Defining Priority for Authentication Algorithm

Use the following sample configuration to define the priority for different authentication algorithms (PAP or CHAP or MSCHAP) for RADIUS-based authentication in SMF.

config 
   profile dnn profile_name 
      authentication { { secondary radius [ group group_name  ] | { algorithm { pap priority_value [ password-use-pco ] | chap priority_value [ convert-to-mschap ] | mschap priority_value } } 
      end 

NOTES:

  • password-use-pco : This keyword overrides the DNN configured password with PCO password. The default setting is disabled.

    If the host level password is not configured at DNN, then the SMF uses the UE given password for PAP-based authentication even though this configuration is disabled.

  • convert-to-mschap : This keyword converts the received CHAP Challenge and Response to MSCHAP if the CHAP Response length is 49 bytes. Otherwise, the SMF sends as CHAP only even though this configuration is explicitly enabled.

  • The default priority for PAP, CHAP, and MSCHAP algorithms is 0 which means that the configuration is disabled. The valid values are 1, 2, and 3. Lower the value, higher is the priority. It is used to resolve conflicts if the UE sends multiple authentication parameters in the PCO, EPCO, or APCO IE.