Continuing from the last blog-post on setting up a remote syslog server for CISCO devices. In this writeup I will share the configurations I did to integrate the CISCO universal gateway with my FreeRadius server for AAA of calls made from a specific dial-peer.
Define the RADIUS Server:
!
radius-server host 192.168.137.85 auth-port 1812 acct-port 1813 key 0 radius-pa$$w0rd
radius-server vsa send accounting
radius-server vsa send authentication
!
Bind SIP services on the Public interface of CISCO AS
!
voice service voip
sip
bind control source-interface FastEthernet0/0
bind media source-interface FastEthernet0/0
header-passing
registrar server
!
Set AAA options:
!
aaa new-model
!aaa accounting connection voip start-stop group radius
aaa dnis map enable
!
aaa preauth
group radius
clid required
dnis required
!
aaa session-id common
Create a Voice Class for AAA
!
voice class aaa 2
authentication method voip
authorization method voip
accounting method voip
accounting template out-bound
!
Creating a Dial-Peer:
!
dial-peer voice 10 voip
destination-pattern [0-9].%
voice-class aaa 2
voice-class codec 1
voice-class sip url sip
session protocol sipv2
session target ipv4:192.168.137.87
session transport udp
!
Where 192.168.137.87 is the IP address of my Kamailio server which will receive the calls.
I think thats pretty much it. Now calls matching dial-peer 10 will send AAA info to the RADIUS server.
Reference URLs:
[1] http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_chapter09186a00800b5de9.html#1028579
[2]
http://docwiki.cisco.com/wiki/Cisco_IOS_Voice_Troubleshooting_and_Monitoring_--_AAA_for_Voice_Troubleshooting
[3]
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft_trg.html#wp1077327
[4]
http://www.cisco.com/en/US/docs/ios/12_3/security/configuration/guide/scgrdat3.html
And some 5/6 PDF Manuals/Books from CISCO around 1200 pages !
Define the RADIUS Server:
!
radius-server host 192.168.137.85 auth-port 1812 acct-port 1813 key 0 radius-pa$$w0rd
radius-server vsa send accounting
radius-server vsa send authentication
!
Bind SIP services on the Public interface of CISCO AS
!
voice service voip
sip
bind control source-interface FastEthernet0/0
bind media source-interface FastEthernet0/0
header-passing
registrar server
!
Set AAA options:
!
aaa new-model
!aaa accounting connection voip start-stop group radius
aaa dnis map enable
!
aaa preauth
group radius
clid required
dnis required
!
aaa session-id common
Create a Voice Class for AAA
!
voice class aaa 2
authentication method voip
authorization method voip
accounting method voip
accounting template out-bound
!
[OPTIONAL] Create a Codec class
!
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 g723ar53
codec preference 4 g729br8
!
Creating a Dial-Peer:
!
dial-peer voice 10 voip
destination-pattern [0-9].%
voice-class aaa 2
voice-class codec 1
voice-class sip url sip
session protocol sipv2
session target ipv4:192.168.137.87
session transport udp
!
Where 192.168.137.87 is the IP address of my Kamailio server which will receive the calls.
"destination-pattern [0-9].%" Will Match everything of any length
Send CDR on Accounting Server:
To automatically generate accounting packets by enabling voice accounting, enter the gw-accounting aaa command in global configuration mode. Use Callhistory-detail to Send All VSAs (default and new) to the accounting server:
!
gw-accounting aaa
acct-template callhistory-detail
!
[OPTIONAL] set SIP-UA parameters.
!
sip-ua
registrar ipv4:
192.168.137.87 expires 3600
sip-server ipv4:192.168.137.87
!
Reference URLs:
[1] http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide_chapter09186a00800b5de9.html#1028579
[2]
http://docwiki.cisco.com/wiki/Cisco_IOS_Voice_Troubleshooting_and_Monitoring_--_AAA_for_Voice_Troubleshooting
[3]
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft_trg.html#wp1077327
[4]
http://www.cisco.com/en/US/docs/ios/12_3/security/configuration/guide/scgrdat3.html
And some 5/6 PDF Manuals/Books from CISCO around 1200 pages !