Network Router User Manual

ManualsBrandsDialogic ManualsNetwork RouterINTEGRATED MEDIA GATEWAYS 1010

September 2008

www.dialogic.com

Dialogic

IMG 1010/1004

Integrated Media Gateways

Radius

Release 10.3.x / 10.5.x

Summary of content (27 pages)

PAGE 1
Dialogic® IMG 1010/1004 Integrated Media Gateways Radius Release 10.3.x / 10.5.x September 2008 www.dialogic.
PAGE 2
Copyright and Legal Notice Copyright © 2005-2008 Dialogic Corporation. All Rights Reserved. You may not reproduce this document in whole or in part without permission in writing from Dialogic Corporation at the address provided below. All contents of this document are furnished for informational use only and are subject to change without notice and do not represent a commitment on the part of Dialogic Corporation or its subsidiaries (“Dialogic”).
PAGE 3
Hardware Limited Warranty Warranty for Hardware Products: Dialogic Corporation or its subsidiary that originally sold the hardware product ("Dialogic") warrants to the original purchaser of this hardware product, that at the time of delivery the hardware product supplied hereunder will be free from defects in material and workmanship. This warranty is for the standard period set out on Dialogic's website at http://www.dialogic.
PAGE 4
Table Of Contents An Overview of RADIUS on the IMG....................................................................1 RADIUS Scenarios ............................................................................................5 Generic RADIUS Attributes ................................................................................7 RADIUS Call Flow: SS7 to SIP.......................................................................... 11 RADIUS Call Flow: SS7 to H.323 - Release from SS7 ................
PAGE 5
An Overview of RADIUS on the IMG Topic Location: Product Description > RADIUS Overview The IMG uses Remote Authentication Dial In User Service (RADIUS) for streaming the Call Detail Records (CDR). The implementation is compliant with RFC 2865 and RFC 2866. The RADIUS messages are sent to external RADIUS servers.
PAGE 6
RADIUS RADIUS Server Redundancy The IMG supports an Active/Standby redundancy scheme. Redundancy logic is independent for Authentication and Accounting Servers. When configuring RADIUS servers they may get created with an initial priority preference. The IMG will begin using the Active Server(s) and switchover to a Standby server after detecting a communication failure to the currently Active server.
PAGE 7
Overview of RADIUS RADIUS Server Failure Alarm The IMG provides automatic alarming notification to IMG users when a Radius Server has changed states and can no longer be accessed. The alarm, reported in EventView, will include the RADIUS Server Type (Access, Accounting), the Server ID, the mode of the Radius Server (normal, debug), the state of the Radius Server and the IP address. Related Topics Basic RADIUS Call Flow Generic RADIUS Attributes Cantata RADIUS VSAs RADIUS Call Flow: SS7 to H.
PAGE 8
RADIUS Scenarios Topic Location: Product Description > RADIUS The IMG supports RADIUS Authentication and Accounting. IMG customer has the option of using one of the following scenarios: Authentication and Accounting In this case an Authentication Server and an Accounting Server are both assigned to the RADIUS client on the IMG. Accounting only In this case only an Accounting Server is assigned to the RADIUS client on the IMG.
PAGE 9
RADIUS Authentication only In this case only an Authentication Server is assigned to the RADIUS client on the IMG.
PAGE 10
Generic RADIUS Attributes Topic Location: Product Description > RADIUS RADIUS Attributes carry the specific authentication, authorization, information and configuration details for the request and reply. Some Attributes may be included more than once. IETF Attribute # Attribute Name Values Example User-Name String 50886230002 2 User-Password String dialogic 1 4 5 NAS-IPAddress NAS-Port String 192.168.0.
PAGE 11
RADIUS 40 Acct-StatusType 41 Acct-DelayTime 42 RADIUS server. For example, a fully qualified domain name would be suitable as a NASIdentifier. Numeric (4 octets) Values Start Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop).
PAGE 12
Generic RADIUS Attributes 48 Acct-OutputPackets Numeric (4 octets) 0 49 AcctTerminateCause Values NAS-Request 60 ChapChallenge 61 NAS-Port-Type String The String field contains the CHAP Challenge. Values Ethernet This attribute indicates how many packets have been sent to the port in the course of delivering this service to a Framed User, and can only be present in Accounting-Request records where the AcctStatus-Type is set to Stop.
PAGE 13
RADIUS Call Flow: SS7 to SIP Topic Location: Product Description > RADIUS 11
PAGE 14
RADIUS Call Flow: SS7 to H.
PAGE 15
Incomplete Call Behavior Topic Location: Product Description > RADIUS This section outlines the behavior of the IMG gateway in case of the most common incomplete calls.  User Busy  No Answer from User  No Circuit/Channel Available  Unallocated Number  H.323 Release Reason  H.
PAGE 16
Configuring RADIUS Topic Location: Configuration > RADIUS You can configure a total of 256 RADIUS servers. Before You Begin Make sure you have moved the RADIUS dictionary files (dictionary and dictionary.cantata) to your RADIUS installation folder. The files are located in the following directory: /opt/cantata (dialogic)/common/Radius Task Summary 1. Configuring a RADIUS Authentication Server 2. Configuring a RADIUS Accounting Server 3.
PAGE 17
RADIUS Configuring a RADIUS Accounting Server 1. Right-click External Network Elements and select New Radius Servers. 2. Right-click Radius Servers and select New Radius Server. The Radius Server pane appears. The following fields are automatically populated: Radius Server ID - the next number in sequence 3. Select Accounting in the Radius Server Type field. 4. In the Radius Server IP Address field, enter the IP address of the Radius Server.
PAGE 18
Configuring RADIUS Configuring a RADIUS Client 1. Right-click the desired Physical IMG and select New Radius Client. The Radius Client pane appears. 2. The following fields are automatically populated. Change any default values, if required. Radius Client Network Interface - IP Address of the Physical IMG. Authentication Port - 1812 Accounting Port - 1813 Primary Authentication Server - First Authentication Server Configured Primary Accounting Server - First Accounting Server Configured 3.
PAGE 19
Configuring Free RADIUS using GCEMS as a RADIUS Server Topic Location: Configuration > RADIUS The IMG runs a RADIUS client that is configured to send CDR start & stop events to the RADIUS server, which can be the GCEMS Linux server or another RADIUS server. Requirements  GCEMS server running Linux Redhat ES 3.0, 4.0 or 5.0 with freeradius installed, or another server running Radius.
PAGE 20
RADIUS 4. Add access for each IMG Edit the freeRadius clients.conf file (/etc/raddb/clients.conf) If you have multiple IMG’s, the Username should be different for each IMG. Shortname = Your username configured in the RADIUS users file and ClientView A unique username is recommended for each IMG.username Secret = a password that you choose for each IMG that is used in the ClientView RadiusServer Authentication & Accounting configuration.
PAGE 21
Configuring Free RADIUS using GCEMS as RADIUS Server 10. Archive & delete CDR detail files. A copy of the following files can be found at /opt/cantata/IMG/radius . a. In the /var/log/radius/radacct folder create a script to archive files. Name the file “CDR” #!/bin/sh # CDR # Sample script to archive CDR's.
PAGE 22
Radius Client Topic Location: ClientView Pane Reference Overview Description This pane configures a Radius Client for a single Physical IMG. Before configuring a client, at least one Radius Server must be configured.
PAGE 23
RADIUS Field Descriptions Radius Client Network Interface This drop-down list is populated with all of the Network Interfaces configured on this particular IMG. It is the responsibility of the user to make sure the interface may reach the particular server. If you are Authentication Port The port on the physical IMG that will be used to talk to the Authentication server. Accounting Port The port on the physical IMG that will be used to talk to the Accounting server.
PAGE 24
RADIUS Client RADIUS Time Format This setting determines the format that will be used in CDR in attributes that include time.  Legacy Format This is the format used before the availability of the Time Zone feature (10.3.2 ER6). Use this for backward compatibility if you are not using local time. Example: Cantata-setup-time = "TUE FEB 20 22:24:45:270 2007"  Legacy Format with timezone Use this format to represent local time in CDRs.
PAGE 25
Radius Server Topic Location: ClientView Pane Reference Overview Description Use this pane to configure information about the Radius Servers that are in the network. There are two types of Radius Servers, accounting and authorization; each type may have a primary and secondary server. The same server may also do both accounting and authorization. The Servers are configured at the network level. Radius Client must be configured for every Physical IMG.
PAGE 26
RADIUS Radius Server Data Format  Cantata Format Radius Server IP Address The IP Address of the Radius Server. Radius Server Port The port on the server which will accept the Radius connection. Radius Server UserName A Username to access this server. Radius Server Password The password to access this server. Radius Server Authentication Type This is the type of authentication the client server will use.
PAGE 27
Radius Servers Topic Location: ClientView Pane Reference Overview Description To create a Radius Server, right-click Radius Server and select New Radius Servers. Related Topics An Overview of RADIUS Configuring a RADIUS Accounting Server Configuring a RADIUS Authentication Server Accessing this Pane IMG EMS -> New External Network Elements -> New Radius Servers Maximum Objects: 1 Pane This pane shows the number of each type of Radius Server that have been configured.