RADIUS can be used to allow new handsets to be registered dynamically without individual configuration by using RADIUS authentication to an external RADIUS server. RADIUS is also used to make call routing decisions.
RADIUS accounting can be used to log calls as they start and end to an external RADIUS server.
RADIUS accounting logs each call leg, so a typical call has an incoming and outgoing leg.
An interim update includes a call duration which is the time spent ringing. A final (stop) message contains a call duration which is the time from the connection of the call.
RADIUS authentication is used for any challenged requests, such as REGISTER, INVITE, REFER, SUBSCRIBE, OPTIONS etc. The Digest-Method is always included to indicate a VoIP request and identify the type of request.
You can have a RADIUS authentication before the FireBrick challenges the reqestor setting the radius-challenge
settings, allowing a RADIUS challenge response to customise the challenge, this also happens for a non local request where the user is not recognised as a local telephone user. Otherwise the FB2500 will send a challenge automatically and only send a RADIUS authentication when the authenticated message is received.
For REGISTER an accept response can include a Called-Station-Id attribute can be used to define the registered connection as a tel:number
URI for call routing. Without this, the registration is not logged on the FB2500 and it is assumed the RADIUS server will record where to send calls based on the registration. The SIP-AOR AVP in the access request provides the Contact URI, and can be used in the reply to cause a 302 redirect response to a specified contact.
Access requests are made even when the request is coming from an locally configured telephone. In such cases the telephone must also pass validation against a locally configured password (if present). To identify such requests, the User-Name is the configured name (or extn or ddi) of the telephone user, and Chargeable-User-Identity attribute is set based on the configured CUI.
Access requests are made even when from a recognised carrier. In such case the carrier is validated by the FireBrick directly, and then the access request made to decide call routing. To identify such requests, the User-Name is the configured name of the carrier prefixed with an @ character.
To understand how call routing works you need to understand how call legs work. A call leg is a connection to or from the FB2500 to another SIP device. It could be a SIP carrier or a telephone. Typically there is an incoming call leg from a carrier or a phone, which needs to be authenticated, and then a call routing decision is made.
An Access Accept response can then contain the call routing attributes. This causes one or more outgoing call legs to be created. These would typically be ringing telephones. Once one of these legs answers the others are cancelled and the two legs are connected together to form a call. The purpose of the routing attributes is to create these outgoing call legs, and to set up attributes such as CDRs and call recording.
Each call leg has a CLI (calling number), a Dialled number, a display Name, a number of CDR records (each of which have CDR and Dialled as well), and finally a number of email addresses for call recording.
The response attributes are processed in order. Initially the last call leg is the originating call. When a new outgoing leg is added, that becomes the current call leg.
Table 16.3. Access-Accept
AVP | No. | Usage |
Calling-Station-Id | 31 | Replaces CLI of current call leg. |
Called-Station-Id | 30 | Replaces Dialled number of current call leg. |
User-Name | 1 | Replaces the Name of the current call leg. |
Filter-Id | 11 | Adds a call recording email address to the current call leg. |
Chargeable-User-Identity | 89 | Adds a CDR record with this CUI, and current CLI and Dialled attributes to the current call leg. |
SIP-AOR | 121 | Creates a new outgoing call leg. See below for formats |
An outgoing call leg is created for each SIP-AOR entry, and it can be in one of the following formats. Each of this can also include a number of digits and a + symbol at the start which specifies a delay before attempting to connect that outgoing leg.