A Radius Example
A Radius agent can act as an extension to a NAS and to illustrate such a scenario an example is introduced. In the example an Analysis agent is used to validate the content of the received UDP packet, and depending on the outcome a reply is sent back (also in the form of a UDP packet). Valid UDRs are routed to the subsequent agent, while invalid UDRs are deleted. Schematically, the workflow will perform the following:
Decode the data into a UDR. Discard and continue with the next packet upon failure.
Validate the UDR. If it is a
Access_Request_Int
, a comparison with a subscriber table must be performed to make sure the user is authorized (that is, exists in the table). All other UDR types must be deleted.
If the user was found in the table, send the UDR to the next agent and a reply UDR of type
Access_Accept_Int
back to the Radius agent. If the user was not found, delete the UDR and send a reply UDR of typeAccess_Reject_Int
to the Radius agent. Both reply UDRs must have theIdentifier
field updated first.Note!
To keep the example as simple as possible, valid records are not processed. Usually, no reply is sent back until the UDRs are fully validated and manipulated. The example focuses on specific issues, such as decoding, validation and reply handling.
This section includes the following subsections: