This tutorial shows how to configure a cluster with two DualShield Radius servers. This cluster is load-balanced by Citrix Netscaler load balancer.

NetScaler Configuration

  1. Create a fixed radius monitor user in your AD, eg: RadMonitor (note: Excluding this user from using 2 factor authentication)
  2. Go to NetScaler/Traffic Management/Load Balancing/Monitors, click "Add"
  3. Give the new monitor a name, e.g "Radius_Monitor", and select type "RADIUS"


  4. Click "Special Parameter" tab, and add the fixed monitor user name, password, and radius shared secret. Click "Create". 
  5. Go to Traffic Management \ Load Balancing \ Servers. Click "Add".
  6. Provide Radius servers name and IP. Click "Create"


  7. Go to Traffic Management \ Load Balancing \ Service. Click "Add".
  8. Provide service name, select corresponding server, chose "UDP" protocol, and "1812" port. Click "OK"


  9. On the monitors section, bind the "Radius_monitor" created in previous step.
  10. Repeat the steps 5-9 to add all your radius server for load balancing.
  11. Go to Traffic Management \ Load Balancing \ Virtual Server. Click "ADD".
  12. Provide virtual server name, protocol "UDP", IP address, and port "1812". Click "OK"
  13. On the services and service groups section, bind all the radius services created in the previous steps. 

On the method section, chose your ideal load balancing method. Click OK. 

DualShield Server configuration. 

  1. Go to DMC / Radius / Radius Client, click "Register"
  2. Provide name, select Radius server and Application, add both NetScaler's IP address & NetScaler Subnet IP address to Radius client's IP address, and share secret.  Click "Save"


That's it. You can now load balancing Radius servers via the Virtual server on NetScaler. 

Reference: http://www.carlstalhood.com/radius-load-balancing-10-5/  


  • No labels