beautypg.com

Configuring a radius/aaa server – Cisco H.323 VC-289 User Manual

Page 30

background image

Configuring H.323 Gatekeepers and Proxies

H.323 Gatekeeper Configuration Task List

VC-318

Cisco IOS Voice, Video, and Fax Configuration Guide

After the previous steps have been completed, enter each user into the RADIUS database using either
the default password if using the security password default command or the actual passwords if using
the piggybacked password mechanism as the RADIUS authentication for that user. Enter either the user
H.323-ID or the E.164 address, depending on how the gatekeeper was configured.

For more information about configuring AAA services or RADIUS, refer to the Cisco IOS Security
Configuration Guide
.

Configuring a RADIUS/AAA Server

To configure the RADIUS/AAA server with information about the gatekeeper for your network
installation, use the following commands beginning in global configuration mode:

password separator character—Specifies the
character that endpoints use to separate the
H.323-ID from the piggybacked password in the
registration. This allows each endpoint to supply
a user-specific password. The separator character
and password will be stripped from the string
before it is treated as an H.323-ID alias to be
registered.

Note that passwords may be piggybacked only in
the H.323-ID, not the E.164 address. This is
because the E.164 address allows a limited set of
mostly numeric characters. If the endpoint does
not wish to register an H.323-ID, it can still
supply an H.323-ID that consists of just the
separator character and password. This will be
understood to be a password mechanism, and no
H.323-ID will be registered.

Command

Purpose

Command

Purpose

Step 1

Router(config)# aaa new-model

Enables the authentication, authorization, and
accounting (AAA) model.

Step 2

Router(config)# aaa authentication login {default |

list-name} method1 [method2...]

Sets AAA authorization at login.

For an explanation of the keywords and arguments,
see Step 2 in the configuration task table in the

“Configuring H.323 Users via RADIUS” section on
page 314

.

Step 3

Router(config)# radius-server deadtime minutes

Improves the server response time when some servers
might be unavailable. The minutes argument
specifies the length of time, in minutes, for which a
RADIUS server is skipped over by transaction
requests, up to a maximum of 1440 minutes (24
hours).