QX50/QX200/QX2000; (SW Version 6.0.x) 116
QX50/QX200/QX2000 Manual II: Administrator’s Guide
When a RADIUS client is enabled on the QX IP PBX, and according to the configuration of AAA Required option, the RADIUS server will be used to
authenticate user and/or to account for the call. This can be accomplished by automatic detection of the caller’s number or a customized login prompt
where the caller is expected to enter a username and password.
Transactions between the client and the RADIUS server are authenticated through the use of a shared Secret Key, which is never sent over the network. In
addition, user passwords are encrypted when sent between the client and RADIUS server to eliminate the possibility of a party viewing an unsecured
network where they could determine a user's password. If no response from the RADIUS Server is returned after the Receive Timeout expires, the request
is resent numerous times as defined in the Retry Count list. The client can also forward requests to an alternate server(s) if the primary server is down or
unreachable. An alternate server can be used after a number of failed tries to the primary server.
Once the RADIUS server receives the request, it determines if the sending client is valid. A request from a client that the RADIUS server does not recognize
must be silently discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name matches the request. The user
entry in the database contains a list of requirements (username, password, etc.) that must be met to give access to the user. If all conditions are met, the
user gets access to the QX IP PBX Network.
The RADIUS Client Settings page contains the Enable RADIUS Client checkbox that enables RADIUS client on the QX IP PBX.
Please Note: The RADIUS Client cannot be disabled if there is at least one route with RADIUS Authentication and Authorization or RADIUS Accounting
values configured in the AAA Required drop down list at the
Call Routing Table. In order to be able to disable the RADIUS Client on the QX IP PBX,
appropriate routes should be removed first.
The other RADIUS Client settings are divided into three groups:
1. Registration Settings
Primary Server
requires the IP address of the primary Radius
Server.
The Secondary Server requires the IP address of the secondary
Radius Server.
NAT Station IP text fields require the NAT PC WAN IP address. If no
NAT Station is specified here, QX IP PBX’s IP address will be sent to
the RADIUS server.
Secret Key is used to insert the secret key between the Radius client
and the server. Contact the Radius server administrator to get the
secret key for your QX IP PBX.
The Confirm Secret Key field is used to verify the secret key. If the
entered Secret Key does not correspond to the one in the Confirm
Secret Key field, the error message “The Secret Key does not match.
Please try again” will appear.
Retry Count allows you to select the number of attempts authorized
before canceling the registration.
Receive Timeout allows you to select the timeout (in seconds)
between two attempts to register.
Encoding Type allows you to select the encoding type (PAP or
CHAP) that should be unique on both the client and the server sides
for the establishment of a successful connection. Encoding type
should also be requested from the Radius Server administrator.
The Authorization Port text field requires the port number on the
RADIUS server where QX IP PBX is to send the authentication
requests.
The Accounting Port text field requires the port number on the
RADIUS server where QX IP PBX is to send the accounting messages.
Fig.II- 174: Radius Client Settings page
2. Authentication Settings
The Enable common login for all users in time of by Phone authentication checkbox enables custom settings for the callers who passed an
authorization by phone on the QX IP PBX. This checkbox enables Username and Password text fields to insert the custom settings that will stand instead
of the source caller’s settings when being delivered to the RADIUS server.
The Authentication on Destination RADIUS Server parameters group is used to insert a Username and a Password (followed by the password
confirmation) to pass authentication on the RADIUS Server of the destination QX IP PBX. If these fields are left empty, the original authentication settings
that users enter for authentication will be used.
3. Accounting Settings
The Username field is dedicated for accounting services only. It is used to insert an identification username for accounting purposes. When no username
is specified in this field, the source username will be used for accounting.
The Send Accounting messages manipulation radio buttons group is used to select sending both Start and Stop accounting messages or only Stop
accounting message.
To Next Page
Loading...
Need help?
General
