RADIUS Server

 

The RADIUS Server object is used to configure the IMG 2020 to be able to communicate with one or more external RADIUS servers in the network the IMG 2020 is on. To create the RADIUS Server object, the RADIUS Servers object must first be created. The RADIUS Server objects can then be created by right clicking on the RADIUS Servers object and selecting New RADIUS Server. Each RADIUS Server object is considered an external RADIUS server. Information such IP address, Username, Password, and whether the external RADIUS server will be configured as an Authentication Server, Accounting Server, or both are entered into this object. See below for more information on configuring the RADIUS Server object.

Web GUI Page

Dailogic BDN > External Network Elements > Radius Servers >New Radius Server

Maximum Objects

Up to 256 external RADIUS Servers per RADIUS Servers object and total per IMG 2020 is 256.

Related Topics and Dependencies

The Radius Server object is created under the RADIUS Servers parent object. Multiple RADIUS Server objects can be configured under the RADIUS Servers parent object and each is considered an external RADIUS server. Once the RADIUS Servers and RADIUS Server objects have been configured, the IMG 2020 can then be configured to be a Client to each of the external RADIUS servers. A RADIUS Client must be configured for every IMG 2020 configured. Refer to the RADIUS Client topic from list below.

RADIUS Servers

RADIUS Client

IMG 1010 - RADIUS - Overview

Configuring Free Radius on Linux

Field Descriptions

Name

The RADIUS Server Name is a name given to identify a specific external RADIUS server. The name entered should be such that it identifies the RADIUS Server. Examples would be RADIUS_Boston, RADIUS_NEWYORK, etc. The RADIUS Server Name is also used to identify the specific RADIUS server when configuring other objects such as the RADIUS Client object name will also appear in other objects such as the RADIUS Client object. The default name given is Radius_Server<x> where x is a numerical variable. 

Server Type

The IMG 2020 supports both Authentication and Accounting when configuring RADIUS. The RADIUS Server Type field has a drop down menu where either Authentication or Accounting can be selected. Select which type of service the RADIUS server that the IMG 2020 is communicating with will employ.

Authentication - The RADIUS server utilizes various methods such as username and password to give permission for the call to continue.

Accounting - This RADIUS server utilizes various methods such as STOP and START times to track lengths of calls. This can be used to track billing information for the call.

Vendor Format

The VSA's being sent to the external RADIUS server will use the Dialogic Vendor Format (3028). This cannot be modified. (Ex: Dialogic-setup-time)

IP Address

Each external RADIUS server will have a specific IP address associated with it. Enter the IP address of the external RADIUS Server in this field.

Port

The port on the RADIUS Server that is assigned to accept the Radius connection. When using Authentication the port defaults to Port 1812 as per RFC 2865. When using RADIUS as an Accounting Server the port defaults to Port 1813 as per RFC 2866. The port number can be modified by clicking in the RADIUS Server Port field and entering a different port number.

RADIUS Service

Default Port

Authentication

1812

Accounting

1813 

User Name

The IMG 2020, acting as the RADIUS Client will send a RADIUS Access Request message to the RADIUS Server to gain access to the RADIUS Server. Within this message is a username and encrypted password. The username entered in this field will be added to the RADIUS Access Request message when trying to gain access to a specific RADIUS Server. Click in the RADIUS Server Username field and enter the username. Username format should follow username as described in RFC 2865. 

Password

The IMG 2020, acting as the RADIUS Client will send a RADIUS Access Request message to the RADIUS Server to gain access to the RADIUS Server. Within this message is a username and encrypted password. The password entered in this field will be added to the RADIUS Access Request message when trying to gain access to a specific RADIUS Server. Click in the RADIUS Server Password field and enter the password. Password format should follow username as described in RFC 2865.

Authentication Type

When a connection is established with a RADIUS Server, the IMG 2020 and RADIUS Server can request to authenticate each other. PAP uses basic Username and Password which is authenticated to a database. CHAP is more secure where the RADIUS Server would send a randomly generated Challenge string and host name. The IMG 2020 then uses the host name to look up the RADIUS secret to the IMG 2020, combine it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the IMG 2020's host name. The RADIUS server now performs the same computation, and acknowledges the IMG 2020 if it arrives at the same result. Select from drop down menu which type of authentication scheme to utilize.

Password Authentication Protocol (PAP) - IMG 2020 will use PAP to authenticate itself.

Challenge Handshake Authentication Protocol (CHAP) - IMG 2020 will use CHAP to authenticate itself.

Secret Phrase

The Radius secret is a text string (case sensitive) that is used to authenticate communication between a RADIUS server and a RADIUS client. (IMG 2020 being the client). The Shared Secret is used to verify that each RADIUS message with the exception of the ACCESS-REQUEST message are sent by a RADIUS enabled server which is configured with the same shared secret. The Shared secret must use the same string on both RADIUS server and RADIUS Client and are case sensitive. If the shared secret is not matched between the RADIUS server and client, authentication will fail. To enter the Shared secret, click in the Radius Server Secret field and enter the secret.

Return to Documentation Home I Return to Sangoma Support