Citrix ADC

RADIUS authentication using TCP or TLS

Starting from release 13.1–27.59, RADIUS authentication is supported on TCP and TLS protocols as well.

Note:

  • The Test RADIUS Reachability option is not supported for RADIUS on TCP and TLS transport types.

  • RADIUS authentication using UDP is not supported on FIPS appliances.

Configure RADIUS over TCP by using the CLI

At the command prompt type:

add authentication radiusAction <name> [-serverIP] [-serverPort ] [-transport <transport>]
<!--NeedCopy-->

Example:

add authentication radiusAction RadAction -serverIP 1.1.1.1 -radkey 123 -transport TCP
<!--NeedCopy-->

Configure RADIUS over TCP by using the GUI

  1. Navigate to Security > AAA - Application Traffic > Policies > Authentication > Advanced Policies > Actions > RADIUS.
  2. Select an existing server or create a server.

    For details on creating a server, see To configure a RADIUS server by using the GUI.

    RADIUS TCP transport

  3. In Transport, select TCP.
  4. Click Create.

Configure RADIUS over TLS by using the CLI

At the command prompt type:

add authentication radiusAction <name> [-serverIP] [-serverPort ] [-transport <transport>] [-targetLBVserver <string>]
<!--NeedCopy-->

Example

add authentication radiusAction RadAction -serverIP 1.1.1.1 -radkey 123 -transport TLS -targetLBVserver rad-lb
<!--NeedCopy-->

Note:

  • Server name is not supported for TLS transport type.
  • For the TLS transport type, configure a target load balancing virtual server of type TCP and bind a service of type SSL_TCP to this virtual server.
  • The IP address and the port number configured for RADIUS action must match the IP address and port number of the configured target load balancing virtual server.

Configure RADIUS over TLS by using the GUI

  1. Navigate to Security > AAA - Application Traffic > Policies > Authentication > Advanced Policies > Actions > Servers.
  2. Select an existing server or create a server.

    For details about creating a server, see To configure a RADIUS server by using the GUI.

    RADIUS TLS transport

  3. In Transport, select TLS.
  4. In Target Load Balancing Virtual Server, select the virtual server. For details on creating a load balancing virtual server, see Creating a virtual server.

    Note:

    • Server name is not supported for TLS transport type.
    • For the TLS transport type, configure a target load balancing virtual server of type TCP and bind a service of type SSL_TCP to this virtual server.
    • The IP address and the port number configured for RADIUS action must match the IP address and port number of the configured target load balancing virtual server.
  5. Click Create.
RADIUS authentication using TCP or TLS