Skip to main content

 

Cisco Meraki Documentation

EAP-SIM with MR Access Points

Cisco Meraki fully supports EAP-SIM in the same way that we handle regular EAP-based authentication types (e.g. EAP-TLS) when the RADIUS server is customer hosted - by forwarding 802.1X requests from the AP to a RADIUS server (specified in Dashboard on the Configure > Access control page). For more basic information on 802.1X and WPA2 encryption consult Cisco Meraki's online documentation.

In order for an EAP-SIM request to be successful, a special RADIUS server is required. The RADIUS server needs to convert the RADIUS protocol to a MAP protocol so the EAP request can be forwarded over a 3GPP network for authentication against a service provider's HLR (Home Location Register). An example of such a RADIUS server is the Cisco Prime Access Registrar.  

An end-to-end call flow showing the EAP-SIM process is illustrated in the diagrams below.

Figure 1: Wi-Fi Offload Solution - Local Breakout w/ AAA
 

47296585-e348-4cee-bbfa-03689dc490b8


 

Figure 2: Authentication Flow (1/2)

 

c5b3baa4-b3d3-4054-992a-aa8746e4c5fa

Figure 3: Authentication Flow (2/2)
 

27a35ce7-bb42-40fe-b4e0-cf24c16aa0ef

Figure 4: DHCP Flow

5715a668-aa35-4ee0-8559-9a7a5ae40f82

Figure 5: Accounting Flow
 

8aa9e5ee-332e-4900-9325-b5af36619a7d


Figure 6: Disconnect Flow (UE)

 

 

0267eb6e-a702-4c6d-8c04-0fd6149935da

 

 

Figure 7: Disconnect Flow (AAA Request)

f4df21ff-0c9b-4b50-b6c2-fdf51ab8b876

  • Was this article helpful?