Configuring a radius/aaa server – Cisco H.323 VC-289 User Manual
Page 30
Configuring H.323 Gatekeepers and Proxies
H.323 Gatekeeper Configuration Task List
VC-318
Cisco IOS Voice, Video, and Fax Configuration Guide
After the previous steps have been completed, enter each user into the RADIUS database using either
the default password if using the security password default command or the actual passwords if using
the piggybacked password mechanism as the RADIUS authentication for that user. Enter either the user
H.323-ID or the E.164 address, depending on how the gatekeeper was configured.
For more information about configuring AAA services or RADIUS, refer to the Cisco IOS Security
Configuration Guide.
Configuring a RADIUS/AAA Server
To configure the RADIUS/AAA server with information about the gatekeeper for your network
installation, use the following commands beginning in global configuration mode:
•
password separator character—Specifies the
character that endpoints use to separate the
H.323-ID from the piggybacked password in the
registration. This allows each endpoint to supply
a user-specific password. The separator character
and password will be stripped from the string
before it is treated as an H.323-ID alias to be
registered.
Note that passwords may be piggybacked only in
the H.323-ID, not the E.164 address. This is
because the E.164 address allows a limited set of
mostly numeric characters. If the endpoint does
not wish to register an H.323-ID, it can still
supply an H.323-ID that consists of just the
separator character and password. This will be
understood to be a password mechanism, and no
H.323-ID will be registered.
Command
Purpose
Command
Purpose
Step 1
Router(config)# aaa new-model
Enables the authentication, authorization, and
accounting (AAA) model.
Step 2
Router(config)# aaa authentication login {default |
list-name} method1 [method2...]
Sets AAA authorization at login.
For an explanation of the keywords and arguments,
see Step 2 in the configuration task table in the
“Configuring H.323 Users via RADIUS” section on
page 314
.
Step 3
Router(config)# radius-server deadtime minutes
Improves the server response time when some servers
might be unavailable. The minutes argument
specifies the length of time, in minutes, for which a
RADIUS server is skipped over by transaction
requests, up to a maximum of 1440 minutes (24
hours).