Cisco Cisco Packet Data Gateway (PDG)
SaMOG Gateway Overview
SaMOG Services ▀
SaMOG Administration Guide, StarOS Release 19 ▄
17
The SaMOG Local Breakout - Enhanced model, and the SaMOG Web Authorization features are currently not
supported.
QoS negotiation and updates are not applicable for PMIPv6-based S2a interface, as there is no provision in the
S2a interface PMIPv6 control messages to carry the requested QoS.
MRME Service
The Multi Radio Mobility Entity (MRME) service functions as a 3GPP Trusted WLAN AAA Proxy (TWAP),
terminating the STa interface to the 3GPP AAA server and relays the AAA information between the WLAN IP access
network and the AAA server, or AAA proxy in the case of roaming.
terminating the STa interface to the 3GPP AAA server and relays the AAA information between the WLAN IP access
network and the AAA server, or AAA proxy in the case of roaming.
The MRME service has the following key features and functions:
Relays the AAA information between the Wireless LAN Controllers (WLCs) and the 3GPP AAA server.
Supports EAP-over-RADIUS between the SaMOG Gateway and the WLCs to authenticate the WLAN UEs per
RFC 3579.
Supports the Diameter-based STa interface between the 3GPP AAA server/proxy and the SaMOG Gateway per
3GPP TS 29.273 V11.4.0.
Supports the exchange of EAP messages over the STa interface per RFC 4072.
Functions as a RADIUS accounting proxy for WLC-initiated accounting messages as per RFC 2866.
Supports RADIUS Dynamic Authorization Extensions per RFC 3576 to handle HSS/AAA-initiated detach and
Diameter re-authorization procedures.
Supports authentication between the WLAN UEs and the 3GPP AAA server using EAP-AKA, EAP-AKA', and
EAP-SIM.
Supports static and dynamic P-GW selection after the authentication procedures as per 3GPP TS 29.303 v
11.2.0.
Support for PDN type IPv4.
Maintains a username database to re-use existing resources when the CGW service receives PMIPv6 and EoGRE
procedures initiated by the WLCs.
Interacts with the CGW service to provide user profile information to establish the GTP-variant S2a/Gn interface
towards the P-GW/GGSN per 3GPP TS 29.274 and 3GPP TS 29.060.
MRME Features and Functions
The MRME service includes the following features and functions.
EAP Authentication over RADIUS—MRME
The SaMOG Gateway's MRME service supports Extensible Authentication Protocol (EAP) over RADIUS to interact
with the WLCs for authenticating the WLAN UEs based on RFC 3579. Two attributes, EAP-Message and Message-
Authenticator, are used to transport EAP messages as defined in RFC 3579. The MRME service validates and processes
these messages as follows:
with the WLCs for authenticating the WLAN UEs based on RFC 3579. Two attributes, EAP-Message and Message-
Authenticator, are used to transport EAP messages as defined in RFC 3579. The MRME service validates and processes
these messages as follows:
Validates the EAP header fields (Code, Identifier, and Length attributes) prior to forwarding an EAP packet.
Discards Access-Request packets that include an EAP-Message attribute without a Message-Authenticator
attribute.