ADC CLI Commands

netProfile

The following operations can be performed on “netProfile”:

unset add set rm bind unbind show

unset netProfile

Removes the srcIP attribute of a net profile..Refer to the set netProfile command for meanings of the arguments.

Synopsis

unset netProfile [-srcIP] [-srcippersistency] [-overrideLsn] [-MBF] [-proxyProtocol] [-proxyProtocoltxversion] [-proxyProtocolAfterTLSHandshake]

Example

unset netProfile prof1 -srcIP

add netProfile

Creates a net profile. A net profile (or network profile) contains an IP address or an IP set. During communication with physical servers or peers, the Citrix ADC uses the addresses specified in the profile as the source IP address.

Synopsis

add netProfile \[-td <positive\_integer>] \[-srcIP ] \[-srcippersistency \( ENABLED | DISABLED )] \[-overrideLsn \( ENABLED | DISABLED )] \[-MBF \( ENABLED | DISABLED )] \[-proxyProtocol \( ENABLED | DISABLED ) \[-proxyProtocoltxversion \( V1 | V2 )]] \[-proxyProtocolAfterTLSHandshake \( ENABLED | DISABLED )]

Arguments

name Name for the net profile. Must begin with a letter, number, or the underscore character (_), and can consist of letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore characters. Cannot be changed after the profile is created. Choose a name that helps identify the net profile.

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

srcIP IP address or the name of an IP set.

srcippersistency When the net profile is associated with a virtual server or its bound services, this option enables the Citrix ADC to use the same address, specified in the net profile, to communicate to servers for all sessions initiated from a particular client to the virtual server.

Possible values: ENABLED, DISABLED Default value: DISABLED

overrideLsn USNIP/USIP settings override LSN settings for configured service/virtual server traffic..

Possible values: ENABLED, DISABLED Default value: DISABLED

MBF Response will be sent using learnt info if enabled. When creating a netprofile, if you do not set this parameter, the netprofile inherits the global MBF setting (available in the enable ns mode and disable ns mode CLI commands, or in the System > Settings > Configure modes > Configure Modes dialog box). However, you can override this setting after you create the netprofile

Possible values: ENABLED, DISABLED

proxyProtocol Proxy Protocol Action (Enabled/Disabled)

Possible values: ENABLED, DISABLED Default value: DISABLED

proxyProtocoltxversion Proxy Protocol Version (V1/V2)

Possible values: V1, V2 Default value: V1

proxyProtocolAfterTLSHandshake ADC doesnt look for proxy header before TLS handshake, if enabled. Proxy protocol parsed after TLS handshake

Possible values: ENABLED, DISABLED Default value: DISABLED

Example

add netProfile prof1 -srcip 10.102.1.10

set netProfile

Modifies the srcIP parameter of a net profile.

Synopsis

set netProfile \[-srcIP ] \[-srcippersistency \( ENABLED | DISABLED )] \[-overrideLsn \( ENABLED | DISABLED )] \[-MBF \( ENABLED | DISABLED )] \[-proxyProtocol \( ENABLED | DISABLED )] \[-proxyProtocoltxversion \( V1 | V2 )] \[-proxyProtocolAfterTLSHandshake \( ENABLED | DISABLED )]

Arguments

name Name of the net profile whose parameter you want to modify.

srcIP IP address or the name of an IP set.

srcippersistency When the net profile is associated with a virtual server or its bound services, this option enables the Citrix ADC to use the same address, specified in the net profile, to communicate to servers for all sessions initiated from a particular client to the virtual server.

Possible values: ENABLED, DISABLED Default value: DISABLED

overrideLsn USNIP/USIP settings override LSN settings for configured service/virtual server traffic..

Possible values: ENABLED, DISABLED Default value: DISABLED

MBF Response will be sent using learnt info if enabled. When creating a netprofile, if you do not set this parameter, the netprofile inherits the global MBF setting (available in the enable ns mode and disable ns mode CLI commands, or in the System > Settings > Configure modes > Configure Modes dialog box). However, you can override this setting after you create the netprofile

Possible values: ENABLED, DISABLED

proxyProtocol Proxy Protocol Action (Enabled/Disabled)

Possible values: ENABLED, DISABLED Default value: DISABLED

proxyProtocoltxversion Proxy Protocol Version (V1/V2)

Possible values: V1, V2 Default value: V1

proxyProtocolAfterTLSHandshake ADC doesnt look for proxy header before TLS handshake, if enabled. Proxy protocol parsed after TLS handshake

Possible values: ENABLED, DISABLED Default value: DISABLED

Example

set netProfile prof_1 -srcIP 10.102.1.10

rm netProfile

Removes a net profile from the Citrix ADC.

Synopsis

rm netProfile ...

Arguments

name Name of the net profile to be removed.

Example

rm netProfile prof1

bind netProfile

Binds specified port range to a netprofile.

Synopsis

bind netProfile \(-srcPortRange <int\[-int]> ... | \(-natRule <ip\_addr> ))

Arguments

name Name of the netprofile to which to bind port ranges.

srcPortRange When the source port range is configured and associated with the netprofile bound to a service group, Citrix ADC will choose a port from the range configured for connection establishment at the backend servers. Minimum value: 1024 Maximum value: 65535

natRule When Natrule is configured and netprofile is bound to lb vserver, Citrix ADC will use the prefix of rewrite IP for outgoing packets if prefix of source IP of incoming packet matches with prefix of IP of natrule. This will take preference over USIP and USNIP configuration. ip_addr : IP for which prefix need to rewritten. netmask : Netmask for NatRule IP and RewriteIP. rewriteIp : Prefix for modified IP.

netmask rewriteIp

Example

bind netprofile npf_1 -srcportrange 2000-3000 bind netprofile npf_1 -natRule 10.0.0.0 255.0.0.0 11.0.0.0

unbind netProfile

Unbinds the specified port range from a netprofile.

Synopsis

unbind netProfile \(-srcPortRange <int\[-int]> ... | \(-natRule <ip\_addr> ))

Arguments

name Name of the netprofile to which to bind port ranges.

srcPortRange When the source port range is configured and associated with the netprofile bound to a service group, Citrix ADC will choose a port from the range configured for connection establishment at the backend servers. Minimum value: 1024 Maximum value: 65535

natRule Unbind the already bound natrule from netProfile.

netmask

Example

unbind netprofile npf_1 -srcportrange 2000-3000 unbind netprofile npf_1 -natrule 1.0.0.0 255.0.0.0

show netProfile

Displays the settings of all net profiles configured on the Citrix ADC, or of the specified net profile.

Synopsis

show netProfile []

Arguments

name Name of the net profile whose details you want to display.

Output

srcIP Source IPaddress or IPSET name.

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.

srcippersistency When the net profile is associated with a virtual server or its bound services, this option enables the Citrix ADC to use the same address, specified in the net profile, to communicate to servers for all sessions initiated from a particular client to the virtual server.

netprofRefcount Used to keep reference count of IP

overrideLsn USNIP/USIP settings override LSN settings for configured service/virtual server traffic..

srcPortRange When the source port range is configured and associated with the netprofile bound to a service group, Citrix ADC will choose a port from the range configured for connection establishment at the backend servers.

stateflag state flag

flags natRule IPv4 network address on whose traffic you want the Citrix ADC to do rewrite ip prefix.

netmask rewriteIp MBF Response will be sent using learnt info if enabled. When creating a netprofile, if you do not set this parameter, the netprofile inherits the global MBF setting (available in the enable ns mode and disable ns mode CLI commands, or in the System > Settings > Configure modes > Configure Modes dialog box). However, you can override this setting after you create the netprofile

proxyProtocol Proxy Protocol Action (Enabled/Disabled)

proxyProtocoltxversion Proxy Protocol Version (V1/V2)

proxyProtocolAfterTLSHandshake ADC doesnt look for proxy header before TLS handshake, if enabled. Proxy protocol parsed after TLS handshake

proxyProtocolTLVOptions Proxy protocol TLV options

devno count

Example

show netProfile

netProfile