Jump to content
Welcome to our new Citrix community!

LB defined as RADIUS fails. UDP works. Why?


Recommended Posts

Hi all,

I am working at a customer, helping them migrate from one Radius based auth to another. They have the following environment, and hold on to your chairs now! NetScaler MPX 7500 with 13.0 build 87.9nc in a HA pair. USNIP mode is active, but no snip has been defined. Instead they have a MIP in the same subnet as the NSIPs.

 

I've configured a LB defined as RADIUS that shows as UP. However, when I create the basic auth RADIUS server, the "Test RADIUS reachability" fails.

I created another LB defined as UDP. Created a basic auth RADIUS server with this one and the "Test RADIUS reachability" is OK.

 

I ran a trace on the Netscaler and we actually saw the RADIUS messages being sent from both LB and received a reject from the RADIUS server as expected. The logs one the RADIUS servers also shows this.

 

We tried to do a live test and as expected, when using the auth policy with the UDP LB , it works. We tested the policy with the RADIUS defined LB, and it fails.

 

Can someone please help me understand why this is happening?

 

Thank you all.

 

 

-oWe

Link to comment
Share on other sites

  • 4 weeks later...

Hi,

Had similar issue with a 13.0-87.9 VPX (on SDX).

Radius not working when Radius auth was pointing to a LB.

Tested with UDP that didn't work either for me.

 

Strange thing was that ICMP and Radius monitor did work when bound to Service Group.

Found that if I created a Net Profile (with same SNIP as traffic used without the Net Profile) and bound that to the Service Group then it worked.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...