Cisco Cisco Packet Data Gateway (PDG)
SaMOG Gateway Overview
▀ SaMOG Features and Functionality - License Enhanced Feature Software
▄ SaMOG Administration Guide, StarOS Release 18
66
voucher. On successful authentication, the subscriber’s IMSI profile is associated with e MAC address of the UE and
forwarded to the AAA server. SaMOG can allocate only IPv4 addresses to the UE during this phase.
forwarded to the AAA server. SaMOG can allocate only IPv4 addresses to the UE during this phase.
The SaMOG gateway allocates an IP address to the UE from a locally configured IP address pool to communicate with
the web portal. The pool name can either be locally configured or received from the AAA server. SaMOG then
processes the HTTP and DNS packets from the UE by using ACL filters on the traffic. All other packets are dropped.
The ACL filter is locally configured, and the filter ID can either be locally configured or received from the AAA server.
The received HTTP packets are then redirected to the web portal using a locally configured ECS rulebase that provides
the URL for redirection. The rulebase name can either be locally configured or received from the AAA server. SaMOG
shares the primary and secondary DNS server address with the UE. The DNS server addresses can either be locally
configured or received from the AAA server.
the web portal. The pool name can either be locally configured or received from the AAA server. SaMOG then
processes the HTTP and DNS packets from the UE by using ACL filters on the traffic. All other packets are dropped.
The ACL filter is locally configured, and the filter ID can either be locally configured or received from the AAA server.
The received HTTP packets are then redirected to the web portal using a locally configured ECS rulebase that provides
the URL for redirection. The rulebase name can either be locally configured or received from the AAA server. SaMOG
shares the primary and secondary DNS server address with the UE. The DNS server addresses can either be locally
configured or received from the AAA server.
Transparent Auto-logon (TAL) Phase
During the TAL phase, the subscriber profile is cached on the AAA server for a designated duration to enable
subscribers to reconnect without further portal authentication, thus enabling a semless user experience. During this
phase, SaMOG can allocate IPv4, IPv6, or IPv4v6 addresses to the UE.
subscribers to reconnect without further portal authentication, thus enabling a semless user experience. During this
phase, SaMOG can allocate IPv4, IPv6, or IPv4v6 addresses to the UE.
Multiple PDN Connections
Using web authorization, a subscriber can connect multiple non-EAP devices and one EAP based device using the same
IMSI-based subscription at the same time. All PDN connections of a subscriber have different bearer IDs. The
connections are routed to the same P-GW or GGSN in order to apply the APN level QoS on all the PDN connections.
The SaMOG Gateway performs P-GW, GGSN, or L-GW selection for the first PDN connection for the subscriber, and
all subsequent connections are routed to the same P-GW, GGSN, or L-GW.
IMSI-based subscription at the same time. All PDN connections of a subscriber have different bearer IDs. The
connections are routed to the same P-GW or GGSN in order to apply the APN level QoS on all the PDN connections.
The SaMOG Gateway performs P-GW, GGSN, or L-GW selection for the first PDN connection for the subscriber, and
all subsequent connections are routed to the same P-GW, GGSN, or L-GW.
Session Recovery
The SaMOG Gateway can recover AAA manager and Session manager failures for both pre-authentication phase and
TAL phase as long as the sessions are fully connected. SaMOG maintains the MAC to IMSI mapping and MAC to
Session manager mapping with the IPSG manager to ensure that the PDN connections of the subscriber is connected to
the same Session manager.
TAL phase as long as the sessions are fully connected. SaMOG maintains the MAC to IMSI mapping and MAC to
Session manager mapping with the IPSG manager to ensure that the PDN connections of the subscriber is connected to
the same Session manager.
Limitations, Restrictions, and Dependencies
This section identifies limitations, restrictions, and dependencies for the SaMOG Web Authorization feature:
After a successful portal-based authentication, the UE will be disconnected and a new connection attempt is
required to setup the TAL phase session.
The Web Authorization feature cannot be configured with the pseudonym and fast reauthorization NAIs. If
configured, the session for the same IMSI number might get established in a different GGSN, P-GW, or L-GW.
The MAC to IMSI mapping table cannot be retrieved during an IPSG manager recovery.
When two devices with the same IMSI number try to connect simultaneously, the sessions are sent to two
different session managers. The device connecting later is locally dropped and its Access-Request message is
ignored. However, a subsequent re-transmission of the Access-Request message succeeds as the IMSI session
manager entry is found and the message is sent to the session manager.
ignored. However, a subsequent re-transmission of the Access-Request message succeeds as the IMSI session
manager entry is found and the message is sent to the session manager.
Only one IP context must be configured and all portal traffic routed from that VPN context.
All IP pools must be under the same context.