Versions Compared

Version Old Version 5 New Version Current
Changes made by

Kelli Higdon

Kelli Higdon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printablefalse

Overview

Remote Authentication Dial In User Service(RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. 

NSC has built-in RADIUS client function, with which you can easily connect to your existing RADIUS services.(NSC doesn't provide RADIUS server function)

                                     RADIUS RADIUS Authentication and Authorization Flow:

                                     

...

RADIUS Accounting Flow:

...

                                 

Configuration

Go to "Configuration -> Signalling -> RADIUS", edit the "RADIUS Configuration";            

...

  • You just need to simply configure the following items:

...

Here below is an example of how to do Authentication/Authorization from within Routing Plan:

Code Block
<extension name
 <extension name="unitest_rad-ANI-auth">


  <condition field="destination_number" expression="^(601)$">


    <action inline="true" application="set" data="CALLINGNUMBER=${caller_id_number}"/>


    <action inline="true" application="set" data="USERNAME=netborder"/>


    <action inline="true" application="set" data="PASSWD=sangoma"/>


    <action inline="true" application="set" data="DIALED_NUMBER=$1"/>


    <action application="sleep" data="2000"/>


    <action application="auth_function" data="in ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>


    <action application="log" data="INFO AUTH_RESULT=${AUTH_RESULT}"/>


  </condition>


</extension>
Code Block 
Out channel variable "AUTH_RESULT" has 2 possibilities: 
a. "OK": received Access AccpetAccept
b. "NOK": received Access Reject 
 
Adding VSAs for 
...
Authentication/Authorization
For Authentication/Authorization(not for Accounting), you can define your own VSAs (in the examples below, I use Sangoma's Vender id 35987 as example; of course you can use your own Vender id):
Define VSAs in the request
E.g. Besides the mandatory "DIALED_NUMBER", "USERNAME" and "PASSWD"; if you want to add your own VSA "Calling-Station-Id" (Vendor id: 35987, VSA id: 31, value is from channel variable "CALLINGNUMBER") in Access-Request, you can do the following:
  • Go to "Configuration -> Signalling -> RADIUS", add the "RADIUS VSAs" named as "Calling-Station_Id";
    
...
 
 
Define VSAs in the response and use from routing plan
E.g. In Access-Accpet Accept there is a VSA id = 41, which includes the information for preferred language, you want to put it into channel variable "preferred_lang":
  • VSA Vender ID  :  35987
  • VSA ID  :   41
  • VSA Value Type  :   keep it untouched, which is "Direct String Input"
  • VSA Value :  preferred_lang
  • VSA in Radius Message  :  "Response"
  • Here below an example of how to use it in routing plan:
 Code Block
<extension name
 <extension name="unitest_rad-ANI-auth">


  <condition field="destination_number" expression="^(601)$">


    ...


    <action application="auth_function" data="in ${DIALED_NUMBER}, in ${USERNAME}, in ${PASSWD}, out AUTH_RESULT"/>


    <action application="log" data="INFO Preferred language of user ${USERNAME} is ${preferred_lang}"/>


  </condition>


</extension>
 Code Block 
 
Troubleshooting
  • You can easily troubleshoot RADIUS message flow by filtering wireshark pcap trace by filter "radius".
  • NSC only has RADIUS client function; for RADIUS server, you can either use your existing RADIUS server, or download and install the the great open source FreeRadius from www.freeradius.org
              Here below is the screen capture of one RADIUS Accounting pcap trace:
Image Modified
  • VSAs for NetBorder (Vendor ID: 35987) can be found in file dictionary.sangoma: 
...