aaa-radiusParams¶
The following operations can be performed on "aaa-radiusParams":
set aaa radiusParams¶
Modifies the global configuration settings for the RADIUS server. The settings that you specify are used for all SSL-VPN virtual servers unless you use authentication policies to create a configuration for a specific SSL-VPN virtual server.
Synopsis¶
set aaa radiusParams [-serverIP <ip_addr|ipv6_addr|*>] [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer>] [-pwdAttributeType <positive_integer>] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )] [-authservRetry <positive_integer>] [-authentication ( ON | OFF )] [-tunnelEndpointClientIP ( ENABLED | DISABLED )]
Arguments¶
serverIP
IP address of your RADIUS server.
serverPort
Port number on which the RADIUS server listens for connections. Default value: 1812 Minimum value: 1
authTimeout
Maximum number of seconds that the Citrix ADC waits for a response from the RADIUS server. Default value: 3 Minimum value: 1
radKey
The key shared between the RADIUS server and clients. Required for allowing the Citrix ADC to communicate with the RADIUS server.
radNASip
Send the Citrix ADC IP (NSIP) address to the RADIUS server as the Network Access Server IP (NASIP) part of the Radius protocol.
Possible values: ENABLED, DISABLED
radNASid
Send the Network Access Server ID (NASID) for your Citrix ADC to the RADIUS server as the nasid part of the Radius protocol.
radVendorID
Vendor ID for RADIUS group extraction. Minimum value: 1
radAttributeType
Attribute type for RADIUS group extraction. Minimum value: 1
radGroupsPrefix
Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Enable password encoding in RADIUS packets that the Citrix ADC sends to the RADIUS server.
Possible values: pap, chap, mschapv1, mschapv2 Default value: mschapv2
ipVendorID
Vendor ID attribute in the RADIUS response. If the attribute is not vendor-encoded, it is set to 0. Minimum value: 0
ipAttributeType
IP attribute type in the RADIUS response. Minimum value: 1
accounting
Configure the RADIUS server state to accept or refuse accounting messages.
Possible values: ON, OFF
pwdVendorID
Vendor ID of the password in the RADIUS response. Used to extract the user password. Minimum value: 1
pwdAttributeType
Attribute type of the Vendor ID in the RADIUS response. Minimum value: 1
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups. Maximum value: 64
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Possible values: ENABLED, DISABLED Default value: DISABLED
authservRetry
Number of retry by the Citrix ADC before getting response from the RADIUS server. Default value: 3 Minimum value: 1 Maximum value: 10
authentication
Configure the RADIUS server state to accept or refuse authentication messages.
Possible values: ON, OFF Default value: ON
tunnelEndpointClientIP
Send Tunnel Endpoint Client IP address to the RADIUS server.
Possible values: ENABLED, DISABLED Default value: DISABLED
Example¶
To configure the default RADIUS parameters: set aaa radiusparams -serverip 192.30.1.2 -radkey sslvpn
Related Commands¶
unset aaa radiusParams¶
Use this command to remove aaa radiusParams settings.Refer to the set aaa radiusParams command for meanings of the arguments.
Synopsis¶
unset aaa radiusParams [-serverIP] [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid] [-authservRetry] [-authentication] [-tunnelEndpointClientIP]
show aaa radiusParams¶
Displays the current RADIUS configuration on the Citrix ADC.
Synopsis¶
show aaa radiusParams
Arguments¶
Output¶
serverIP
IP address of your RADIUS server.
serverPort
Port number on which the RADIUS server listens for connections.
radKey
The key shared between the RADIUS server and clients. Required for allowing the Citrix ADC to communicate with the RADIUS server.
groupAuthName
To associate AAA users with an AAA group, use the command
"bind AAA group ... -username ...".
You can bind different policies to each AAA group. Use the command
"bind AAA group ... -policy ..."
authTimeout
Maximum number of seconds that the Citrix ADC waits for a response from the RADIUS server.
radNASip
The option to send the Citrix ADC's IP address (NSIP) as the "nasip" (Network Access Server IP) part of the Radius protocol to the server.
radNASid
The nasid (Network Access Server ID). If configured, this string will be sent to the RADIUS server as the "nasid" as part of the Radius protocol.
IPAddress
IP Address.
radVendorID
Vendor ID for RADIUS group extraction.
radAttributeType
Attribute type for RADIUS group extraction.
radGroupsPrefix
Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Enable password encoding in RADIUS packets that the Citrix ADC sends to the RADIUS server.
ipVendorID
Vendor ID attribute in the RADIUS response. If the attribute is not vendor-encoded, it is set to 0.
ipAttributeType
IP attribute type in the RADIUS response.
accounting
The state of the Radius server that will receive accounting messages.
pwdVendorID
Vendor ID of the password in the RADIUS response. Used to extract the user password.
pwdAttributeType
Attribute type of the Vendor ID in the RADIUS response.
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
authservRetry
Number of retry by the Citrix ADC before getting response from the RADIUS server.
authentication
Configure the RADIUS server state to accept or refuse authentication messages.
tunnelEndpointClientIP
Send Tunnel Endpoint Client IP address to the RADIUS server.
builtin
Indicates that a variable is a built-in (SYSTEM INTERNAL) type.
feature
The feature to be checked while applying this config
Example¶
show aaa radiusparams Configured RADIUS parameters Server IP: 127.0.0.2 Port: 1812 key: secret Timeout: 10 Done