Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1181
Views
0
Helpful
2
Replies

Certificate Authentication on GSM/UMTS/4G systems via Radius ISE/ACS

Go to solution
mverbon
Level 1
Level 1

‎04-01-2016 05:13 AM

Hi,

I have a question about Authentication and Private GSM/UMTS/4G systems via Radius.

A customer has a private Cloud environment for Mobile systems based on SIM cards connecting to GSM/UMTS/4G.

The customer has all the devices deployed with a Certificate from their Private CA Server.

Is it possible to do some kind of Certificate Based Authentication on this Private GSM/UMTS/4G network with ISE or ACS based on Radius?

I am not a specialist on Mobile Networks and the Protocols being used, so hopefully anyone can provide me with information so that we can go further with this solution based on ISE / ACS. Otherwise, if we cannot use this certificate, we can stop investing time to further pursue this and start looking at another solution.

For your information, I read the information in this URL:

Packet Data Solutions :: Chapter 6: GSM/GPRS and UMTS VPN Solutions :: Part II: MVPN and Advanced Wireless Data Services…

A note from this:

Possibility to interface to a AAA server to perform an IMSI- or MSISDN-based authentication or RADIUS-based IP address assignment

Thanks in advance and best regards,

Martin

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-01-2016 12:23 PM

I've not heard of using cert auth with cellular data network. EAP-SIM, which is not supported by ISE/ACS, seems to what commonly employed there.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-01-2016 12:23 PM

I've not heard of using cert auth with cellular data network. EAP-SIM, which is not supported by ISE/ACS, seems to what commonly employed there.

0 Helpful

Go to solution
mverbon
Level 1
Level 1
In response to hslai

‎04-08-2016 12:57 AM

Hi,

Your colleague Gerard van Bon directed me to another cisco product that can do more regarding this, for your information:

Cisco Prime Access Registrar - Products & Services - Cisco

Did some more research last week, and it seems that the Devices cannot use EAP-SIM as well.

So, its a dead end.

The only solution in using ISE or ACS, is to use User Based Radius Authentication with PAP/MSCHAP.

As an alternative, the GGSN can replace the User-name attribute with the MSISDN as user-name.

But that is basically the SIM number.

So that is what we are going to now, based on either ISE of ACS.

Best regards, Martin

0 Helpful
Customers Also Viewed These Support Documents