Cisco Cisco Packet Data Gateway (PDG)
In a frequency-based selective authentication scenario the UE is authenticated based on configured frequency
of access attempts. The configured frequency specifies the access-attempts per-UE and not across UEs. For
example if the configured frequency is "n", the UE is authenticated for every n
of access attempts. The configured frequency specifies the access-attempts per-UE and not across UEs. For
example if the configured frequency is "n", the UE is authenticated for every n
th
NAS request received. The
decision to authenticate is based on every n
th
request and not based on 'n' requests since last
authentication.Where the n
th
request is equal to a multiple of n. (for example if n = 2, it will be 2,4,6,8 and
so on)
In a periodicity-based selective authentication scenario the UE is authenticated based on configured periodicity.
For example if the configured periodicity is 't', the UE is authenticated at every 't' minutes.
For example if the configured periodicity is 't', the UE is authenticated at every 't' minutes.
The frequency-based authentication is independent of the configured periodicity. However, periodicity-based
authentication attempts are relative to the last UE authentication time. The last UE authentication attempt
time is updated whenever an UE authentication is attempted irrespective of the authentication trigger.
authentication attempts are relative to the last UE authentication time. The last UE authentication attempt
time is updated whenever an UE authentication is attempted irrespective of the authentication trigger.
The MME does not maintain periodicity and frequency across session recovery.
Note
The frequency and periodicity configured to trigger authentication/GUTI reallocation requires the new
session setup message (NAS Attach/TAU) to be processed by the Session Manager instance which has
the corresponding MME DB for the subscriber. If the MME DB is not available the frequency and
periodicity triggers will not work. For example, if the mobile identifier in the NAS Attach/TAU message
is a foreign GUTI and additional GUTI is not present, the MME does not trigger authentication/GUTI
reallocation for the subscriber based on frequency/periodicity.
session setup message (NAS Attach/TAU) to be processed by the Session Manager instance which has
the corresponding MME DB for the subscriber. If the MME DB is not available the frequency and
periodicity triggers will not work. For example, if the mobile identifier in the NAS Attach/TAU message
is a foreign GUTI and additional GUTI is not present, the MME does not trigger authentication/GUTI
reallocation for the subscriber based on frequency/periodicity.
Note
Command Changes
authenticate attach
This command is used to configure the frequency and periodicity for selective UE authentication during Attach
Procedures.
Procedures.
configure
call-control-profile profile_name
[remove] authenticate attach [inter-rat] { frequency frequency | periodicity duration }
no authenticate attach
exit
no authenticate attach
exit
Notes:
• The frequency configured specifies the authentication frequency. The frequency is an integer with range
'1' up to '16'. If the frequency is set for '12', then the service skips authentication for the first 11 events
and authenticates on the twelfth event.
and authenticates on the twelfth event.
• The periodicity configured specifies authentication periodicity. The periodicity is an integer with a
range '1' up to '10800' minutes. For example, if the configured periodicity is '20' minutes, the UE is
authenticated at every '20' minutes.
authenticated at every '20' minutes.
• No authentication procedures are defined by default. The remove keyword is used to delete the defined
authentication procedures for Attach Requests from the call control profile configuration file.
Release Change Reference, StarOS Release 19
230
MME Changes in Release 19
Selective Authentication