[cisco-voip] aaa problem

ewc at axelero.hu ewc at axelero.hu
Tue Jul 6 10:39:07 EDT 2004 

Hello Ýsmail,

your configuration looks ok. One thing is missing: TCL application
from your dial-peer.
You are using the default application called session, which doesn't
have RADIUS authentication. You need to download or write tcl script
which collects information required for authentication.
As far as I know, on cisco.com (CCO neeed) you can find a sample
(working) script for your purpose (ip_remote.tcl?).

Regards,
        Thomas

Tuesday, July 6, 2004, 4:28:31 PM, you wrote:

ÝC> Hello,
ÝC>  
ÝC> I have a problem with my as5350 gateway. I work
ÝC> gateway-to-gateway. I dont`use gatekeeper. I try to terminate
ÝC> calls. My scenario is:
ÝC>  
ÝC>  
GW1------>>myGW---controller e1------------>GSM Channel Bank
ÝC>                    |
ÝC>                    |
ÝC>                freeradius
ÝC>  
ÝC> If a call comes from GW1 to myGW, first I want to
ÝC> authenticate and authorize call based on the ip address of GW1 via
ÝC> freeradius. Then account. I can only send accounting request to
ÝC> radius. I can not send authenticating and authorizing request to
ÝC> radius. Can you help me?
ÝC> My config is:  
ÝC> Current configuration : 10036 bytes
ÝC> !
ÝC> ! Last configuration change at 13:17:29 GMT Sat Jan 1 2000 by shrntrsn
ÝC> !
ÝC> version 12.2
ÝC> service tcp-keepalives-in
ÝC> service tcp-keepalives-out
ÝC> service timestamps debug datetime msec
ÝC> service timestamps log datetime msec
ÝC> service password-encryption
ÝC> !
ÝC> hostname Router
ÝC> !
ÝC> no boot startup-test
ÝC> aaa new-model
ÝC> !
ÝC> !
ÝC> aaa authentication login default group radius
ÝC> aaa authentication login h323 group radius
ÝC> aaa authentication ppp default group radius
ÝC> aaa authentication ppp h323 group radius
ÝC> aaa authorization exec h323 group radius if-authenticated
ÝC> aaa authorization network default group radius if-authenticated
ÝC> aaa accounting update newinfo
ÝC> aaa accounting network h323 start-stop group radius
ÝC> aaa accounting connection h323 start-stop group radius
ÝC> aaa accounting resource h323 start-stop group radius
ÝC> aaa session-id common
ÝC> !
ÝC> !
ÝC> resource-pool disable
ÝC> clock timezone GMT 0
ÝC> clock calendar-valid
ÝC> spe country turkey
ÝC> !
ÝC> !
ÝC> !
ÝC> !
ÝC> !
ÝC> ip subnet-zero
ÝC> ip cef
ÝC> !
ÝC> class-map match-all deneme
ÝC>   match none
ÝC> !
ÝC> !
ÝC> policy-map deneme
ÝC> !
ÝC> voice call send-alert
ÝC> voice rtp send-recv
ÝC> !
ÝC> voice service pots
ÝC> !
ÝC> voice class codec 312
ÝC>  codec preference 1 g729r8
ÝC> !
ÝC> voice class codec 99
ÝC>  codec preference 1 g729r8
ÝC>  codec preference 2 g723r63
ÝC> !
ÝC> voice class codec 80
ÝC>  codec preference 1 g729r8
ÝC> !
ÝC> !
ÝC> !
ÝC> voice class h323 1
ÝC>   call start fast
ÝC> !
ÝC> voice class h323 99
ÝC>   call start fast
ÝC> !
ÝC> voice class h323 80
ÝC>  h225 timeout tcp establish 10
ÝC>   call start fast
ÝC> !
ÝC> !
ÝC> !
ÝC> !
ÝC> !
ÝC> fax interface-type fax-mail
ÝC> mta receive maximum-recipients 0
ÝC> !
ÝC> controller E1 3/0
ÝC>  shutdown
ÝC> !
ÝC> controller E1 3/1
ÝC>  shutdown
ÝC> !
ÝC> controller E1 3/2
ÝC>  ds0-group 1 timeslots 1-15 type r2-digital
ÝC>  ds0-group 2 timeslots 17-31 type r2-digital
ÝC>  ds0 busyout 28-31 hard
ÝC> !
ÝC> controller E1 3/3
ÝC>  shutdown
ÝC> !
ÝC> gw-accounting h323
ÝC> gw-accounting h323 vsa
ÝC> gw-accounting voip
ÝC> !
ÝC> !
ÝC> interface FastEthernet0/0
ÝC>   ip address x.x.x.x y.y.y.y
ÝC>  ip access-group h323 in
ÝC>  duplex auto
ÝC>  speed auto
ÝC>  no cdp enable
ÝC>  h323-gateway voip bind srcaddr x.x.x.x
ÝC> !
ÝC> interface FastEthernet0/1
ÝC>  no ip address
ÝC>  shutdown
ÝC>  duplex auto
ÝC>   speed auto
ÝC> !
ÝC> interface Serial0/0
ÝC> shutdown 
ÝC> no ip address
ÝC>  no ip mroute-cache
ÝC>  clockrate 2000000
ÝC> !
ÝC> interface Serial0/1
ÝC>  no ip address
ÝC>  shutdown
ÝC>  clockrate 2000000
ÝC> !
ÝC> interface Async1/00
ÝC>  no ip address
ÝC> !
ÝC> interface Async1/01
ÝC>  no ip address
ÝC> !
ÝC> interface Async1/02
ÝC>  no ip address
ÝC> ip classless
ÝC> ip route 0.0.0.0 0.0.0.0 y.y.y.y
ÝC> no ip http server
ÝC> snmp-server community aaaaa RO
ÝC> snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
ÝC> snmp-server enable traps calltracker
ÝC> snmp-server enable traps tty
ÝC> snmp-server enable traps modem-health
ÝC> snmp-server enable traps ds0-busyout
ÝC> snmp-server enable traps ds1-loopback
ÝC> snmp-server enable traps isdn call-information
ÝC> snmp-server enable traps isdn layer2
ÝC> snmp-server enable traps isdn chan-not-avail
ÝC> snmp-server enable traps fru-ctrl
ÝC> snmp-server enable traps hsrp
ÝC> snmp-server enable traps config
ÝC> snmp-server enable traps entity
ÝC> snmp-server enable traps envmon
ÝC> snmp-server enable traps aaa_server
ÝC> snmp-server enable traps bgp
ÝC> snmp-server enable traps pim neighbor-change
ÝC> rp-mapping-change invalid-pim-messa
ÝC> ge
ÝC> snmp-server enable traps ipmulticast
ÝC> snmp-server enable traps msdp
ÝC> snmp-server enable traps rsvp
ÝC> snmp-server enable traps frame-relay
ÝC> snmp-server enable traps rtr
ÝC> snmp-server enable traps syslog
ÝC> snmp-server enable traps dlsw
ÝC> snmp-server enable traps dial
ÝC> snmp-server enable traps dsp card-status
ÝC> snmp-server enable traps voice poor-qov
ÝC> snmp-server enable traps dnis
ÝC> snmp-server enable traps xgcp
ÝC> snmp ifmib ifalias long
ÝC> !
ÝC> !
ÝC> radius-server host qqqq auth-port 1812 acct-port 1813
ÝC> radius-server retransmit 3
ÝC> radius-server attribute 8 include-in-access-req
ÝC> radius-server key 222222222
ÝC> radius-server vsa send accounting
ÝC> radius-server vsa send authentication
ÝC> call rsvp-sync
ÝC> !
ÝC> voice-port 3/2:1
ÝC>  input gain 6
ÝC>  echo-cancel coverage 16
ÝC>  compand-type a-law
ÝC>  cptone TR
ÝC>  timeouts interdigit 2
ÝC>  timeouts ringing infinity
ÝC>  bearer-cap Speech
ÝC> !
ÝC> voice-port 3/2:2
ÝC>  input gain 6
ÝC>  echo-cancel coverage 16
ÝC>  compand-type a-law
ÝC>  cptone TR
ÝC>  timeouts interdigit 2
ÝC>  timeouts ringing infinity
ÝC>  bearer-cap Speech
ÝC> !
ÝC> voice-class aaa 1
ÝC> authentication method h323
ÝC> authorization method h323
ÝC> accounting method h323
ÝC> mgcp profile default
ÝC> !
ÝC> dial-peer cor custom
ÝC> !
ÝC> !
ÝC> !
ÝC> dial-peer voice 99 voip
ÝC>  incoming called-number ssss
ÝC>  voice-class codec 99
ÝC>  voice-class h323 99
ÝC>  dtmf-relay h245-signal h245-alphanumeric
ÝC> !
ÝC> dial-peer voice 1 pots
ÝC>  max-conn 20
ÝC>  destination-pattern T
ÝC>  port 3/2:1
ÝC>  forward-digits 11
ÝC>  prefix ,
ÝC> voice class aaa 1
ÝC> !
ÝC> dial-peer voice 2 pots
ÝC>  max-conn 20
ÝC>  destination-pattern 
ÝC>  forward-digit 11 
ÝC> port 3/2:2
ÝC>  prefix ,

More information about the cisco-voip mailing list