aaa radiusParams¶
The following operations can be performed on "aaa radiusParams":
set aaa radiusParams¶
Modifies the global configuration settings for the RADIUS server. The settings that you specify are used for all SSL-VPN virtual servers unless you use authentication policies to create a configuration for a specific SSL-VPN virtual server.
Synopsys¶
set aaa radiusParams [-serverIP <ip_addr|ipv6_addr|*>] [-serverPort <port>] [-authTimeout <positive_integer>] {-radKey } [-radNASip ( ENABLED | DISABLED )] [-radNASid <string>] [-radVendorID <positive_integer>] [-radAttributeType <positive_integer>] [-radGroupsPrefix <string>] [-radGroupSeparator <string>] [-passEncoding <passEncoding>] [-ipVendorID <positive_integer>] [-ipAttributeType <positive_integer>] [-accounting ( ON | OFF )] [-pwdVendorID <positive_integer>] [-pwdAttributeType <positive_integer>] [-defaultAuthenticationGroup <string>] [-callingstationid ( ENABLED | DISABLED )]
Arguments¶
serverIP
IP address of your RADIUS server.
serverPort
Port number on which the RADIUS server listens for connections.
Default value: 1812
Minimum value: 1
authTimeout
Maximum number of seconds that the NetScaler appliance waits for a response from the RADIUS server.
Default value: 3
Minimum value: 1
radKey
The key shared between the RADIUS server and clients.
Required for allowing the NetScaler appliance to communicate with the RADIUS server.
radNASip
Send the NetScaler IP (NSIP) address to the RADIUS server as the Network Access Server IP (NASIP) part of the Radius protocol.
Possible values: ENABLED, DISABLED
radNASid
Send the Network Access Server ID (NASID) for your NetScaler appliance to the RADIUS server as the nasid part of the Radius protocol.
radVendorID
Vendor ID for RADIUS group extraction.
Minimum value: 1
radAttributeType
Attribute type for RADIUS group extraction.
Minimum value: 1
radGroupsPrefix
Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Enable password encoding in RADIUS packets that the NetScaler appliance sends to the RADIUS server.
Possible values: pap, chap, mschapv1, mschapv2
Default value: pap
ipVendorID
Vendor ID attribute in the RADIUS response.
If the attribute is not vendor-encoded, it is set to 0.
Minimum value: 0
ipAttributeType
IP attribute type in the RADIUS response.
Minimum value: 1
accounting
Configure the RADIUS server state to accept or refuse accounting messages.
Possible values: ON, OFF
pwdVendorID
Vendor ID of the password in the RADIUS response. Used to extract the user password.
Minimum value: 1
pwdAttributeType
Attribute type of the Vendor ID in the RADIUS response.
Minimum value: 1
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Maximum value: 64
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Possible values: ENABLED, DISABLED
Default value: DISABLED
Example¶
To configure the default RADIUS parameters:set aaa radiusparams -serverip 192.30.1.2 -radkey sslvpn
Related Commands¶
unset aaa radiusParams¶
Use this command to remove aaa radiusParams settings.Refer to the set aaa radiusParams command for meanings of the arguments.
Synopsys¶
unset aaa radiusParams [-serverIP] [-serverPort] [-authTimeout] [-radNASip] [-radNASid] [-radVendorID] [-radAttributeType] [-radGroupsPrefix] [-radGroupSeparator] [-passEncoding] [-ipVendorID] [-ipAttributeType] [-accounting] [-pwdVendorID] [-pwdAttributeType] [-defaultAuthenticationGroup] [-callingstationid]
show aaa radiusParams¶
Displays the current RADIUS configuration on the NetScaler appliance.
Synopsys¶
show aaa radiusParams
Outputs¶
serverIP
IP address of your RADIUS server.
serverPort
Port number on which the RADIUS server listens for connections.
radKey
The key shared between the client and the server.
groupAuthName
To associate AAA users with an AAA group, use the command
"bind AAA group ... -username ...".
You can bind different policies to each AAA group. Use the command
"bind AAA group ... -policy ..."
authTimeout
Maximum number of seconds that the NetScaler appliance waits for a response from the RADIUS server.
radNASip
The option to send the NetScaler's IP address (NSIP) as the "nasip" (Network Access Server IP) part of the Radius protocol to the server.
radNASid
The nasid (Network Access Server ID). If configured, this string will be sent to the RADIUS server as the "nasid" as part of the Radius protocol.
IPAddress
IP Address.
radVendorID
Vendor ID for RADIUS group extraction.
radAttributeType
Attribute type for RADIUS group extraction.
radGroupsPrefix
Prefix string that precedes group names within a RADIUS attribute for RADIUS group extraction.
radGroupSeparator
Group separator string that delimits group names within a RADIUS attribute for RADIUS group extraction.
passEncoding
Enable password encoding in RADIUS packets that the NetScaler appliance sends to the RADIUS server.
ipVendorID
Vendor ID attribute in the RADIUS response.
If the attribute is not vendor-encoded, it is set to 0.
ipAttributeType
IP attribute type in the RADIUS response.
accounting
The state of the Radius server that will receive accounting messages.
pwdVendorID
Vendor ID of the password in the RADIUS response. Used to extract the user password.
pwdAttributeType
Attribute type of the Vendor ID in the RADIUS response.
defaultAuthenticationGroup
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
callingstationid
Send Calling-Station-ID of the client to the RADIUS server. IP Address of the client is sent as its Calling-Station-ID.
Example¶
> show aaa radiusparamsConfigured RADIUS parameters Server IP: 127.0.0.2 Port: 1812 key: secret Timeout: 10 Done>