Wednesday, August 8, 2012

Adventures with CISCO AS-5350 [Integration with RADIUS Server for AAA of calls]

Continuing from the last blog-post on setting up a remote syslog server for CISCO devices. In this writeup I will share the configurations I did to integrate the CISCO universal gateway with my FreeRadius server for AAA of calls made from a specific dial-peer.

Define the RADIUS Server:

radius-server host auth-port 1812 acct-port 1813 key 0 radius-pa$$w0rd
radius-server vsa send accounting
radius-server vsa send authentication

Bind SIP services on the Public interface of CISCO AS

voice service voip 
  bind control source-interface FastEthernet0/0
  bind media source-interface FastEthernet0/0
  registrar server

Set AAA options:

aaa new-model
!aaa accounting connection voip start-stop group radius
aaa dnis map enable
aaa preauth
    group radius 
    clid required 
    dnis required 
aaa session-id common

Create a Voice Class for AAA

voice class aaa 2
 authentication method voip
 authorization method voip
 accounting method voip
 accounting template out-bound
[OPTIONAL] Create a Codec class

voice class codec 1
 codec preference 1 g711alaw
 codec preference 2 g711ulaw
 codec preference 3 g723ar53
 codec preference 4 g729br8

Creating a Dial-Peer:

dial-peer voice 10 voip
 destination-pattern [0-9].%
 voice-class aaa 2
 voice-class codec 1
 voice-class sip url sip
 session protocol sipv2
 session target ipv4:
 session transport udp

Where is the IP address of my Kamailio server which will receive the calls.

"destination-pattern [0-9].%" Will Match everything of any length

Send CDR on Accounting Server:
To automatically generate accounting packets by enabling voice accounting, enter the gw-accounting aaa command in global configuration mode. Use Callhistory-detail to Send All VSAs (default and new) to the accounting server:

gw-accounting aaa
 acct-template callhistory-detail

[OPTIONAL] set SIP-UA parameters.

 registrar ipv4:  expires 3600
 sip-server ipv4:

I think thats pretty much it. Now calls matching dial-peer 10 will send AAA info to the RADIUS server.

Reference URLs:

And some 5/6 PDF Manuals/Books from CISCO around 1200 pages !

No comments:

Post a Comment