SBC 1000/2000 4.1.x : RADIUS User Authentication Tips Using FreeRADIUS

This page contains some high-level technical tips when authenticating a RADIUS user between the Sonus SBC 1000/2000 to a FreeRADIUS Server provider:

FreeRADIUS Sample Configuration

In this section, we provide sample FreeRADIUS configuration bits relevant to RADIUS user authentication on Sonus SBC 1000/2000.


We configure a RADIUS user called raduser who's User Class is ReadOnlyClass. This class name needs to be configured on the Sonus SBC 1000/2000 - see Managing RADIUS User Class Access Level Mapping.

raduser User-Password == "Passw0rd"
        Class == "ReadOnlyClass"


This is used for the RADIUS server healthcheck:

status_server = yes


This defines the RADIUS client information with the RADIUS Server settings configured on Sonus SBC 1000/2000

client {
       secret          = Passw0rd
       shortname       = Sonus SBC 1000/2000246

RADIUS Server Authentication Message Exchange

When a RADIUS user attempts to authenticate on the Sonus SBC 1000/2000 system, the Sonus SBC 1000/2000 behaves as a RADIUS authentication client and sends an Access-Request to the RADIUS server:

rad_recv: Access-Request packet from host, id=170, length=65
        Service-Type = Login-User
        User-Name = "raduser"
        User-Password = "Passw0rd"
        NAS-Port = 0
        NAS-IP-Address =

If the request is authenticated

The RADIUS server responds with Access-Accept and it returns the Class attribute attribute:

Sending Access-Accept of id 170 to port 38525
        Class == 0x41646d696e6973747261746f72436c617373

After Sonus SBC 1000/2000 receives the Access-Accept, Sonus SBC 1000/2000 uses the Class attribute returned by RADIUS to map the appropriate access level.

If the request is not authenticated

The RADIUS server responds with Access-Reject:

Sending Access-Reject of id 215 to port 5412