Cisco Cisco Packet Data Gateway (PDG)
SaMOG Changes in Release 17
▀ SaMOG Enhancements for 17.0
▄ Release Change Reference, StarOS Release 17
442
Access-Type Client List
Default Radius Dictionary
show samog-service statistics
The following field has been introduced to the output of the
show samog-service statistics
command to display
the number of Access-Requests dropped due to non-availability of matching PLMN based local policy:
No Policy Match
CSCug95466, CSCum36863, CSCum36878, CSCum42124, CSCup84932 -
Support Webauth on SaMOG GW
Feature Changes
SaMOG Web Authorization
This feature enables SaMOG to authenticate user equipments (UE) over a web portal (based on a user ID and
password), instead of an EAP-SIM, EAP-AKA, or EAP-AKA' authorization and connect the subscriber based on the
IMSI profile. This authentication method can be performed on any non-SIM based devices or UEs that do not support
EAP-SIM, EAP-AKA, or EAP-AKA' based authorization. SaMOG performs web authorization using the Enhanced
Charging Services (ECS).
password), instead of an EAP-SIM, EAP-AKA, or EAP-AKA' authorization and connect the subscriber based on the
IMSI profile. This authentication method can be performed on any non-SIM based devices or UEs that do not support
EAP-SIM, EAP-AKA, or EAP-AKA' based authorization. SaMOG performs web authorization using the Enhanced
Charging Services (ECS).
SaMOG performs web-based authorization in two phases:
Pre-authentication Phase: During this phase, SaMOG supports local IP address assignment and redirects the UE
traffic to a web portal where the subscriber authenticates with a username and password. On successful authentication,
the subscriber’s IMSI profile is associated with e MAC address of the UE and forwarded to the AAA server.
traffic to a web portal where the subscriber authenticates with a username and password. On successful authentication,
the subscriber’s IMSI profile is associated with e MAC address of the UE and forwarded to the AAA server.
Transparent Auto-logon Phase: The subscriber profile is cached on the AAA server for a designated duration to
enable subscribers to reconnect without further portal authentication, thus enabling a seamless user experience.
enable subscribers to reconnect without further portal authentication, thus enabling a seamless user experience.
License Requirements
In support of the SaMOG Web Authorization feature, a separate SaMOG Web Authentication license has been
introduced. This license comes bundled with the ECSv2 license.
introduced. This license comes bundled with the ECSv2 license.
Important:
For more information on the SaMOG web authorization license, contact your Cisco account
representative.
Command Changes
apn
In order to avoid overloading the
apn default-apn-profile
under the Operator Policy Configuration Mode with
the web authorization configurations, a new
webauth-apn-profile
keyword has been introduced to enable operators
to separately configure APN profiles dedicated to web authorization.
configure