Product Documentation

aaa radiusParams

Sep 12, 2016

The following operations can be performed on "aaa radiusParams":

set aaa radiusParams

Modifies the global configuration settings for the RADIUS server. The settings that you specify are used for all SSL-VPN virtual servers unless you use authentication policies to create a configuration for a specific SSL-VPN virtual server.

Synopsys

set aaa radiusParams [-serverIP <ip_addr|ipv6_addr|*>] [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer>] [-pwdAttributeType <positive_integer>] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )] [-authservRetry <positive_integer>]

Arguments

serverIP

IP address of your RADIUS server.

serverPort

Port number on which the RADIUS server listens for connections.

Default value: 1812

Minimum value: 1

authTimeout

Maximum number of seconds that the NetScaler appliance waits for a response from the RADIUS server.

Default value: 3

Minimum value: 1

radKey

The key shared between the RADIUS server and clients.

Required for allowing the NetScaler appliance to communicate with the RADIUS server.

radNASip

Send the NetScaler IP (NSIP) address to the RADIUS server as the Network Access Server IP (NASIP) part of the Radius protocol.

Possible values: ENABLED, DISABLED

radNASid

Send the Network Access Server ID (NASID) for your NetScaler appliance to the RADIUS server as the nasid part of the Radius protocol.

radVendorID

Vendor ID for RADIUS group extraction.

Minimum value: 1

radAttributeType

Attribute type for RADIUS group extraction.

Minimum value: 1

radGroupsPrefix

Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator

Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding

Enable password encoding in RADIUS packets that the NetScaler appliance sends to the RADIUS server.

Possible values: pap, chap, mschapv1, mschapv2

Default value: pap

ipVendorID

Vendor ID attribute in the RADIUS response.

If the attribute is not vendor-encoded, it is set to 0.

Minimum value: 0

ipAttributeType

IP attribute type in the RADIUS response.

Minimum value: 1

accounting

Configure the RADIUS server state to accept or refuse accounting messages.

Possible values: ON, OFF

pwdVendorID

Vendor ID of the password in the RADIUS response. Used to extract the user password.

Minimum value: 1

pwdAttributeType

Attribute type of the Vendor ID in the RADIUS response.

Minimum value: 1

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Maximum value: 64

callingstationid

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Possible values: ENABLED, DISABLED

Default value: DISABLED

authservRetry

Number of retry by the NetScaler appliance before getting response from the RADIUS server.

Default value: 3

Minimum value: 1

Maximum value: 10

Example

To configure the default RADIUS parameters: set aaa radiusparams -serverip 192.30.1.2  -radkey sslvpn

unset aaa radiusParams

Use this command to remove aaa radiusParams settings.Refer to the set aaa radiusParams command for meanings of the arguments.

Synopsys

unset aaa radiusParams [-serverIP] [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid] [-authservRetry]

show aaa radiusParams

Displays the current RADIUS configuration on the NetScaler appliance.

Synopsys

show aaa radiusParams

Outputs

serverIP

IP address of your RADIUS server.

serverPort

Port number on which the RADIUS server listens for connections.

radKey

The key shared between the RADIUS server and clients.

Required for allowing the NetScaler appliance to communicate with the RADIUS server.

groupAuthName

To associate AAA users with an AAA group, use the command

"bind AAA group ... -username ...".

You can bind different policies to each AAA group. Use the command

"bind AAA group ... -policy ..."

authTimeout

Maximum number of seconds that the NetScaler appliance waits for a response from the RADIUS server.

radNASip

The option to send the NetScaler's IP address (NSIP) as the "nasip" (Network Access Server IP) part of the Radius protocol to the server.

radNASid

The nasid (Network Access Server ID). If configured, this string will be sent to the RADIUS server as the "nasid" as part of the Radius protocol.

IPAddress

IP Address.

radVendorID

Vendor ID for RADIUS group extraction.

radAttributeType

Attribute type for RADIUS group extraction.

radGroupsPrefix

Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator

Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding

Enable password encoding in RADIUS packets that the NetScaler appliance sends to the RADIUS server.

ipVendorID

Vendor ID attribute in the RADIUS response.

If the attribute is not vendor-encoded, it is set to 0.

ipAttributeType

IP attribute type in the RADIUS response.

accounting

The state of the Radius server that will receive accounting messages.

pwdVendorID

Vendor ID of the password in the RADIUS response. Used to extract the user password.

pwdAttributeType

Attribute type of the Vendor ID in the RADIUS response.

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

authservRetry

Number of retry by the NetScaler appliance before getting response from the RADIUS server.

builtin

Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

Example

> show aaa radiusparams Configured RADIUS parameters         Server IP: 127.0.0.2      Port: 1812         key: secret     Timeout: 10  Done >