Adding RADIUS Server(s)

PreviousConfiguring RADIUS NextRADIUS CDR attributes

Last updated 1 day ago

Was this helpful?

Adding RADIUS Server(s)

These instructions are used to add a RADIUS accounting server or a RADIUS authorization server target to the configuration.

Call Detail Records (CDR) or Call authorization requests will be sent to these servers.

Multiple RADIUS servers can be configured to provide RADIUS redundancy.

1- Select RADIUS from the navigation panel.

2- In the Editing RADIUS client configuration page, select Create new RADIUS server

3- Configure the RADIUS server with these parameters:

Name to recognize the server.
Server IP address is the IP address of the RADIUS server we want to access.
Server UDP Port is the UDP port of the RADIUS server we want to access (default port is 1813 for accounting and 1812 for authorization/authentication)
Server type is Accounting for CDR and Authorization for Authorization and Authentication.
Server secret is the passphrase to authenticate the TMG on the RADIUS server.

Advanced Parameters:

Public IP address is used if the TMG is behind a NAT
Timeout is the request timeout in milliseconds for each request to this server.
Retries is the number of retries the RADIUS client will try before falling back to other methods. See full details on functionality here: CDR redundancy

4- You can configure multiple RADIUS servers to provide redundancy protection for RADIUS servers. Each entry can have different settings.

List of Parameters

Parameter: Name

The Name parameter must be entered in when creating a new object, during Web Portal configuration. The name of an object is a character string used by the Web Portal to identify that structure.

Parameter: Server IP address

IP address of the RADIUS server.

Parameter: Server UDP port

UDP port used for communications. Typically for accounting servers, ports 1813 or 1646 are used. For authorization ports 1812 or 16456 are used.

Parameter: Server type

Accounting or authorization

Parameter: Server secret

Server's secret phrase.

Parameter: Public IP address

IP address that will be set in the NAS-IP-Address attribute when present. This is used when the RADIUS client is behind a NAT. Leave empty to use the source IP address instead.

Parameter: Timeout

Timeout in milliseconds (ms) for requests to this server.

Parameter: Retries

Number of retries for requests to the server.

Parameter: Associated server

Associated radius server. In case of failure, both servers will switchover.

Parameter: Use polling (Status-Server)

If this server can be polled using the Status-Server message

Parameter: Polling delay

The time to wait in milliseconds (ms) before polling the server.

Parameter: Packet Network: Type of Service

For example, if a TOS value of 144 is used, the DSCP tag will be 36 (if ECN field is not used). Some examples:

TOS Value DSCP Value

0 0

32 8

40 10

56 14

72 18

88 22

96 24

112 28

136 34

144 36

152 38

160 40

184 46

192 48

224 56

DSCP <=> IP Precedence Conversion Table

DSCP Name DS Field Value (Dec) IP Precedence (Description)

CS0 0 0: Best Effort

CS1, AF11-13 8,10,12,14 1: Priority

CS2, AF21-23 16,18,20,22 2: Immediate

CS3, AF31-33 24,26,28,30 3: Flash - mainly used for voice signaling

CS4, AF41-43 32,34,36,38 4: Flash Override

CS5,EF 40,46 5: Critical - mainly used for voice RTP

CS6 48 6: Internetwork Control

CS7 56 7: Network Control

PreviousConfiguring RADIUS NextRADIUS CDR attributes

Last updated 1 day ago

Was this helpful?

These instructions are used to add a RADIUS accounting server or a RADIUS authorization server target to the configuration.

Call Detail Records (CDR) or Call authorization requests will be sent to these servers.

Multiple RADIUS servers can be configured to provide RADIUS redundancy.

1- Select RADIUS from the navigation panel.

2- In the Editing RADIUS client configuration page, select Create new RADIUS server

3- Configure the RADIUS server with these parameters:

Name to recognize the server.
Server IP address is the IP address of the RADIUS server we want to access.
Server UDP Port is the UDP port of the RADIUS server we want to access (default port is 1813 for accounting and 1812 for authorization/authentication)
Server type is Accounting for CDR and Authorization for Authorization and Authentication.
Server secret is the passphrase to authenticate the TMG on the RADIUS server.

Advanced Parameters:

Public IP address is used if the TMG is behind a NAT
Timeout is the request timeout in milliseconds for each request to this server.
Retries is the number of retries the RADIUS client will try before falling back to other methods. See full details on functionality here: CDR redundancy

4- You can configure multiple RADIUS servers to provide redundancy protection for RADIUS servers. Each entry can have different settings.

List of Parameters

Parameter: Name

The Name parameter must be entered in when creating a new object, during Web Portal configuration. The name of an object is a character string used by the Web Portal to identify that structure.

Parameter: Server IP address

IP address of the RADIUS server.

Parameter: Server UDP port

UDP port used for communications. Typically for accounting servers, ports 1813 or 1646 are used. For authorization ports 1812 or 16456 are used.

Parameter: Server type

Accounting or authorization

Parameter: Server secret

Server's secret phrase.

Parameter: Public IP address

IP address that will be set in the NAS-IP-Address attribute when present. This is used when the RADIUS client is behind a NAT. Leave empty to use the source IP address instead.

Parameter: Timeout

Timeout in milliseconds (ms) for requests to this server.

Parameter: Retries

Number of retries for requests to the server.

Parameter: Associated server

Associated radius server. In case of failure, both servers will switchover.

Parameter: Use polling (Status-Server)

If this server can be polled using the Status-Server message

Parameter: Polling delay

The time to wait in milliseconds (ms) before polling the server.

Parameter: Packet Network: Type of Service

Value to store in the TOS (Type Of Service) field of the IP header of RTP packets. The most recent usage of this field is a six-bit Differentiated Services Code Point (DSCP) and a two-bit Explicit Congestion Notification (ECN).

For example, if a TOS value of 144 is used, the DSCP tag will be 36 (if ECN field is not used). Some examples:

TOS Value DSCP Value

0 0

32 8

40 10

56 14

72 18

88 22

96 24

112 28

136 34

144 36

152 38

160 40

184 46

192 48

224 56

DSCP <=> IP Precedence Conversion Table

DSCP Name DS Field Value (Dec) IP Precedence (Description)

CS0 0 0: Best Effort

CS1, AF11-13 8,10,12,14 1: Priority

CS2, AF21-23 16,18,20,22 2: Immediate

CS3, AF31-33 24,26,28,30 3: Flash - mainly used for voice signaling

CS4, AF41-43 32,34,36,38 4: Flash Override

CS5,EF 40,46 5: Critical - mainly used for voice RTP

CS6 48 6: Internetwork Control

CS7 56 7: Network Control