SBC session border controllers 99
The device supports up to 8 authorization servers.
– Server reply timeout — the time for which the server is expected to respond;
– Request sending attempts — the number of times the request to the server is repeated. If all attempts are
unsuccessful, the server is considered inactive and the request is redirected to another server, if specified,
otherwise an error is detected;
– Server inactivity timeout after failure — time during which the server is considered inactive (no requests are
sent to it).
4.1.9.2 Profiles
RADIUS –> Profiles
Up to 32 profiles can be created. To create, edit or remove a
RADIUS profile, use «Objects» — «Add object», «Objects» — «Edit
object» and «Objects» — «Remove object» menus and the following
buttons:
– «Add»;
– «Edit»;
– "Delete".
RADIUS –> Profiles –> «Add»
RADIUS rule N
– Name — profile name;
RADIUS- Authorization settings:
– Access restriction on server failure — If the
server fails (no response from the server),
it is possible to set restrictions on egress
communication:
– no restrictions — allow all calls;
– deny all — deny all calls.
– User-name field — select the value of the
User-Name attribute in the corresponding
Access Request (RADIUS-Authorization)
package:
– SIP username — use the caller
phone number (username from the
from field) as the value;
– IP address — use the caller IP address as the value;
– SIP interface name — use the name of the SIP-server through which the incoming occupation is
performed as the value.
– Use DIGEST User-name in authorization requests — select the algorithm of subscriber authorization through
the RADIUS server. With digest authentication, the password is not transmitted in plaintext, as with basic
authentication, but as a hash code and cannot be intercepted when traffic is scanned:
– RFC5090 — full RFC5090 recommendation implementation;
– RFC5090-no-challenge — operate with the server not transmitting the Access Challenge;
– Draft-sterman (NetUp, FreeRadius) — draft operation, on the basis of which recommendation
RFC5090 was written);
– NAS-Port-Type — type of physical NAS port (the server where the user is authenticated), Async is default;
– Service-Type — service type, not used by default;
– Framed-protocol — protocol, specified when using packet access, not used by default.
To Next Page
Loading...