Product Documentation

authentication radiusAction

Sep 12, 2016

The following operations can be performed on "authentication radiusAction":

add | rm | set | unset | show

add authentication radiusAction

Creates an action (profile) for a RADIUS server. The profile contains all configuration data necessary to communicate with that RADIUS server.

Synopsys

add authentication radiusAction <name> {-serverIP <ip_addr|ipv6_addr|*> | {-serverName <string>}} [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer> [-pwdAttributeType <positive_integer>]] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )] [-authservRetry <positive_integer>]

Arguments

name

Name for the RADIUS action.

Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the RADIUS action is added.

serverIP

IP address assigned to the RADIUS server.

serverName

RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverPort

Port number on which the RADIUS server listens for connections.

Minimum value: 1

authTimeout

Number of seconds the NetScaler appliance waits for a response from the RADIUS server.

Default value: 3

Minimum value: 1

radKey

Key shared between the RADIUS server and the NetScaler appliance.

Required to allow the NetScaler appliance to communicate with the RADIUS server.

radNASip

If enabled, the NetScaler appliance IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.

The RADIUS protocol defines the meaning and use of the NASIP address.

Possible values: ENABLED, DISABLED

radNASid

If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radVendorID

RADIUS vendor ID attribute, used for RADIUS group extraction.

Minimum value: 1

radAttributeType

RADIUS attribute type, used for RADIUS group extraction.

Minimum value: 1

radGroupsPrefix

RADIUS groups prefix string.

This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator

RADIUS group separator string

The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding

Encoding type for passwords in RADIUS packets that the NetScaler appliance sends to the RADIUS server.

Possible values: pap, chap, mschapv1, mschapv2

Default value: pap

ipVendorID

Vendor ID of the intranet IP attribute in the RADIUS response.

NOTE: A value of 0 indicates that the attribute is not vendor encoded.

Minimum value: 0

ipAttributeType

Remote IP address attribute type in a RADIUS response.

Minimum value: 1

accounting

Whether the RADIUS server is currently accepting accounting messages.

Possible values: ON, OFF

pwdVendorID

Vendor ID of the attribute, in the RADIUS response, used to extract the user password.

Minimum value: 1

pwdAttributeType

Vendor-specific password attribute type in a RADIUS response.

Minimum value: 1

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Possible values: ENABLED, DISABLED

Default value: DISABLED

authservRetry

Number of retry by the NetScaler appliance before getting response from the RADIUS server.

Default value: 3

Minimum value: 1

Maximum value: 10

rm authentication radiusAction

Removes a RADIUS profile (action). An action cannot be removed as long as it is bound to a policy.

Synopsys

rm authentication radiusAction <name>

Arguments

name

Name of the action to be removed.

set authentication radiusAction

Configures a RADIUS server profile (action). The profile contains all configuration data needed to communicate with that RADIUS server.

Synopsys

set authentication radiusAction <name> [-serverIP <ip_addr|ipv6_addr|*>] [-serverName <string>] [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer>] [-pwdAttributeType <positive_integer>] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )] [-authservRetry <positive_integer>]

Arguments

name

Name of the RADIUS profile.

serverIP

IP address assigned to the RADIUS server.

serverName

RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverPort

Port number on which the RADIUS server listens for connections.

Minimum value: 1

authTimeout

Number of seconds the NetScaler appliance waits for a response from the RADIUS server.

Default value: 3

Minimum value: 1

radKey

Key shared between the RADIUS server and the NetScaler appliance.

Required to allow the NetScaler appliance to communicate with the RADIUS server.

radNASip

If enabled, the NetScaler appliance IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.

The RADIUS protocol defines the meaning and use of the NASIP address.

Possible values: ENABLED, DISABLED

radNASid

If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radVendorID

RADIUS vendor ID attribute, used for RADIUS group extraction.

Minimum value: 1

radAttributeType

RADIUS attribute type, used for RADIUS group extraction.

Minimum value: 1

radGroupsPrefix

RADIUS groups prefix string.

This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator

RADIUS group separator string

The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding

Encoding type for passwords in RADIUS packets that the NetScaler appliance sends to the RADIUS server.

Possible values: pap, chap, mschapv1, mschapv2

Default value: pap

ipVendorID

Vendor ID of the intranet IP attribute in the RADIUS response.

NOTE: A value of 0 indicates that the attribute is not vendor encoded.

Minimum value: 0

ipAttributeType

Remote IP address attribute type in a RADIUS response.

Minimum value: 1

accounting

Whether the RADIUS server is currently accepting accounting messages.

Possible values: ON, OFF

pwdVendorID

Vendor ID of the attribute, in the RADIUS response, used to extract the user password.

Minimum value: 1

pwdAttributeType

Vendor-specific password attribute type in a RADIUS response.

Minimum value: 1

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Possible values: ENABLED, DISABLED

Default value: DISABLED

authservRetry

Number of retry by the NetScaler appliance before getting response from the RADIUS server.

Default value: 3

Minimum value: 1

Maximum value: 10

unset authentication radiusAction

Use this command to remove authentication radiusAction settings.Refer to the set authentication radiusAction command for meanings of the arguments.

Synopsys

unset authentication radiusAction <name> [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid] [-authservRetry]

show authentication radiusAction

Displays the current configuration settings for the specified RADIUS profile (action).

Synopsys

show authentication radiusAction [<name>]

Arguments

name

Name of the RADIUS profile.

Outputs

serverIP

IP address assigned to the RADIUS server.

serverName

RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverPort

Port number on which the RADIUS server listens for connections.

authTimeout

Number of seconds the NetScaler appliance waits for a response from the RADIUS server.

radKey

Key shared between the RADIUS server and the NetScaler appliance.

Required to allow the NetScaler appliance to communicate with the RADIUS server.

radNASip

If enabled, the NetScaler appliance IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.

The RADIUS protocol defines the meaning and use of the NASIP address.

IPAddress

IP address.

radNASid

If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radVendorID

RADIUS vendor ID attribute, used for RADIUS group extraction.

radAttributeType

RADIUS attribute type, used for RADIUS group extraction.

radGroupsPrefix

RADIUS groups prefix string.

This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator

RADIUS group separator string

The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding

Encoding type for passwords in RADIUS packets that the NetScaler appliance sends to the RADIUS server.

ipVendorID

Vendor ID of the intranet IP attribute in the RADIUS response.

NOTE: A value of 0 indicates that the attribute is not vendor encoded.

ipAttributeType

Remote IP address attribute type in a RADIUS response.

accounting

Whether the RADIUS server is currently accepting accounting messages.

Success

Failure

stateflag

pwdVendorID

Vendor ID of the attribute, in the RADIUS response, used to extract the user password.

pwdAttributeType

Vendor-specific password attribute type in a RADIUS response.

defaultAuthenticationGroup

This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid

Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

authservRetry

Number of retry by the NetScaler appliance before getting response from the RADIUS server.

devno

count