Home > Wireless LAN > Encryption and Authentication > EAP-SIM with MR Access Points

EAP-SIM with MR Access Points

Table of contents
No headers

Cisco Meraki fully supports EAP-SIM in the same way that we handle regular EAP-based authentication types (e.g. EAP-TLS) when the RADIUS server is customer hosted - by forwarding 802.1x requests from the AP to a RADIUS server (specified in Dashboard on the Configure > Access control page). For more basic information on 802.1x and WPA2 encryption consult Cisco Meraki's online documentation.

In order for an EAP-SIM request to be successful, a special RADIUS server is required. The RADIUS server needs to convert the RADIUS protocol to a MAP protocol so the EAP request can be forwarded over a 3GPP network for authentication against a service provider's HLR (Home Location Register). An example of such a RADIUS server is the Cisco Prime Access Registrar.  

An end-to-end call flow showing the EAP-SIM process is illustrated in the diagrams below.

Figure 1: Wi-Fi Offload Solution - Local Breakout w/ AAA

Figure 2: Authentication Flow (1/2)

Figure 3: Authentication Flow (2/2)

Figure 4: DHCP Flow

Figure 5: Accounting Flow

Figure 6: Disconnect Flow (UE)

Figure 7: Disconnect Flow (AAA Request)

You must to post a comment.
Last modified
18:17, 9 Feb 2016


This page has no custom tags.


This page has no classifications.

Article ID

ID: 2237

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case