RADIUS service monitoring

The NetScaler appliance RADIUS monitor periodically checks the state of the RADIUS service to which it is bound by sending an authentication request to the service. The RADIUS server authenticates the RADIUS monitor and sends a response. By default, the monitor expects to receive a response code of 2, the default Access-Accept response, from the RADIUS server. As long as the monitor receives the appropriate response, it marks the service UP.

Note: RADIUS monitor supports only PAP type authentication.

  • If the client authenticated successfully, the RADIUS server sends an Access-Accept response. The default access-accept response code is 2, and this is the code that the appliance uses.
  • If the client fails to authenticate successfully (such as when there is a mismatch in the user name, password, or secret key), the RADIUS server sends an Access-Reject response. The default access-reject response code is 3, and this is the code that the appliance uses.
Parameter Specifies
userName User name on the RADIUS/NNTP/FTP/FTP-EXTENDED/MYSQL/POP3 server. This user name is used in the probe.
password Password used in monitoring RADIUS/NNTP/FTP/FTP-EXTENDED/MYSQL/POP3/LDAP servers.
radKey Shared secret key value that the RADIUS server uses during client authentication.
radNASid NAS-ID that is encapsulated in the payload when an access request is made.
radNASip The IP address that is encapsulated in the payload when an access-request is made. When radNASip is not configured, the NetScaler appliance sends the mapped IP address (MIP) to the RADIUS server as the NAS IP address.

To monitor a RADIUS service, you must configure the RADIUS server to which it is bound as follows:

  1. Add the user name and password of the client that the monitor uses for authentication to the RADIUS authentication database.

  2. Add the IP address and secret key of the client to the appropriate RADIUS database.

  3. Add the IP addresses that the appliance uses to send RADIUS packets to the RADIUS database. If the NetScaler appliance has more than one mapped IP address, or if a subnet IP address (SNIP) is used, you must add the same secret key for all the IP addresses.

    Caution: If the IP address used by the appliance is not added to the RADIUS database, the RADIUS server discards all packets.

To configure built-in monitors to check the state of the RADIUS server, see Configuring Monitors in a Load Balancing Setup.

RADIUS service monitoring

In this article