, when can we expect it?
Thanks,
Smitha
I'm not sure how a source interface type would be relevant. Packets that a network device needs to transmit to a TACACS or RADIUS server are forwarded based on the dest IP address of the server. So the interface they are transmitted out (and interface type) is based on the outgoing interface towards the best next hop.
Maybe you can point to an implementation of what you are referring to?
For any protocol for which we act as a client , user can provide an option to mention either source ip to use or reference to the source interface to use.
This may be because the RADIUS or TACACS server may be behind a firewall which will accept packet from a particular IP.
Since openconfig yang for TACACS and RADIUS support source-ip, i would like to know is there any plan to provide source interface.
Below is an example from openconfig-bgp-common.yang
leaf local-address {
type union {
type oc-inet:ip-address;
type string;
}
//TODO: the string should be converted to a leafref type
//to point to an interface when YANG 1.1 is available with
//leafrefs in union types.
description
"Set the local IP (either IPv4 or IPv6) address to use
for the session when sending BGP update messages. This
may be expressed as either an IP address or reference
to the name of an interface.";
}
OK - I see what you mean now.
Since it is a leafref that means that a user/client would be prevented from deleting an interface if it was being referenced by this source-address.