01
|
UE performs 802.11 association with the AP and attaches to the open SSID.
|
02
|
UE sends DHCP Discover message to AP to get an IP address.
|
03
|
AP gets an IP address (For example, IP1) from a local DHCP server.
|
04
|
AP completes the DHCP transaction with the UE, and sends the IP (IP1) address to the UE in the DHCP offer/DHCP Reply message.
|
05
|
AP sends a Radius Accounting Start message to SaMOG with the following parameters:
-
UE MAC address in the Username and Calling Station-Id attribute.
-
Optional: VLAN ID in the NAS-Identifier attribute.
-
IP address (allocated by local DHCP server: IP1) in the Framed-IP-Address attribute.
-
AP-MAC and SSID in the Called-Station-Id attribute.
|
06
|
SaMOG caches the Accounting Start message and maps its contents to the Radius Access-Request message towards a AAA server. The Framed-IP-Address received in Accounting Start message is not sent towards the AAA server and the AP IP address (Radius endpoint address/source address of the Accounting Start message) is included in NAS-Port-Id attribute of the Access-Request.
The AAA server determines that the UE MAC is not authenticated and sends Access-Accept message with an access point name (APN) and NAI in the MAC@realm format.
These values are received using CS-AVPair attributes similar to DHCP triggered sessions.
|
07
|
SaMOG initiates a PMIPv6 Proxy Binding Update (PBU) message towards the local P-GW to setup the network side of the call. The MNID of the PBU is the NAI received from the AAA server.
|
08
|
The local P-GW sends CCR-I towards the PCRF, and includes the NAI/MNID received from SaMOG in the PBU message.
|
09
|
PCRF determines that the subscriber is not authenticated and sends a CCA-I with the L7 redirection rulebase name.
|
10
|
The local P-GW installs the L7 redirection rule and proceeds with session creation.
|
11
|
The local P-GW allocates an IP address (For example, IP2) for the UE and sends the IP address in the Proxy Binding Answer (PBA) message towards SaMOG.
|
12
|
SaMOG maps the static NAT between the IP address (IP1) received in the Accounting Start message from AP, and the IP address (IP2) sent by the local P-GW to the NAT table.
|
13
|
SaMOG completes session creation by sending the Accounting Response message to the AP.
|
14
|
The local P-GW sends an Accounting Start message towards the AAA server with the UE MAC and the Framed-IP-Address (with IP2).
|
15
|
The AAA server sends an Accounting Start response to the local P-GW.
|
16
|
The UE attempts to access the HTTP page, and the HTTP packet reaches the local P-GW through SaMOG. SaMOG performs static NAT to change the source IP address of the packet from IP1 to IP2 and forwards it to the local P-GW over the GRE tunnel.
|
17
|
As the L7 redirection rule on the local P-GW is active, HTTP packet is intercepted.
|
18
|
The local P-GW responds with a HTTP 302 response, and provides the URL of the authentication portal to the UE.
SaMOG performs reverse NAT on this packet before forwarding it to the UE.
|
19
|
UE sends the HTTP GET request to the portal through SaMOG and the local P-GW.
|
20
|
The portal presents the login page to the UE to enter the username and password.
|
21
|
The subscriber enters the username and password to perform web authentication.
|
22
|
The portal shares the username, password and the source IP address (IP2) of the packet to the PCRF.
|
23
|
The PCRF validates the user credentials and marks the UE MAC corresponding to IP2 as authenticated.
|
24
|
The PCRF indicates authentication success to the portal. The portal then sends an HTTP 302 response to the UE with a redirect to the originally accessed web page.
|
25
|
The PCRF sends an RAR message on the Gx interface to indicate removal of redirection rule.
|
26
|
The local P-GW acknowledges the RAR message with an RAA message.
|
27
|
The local P-GW removes the L7 redirection rule for the UE session.
|
28
|
The local P-GW sends a CCR-U message to PCRF to get the quota information for the authenticated session.
|
29
|
The PCRF responds with a CCA-U message with the requested information.
|
30
|
UE now attempts to connect to the originally accessed web page again. As the L7 rule is not present at the local P-GW, the packets are sent to the Internet.
|