Cisco Cisco Packet Data Gateway (PDG)
SaMOG Gateway Overview
SaMOG Services ▀
SaMOG Administration Guide, StarOS Release 17 ▄
21
When SaMOG interacts with pre-release 7 network elements (RADIUS based interfaces) it uses A/AAA queries. When
SaMOG interacts with post-release 7 network elements (Diameter based interfaces) it uses the NAPTR queries.
SaMOG interacts with post-release 7 network elements (Diameter based interfaces) it uses the NAPTR queries.
RADIUS Accounting Proxy—MRME
The SaMOG Gateway's MRME service proxies RADIUS accounting messages to a RADIUS accounting server and
selects the server based on an IMSI range. Upon receiving an Accounting Stop message, the MRME service clears the
subscriber session.
selects the server based on an IMSI range. Upon receiving an Accounting Stop message, the MRME service clears the
subscriber session.
RADIUS Authentication Server—MRME
The SaMOG Gateway's MRME service terminates RADIUS authentication requests. IEEE 802.1X authenticators will
function as RADIUS clients and generate Access Request messages to authenticate and authorize the WLAN UEs.
function as RADIUS clients and generate Access Request messages to authenticate and authorize the WLAN UEs.
RADIUS Disconnection—MRME
The SaMOG Gateway’s MRME service generates RADIUS disconnect messages that are sent to the WLCs for
network/aaa initiated detach and admin disconnections. Statistics for these RADIUS disconnect messages can be
retrieved via bulk statistics or the output of CLI show commands. For a network initiated detach, the SaMOG Gateway's
MRME service sends a RADIUS disconnect message to the WLC as per RFC 3576, which is the RADIUS client.
Disconnect Message transactions between the WLC and SaMOG are authenticated using a shared secret mechanism.
network/aaa initiated detach and admin disconnections. Statistics for these RADIUS disconnect messages can be
retrieved via bulk statistics or the output of CLI show commands. For a network initiated detach, the SaMOG Gateway's
MRME service sends a RADIUS disconnect message to the WLC as per RFC 3576, which is the RADIUS client.
Disconnect Message transactions between the WLC and SaMOG are authenticated using a shared secret mechanism.
Reauthorization Support—MRME
The SaMOG Gateway's MRME service uses an STa interface re-authorization procedure between the 3GPP AAA server
and the trusted non-3GPP access network to enable the 3GPP AAA server to modify previously-provided authorization
parameters, which may occur due to a modification of a subscriber profile in the HSS.
and the trusted non-3GPP access network to enable the 3GPP AAA server to modify previously-provided authorization
parameters, which may occur due to a modification of a subscriber profile in the HSS.
RADIUS Client Authentication—MRME
Transactions between the RADIUS client and the RADIUS server are authenticated through the use of a shared secret.
To authenticate Access Request messages containing the EAP-Message attribute, the SaMOG Gateway's MRME
service uses the Message-Authenticator as defined in RFC 3579. The Message-Authenticator is an HMAC-MD5 hash of
the entire Access-Request packet, including Type, ID, Length and Authenticator attributes, using the shared secret as the
key, as follows: Message-Authenticator = HMAC-MD5 (Type, Identifier, Length, and Request Authenticator attributes).
To authenticate Access Request messages containing the EAP-Message attribute, the SaMOG Gateway's MRME
service uses the Message-Authenticator as defined in RFC 3579. The Message-Authenticator is an HMAC-MD5 hash of
the entire Access-Request packet, including Type, ID, Length and Authenticator attributes, using the shared secret as the
key, as follows: Message-Authenticator = HMAC-MD5 (Type, Identifier, Length, and Request Authenticator attributes).