Manuals / Citrix Systems / Computer Equipment / Network Router

Citrix Systems CITRIX NETSCALER 9.3 manual Configuring IP address extraction

Models: CITRIX NETSCALER 9.3

1 195
Download 195 pages 43.21 Kb
Page 43
Image 43
Configuring IP address extraction

Citrix NetScaler Administration Guide

wPassword Authentication Protocol

wChallenge-Handshake Authentication Protocol (CHAP)

wMicrosoft Challenge-Handshake Authentication Protocol (MS-CHAP Version 1 and Version 2)

If your deployment of the NetScaler is configured to use RADIUS authentication and your RADIUS server is configured to use Password Authentication Protocol, you can strengthen user authentication by assigning a strong shared secret to the RADIUS server. Strong RADIUS shared secrets consist of random sequences of uppercase and lowercase letters, numbers, and punctuation, and are at least 22 characters long. If possible, use a random character generation program to determine RADIUS shared secrets.

To further protect RADIUS traffic, assign a different shared secret to each NetScaler appliance or virtual server. When you define clients on the RADIUS server, you can also assign a separate shared secret to each client. If you do this, you must configure separately each NetScaler policy that uses RADIUS authentication.

Shared secrets are configured on the NetScaler when a RADIUS policy is created.

Configuring IP address extraction

You can configure the NetScaler to extract the IP address from a RADIUS server. When a user authenticates with the RADIUS server, the server returns a framed IP address that is assigned to the user. The following are attributes for IP address extraction:

wAllows a remote RADIUS server to supply an IP address from the internal network for a user logged on to the NetScaler.

wAllows configuration for any RADIUS attribute using the type ipaddress, including those that are vendor encoded.

When configuring the RADIUS server for IP address extraction, you configure the vendor identifier and the attribute type.

The vendor identifier enables the RADIUS server to assign an IP address to the client from a pool of IP addresses that are configured on the RADIUS server. The vendor ID and attributes are used to make the association between the RADIUS client and the RADIUS server. The vendor ID is the attribute in the RADIUS response that provides the IP address of the internal network. A value of zero indicates that the attribute is not vendor encoded. The attribute type is the remote IP address attribute in a RADIUS response. The minimum value is one and the maximum value is 255.

A common configuration is to extract the RADIUS attribute framed IP address. The vendor ID is set to zero or is not specified. The attribute type is set to eight.

To configure IP address extraction by using the configuration utility

1.In the navigation pane, expand System, and then click Authentication.

2.On the Policies tab, click Open.

3.In the Configure Authentication Policy dialog box, next to Server, click Modify.

4.Under Details, in Group Vendor Identifier, type the value.

43

Page 42 Page 44
Page 43
Image 43
Citrix Systems CITRIX NETSCALER 9.3 manual Configuring IP address extraction
Page 42 Page 44