Cisco Cisco Packet Data Gateway (PDG)
Configuring the Evolved Packet Data Gateway
Configuring the System to Perform as an Evolved Packet Data Gateway ▀
ePDG Administration Guide, StarOS Release 18 ▄
99
end
In this example, the EAP method is used for UE authentication. The
eap-profile
command creates the EAP profile to
be used in the crypto template for the ePDG service. The
mode authenticator-pass-through
command specifies
that the ePDG functions as an authenticator passthrough device, enabling an external EAP server to perform UE
authentication.
authentication.
The
crypto template
command and associated commands are used to define the cryptographic policy for the ePDG.
You must create one crypto template per ePDG service. The
ikev2-dynamic
keyword in the
crypto template
command specifies that IKEv2 protocol is used. The
authentication remote
command specifies the EAP profile to
use for authenticating the remote peer.
The
rekey keepalive
command enables Child SA (Security Association) rekeying so that a session will be rekeyed
even when there has been no data exchanged since the last rekeying operation. The
ikev2-ikesa keepalive-user-
activity
command resets the user inactivity timer when keepalive messages are received from the peer. The
ikev2-
ikesa policy error-notification
command enables the ePDG to generate Error Notify messages for Invalid
IKEv2 Exchange Message ID and Invalid IKEv2 Exchange Syntax for the IKE_SA_INIT exchange.
The
ip routing maximum-paths
command enables ECMP (Equal Cost Multiple Path) routing support and specifies
the maximum number of ECMP paths that can be submitted by a routing protocol in the current context. The
interface
command creates each of the logical interfaces, and the associated
ip address
command specifies the IP
address and subnet mask of each interface.
The
aaa group
command configures the AAA server group in the ePDG context and the
diameter
authentication
commands specify the associated Diameter authentication settings.
The
ikev2-ikesa policy use-rfc5996-notification
command enables processing for new notification
payloads added in RFC 5996, and is disabled by default.
Creating the ePDG Service
Use the following configuration example to do the following:
Create the ePDG service.
Specify the context in which the MAG/EGTP service will reside.
Specify the ePDG FQDN (Fully Qualified Domain Name) used for longest suffix matching during P-GW
dynamic allocation.
Bind the crypto template to the ePDG service.
Specify the Diameter origin endpoint and associated settings.
Specify the name of the DNS client for DNS queries and bind the IP address.
Important:
When GTPv2 is used instead of mobile-access-gateway configuration, ePDG shall use associate
egtp-service
egtp_service_name
.
configure
context <epdg_context_name>
epdg-service <epdg_service_name>
plmn id mcc <code> mnc <code>