RADIUS Authentication
Authentication and key management are fundamental to the security of mobile networks because they provide mutual authentication between users and the network.
5G defines various authentication methods to authenticate a user. In the 5G architecture, the serving network authenticates the Subscription Permanent Identifier (SUPI), and key agreement between the UE and the network using primary authentication mechanism.
5G supports EAP-based secondary authentication between the UE and the network. The SMF performs the role of the EAP Authenticator and relies on external AAA server (for example, RADIUS server) to authenticate and authorize the UE’s request for PDU session establishment.
The RADIUS Client function resides within the SMF to enable the generic Cloud Native 5G RADIUS functionality for authentication purposes. When the RADIUS Client feature is enabled, the SMF performs secondary authentication with the configured external RADIUS server as per 3GPP TS 23.501.
For information on enabling the RADIUS Client feature, see Configuring the RADIUS Client.