для Cisco Cisco Packet Data Gateway (PDG)
SaMOG Gateway Overview
▀ SaMOG Features and Functionality - License Enhanced Feature Software
▄ SaMOG Administration Guide, StarOS Release 19
66
The UE does not have a UICC (laptop, tablet, etc).
Phases
The SaMOG web-based authorization and session establishment for a non-EAP or non-UICC device occurs in two
phases:
phases:
Pre-Authentication Phase
During the pre-authentication phase, SaMOG supports local IP address assignment and redirects the UE traffic to a web
portal where the subscriber authenticates with a username and password combination, a one-time password, or a
voucher. On successful authentication, the subscriber’s IMSI profile is associated with e MAC address of the UE and
forwarded to the AAA server. SaMOG can allocate only IPv4 addresses to the UE during this phase.
portal where the subscriber authenticates with a username and password combination, a one-time password, or a
voucher. On successful authentication, the subscriber’s IMSI profile is associated with e MAC address of the UE and
forwarded to the AAA server. SaMOG can allocate only IPv4 addresses to the UE during this phase.
The SaMOG gateway allocates an IP address to the UE from a locally configured IP address pool to communicate with
the web portal. The pool name can either be locally configured or received from the AAA server. SaMOG then
processes the HTTP(S) and DNS packets from the UE by using ACL filters on the traffic. All other packets are dropped.
The ACL filter is locally configured, and the filter ID can either be locally configured or received from the AAA server.
The received HTTP(S) packets are then redirected to the web portal using a locally configured ECS rulebase that
provides the URL for redirection. The rulebase name can either be locally configured or received from the AAA server.
SaMOG shares the primary and secondary DNS server address with the UE. The DNS server addresses can either be
locally configured or received from the AAA server.
the web portal. The pool name can either be locally configured or received from the AAA server. SaMOG then
processes the HTTP(S) and DNS packets from the UE by using ACL filters on the traffic. All other packets are dropped.
The ACL filter is locally configured, and the filter ID can either be locally configured or received from the AAA server.
The received HTTP(S) packets are then redirected to the web portal using a locally configured ECS rulebase that
provides the URL for redirection. The rulebase name can either be locally configured or received from the AAA server.
SaMOG shares the primary and secondary DNS server address with the UE. The DNS server addresses can either be
locally configured or received from the AAA server.
Transparent Auto-logon (TAL) Phase
During the TAL phase, the subscriber profile is cached on the AAA server for a designated duration to enable
subscribers to reconnect without further portal authentication, thus enabling a seamless user experience. During this
phase, SaMOG can allocate IPv4, IPv6, or IPv4v6 addresses to the UE.
subscribers to reconnect without further portal authentication, thus enabling a seamless user experience. During this
phase, SaMOG can allocate IPv4, IPv6, or IPv4v6 addresses to the UE.
Multiple PDN Connections
Using web authorization, a subscriber can connect multiple non-EAP devices and one EAP based device using the same
IMSI-based subscription at the same time. All PDN connections of a subscriber have different bearer IDs. The
connections are routed to the same P-GW or GGSN in order to apply the APN level QoS on all the PDN connections.
The SaMOG Gateway performs P-GW, GGSN, or L-GW selection for the first PDN connection for the subscriber, and
all subsequent connections are routed to the same P-GW, GGSN, or L-GW.
IMSI-based subscription at the same time. All PDN connections of a subscriber have different bearer IDs. The
connections are routed to the same P-GW or GGSN in order to apply the APN level QoS on all the PDN connections.
The SaMOG Gateway performs P-GW, GGSN, or L-GW selection for the first PDN connection for the subscriber, and
all subsequent connections are routed to the same P-GW, GGSN, or L-GW.
Session Recovery
The SaMOG Gateway can recover AAA manager and Session manager failures for both pre-authentication phase and
TAL phase as long as the sessions are fully connected. SaMOG maintains the MAC to IMSI mapping and MAC to
Session manager mapping with the IPSG manager to ensure that the PDN connections of the subscriber is connected to
the same Session manager.
TAL phase as long as the sessions are fully connected. SaMOG maintains the MAC to IMSI mapping and MAC to
Session manager mapping with the IPSG manager to ensure that the PDN connections of the subscriber is connected to
the same Session manager.
Limitations, Restrictions, and Dependencies
This section identifies limitations, restrictions, and dependencies for the SaMOG Web Authorization feature: