VSXi RADIUS specification document
Scope
This document defines the Sansay RADIUS interface and its’ format.
Radius Configuration
When enabled, the system can support up to 4 Radius Server configurations. The user will need to configure the proper “Server Secret”, “Authorization Port” and “Accounting Port” in order to interact with a Radius Server properly. The user can also configure the record resend period and maximum resend count used by the system.
Each resource in the system can be configured to enable or disable either “Radius Authorization” or “Radius Accounting” independently.
Radius Authorization
When a resource has Radius Authorization enabled, inbound calls from that resource are first handed to a Radius Server for acceptance. If the Server accepts the Access Request then the call is allowed to proceed through the Sansay switch. If the Server denies the request then a (503 SIP response) or (34 H.323 release cause) is returned to the caller.
The User-Name Attribute defined below is filled in with the origination ANI. This represents the callers billing number in the PSTN or can also be the SIP User Name contained in the From header URI.
The User-Password Attribute defined below is filled in with a “Server Secret” encrypted version of the destination digits (DNIS) or the SIP User Name contained in the Request URI.
Radius Accounting
When a resource has Radius Accounting enabled, Accounting Start and Stop records are sent to a Radius Server for every call being placed both in and out of that particular resource. There is also a system wide parameter to disable the sending of Start records in order to conserve the processing bandwidth of the Radius Servers.
Radius Format
The Sansay Radius format follows the standard IETF Attribute Value Pair (AVP) definitions and also implements the Vendor Specific AVP for additional information. The Vendor Specific AVP (VSA) follows the format defined by Cisco Systems, Inc.. The Vendor ID used in the VSA is 0009. The body of the VSA contains a string in the form “attribute=value”.
Access Request
The Access Request message contains the following AVPs:
| AVP # |
VSA # |
Attribute |
Description |
| 1 |
User-Name |
Indicates the username or ANI being authenticated. |
|
| 2 |
User-Password |
Indicates the secret encrypted DNIS digits. |
|
| 26 |
24 |
h323-conf-id |
Indicates the conference ID used by the call. |
| 26 |
1 |
remote-media-address |
Indicates the IP address of the originator’s media. |
| 26 |
1 |
session-protocol |
Indicates the protocol used (“sip” for SIP and “cisco” for H.323). |
| 26 |
23 |
h323-remote-address |
Indicates the source IP address of the caller. |
| 31 |
Calling-Station-Id |
Indicates the ANI for the call. |
|
| 30 |
Called-Station-Id |
Indicates the DNIS for the call. |
|
| 6 |
Login (1) |
Indicates the intent to gain access. |
|
| 4 |
NAS IP Address |
Indicates the IP address of the Sansay switch. |
Accounting Request (Start)
The Accounting Request (Start) message contains the following AVPs:
| AVP # |
VSA # |
Attribute |
Description |
| 44 |
Acct-Session-Id |
Indicates the ID assigned to this call |
|
| 31 |
Calling-Station-Id |
Indicates the ANI for the call. |
|
| 30 |
Called-Station-Id |
Indicates the DNIS for the call. |
|
| 26 |
1 |
call-id |
Indicates the Call ID used in the protocol of the call. |
| 26 |
25 |
h323-setup-time |
Indicates the time of the call setup. |
| 26 |
33 |
h323-gw-id |
Indicates the IP address of the Sansay switch. |
| 26 |
24 |
h323-conf-id |
Indicates the conference ID used by the call. |
| 26 |
26 |
h323-call-origin |
Indicates the direction of the call attempt. (“=answer”, “=originate”). |
| 26 |
27 |
h323-call-type |
Indicates the type “VoIP”. |
| 26 |
1 |
h323-incomming-conf-id |
Indicates the conference ID used by the origination leg. |
| 26 |
1 |
subscriber |
Indicates type “=unknown” |
| 26 |
1 |
session-protocol |
Indicates the protocol used (“sip” for SIP and “cisco” for H.323). |
| 26 |
1 |
gw-rxd-cdn |
Indicates the origination DNIS for the call. |
| 1 |
User-Name |
Indicates the username. (inbound – Src IP, outbound – ANI). |
|
| 26 |
1 |
connect-progress |
Indicates the type (“=Call Up”) |
| 40 |
Start (1) |
Indicates that this is a Start Record. |
|
| 6 |
Login (1) |
Indicates the intent to gain access. |
|
| 4 |
NAS IP Address |
Indicates the IP address of the Sansay switch. |
|
| 41 |
Acct-Delay-Time |
Indicates the resend delay from original message. |
Accounting Request (Stop)
The Accounting Request (Stop) message contains the following AVPs:
| AVP # |
VSA # |
Attribute |
Description |
| 44 |
Acct-Session-Id |
Indicates the ID assigned to this call |
|
| 31 |
Calling-Station-Id |
Indicates the ANI for the call. |
|
| 30 |
Called-Station-Id |
Indicates the DNIS for the call. |
|
| 26 |
1 |
call-id |
Indicates the Call ID used in the protocol of the call. |
| 26 |
25 |
h323-setup-time |
Indicates the time of the call setup. |
| 26 |
33 |
h323-gw-id |
Indicates the IP address of the Sansay switch. |
| 26 |
24 |
h323-conf-id |
Indicates the conference ID used by the call. |
| 26 |
26 |
h323-call-origin |
Indicates the direction of the call attempt. (“=answer”, “=originate”). |
| 26 |
27 |
h323-call-type |
Indicates the type “VoIP”. |
| 26 |
1 |
h323-incomming-conf-id |
Indicates the conference ID used by the origination leg. |
| 26 |
1 |
subscriber |
Indicates type “=unknown” |
| 26 |
1 |
session-protocol |
Indicates the protocol used (“sip” for SIP and “cisco” for H.323). |
| 26 |
1 |
gw-rxd-cdn |
Indicates the origination DNIS for the call. |
| 26 |
28 |
h323-connect-time |
Indicates the time of answer. |
| 42 |
Input-Octets |
Indicates the number of media octets received on this call leg. |
|
| 43 |
Output-Octets |
Indicates the number of media octets sent on this call leg. |
|
| 47 |
Input-Packets |
Indicates the number of media packets received on this call leg. |
|
| 48 |
Output-Packets |
Indicates the number of media packets sent on this call leg. |
|
| 46 |
Session-Time |
Indicates the duration of the call. |
|
| 26 |
29 |
h323-disconnect-time |
Indicates the time of release. |
| 26 |
30 |
h323-disconnect-cause |
Indicates the Q.931 cause of release. |
| 26 |
23 |
h323-remote-address |
Indicates the source IP address of the caller. |
| 26 |
1 |
release-source |
Indicates the source of the release (2 – origination, 4 – termination, 7 – internal). |
| 26 |
1 |
release-source |
Indicates the source of the release (2 – origination, 4 – termination, 7 – internal). |
| 26 |
1 |
remote-media-address |
Indicates the IP address of the remote media. |
| 26 |
1 |
gw-rxd-cgn |
Indicates the origination ANI for the call. |
| 26 |
1 |
gw-final-xlated-cdn |
Indicates the outbound DNIS for the call. |
| 26 |
1 |
gw-final-xlated-cgn |
Indicates the outbound ANI for the call. |
| 1 |
User-Name |
Indicates the origination ANI. |
|
| 40 |
Stop (2) |
Indicates that this is a Stop Record. |
|
| 6 |
Login (1) |
Indicates the intent to gain access. |
|
| 4 |
NAS IP Address |
Indicates the IP address of the Sansay switch. |
|
| 41 |
Acct-Delay-Time |
Indicates the resend delay from original message. |
Access Response
The Access Response message may contain the following AVPs:
| AVP # |
VSA # |
Attribute |
Description |
| 27 |
Session-Timeout |
Indicates the maximum duration allowed for the call. |
|
| 26 |
102 |
h323-credit-time |
Indicates the maximum duration allowed for the call. |
| 26 |
106 |
h323-redirect-number |
Indicates the DNIS to use for the outbound leg of the call. |