RADIUS Authentication Call Flow

The following figure illustrates the end to end call flow between the SMF server and RADIUS-EP.

RADIUS Authentication Call Flow
Step Description

1

Bringing up RADIUS-POD: Add the respective endpoint configuration, with VIP-IP similar to Protocol-EP VIP-IP. Add the RADIUS-server information to the profile-RADIUS configuration.

2

Add the secondary authentication configuration to the required DNN profiles.

3

During session-bringup, the DNN profile checks if secondary authentication is enabled after successful UDM validation.

  • If authentication is not enabled, continue with PCF.

  • If authentication is enabled, send inter-process communication (IPC) message to RADIUS-POD to authenticate the subscriber.

4 The RADIUS-POD prepares the Access Request packet that is destined to a configured RADIUS-server, sends the packet to UDP Proxy pod to proxy the packet out.
6 The UPD Proxy pod creates a socket (if not already present) and sends the packet to the RADIUS-server.
7 The RADIUS-server validates the Access Request. If accepted, it responds with the Access Accept message. Else, it responds with the Access Reject message.
8 The UDP Proxy responds to the respective RADIUS-EP instance.
9 The RADIUS-EP instance validates the response, fetches the framed-IP (if present), and updates the SMF-service.
10 The SMF-service, upon successful response from RADIUS-EP, continues with the PCF flow. Else, the SMF-service disconnects from the subscriber.