Product documentation
Adaptive Authentication service
View PDF

Sample RADIUS load balancing configuration

September 6, 2025
Contributed by: 
C

The Citrix Adaptive Authentication instance provides RADIUS support using a load balancing virtual server.

Note:

  • If you are not using load balancing for RADIUS, avoid creating a service or a server for a RADIUS server as this might break the Adaptive Authentication tunnel.
  • If you are using load balancing for RADIUS, create a service group and bind your RADIUS servers to it.
  • When using load balancing virtual server for authentication, ensure that you add the load balancing virtual server IP address instead of the actual RADIUS server IP address in the RADIUS action.
  • By default, a ping monitor is bound to the service that you create. On the Adaptive Authentication NetScaler® instances, the service will not come up using ping monitors. You need to create RADIUS monitors and bind it to the service group that you have created.
  • For monitoring, it is recommended that you use custom monitors.
  • Ping monitors are not supported, you must create RADIUS monitors.

Prerequisites

Private IP address (RFC1918 address) of the load balancing virtual server. It can be a dummy IP address as this address is used for internal configuration.

Load balancing RADIUS servers

For load balancing RADIUS servers, create a service group and bind it to the load balancing virtual server. Do not create a service for load balancing RADIUS servers.

Configure RADIUS by using the NetScaler CLI

You can use the following CLI commands as a reference to configure RADIUS.

  1. add serviceGroup <serviceGroupName> <serviceType>
  2. bind servicegroup <serviceGroupName> (<IP> | <serverName>) <port>
  3. add lb vserver <name> <serviceType> <ip> <port>
  4. bind lb vserver <name> <serviceGroupName>
  5. add authentication radiusAction <name> {-serverIP} <ip_addr> | {-serverName <string>}} <lb vserver ip>
  6. add authentication policy <radius_policy_name> -rule <expression> -action <string>
  7. bind authentication vserver auth_vs -policy <radius_policy_name> -priority <radius_policy_priority> -gotoPriorityExpression NEXT

Configure RADIUS by using the NetScaler GUI

  1. Navigate to Traffic Management > Load Balancing and then click Virtual Servers.
  2. Create a virtual server of type RADIUS.
  3. Navigate to Traffic Management > Load Balancing and then click Service Groups.
  4. Create a service group of type RADIUS.
  5. Bind the service group to the virtual server that you have created in step 1.

For details on the procedures, see Set up basic load balancing.

Create custom monitors by using the NetScaler GUI

  1. Navigate to Traffic Management > Load Balancing > Monitors.
  2. Create a monitor of type RADIUS. Ensure that you set the monitor probe interval to 15 seconds and the response timeout to 10 sec.
  3. Bind this monitor to your service group.

For more details, see Custom monitors.

Sample RADIUS load balancing configuration
September 6, 2025
Contributed by: 
C
September 6, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.