authentication radiusAction¶
The following operations can be performed on "authentication radiusAction":
add authentication radiusAction¶
Creates an action (profile) for a RADIUS server. The profile contains all configuration data necessary to communicate with that RADIUS server.
Synopsys¶
add authentication radiusAction <name> {-serverIP <ip_addr|ipv6_addr|*> | {-serverName <string>}} [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer> [-pwdAttributeType <positive_integer>]] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )]
Arguments¶
name
Name for the RADIUS action.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the RADIUS action is added.
serverIP
IP address assigned to the RADIUS server.
serverName
RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.
serverPort
Port number on which the RADIUS server listens for connections.
Minimum value: 1
authTimeout
Number of seconds the NetScaler appliance waits for a response from the RADIUS server.
Default value: 3
Minimum value: 1
radKey
Key shared between the RADIUS server and the NetScaler appliance.
Required to allow the NetScaler appliance to communicate with the RADIUS server.
radNASip
If enabled, the NetScaler appliance IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.
The RADIUS protocol defines the meaning and use of the NASIP address.
Possible values: ENABLED, DISABLED
radNASid
If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).
radVendorID
RADIUS vendor ID attribute, used for RADIUS group extraction.
Minimum value: 1
radAttributeType
RADIUS attribute type, used for RADIUS group extraction.
Minimum value: 1
radGroupsPrefix
RADIUS groups prefix string.
This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
RADIUS group separator string
The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Encoding type for passwords in RADIUS packets that the NetScaler appliance sends to the RADIUS server.
Possible values: pap, chap, mschapv1, mschapv2
Default value: AAA_PAP
ipVendorID
Vendor ID of the intranet IP attribute in the RADIUS response.
NOTE: A value of 0 indicates that the attribute is not vendor encoded.
ipAttributeType
Remote IP address attribute type in a RADIUS response.
Minimum value: 1
accounting
Whether the RADIUS server is currently accepting accounting messages.
Possible values: ON, OFF
pwdVendorID
Vendor ID of the attribute, in the RADIUS response, used to extract the user password.
Minimum value: 1
pwdAttributeType
Vendor-specific password attribute type in a RADIUS response.
Minimum value: 1
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Maximum value: 64
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Possible values: ENABLED, DISABLED
Default value: DISABLED
rm authentication radiusAction¶
Removes a RADIUS profile (action). An action cannot be removed as long as it is bound to a policy.
Synopsys¶
rm authentication radiusAction <name>
Arguments¶
name
Name of the action to be removed.
set authentication radiusAction¶
Configures a RADIUS server profile (action). The profile contains all configuration data needed to communicate with that RADIUS server.
Synopsys¶
set authentication radiusAction <name> [-serverIP <ip_addr|ipv6_addr|*>] [-serverName <string>] [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer>] [-pwdAttributeType <positive_integer>] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )]
Arguments¶
name
Name of the RADIUS profile.
serverIP
IP address assigned to the RADIUS server.
serverName
RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.
serverPort
Port number on which the RADIUS server listens for connections.
Minimum value: 1
authTimeout
Number of seconds the NetScaler appliance waits for a response from the RADIUS server.
Default value: 3
Minimum value: 1
radKey
Key shared between the RADIUS server and the NetScaler appliance.
Required to allow the NetScaler appliance to communicate with the RADIUS server.
radNASip
If enabled, the NetScaler appliance IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.
The RADIUS protocol defines the meaning and use of the NASIP address.
Possible values: ENABLED, DISABLED
radNASid
If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).
radVendorID
RADIUS vendor ID attribute, used for RADIUS group extraction.
Minimum value: 1
radAttributeType
RADIUS attribute type, used for RADIUS group extraction.
Minimum value: 1
radGroupsPrefix
RADIUS groups prefix string.
This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
RADIUS group separator string
The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Encoding type for passwords in RADIUS packets that the NetScaler appliance sends to the RADIUS server.
Possible values: pap, chap, mschapv1, mschapv2
Default value: AAA_PAP
ipVendorID
Vendor ID of the intranet IP attribute in the RADIUS response.
NOTE: A value of 0 indicates that the attribute is not vendor encoded.
ipAttributeType
Remote IP address attribute type in a RADIUS response.
Minimum value: 1
accounting
Whether the RADIUS server is currently accepting accounting messages.
Possible values: ON, OFF
pwdVendorID
Vendor ID of the attribute, in the RADIUS response, used to extract the user password.
Minimum value: 1
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Maximum value: 64
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Possible values: ENABLED, DISABLED
Default value: DISABLED
unset authentication radiusAction¶
Use this command to remove authentication radiusAction settings.Refer to the set authentication radiusAction command for meanings of the arguments.
Synopsys¶
unset authentication radiusAction <name> [-serverIP] [-serverName] [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid]
show authentication radiusAction¶
Displays the current configuration settings for the specified RADIUS profile (action).
Synopsys¶
show authentication radiusAction [<name>]
Arguments¶
name
Name of the RADIUS profile.
summary
fullValues
format
level
Outputs¶
serverIP
IP address assigned to the RADIUS server.
serverName
RADIUS server name as a FQDN. Mutually exclusive with RADIUS IP address.
serverPort
Port number on which the RADIUS server listens for connections.
authTimeout
Number of seconds the NetScaler appliance waits for a response from the RADIUS server.
radKey
Key shared between the RADIUS server and the NetScaler appliance.
Required to allow the NetScaler appliance to communicate with the RADIUS server.
radNASip
If enabled, the NetScaler appliance IP address (NSIP) is sent to the RADIUS server as the Network Access Server IP (NASIP) address.
The RADIUS protocol defines the meaning and use of the NASIP address.
IPAddress
IP address.
radNASid
If configured, this string is sent to the RADIUS server as the Network Access Server ID (NASID).
radVendorID
RADIUS vendor ID attribute, used for RADIUS group extraction.
radAttributeType
RADIUS attribute type, used for RADIUS group extraction.
radGroupsPrefix
RADIUS groups prefix string.
This groups prefix precedes the group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
RADIUS group separator string
The group separator delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Encoding type for passwords in RADIUS packets that the NetScaler appliance sends to the RADIUS server.
ipVendorID
Vendor ID of the intranet IP attribute in the RADIUS response.
NOTE: A value of 0 indicates that the attribute is not vendor encoded.
ipAttributeType
Remote IP address attribute type in a RADIUS response.
accounting
Whether the RADIUS server is currently accepting accounting messages.
Success
Failure
stateflag
pwdVendorID
Vendor ID of the attribute, in the RADIUS response, used to extract the user password.
pwdAttributeType
Vendor-specific password attribute type in a RADIUS response.
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
devno
count