Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
ASN Gateway Overview
ASN Mobility Management ▀
Cisco ASR 5000 Series Access Service Network Gateway Administration Guide ▄
OL-22953-01
Figure 2.
Basic ASN Gateway Mobile IP Network
In te rn e t
E n te rp rise
A S N G a te w a y / F A
A c e s s S e rv ic e N e tw o rk (A S N )
H o m e A g e n t
(H A )
C o n n e c tiv ity S e rv ic e N e tw o rk (C S N )
W iM A X S S /M S
W iM A X B a s e
S ta tio n
EAP User Authentication
The ASN Gateway serves as the Extensible Authentication Protocol (EAP) authenticator and mobility key holder for
subscriber connections and RADIUS clients to attached Authorization, Authentication, and Accounting (AAA) servers.
subscriber connections and RADIUS clients to attached Authorization, Authentication, and Accounting (AAA) servers.
ASN Gateway and AAA
ASN control is handled by the ASN Gateway and the base station. The ASN Gateway control plane handles the feature
set, including AAA functions, context management, profile management, service flow authorization, paging, radio
resource management, and handover. The data plane feature set includes mapping radio bearer to the IP network, packet
inspection, tunneling, admission control, policing, QoS, and data forwarding.
set, including AAA functions, context management, profile management, service flow authorization, paging, radio
resource management, and handover. The data plane feature set includes mapping radio bearer to the IP network, packet
inspection, tunneling, admission control, policing, QoS, and data forwarding.
The ASN Gateway acts as an authenticator. It operates in pass-through mode for EAP authentication between the EAP
client (the mobile station) and the EAP (AAA) server. After successful EAP authentication, the AAA server sends the
master session key (MSK) to the ASN Gateway. The ASN Gateway, as authenticator, performs authorization key (AK)
context management. It derives the AK from the MSK and sends it to the base station. As part of the AK context, other
information, such as the AkID and CMAC are sent to the base station to secure the R1 interface.
client (the mobile station) and the EAP (AAA) server. After successful EAP authentication, the AAA server sends the
master session key (MSK) to the ASN Gateway. The ASN Gateway, as authenticator, performs authorization key (AK)
context management. It derives the AK from the MSK and sends it to the base station. As part of the AK context, other
information, such as the AkID and CMAC are sent to the base station to secure the R1 interface.
An AAA module in the ASN Gateway provides flow information for accounting. Every detail about a flow, such as the
transferred or received number of bits, the duration of the connection, and the applied policy, is retrievable from the data
plane.
transferred or received number of bits, the duration of the connection, and the applied policy, is retrievable from the data
plane.
Profile Management
The ASN Gateway provides profile management and a policy function that resides in the connectivity network. Profile
management identifies a subscriber’s feature set, such as the allowed QoS rate, number of flows, and type of flows.
management identifies a subscriber’s feature set, such as the allowed QoS rate, number of flows, and type of flows.
In addition, the ASN Gateway maintains a context for the mobile subscriber and the base station. Each subscriber’s
context contains the subscriber’s profile and security context, and the characteristics of the subscriber’s mobile device.
context contains the subscriber’s profile and security context, and the characteristics of the subscriber’s mobile device.