ADC CLI Commands

aaa-radiusParams

The following operations can be performed on “aaa-radiusParams”:

show unset set

show aaa radiusParams

Displays the current RADIUS configuration on the Citrix ADC.

Synopsis

show aaa radiusParams

Arguments

Output

serverIP IP address of your RADIUS server.

serverPort Port number on which the RADIUS server listens for connections.

radKey The key shared between the RADIUS server and clients. Required for allowing the Citrix ADC to communicate with the RADIUS server.

groupAuthName To associate AAA users with an AAA group, use the command

"bind AAA group ... -username ...".

You can bind different policies to each AAA group. Use the command

"bind AAA group ... -policy ..."

authTimeout Maximum number of seconds that the Citrix ADC waits for a response from the RADIUS server.

radNASip The option to send the Citrix ADC’s IP address (NSIP) as the “nasip” (Network Access Server IP) part of the Radius protocol to the server.

radNASid The nasid (Network Access Server ID). If configured, this string will be sent to the RADIUS server as the “nasid” as part of the Radius protocol.

IPAddress IP Address.

radVendorID Vendor ID for RADIUS group extraction.

radAttributeType Attribute type for RADIUS group extraction.

radGroupsPrefix Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding Enable password encoding in RADIUS packets that the Citrix ADC sends to the RADIUS server.

ipVendorID Vendor ID attribute in the RADIUS response. If the attribute is not vendor-encoded, it is set to 0.

ipAttributeType IP attribute type in the RADIUS response.

accounting The state of the Radius server that will receive accounting messages.

pwdVendorID Vendor ID of the password in the RADIUS response. Used to extract the user password.

pwdAttributeType Attribute type of the Vendor ID in the RADIUS response.

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

authservRetry Number of retry by the Citrix ADC before getting response from the RADIUS server.

authentication Configure the RADIUS server state to accept or refuse authentication messages.

tunnelEndpointClientIP Send Tunnel Endpoint Client IP address to the RADIUS server.

builtin Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature The feature to be checked while applying this config

Example

show aaa radiusparams Configured RADIUS parameters Server IP: 127.0.0.2 Port: 1812 key: secret Timeout: 10 Done

unset aaa radiusParams

Use this command to remove aaa radiusParams settings.Refer to the set aaa radiusParams command for meanings of the arguments.

Synopsis

unset aaa radiusParams [-serverIP] [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid] [-authservRetry] [-authentication] [-tunnelEndpointClientIP]

set aaa radiusParams

Modifies the global configuration settings for the RADIUS server. The settings that you specify are used for all SSL-VPN virtual servers unless you use authentication policies to create a configuration for a specific SSL-VPN virtual server.

Synopsis

set aaa radiusParams [-serverIP <ip_addr ipv6_addr *>] [-serverPort ] \[-authTimeout <positive\_integer>] {-radKey } \[-radNASip \( ENABLED DISABLED )] [-radNASid ] \[-radVendorID <positive\_integer>] \[-radAttributeType <positive\_integer>] \[-radGroupsPrefix ] \[-radGroupSeparator ] \[-passEncoding ] \[-ipVendorID <positive\_integer>] \[-ipAttributeType <positive\_integer>] \[-accounting \( ON OFF )] [-pwdVendorID ] [-pwdAttributeType ] [-defaultAuthenticationGroup ] \[-callingstationid \( ENABLED DISABLED )] [-authservRetry ] [-authentication ( ON OFF )] [-tunnelEndpointClientIP ( ENABLED DISABLED )]

Arguments

serverIP IP address of your RADIUS server.

serverPort Port number on which the RADIUS server listens for connections. Default value: 1812 Minimum value: 1

authTimeout Maximum number of seconds that the Citrix ADC waits for a response from the RADIUS server. Default value: 3 Minimum value: 1

radKey The key shared between the RADIUS server and clients. Required for allowing the Citrix ADC to communicate with the RADIUS server.

radNASip Send the Citrix ADC IP (NSIP) address to the RADIUS server as the Network Access Server IP (NASIP) part of the Radius protocol.

Possible values: ENABLED, DISABLED

radNASid Send the Network Access Server ID (NASID) for your Citrix ADC to the RADIUS server as the nasid part of the Radius protocol.

radVendorID Vendor ID for RADIUS group extraction. Minimum value: 1

radAttributeType Attribute type for RADIUS group extraction. Minimum value: 1

radGroupsPrefix Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding Enable password encoding in RADIUS packets that the Citrix ADC sends to the RADIUS server.

Possible values: pap, chap, mschapv1, mschapv2 Default value: mschapv2

ipVendorID Vendor ID attribute in the RADIUS response. If the attribute is not vendor-encoded, it is set to 0. Minimum value: 0

ipAttributeType IP attribute type in the RADIUS response. Minimum value: 1

accounting Configure the RADIUS server state to accept or refuse accounting messages.

Possible values: ON, OFF

pwdVendorID Vendor ID of the password in the RADIUS response. Used to extract the user password. Minimum value: 1

pwdAttributeType Attribute type of the Vendor ID in the RADIUS response. Minimum value: 1

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups. Maximum value: 64

callingstationid Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Possible values: ENABLED, DISABLED Default value: DISABLED

authservRetry Number of retry by the Citrix ADC before getting response from the RADIUS server. Default value: 3 Minimum value: 1 Maximum value: 10

authentication Configure the RADIUS server state to accept or refuse authentication messages.

Possible values: ON, OFF Default value: ON

tunnelEndpointClientIP Send Tunnel Endpoint Client IP address to the RADIUS server.

Possible values: ENABLED, DISABLED Default value: DISABLED

Example

To configure the default RADIUS parameters: set aaa radiusparams -serverip 192.30.1.2 -radkey sslvpn

aaa-radiusParams