RADIUS Authentication Call Flow

The following figure illustrates the end to end call flow between the SMF server and Radius-EP.

RADIUS Authentication Call Flow
Step Description

1

Bringing up Radius-POD: Add the respective endpoint configuration, with VIP-IP similar to Protocol-EP VIP-IP. Add the Radius-server information to the profile-Radius configuration.

2

Add the secondary authentication configuration to the required DNN profiles.

3

During session-bringup, the DNN profile checks if secondary authentication is enabled after successful UDM validation.

  • If authentication is not enabled, continue with PCF.

  • If authentication is enabled, send IPC to Radius-POD to authenticate the subscriber.

4 The Radius-POD prepares the Access Request packet that is destined to a configured Radius-server, sends the packet to UDP Proxy POD to proxy the packet out.
6 The UPD Proxy POD creates a socket (if not already present) and sends out the packet to the Radius-server.
7 The Radius-server validates the Access Request. If accepted, it responds with the Access Accept message. Else, it responds with the Access Reject message.
8 The UDP Proxy responds to the respective Radius-EP instance.
9 The Radius-EP instance validates the response, fetches the framed-IP (if present), and updates the SMF-service.
10 The SMF-service, upon successful response from Radius-EP, continues with the PCF flow. Else, the SMF-service disconnects from the subscriber.