EasyManua.ls Logo

ELTEX SBC-1000 - RADIUS Configuration

ELTEX SBC-1000
211 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
98 SBC session border controllers
To do this, create three static firewall rules in the following order:
1. A rule for ingress traffic with «GeoIP» type and «Russian Federation (RU)» country. Action — Accept;
2. A rule for ingress traffic with «Normal» type and IP address and source mask
«34.92.128.128/255.255.255.240». Action — Accept;
3. A rule for ingress traffic with «Normal» type and packet source «Any». Action — Drop;
After that, select the desired network interfaces in the list of interfaces and save the settings.
Full restriction of access to SMG from a certain address or subnet.
Such a restriction can be implemented by activating the dynamic firewall (section 4.1.3.2) and blacklisting the
address or subnet. Note if there are too many addresses, it is better to go backwards and create static firewall
rules (section 4.1.8.5) on the principle of «allow connections to trusted nodes first, then discard everything» and
restrict access through the list of allowed IP addresses (section 4.1.8.6);
Automatic blocking of unsuccessful requests/authorizations
Performed by the dynamic firewall (section 4.1.3.2). You should enable the dynamic firewall and configure
the triggering conditions. It is also recommended to whitelist those addresses and subnets to which the automatic
blocking rules should not be applied.
RADIUS configuration
The gateway supports authentication of subscribers registering through it and call authorization using a RA-
DIUS server. When using RFC5090 parameters for digest authentication (in the ACCESS-CHALLENGE message) the
gateway receives from the RADIUS server and forwards them to the subscriber. When using RFC5090-no-challenge
or Draft Sterman, the gateway sends parameters for digest authentication to the subscriber, then these parameters
and the digest response received from the subscriber, passes to the RADIUS server for verification.
To use authorization using RADIUS server, you must set the desired RADIUS profile in the direction settings
for SIP-users (section SIP Destination).
4.1.9.1 Servers
RADIUS > Servers

Table of Contents