| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Overview
Remote Authentication Dial In User Service(RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service.
NSC has built-in RADIUS client function, with which you can easily connect to your existing RADIUS services.(NSC doesn't provide RADIUS server function)
RADIUS RADIUS Authentication and Authorization Flow:
...
RADIUS Accounting Flow:
...
Configuration
Go to "Configuration -> Signalling -> RADIUS", edit the "RADIUS Configuration";
...
You just need to simply configure the following items:
...
Here below is an example of how to do Authentication/Authorization from within Routing Plan:
|
|
|
|
|
|
|
|
|
|
|
|
| Code Block |
|---|
|
Out channel variable "AUTH_RESULT" has 2 possibilities:
a. "OK": received Access AccpetAccept
b. "NOK": received Access Reject
Adding VSAs for
...
Authentication/Authorization
For Authentication/Authorization(not for Accounting), you can define your own VSAs (in the examples below, I use Sangoma's Vender id 35987 as example; of course you can use your own Vender id):
Define VSAs in the request
E.g. Besides the mandatory "DIALED_NUMBER", "USERNAME" and "PASSWD"; if you want to add your own VSA "Calling-Station-Id" (Vendor id: 35987, VSA id: 31, value is from channel variable "CALLINGNUMBER") in Access-Request, you can do the following:
Go to "Configuration -> Signalling -> RADIUS", add the "RADIUS VSAs" named as "Calling-Station_Id";
...
...
Define VSAs in the response and use from routing plan
E.g. In Access-Accpet Accept there is a VSA id = 41, which includes the information for preferred language, you want to put it into channel variable "preferred_lang":
VSA Vender ID : 35987
VSA ID : 41
VSA Value Type : keep it untouched, which is "Direct String Input"
VSA Value : preferred_lang
VSA in Radius Message : "Response"
Here below an example of how to use it in routing plan:
|
|
|
|
|
|
|
|
Troubleshooting
You can easily troubleshoot RADIUS message flow by filtering wireshark pcap trace by filter "radius".
NSC only has RADIUS client function; for RADIUS server, you can either use your existing RADIUS server, or download and install the the great open source FreeRadius from www.freeradius.org
Here below is the screen capture of one RADIUS Accounting pcap trace:
VSAs for NetBorder (Vendor ID: 35987) can be found in file file dictionary.sangoma:
| View file | ||
|---|---|---|
|
If VSAs in RADIUS message can not be decoded correctly, maybe it is because that your wireshark does not have the correct radius dictionary, then please do the following:
Open Wireshark, go to "Help -> About Wireshark -> Folders", locate where the dictionary.sangma should be copied to (there is a radius sub-folder which contains a bunch of dictionary.* files);
Download the above dictionary.sangoma file, make sure the file name is dictionary.sangoma, and then copy into the radius sub-folder
Edit radius/dictionary file, add one line "$INCLUDE dictionary.sangoma"
If your customerized VSA cannot be recognized by wireshark, just simply edit dictionary.sangoma to add the attribute