Configuring IP Address Extraction
You can configure NetScaler Gateway to extract the IP address from a RADIUS server. When a user authenticates with the RADIUS server, the server returns a framed IP address (also called RADIUS Attribute 8 Framed-IP-Address in Access Requests) that is assigned to the user. The following are components for IP address extraction:
- Allows a remote RADIUS server to supply an IP address from the internal network for a user logged on to NetScaler Gateway.
- Allows configuration for any RADIUS attribute using the type ipaddress, including attributes that are vendor encoded.
When configuring the RADIUS server for IP address extraction, you configure the vendor identifier and the attribute type. The vendor ID and attributes are used to make the association between the RADIUS client and the RADIUS server.
- The vendor identifier (ID) enables the RADIUS server to assign an IP address to the client from a pool of IP addresses that are configured on the RADIUS server. The vendor ID is the attribute in the RADIUS response that provides the IP address of the internal network. A value of zero indicates that the attribute is not vendor encoded
- The attribute type is the remote IP address attribute in a RADIUS response. The minimum value is 1 and the maximum value is 255.
A common configuration is to extract the RADIUS attribute framed IP address. The vendor ID is set to 0 or is not specified. The attribute type is set to 8.
To configure IP address extraction from a RADIUS server:
- In the configuration utility, on the Configuration tab, expand NetScaler Gateway > Policies > Authentication.
- Click RADIUS, and then in the details pane, on the Policies tab, select a RADIUS policy and then click Open.
- In the Configure Authentication Policy dialog box, next to Server, click Modify.
- Under Details, in Group Vendor Identifier, type the value.
- In Group Attribute Type, type the value and then click OK twice.