RADIUS Protocol

Overview

AGILITY now supports the RADIUS protocol, enabling seamless integration with AAA systems used in mobile core networks. This support enhances network diagnostics, session visibility, and configuration management directly within AGILITY.

On this page, you’ll learn:

What RADIUS is and how it works.
How RADIUS operates in mobile networks, including 3G, 4G, and non-3GPP (Wi-Fi/ePDG) environments
Using RADIUS in AGILITY, from a basic AAA protocol to a source of actionable analytics.

Understanding RADIUS

RADIUS (Remote Authentication Dial-In User Service) is a protocol that enables mobile networks to manage user access, permissions, and usage information from a centralized system.
It’s part of what’s known as the AAA framework: Authentication, Authorization, and Accounting:

Authentication: Confirms the user’s identity.
Authorization: Determines what services the user is allowed to access.
Accounting: Tracks usage for reporting or billing.

Instead of having separate user databases in every network element, RADIUS allows all these checks to be managed centrally, ensuring consistent access policies across the network.

RADIUS in Mobile Networks

RADIUS is used throughout mobile core networks — in both 3G and 4G (EPC) — to manage user sessions, authenticate devices, and synchronize accounting information with the AAA server.

Authentication and Authorization

In 3G, the RADIUS client is the GGSN (Gateway GPRS Support Node).
In 4G, it’s the P-GW (Packet Gateway).

When a session is created (for example, via Create PDP Context or Create Session Request), the gateway:

Sends user information to the AAA server.
The AAA server validates the user and provides:
- IP address configuration (IPv4/IPv6)
- Service and policy details
- QoS (Quality of Service) parameters

If the request is accepted, the session starts.
If a session is rejected or unanswered, session creation fails.

💡 RADIUS can also re-authorize users later — for example, when IP addresses are assigned by DHCP or during policy updates.

Accounting and Session Tracking

The GGSN/P-GW also acts as a RADIUS Accounting Client, sending updates to the Accounting Server.

Event	RADIUS Message	Purpose

Event	RADIUS Message	Purpose
🟢 Session Start	`Accounting-Request (Start)`	Marks the beginning of a user session.
🔄 Interim Update	`Accounting-Request (Interim-Update)`	Reports ongoing session usage.
🔴 Session Stop	`Accounting-Request (Stop)`	Sent when the session ends.

This process ensures:

Accurate billing and usage reporting
Session synchronization across network systems
Automatic release of IP resources when users disconnect

3GPP-specific attributes (for example, Session Stop indicators) help maintain consistency and prevent race conditions during session termination.

RADIUS for Non-3GPP Access (Wi-Fi / ePDG)

RADIUS is also used when users connect through Wi-Fi or other non-3GPP networks.

In this case:

The ePDG (Evolved Packet Data Gateway) acts as the RADIUS client.
The AAA server authenticates users using EAP (Extensible Authentication Protocol) over RADIUS.
Once validated, the AAA server provides configuration details and security keys.

This setup enables a secure IPsec tunnel between the user device and the ePDG — ensuring the same level of protection as when connected through the mobile network.

Using RADIUS in AGILITY

Within AGILITY, RADIUS data is not only parsed but contextualized — correlated with Diameter, NAS, GTPv2, and SIP messages to reveal the full story behind each subscriber session. This transforms isolated AAA transactions into actionable insights about connectivity, policy enforcement, and authentication success or failure across domains.

By combining the speed and scalability of UDP-based RADIUS with Agility’s high-volume analytics pipeline, operators gain visibility into millions of concurrent authentications, with the ability to trace any issue from the moment a device attempts to connect to the network until service delivery.

AGILITY enhances RADIUS’s traditional accounting capabilities with enriched metadata, including IMSI, MSISDN, PDN class, APN, and UE IP context. It provides end-to-end visualization across cellular and Wi-Fi access. This unified access view helps identify anomalies, misconfigurations, or failed authentication flows that would otherwise remain hidden within the AAA layer.