Configuring RADIUS Accounting
The device supports RADIUS Accounting (per RFC 2866) and sends accounting data of SIP calls as call detail records (CDR) to a RADIUS Accounting server. CDR-based accounting messages can be sent upon call release, call connection and release, or call setup and release. This section lists the CDR attributes for RADIUS accounting.
The following figure shows the interface between the device and the RADIUS server, based on the RADIUS Accounting protocol. For each CDR that the device sends to the RADIUS server, it sends an Accounting-Request Stop with all the CDR attributes. When the RADIUS server successfully receives all the CDR attributes, it responds with an Accounting-Response Stop ACK message to the device. If the device doesn't receive the Accounting-Response ACK message, it can resend the Accounting-Request Stop with all CDR attributes again, up to a user-defined number of re-tries (see Configuring RADIUS Packet Retransmission).
There are two types of data that can be sent to the RADIUS server. The first type is the accounting-related attributes and the second type is the vendor specific attributes (VSA):
■ | Standard RADIUS Attributes (per RFC): A typical standard RADIUS attribute is shown below. The RADIUS attribute ID depends on the attribute. |
The following figure shows a standard RADIUS attribute collected by Wireshark. The bottom pane shows the RADIUS attribute information as sent in the packet; the upper pane is Wireshark's interpretation of the RADIUS information in a more readable format. The example shows the attribute in numeric format (32-bit number in 4 bytes).
■ | Vendor-specific RADIUS Attributes: RADIUS attributes that are specific to the device (company) are referred to as Vendor-specific attributes (VSA). The CDR of VSAs are sent with a general RADIUS ID of 26 to indicate that they are vendor-specific (non-standard). In addition, the company's registered vendor ID (as registered with the Internet Assigned Numbers Authority or IANA) is also included in the packet. The device's default vendor ID is 5003, which can be changed (see Configuring the RADIUS Vendor ID). The VSA ID is also included in the packet. |
The following figure shows a vendor-specific RADIUS attribute collected by Wireshark. The bottom pane shows the RADIUS attribute information as sent in the packet; the upper pane is Wireshark's interpretation of the RADIUS information in a more readable format. The example shows the attribute in string-of-characters format.
You can customize the prefix title of the RADIUS attribute name and ID. For more information, see Customizing CDRs for SBC Calls .
To configure the address of the RADIUS Accounting server, see Configuring RADIUS Servers. For all RADIUS-related configuration, see RADIUS-based Services.
➢ | To configure RADIUS accounting: |
1. | Open the Call Detail Record Settings page (Troubleshoot menu > Troubleshoot tab > Call Detail Record folder > Call Detail Record Settings). |
2. | Configure the following parameters: |
● | From the 'Enable RADIUS Access Control' [EnableRADIUS] drop-down list, select Enable. |
● | From the 'RADIUS Accounting Type' [RADIUSAccountingType] drop-down list, select the stage of the call that RADIUS accounting messages are sent to the RADIUS accounting server. |
● | From the 'AAA Indications' [AAAIndications] drop-down list, select whether you want Authentication, Authorization and Accounting (AAA) indications. |
For a detailed description of the parameters, see RADIUS Parameters.
3. | Click Apply, and then restart the device with a save-to-flash for your settings to take effect. |
The table below lists the RADIUS Accounting CDR attributes included in the communication packets transmitted between the device and a RADIUS server.
Default RADIUS Accounting CDR Attributes
Attribute ID |
Attribute Name |
Vendor-Specific Attribute (VSA) ID |
Description |
Value Format |
Example |
AAA |
||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Request Attributes | ||||||||||||
1 |
user-name |
(Standard) |
Account number or calling party number or blank |
String up to 15 digits long |
5421385747 |
Start Acc |
||||||
4 |
nas-ip-address (for IPv4) nas-ipv6-address (for IPv6) |
(Standard) |
IP address (IPv4 or IPv6) of the requesting device |
Numeric |
192.168.14.43 (IPv4) |
Start Acc |
||||||
6 |
service-type |
(Standard) |
Type of service requested |
Numeric |
1: login |
Start Acc |
||||||
26 |
h323-incoming-conf-id |
1 |
SIP call identifier |
Up to 32 octets |
h323-incoming-conf-id=38393530 |
Start Acc |
||||||
26 |
h323-remote-address |
23 |
IP address of the remote gateway |
Numeric |
- |
Stop Acc |
||||||
26 |
h323-conf-id |
24 |
H.323/SIP call identifier |
Up to 32 octets |
- |
Start Acc |
||||||
26 |
h323-setup-time |
25 |
Setup time in NTP format 1 |
String |
h323-setup-time=09:33:26.621 Mon Dec 2014 |
Start Acc |
||||||
26 |
h323-call-origin |
26 |
Originator of call:
|
String |
h323-call-origin=answer |
Start Acc |
||||||
26 |
h323-call-type |
27 |
Protocol type or family used on this leg of the call. The value is always "VOIP". |
String |
h323-call-type=VOIP |
Start Acc |
||||||
26 |
h323-connect-time |
28 |
Connect time in NTP format |
String |
h323-connect-time=09:33:37.657 UTC Mon Dec 08 2015 |
Stop Acc |
||||||
26 |
h323-disconnect-time |
29 |
Disconnect time in NTP format |
String |
- |
Stop Acc |
||||||
26 |
h323-disconnect-cause |
30 |
Disconnect cause code (Q.850) |
Numeric |
h323-disconnect-cause=16 |
Stop Acc |
||||||
26 |
h323-gw-id |
33 |
Name of the gateway |
String |
h323-gw-id=<SIP ID string> |
Start Acc |
||||||
26 |
sip-call-id |
34 |
SIP Call ID |
String |
sip-call-id=abcde@ac.com |
Start Acc |
||||||
26 |
call-terminator |
35 |
Terminator of the call:
|
String |
call-terminator=yes |
Stop Acc |
||||||
26 |
terminator |
37 |
Terminator of the call:
|
String |
terminator=originate |
Stop Acc |
||||||
30 |
called-station-id |
(Standard) |
Destination URI |
String |
8004567145 |
Start Acc |
||||||
31 |
calling-station-id |
(Standard) |
Source URI |
String |
5135672127 |
Start Acc |
||||||
40 |
acct-status-type |
(Standard) |
Account Request Type:
Note: It is highly recommended to add this attribute if you are customizing the RADIUS CDR format (see Customizing CDRs for SBC Calls and Test Calls for SBC calls). |
Numeric |
1 |
Start Acc |
||||||
41 |
acct-delay-time |
(Standard) |
No. of seconds tried in sending a particular record |
Numeric |
5 |
Start Acc |
||||||
42 |
acct-input-octets |
(Standard) |
Number of octets received for that call duration (applicable only if media anchoring) |
Numeric |
- |
Stop Acc |
||||||
43 |
acct-output-octets |
(Standard) |
Number of octets sent for that call duration (applicable only if media anchoring) |
Numeric |
- |
Stop Acc |
||||||
44 |
acct-session-id |
(Standard) |
A unique accounting identifier that corresponds to the acct-status-type attribute and thus, the identifier of the start CDR is identical to the stop CDR ID of the same call. This attribute is composed of the Session ID of the call (e.g., [SID=9be7fc:152:99757]) followed by a colon (:) and the leg ID (e.g., 9be7fc:152:99757:1 for the SBC incoming leg |
String |
34832 |
Start Acc |
||||||
46 |
acct-session-time |
(Standard) |
For how many seconds the user received the service |
Numeric |
- |
Stop Acc |
||||||
47 |
acct-input-packets |
(Standard) |
Number of packets received during the call |
Numeric |
- |
Stop Acc |
||||||
48 |
acct-oputput-packets |
(Standard) |
Number of packets sent during the call |
Numeric |
- |
Stop Acc |
||||||
61 |
nas-port-type |
(Standard) |
Physical port type of device on which the call is active |
String |
0: Asynchronous |
Start Acc |
||||||
Response Attributes |
||||||||||||
26 |
h323-return-code |
103 |
The reason for failing authentication (0 = ok, other number failed) |
Numeric |
0 Request accepted |
Stop Acc |
||||||
44 |
acct-session-id |
(Standard) |
A unique accounting identifier – match start & stop |
String |
- |
Stop Acc |
Below is an example of RADIUS Accounting, where non-standard parameters are preceded with brackets:
Accounting-Request (4)
user-name = 111
acct-session-id = 1
nas-ip-address = 212.179.22.213
nas-port-type = 0
acct-status-type = 2
acct-session-time = 1
acct-input-packets = 122
acct-output-packets = 220
called-station-id = 201
calling-station-id = 202
// Accounting non-standard parameters:
(4923 33) h323-gw-id =
(4923 23) h323-remote-address = 212.179.22.214
(4923 1) h323-ivr-out = h323-incoming-conf-id:02102944 600a1899 3fd61009 0e2f3cc5
(4923 30) h323-disconnect-cause = 22 (0x16)
(4923 27) h323-call-type = VOIP
(4923 26) h323-call-origin = Originate
(4923 24) h323-conf-id = 02102944 600a1899 3fd61009 0e2f3cc5