(RADIATOR) Disconnect Request, POD question, voip call session kill
Hugh Irvine
hugh at open.com.au
Fri Mar 4 04:08:20 CST 2005
Hello Ganbold -
I do not have any experience with Cisco VoIP, however a quick check of
the Cisco web site gives this:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/
122relnt/5300/rn5300xb.htm
which contains this:
RADIUS Packet of Disconnect
This feature consists of a method for terminating a call that has
already been connected. This "Packet of Disconnect" (POD) is a RADIUS
access_reject packet and is intended to be used in situations where the
AAA server wants to disconnect the user after the session has been
accepted by the RADIUS access_accept packet. This may be needed in at
least two situations:
•
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blank.gif
Type: image/gif
Size: 43 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050304/3271fa62/attachment.gif>
-------------- next part --------------
Detection of fraudulent use, which cannot be performed before accepting
the call.
•
-------------- next part --------------
A non-text attachment was scrubbed...
Name: blank.gif
Type: image/gif
Size: 43 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050304/3271fa62/attachment-0001.gif>
-------------- next part --------------
A price structure so complex that the maximum session duration cannot
be estimated before accepting the call. This may be the case when
certain types of discounts are applied or when multiple users use the
same subscription simultaneously.
Refer to the following document for further information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/
122newft/122limit/122x/122xb/122xb_2/ft_pod.htm
The above reference contains this (plus examples etc.):
Feature Overview
This feature consists of a method for terminating a call that has
already been connected. This "Packet of Disconnect" (POD) is a RADIUS
access_request packet and is intended to be used in situations where
the authenticating agent server wants to disconnect the user after the
session has been accepted by the RADIUS access_accept packet. This may
be needed in at least two situations:
• Detection of fraudulent use, which cannot be performed before
accepting the call. A price structure so complex that the maximum
session duration cannot be estimated before accepting the call. This
may be the case when certain types of discounts are applied or when
multiple users use the same subscription simultaneously.
• To prevent unauthorized servers from disconnecting users, the
authorizing agent that issues the POD packet must include three
parameters in its packet of disconnect request. For a call to be
disconnected, all parameters must match their expected values at the
gateway. If the parameters do not match, the gateway discards the
packet of disconnect packet and sends a NACK (negative acknowledgement
message) to the agent.
The parameters are the following:
• An h323-conf-id vendor-specific attribute (VSA) with the same
content as received from the gateway for this call.
• An h323-call-origin VSA with the same content as received from the
gateway for the leg of interest.
• A 16-byte MD5 hash value that is carried in the authentication
field of the POD request.
hope that helps
regards
Hugh
On 4 Mar 2005, at 10:49, Ganbold wrote:
> Hi all,
>
> I'm posting my problem again because I didn't find any solution in
> this regard since my last post.
>
> I have problem using disconnect request for Cisco AS5300. I'm using
> Radiator-3.8 radius server.
> I use utility radpwtst to send disconnect-request directly to NAS but
> it replies Disconnect-Request-NAKed.
>
> Is there anybody who solved this problem before?
> Is there anybody who successfully used POD and Disconnect-request in
> Cisco AS5300?
> What kind of attribute combination should I send to NAS?
>
> What is Cisco IOS version known to work with disconnect-request?
>
> Actually I tested disconnect request on Dial-UP Cisco NAS server and
> it works just fine.
> But it is NOT working on VoIP.
>
> We are trying to implement this feature in VoIP application.
> I appreciate very much if somebody can share its experience.
>
> I tried with Session id attribute and no result. I even tried with
> h-323-conf-id, h323-call-origin attributes, but didn't succeed.
>
> Cisco AS5300 configuration:
>
> aaa pod server auth-type any server-key xxx
>
> Following is the debug output:
>
> #debug aaa pod
> #AAA POD packet processing debugging is on
> #ter mon
> #
> Apr 8 00:23:47.933: POD: x.x.x.x request queued
> Apr 8 00:23:47.933: POD: x.x.x.x user 37255740 0.0.0.0 sessid 0x0 key
> 0x0
> Apr 8 00:23:47.933: POD: Line User IDB Session
> Id Key
> Apr 8 00:23:47.933: POD: Sending NAK to x.x.x.x/50158
> #
>
> Cisco IOS version is :
> Cisco Internetwork Operating System SoftwareIOS (tm) 5300 Software
> (C5300-IS-M), Experimental Version 12.2(20020211:190758)
>
> Debug log says request queued and sends NAK. What should I do? Can
> somebody give me an advice/recommendation?
> Is there any solution?
>
> I looked through Cisco web site and didn't find the solution.
>
> If POD doesn't work, is there any other way I can kill the particular
> VoIP call on Cisco AS5300?
>
> I hope somebody in this list can help me to solve this problem.
>
> thanks in advance,
>
> Ganbold
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list