Radius-Based Services; Enabling Radius Services; Configuring Radius Servers - AudioCodes Mediant 800B User Manual
Gateway & enterprise sbc (e-sbc)
Hide thumbs
Also See for Mediant 800B:
- User manual (1258 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
15.3
RADIUS-based Services
The device supports Remote Authentication Dial In User Service (RADIUS) by acting as a
RADIUS client. You can use RADIUS for the following:
Authentication and authorization of management users (login username and
password) to gain access to the device's management interface.
Accounting where the device sends accounting data of SIP calls as call detail records
(CDR) to a RADIUS Accounting server (for third-party billing purposes).
15.3.1 Enabling RADIUS Services
Before you can implement any RADIUS services, you must enable the RADIUS feature, as
described in the procedure below.
To enable RADIUS:
1.
Open the Authentication Server page (Setup menu > Administration tab > Web &
CLI folder > Authentication Server).
2.
Under the RADIUS group, from the 'Enable RADIUS Access Control' drop-down list,
select Enable.
3.
Click Apply, and then reset the device with a save-to-flash for your settings to take
effect.
15.3.2 Configuring RADIUS Servers
The RADIUS Servers table lets you configure up to three RADIUS servers. You can use
RADIUS servers for RADIUS-based management-user login authentication and/or
RADIUS-based accounting (sending of SIP CDRs to the RADIUS server).
When multiple RADIUS servers are configured, RADIUS server redundancy can be
implemented. When the primary RADIUS server is down, the device sends a RADIUS
request twice (one retransmission) and if both fail (i.e., no response), the device considers
the server as down and attempts to send requests to the next server. The device continues
sending RADIUS requests to the redundant RADIUS server even if the primary server
returns to service later on. However, if a device reset occurs or a switchover occurs in a
High-Availability (HA) system, the device sends RADIUS requests to the primary RADIUS
server. By default, the device waits for up to two seconds (i.e., timeout) for a response from
the RADIUS server for RADIUS requests and retransmission before it considers the server
as down.
For each RADIUS server, the IP address, port, and shared secret can be configured. Each
RADIUS server can be defined for RADIUS-based login authentication and/or RADIUS-
based accounting. By setting the relevant port (authentication or accounting) to "0" disables
the corresponding functionality. If both ports are configured, the RADIUS server is used for
authentication and accounting. All servers configured with non-zero Authorization ports
form an Authorization redundancy group and the device sends authorization requests to
one of them, depending on their availability. All servers configured with non-zero
Accounting ports form an Accounting redundancy group and the device sends accounting
CDRs to one of them, depending on their availability. Below are example configurations:
User's Manual
Figure 15-9: Enabling RADIUS
246
Mediant 800B Gateway & E-SBC
Document #: LTRT-10632
Advertisement
Table of Contents
