для Cisco Cisco Packet Data Gateway (PDG)
SaMOG Gateway Overview
▀ SaMOG Services
▄ SaMOG Administration Guide, StarOS Release 19
18
If multiple EAP-Message attributes are contained within an Access-Request or Access-Challenge packet,
concatenates them to form a single EAP packet.
For Access-Challenge, Access-Accept, and Access-Reject packets, calculates the Message-Authenticator
attribute as follows: Message-Authenticator = HMAC-MD5 (Type, Identifier, Length, and Request
Authenticator attributes).
Authenticator attributes).
EAP Identity of Decorated NAI Formats—MRME
The SaMOG Gateway supports the use of the EAP identity of the Decorated NAI in the following format:
homerealm!username@otherrealm
The username part of the Decorated NAI complies with RFCs 4187, 4816, and 5448 for EAP AKA, EAP SIM, and EAP
AKA’, respectively.
AKA’, respectively.
The following are examples of a typical NAI:
For EAP AKA authentication:
wlan.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!0<IMSI>@wlan.mnc<visitedMNC>.mcc<visited
MCC>.3gppnetwork.org
MCC>.3gppnetwork.org
For EAP SIM authentication:
wlan.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!1<IMSI>@wlan.mnc<visitedMNC>.mcc<visited
MCC>.3gppnetwork.org
MCC>.3gppnetwork.org
For EAP AKA' authentication:
wlan.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!6<IMSI>@wlan.mnc<visitedMNC>.mcc<visited
MCC>.3gppnetwork.org
MCC>.3gppnetwork.org
EAP Identity of Emergency NAI Formats—MRME
The SaMOG Gateway's MRME service supports the use of the EAP identity of the Emergency NAI in the following
format:
format:
0<IMSI>@sos.wlan.mnc015.mcc234.3gppnetwork.org/1<IMSI>@sos.wlan.mnc015.mcc234.3gppnetwork.org
If the IMSI is not available, the Emergency NAI can include the IMEI/MAC address, as follows:
imei<IMEI>@sos.wlan.mnc<visitedMNC>.mcc<visitedMCC>.3gppnetwork.org
mac<MAC>@sos.wlan.mnc<visitedMNC>.mcc<visitedMCC>.3gppnetwork.org
As per RFC 29.273, UEs without an IMSI are not authorized via the STa Interface. If the Emergency NAI includes an
IMEI or MAC username format, the authentication request will be rejected.
IMEI or MAC username format, the authentication request will be rejected.
EAP Identity of Fast Reauthentication NAI Formats—MRME
Where the AAA server supports fast reauthentication, the AAA server assigns an identity to the subscriber which is used
by the subscriber's UE to initiate a reattach or reauthentication. This authentication method is faster than the full
reauthentication method as the AAA server and UE use the authentication key from a previous full authentication. The
UE sends the assigned fast reauthentication NAI for subsequent authentication attempts, and the AAA server looks up
the mapping between the fast reauthentication NAI and the identity of the subscriber.
by the subscriber's UE to initiate a reattach or reauthentication. This authentication method is faster than the full
reauthentication method as the AAA server and UE use the authentication key from a previous full authentication. The
UE sends the assigned fast reauthentication NAI for subsequent authentication attempts, and the AAA server looks up
the mapping between the fast reauthentication NAI and the identity of the subscriber.
The SaMOG gateway supports the use of the EAP identity of the Fast Reauthentication NAI in the following normal
and decorated formats:
and decorated formats:
Normal: <prefix+fast-reauth-id>@nai.epc.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org
Decorated: nai.epc.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!<prefix+fast-reauth-
id>@nai.epc.mnc<visitedMNC>.mcc<visitedMCC>.3gppnetwork.org
id>@nai.epc.mnc<visitedMNC>.mcc<visitedMCC>.3gppnetwork.org