NetScaler – Command line cheat sheet

How do I connect?
Download Putty from www.putty.org, launch, punch your NetScaler IP in the Host Name (or IP address) field and click Open. Login with your NetScaler username and password. That’s it – welcome to NetScaler CLI.
You will see some commands starting with ‘#’ – these are shell commands. To enter NetScaler’s shell mode (FreeBSD) type
shell
to exit the shell mode type
exit
Cosmetics
It’s boring – let’s add some color
set cli mode -color ON
now errors are red and success is green – just the way we love it
Want to add username, hostname and current time?
set cli prompt %u@%h-%T
the result will be similar to this: stan@NetScalerHostname-10:32>
What’s my NetScaler?
Show me the current NetScaler firmware version
show version
 
What’s your hostname
show hostname
Show me your hardware details (including serial #)
show hardware
Show me your interfaces
show interface -summary
Show me the SSL Summary
stat ssl
 
Show me the HA node configuration
show node
Want more data?
# sysctl -a netscaler | more
this will give you lots of useful info such as your NetScaler model, description, platformit is running on, CPUs, etc.
Don’t forget to enter the shell for this one, type shell; to exit from shell (#) type exit
 
How’s NetScaler Configured?
IPs (SNIP, VIP, MIP)
show ip
Features
show feature
Modes
show ns mode
Want is all?
show info
this will give you NetScaler’s model, NSIP, config data, features and modes
License and Licensed Features
show license
Running configuration
show run | more
By the way, if you’re like me and want to make your config digging easier, download Notepad++ and use Kenny Baldwin’s instructions to make NetScaler config pretty in it.
Hey NetScaler, What’s Up?
NetScaler “Task Manager”
shell top
Uptime
# uptime
 
Networking Stuff
Routing table
show route
IPs (SNIP, VIP, MIP)
show ip
ARP table
show arp
VLANs
show vlan
Ping, Traceroute, Telnet
# ping
# traceroute
# telnet
Load Balancing (LB)
LB Virtual Servers
show lb vserver <vserver_name>
show lb vserver | more shows all virtual servers, which can create a mess J
LB services
show service <service_name>
LB service groups
show servicegroup <servicegroup_name>
LB monitors
show monitor <monitor_name>
Persistent sessions
show persistentsessions
Authentication
VPN (including NetScaler Gateway) Virtual Servers
show vpn vserver
Detailed VPN virtual server configuration including bound policies, portal theme, bookmarks, STAs, etc.
show vpn vserver <vpnvserver_name>
 
Authentication sessions
show aaa session
Authentication statistics
show aaa stats
Statistics
System
stat ns
stat cpu
stat interface
Entities
stat lb vserver
stat cs vserver
stat service
Protocols
stat ssl
stat dns
stat http
Bonus
Authentication Troubleshooting – Monitor Authentication Attempts in Real-Time
Switch to the shell prompt:
shell
Start the debugging process:
cat /tmp/aaad.debug
Perform the authentication process that requires troubleshooting, such as a user logonattempt.
Monitor the output of the cat aaad.debug command to interpret and troubleshoot the authentication process.
Stop the debugging process with Ctrl + Z.
You can run the following command to record the output of aaad.debug to a log file:
cat aaad.debug | tee /var/tmp/<debuglogname.log>
Check Policy Hits
Run the following command from the shell prompt of the appliance to view the real-time hits on:
Authentication policies and session policies applied on the NetScaler Gateway virtual server:
nsconmsg –d current –g pol_hits
Rewrite policy bound at a global level or to a load balancing, content switching, or NetScaler Gateway virtual server:
nsconmsg –d current | egrep –i rewrite
Responder policy bound at a global level or to a load balancing, content switching, or NetScaler Gateway virtual server:
nsconmsg –d current | egrep –i responder
Geplaatst in Citrix Xenapp.