Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
ASN Gateway Overview
Supported Features ▀
Cisco ASR 5000 Series Product Overview ▄
OL-22937-01
Service Provider (H-NSP), device-level authentication in a roaming application guards against unauthorized network
access by users with stolen access devices.
access by users with stolen access devices.
Supported RADIUS Methods
ASN Gateway supports following EAP authentication and authorization methods using RADIUS:
EAP-Pre-shared Key (EAP-PSK)
EAP-Transport Layer Security (EAP-TLS)
EAP-Tunneled Transport Layer Security (EAP-TTLS)
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-Pre-shared Key (EAP-PSK)
EAP-PSK is a symmetric mutual authentication method that uses manually provisioned pre-shared keys between an
EAP client on an access device and an EAP server component on AAA. The size of the pre-shared key can be up to 256
bytes.
EAP client on an access device and an EAP server component on AAA. The size of the pre-shared key can be up to 256
bytes.
EAP-Transport Layer Security (EAP-TLS)
EAP-TLS is an asymmetric authentication method that uses X.509 digital certificates, for example public/private key
pairs, and enables device-based authentication.
pairs, and enables device-based authentication.
EAP-Tunneled Transport Layer Security (EAP-TTLS)
EAP-TTLS is a multi-level authentication scheme to enable device and user-based authentication. The first level
handshake provides device-level authentication and uses the same encryption and ciphering algorithms as EAP-TLS.
The secure connection established through the first level handshake is then extended with MS-CHAP-V2 authentication
to verify user credentials. As with other EAP methods, successful EAP transactions at AAA result in a Master Session
Key (MSK) that is returned over an encrypted connection. The ASN Gateway uses the key to generate a derivative key
for securing the air interface between ASN and user access device.
handshake provides device-level authentication and uses the same encryption and ciphering algorithms as EAP-TLS.
The secure connection established through the first level handshake is then extended with MS-CHAP-V2 authentication
to verify user credentials. As with other EAP methods, successful EAP transactions at AAA result in a Master Session
Key (MSK) that is returned over an encrypted connection. The ASN Gateway uses the key to generate a derivative key
for securing the air interface between ASN and user access device.
EAP-Authentication and Key Agreement (EAP-AKA)
EAP-AKA uses symmetric cryptography based on pre-shared private client/server keys and challenge-response
mechanisms similar to other EAP methods. It verifies credentials for users of Removable User Identity Modules (R-
UIMs).
mechanisms similar to other EAP methods. It verifies credentials for users of Removable User Identity Modules (R-
UIMs).
Supported Diameter Methods
ASN Gateway supports the following Diameter methods for EAP authentication and authorization: