Article FAQ: Does NetScaler Support Fowarding Pass-Through RADIUS Attribute 66 (Tunnel-Client-Endpoint) During RADIUS Authentication
Article ID: CTX227293
Updated On:
Description
Question:
>User is setting up Azure MFA with RADIUS and for their trusted IP addresses server needs attribute 66.
>How can this attribute be set for the MFA server using NetScaler?
Answer:
With NetScaler 12.1 release, NetScaler appliance now allows the pass-through of RADIUS attribute 66 (Tunnel-Client-Endpoint) during RADIUS authentication. By applying this feature, the clients IP address is received by second-factor authentication from entrusting, to make risk-based authentication decisions.
A new attribute “tunnelEndpointClientIP” is introduced in both “add authentication radiusAction” and “set radiusParams” command.
To use this feature, at the NetScaler command prompt, type:
- add authentication radiusAction <name> {-serverIP <ip_addr|ipv6_addr|*> | {-serverName <string>}} [-serverPort <port>] … [-tunnelEndpointClientIP (ENABLED|DISABLED)]
- set radiusParams {-serverIP <ip_addr|ipv6_addr|*> |{-serverName <string>}} [-serverPort<port>] … [-tunnelEndpointClientIP(ENABLED|DISABLED)]
Example:
- add authentication radiusAction radius -severIP 1.2.3.4 -serverName FQDN -serverPort 1812 -tunnelEndpointClientIp ENABLED
- set radiusParams -serverIp 1.2.3.4 -serverName FQDN1 -serverPort 1812 -tunnelEndpointClientIP ENABLED
Issue/Introduction
RADIUS attribute 66 for Tunnel-Client-Endpoint.
Additional Information
This feature is only supported with NetScaler 12.1 48.13 release onward.
For more information, see https://docs.citrix.com/en-us/netscaler/12-1/aaa-tm/configure-aaa-policies/ns-aaa-setup-policies-authntcn-tsk/ns-aaa-setup-policies-auth-radius-tsk.html
For more information, see https://docs.citrix.com/en-us/netscaler/12-1/aaa-tm/configure-aaa-policies/ns-aaa-setup-policies-authntcn-tsk/ns-aaa-setup-policies-auth-radius-tsk.html
Was this article helpful?
Yes
No
Powered by
