D-Ewag Service In The Asr5000 Chassis; Wlc - D-Ewag Interface; Control Plane - Cisco ASR 5000 Administration Manual

Enhanced wireless access gateway

Hide thumbs Also See for ASR 5000:

Administration manual (466 pages)

Installation manual (294 pages)

Installation procedure (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

page of 123

/ 123
Contents
Table of Contents
Bookmarks

Table of Contents

▀ Product Overview

 APN for a particular session is returned by the 3GPP-AAA server during authentication. The APN can be sent

using the RADIUS "Service-Selection" AVP in Access-Accept message from the 3GPP-AAA server.

 If the APN is not supplied during authentication, the locally configured APN under the subscriber-template

configuration is applied to the D-eWAG session.

D-eWAG Service in the ASR5000 Chassis

D-eWAG's service capabilities include:

 The D-eWAG service acts as an authentication-proxy during authentication of UE with 3GPP AAA. This is to

process authentication messages between the UE and 3GPP-AAA server and to obtain the 3G-specific

attributes required for PDP context creation with the GGSN.

 D-eWAG service acts as DHCP server terminating the DHCP-Relay messages from the AP/WLC. This is to

process the actual DHCP signaling during Wi-Fi attach procedure and return the IP address allocated by GGSN

(during PDP context creation) in DHCP message itself.

 D-eWAG acts as accounting-proxy to proxy the RADIUS accounting messages between WLC and 3GPP-AAA.

WLC - D-eWAG Interface

As discussed earlier, the interface between WLC and D-eWAG is based on VLAN. Note that there can be multiple

WLCs connecting to a single D-eWAG. In which case, each WLC should be part of at least one VLAN which is shared

by D-eWAG. This helps the control/data packets from 3G-SSID reach D-eWAG from WLC through that VLAN.

Control Plane

Following are the control signaling packets to be handled by D-eWAG during the WLAN attach procedure by UE in the

3G-SSID WLAN network:

 802.1x authentication

 DHCP IP assignment

 RADIUS accounting

Requirements for 802.1x Authentication

 Ingress EAP authentication messages are all encapsulated inside RADIUS messages.

 WLC configured with D-eWAG service IP address as the AAA authentication server for the 3G-SSID.

Characteristics of this control flow:

 D-eWAG acts as AAA-Proxy for the authentication happening between UE and 3GPP-AAA.

 D-eWAG selects the actual 3GPP-AAA server based on REALM part in the NAI received in "Username" AVP.

This is achieved using the Subscriber Template based operation of D-eWAG in the ASR5000 chassis.

 The first inbound RADIUS message (Access-Request) is the FSoL for D-eWAG to create a new D-eWAG

session.

▄ Cisco ASR 5000 Enhanced Wireless Access Gateway Administration Guide

Important:

Note that the DHCP service must be configured in DHCP-Server mode in the

same context as the D-eWAG service.

DHCP-based Enhanced Wireless Access Gateway Overview

Table of Contents

D-Ewag Service In The Asr5000 Chassis; Wlc - D-Ewag Interface; Control Plane - Cisco ASR 5000 Administration Manual

D-eWAG Service in the ASR5000 Chassis

WLC - D-eWAG Interface

Control Plane

Related Manuals for Cisco ASR 5000

Related Content for Cisco ASR 5000

Table of Contents