ADC CLI Commands

authentication-radiusAction

The following operations can be performed on “authentication-radiusAction”:

set unset add rm show

set authentication radiusAction

Configures a RADIUS server profile (action). The profile contains all configuration data needed to communicate with that RADIUS server.

Synopsis

set authentication radiusAction \[-serverIP <ip\_addr|ipv6\_addr|\*>] \[-serverName ] \[-serverPort ] \[-authTimeout <positive\_integer>] {-radKey } \[-radNASip \( ENABLED | DISABLED )] \[-radNASid ] \[-radVendorID <positive\_integer>] \[-radAttributeType <positive\_integer>] \[-radGroupsPrefix ] \[-radGroupSeparator ] \[-passEncoding ] \[-ipVendorID <positive\_integer>] \[-ipAttributeType <positive\_integer>] \[-accounting \( ON | OFF )] \[-pwdVendorID <positive\_integer>] \[-pwdAttributeType <positive\_integer>] \[-defaultAuthenticationGroup ] \[-callingstationid \( ENABLED | DISABLED )] \[-authservRetry <positive\_integer>] \[-authentication \( ON | OFF )] \[-tunnelEndpointClientIP \( ENABLED | DISABLED )] \[-transport \[-targetLBVserver ]]

Arguments

name Name of the RADIUS profile.

serverIP IP address assigned to the RADIUS server.

serverName RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverPort Port number on which the RADIUS server listens for connections. Minimum value: 1

authTimeout Number of seconds the Citrix ADC waits for a response from the RADIUS server. Default value: 3 Minimum value: 1

radKey Key shared between the RADIUS server and the Citrix ADC. Required to allow the Citrix ADC to communicate with the RADIUS server.

radNASip If enabled, the Citrix ADC IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address. The RADIUS protocol defines the meaning and use of the NASIP address.

Possible values: ENABLED, DISABLED

radNASid If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radVendorID RADIUS vendor ID attribute, used for RADIUS group extraction. Minimum value: 1

radAttributeType RADIUS attribute type, used for RADIUS group extraction. Minimum value: 1

radGroupsPrefix RADIUS groups prefix string. This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator RADIUS group separator string The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding Encoding type for passwords in RADIUS packets that the Citrix ADC sends to the RADIUS server.

Possible values: pap, chap, mschapv1, mschapv2 Default value: pap

ipVendorID Vendor ID of the intranet IP attribute in the RADIUS response. NOTE: A value of 0 indicates that the attribute is not vendor encoded. Minimum value: 0

ipAttributeType Remote IP address attribute type in a RADIUS response. Minimum value: 1

accounting Whether the RADIUS server is currently accepting accounting messages.

Possible values: ON, OFF

pwdVendorID Vendor ID of the attribute, in the RADIUS response, used to extract the user password. Minimum value: 1

pwdAttributeType Vendor-specific password attribute type in a RADIUS response. Minimum value: 1

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Possible values: ENABLED, DISABLED Default value: DISABLED

authservRetry Number of retry by the Citrix ADC before getting response from the RADIUS server. Default value: 3 Minimum value: 1 Maximum value: 10

authentication Configure the RADIUS server state to accept or refuse authentication messages.

Possible values: ON, OFF Default value: ON

tunnelEndpointClientIP Send Tunnel Endpoint Client IP address to the RADIUS server.

Possible values: ENABLED, DISABLED Default value: DISABLED

transport Transport mode to RADIUS server.

Possible values: UDP, TCP, TLS Default value: RAD_TRANSPORT_UDP

targetLBVserver If transport mode is TLS, specify the name of LB vserver to associate. The LB vserver needs to be of type TCP and service associated needs to be SSL_TCP

Example

To modify an existing RADIUS Action with a different server running at say 10.217.201.20 and radkey set to newkey123: set authentication radiusAction radius_action -serverIP 10.217.201.20 -radKey newkey123

unset authentication radiusAction

Use this command to remove authentication radiusAction settings.Refer to the set authentication radiusAction command for meanings of the arguments.

Synopsis

unset authentication radiusAction [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid] [-authservRetry] [-authentication] [-tunnelEndpointClientIP] [-transport] [-targetLBVserver]

add authentication radiusAction

Creates an action (profile) for a RADIUS server. The profile contains all configuration data necessary to communicate with that RADIUS server.

Synopsis

add authentication radiusAction {-serverIP <ip\_addr|ipv6\_addr|\*> | {-serverName }} \[-serverPort ] \[-authTimeout <positive\_integer>] {-radKey } \[-radNASip \( ENABLED | DISABLED )] \[-radNASid ] \[-radVendorID <positive\_integer>] \[-radAttributeType <positive\_integer>] \[-radGroupsPrefix ] \[-radGroupSeparator ] \[-passEncoding ] \[-ipVendorID <positive\_integer>] \[-ipAttributeType <positive\_integer>] \[-accounting \( ON | OFF )] \[-pwdVendorID <positive\_integer> \[-pwdAttributeType <positive\_integer>]] \[-defaultAuthenticationGroup ] \[-callingstationid \( ENABLED | DISABLED )] \[-authservRetry <positive\_integer>] \[-authentication \( ON | OFF )] \[-tunnelEndpointClientIP \( ENABLED | DISABLED )] \[-transport \[-targetLBVserver ]]

Arguments

name Name for the RADIUS action. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the RADIUS action is added.

serverIP IP address assigned to the RADIUS server.

serverName RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverPort Port number on which the RADIUS server listens for connections. Minimum value: 1

authTimeout Number of seconds the Citrix ADC waits for a response from the RADIUS server. Default value: 3 Minimum value: 1

radKey Key shared between the RADIUS server and the Citrix ADC. Required to allow the Citrix ADC to communicate with the RADIUS server.

radNASip If enabled, the Citrix ADC IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address. The RADIUS protocol defines the meaning and use of the NASIP address.

Possible values: ENABLED, DISABLED

radNASid If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radVendorID RADIUS vendor ID attribute, used for RADIUS group extraction. Minimum value: 1

radAttributeType RADIUS attribute type, used for RADIUS group extraction. Minimum value: 1

radGroupsPrefix RADIUS groups prefix string. This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator RADIUS group separator string The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding Encoding type for passwords in RADIUS packets that the Citrix ADC sends to the RADIUS server.

Possible values: pap, chap, mschapv1, mschapv2 Default value: pap

ipVendorID Vendor ID of the intranet IP attribute in the RADIUS response. NOTE: A value of 0 indicates that the attribute is not vendor encoded. Minimum value: 0

ipAttributeType Remote IP address attribute type in a RADIUS response. Minimum value: 1

accounting Whether the RADIUS server is currently accepting accounting messages.

Possible values: ON, OFF

pwdVendorID Vendor ID of the attribute, in the RADIUS response, used to extract the user password. Minimum value: 1

pwdAttributeType Vendor-specific password attribute type in a RADIUS response. Minimum value: 1

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

Possible values: ENABLED, DISABLED Default value: DISABLED

authservRetry Number of retry by the Citrix ADC before getting response from the RADIUS server. Default value: 3 Minimum value: 1 Maximum value: 10

authentication Configure the RADIUS server state to accept or refuse authentication messages.

Possible values: ON, OFF Default value: ON

tunnelEndpointClientIP Send Tunnel Endpoint Client IP address to the RADIUS server.

Possible values: ENABLED, DISABLED Default value: DISABLED

transport Transport mode to RADIUS server.

Possible values: UDP, TCP, TLS Default value: RAD_TRANSPORT_UDP

targetLBVserver If transport mode is TLS, specify the name of LB vserver to associate. The LB vserver needs to be of type TCP and service associated needs to be SSL_TCP

Example

To Add a default RADIUS Action with server running at 10.217.201.10 and radkey set to testing123: add authentication radiusAction radius_action -serverIP 10.217.201.10 -radKey testing123

rm authentication radiusAction

Removes a RADIUS profile (action). An action cannot be removed as long as it is bound to a policy.

Synopsis

rm authentication radiusAction

Arguments

name Name of the action to be removed.

Example

To remove a RADIUS Action named radius_action: rm authentication radiusAction radius_action

show authentication radiusAction

Displays the current configuration settings for the specified RADIUS profile (action).

Synopsis

show authentication radiusAction []

Arguments

name Name of the RADIUS profile.

Output

serverIP IP address assigned to the RADIUS server.

serverName RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.

serverPort Port number on which the RADIUS server listens for connections.

authTimeout Number of seconds the Citrix ADC waits for a response from the RADIUS server.

radKey Key shared between the RADIUS server and the Citrix ADC. Required to allow the Citrix ADC to communicate with the RADIUS server.

radNASip If enabled, the Citrix ADC IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address. The RADIUS protocol defines the meaning and use of the NASIP address.

IPAddress IP address.

radNASid If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).

radVendorID RADIUS vendor ID attribute, used for RADIUS group extraction.

radAttributeType RADIUS attribute type, used for RADIUS group extraction.

radGroupsPrefix RADIUS groups prefix string. This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.

radGroupSeparator RADIUS group separator string The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.

passEncoding Encoding type for passwords in RADIUS packets that the Citrix ADC sends to the RADIUS server.

ipVendorID Vendor ID of the intranet IP attribute in the RADIUS response. NOTE: A value of 0 indicates that the attribute is not vendor encoded.

ipAttributeType Remote IP address attribute type in a RADIUS response.

accounting Whether the RADIUS server is currently accepting accounting messages.

Success Failure stateflag pwdVendorID Vendor ID of the attribute, in the RADIUS response, used to extract the user password.

pwdAttributeType Vendor-specific password attribute type in a RADIUS response.

defaultAuthenticationGroup This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

callingstationid Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.

authservRetry Number of retry by the Citrix ADC before getting response from the RADIUS server.

authentication Configure the RADIUS server state to accept or refuse authentication messages.

tunnelEndpointClientIP Send Tunnel Endpoint Client IP address to the RADIUS server.

transport Transport mode to RADIUS server.

targetLBVserver If transport mode is TLS, specify the name of LB vserver to associate. The LB vserver needs to be of type TCP and service associated needs to be SSL_TCP

devno count

Example

show authentication radiusaction radius_action

authentication-radiusAction