|
|
Version Date: 6/15/00
This document contains information about the Remote Access Dial-In User Service (RADIUS) vendor-specific attributes (VSA) that Cisco introduced for use with VoIP call authorization. It describes these voice-specific VSAs in detail and provides an example of how they can be used.
This document helps developers writing voice application software for Cisco voice interfaces, such as the Cisco AS5x00 series. This includes independent software vendors (ISVs), in-house corporate developers, system integrators, and Original Equipment Manufacturers (OEMs).
This document includes the following sections:
The RADIUS server contains a database that is used for authenticating connections and tracking connection time. The RADIUS server also stores accounting information. For more information about RADIUS, see RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)," and RFC2139, "RADIUS Accounting."
Cisco IOS accounting for voice uses standard RADIUS attributes where possible. In previous Cisco IOS software releases, attributes that could not be mapped to standard RADIUS attributes were "packed" into the Acct-Session-Id attribute field (attribute 44) as a "/" (forward slash) delimited ASCII string. For more information, see the Configuration Guide for AAA Billing Features in Cisco Voice-Enabled Routers and Access Servers at http://www.cisco.com/warp/public/cc/cisco/mkt/servprod/sms/acct/prodlit/caaaf_cg.htm.
Recently, the Internet Engineering Task Force (IETF) introduced a draft standard, "RADIUS Vendor Specific Attributes," which specifies a method for communicating vendor-specific information between the network access server and the RADIUS server by using the vendor-specific attribute (Attribute 26). VSAs allow vendors to support their own extended attributes that are not suitable for general use.
With the implementation of voice-specific VSAs in Cisco IOS software, the previously overloaded Session ID is replaced with a set of voice-specific VSAs, which are described in this document. The VSA structure allows significant enhancement to the previous solution by extending the number of parameters that can be passed between the RADIUS server and the Voice Gateway.
Existing AAA behavior is available, unmodified, as the default behavior of the router. To get the new pieces of information, the caller must enable VSAs on the router. Once this is done, the Acct-Session-Id is no longer overloaded because the information once sent in the Session ID will now be captured in VSAs.
Developers using this guide may be interested in joining the Cisco Developer Support Program. This new program has been developed to provide you a consistent level of support that you can depend on while leveraging Cisco interfaces in your development projects.
A signed Developer Support Agreement is required to participate in this program. For more details, and access to this agreement, please visit us at: http://www.cisco.com/warp/public/779/servpro/programs/ecosystem/devsup, or contact developer-support@cisco.com.
Voice-specific VSAs are included in requests and responses between the Voice Gateway and the RADIUS server using a specific format.
Voice-specific VSAs sent in a request from the Voice Gateway are encoded as specified in RFC 2138. The attribute-specific data in each voice-specific VSA contains a Cisco-AV-pair of the form attribute=value.
For example:
h323-conf-id=FF4A3BC9 C540077 0 1E1030
The following table lists the attributes and provides other details about VSAs in access requests. The attribute name should be used in the script code and billing server.
| VSA Number | Attribute Name | VSA Name | Accessible from Script? |
|---|---|---|---|
1 | h323-ivr-out | generic ivr-out | Yes |
24 | h323-conf-id | Conference ID | No |
101 | h323-credit-amount | Amount Balance | Yes |
The following table lists the attributes and provides other details about VSAs in accounting requests. The attribute name should be used in the script code and billing server.
| VSA Number | Attribute Name | VSA Name | Accessible from Script? |
|---|---|---|---|
1 | h323-incoming-conf-id | Incoming Conference ID | No |
1 | h323-ivr-out | generic-ivr-out | Yes |
1 | h323-remote-id | Remote Gateway ID | No |
23 | h323-remote-address | Remote Gateway Address | No |
24 | h323-conf-id | Conference ID | No |
25 | h323-setup-time | Setup Time | No |
26 | h323-call-origin | Call Origin | No |
27 | h323-call-type | Call Type | No |
28 | h323-connect-time | Connect Time | No |
29 | h323-disconnect-time | Disconnect Time | No |
30 | h323-disconnect-cause | Disconnect Cause | No |
31 | h323-voice-quality | Voice Quality | No |
33 | h323-gw-id | Gateway ID | No |
Voice-specific VSAs received in responses from the RADIUS server should be encoded as specified in RFC2138. The attribute-specific data in each voice-specific VSA should contain a Cisco-AV-pair of the form attribute=value.
For example:
h323-return-code=0
The following table lists the attributes and provides other details about VSAs in responses from the RADIUS server to the voice gateway. The attribute name should be used in the script code and billing server.
| VSA Number | Attribute Name | VSA Name | Accessible from Script? |
1 | h323-ivr-in | generic IVR-in | Yes |
101 | h323-credit-amount | Amount Balance | Yes |
102 | h323-credit-time | Time Balance | Yes |
103 | h323-return-code | Return Code | Yes |
104 | h323-prompt-id | Prompt ID | Yes |
105 | h323-time-and-day | Time of Day | Yes |
106 | h323--number | Redirect Number | Yes |
107 | h323-preferred-lang | Preferred Language | Yes |
109 | h323-billing-model | Billing Model | Yes |
110 | h323-currency | Currency Type | Yes |
The types of voice-specific VSAs (Radius Type 26) available depend on whether they are being sent from the Voice Gateway or from the RADIUS server. This section describes the types of voice-specific VSAs available for both requests and responses.
The following table lists the voice-specific VSAs that are sent in an accounting request or access requests from the Voice Gateway, which is acting as the Network Access Server (NAS), to the RADIUS server.
| VSA No. | VSA Name | Sample ASCII Value | Purpose | Radius Codes | First
Supported Release |
|---|---|---|---|---|---|
1 | Remote Gateway ID | joshi4.mydomain | From the hostname, other operations like sorting or bringing out statistics is easier as compared to the IP address. | Accounting/ | 12.1(2)T |
1 | generic ivr-out | payphone:true | User-definable attribute value pairs to be sent from the Voice Gateway to the RADIUS server. | Start and Stop records, Access request (1) | 12.1(2)T |
1 | Incoming Conference ID | 3AA9BF7E EAD90003 0 104D3 | A VSA present in the start and stop records of all call legs, indicating it is the GUID for the first call. For long pound calls, a new GUID is generated and this incoming conf ID indicates that it is the same session. This is generated for all call legs. In the case of multiple outbound calls from the same inbound leg, a different GUID is used for each outbound call. This VSA is needed to be able to relate the outbound and inbound call legs.1 | Start and Stop records | 12.1(2)T |
22 | Cisco-NAS-Port | BRI0/0:1 | NAS port number. | Stop record | 12.0(7)T |
23 | Remote Gateway Address | 156.221.17.128 | Address of the remote gateway. | Stop record | 12.0(7)T |
24 | Conference ID | 3C5AEAB9 95C80008 0 587F34 | Unique call identifier, 4 long words (128 bits) and space separated. Used to associate call data records (CDRs) from all call legs. | Start and Stop records, Access request | 12.0(7)T |
25 | Setup Time | 18:27:28.032 UTC Wed Dec 9 1998 | Setup time in NTP format. | Start and Stop records | 12.0(7)T |
26 | Call Origin | answer | Origin of call relative to the gateway. Possible values are "answer" and "originate". | Start and Stop records | 12.0(7)T |
27 | Call Type | VoIP | Call leg type. Possible values are "VoIP" and "Telephony". | Start and Stop records | 12.0(7)T |
28 | Connect Time | 18:27:30.094 UTC Wed Dec 9 1998 | Connect time in NTP format. | Stop record | 12.0(7)T |
29 | Disconnect Time | 18:27:49.095 UTC Wed Dec 9 1998 | Disconnect time in NTP format. | Stop record | 12.0(7)T |
30 | Disconnect Cause | 4 | Q.931 disconnect cause in Network Time Protocol (NTP) format. Possible values are 1 to 160. | Stop record | 12.0(7)T |
31 | Voice Quality | 25 | Value representing Calculated Planning Impairment Factor (ICPIF) calculation of Voice Quality. | Stop record | 12.0(7)T |
33 | Gateway ID | bowie.cisco.com | Name of the Voice Gateway emitting the message. | Start and Stop records | 12.0(7)T |
The following table lists the voice-specific VSAs that are received from the RADIUS server.
| VSA No. | VSA Name | Sample ASCII Value | Purpose | Radius Codes | First Supported Release |
|---|---|---|---|---|---|
1 | generic IVR-in | color:stardust | User-definable attribute value pairs to be sent from the RADIUS server to the Voice Gateway. | Accept (2), Reject (3), Response (5) | 12.1(2) / 12.1(2)T |
101 | Amount Balance | 123.45 | Currency or unit balance remaining in the user's account (based on the user ID and personal identification number [PIN]). | Accept (2) | 12.0(7)T |
102 | Time Balance | 345 | Seconds remaining based on called number (DNIS) and user balance. This translates to the hold time for the call. | Second Accept (2) | 12.0(7)T |
103 | Return Code | 86 | The action to take (such as re-prompt for user ID, inform user that service is not available, redirect the caller, and so forth). For more information about return codes, see the "Return Codes" section. | Accept (2), Reject (3), Response (5) | 12.0(7)T |
104 | Prompt ID | 10 | An index into an array of prompts known to the IVR script. This can be used with Return code (103) to indicate how and when to play out. | Accept (2), Reject (3), Response (5) | 12.0(7)T |
105 | Time of Day | 22:10:31 | Time of day at called number. | Accept (2) | 12.0(7)T |
106 | Redirect Number | 4085551212 | Number to be used for caller redirect. This can be used with Return Code (103) in failure conditions. | Accept (2), Reject (3) | 12.0(7)T |
107 | Preferred Language | en | ISO language code indicating the caller's language of preference. | Accept (2), Reject (3) | 12.0(7)T |
109 | Billing Model | 1 | Indicates billing model used for the call. Initial values: 0 = Credit, 1 = Debit. Note The debit card application will assume a Debit billing model. | Accept (2) | 12.1(2) / 12.1(2)T |
110 | Currency Type | USD | ISO currency to indicate what units to use in playing the remaining balance. Note The debit card application will assume units of preferred_language_dollar.au and preferred_language_cent.au | Accept (2) | 12.1(2) / 12.1(2)T |
h323-ivr-in="color=stardust".In general, all the voice-specific VSAs are very useful, but optional. However, when using a debit card application, the following voice-specific VSAs are required (must be returned by the RADIUS server):
Return codes can be defined by the user through the implementation of the IVR script and agreement with RADIUS server. The following table lists return codes that are predefined and are expected by existing Cisco IVR scripts.
| Value | Purpose | Comments |
|---|---|---|
0 | Success, proceed | Authorization is successful. |
1 | Failed - Invalid Account number | This code is returned after the first authorization request. |
2 | Failed - Invalid Password | This code is returned after the first authorization request. |
3 | Failed - Account in use | When there is a second attempt to make a call using the same account, authorization should fail unless the Internet Service Provider (ISP) allows multiple users for one account. This code is returned after the first authorization request. |
4 | Failed - Zero balance | This code is returned after the first authorization request. |
5 | Failed - Card expired | Some prepaid calling cards have expiration dates. When the date has expired, this code is returned after the first authorization request. Also, when the credit card that is used to pay for the prepaid calling card has expired, this code is returned. |
6 | Failed - Credit limit | This code is returned when the account balance has exceeded the credit limit set by the ISP. |
7 | Failed - User denied | This code is returned when the account cannot be authorized for reasons other than the ones that are described in this table. |
8 | Failed - Service not available | This code is returned after the second authorization request. For example, this code is returned if the network is down or service to a particular calling area is not available. |
9 | Failed - Called number blocked | This code is used for blocking 900 numbers or for restricting calls to certain area codes. This code is returned after the second authorization request. |
10 | Failed - Number of retries exceeded | This code is used when the number of times the user attempts to enter the account number and PIN has been exceeded. |
11 | Failed - Invalid argument | This code is returned after the first or second authorization requests to provide system-level error information. For example, if the request sent to the RADIUS server is not populated with the correct parameters. |
12 | Failed - Insufficient balance | This code is returned after the first authorization request when the account does not have enough balance to make a call to the destination number entered. |
13 | Toll free calls allowed | This code is returned to allow 800 number calls to the customer service or operators. |
14 | Failed - Invalid card number | This code is returned after the first authorization request. |
50 | Call will be hairpinned back to the Public Switched Telephone Network (PSTN) | This code is returned when the IP network is not accessible or is busy. |
51 | Redirect to called party (use redirect number) |
|
52 | Redirect to Customer Service (use redirect number) |
|
Currently, the Cisco's debit card implementation is a single user system. Therefore, when using a debit card application, the RADIUS server must not authorize simultaneous usage of the card. The debit card application expects this failure to occur at the second authorization (Access-Request to Access-Accept).
Before you can use the voice-specific VSAs described in this document, you must enable their use on the router.
To enable the router to send VSAs and optionally limit the type of information sent, use the following command in global configuration mode:
| Command | Purpose |
|---|---|
radius-server vsa send [accounting | authentication] | Enable the network access server to recognize and use VSAs as defined by RADIUS IETF attribute 26. |
To enable gateway-specific accounting using VSAs, use the following command in global configuration mode:
| Command | Purpose |
|---|---|
gw-accounting vsa | Enable the gateway to recognize and use VSAs as defined by RADIUS IETF attribute 26. |
The following traces in this section show an example of how voice-specific VSAs are used in communication between the Voice Gateway and the RADIUS server (see the following illustration):
The router receives a PSTN incoming call on LEG1(answer/tel) and the NAS sends an accounting START request to the RAIDUS server.
In addition to standard accounting attributes, the request contains five voice-specific VSAs.
Oct 16 23:55:18.083: RADIUS: ustruct sharecount=3 Oct 16 23:55:18.083: RADIUS: added cisco VSA 33 len 18 "h323-gw-id=E1_UUT." Oct 16 23:55:18.083: RADIUS: added cisco VSA 24 len 38 "h323-conf-id=FF4A3BC9 C540077 0 1E1030" Oct 16 23:55:18.083: RADIUS: added cisco VSA 26 len 23 "h323-call-origin=answer" Oct 16 23:55:18.083: RADIUS: added cisco VSA 27 len 24 "h323-call-type=Telephony" Oct 16 23:55:18.083: RADIUS: added cisco VSA 25 len 48 "h323-setup-time=23:55:19.220 UTC Thu Oct 16 1997" Oct 16 23:55:18.083: RADIUS: Initial Transmit id 155 1.13.84.100:1646, Accounting-Request, len 272 Oct 16 23:55:18.087: Attribute 4 6 010D6701 Oct 16 23:55:18.087: Attribute 61 6 00000000 Oct 16 23:55:18.087: Attribute 1 7 33303030 Oct 16 23:55:18.087: Attribute 30 7 35303030 Oct 16 23:55:18.087: Attribute 31 7 33303030 Oct 16 23:55:18.087: Attribute 40 6 00000001 Oct 16 23:55:18.087: Attribute 6 6 00000001 Oct 16 23:55:18.087: Attribute 26 26 0000000921146833 Oct 16 23:55:18.087: Attribute 26 46 0000000918286833 Oct 16 23:55:18.087: Attribute 26 31 000000091A196833 Oct 16 23:55:18.087: Attribute 26 32 000000091B1A6833 Oct 16 23:55:18.087: Attribute 26 56 0000000919326833 Oct 16 23:55:18.087: Attribute 44 10 30303030 Oct 16 23:55:18.087: Attribute 41 6 00000000
The RADIUS server responds to the accounting start request for LEG1.
Oct 16 23:55:18.099: RADIUS: Received from id 155 1.13.84.100:1646, Accounting-response, len 20
The NAS sends the first access request to the RADIUS server. In addition to standard attributes (user, passwd), the request contains one voice-specific VSA.
Oct 16 23:55:24.311: RADIUS: ustruct sharecount=2 Oct 16 23:55:24.311: RADIUS: added cisco VSA 24 len 38 "h323-conf-id=FF4A3BC9 C540077 0 1E1030" Oct 16 23:55:24.311: RADIUS: Initial Transmit id 156 1.13.84.100:1645, Access-Request, len 109 Oct 16 23:55:24.311: Attribute 4 6 010D6701 Oct 16 23:55:24.315: Attribute 61 6 00000000 Oct 16 23:55:24.315: Attribute 1 6 31313333 Oct 16 23:55:24.315: Attribute 26 46 0000000918286833 Oct 16 23:55:24.315: Attribute 31 7 33303030 Oct 16 23:55:24.315: Attribute 2 18 6269F5D8
The RADIUS server responds to the access request. The response contains three voice-specific VSAs.
Oct 16 23:55:24.331: RADIUS: Received from id 156 1.13.84.100:1645, Access-Accept, len 157 Oct 16 23:55:24.331: Attribute 26 26 0000000967146833 Oct 16 23:55:24.331: Attribute 26 30 000000096B186833 Oct 16 23:55:24.331: Attribute 26 33 00000009651B6833 Oct 16 23:55:24.331: Attribute 26 23 000000096D116269 Oct 16 23:55:24.331: Attribute 26 25 000000096E136375 Oct 16 23:55:24.331: RADIUS: saved authorization data for user 61E24B88 at 61E20590 Oct 16 23:55:24.331: RADIUS: cisco AVPair ":h323-return-code=0" Oct 16 23:55:24.331: RADIUS: cisco AVPair ":h323-preferred-lang=en" Oct 16 23:55:24.331: RADIUS: cisco AVPair ":h323-credit-amount=537.97"
The NAS sends the second access request to the RADIUS server. In addition to standard attributes (user, passwd, dnis), the request contains one voice-specific VSA.
Oct 16 23:55:40.103: RADIUS: ustruct sharecount=2 Oct 16 23:55:40.103: RADIUS: added cisco VSA 24 len 38 "h323-conf-id=FF4A3BC9 C540077 0 1E1030" Oct 16 23:55:40.103: RADIUS: Initial Transmit id 157 1.13.84.100:1645, Access-Request, len 116 Oct 16 23:55:40.103: Attribute 4 6 010D6701 Oct 16 23:55:40.103: Attribute 61 6 00000000 Oct 16 23:55:40.103: Attribute 1 6 31313333 Oct 16 23:55:40.103: Attribute 26 46 0000000918286833 Oct 16 23:55:40.103: Attribute 30 7 35303030 Oct 16 23:55:40.103: Attribute 31 7 33303030 Oct 16 23:55:40.103: Attribute 2 18 45478D73
The RADIUS server responds to the access request. The response contains two voice-specific VSAs.
Oct 16 23:55:40.123: RADIUS: Received from id 157 1.13.84.100:1646, Access-Accept, len 76 Oct 16 23:55:40.123: Attribute 26 26 0000000967146833 Oct 16 23:55:40.123: Attribute 26 30 0000000966186833 Oct 16 23:55:40.127: RADIUS: saved authorization data for user 61B853E0 at 61E20590 Oct 16 23:55:40.127: RADIUS: cisco AVPair ":h323-return-code=0" Oct 16 23:55:40.127: RADIUS: cisco AVPair ":h323-credit-time=32270"
The router places a VoIP call on LEG2 and the NAS sends an accounting START request to the RADIUS server. In addition to standard accounting attributes, the request contains five voice-specific VSAs.
Oct 16 23:55:45.275: RADIUS: ustruct sharecount=3 Oct 16 23:55:45.275: RADIUS: added cisco VSA 33 len 18 "h323-gw-id=E1_UUT." Oct 16 23:55:45.275: RADIUS: added cisco VSA 24 len 38 "h323-conf-id=FF4A3BC9 C540077 0 1E1030" Oct 16 23:55:45.275: RADIUS: added cisco VSA 26 len 26 "h323-call-origin=originate" Oct 16 23:55:45.275: RADIUS: added cisco VSA 27 len 19 "h323-call-type=VoIP" Oct 16 23:55:45.275: RADIUS: added cisco VSA 25 len 48 "h323-setup-time=23:55:46.410 UTC Thu Oct 16 1997" Oct 16 23:55:45.275: RADIUS: Initial Transmit id 158 1.13.84.100:1646, Accounting-Request, len 269 Oct 16 23:55:45.275: Attribute 4 6 010D6701 Oct 16 23:55:45.275: Attribute 61 6 00000000 Oct 16 23:55:45.275: Attribute 1 6 31313333 Oct 16 23:55:45.275: Attribute 30 7 35303030 Oct 16 23:55:45.275: Attribute 31 7 33303030 Oct 16 23:55:45.275: Attribute 40 6 00000001 Oct 16 23:55:45.275: Attribute 6 6 00000001 Oct 16 23:55:45.275: Attribute 26 26 0000000921146833 Oct 16 23:55:45.275: Attribute 26 46 0000000918286833 Oct 16 23:55:45.275: Attribute 26 34 000000091A1C6833 Oct 16 23:55:45.279: Attribute 26 27 000000091B156833 Oct 16 23:55:45.279: Attribute 26 56 0000000919326833 Oct 16 23:55:45.279: Attribute 44 10 30303030 Oct 16 23:55:45.279: Attribute 41 6 00000000
The RADIUS server responds to the accounting request for LEG2.
Oct 16 23:55:45.287: RADIUS: Received from id 158 1.13.84.100:1646, Accounting-response, len 20
The caller hangs up, the router receives a PSTN disconnect LEG1 message and the NAS sends an accounting STOP request to the RADIUS server. In addition to standard accounting attributes, the request contains nine voice-specific VSAs.
Oct 16 23:56:50.263: RADIUS: ustruct sharecount=2 Oct 16 23:56:50.263: RADIUS: added cisco VSA 33 len 18 "h323-gw-id=E1_UUT." Oct 16 23:56:50.263: RADIUS: added cisco VSA 24 len 38 "h323-conf-id=FF4A3BC9 C540077 0 1E1030" Oct 16 23:56:50.263: RADIUS: added cisco VSA 26 len 23 "h323-call-origin=answer" Oct 16 23:56:50.263: RADIUS: added cisco VSA 27 len 24 "h323-call-type=Telephony" Oct 16 23:56:50.263: RADIUS: added cisco VSA 25 len 48 "h323-setup-time=23:55:19.220 UTC Thu Oct 16 1997" Oct 16 23:56:50.263: RADIUS: added cisco VSA 28 len 50 "h323-connect-time=23:55:19.240 UTC Thu Oct 16 1997" Oct 16 23:56:50.263: RADIUS: added cisco VSA 29 len 53 "h323-disconnect-time=23:56:51.400 UTC Thu Oct 16 1997" Oct 16 23:56:50.263: RADIUS: added cisco VSA 30 len 24 "h323-disconnect-cause=10" Oct 16 23:56:50.263: RADIUS: added cisco VSA 31 len 20 "h323-voice-quality=0" Oct 16 23:56:50.271: RADIUS: Initial Transmit id 159 1.13.84.100:1646, Accounting-Request, len 481 Oct 16 23:56:50.271: Attribute 4 6 010D6701 Oct 16 23:56:50.271: Attribute 61 6 00000000 Oct 16 23:56:50.271: Attribute 1 7 33303030 Oct 16 23:56:50.271: Attribute 30 7 35303030 Oct 16 23:56:50.271: Attribute 31 7 33303030 Oct 16 23:56:50.271: Attribute 40 6 00000002 Oct 16 23:56:50.271: Attribute 6 6 00000001 Oct 16 23:56:50.271: Attribute 26 26 0000000921146833 Oct 16 23:56:50.271: Attribute 26 46 0000000918286833 Oct 16 23:56:50.271: Attribute 26 31 000000091A196833 Oct 16 23:56:50.271: Attribute 26 32 000000091B1A6833 Oct 16 23:56:50.271: Attribute 26 56 0000000919326833 Oct 16 23:56:50.271: Attribute 26 58 000000091C346833 Oct 16 23:56:50.271: Attribute 26 61 000000091D376833 Oct 16 23:56:50.271: Attribute 26 32 000000091E1A6833 Oct 16 23:56:50.271: Attribute 26 28 000000091F166833 Oct 16 23:56:50.271: Attribute 44 10 30303030 Oct 16 23:56:50.271: Attribute 42 6 0000E020 Oct 16 23:56:50.271: Attribute 43 6 0002529D Oct 16 23:56:50.271: Attribute 47 6 00000701 Oct 16 23:56:50.271: Attribute 48 6 00000A71 Oct 16 23:56:50.271: Attribute 46 6 0000005C Oct 16 23:56:50.271: Attribute 41 6 00000000
The RADIUS server responds to the accounting STOP request for LEG1.
Oct 16 23:56:50.287: RADIUS: Received from id 159 1.13.84.100:1646, Accounting-response, len 46
The router disconnects the VoIP call on LEG2 and the NAS sends an accounting STOP request to the RADIUS server. In addition to standard accounting attributes, the request contains nine voice-specific VSAs.
Oct 16 23:56:50.275: RADIUS: ustruct sharecount=2 Oct 16 23:56:50.275: RADIUS: added cisco VSA 33 len 18 "h323-gw-id=E1_UUT." Oct 16 23:56:50.275: RADIUS: added cisco VSA 24 len 38 "h323-conf-id=FF4A3BC9 C540077 0 1E1030" Oct 16 23:56:50.275: RADIUS: added cisco VSA 26 len 26 "h323-call-origin=originate" Oct 16 23:56:50.275: RADIUS: added cisco VSA 27 len 19 "h323-call-type=VoIP" Oct 16 23:56:50.275: RADIUS: added cisco VSA 25 len 48 "h323-setup-time=23:55:46.410 UTC Thu Oct 16 1997" Oct 16 23:56:50.275: RADIUS: added cisco VSA 28 len 50 "h323-connect-time=23:55:47.480 UTC Thu Oct 16 1997" Oct 16 23:56:50.275: RADIUS: added cisco VSA 29 len 53 "h323-disconnect-time=23:56:51.410 UTC Thu Oct 16 1997" Oct 16 23:56:50.279: RADIUS: added cisco VSA 30 len 24 "h323-disconnect-cause=10" Oct 16 23:56:50.279: RADIUS: added cisco VSA 31 len 20 "h323-voice-quality=0" Oct 16 23:56:50.279: RADIUS: added cisco VSA 23 len 31 "h323-remote-address=147.14.25.1" Oct 16 23:56:50.291: RADIUS: Initial Transmit id 160 1.13.84.100:1646, Accounting-Request, len 517 Oct 16 23:56:50.291: Attribute 4 6 010D6701 Oct 16 23:56:50.291: Attribute 61 6 00000000 Oct 16 23:56:50.291: Attribute 1 6 31313333 Oct 16 23:56:50.291: Attribute 30 7 35303030 Oct 16 23:56:50.291: Attribute 31 7 33303030 Oct 16 23:56:50.291: Attribute 40 6 00000002 Oct 16 23:56:50.291: Attribute 6 6 00000001 Oct 16 23:56:50.291: Attribute 26 26 0000000921146833 Oct 16 23:56:50.291: Attribute 26 46 0000000918286833 Oct 16 23:56:50.291: Attribute 26 34 000000091A1C6833 Oct 16 23:56:50.291: Attribute 26 27 000000091B156833 Oct 16 23:56:50.291: Attribute 26 56 0000000919326833 Oct 16 23:56:50.291: Attribute 26 58 000000091C346833 Oct 16 23:56:50.291: Attribute 26 61 000000091D376833 Oct 16 23:56:50.291: Attribute 26 32 000000091E1A6833 Oct 16 23:56:50.291: Attribute 26 28 000000091F166833 Oct 16 23:56:50.291: Attribute 26 39 0000000917216833 Oct 16 23:56:50.291: Attribute 44 10 30303030 Oct 16 23:56:50.291: Attribute 42 6 00008CF0 Oct 16 23:56:50.291: Attribute 43 6 00008A98 Oct 16 23:56:50.291: Attribute 47 6 0000070C Oct 16 23:56:50.291: Attribute 48 6 000006EE Oct 16 23:56:50.291: Attribute 46 6 00000041 Oct 16 23:56:50.291: Attribute 41 6 00000000
The RADIUS server responds to the accounting STOP request for LEG2.
Oct 16 23:56:50.323: RADIUS: Received from id 160 1.13.84.100:1646, Accounting-response, len 46
This section describes the commands that are used to enable the use of voice-specific VSAs.
To enable gateway specific accounting, use the gw-accounting command. Use the no form of this command to disable gateway specific accounting.
gw-accounting [h323 | syslog | vsa ]
h323 | (Optional) H.323 method uses RADIUS to output accounting CDRs. |
syslog | (Optional) Syslog uses the system logging facility to output CDRs. |
vsa | (Optional) Voice-specific VSAs are included in the RADIUS accounting. |
Disable gateway specific accounting.
Global configuration
Cisco IOS Release 12.0(4)XH introduces a new vsa field to this command.
This command is used when configuring the AAA accounting application.
This command defines a method for doing the accounting and enables the gateway to do the accounting. There are two accounting methods defined.
Both h.323 and syslog can be enabled at the same time, which causes CDRs to be generated in both methods.
To configure the network access server to recognize and use vendor-specific attributes, use the radius-server vsa send global configuration command. Use the no form of this command to restore the default.
radius-server vsa send [accounting | authentication]
accounting | Limits the set of recognized vendor-specific attributes to only accounting attributes. |
authentication | Limits the set of recognized vendor-specific attributes to only authentication attributes. |
Disabled
Global configuration
This command first appeared in Cisco IOS Release 11.3T.
The radius-server vsa send command enables the network access server to recognize and use both accounting and authentication vendor-specific attributes. Use the accounting keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to just accounting attributes. Use the authentication keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to just authentication attributes.
AAA--Authentication, Authorization, and Accounting. AAA is a suite of network security services that provides the primary framework through which you can set up access control on your Cisco router or access server.
CDR--Call Data Record.
DNIS--Dialed number identification service. Same as the called number.
DTMF--Dual tone multifrequency. Use of two simultaneous voice-band tones for dialing (such as touch tone).
Gatekeeper--A Gatekeeper maintains a registry of devices in the multimedia network. The devices register with the Gatekeeper at startup and request admission to a call from the Gatekeeper.
The Gatekeeper is an H.323 entity on the LAN that provides address translation and control access to the LAN for H.323 terminals and gateways. The Gatekeeper can provide other services to the H.323 terminals and gateways, such as bandwidth management and locating gateways.
gateway--A gateway allows H.323 terminals to communicate with non-H.323 terminals by converting protocols. A gateway is the point where a circuit-switched call is encoded and repackaged into IP packets.
An H.323 gateway is an endpoint on the LAN that provides real-time, two-way communications between H.323 terminals on the LAN and other ITU-T terminals in the WAN or to another H.323 gateway.
ISDN--Integrated Services Digital Network. Communication protocol, offered by telephone companies, that permits telephone networks to carry data, voice, and other source traffic.
IVR--Interactive voice response. When someone dials in, IVR responds with a prompt to get a personal identification number (PIN), and so on.
NAS--Network Access Server. Cisco platform (or collection of platforms such as an AccessPath system which interfaces between the packet world (e.g. the Internet) and the circuit world (e.g. the PSTN).
PIN--Personal identification number. Password used with account number for authentication.
POTS--Plain old telephone service. Basic telephone service supplying standard single line telephones, telephone lines, and access to the PSTN.
PSTN--Public Switched Telephone Network. PSTN refers to the local telephone company.
RADIUS--Remote Access Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.
VoIP--Voice over IP. The ability to carry normal telephone-style voice signals over an IP-based network with POTS-like functionality, reliability, and voice quality. VoIP is a blanket term that generally refers to Cisco's open standards-based (for example, H.323) approach to IP voice traffic.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Mon Aug 7 19:24:01 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.