Manualshelf

Manual

ManualsBrandsCisco ManualsGatewaysCisco Packet Data Interworking Function (PDIF)
11121314151617181920
SaMOG Gateway Overview
SaMOG Services
SaMOG Administration Guide, StarOS Release 17
15
MRME Features and Functions
The MRME service includes the following features and functions.
EAP Authentication over RADIUSMRME
The SaMOG Gateway's MRME service supports Extensible Authentication Protocol (EAP) over RADIUS to interact
with the WLCs for authenticating the WLAN UEs based on RFC 3579. Two attributes, EAP-Message and Message-
Authenticator, are used to transport EAP messages as defined in RFC 3579. The MRME service validates and processes
these messages as follows:
Validates the EAP header fields (Code, Identifier, and Length attributes) prior to forwarding an EAP packet.
Discards Access-Request packets that include an EAP-Message attribute without a Message-Authenticator
attribute.
If multiple EAP-Message attributes are contained within an Access-Request or Access-Challenge packet,
concatenates them to form a single EAP packet.
For Access-Challenge, Access-Accept, and Access-Reject packets, calculates the Message-Authenticator
attribute as follows: Message-Authenticator = HMAC-MD5 (Type, Identifier, Length, and Request
Authenticator attributes).
EAP Identity of Decorated NAI FormatsMRME
The SaMOG Gateway supports the use of the EAP identity of the Decorated NAI in the following format:
homerealm!username@otherrealm
The username part of the Decorated NAI complies with RFCs 4187, 4816, and 5448 for EAP AKA, EAP SIM, and EAP
AKA’, respectively.
The following are examples of a typical NAI:
For EAP AKA authentication:
wlan.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!0<IMSI>@wlan.mnc<visitedMNC>.mcc<visited
MCC>.3gppnetwork.org
For EAP SIM authentication:
wlan.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!1<IMSI>@wlan.mnc<visitedMNC>.mcc<visited
MCC>.3gppnetwork.org
For EAP AKA' authentication:
wlan.mnc<homeMNC>.mcc<homeMCC>.3gppnetwork.org!6<IMSI>@wlan.mnc<visitedMNC>.mcc<visited
MCC>.3gppnetwork.org
EAP Identity of Emergency NAI FormatsMRME
The SaMOG Gateway's MRME service supports the use of the EAP identity of the Emergency NAI in the following
format:
0<IMSI>@sos.wlan.mnc015.mcc234.3gppnetwork.org/1<IMSI>@sos.wlan.mnc015.mcc234.3gppnetwork.org
If the IMSI is not available, the Emergency NAI can include the IMEI/MAC address, as follows:
imei<IMEI>@sos.wlan.mnc<visitedMNC>.mcc<visitedMCC>.3gppnetwork.org
mac<MAC>@sos.wlan.mnc<visitedMNC>.mcc<visitedMCC>.3gppnetwork.org