CHAPTER16 Services
Mediant 1000 Gateway & E-SBC | User's Manual
■ Accounting where the device sends accounting data of SIP calls as call detail records (CDR)
to a RADIUS Accounting server (for third-party billing purposes).
Enabling RADIUS Services
Before you can implement any RADIUS services, you must enable the RADIUS feature, as
described in the procedure below.
➢ To enable RADIUS:
1. Open the Authentication Server page (Setup menu > Administration tab > Web & CLI folder
> Authentication Server).
2. Under the RADIUS group, from the 'Enable RADIUS Access Control' drop-down list, select
Enable.
3. Click Apply, and then reset the device with a save-to-flash for your settings to take effect.
Configuring RADIUS Servers
The RADIUS Servers table lets you configure up to three RADIUS servers. You can use RADIUS
servers for RADIUS- based management- user login authentication and/or RADIUS- based
accounting (sending of SIP CDRs to the RADIUS server).
When multiple RADIUS servers are configured, RADIUS server redundancy can be implemented.
When the primary RADIUS server is down, the device sends a RADIUS request twice (one
retransmission) and if both fail (i.e., no response), the device considers the server as down and
attempts to send requests to the next server. The device continues sending RADIUS requests to
the redundant RADIUS server even if the primary server returns to service later on. However, if a
device reset occurs, the device sends RADIUS requests to the primary RADIUS server. By
default, the device waits for up to two seconds (i.e., timeout) for a response from the RADIUS
server for RADIUS requests and retransmission before it considers the server as down.
For each RADIUS server, the IP address, port, and shared secret can be configured. Each
RADIUS server can be defined for RADIUS-based login authentication and/or RADIUS-based
accounting. By setting the relevant port (authentication or accounting) to "0" disables the
corresponding functionality. If both ports are configured, the RADIUS server is used for
authentication and accounting. All servers configured with non-zero Authorization ports form an
Authorization redundancy group and the device sends authorization requests to one of them,
depending on their availability. All servers configured with non-zero Accounting ports form an
Accounting redundancy group and the device sends accounting CDRs to one of them, depending
on their availability. Below are example configurations:
■ Only one RADIUS server is configured and used for authorization and accounting purposes (no
redundancy). Therefore, both the Authorization and Accounting ports are defined.
■ Three RADIUS servers are configured:
● Two servers are used for authorization purposes only, providing redundancy. Therefore,
only the Authorization ports are defined, while the Accounting ports are set to 0.
● One server is used for accounting purposes only (i.e., no redundancy). Therefore, only the
Accounting port is defined, while the Authorization port is set to 0.
■ Two RADIUS servers are configured and used for authorization and accounting purposes,
providing redundancy. Therefore, both the Authorization and Accounting ports are defined.
The status of the RADIUS severs can be viewed through CLI:
- 202 -
To Next Page
Loading...
Need help?
General
