PolicyAssistant DNIS Realms

The NavisRadius PolicyAssistant offers a way to associate a DNIS (the RADIUS Called-Station-Id attribute) with a realm. When using DNIS realms, all calls to a given DNIS are treated as if the user had specified the associated realm, regardless of the realm the user actually entered. This allows use of simple users names without a realm for network connections. Additionally, if each DNIS is associated with a specific realm this prevents users of one realm calling another realm's number. (Note: This assumes the that the combination of user name and password is unique for all users.)

For example: If the phone number 555-1212 is associated with the realm fido.net and a user eileen@gato.com dials 555-1212 to connect to the network, the PolicyAssistant will treat her as though she were in the fido.net realm and ignore the gato.com realm in her user name.

Note: If the number (DNIS) dialed by a user has not been associated with a realm, then any realm the user entered as part of their User-Name will be used as the realm name.

Configuring DNIS Realms

To add and configure DNIS realms

  1. The Server Management Tool must be running, the PolicyAssistant loaded, and the SMT work space displayed.
  2. From the resource outline, select PolicyAssistant > DNIS tab.
    The DNIS realm configuration panel appears and begins displaying current data.
  3. To configure an existing DNIS realm you may double-click on the realm or select the realm and click on Edit Button.
    This will display the DNIS Realm Configuration dialog box with the options for the selected realm already entered.
  4. To add and configure a new DNIS realm click on Insert Button.
    This displays an empty DNIS Realm Configuration dialog box which you will use to enter information about the DNIS.
    The DNIS Realm Configuration dialog contains three fields that are required for DNIS realms. Each field must be filled out.

    Field Description
    DNIS The Called-Station-ID that is to be associated with a realm. This must contain the DNIS exactly as reported in the RADIUS attribute Called-Station-Id.
    User Realm This is the realm that is to be associated with this DNIS. This field contains a drop-down list of all the realms currently defined in the PolicyAssistant. The realm must exist. If it does not then the user will be rejected.
    Note: It is possible to associate multiple DNISs with one realm. However, a single DNIS may only be associated with a single realm.
    Max Connections The field sets the maximum number of sessions allowed to call this DNIS at any given time.
    • Any number greater than 0 limits the DNIS to only that number of concurrent sessions. This limit is applied in addition to any per-user or per-realm limits already defined.
    • If any of the limits are exceeded then the user will be rejected.
    Note: DNIS and realm limits are specified independently. That is, there is no cross check between DNIS limits and realm limits. Therefore, it is allowable and possibly useful to create cases where the total of the DNIS limits exceeds the realm limit.

    The following example illustrates this point. If the limit for the realm canus.net is set at 50, then it would not be possible all 6 DNISs to be at full capacity. In other words, the realm canus.net could have up to 50 users total, but it is not possible for every DNISs to reach its limit of 10 since that would be a total of 60 sessions, exceeding the realm limit.

    DNIS Limit Associated Realm Realm Limit
    5551234 10 canus.net 50
    5551212 10 canus.net
    5559876 10 canus.net
    5555555 10 canus.net
    5550102 10 canus.net
    5559182 10 canus.net
    Total 60
    It is also possible to define a case where the total of the DNIS limits is less than the realm limit. This has no practical value and would prevent the realm from ever reaching its maximum allowed limit.


Go to Top of Page