Skip to content
Was this article helpful?

aaa group

The following operations can be performed on "aaa group":

add | rm | bind | unbind | show

add aaa group

Creates a AAA group and verifies the configuration to ensure that it is correct.

Synopsys

add aaa group <groupName>

Arguments

groupName

Name for the group. Must begin with a letter, number, or the underscore character (_), and must consist only of letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore characters. Cannot be changed after the group is added.

The following requirement applies only to the NetScaler CLI:

If the name includes one or more spaces, enclose the name in double or

single quotation marks (for example, ?my aaa group? or ?my aaa

group).

Example

add aaa group group_ad

rm aaa group

Removes the specified AAA group.

Synopsys

rm aaa group <groupName>

Arguments

groupName

Name of the group that you are removing.

bind aaa group

Binds the specified AAA group to the specified resource. The resource can be a user, an Intranet IP address or range, a policy, or an Intranet application.

Synopsys

bind aaa group <groupName> [-userName <string>] [-policy <string> [-priority <positive_integer>]] [-intranetApplication <string>] [-urlName <string>] [-intranetIP <ip_addr> <netmask>] [-intranetIP6 <ip_addr|ipv6_addr|*> <numaddr>]

Arguments

groupName

Name of the group that you are binding.

userName

Bind a AAA group to the specified AAA user.

If the specified user is bound to more than one group, the group expressions are evaluated, upon authorization, to determine the appropriate action.

policy

Bind a policy to the specified AAA group.

priority

Priority to assign to the policy, as an integer. A lower number indicates a higher priority.

Required when binding a group to a policy. Not relevant to any other

type of group binding.

Minimum value: 0

intranetApplication

Bind the group to the specified intranet VPN application.

urlName

Bind the group to the specified URL.

intranetIP

Bind the group to the specified IP address or IP block.

Normally you would bind the group to an IP address or range that your users use to access intranet resources.

netmask

Subnet mask specifying an IP-address range to which to bind a AAA group.

intranetIP6

Bind the group to the specified IP6 address or IP block.

Normally you would bind the group to an IP6 address or range that your users use to access intranet resources.

numaddr

Number of ipv6 address to be bound

Minimum value: 1

Example

To bind an Intranet IP to the group engg: bind aaa group engg -intranetip 10.102.10.0 255.255.255.0

unbind aaa group

Unbinds the specified AAA group from the specified resource. The resource can be a user, an intranet IP address or range, a policy, or an intranet application.

Synopsys

unbind aaa group <groupName> [-userName <string> ...] [-policy <string>] [-intranetApplication <string>] [-urlName <string>] [-intranetIP <ip_addr> <netmask>] [-intranetIP6 <ip_addr|ipv6_addr|*> [<numaddr>]]

Arguments

groupName

Name of the group that you are unbinding.

userName

Unbind the specified AAA group from the specified AAA user.

policy

Unbind the specified policy from the specified AAA group.

intranetApplication

Unbind the specified group from the specified intranet VPN application.

urlName

Unbind the specified group from the specified URL.

intranetIP

Unbind the specified group from the specified IP address or IP block.

netmask

Subnet mask for the IP range in which the intranet application from which you are unbinding the policy resides.

Required if the intranet application has multiple IP addresses bound to it. Not needed if the intranet application resides on a single IP address.

intranetIP6

IP6 address of the intranet application to which you are unbinding the policy.

numaddr

Number of addresses for the IPv6 range in which the intranet application to which you are binding the policy resides.

Required if the intranet application has multiple IPv6 addresses bound to

it. Not needed if the intranet application resides on a single IP

address.

Minimum value: 1

Example

unbind aaa group engg -intranetip 10.102.10.0 255.255.255.0

show aaa group

Displays the current configuration of a AAA group.

Synopsys

show aaa group [<groupName>] [-loggedIn]

Arguments

groupName

Name of the group.

loggedIn

Display only the group members who are currently logged in.

Outputs

userName

The user name.

policy

The policy name.

priority

Priority to assign to the policy, as an integer. A lower number indicates a higher priority.

Required when binding a group to a policy. Not relevant to any other

type of group binding.

intranetApplication

Bind the group to the specified intranet VPN application.

urlName

The intranet url

actType

intranetIP

The Intranet IP(s) bound to the group

netmask

The netmask for the Intranet IP

intranetIP6

The Intranet IP6(s) bound to the group

numaddr

Numbers of ipv6 address bound starting with intranetip6

policySubType

stateflag

devno

count

Example

> show aaa group engg GroupName: engg Bound AAA users: UserName: joe UserName: jane Intranetip IP: 10.102.10.0 Netmask: 255.255.255.0 Done>

Was this article helpful?