9.64.5 A Radius Example
A Radius agent can act as an extension to a NAS and to illustrate such a scenario an example is introduced. In the example an Analysis agent is used to validate the content of the received UDP packet, and depending on the outcome a reply is sent back (also in the form of a UDP packet). Valid UDRs are routed to the subsequent agent, while invalid UDRs are deleted. Schematically, the workflow will perform the following:
Decode the data into a UDR. Discard and continue with the next packet upon failure.
ÂValidate the UDR. If it is aÂ
Access_Request_Int
, a comparison with a subscriber table must be performed to make sure the user is authorized (that is, exists in the table). All other UDR types must be deleted.
ÂIf the user was found in the table, send the UDR to the next agent and a reply UDR of typeÂ
Access_Accept_Int
 back to the Radius agent. If the user was not found, delete the UDR and send a reply UDR of typeÂAccess_Reject_Int
 to the Radius agent. Both reply UDRs must have theÂIdentifier
 field updated first.Note!
To keep the example as simple as possible, valid records are not processed. Usually, no reply is sent back until the UDRs are fully validated and manipulated. The focus of the example is the specific issues, such as decoding, validation and reply handling.
The section contains the following subsections:
9.64.5.1 Radius Example Workflow Setup