RADIUS Authentication Call Flow

The following figure illustrates the end to end call flow between the SMF server and RADIUS endpoint.

RADIUS Authentication Call Flow
RADIUS Authentication Call Flow Description
Step Description

1

Bringing up RADIUS pod: Add the respective endpoint configuration, with VIP-IP similar to Protocol-EP VIP-IP. Add the RADIUS server information to the RADIUS profile configuration.

2

Add the secondary authentication configuration to the required DNN profiles.

3

During session bringup, the DNN profile checks if secondary authentication is enabled after successful UDM validation.

  • If authentication is not enabled, continue with PCF.

  • If authentication is enabled, send inter-process communication (IPC) message to RADIUS pod to authenticate the subscriber.

4 The RADIUS pod prepares the Access Request packet that is destined to a configured RADIUS server, sends the packet to UDP proxy pod to proxy the packet out.
6 The UPD proxy pod creates a socket (if not already present) and sends the packet to the RADIUS server.
7 The RADIUS server validates the Access Request. If accepted, it responds with the Access Accept message. Else, it responds with the Access Reject message.
8 The UDP proxy responds to the respective RADIUS-EP instance.
9 The RADIUS-EP instance validates the response, fetches the framed-IP (if present), and updates the SMF service.
10 The SMF service, upon successful response from RADIUS-EP, continues with the PCF flow. Else, the SMF service disconnects from the subscriber.