Table Of Contents

SIGTRAN-M3UA

Prerequisites to SIGTRAN-M3UA

Configuring EAP-AKA/EAP-SIM with SIGTRAN-M3UA

Configuring M3UA Service

SIGTRAN-M3UA

---

SIGTRAN, a working group of the Internet Engineering Task Force (IETF), has defined a protocol for the transport of real-time signaling data over IP networks. Cisco Prime AR supports SS7 messaging over IP (SS7oIP) via SIGTRAN-M3UA, a new transport layer which leverages Stream Control Transmission Protocol (SCTP). Cisco Prime AR supports SIGTRAN-M3UA to fetch the authentication vectors from HLR, which is required for EAP-AKA/EAP-SIM authentication.

---

Note You have SIGTRAN-M3UA interface support in addition to the existing SUA interface support.

---

The EAP-AKA and EAP-SIM authentication service is extended to use M3UA. When using M3UA service for authentication, the subscriber identity (IMSI) is used to send a request to HLR and receives information from HLR containing the authentication information for authenticating an user. The authentication service initiates a request to the SIGTRAN server using IMSI, which retrieves the configured number of authentication vectors from HLR, i.e Triplets or Quintets.

---

Note When you install SIGTRAN-M3UA remote server for the first time or update the existing installation, you need to update the ip address of Cisco Prime AR where it is been installed in network.data and cli_client.conf files. Also, you must restart Cisco Prime AR to have the changes reflected.

If the LocalSubSystemNumber is not set as SGSN(149), you need to make the same change in the default.xml file, located at /cisco-ar/m3ua-cfg/.

---

Figure 22-1 MAP Service

The Cisco Prime AR server initiates the MAP service. After enabling the MAP service, the Cisco Prime AR server sends a sendAuthenticationInfo request that contains IMSI and the number of requested authentication vectors to HLR. The HLR sends a response containing the requested vectors information to Cisco Prime AR. Next, the Cisco Prime AR server sends a sendRoutinginfoForLCS request that contains IMSI and the GMLC address to HLR. The HLR sends a response containing the MSISDN information for authenticating the mobile subscribers.

---

Note Cisco Prime AR 6.0 supports only one remote server with the protocol type, SIGTRAN-M3UA.

---

This section describes the following:

•Prerequisites to SIGTRAN-M3UA

•Configuring EAP-AKA/EAP-SIM with SIGTRAN-M3UA

•Configuring M3UA Service

Prerequisites to SIGTRAN-M3UA

Before enabling the SIGTRAN-M3UA remote server, you must do the following:

•ensure that LKSCTP is not available in the Cisco Prime AR server.

•ensure to restart the Cisco Prime AR server whenever you make any configuration changes.

•ensure that the following rpm files are not installed while installing the Cisco Prime AR in RHEL 6.2:

–nss-softokn-freebl-3.12.9-11.el6.i686.rpm

–glibc-2.12-1.47.el6.i686.rpm

–ncurses-libs-5.7-3.20090208.el6.i686.rpm

–ncurses-devel-5.7-3.20090208.el6.i686.rpm

–ncurses-5.7-3.20090208.el6.i686.rpm

–nspr-4.8.8-3.el6.i686.rpm

–nss-util-3.12.10-2.el6.i686.rpm

•ensure that the following rpm files are installed while installing the Cisco Prime AR in RHEL 6.2:

–nss-softokn-freebl-3.12.9-11.el6.i686.rpm

–glibc-2.12-1.47.el6.i686.rpm

–ncurses-libs-5.7-3.20090208.el6.i686.rpm

–ncurses-devel-5.7-3.20090208.el6.i686.rpm

–ncurses-5.7-3.20090208.el6.i686.rpm

–nspr-4.8.8-3.el6.i686.rpm

–nss-util-3.12.10-2.el6.i686.rpm

–gamin-0.1.10-9.el6.i686.rpm

–libselinux-2.0.94-5.2.el6.i686.rpm

–glib2-2.22.5-6.el6.i686.rpm

–zlib-1.2.3-27.el6.i686.rpm

–libxml2-2.7.6-4.el6.i686.rpm

–gdome2-0.8.1-1.i386.rpm

–glib-1.2.10-33.el6.i686.rpm

–libgcc-4.4.6-3.el6.i686.rpm

–libstdc++-4.4.6-3.el6.i686.rpm

---

Note You must install the rpm verions relevant to the RHEL OS versions while installing the Cisco Prime AR.

---

Configuring EAP-AKA/EAP-SIM with SIGTRAN-M3UA

You can use aregcmd to create and configure the service of type eap-aka or eap-sim, see EAP-AKA or EAP-SIM for more information.

To configure EAP-AKA service with SIGTRAN-M3UA remote server:

---

Step 1 Launch aregcmd.

Step 2 Create an EAP-AKA service.

cd /Radius/Services

add eap-aka-service

Step 3 Set type as eap-aka.

set eap-aka

Step 4 Add m3ua remote server in the remoteServers

cd remoteServers/

Set 1 m3ua

---

The following shows an example configuration for EAP-AKA service with SIGTRAN-M3UA remote server support, see Table 9-1 to know more about EAP-AKA service properties.

[ //localhost/Radius/Services ]

    Entries 1 to 2 from 2 total entries

    Current filter: <all>

    eap-aka/

        Name = eap-aka

        Description =

        Type = eap-aka

        AlwaysRequestIdentity = False

        EnableIdentityPrivacy = False

        PseudonymSecret = <encrypted>

        PseudonymRenewtime = "24 Hours"

        PseudonymLifetime = Forever

        Generate3GPPCompliantPseudonym = False

        EnableReauthentication = False

        MaximumReauthentications = 16

        ReauthenticationTimeout = 3600

        ReauthenticationRealm =

        AuthenticationTimeout = 120

        QuintetGenerationScript~ =

        UseProtectedResults = False

        SendReAuthIDInAccept = False

        Subscriber_DBLookup = siGTRAN-m3UA

        FetchAuthorizationInfo = FALSE

        MultipleServersPolicy = Failover

        IncomingScript~ =

        OutgoingScript~ =

        OutageScript~ =

        RemoteServers/

To configure EAP-SIM service with SIGTRAN-M3UA remote server:

---

Step 1 Launch aregcmd.

Step 2 Create an EAP-SIM service.

cd /Radius/Services

add eap-sim-service

Step 3 Set type as eap-sim.

set eap-sim

Step 4 Add m3ua remote server in the remoteServers

cd remoteServers

Set 1 m3ua

---

The following shows an example configuration for EAP-SIM service with SIGTRAN-M3UA remote server support, see Table 9-6 to know more about EAP-SIM service properties.

    eap-sim/

        Name = eap-sim

        Description =

        Type = eap-sim

        NumberOfTriplets = 2

        UseSimDemoTriplets = False

        AlwaysRequestIdentity = False

        EnableIdentityPrivacy = False

        PseudonymSecret = <encrypted>

        PseudonymRenewtime = "24 Hours"

        PseudonymLifetime = Forever

        Generate3GPPCompliantPseudonym = False

        EnableReauthentication = False

        MaximumReauthentications = 16

        ReauthenticationTimeout = 3600

        ReauthenticationRealm =

        TripletCacheTimeout = 0

        AuthenticationTimeout = 120

        UseProtectedResults = False

        SendReAuthIDInAccept = False

        SubscriberDBLookup = SiGTRAN-M3UA

        FetchAuthorizationInfo = FALSE

        MultipleServersPolicy = Failover

        IncomingScript~ =

        OutgoingScript~ =

        OutageScript~ =

        RemoteServers/

---

Note Before enabling the SIGTRAN-M3UA remote server, you must ensure to restart the Cisco Prime AR server whenever you make any configuration changes.

---

---

Note If you set FetchAuthorizationInfo as TRUE for EAP-AKA or EAP-SIM service for SIGTRAN-M3UA in Cisco Prime AR, it fetches the MSISDN information from HLR in response. The following is an example script for reading the MSISDN information from the response,
proc MapMSISDN {request response environ} {
$environ get AuthorizationInfo
}

---

You can configure the SIGTRAN-M3UA remoteserver under /Radius/RemoteServers.

To configure the SIGTRAN-M3UA remote server:

---

Step 1 Launch aregcmd.

Step 2 Create sigtran-m3ua remote server.

cd /r/remoteServers/

add M3UA

cd M3UA

set protocol sigtran-m3ua

Step 3 Set the Subscriber_DBLookup.

set Subscriber_DBLookup SIGTRAN-M3UA

Step 4 Set the hostname and port of the HLR.

set hostName 10.81.78.140

set DestinationPort 2905

Step 5 Set the IP address and port for the source.

set SourceIPAddress 10.81.78.142

set SourcePort 2905

Step 6 Set the reactivatetimerinterval.

Step 7 Set the subsystem number for the local.

set LocalSubSystemNumber 149

Step 8 Set routingindicator.

Set routingindicator rte_gt

Step 9 Set mlcnumber.

Set mlcnumber

Step 10 Set routingparameters.

cd routingparameters/

set OriginPointCode 2

set DestinationPointCode 4

set RemoteSubSystemNumber 6

set OPCMask 16383

set DPCMask 16383

set RoutingContext 11

Step 11 Set the source and destination gt parameters.

Step 12 Set the numbering plan, encoding scheme, format, and digits for source.

Step 13 Set the numbering plan, encoding scheme, format, and digits for destination.

---

The following shows an example configuration of SIGTRAN-M3UA remote server support:

[ //localhost/Radius/RemoteServers/m3ua ]

    Name = m3ua

    Description =

    Protocol = sigtran-m3ua)

    HostName = 10.81.78.138

    SourceIPAddress = 10.81.78.139

    SourcePort = 2905

    LocalSubSystemNumber = 149

    DestinationPort = 2905

    IMSITranslationScript~ = 

    GlobalTitleTranslationScript~ = setGT

	Timeout = 15

    ReactivateTimerInterval = 2000

    LimitOutstandingRequests = FALSE

    MaxOutstandingRequests = 0

    MaxRetries = 3

    MAPVersion = 2

    NetworkVariant = ITU

    SubServiceField = NAT

    TCAPVariant = ITU96

    NetworkAppearance = 1

    NetworkIndicator = NAT

    MLCNumber = 123456789012345

    TrafficMode = LOADSHARE

    LoadShareMode = SLS

    RoutingIndicator = RTE_GT

    RoutingParameters/

        OriginPointCode = 2

        DestinationPointCode = 4

        RemoteSubSystemNumber = 6

        OPCMask = 16383

        DPCMask = 16383

        ServiceIndicatorOctet = 0

        RoutingContext = 11

    SourceGTAddress/

        SourceGTDigits = 919845071842

        SourceGTFormat = GTFRMT_4

        SourceNatureofAddress = INTNUM

        SourceTranslationType = 0

        SourceNumberingPlan = ISDN

        SourceEncodingScheme = BCDEVEN

    DestinationGTAddress/

        DestGTDigits = 919845071842

        DestGTFormat = GTFRMT_4

        DestNatureofAddress = INTNUM

        DestTranslationType = 0

        DestNumberingPlan = ISDN

        DestEncodingScheme = BCDEVEN

Table 22-1 describes SIGTRAN-M3UA remote server properties.

Table 22-1 SIGTRAN-M3UA Stack Properties  

Property	Description
Name	Required; inherited from the upper directory.
Description	An optional description of the service.
Protocol	Represents the type of remote server. The value should be SIGTRAN-M3UA.
HostName	IP address of the remote server.
SourceIPAddress	The local IP address in which Cisco Prime AR is installed.
SourcePort	The port number in which Cisco Prime AR is installed for M3UA transactions.
LocalSubSystemNumber	The local sub system number is set as 149 by default.
DestinationPort	The destination port number to which Cisco Prime AR connects.
IMSITranslationScript	The scripting point is used to modify the IMSI based on the requirement before sending the request to STP/HLR.
Timeout	Specifies the time (in seconds) to wait before an authentication request times out; defaults to 120.
ReactivateTimerInterval	Specifies the time interval (in milliseconds) to activate an inactive server; defaults to 300000 ms (which is 5 minutes).
LimitOutstandingRequests	Required; the default is FALSE. Cisco Prime AR uses this property in conjunction with the MaxOutstandingRequests property to tune the RADIUS server's use of the HLR. When you set this property to TRUE, the number of outstanding requests for this RemoteServer is limited to the value you specified in MaxOutstandingRequests. When the number of requests exceeds this number, Cisco Prime AR queues the remaining requests, and sends them as soon as the number of outstanding requests drops to this number.
MaxOutstandingRequests	Required when you have set the LimitOutstandingRequests to TRUE. The number you specify, which must be greater than zero, determines the maximum number of outstanding requests allowed for this remote server.
TrafficMode	The mode of the traffic for the HLR. The possible values are LOADSHARE or ACTSTANDBY.
LoadShareMode	Required. The TrafficMode is set as LOADSHARE, which is a type of load sharing scheme. When there is more than one associations with HLR, then the load sharing is set as Signaling Link Selection (SLS). SLS is done based on a simple round-robin basis.
MAPVersion	The version of the MAP. The possible values are 2 or 3. Specify the MAP version that the HLR supports, i.e, 2 or 3 during the configuration.
NetworkVariant	Required. Represents the network variant switch. Note Cisco Prime AR supports only ITU value in 6.0 version.
SubServiceField	Specifies the type of network to which this SAP belongs. The possible options are INT and NAT which represents international network and national network respectively.
TCAPVariant	Required; represents the name of the tcap network variant switch. The possible options are ITU88, ITU92, or ITU96.
NetworkAppearance	Required. Represents the network appearance code which ranges from 0-2147483647.
NetworkIndicator	The network indicator used in SCCP address. The possible options are NAT and INT which represents international network and national network respectively.
MLCNumber	Required, if you select FetchAuthorizationInfo as True in EAP-AKA or EAP-SIM services. Also, required for M3UA service for fetching the MSISDN from the HLR. The MLC number is configured in E.164 format. Note MLC is a max-15 digit number.
RoutingIndicator	Required; represents the routing indicator. The possible values are Route on Gloabl Title(RTE_GT) or Route on Sub System Number(RTE_SSN). You can use either RTE_GT or RTE_SSN value to route the packets for HLR.
RoutingParameters
OriginPointCode	Required; represents the originating point of a message in a signalling network. The value ranges from 0-16777215.
DestinationPointCode	Required; represents the destination address of a signalling point in a SS7 network.
RemoteSubSystemNumber	Required; represents the sub system number of the remote server. The RemoteSubSyatemNumber is set as 6 by default.
OPCMask	Represents the wild card mask for the origin point code. The value ranges from 0-16777215.
DPCMask	Represents the wild card mask for the destination point code. The value ranges from 0-16777215.
ServiceIndicatorOctet	Represents the service identifier octet. The value ranges from 0-255.
RoutingContext	Required; represents the routing context which ranges from 0-16777215.
SourceGTAddress
SourceGTDigits	Required; an unique number to identify the source.
SourceGTFormat	Required; represents the format of the global translation (GT) rule. The possible values are GTFRMT_0, GTFRMT_1, GTFRMT_2, GTFRMT_3, GTFRMT_4, or GTFRMT_5.
SourceNatureofAddress	Required; represents the type of the source address. The possible values are ADDR_NOTPRSNT (Address not present), SUBNUM (Subscriber number), NATSIGNUM (National significant number), or INTNUM (International number.)
SourceTranslationType	Required; represents the type of translation. The possible values ranges from 0-255.
SourceNumberingPlan	Required; represents the numbering plan of the network that the subscriber uses. For example, land mobile numbering plan, ISDN mobile numbering plan, private or network specific numbering plan.
SourceEncodingScheme	Required; represents the BCD encoding scheme. The possible values are UNKN (Unknown), BCDODD (BCD Odd), BCDEVEN (BCD Even), or NWSPEC (National specific.)
DestinationGTAddress The following fields are displayed only when you set RTE_GT as RoutingIndicator.
DestGTDigits	Required; an unique number to identify the destination.
DestGTFormat	Required; represents the format of the global translation (GT) rule. The possible values are GTFRMT_0, GTFRMT_1, GTFRMT_2, GTFRMT_3, GTFRMT_4, or GTFRMT_5.
DestNatureofAddress	Required; represents the type of the destination address. The possible values are ADDR_NOTPRSNT (Address not present), SUBNUM (Subscriber number), NATSIGNUM (National significant number), or INTNUM (International number.)
DestTranslationType	Required; represents the type of translation. The possible values ranges from 0-255.
DestNumberingPlan	Required; represents the numbering plan of the network that the subscriber uses. For example, Land mobile numbering plan, ISDN mobile numbering plan, private or network specific numbering plan.
DestEncodingScheme	Required; represents the BCD encoding scheme. The possible values are UNKN (Unknown), BCDODD (BCD Odd), BCDEVEN (BCD Even), or NWSPEC (National specific.)

Configuring M3UA Service

Cisco Prime AR supports the M3UA service, which is used to fetch MSISDN from IMSI through RADIUS Packets, see Chapter 4 "Cisco Prime Access Registrar Server Objects," for more information.

To configure the M3UA service with SIGTRAN-M3UA remote server:

---

Step 1 Launch aregcmd.

Step 2 Create an M3UA service.

cd /Radius/Services

add FetchMSISDN

Step 3 Set the type as M3UA.

set type M3UA

Step 4 Add M3UA remote server in the remoteServers.

cd remoteServers

Set 1 m3ua

---