Cisco Cisco Packet Data Gateway (PDG)
SaMOG Gateway Overview
SaMOG Services ▀
SaMOG Administration Guide, StarOS Release 16 ▄
15
EAP Identity of Root NAI Formats—MRME
The SaMOG Gateway supports the use of the EAP identity of the Root NAI in the following format:
username@otherrealm
The username part of the Root NAI complies with RFCs 4187, 4816, and 5448 for EAP AKA, EAP SIM, and EAP
AKA’, respectively.
AKA’, respectively.
The following are examples of a typical NAI:
For EAP AKA authentication: 0<IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
For EAP SIM authentication: 1<IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
For EAP AKA' authentication: 6<IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
Diameter STa Interface Support—MRME
The SaMOG Gateway complies with 3GPP Release 11 SaMOG specifications for the STa interface as defined in TS
29.273 V11.4. The STa interface is defined between a non-3GPP access network and a 3GPP AAA server/proxy. The
SaMOG Gateway uses the STa interface to authenticate and authorize the WLAN UEs.
29.273 V11.4. The STa interface is defined between a non-3GPP access network and a 3GPP AAA server/proxy. The
SaMOG Gateway uses the STa interface to authenticate and authorize the WLAN UEs.
Operator Policy Support (IMSI-based Server Selection)—MRME
The SaMOG Gateway’s MRME service supports the selection of a 3GPP AAA proxy based on the IMSI via the
operator policy feature.
operator policy feature.
The operator policy provides mechanisms to fine tune the behavior of subsets of subscribers above and beyond the
behaviors described in the user profile. It also can be used to control the behavior of visiting subscribers in roaming
scenarios, enforcing roaming agreements and providing a measure of local protection against foreign subscribers.
behaviors described in the user profile. It also can be used to control the behavior of visiting subscribers in roaming
scenarios, enforcing roaming agreements and providing a measure of local protection against foreign subscribers.
An operator policy associates APNs, APN profiles, an APN remap table, and a call-control profile to ranges of IMSIs.
These profiles and tables are created and defined within their own configuration modes to generate sets of rules and
instructions that can be reused and assigned to multiple policies. In this manner, an operator policy manages the
application of rules governing the services, facilities, and privileges available to subscribers. These policies can override
standard behaviors and provide mechanisms for an operator to get around the limitations of other infrastructure
elements, such as DNS servers and HSSs.
These profiles and tables are created and defined within their own configuration modes to generate sets of rules and
instructions that can be reused and assigned to multiple policies. In this manner, an operator policy manages the
application of rules governing the services, facilities, and privileges available to subscribers. These policies can override
standard behaviors and provide mechanisms for an operator to get around the limitations of other infrastructure
elements, such as DNS servers and HSSs.
The operator policy configuration to be applied to a subscriber is selected on the basis of the selection criteria in the
subscriber mapping at attach time. A maximum of 1,024 operator policies can be configured. If a UE was associated
with a specific operator policy and that policy is deleted, the next time the UE attempts to access the policy, it will
attempt to find another policy with which to be associated.
subscriber mapping at attach time. A maximum of 1,024 operator policies can be configured. If a UE was associated
with a specific operator policy and that policy is deleted, the next time the UE attempts to access the policy, it will
attempt to find another policy with which to be associated.
A default operator policy can be configured and applied to all subscribers that do not match any of the per-PLMN or
IMSI range policies.
IMSI range policies.
Changes to the operator policy take effect when the subscriber re-attaches and subsequent EPS Bearer activations.
P-GW Selection—MRME
The P-GW selection function enables the SaMOG Gateway's MRME service to allocate a P-GW to provide PDN
connectivity to the WLAN UEs in the trusted non-3GPP IP access network. The P-GW selection function can employ
either static or dynamic selection.
connectivity to the WLAN UEs in the trusted non-3GPP IP access network. The P-GW selection function can employ
either static or dynamic selection.