RADIUS Authentication Call Flow
The following figure illustrates the end to end call flow between the SMF server and RADIUS-EP.

Step | Description |
---|---|
1 |
Bringing up RADIUS-POD: Add the respective endpoint configuration, with VIP-IP similar to Protocol-EP VIP-IP. Add the RADIUS-server information to the profile-RADIUS configuration. |
2 |
Add the secondary authentication configuration to the required DNN profiles. |
3 |
During session-bringup, the DNN profile checks if secondary authentication is enabled after successful UDM validation.
|
4 | The RADIUS-POD prepares the Access Request packet that is destined to a configured RADIUS-server, sends the packet to UDP Proxy pod to proxy the packet out. |
6 | The UPD Proxy pod creates a socket (if not already present) and sends the packet to the RADIUS-server. |
7 | The RADIUS-server validates the Access Request. If accepted, it responds with the Access Accept message. Else, it responds with the Access Reject message. |
8 | The UDP Proxy responds to the respective RADIUS-EP instance. |
9 | The RADIUS-EP instance validates the response, fetches the framed-IP (if present), and updates the SMF-service. |
10 | The SMF-service, upon successful response from RADIUS-EP, continues with the PCF flow. Else, the SMF-service disconnects from the subscriber. |