Wednesday, August 8, 2012

Adventures with CISCO AS-5350 [Integration with RADIUS Server for AAA of calls]

Continuing from the last blog-post on setting up a remote syslog server for CISCO devices. In this writeup I will share the configurations I did to integrate the CISCO universal gateway with my FreeRadius server for AAA of calls made from a specific dial-peer.


Define the RADIUS Server:


!
radius-server host 192.168.137.85 auth-port 1812 acct-port 1813 key 0 radius-pa$$w0rd
radius-server vsa send accounting
radius-server vsa send authentication
!

Bind SIP services on the Public interface of CISCO AS


!
voice service voip 
 sip
  bind control source-interface FastEthernet0/0
  bind media source-interface FastEthernet0/0
  header-passing 
  registrar server
!


Set AAA options:


!
aaa new-model
!aaa accounting connection voip start-stop group radius
aaa dnis map enable
!
aaa preauth
    group radius 
    clid required 
    dnis required 
!
aaa session-id common


Create a Voice Class for AAA


!
voice class aaa 2
 authentication method voip
 authorization method voip
 accounting method voip
 accounting template out-bound
!
[OPTIONAL] Create a Codec class

!
voice class codec 1
 codec preference 1 g711alaw
 codec preference 2 g711ulaw
 codec preference 3 g723ar53
 codec preference 4 g729br8
!



Creating a Dial-Peer:
!

dial-peer voice 10 voip
 destination-pattern [0-9].%
 voice-class aaa 2
 voice-class codec 1
 voice-class sip url sip
 session protocol sipv2
 session target ipv4:192.168.137.87
 session transport udp
!




Where 192.168.137.87 is the IP address of my Kamailio server which will receive the calls.

"destination-pattern [0-9].%" Will Match everything of any length

Send CDR on Accounting Server:
To automatically generate accounting packets by enabling voice accounting, enter the gw-accounting aaa command in global configuration mode. Use Callhistory-detail to Send All VSAs (default and new) to the accounting server:

!
gw-accounting aaa
 acct-template callhistory-detail
!


[OPTIONAL] set SIP-UA parameters.

!
sip-ua 
 registrar ipv4: 192.168.137.87  expires 3600
 sip-server ipv4:192.168.137.87
!

I think thats pretty much it. Now calls matching dial-peer 10 will send AAA info to the RADIUS server.


Reference URLs:
[1] http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_chapter09186a00800b5de9.html#1028579
[2]
http://docwiki.cisco.com/wiki/Cisco_IOS_Voice_Troubleshooting_and_Monitoring_--_AAA_for_Voice_Troubleshooting
[3]
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft_trg.html#wp1077327
[4]
http://www.cisco.com/en/US/docs/ios/12_3/security/configuration/guide/scgrdat3.html

And some 5/6 PDF Manuals/Books from CISCO around 1200 pages !

No comments:

Post a Comment