RADIUS Authentication Call Flow
The following figure illustrates the end to end call flow between the SMF server and Radius-EP.

Step | Description |
---|---|
1 |
Bringing up Radius-POD: Add the respective endpoint configuration, with VIP-IP similar to Protocol-EP VIP-IP. Add the Radius-server information to the profile-Radius configuration. |
2 |
Add the secondary authentication configuration to the required DNN profiles. |
3 |
During session-bringup, the DNN profile checks if secondary authentication is enabled after successful UDM validation.
|
4 | The Radius-POD prepares the Access Request packet that is destined to a configured Radius-server, sends the packet to UDP Proxy POD to proxy the packet out. |
6 | The UPD Proxy POD creates a socket (if not already present) and sends out the packet to the Radius-server. |
7 | The Radius-server validates the Access Request. If accepted, it responds with the Access Accept message. Else, it responds with the Access Reject message. |
8 | The UDP Proxy responds to the respective Radius-EP instance. |
9 | The Radius-EP instance validates the response, fetches the framed-IP (if present), and updates the SMF-service. |
10 | The SMF-service, upon successful response from Radius-EP, continues with the PCF flow. Else, the SMF-service disconnects from the subscriber. |