scottk/wlan-docs
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-docs.git synced 2025-10-31 18:57:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

GitBook: [master] 32 pages modified

Browse Source
This commit is contained in:
Chris Busch
2021-05-11 21:51:13 +00:00
committed by gitbook-bot
parent e65b35eaac
commit 2a0bf74bfb
7 changed files with 585 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
SUMMARY.md
View File

@@ -28,5 +28,10 @@
* [Multi-VLAN SSID](configuration-examples/multi-vlan-ssid.md) * [Multi-VLAN SSID](configuration-examples/multi-vlan-ssid.md)
* [NAT Gateway Mode SSID](configuration-examples/nat-gateway-mode-ssid.md) * [NAT Gateway Mode SSID](configuration-examples/nat-gateway-mode-ssid.md)
* [RADIUS Authenticated SSID](configuration-examples/radius-authenticated-ssid.md) * [RADIUS Authenticated SSID](configuration-examples/radius-authenticated-ssid.md)
* [Passpoint®](configuration-examples/passpoint-r1.md) * [Passpoint®](configuration-examples/passpoint-r1/README.md)
* [Configuration Introduction](configuration-examples/passpoint-r1/configuration-introduction.md)
* [Advertising Services](configuration-examples/passpoint-r1/advertising-services.md)
* [Passpoint® Cloud SDK Configuration](configuration-examples/passpoint-r1/passpoint-r-cloud-sdk-configuration/README.md)
* [Passpoint Postman Collection](configuration-examples/passpoint-r1/passpoint-r-cloud-sdk-configuration/passpoint-postman-collection.md)
* [Passpoint via UI](configuration-examples/passpoint-r1/passpoint-r-cloud-sdk-configuration/passpoint-via-ui.md)

16
configuration-examples/passpoint-r1/README.md Normal file
View File

@@ -0,0 +1,16 @@
# Passpoint®
Passpoint® brings seamless, automatic and secure Wi-Fi connectivity using either pre-provisioned credentials or the SIM card in a mobile device. Passpoint provides simple, fast online sign-up and provisioning that is only required upon a users first visit to a Passpoint network. Once a Passpoint enabled device contains the Wi-Fi AP or network credentials, it will discover and securely connect when the user is nearby—without requiring additional user action. This makes staying connected while mobile infinitely easier, and because Passpoint employs enterprise-level security, users can feel confident their data is better protected.
Passpoint® also delivers more value to carriers, service providers, and IT managers of enterprise networks, enabling:
* Mobile data offload
* Wi-Fi networks for
* Hospitality, venues and enterprise
* Streamlined, enterprise-class device provisioning and credential management for enterprise and other private networks
* Wi-Fibased services such as Wi-Fi calling, and collaboration tools
* Wi-Fi roaming agreements across carriers and service providers
* Opportunities to engage users and extract additional value from the network
Passpoint® is already supported by most enterprise-class APs on the market today, and natively supported by major mobile operating systems including Android, iOS, macOS, and Windows 10. With active support from a wide ecosystem of device manufacturers, mobile operators, and service providers, Passpoint® benefits both users and Wi-Fi network providers

20
configuration-examples/passpoint-r1/advertising-services.md Normal file
View File

@@ -0,0 +1,20 @@
---
description: Passpoint®
---
# Advertising Services
Passpoint requires ANQP to supply three information elements from the Access Point.
#### PLMN-Id
Public Land Mobile Network Id is defined by 3GPP and comprised of two, three digit numbers to uniquely identify the Mobile Network Operator \(MNO\).
#### Realm
A Fully Qualified Domain Name \(FQDN\) is a realm representing the service provider of the Wi-Fi service. Non MNO operators are an example of 'realm-based' service advertisements. Examples include Cable MSOs, Enterprises or other on MNO providers. Authentication methods used with realm-based configuration are EAP-TLS and EAP-TTLS.
#### OI / RCOI
Organization Id or as defined by Wireless Broadband Alliance, Roaming Consortium Organization Id indicate the federated identity capable of authentication. Examples would be OpenRoaming, Eduroam and follow the Passpoint® EAP authentication methods.

102
configuration-examples/passpoint-r1/configuration-introduction.md Normal file
View File

@@ -0,0 +1,102 @@
---
description: Passpoint®
---
# Configuration Introduction
TIP Open WiFi devices implement support for both the air interface and systems interfaces necessary to support Passpoint® Release 2 and above. Once also termed Hotspot 2.0, IEEE 802.11u specified added air interface fields exposing Access Network Query Protocol interactions for clients to discovery Access Point capabilities.
Wi-Fi Alliance expanded ANQP to include Online Signup \(OSU\) concepts to leverage seamless onboarding and client security for Passpoint® networks. Following on from these efforts, Wireless Broadband Alliance has provided the necessary system interfaces for identity, security, mobile offload within a common federated operator solution known as OpenRoaming.
TIP Open WiFi enables operators to deploy the full range of Passpoint® and OpenRoaming solutions.
<table>
<thead>
<tr>
<th style="text-align:left">Term</th>
<th style="text-align:left">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:left">Operator</td>
<td style="text-align:left">
<p>Wi-Fi Infrastructure Operator</p>
<p>Access Network Provider (ANP) as defined by OpenRoaming</p>
</td>
</tr>
<tr>
<td style="text-align:left">Venue</td>
<td style="text-align:left">Deployed location of Wi-Fi service</td>
</tr>
<tr>
<td style="text-align:left">Identity Provider</td>
<td style="text-align:left">
<p>Subscriber authenticating service provider</p>
<p>Home Service Provider (HSP) as defined by OpenRoaming</p>
</td>
</tr>
<tr>
<td style="text-align:left">Roaming Exchange</td>
<td style="text-align:left">Operator and Identity Provider Authentication, Authorization, Accounting</td>
</tr>
<tr>
<td style="text-align:left">ANQP</td>
<td style="text-align:left">
<p>Access Network Query Protocol contains:</p>
<ul>
<li>Domain</li>
<li>Venue Name</li>
<li>Venue Info</li>
<li>Operator Friendly Name</li>
<li>IP Type</li>
<li>WAN Metric</li>
<li>Connection Capability</li>
<li>Operating Class</li>
<li>Authentication Type</li>
<li>Service Providers List</li>
</ul>
</td>
</tr>
<tr>
<td style="text-align:left">GAS</td>
<td style="text-align:left">
<p>Generic Advertisement Layer 2 Service for client query</p>
<ul>
<li>Client query returns:
<ul>
<li>Organization Identifier / Service Provider Identity</li>
<li>Domain</li>
<li>Authentication</li>
<li>Roaming Consortium List</li>
<li>Network Access Identifier Realm (NAI)</li>
<li>3GPP Network Data</li>
</ul>
</li>
</ul>
</td>
</tr>
<tr>
<td style="text-align:left">OSU</td>
<td style="text-align:left">
<p>Online Signup - Advertised over ANQP contains:</p>
<p></p>
<ul>
<li>OSU SSID</li>
<li>OSU URI</li>
<li>OSU Method</li>
<li>OSU Available Icons</li>
<li>OSU ESS (OSEN) SSID</li>
<li>OSU Description</li>
</ul>
</td>
</tr>
<tr>
<td style="text-align:left">OSEN</td>
<td style="text-align:left">OSU Server Authenticated Layer 2 Encryption Network</td>
</tr>
</tbody>
</table>

16
configuration-examples/passpoint-r1/passpoint-r-cloud-sdk-configuration/README.md Normal file
View File

@@ -0,0 +1,16 @@
---
description: Passpoint® Setup
---
# Passpoint® Cloud SDK Configuration
In earlier sections of Open WiFi documentation, the association of Access Point Equipment and SSID Profiles were described.
For Passpoint® configuration, each Equipment Profile may reference multiple SSID Profiles. Within the SSID Profile, an association to RADIUS and Passpoint® Profile is made.
From the Passpoint® Profile, an Operator, Venue and multiple Identity Providers are defined.

417
configuration-examples/passpoint-r1/passpoint-r-cloud-sdk-configuration/passpoint-postman-collection.md Normal file
View File

@@ -0,0 +1,417 @@
---
description: Passpoint via API
---
# Passpoint Postman Collection
Cloud SDK accepts all Passpoint configuration via API if desired. Please refer to [API](../../../api/) for additional instructions on use of Cloud SDK OpenAPI.
For reference: [Postman collection for Passpoint](https://github.com/Telecominfraproject/wlan-cloud-workspace/blob/master/wlan-cloud-devtools/postman-collections/passpoint/RadSec.postman_collection.json) to assist the reader is available.
#### RADIUS Profile Example: PLMN ID Based Identity Provider Profile
```text
{
"model_type": "Profile",
"id": 3,
"customerId": 2,
"profileType": "radius",
"name": "Identity_Provider-radius-profile",
"details": {
"model_type": "RadiusProfile",
"primaryRadiusAuthServer": {
"model_type": "RadiusServer",
"ipAddress": "10.16.10.50",
"secret": "testing123!",
"port": 11812,
"timeout": 0
},
"secondaryRadiusAuthServer": null,
"primaryRadiusAccountingServer": {
"model_type": "RadiusServer",
"ipAddress": "10.16.10.60",
"secret": "testing123!",
"port": 11813,
"timeout": 5
},
"secondaryRadiusAccountingServer": null,
"profileType": "radius"
},
"childProfileIds": []
```
{% hint style="info" %}
Open WiFi 1.0 SSIDs are mapped to a single RADIUS profile. All Authentication and Accounting will be forwarded to the RADIUS services defined in the Profile. Sub-release 1.1 supports realm-based forwarding and RADSec operations \(RADIUS over TLS\)
{% endhint %}
### Identities
#### Identity Provider Profile Example: PLMN ID Based Identity
```text
{
"model_type": "Profile",
"id": 11,
"customerId": 2,
"profileType": "passpoint_osu_id_provider",
"name": "MNO",
"details": {
"model_type": "PasspointOsuProviderProfile",
"mccMncList": [
{
"model_type": "PasspointMccMnc",
"mcc": 3-digit,
"mnc": 3-digit,
"iso": "us",
"country": "USA",
"countryCode": 1,
"network": "MNO Name",
"mccMncPairing": "3-digit,3-digit"
}
],
"naiRealmList": [],
"osuIconList": [],
"osuServerUri": null,
"osuFriendlyName": [],
"osuNaiStandalone": "anonymous@mno_fqdn",
"osuNaiShared": "anonymous@mno_fqdn",
"osuMethodList": [],
"osuServiceDescription": [],
"roamingOi": [],
"profileType": "passpoint_osu_id_provider"
},
"childProfileIds": []
}
```
In the above example, an MNO with PLMN identifiers is configured. The result of this configuration will be a UE mobile handset learns its home network operator is available over Wi-Fi network and attempts authentication seamlessly. The MNO logo will display in the UE home screen top bar.
#### Identity Provider Profile Example: OI / RCOI Based Identity
```text
{
"model_type": "Profile",
"id": 16,
"customerId": 2,
"profileType": "passpoint_osu_id_provider",
"name": "RCOI-Member-OpenRoaming",
"details": {
"model_type": "PasspointOsuProviderProfile",
"mccMncList": [],
"naiRealmList": [],
"osuIconList": [],
"osuServerUri": null,
"osuFriendlyName": [],
"osuNaiStandalone": "anonymous@member_fqdn",
"osuNaiShared": "anonymous@member_fqdn",
"osuMethodList": [],
"osuServiceDescription": [],
"roamingOi": [
"FFFFF00000",
"FFFFF00100",
"FFFFF8F5F4",
"000000",
"000000"
],
"profileType": "passpoint_osu_id_provider"
},
"childProfileIds": []
}
```
In the above example, a settled roaming provider part of the OpenRoaming federated RCOI has been defined. The UE device will automatically discover this network, for many devices with existing OpenRoaming credentials will seamlessly associate to the advertised service from this Wi-Fi network.
#### Identity Provider Profile Example: Realm Based
```text
{
"model_type": "Profile",
"id": 7,
"customerId": 2,
"profileType": "passpoint_osu_id_provider",
"name": "Realm Operator Name",
"details": {
"model_type": "PasspointOsuProviderProfile",
"mccMncList": [],
"naiRealmList": [
{
"model_type": "PasspointNaiRealmInformation",
"naiRealms": [
"operator.fqdn.com"
],
"encoding": 0,
"eapMethods": [
"EAP-TTLS with username/password"
],
"eapMap": {
"EAP-TTLS with username/password": [
"Non-EAP Inner Authentication Type:MSCHAPV2"
]
}
}
],
"osuIconList": [],
"osuServerUri": null,
"osuFriendlyName": [],
"osuNaiStandalone": "anonymous@operator_fqdn.com",
"osuNaiShared": "anonymous@operator_fqdn.com",
"osuMethodList": [],
"osuServiceDescription": [],
"roamingOi": [],
"profileType": "passpoint_osu_id_provider"
},
"childProfileIds": []
```
The above example demonstrates a realm-based identity provider configured for authentication using EAP-TTLS.
### Operators and Venues
#### Wi-Fi Operator Profile Example
```text
{
"model_type": "Profile",
"id": 12,
"customerId": 2,
"profileType": "passpoint_operator",
"name": "TIP Lab",
"details": {
"model_type": "PasspointOperatorProfile",
"serverOnlyAuthenticatedL2EncryptionNetwork": false,
"x509CertificateLocation": null,
"operatorFriendlyName": [
{
"model_type": "PasspointDuple",
"locale": "eng",
"dupleIso3Language": "eng",
"dupleName": "Telecom Infra Project",
"defaultDupleSeparator": ":",
"asDuple": "eng:Telecom Infra Project"
},
{
"model_type": "PasspointDuple",
"locale": "fra",
"dupleIso3Language": "fra",
"dupleName": "Le Telecom Infra Project",
"defaultDupleSeparator": ":",
"asDuple": "fra:Le Telecom Infra Project"
}
],
"domainNameList": [
"telecominfraproject.com"
],
"profileType": "passpoint_operator"
},
"childProfileIds": []
}
```
#### Venue Profile
```text
{
"model_type": "Profile",
"id": 13,
"customerId": 2,
"profileType": "passpoint_venue",
"name": "TIP Lab",
"details": {
"model_type": "PasspointVenueProfile",
"venueNameSet": [
{
"model_type": "PasspointVenueName",
"locale": "fra",
"dupleIso3Language": "fra",
"dupleName": "Le TIP Lab c'est Ici",
"defaultDupleSeparator": ":",
"venueUrl": null,
"asDuple": "fra:Le TIP Lab"
},
{
"model_type": "PasspointVenueName",
"locale": "eng",
"dupleIso3Language": "eng",
"dupleName": "TIP Lab",
"defaultDupleSeparator": ":",
"venueUrl": null,
"asDuple": "eng:TIP Lab"
}
],
"profileType": "passpoint_venue",
"venueTypeAssignment": {
"model_type": "PasspointVenueTypeAssignment",
"venueDescription": "Research and Development Facility",
"venueGroupId": 7,
"venueTypeId": 7
}
},
"childProfileIds": []
```
### Passpoint Profile
With all other profile configuration in place, the logical association of these profiles occurs within the Passpoint Profile.
```text
{
"model_type": "Profile",
"id": 14,
"customerId": 2,
"profileType": "passpoint",
"name": "test-Passpoint-Profile",
"details": {
"model_type": "PasspointProfile",
"enableInterworkingAndHs20": true,
"hissed": null,
"passpointAccessNetworkType": "free_public_network",
"passpointNetworkAuthenticationType": "acceptance_of_terms_and_conditions",
"additionalStepsRequiredForAccess": 1,
"deauthRequestTimeout": 0,
"operatingClass": 0,
"termsAndConditionsFile": {
"model_type": "ManagedFileInfo",
"md5checksum": null,
"lastModifiedTimestamp": null,
"apExportUrl": null,
"fileCategory": "ExternalPolicyConfiguration",
"fileType": "TEXT",
"altSlot": false
},
"whitelistDomain": null,
"emergencyServicesReachable": false,
"unauthenticatedEmergencyServiceAccessible": false,
"internetConnectivity": true,
"connectionCapabilitySet": [
{
"model_type": "PasspointConnectionCapability",
"connectionCapabilitiesPortNumber": 8888,
"connectionCapabilitiesIpProtocol": "TCP",
"connectionCapabilitiesStatus": "open"
}
],
"ipAddressTypeAvailability": "public_IPv4_address_available",
"qosMapSetConfiguration": null,
"apGeospatialLocation": null,
"apCivicLocation": null,
"apPublicLocationIdUri": null,
"gasAddr3Behaviour": "p2pSpecWorkaroundFromRequest",
"anqpDomainId": 5432,
"disableDownstreamGroupAddressedForwarding": true,
"enable2pt4GHz": true,
"enable5GHz": true,
"associatedAccessSsidProfileIds": [15],
"osuSsidProfileId": null,
"passpointOperatorProfileId": 12,
"passpointVenueProfileId": 13,
"passpointOsuProviderProfileIds": [
7,
11,
16
],
"profileType": "passpoint",
"networkAuthenticationType": "acceptance_of_terms_and_conditions",
"accessNetworkType": "free_public_network"
},
"childProfileIds": [
7, // Realm Based Example IDP
11, // MNO Based Example IDP
12, // RCOI Based Example / OpenRoaming IDP
13, // Venue Profile
16 // Wi-Fi Operator Profile
]
```
### Passpoint SSID Profile Association
```text
{
"model_type": "Profile",
"id": 15,
"customerId": 2,
"profileType": "ssid",
"name": "passpoint-access-ssid",
"details": {
"model_type": "SsidConfiguration",
"ssid": "OpenRoaming",
"appliedRadios": [
"is5GHz",
"is2dot4GHz"
],
"ssidAdminState": "enabled",
"secureMode": "wpa2EAP",
"vlanId": 1,
"dynamicVlan": "disabled",
"keyStr": "sdfksfh$%#2f@#$",
"broadcastSsid": "enabled",
"keyRefresh": 0,
"noLocalSubnets": false,
"radiusServiceId": 3, // RADIUS Profile
"radiusAcountingServiceInterval": 60,
"captivePortalId": null,
"bandwidthLimitDown": 0,
"bandwidthLimitUp": 0,
"clientBandwidthLimitDown": 0,
"clientBandwidthLimitUp": 0,
"videoTrafficOnly": false,
"radioBasedConfigs": {
"is5GHzU": {
"model_type": "RadioBasedSsidConfiguration",
"enable80211r": null,
"enable80211k": null,
"enable80211v": null
},
"is2dot4GHz": {
"model_type": "RadioBasedSsidConfiguration",
"enable80211r": null,
"enable80211k": null,
"enable80211v": null
},
"is5GHzL": {
"model_type": "RadioBasedSsidConfiguration",
"enable80211r": null,
"enable80211k": null,
"enable80211v": null
}
},
"bonjourGatewayProfileId": null,
"enable80211w": null,
"useRadiusProxy": false,
"wepConfig": null,
"forwardMode": "BRIDGE",
"profileType": "ssid",
"radiusClientConfiguration": {
"model_type": "RadiusNasConfiguration",
"nasClientId": "USER_DEFINED",
"nasClientIp": "WAN_IP",
"userDefinedNasId": "FB001AP001",
"userDefinedNasIp": null,
"operatorId": "AmeribandTIP"
}
},
"childProfileIds": [
3, // RADIUS Profile
14 // Passpoint Profile
]
}
```
{% hint style="info" %}
RADIUS Profile and Passpoint Profile are both Child Profiles of the Access Point Equipment
{% endhint %}

8
configuration-examples/passpoint-r1/passpoint-r-cloud-sdk-configuration/passpoint-via-ui.md Normal file
View File

@@ -0,0 +1,8 @@
---
description: Passpoint Configuration
---
# Passpoint via UI
Cloud SDK user interface enables all Passpoint configuration needed for live service.