QX1000 Manual II: Administrator's Guide
Administrator’s Menus
QX1000; (SW Version 5.3.x)
124
The
Emergency Code
text field requires the emergency code supported by the specified ITSP. By default is field is filled with the information defined
, but this field also allows to define an ITSP specific emergency codes. In case your system has both
local PSTN emergency codes and ITSP codes configured, when dialing the certain emergency code, QX1000 will first try to reach the local PSTN
allocated emergency destination, and if failed will dial the ITSP emergency destination.
Please Note:
If the defined ITSP is 911 compliant then you have to bind this account with the geographical address of your device. If the ITSP is not
911 compliant then the public safety agency will not be able to determine the address automatically.
The
Failover to PSTN
checkbox selection will route the call to the PSTN through the local FXO line in case if the VoIP Carrier is not available. W hen
this checkbox is selected, an additional entry will be added to the
table. This maintains digit transmission to the local PSTN when an IP
call towards the configured VoIP Carrier cannot be established.
Please Note:
A warning message will appear when the defined
Access Code
already exists in the
table or causes a conflict with
entries already in the Call Routing table. In this case, when continuing through the VoIP Carrier Wizard, the existing entry in the Call Routing table
will automatically be overwritten by the new settings.
RADIUS Client Settings
RADIUS
(Remote Authentication Dial In User Service) specifies the RADIUS protocol used for authentication, authorization and accounting, to
differentiate, to secure and to account for the users. The RADIUS Server provides the option for a caller from/through QX1000 to pass authentication
and to be able to dial a specific number.
When a RADIUS client is enabled on the QX1000, and according to the configuration of
AAA Required
option (see
table), the RADIUS
server will be used to authenticate user and/or to account for the call. This can be accomplished by automatic detection of the caller’s number or a
customized login prompt where the caller is expected to enter a username and password.
Transactions between the client and the RADIUS server are authenticated through the use of a shared Secret Key, which is never sent over the
network. In addition, user passwords are encrypted when sent between the client and RADIUS server to eliminate the possibility of a party viewing
an unsecured network where they could determine a user's password. If no response from the RADIUS Server is returned after the Receive Timeout
expires, the request is resent numerous times as defined in the Retry Count list. The client can also forward requests to an alternate server(s) if the
primary server is down or unreachable. An alternate server can be used after a number of failed tries to the primary server.
Once the RADIUS server receives the request, it determines if the sending client is valid. A request from a client that the RADIUS server does not
recognize must be silently discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name matches the
request. The user entry in the database contains a list of requirements (username, password, etc.) that must be met to give access to the user. If all
conditions are met, the user gets access to the QX1000 Network.
The
RADIUS Client Settings
page contains the
Enable RADIUS Client
checkbox that enables RADIUS client on the QX1000.
Please Note:
The RADIUS Client cannot be disabled if there is at least one route with
RADIUS Authentication and Authorization
or
RADIUS
Accounting
values configured in the
AAA Required
table. In order to be able to disable the RADIUS Client on the
QX1000, appropriate routes should be removed first.
The other RADIUS Client settings are divided into three groups:
1. Registration Settings
The
Primary Server
requires the IP address of the primary Radius
Server.
The
Secondary Server
requires the IP address of the secondary
Radius Server.
NAT Station IP
text fields require the NAT PC WAN IP address. If
no NAT Station is specified here, QX1000’s IP address will be sent
to the RADIUS server.
Secret Key
is used to insert the secret key between the Radius
client and the server. Contact the Radius server administrator to
get the secret key for your QX1000.
The
Confirm Secret Key
field is used to verify the secret key. If
the entered
Secret Key
does not correspond to the one in the
Confirm Secret Key
field, the error message “The Secret Key
does not match. Please try again” will appear.
Retry Count
allows you to select the number of attempts
authorized before canceling the registration.
Receive Timeout
allows you to select the timeout (in seconds)
between two attempts to register.
Encoding Type
allows you to select the encoding type (PAP or
CHAP) that should be unique on both the client and the server
sides for the establishment of a successful connection. Encoding
type should also be requested from the Radius Server
administrator.
The
Authorization Port
text field requires the port number on the
RADIUS server where QX1000 is to send the authentication
requests.
The
Accounting Port
text field requires the port number on the
RADIUS server where QX1000 is to send the accounting
messages.
Fig. II-206: Radius Client Settings page