Scribd
Upload
19 views25 pages

09-Voice RADIUS Configuration

Chapter 1 Voice RADIUS Configuration

Uploaded by

mattscott867
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views25 pages

09-Voice RADIUS Configuration

Chapter 1 Voice RADIUS Configuration

Uploaded by

mattscott867
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Operation Manual – Voice RADIUS (Voice Volume) Table of Contents

Table of Contents

Chapter 1 Voice RADIUS Configuration...................................................................................... 1-1


1.1 Overview ............................................................................................................................ 1-1
1.1.1 Fundamentals.......................................................................................................... 1-1
1.1.2 RADIUS Provided by Voice Gateway ..................................................................... 1-3
1.2 Voice RADIUS Configuration Task List ............................................................................. 1-5
1.3 Configuring Voice RADIUS................................................................................................ 1-7
1.3.1 Configuring Accounting Method .............................................................................. 1-7
1.3.2 Enabling the Accounting Function for One-Stage Dialing Users ............................ 1-8
1.3.3 Enabling Authentication Function for One-Stage Dialing Users ............................. 1-9
1.3.4 Enabling Authorization Function for One-Stage Dialing Users ............................. 1-10
1.3.5 Configuring Rule for Saving CDRs........................................................................ 1-11
1.3.6 Configuring Access Number ................................................................................. 1-12
1.3.7 Configuring Two-Stage Dialing Process ............................................................... 1-12
1.3.8 Enabling Accounting Function for Two-Stage Dialing Users ................................ 1-13
1.3.9 Enabling Authentication Function for Two-Stage Dialing Users ........................... 1-14
1.3.10 Enabling Authorization Function for Two-Stage Dialing Users ........................... 1-14
1.3.11 Configuring Method of Collecting Digits of Called Number................................. 1-16
1.3.12 Configuring Number of Digits in Card Number/Password .................................. 1-16
1.3.13 Configuring Number of Redial Attempts ............................................................. 1-17
1.3.14 Enabling Language Selection Function .............................................................. 1-18
1.4 Displaying and Maintaining Voice RADIUS ..................................................................... 1-19
1.5 Voice RADIUS Configuration Example............................................................................ 1-20
1.5.1 Card Number/Password Process Configuration ................................................... 1-20
1.6 Troubleshooting Voice RADIUS ...................................................................................... 1-23

Huawei Technologies Proprietary

i
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

Chapter 1 Voice RADIUS Configuration

1.1 Overview
1.1.1 Fundamentals

I. Introduction to voice RADIUS

Remote access dial in user service (RADIUS) is a protocol standard developed for
implementing authentication, authorization and accounting (AAA) for access users,
who can be PPP users or voice users. The voice RADIUS function provided by the
voice gateway is suitable for small- and medium-sized network operators or enterprises
to control voice calls and perform voice call accounting statistics.
As a whole, voice RADIUS is a part of the whole voice module that implements AAA for
voices users on the voice gateway. When a user initiates a voice call, the voice gateway
interacts with the user according to the configured parameters, encapsulates the
obtained user information and statistics into RADIUS AAA messages, and sends the
messages to the RADIUS server. The voice gateway then determines whether to
connect the call according to the response. After the call ends, the voice gateway
reports to the RADIUS server the statistics information (such as call duration, number
of messages, and number of bytes) about the call to complete call accounting and other
operations.

II. Voice RADIUS call process

Figure 1-1 shows the networking environment where voice RADIUS is applied.

Figure 1-1 Network diagram for voice RADIUS application

Huawei Technologies Proprietary

1-1
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

As shown in Figure 1-1, the entire call setup process is as follows:


1) The calling party (1000) who originates a call from PSTN dials the called number
1001. The originating gateway receives the called number and determines that the
called party is not located in the local private branch exchange (PBX). At this point,
the voice subscriber line of the originating gateway is located on the calling side,
and therefore, the originating gateway sends a PSTN_Accounting_Start request
(call segment 1) to the RADIUS server.
2) After receiving a PSTN_Accounting_Start acknowledgment from the RADIUS
server, the originating gateway obtains the identity information of the calling party,
encapsulates it into a RADIUS message, and sends the message to the RADIUS
server for identity authentication. Upon receiving an Authentication
acknowledgment, the originating gateway encapsulates the called number into
another RADIUS message and sends it to the RADIUS server again for
authorization. When receiving an Authorization acknowledgment, the originating
gateway sends a VoIP_Accounting_Start request (call segment 2) to the RADIUS
server.
3) After receiving a VoIP_Accounting_Start acknowledgment (call segment 2) from
the RADIUS server, the originating gateway originates a call to the terminated
gateway over the IP network so as to set up a voice channel on the IP network side.
After receiving a Connect request from the originating gateway, the terminating
gateway sends a VoIP_Accounting_Start request (call segment 3) to the RADIUS
server.
4) After receiving a VoIP_Accounting_Start acknowledgment (call segment 3) from
the RADIUS server, the terminating gateway originates a call to the called party
over PSTN. After receiving an Alert from PSTN, the terminating gateway sends a
Notification to the originating gateway and the originating gateway then plays
ringback tones to the calling party.
5) After the called party picks up the phone, the terminating gateway sends a
PSTN_Accounting_Start request (call segment 4) to the RADIUS server. After the
terminating gateway receives a PSTN_Accounting_Start acknowledgment (call
segment 4) from the RADIUS server, both parties start conversation.
6) After the call is connected, the originating gateway sets the call duration timer
according to the call duration in the Authorization acknowledgment. When the
calling or called party hangs up before the timer expires, the call is normally
disconnected.
7) If the calling party hangs up first, the originating gateway releases the seized voice
subscriber line and sends a PSTN_Accounting_Stop request (call segment 1) and
a VoIP_Accounting_Stop request (call segment 2) to the RADIUS server and a
Voice_Channel_Release to the terminating gateway. After receiving the
Voice_Channel_Release, the terminating gateway sends a
VoIP_Accounting_Stop request (call segment 3) to the RADIUS server and
releases the channel resource. After receiving a Release acknowledgment from

Huawei Technologies Proprietary

1-2
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

PSTN, the terminating gateway sends a PSTN_Accounting_Stop request (call


segment 4) to the RADIUS server.

Note:
z In the above call setup process, accounting is divided into four segments to facilitate
charge settlement between service providers as well as control of voice channel by
segment.
z The call setup process and call clearing process are briefly described here. In
practice, the call setup process and messages exchanged differ greatly, because
message exchange in the entire process is quite complicated, access procedures
differ, AAA fails, calls are exceptionally terminated, or the called party hangs up.

Obviously, RADIUS cannot operate normally without the RADIUS server. AAA
messages exchanged between the voice gateway and the RADIUS server should
comply with RFC 2865 and RFC 2866. A list of voice call users of the voice gateway
should also be configured on the RADIUS server.

1.1.2 RADIUS Provided by Voice Gateway

I. AAA for voice calls

For voice calls, the RADIUS authentication includes card number/password


authentication and calling number authentication, and the RADIUS authorization
adopts the called number authorization mode on condition that the RADIUS
authentication is enabled.
For voice calls, the voice gateway supports three accounting methods: start-ack,
start-no-ack, and stop-only.
z start-ack: When the call setup begins, the voice gateway sends an
Accounting-Start request to the RADIUS server. However, the voice gateway must
receive an Accounting_Start acknowledgment from the RADIUS server before
connecting the call. After the call ends, the voice gateway sends an
Accounting_Stop request to the RADIUS server, and releases the call upon
receiving an Accounting_Stop acknowledgment.
z start-no-ack: When the call setup begins, the voice gateway sends an
Accounting_Start request to the RADIUS server, and directly connects the call
without waiting for an Accounting_Start acknowledgment. If the voice gateway
receives an Accounting_Start unacknowledgment from the RADIUS server after
the call is connected, it immediately releases the call. After the call ends, the voice
gateway sends an Accounting_Stop request to the RADIUS server and releases
the call only after it receives an Accounting_Stop acknowledgment.

Huawei Technologies Proprietary

1-3
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

z stop-only: The voice gateway sends an Accounting_Stop request to the RADIUS


server only when the call ends, and it releases the call only after receiving an
Accounting_Stop acknowledgment.

II. Voice dialing process

There are two types of dialing process for voice calls: one-stage dialing and two-stage
dialing. Two-stage dialing falls into caller number process, caller number process with
interactive voice response (IVR), and card number/password process.
1) One-stage dialing: The calling party directly dials a called number. The RADIUS
server performs authentication for the calling party, authorization for the called
party, and accounting according to the AAA configuration for one-stage dialing
process.
2) Two-stage dialing: The calling party first needs to dial an access number and then
a called number. The RADIUS server performs different AAA operations for
different access numbers.
z Caller number process: The calling party first dials an access number, and after
hearing a dial tone, dials a called number. The system originates a call according
to the called number.
z Caller number process with IVR: The calling party first dials an access number.
The system plays a prompt tone. The calling party performs operations as
prompted, and then dials a called number. The system originates a call according
to the called number.
z Card number/password process: The calling party first dials an access number.
The system plays a prompt tone. The calling party enters a card number and
password as prompted, and then dials a called number. The system originates a
call according to the called number.
The RADIUS server needs to obtain the caller’s identity information, which may be the
calling number or the preset card number and password, before performing AAA
operations for a voice call. The system uses the collected calling number or card
number and password to originate an authentication request to the RADIUS server,
and determines whether call origination is allowed according to the returned result.
The AAA function for one-stage dialing process applies to all one-stage dialing users.
For two-stage dialing users, you can configure different access numbers. For these
access numbers, you can configure different AAA schemes and different two-stage
dialing attribute parameters (for example, redial attempts and number of digits in a card
number/password). In addition, you can customize the detailed access procedure
according to the specific requirements. For example, you can set these access
numbers as private line auto ring-down (PLAR) numbers on voice subscriber lines to
implement the auto-dialing of access numbers.

Huawei Technologies Proprietary

1-4
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

Note:
z If a voice call is originated from an IP network, the voice gateway does not support
the direct dialing of access numbers, and for one-stage dialing, it supports only
accounting, instead of authentication and authorization.
z The voice gateway does not support the nested dialing of access numbers. That is,
a user cannot dial an access number again after dialing it during a call originated
from or terminated to a voice gateway.

III. Voice prompt

Voice prompts in Chinese and English are available in the card number/password
process and caller number process with IVR.

IV. Recording and querying detailed voice call information

This function records detailed information of each voice call. You can use the cdr
command to set the lifetime and number of records. The following call information is
recorded:
z Calling number
z Called number
z Voice port number
z IP address of the peer voice gateway
z Call setup time, call-connected time, call release time, and call duration.
z Number of received/sent bytes, and number of received/sent packets
You can retrieve the call information by calling number, called number, prepaid card
number, voice subscriber line number, and peer IP address.

1.2 Voice RADIUS Configuration Task List

Note:
For specific configurations of the RADIUS server, refer to AAA RADIUS HWTACACS
Configuration in Security Volume.

When configuring voice RADIUS, pay attention to the sequence and the applicable
scope of configuration tasks.
z The authentication function must be enabled before the authorization function
because the former is a prerequisite for the latter.
z The AAA function differs in the enabling method and application scope between
one-stage dialing users and two-stage dialing users. The one-stage dialing

Huawei Technologies Proprietary

1-5
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

configuration applies to all one-stage dialing users, while the two-stage dialing
configuration applies to only the users who use a specific access number.
z The setting of the accounting function is independent of the enabling of
authentication and authorization functions, and the accounting function applies to
both one-stage dialing users and two-stage dialing users. Of course, you must
ensure that necessary information (including IP address of the voice gateway,
voice port number, calling number, and card number/password) is configured on
the RADIUS server.
Read through the following sections and acquaint yourself with the views, steps, and
applicable scope of all commands.
Voice RADIUS configuration tasks include the following:
z Enter voice AAA client view
z Configure the accounting method
z Enable the AAA functions for one-stage dialing users
z Configure a rule for saving call detail records (CDRs)
z Configure access numbers
z Configure a two-stage dialing process
z Enable the AAA functions for two-stage dialing users
z Configure the method of collecting digits of called numbers
z Configure the number of digits in a card number and that in a password
z Configure the number of redial attempts
z Enable the language selection function
The configuration tasks for the one-stage dialing process differ from those for the
two-stage dialing process. The configuration tasks for the one-stage dialing process
apply to all one-stage dialing calls, while those for the two-stage dialing process apply
to different access numbers.
The configuration tasks common to the one-stage and two-stage dialing processes
include:
z Configure the accounting method
z Configure a rule for saving CDRs
The configuration tasks for the one-stage dialing process include:
z Enter voice AAA client view
z Enable the authentication function for one-stage dialing users
z Enable the authorization function for one-stage dialing users
z Enable the accounting function for one-stage dialing users
The configuration tasks for the two-stage dialing process include:
z Configure access numbers
z Configure a two-stage dialing process
z Enable the authentication function for two-stage dialing users.
z Enable the authorization function for two-stage dialing users.

Huawei Technologies Proprietary

1-6
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

z Enable the accounting function for two-stage dialing users


z Configure the method of collecting digits of called numbers
z Configure the number of digits in a card number and a password (for the card
number/password process)
z Configure the language, card number, password, or number of redial attempts (for
card number/password process and caller number process with IVR)
z Enable the language function (for the caller number process with IVR)
Complete the following tasks to configure voice RADIUS:

Task Remarks
Configuring Accounting Method Optional
Enabling the Accounting Function for
Optional
One-Stage Dialing Users
Enabling Authentication Function for
Optional
One-Stage Dialing Users
Enabling Authorization Function for
Optional
One-Stage Dialing Users
Configuring Rule for Saving CDRs Optional

Configuring Access Number Optional


Configuring Two-Stage Dialing Process Optional
Enabling Accounting Function for
Optional
Two-Stage Dialing Users
Enabling Authentication Function for
Optional
Two-Stage Dialing Users
Enabling Authorization Function for
Optional
Two-Stage Dialing Users
Configuring Method of Collecting Digits
Optional
of Called Number
Configuring Number of Digits in Card
Optional
Number/Password
Configuring Number of Redial Attempts Optional

Enabling Language Selection Function Optional

1.3 Configuring Voice RADIUS


1.3.1 Configuring Accounting Method

The RADIUS client (voice gateway) processes RADIUS Accounting requests and
responses in multiple ways. The RADIUS client sends accounting messages to the
RADIUS server in different ways at different accounting time. You can select the

Huawei Technologies Proprietary

1-7
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

required accounting method by setting the processing method of RADIUS accounting


requests and responses. The accounting method applies to one-stage dialing and
two-stage dialing.

I. Configuration prerequisites

A voice interface card (for example, an FXS interface card) is inserted in the router.

II. Configuration procedure

Follow these steps to configure an accounting method:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —
Enter voice AAA client
aaa-client —
view
acct-method { start-ack | Required
Configure an accounting
start-no-ack |
method start-no-ack by default.
stop-only }

1.3.2 Enabling the Accounting Function for One-Stage Dialing Users

For one-stage dialing users, there is no access number. It is impossible to enable the
accounting function for an individual user according to the identification. Therefore, the
accounting function can only be enabled for all one-stage dialing users.
Before enabling the accounting function, you must ensure that the RADIUS server and
RADIUS client (voice gateway) can communicate with each other at the network layer
and that a list of one-stage dialing users as well as accounting policies has been
configured on the RADIUS server.

I. Configuration prerequisites

A voice interface card (for example, an FXS interface card) is inserted in the router.

II. Configuration procedure

Follow these steps to enable the accounting function for one-stage dialing users:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —
Enter voice AAA client
aaa-client —
view

Huawei Technologies Proprietary

1-8
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

To do… Use the command… Remarks


Enable the accounting Required
function for one-stage accounting-did
dialing users Disabled by default

Note:
z For direct inward dialing (DID), it is unnecessary to dial an access number before a
called number, relative to two-stage dialing.
z If you want to prohibit users from making calls when their account balance in the
RADIUS server which is a composite access management server (CAMS) is 0, and
allow them to make calls when there is sufficient account balance, you must
configure the authentication, authorization, and accounting functions on the voice
gateway. This rule applies to one-stage dialing users and two-stage dialing users.

1.3.3 Enabling Authentication Function for One-Stage Dialing Users

For one-stage dialing users, there is no access number. It is impossible to enable the
authentication function for an individual user according to the identification. Therefore,
the authentication function can only be enabled for all one-stage dialing users.
Before enabling the authentication function, you must ensure that the RADIUS server
and RADIUS client (voice gateway) can communicate with each other at the network
layer and that a list of one-stage dialing users as well as authentication policies has
been configured on the RADIUS server.

I. Configuration prerequisites

A voice interface card (for example, an FXS interface card) is inserted in the router.

II. Configuration procedure

Follow these steps to enable the authentication function for one-stage dialing users

To do… Use the command… Remarks


Enter system view system-view —

Enter voice view voice-setup —


Enter voice AAA client
aaa-client —
view

Enable the authentication Required


function for one-stage authentication-did
dialing users Disabled by default.

Huawei Technologies Proprietary

1-9
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

1.3.4 Enabling Authorization Function for One-Stage Dialing Users

Similar to the authentication function, it is impossible to enable the authorization


function for an individual one-stage dialing user according to the identification because
there is no access number. Therefore, the authorization function can only be enabled, if
necessary, for all one-stage dialing users.
Before enabling the authorization function, you must ensure that the authentication
function is enabled on the RADIUS client, that the RADIUS server and RADIUS client
can communicate with each other at the network layer, and that a list of one-stage
dialing users as well as authorization policies has been configured on the RADIUS
server.

I. Configuration prerequisites

A voice interface card (for example, an FXS interface card) is inserted in the router.
The authentication function is enabled for one-stage dialing users. Authentication is a
prerequisite for authorization. The authentication function must be enabled before the
authorization function. If the authentication function is not enabled for one-stage dialing
users, the authorization-did command is unavailable. If the authentication function is
disabled, the authorization function will automatically be disabled.

II. Configuration procedure

Follow these steps to enable the authorization function for one-stage dialing users:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —
Enter voice AAA client
aaa-client —
view

Enable the authorization Required


function for one-stage authorization-did
dialing users Disabled by default.

Note:
Consecutive authorizations except the first one performed within the authentication
time limit will fail if the number of online users is limited to one for an account in a CAMS
serving as the RADIUS server. This rule applies to one-stage dialing users and
two-stage dialing users.

Huawei Technologies Proprietary

1-10
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

1.3.5 Configuring Rule for Saving CDRs

Each time a call is terminated, a CDR will be generated in the following two cases, no
matter whether the call is connected:
z Any of the authentication, authorization, and accounting functions is enabled for
calls originated from the local voice gateway.
z The accounting function is enabled for incoming calls of the local voice gateway.
In view of the limited memory of the voice gateway, only limited number of CDRs can be
saved. Therefore, you can set a limit on saved CDRs. There are two ways to limit CDRs
saved in the voice gateway: One is to limit the number of CDRs and the other is to limit
the lifetime of CDRs. You can also set a CDR alarm threshold.

I. Configuration prerequisites

A voice interface card (for example, an FXS interface card) is inserted in the router.

II. Configuration procedure

Follow these steps to configure a rule for saving CDRs:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter voice AAA client


aaa-client —
view
Required
50 for the size-number
cdr { buffer size-number | argument, 86,400
Configure a rule for seconds (namely, 24
duration timer-length |
saving CDRs hours) for the timer-length
threshold percentage }
argument, and 80 for the
percentage argument by
default.

Note:
At most 500 CDRs can be saved in a voice gateway. That is to say, the number of
CDRs saved in the system cannot exceed 500 even if none of the saved CDRs in the
system has reached the lifetime. In the case that bursty traffic is generated during a
period of time, the CDRs for the calls completed earliest are removed to keep the
number of saved CDRs under 500 even if they have not reached the lifetime.

Huawei Technologies Proprietary

1-11
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

1.3.6 Configuring Access Number

Two-stage dialing users must dial a specific access number before making an IP call.
Therefore, you must configure corresponding access numbers on the voice gateway
before providing the two-stage dialing service to end-users. Currently, you can
configure at most 100 access numbers on a voice gateway.

I. Configuration prerequisites

A voice interface card (for example, an FXS interface card) is inserted in the router.

II. Configuration procedure

Follow these steps to configure an access number:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —
Enter dial program view dial-program —

Configure an access Required


gw-access-number
number or enter access No access number by
access-number
number view default.

1.3.7 Configuring Two-Stage Dialing Process

An access number itself is only a code for a dialing process. You need to configure a
series of attribute parameters to form a complete dialing process.
There are three types of two-stage dialing process: caller number process (calling
number authentication), caller number process with IVR (calling number
authentication), and card number/password process (card number/password
authentication). Therefore, it is necessary to specify a dialing process for each access
number. When a dialing process is switched to another dialing process, the default
parameters will be restored.
Differences between the caller number process and the caller number process with IVR
are as follows:
z In the caller number process, after a user dials an access number, the voice
gateway plays only dial tones (long tones).
z In the caller number process with IVR, a user can select a language in which
prompt tones are played. After the user selects a language, the voice gateway
plays tones in the selected language to prompt for a called number.

I. Configuration prerequisites

You have configured an access number.

Huawei Technologies Proprietary

1-12
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

II. Configuration procedure

Follow these steps to configure a two-stage dialing process:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
process-config Required
Configure a two-stage { callernumber |
dialing process cardnumber | Caller number process
voice-caller } with IVR by default.

1.3.8 Enabling Accounting Function for Two-Stage Dialing Users

After configuring access numbers, you can enable the RADIUS accounting function for
two-stage dialing users. Before enabling the accounting function, you must ensure that
the RADIUS server and the RADIUS client (voice gateway) can communicate with
each other at the network layer and that a list of corresponding two-stage dialing users
as well as accounting policies has been configured on the RADIUS server.

I. Configuration prerequisites

You have configured an access number.

II. Configuration procedure

Follow these steps to enable the accounting function for two-stage dialing users:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Enable the accounting Required
function for two-stage accounting
dialing users Disabled by default.

Huawei Technologies Proprietary

1-13
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

Note:
The accounting function for two-stage dialing users is enabled for a specific access
number, while the accounting function for one-stage dialing users is enabled in voice
AAA client view.

1.3.9 Enabling Authentication Function for Two-Stage Dialing Users

After configuring access numbers, you can enable the RADIUS authentication function
for two-stage dialing users. Before enabling the authentication function, you must
ensure that the RADIUS server and the RADIUS client can communicate with each
other at the network layer and that a list of corresponding two-stage dialing users as
well as authentication policies has been configured on the RADIUS server.

I. Configuration prerequisites

You have configured an access number.

II. Configuration procedure

Follow these steps to enable the authentication function for two-stage dialing users:

To do… Use the command… Remarks


Enter system view system-view —

Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Enable the authentication Required
function for two-stage authentication
dialing users Disabled by default.

Note:
The authentication function for two-stage dialing users is enabled for a specific access
number, while the authentication function for one-stage dialing users is enabled in
voice AAA client view.

1.3.10 Enabling Authorization Function for Two-Stage Dialing Users

Before enabling the authorization function, you must ensure that:

Huawei Technologies Proprietary

1-14
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

z The RADIUS server and the RADIUS client can communicate with each other at
the network layer.
z Access numbers have been configured and the authentication function has been
enabled on the RADIUS server.
z A list of user authorities as well as authorization policies has been configured on
the RADIUS server.

I. Configuration prerequisites

You have configured an access number.


Before enabling the authorization function, you must ensure that the RADIUS server
and the RADIUS client can communicate with each other at the network layer and that
a list of corresponding two-stage dialing users as well as authorization policies has
been configured on the RADIUS server.
Authentication is a prerequisite for authorization. The authentication function must be
enabled before the authorization function. If the authentication function is disabled, the
authorization function will automatically be disabled. In terms of command
configuration steps, the authorization command follows the authentication command.
If the authentication function is actually not enabled, the authorization command is
unavailable.

II. Configuration procedure

Follow these steps to enable the authorization function for two-stage dialing users:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Enable the authorization Required
function for two-stage authorization
dialing users Disabled by default.

Note:
The authorization function for two-stage dialing users is enabled for a specific access
number, while the authorization function for one-stage dialing users is enabled in voice
AAA client view

Huawei Technologies Proprietary

1-15
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

1.3.11 Configuring Method of Collecting Digits of Called Number

You can use the callednumber receive-method command to configure the device to
originate a call immediately all digits of a called number are collected or after a dial
terminator # is collected.
The configuration applies to the card number/password process, caller number
process, and caller number process with IVR.

I. Configuration prerequisites

You have configured an access number.

II. Configuration procedure

Follow these steps to configure the method of collecting digits of a called number:

To do… Use the command… Remarks


Enter system view system-view —

Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Required
callednumber
Configure the method of By default, users need to
receive-method
collecting digits of a called press the dial terminator #
{ immediate |
number after dialing all digits of a
terminator }
called number.

Note:
If a user first dials the dial terminator #, the device will ignore it and will not consider it
as an error, and the user can continue to dial a number. This rule applies to both card
numbers and passwords.

1.3.12 Configuring Number of Digits in Card Number/Password

For the card number/password process, it is necessary to stipulate the number of digits
in a card number/password. This facilitates user management and access control.

I. Configuration prerequisites

You have configured an access number.

Huawei Technologies Proprietary

1-16
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

II. Configuration procedure

Follow these steps to configure the number of digits in a card number and that in a
password:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Specify the two-stage
dialing process as the process-config
Required
card number/password cardnumber
process

Configure the number of Required


card-digit card-digit
digits in a card number 12 by default.

Configure the number of password-digit Required


digits in a password password-digit 6 by default.

Note:
z The card-digit and password-digit commands apply only to the card
number/password process. They are unavailable in the case of the caller number
process and caller number process with IVR.
z If a user is required to press the dial terminator # after dialing a card number but fails
to do so, the system will prompt timeout and require the user to redial the card
number. This rule also applies to a password.

1.3.13 Configuring Number of Redial Attempts

The redialtimes command applies only to the card number/password process and the
caller number process with IVR. This command is unavailable in the case of the caller
number process.
For the card number/password process, a user first dials an access number, then
selects a language option, next enters a prepaid card number and password, and finally
dials a called number. The user can retry in each step of this process. To prevent any
dial mistake from causing a failure of the entire dialing process, you need to specify the
maximum number of dial attempts to provide fault tolerance.

Huawei Technologies Proprietary

1-17
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

For the caller number process with IVR, the number of redial attempts refers to the
times a called number can be redialed, and if you have enabled the language selection
function, you should also specify the maximum number of language selection attempts.

I. Configuration prerequisites

You have configured an access number.

II. Configuration procedure

Follow these steps to configure the number of redial attempts:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Specify the two-stage
process-config
dialing process as card
cardnumber or
number/password Required
process-config
process or caller number
voice-caller
process with IVR

Configure the number of redialtimes Required


redial attempts redialtimes-number 3 by default.

Note:
Pay attention to the following points when configuring the number of redial attempts:
z For the card number/password process, the number of redial attempts applies to
each dial step, including selecting a language option, and dialing a card number,
password, or called number.
z The redialtimes command is used to configure the number of redial attempts.
Therefore, the number of dial attempts is the number of redial attempts plus 1. For
example, if the number of redial attempts is n (redialtimes-number = n), then the
number of dial attempts is n + 1.

1.3.14 Enabling Language Selection Function

The language selection function applies to only the caller number process with IVR.
With the language selection function enabled, the voice gateway will play tones to
prompt for a language first and then a called number after a user dials an access
number.

Huawei Technologies Proprietary

1-18
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

I. Configuration prerequisites

You have configured an access number and entered access number view.

II. Configuration procedure

Follow these steps to configure the language options:

To do… Use the command… Remarks


Enter system view system-view —
Enter voice view voice-setup —

Enter dial program view dial-program —

Enter access number gw-access-number



view access-number
Specify the two-stage
process-config
dialing process as caller Required
voice-caller
number process with IVR
Required
Chinese by default. After
Configure the language selectlanguage { enable a user dials the access
options | chinese | english } number, the voice
gateway plays tones in
Chinese to prompt for a
called number.

1.4 Displaying and Maintaining Voice RADIUS


To do… Use the command… Remarks
display voice
call-history-record { all |
callednumber
called-number |
callingnumber
Display voice RADIUS calling-number |
In any view
call history records cardnumber
card-number |
remote-ip-addr
ip-address | last
last-number | line
line-number }

Display all voice RADIUS display voice


In any view
configurations access-number

Huawei Technologies Proprietary

1-19
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

To do… Use the command… Remarks


Display statistics of
messages exchanged
between voice RADIUS display voice radius
In any view
module, external call statistic
control module, and AAA
module.

Clear the statistics of


messages exchanged
between the voice
reset voice radius
RADIUS module, call In user view
statistic
management center
(CMC) module, and AAA
module

1.5 Voice RADIUS Configuration Example


1.5.1 Card Number/Password Process Configuration

I. Network requirements

Local telephone users are connected to voice subscriber lines of routers directly or via
PBXs. The routers are connected to the IP network via WAN ports. The RADIUS server
is deployed on the IP network. The number of digits in a card number is 10 and that in a
password is 4.
The access number is 12345. Authentication, authorization, and accounting are
required for users who dial this access number. The maximum number of redial
attempts is 3, that is, the maximum number of dial attempts is 4.
When making an IP call, users first dial the access number 12345, then select a
language option and enter a card number and password as prompted, and finally dial
the called number if the card number/password authentication succeeds.

II. Network diagram

Figure 1-2 Network diagram for card number/password process configuration

Huawei Technologies Proprietary

1-20
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

III. Configuration procedure

1) Configure the voice gateway Router A.


# Create a RADIUS scheme.
<RouterA> system-view
[RouterA] radius scheme sch1

# Configure an access password for accessing the authentication and authorization


server.
[RouterA-radius-sch1] key authentication password1

# Configure a password for accessing the accounting server.


[RouterA-radius-sch1] key accounting password1

# Configure an IP address for the primary authentication and authorization server and
the primary accounting server.
[RouterA-radius-sch1] primary authentication 1.1.1.3 1812
[RouterA-radius-sch1] primary accounting 1.1.1.3 1813

# Configure RADIUS packets to carry unqualified usernames.


[RouterA-radius-sch1] user-name-format without-domain

# Configure the server type to a RADIUS server based on an extended protocol.


[RouterA-radius-sch1] server-type extended

# Configure the RADIUS scheme in the default domain.


[RouterA] domain system
[RouterA-isp-system] authentication voip radius-scheme sch1
[RouterA-isp-system] authorization voip radius-scheme sch1
[RouterA-isp-system] accounting voip radius-scheme sch1
[RouterA-isp-system] quit

# Configure the access number and set the dialing process to the card
number/password process.
[RouterA-voice] dial-program
[RouterA-voice-dial] gw-access-number 12345
[RouterA-voice-dial-anum12345] process-config cardnumber

# Configure the number of digits in a card number and password.


[RouterA-voice-dial-anum12345] card-digit 10
[RouterA-voice-dial-anum12345] password-digit 4

# Enable the authentication function.


[RouterA-voice-dial-anum12345] authentication

# Enable the authorization function.


[RouterA-voice-dial-anum12345] authorization

Huawei Technologies Proprietary

1-21
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

# Enable the accounting function.


[RouterA-voice-dial-anum12345] accounting

# Set the number of redial attempts to 3.


[RouterA-voice-dial-anum12345] redialtimes 3

2) Configure the voice gateway Router B.


The configurations on Router A are basically similar to those on Router B.
# Create a RADIUS scheme.
<RouterB> system-view
[RouterB] radius scheme sch1

# Configure an access password for accessing the authentication and authorization


server.
[RouterB-radius-sch1] key authentication password2

# Configure a password for accessing the accounting server.


[RouterB-radius-sch1] key accounting password2

# Configure an IP address for the primary authentication and authorization server and
the primary accounting server.
[RouterB-radius-sch1] primary authentication 1.1.1.3 1812
[RouterB-radius-sch1] primary accounting 1.1.1.3 1813

# Configure RADIUS packets to carry unqualified usernames.


[RouterB-radius-sch1] user-name-format without-domain

# Configure the server type to a RADIUS server based on an extended protocol.


[RouterB-radius-sch1] server-type extended

# Configure the RADIUS scheme in the default domain.


[RouterB] domain system
[RouterB-isp-system] authentication voip radius-scheme sch1
[RouterB-isp-system] authorization voip radius-scheme sch1
[RouterB-isp-system] accounting voip radius-scheme sch1
[RouterB-isp-system] quit

# Configure the access number and set the dialing process to the card
number/password process.
[RouterB-voice] dial-program
[RouterB-voice-dial] gw-access-number 12345
[RouterB-voice-dial-anum12345] process-config cardnumber

# Configure the number of digits in a card number and password.


[RouterB-voice-dial-anum12345] card-digit 10
[RouterB-voice-dial-anum12345] password-digit 4

Huawei Technologies Proprietary

1-22
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

# Enable the authentication function.


[RouterB-voice-dial-anum12345] authentication

# Enable the authorization function.


[RouterB-voice-dial-anum12345] authorization

# Enable the accounting function.


[RouterB-voice-dial-anum12345] accounting

# Set the number of redial attempts to 3.


[RouterB-voice-dial-anum12345] redialtimes 3

Note:
z The RADIUS scheme for voice RADIUS must be applied to the default domain
named system.
z The configuration procedure does not cover the configurations of route, voice
subscriber line, and called number on the routers.
z If a voice call is originated from an IP network to the voice gateway, the voice
gateway does not support the dialing of access numbers, and for one-stage dialing,
it supports only accounting, instead of authentication and authorization

1.6 Troubleshooting Voice RADIUS


I. Symptom 1

After the accounting function is enabled and the accounting method is set to start-ack
or the authentication/authorization function is enabled, the system fails to connect calls.
Follow the steps below to remove the fault:
1) Use the display voice access-number command to check that the current
settings are correct.
2) Check that the RADIUS server (CAMS) works normally. For example, check that
an IP service module is installed on the CAMS, that the IP address of the voice
gateway is allowed to access to the CAMS, and that the CAMS and the voice
gateway can communicate with each other by using the ping command.
3) Check that the IP address, port number, and key of the RADIUS server on the
RADIUS server are consistent with those on the CAMS.
4) If the calling number authentication fails, check that an account is generated for
the calling number and that the account is bound to the calling number correctly.
5) If the card number/password authentication fails, check that the card number and
password are consistent with the ones generated on the CAMS.
6) If the authorization fails, check that call or access restriction is not set for the IP
phone service on the CAMS.

Huawei Technologies Proprietary

1-23
Operation Manual – Voice RADIUS (Voice Volume) Chapter 1 Voice RADIUS Configuration

7) Check the log generated on the CAMS and remove the fault according to the
errors.

II. Symptom 2

RADIUS authentication/authorization requests of voice users are always rejected.


Follow the steps below to remove the fault:
1) Follow the steps introduced in symptom 1 to see if the fault can be removed.
2) Check that the username, password, and service authorities of the user on the
CAMS are correct and that the authorities have taken effect.
3) Use the debugging voice radius all command to enable the debugging of the
voice RADIUS module and observe the message exchange in the entire
authentication/authorization process. Much of the debugging information gives
reasons for voice call disconnection.

Huawei Technologies Proprietary

1-24

You might also like