Appendix H. Supported RADIUS Attribute/Value Pairs for VoIP operation
Prev   Next

Appendix H. Supported RADIUS Attribute/Value Pairs for VoIP operation

Table of Contents

H.1. Authentication request
H.2. Authentication response
H.2.1. Challenge authentication
H.2.2. Accepted authentication (registration)
H.2.3. Accepted authentication (invite)
H.2.4. Rejected authentication
H.3. Accounting Start
H.4. Accounting Interim
H.5. Accounting Stop
H.6. Disconnect
H.7. Change of Authorisation

RADIUS is used to authenticate REGISTRATION requests allowing registration of telephones. It is also used to authenticate INVITE requests and provide call routing information.

RADIUS Accounting is used to provide details of calls in progress.

H.1. Authentication request

Authentication requests are used for SIP requests where the request is to be challenged, e.g. REGISTER, INVITE, REFER, SUBSCRIBE, OPTIONS, etc.

The format mostly follows RFC5090. There is an option (radius-challenge) to send the RADIUS authentication request before receiving authentication data from the requestor, which allows progress without authentication credentials, but more likely to be used to send a ACCESS_CHALLENGE response to customise the challenge sent to the requestor.

Table H.1. Access-request

AVPNo.Usage
User-Name1Name of locally configured telephone user, or @ and locally configured carrier name
Chargeable-User-Identity89If request relates to locally configured telephone user or carrier
Message-Authenticator80Message signature as per RFC2869
Called-Station-Id30Local part of To: header
Calling-Station-Id31Local part of From: header
NAS-Identifier32Configured hostname of FireBrick
NAS-IP-Address4Requestor IPv4 address if using IPv4
NAS-IPv6-Address95Requestor IPv6 address if using IPv6
NAS-Port5Requestor UDP port
NAS-Port-Type61Send with value 5 (virtual) if NAT detected
Class25User Agent string
Acct-Multi-Session-Id50Call-ID from request
Digest-Response103Digest Response
Digest-Realm104Digest Realm
Digest-Nonce105Digest Nonce
Digest-Method108Digest Method
Digest-URI109Digest URI, or URI from request if no Authorization digest present
Digest-QOP110Digest QOP
Digest-Algorithm111Digest Algorithm
Digest-CNonce113Digest CNonce
Digest-Nonce-Count114Digest Nonce Count (NC)
Digest-Username115Digest Username
Digest-Opaque116Digest Opaque
SIP-AOR121Contact URI
Session-Timeout27Time from Expires header
Acct-Terminate-Cause49Only sent for a redirect call routing, the redirect code, e.g. 301/302

Prev   Next
G.9. Notes Home H.2. Authentication response