RADIUS protocol
In NetScaler environments, RADIUS is commonly used for two-factor authentication, and is the protocol to choose when integrating with One Time Password (OTP) servers.
The ports used by Radius are as follows:
UDP 1812: Authentication
UDP 1813: Radius Accounting
UDP 1645 and 1646: Legacy ports for the same purpose that some servers might use
Authentication flow
When authenticating, the exchange will start with an access-request from the NetScaler to the RADIUS server. To this, the server can respond with one of three responses, given as follows:
Access-Accept: All is good and the User is through
Access-Reject: Either the RADIUS server parameters, such as the secret, are not configured correctly, or the User credentials are incorrect
Access-Challenge: This is what you will see when using an OTP solution, the NetScaler has received a prompt for additional credentials
The following is a screenshot of a successful RADIUS (Access-Accept) authentication:
