Product Documentation

Configuring a Traffic Management Virtual Server

Aug 19, 2014
After you have created and configured your authentication virtual server, you next create or configure a traffic management virtual server and associate your authentication virtual sever with it. You can use either a load balancing or content switching virtual server for a traffic management virtual server. For more information about creating and configuring either type of virtual server, see the Citrix NetScaler Traffic Management Guide at Traffic Management.
Note: The FQDN of the traffic management virtual server must be in the same domain as the FQDN of the authentication virtual server for the domain session cookie to function correctly.

You configure a traffic management virtual server for AAA by enabling authentication and then assigning the FQDN of the authentication server to the traffic management virtual server. You can also configure the authentication domain on the traffic management virtual server at this time. If you do not configure this option, the NetScaler appliance assigns the traffic management virtual server an FQDN that consists of the FQDN of the authentication virtual server without the hostname portion. For example, if domain name of the authentication vserver is tm.xyz.bar.com, the appliance assigns xyz.bar.com. as the authentication domain.

To configure a TM virtual server for AAA by using the command line interface

At the command prompt, type one of the following sets of commands to configure a TM virtual server and verify the configuration:
  • set lb vserver <name> –authentication ON -authenticationhost <FQDN> [-authenticationdomain <authdomain>]
  • show lb vserver <name>
  • set cs vserver <name> –authentication ON -authenticationhost <FQDN> [-authenticationdomain <authdomain>]
  • show cs vserver <name>

Example

 
> set lb vserver vs-cont-sw -Authentication ON -AuthenticationHost mywiki.index.com 
 Done 
> show lb vserver vs-cont-sw 
        vs-cont-sw (0.0.0.0:0) - TCP    Type: ADDRESS 
        State: DOWN 
        Last state change was at Wed Aug 19 10:03:15 2009 (+410 ms) 
        Time since last state change: 5 days, 20:00:40.290 
        Effective State: DOWN 
        Client Idle Timeout: 9000 sec 
        Down state flush: ENABLED 
        Disable Primary Vserver On Down : DISABLED 
        No. of Bound Services :  0 (Total)       0 (Active) 
        Configured Method: LEASTCONNECTION 
        Mode: IP 
        Persistence: NONE 
        Connection Failover: DISABLED 
        Authentication: ON      Host: mywiki.index.com 
 Done

To configure a TM virtual server for AAA by using the configuration utility

  1. In the navigation pane, do one of the following.
    • Navigate to Traffic Management > Load Balancing > Virtual Servers.
    • Navigate to Traffic Management > Content Switching > Virtual Servers
      The AAA configuration process for either type of virtual server is identical.
    • In the details pane, select the virtual server on which you want to enable authentication, and then click Edit.
    • In the Domain text box, type the authentication domain.
    • In the Advanced menu on the right, select Authentication.
    • Choose either Form Based Authentication or 401 Based Authentication., and fill in the Authentication information.
      • For Form Based Authentication, enter the Authentication FQDN (the fully-qualified domain name of the authentication server), the Authentication VServer (the IP address of the authentication virtual server), and the Authentication Profile (the profile to use for authentication).
      • For 401 Based Authentication, enter the Authentication VServer and the Authentication Profile only.
    • Click OK. A message appears in the status bar, stating that the vserver has been configured successfully.