7 min read
NetScaler ADC CLI Cheat Sheet: Essential Commands for Citrix Admins
Quick reference for the most-used NetScaler (Citrix ADC) CLI commands. Covers load balancing, SSL, Gateway, monitoring, and troubleshooting.
NetScalerCitrix ADCCLILoad BalancingGateway
Why Use the NetScaler CLI?
The NetScaler GUI is great for exploration, but the CLI is faster for bulk operations, scripting, and troubleshooting. Every Citrix admin should be comfortable with these core commands.
Connection & System
bash
# SSH to NetScaler
ssh nsroot@10.0.0.100
# Show system info
show ns hardware
show ns version
show ns license
# Show running config (equivalent to Cisco "show run")
show ns runningConfig
# Save config (CRITICAL — changes are lost on reboot otherwise)
save ns config
# Show HA status
show ha nodeLoad Balancing
bash
# Create a server object
add server web01 10.0.1.10
add server web02 10.0.1.11
# Create a service group
add serviceGroup svcgrp-web HTTP
bind serviceGroup svcgrp-web web01 80
bind serviceGroup svcgrp-web web02 80
# Create a load balancing vServer
add lb vserver vs-web HTTP 10.0.0.50 80
bind lb vserver vs-web serviceGroup svcgrp-web
# Set LB method
set lb vserver vs-web -lbMethod ROUNDROBIN
# Enable health monitoring
add lb monitor mon-http HTTP -respCode 200 -httpRequest "GET /"
bind serviceGroup svcgrp-web -monitorName mon-httpSSL Configuration
bash
# Add SSL certificate + key
add ssl certKey wildcard-corp -cert /nsconfig/ssl/wildcard.corp.local.cer -key /nsconfig/ssl/wildcard.corp.local.key
# Create SSL vServer
add lb vserver vs-web-ssl SSL 10.0.0.50 443
bind ssl vserver vs-web-ssl -certkeyName wildcard-corp
bind lb vserver vs-web-ssl serviceGroup svcgrp-web
# Disable weak protocols
set ssl vserver vs-web-ssl -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED
# Show SSL stats
stat ssl
show ssl vserver vs-web-sslCitrix Gateway (for CVAD)
bash
# Show Gateway vServer status
show vpn vserver gateway-vserver
# Show active ICA sessions
show vpn icaConnection
# Show active sessions count
show vpn vserver gateway-vserver | grep "Current Sessions"
# Kill a specific session
kill vpn icaConnection -username jsmith
# Show STA servers
show vpn vserver gateway-vserver | grep -i staMonitoring & Troubleshooting
bash
# Show service status (is backend healthy?)
show serviceGroup svcgrp-web
# Show LB vServer stats
stat lb vserver vs-web
# Real-time connection table
show ns connectiontable -filterexpression "DESTIP.EQ(10.0.1.10)"
# Packet capture (30 seconds, specific traffic)
start nstrace -size 0 -time 30 -filter "CONNECTION.IP.EQ(10.0.1.10)"
# Traces saved to /var/nstrace/
# Show nslog for errors
shell cat /var/nslog/newnslog | tail -50
# Check CPU and memory
stat ns cpu
stat system memoryContent Switching
bash
# Route traffic based on URL path
add cs vserver vs-cs HTTP 10.0.0.50 80
add cs policy pol-api -rule "HTTP.REQ.URL.STARTSWITH(\"/api\")"
add cs policy pol-web -rule "HTTP.REQ.URL.STARTSWITH(\"/")"
bind cs vserver vs-cs -policyName pol-api -targetLBVserver vs-api -priority 100
bind cs vserver vs-cs -policyName pol-web -targetLBVserver vs-web -priority 200Quick Status Check Script
Save this as a batch check you can run daily:
bash
# NetScaler daily health check
echo "=== HA Status ==="
show ha node | grep -E "State|Health"
echo "=== LB vServers ==="
show lb vserver | grep -E "Name|State|Health"
echo "=== Gateway Sessions ==="
show vpn vserver | grep "Current Sessions"
echo "=== SSL Cert Expiry ==="
show ssl certKey | grep -E "Name|Days to expiration"
echo "=== CPU ==="
stat ns cpu | grep "CPU use"Generate NetScaler Configs with AI
Need a custom NetScaler configuration? VDIVibes AI generates complete CLI configurations for load balancing, Gateway, SSL, and content switching — specific to your topology.