diff --git a/.gitbook/assets/image (22) (1).png b/.gitbook/assets/image (22) (1).png new file mode 100644 index 0000000..69ddbdf Binary files /dev/null and b/.gitbook/assets/image (22) (1).png differ diff --git a/.gitbook/assets/image (33).png b/.gitbook/assets/image (34) (1).png similarity index 100% rename from .gitbook/assets/image (33).png rename to .gitbook/assets/image (34) (1).png diff --git a/.gitbook/assets/image (32).png b/.gitbook/assets/image (36) (1).png similarity index 100% rename from .gitbook/assets/image (32).png rename to .gitbook/assets/image (36) (1).png diff --git a/README.md b/README.md index 397eeeb..b0af000 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ description: Telecom Infra Project OpenWiFi --- -# OpenWiFi Release 2.0 +# OpenWiFi Release 2.1 ## What is OpenWiFi? @@ -12,7 +12,7 @@ TIP OpenWiFi is an open source community project that believes in democratizing TIP OpenWiFi is the industry's first CI/CD open source Wi-Fi eco-system. Built nightly with a strong community of Wi-Fi leaders, new features are unit tested in automated RF chambers and checked from cloud to ground for Wi-Fi performance and conformance. -OpenWiFi 2.0 introduces management and telemetry based on uCentral offering expanded selection of managed devices including smaller APs and PoE access switches. +OpenWiFi 2.0 introduces management and telemetry based on uCentral offering expanded selection of managed devices including smaller APs and PoE access switches. ### High Level Features diff --git a/SUMMARY.md b/SUMMARY.md index d03df6a..d6bf6d6 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -1,6 +1,6 @@ # Table of contents -* [OpenWiFi Release 2.0](README.md) +* [OpenWiFi Release 2.1](README.md) * [Ordering OpenWiFi APs](ordering-open-wi-fi-aps.md) * [Getting Started](getting-started/README.md) * [Cloud Discovery](getting-started/cloud-discovery/README.md) diff --git a/api/README.md b/api/README.md index 155bfa1..3935bc6 100644 --- a/api/README.md +++ b/api/README.md @@ -4,49 +4,49 @@ description: OpenWiFi 2.0 SDK # API -OpenWiFi services follow the OpenAPI 3.0 definition. +OpenWiFi services follow the OpenAPI 3.0 definition. The complete API is described here: [OpenWiFi SDK OpenAPI](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/openapi/ucentral/ucentral.yaml) -### Devices +## Devices OpenWiFi devices are Access Points or Switches \(and other forms in the future\), that support the uCentral configuration schema. Devices contact a controller using the uCentral protocol. -### Communication +## Communication The communication between the controller and the devices use the uCentral protocol. This protocol is defined in this [document](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/PROTOCOL.md). -### Device Configuration +## Device Configuration A device is configured by ingesting a uCentral configuration. That configuration will be provided by the SDK Gateway as a result of a command through the API. Command processing occurs when the device's configuration is older than what is known in the SDK Gateway. The uCentral schema is a JSON document containing parameters to set on a particular device. -### SDK Gateway Communication +## SDK Gateway Communication In order to speak to the Gateway, you must implement a client that uses the OpenAPI definition for the gateway. You can find its [definition here](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/openapi/ucentral/ucentral.yaml). You cannot talk to a device directly. -### API Basics +## API Basics -#### Device `serialNumber` +### Device `serialNumber` Throughout the API, the `serialNumber` of the device is used as the key. The `serialNumber` is actual the MAC address of the device, without its `:`. The `serialNumber` is guaranteed to be unique worldwide. The device uses its serial number to identify itself to the controller. -#### Device Configuration +### Device Configuration The configuration can be supplied when the device is created. After the device is created, the only way to modify the configuration is by using the `/device/{serialNumber}/configure` endpoint. The Gateway maintains the versioning of the configuration through the use of a `uuid`. The Gateway maintains that number and will ignore anything your supply. The controller also does minimum validation on the configuration: it must be a valid JSON document and must have a `uuid` field which will be ignored. -#### Device Capabilities +### Device Capabilities Device capabilities are uploaded to the Gateway when the device performs its initial connection. Capabilities tell the Gateway what the device is able to support. The Gateway uses this information to provide a configuration matched to the device type. -#### Command Queue +### Command Queue -The Gateway will send commands to the devices. These commands are kept in a table and are sent at the appropriate time or immediately when the device connects. +The Gateway will send commands to the devices. These commands are kept in a table and are sent at the appropriate time or immediately when the device connects. For example, you could ask a device to change its configuration, however it might be unreachable. Upon next device connection, this configure command will be sent. The list of commands is retrieved using the `/commands` endpoint. -#### Commands +### Commands Several commands maybe sent to a device: reboot, configure, factory reset, firmware upgrade, LEDs, trace, message request, etc. The API endpoint `/device/{serialNumber}/{command}` details all the available commands. -#### Device Specific Collections +### Device Specific Collections For each device, a number of collections are collected and kept in the database. Here's a brief list: @@ -55,7 +55,7 @@ For each device, a number of collections are collected and kept in the database. * `healthchecks`: periodically, a device will run a self-test and report its results. These includes anything that maybe going wrong with the current device configuration. A `sanity` level is associated to the degree of health of the device. 100 meaning a properly operating device. * `status`: tells you where the device is and how much data is used for protocol communication. -### The API is for an operator +## The API is for an operator -This API is meant for an operator who would have to help a subscriber in configuring devices, reboot, manage firmware, etc. +This API is meant for an operator who would have to help a subscriber in configuring devices, reboot, manage firmware, etc. diff --git a/api/openapi-definitions.md b/api/openapi-definitions.md index 05ceb91..3c99a3f 100644 --- a/api/openapi-definitions.md +++ b/api/openapi-definitions.md @@ -4,30 +4,30 @@ description: OpenWiFi 2.0 SDK # OpenAPI Definitions -### Where is the OpenAPI? +## Where is the OpenAPI? This uses OpenAPI definition 3.0 and can be found [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/openapi/ucentral/ucentral.yaml). All endpoints begin with `/api/v1`. -### API Flow +## API Flow -API endpoints are secured with bearer-token authentication using end-point `/oauth2`. +API endpoints are secured with bearer-token authentication using end-point `/oauth2`. Once you obtain `access-token`, you will need to pass it in the headers under `Authorization: Bearer `. -### Basic Entities +## Basic Entities The API revolves around `devices`, `commands`, and `default_configurations`. -To retrieve a list of `devices` to know what is available and then use the endpoint `device` to access all device specific information. -To retrieve `commands` and `default_configurations` follow those endpoints. +To retrieve a list of `devices` to know what is available and then use the endpoint `device` to access all device specific information. +To retrieve `commands` and `default_configurations` follow those endpoints. Most operations rely on the `serialNumber` of a device. That `serialNumber` is unique and generated on the device. Serial Number matches the device's MAC address. * `devices`: The list of all devices in the system. This maybe very large, pagination is recommended. * `commands`: The list of commands issued by the system. This list could also be large. * `default_configurations`: A list of default configurations used to supply existing devices. -### Relationships +## Relationships -A device is a physical \(or potentially logical\) entity using the ucentral protocol. -Currently, APs and Switches are the only devices used. A device has several attributes. +A device is a physical \(or potentially logical\) entity using the ucentral protocol. +Currently, APs and Switches are the only devices used. A device has several attributes. Additionally, other collections are supported for each device: * `logs`: Specific for a device. Logs originate from the device or associated with the device by some mechanism. @@ -35,7 +35,7 @@ Additionally, other collections are supported for each device: * `statistics`: Periodically produced by the devices and document actual state data from each device. * `capabilities`: This details the actual data model supported by the device. -The `device` entry point is also used to query about the `status` of the device and used to inject certain commands for a specific device. +The `device` entry point is also used to query about the `status` of the device and used to inject certain commands for a specific device. Commands supported for each device: * `reboot`: This will force the device to reboot. @@ -49,7 +49,7 @@ Commands supported for each device: The `file` end point is used to retrieve and remove files produced by the Gateway. Currently this is limited to the results of a `trace` command. The file name will always match the `uuid` of the command that produced it. If several files are needed, the files will be named `uuid`, `uuid.1`, `uuid.2`, etc. -### Dates +## Dates All dates should use the format defined in [RFC3339](https://tools.ietf.org/html/rfc3339). All times are UTC based. Here is an example: @@ -57,11 +57,11 @@ All dates should use the format defined in [RFC3339](https://tools.ietf.org/html 1985-04-12T23:20:50.52Z ``` -### Command `when` parameter +## Command `when` parameter Most commands use a `when` parameter to suggest to the device when to perform the command. This is a _suggestion_ only. The device may decide to perform the command when it is optimal for itself. It maybe busy doing something and decline to do a reboot for several minutes for example. The device may reply with the actual `when` it will perform the command. -### Configuration UUID +## Configuration UUID The gateway manages the configuration UUID. So if you set a UUID for a configuration, it will be ignored. The gateway uses UUID as versioning. The UUID is unique within a single device. The resulting UUID or a configuration change is returned as part of the `configure` command. diff --git a/configuration-examples/basic-device-provisioning/README.md b/configuration-examples/basic-device-provisioning/README.md index 5105c1d..97d9c07 100644 --- a/configuration-examples/basic-device-provisioning/README.md +++ b/configuration-examples/basic-device-provisioning/README.md @@ -6,9 +6,9 @@ description: OpenWiFi 2.0 One of the benefits of the new data plane in OpenWiFi 2.0 is the flexibility of physical port to logical forwarding that is easily conveyed through configuration structures. -New protocol support is both easily added to the system as well as associated with interfaces by their role in the device. +New protocol support is both easily added to the system as well as associated with interfaces by their role in the device. -The following sections offer feature configuration examples. +The following sections offer feature configuration examples. -For complete reference to the device data model please refer [here.](../../provisioning/data-model-introduction.md) +For complete reference to the device data model please refer [here.](../../provisioning/data-model-introduction.md) diff --git a/configuration-examples/basic-device-provisioning/bridge-mode-ssid.md b/configuration-examples/basic-device-provisioning/bridge-mode-ssid.md index 9fe815d..33d4beb 100644 --- a/configuration-examples/basic-device-provisioning/bridge-mode-ssid.md +++ b/configuration-examples/basic-device-provisioning/bridge-mode-ssid.md @@ -4,141 +4,141 @@ description: OpenWiFi 2.0 # Bridge Mode SSID -Creating logical bridges may be done through association to named "interfaces". -To associate a logical SSID interface directly to the WAN, place SSID configuration within the interface have a "role" of upstream. +Creating logical bridges may be done through association to named "interfaces". +To associate a logical SSID interface directly to the WAN, place SSID configuration within the interface have a "role" of upstream. {% tabs %} {% tab title="SSID to WAN" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "OpenWifi", - "wifi-bands": [ - "2G", "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } - } - ] + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "OpenWifi", + "wifi-bands": [ + "2G", "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } + } + ] ``` {% endtab %} {% tab title="Dual SSID to WAN" %} ```text "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "OpenWifi_2GHz", - "wifi-bands": [ - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "OpenWifi_2GHz", + "wifi-bands": [ + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } }, { - "name": "OpenWifi_5GHz", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } - } - ] + "name": "OpenWifi_5GHz", + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } + } + ] ``` {% endtab %} {% tab title="Dual SSID Bridge Rate-Limit to WAN" %} -``` - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "OpenWifi_2GHz", - "wifi-bands": [ - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - }, - "rate-limit": { - "ingress-rate": 100, - "egress-rate": 100 - } - }, +```text + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp" ], + "ethernet": [ { - "name": "OpenWifi_5GHz", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - }, - "rate-limit": { - "ingress-rate": 250, - "egress-rate": 250 - } - } - ] + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "OpenWifi_2GHz", + "wifi-bands": [ + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + }, + "rate-limit": { + "ingress-rate": 100, + "egress-rate": 100 + } + }, + { + "name": "OpenWifi_5GHz", + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + }, + "rate-limit": { + "ingress-rate": 250, + "egress-rate": 250 + } + } + ] ``` {% endtab %} {% endtabs %} diff --git a/configuration-examples/basic-device-provisioning/multi-vlan-ssid.md b/configuration-examples/basic-device-provisioning/multi-vlan-ssid.md index 625d9c7..ed6dcd1 100644 --- a/configuration-examples/basic-device-provisioning/multi-vlan-ssid.md +++ b/configuration-examples/basic-device-provisioning/multi-vlan-ssid.md @@ -4,26 +4,26 @@ description: OpenWiFi 2.0 # Multi-VLAN SSID -The most common use case for VLANs and Wi-Fi is likely the service provider, venue, enterprise where Wi-Fi traffic is not subject to address translation. This is the example that will be shown, however it is entirely possible to create multiple downstream VLANs with SSIDs as well. Simply replace the logic of upstream to downstream where desired. +The most common use case for VLANs and Wi-Fi is likely the service provider, venue, enterprise where Wi-Fi traffic is not subject to address translation. This is the example that will be shown, however it is entirely possible to create multiple downstream VLANs with SSIDs as well. Simply replace the logic of upstream to downstream where desired. {% tabs %} {% tab title="Single SSID VLAN" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp", "dhcp-snooping" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - } + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp", "dhcp-snooping" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + } }, { "name": "WAN100", @@ -38,41 +38,41 @@ The most common use case for VLANs and Wi-Fi is likely the service provider, ven ] } ], - "ssids": [ - { - "name": "VLAN 100 Wi-Fi", - "wifi-bands": [ - "2G", "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } + "ssids": [ + { + "name": "VLAN 100 Wi-Fi", + "wifi-bands": [ + "2G", "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } } - ] - }, + ] + }, ``` {% endtab %} {% tab title="Dual SSID - Dual VLAN" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp", "dhcp-snooping" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - } + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp", "dhcp-snooping" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + } }, { "name": "WAN100", @@ -87,53 +87,53 @@ The most common use case for VLANs and Wi-Fi is likely the service provider, ven ] } ], - "ssids": [ - { - "name": "VLAN 100 Wi-Fi", - "wifi-bands": [ - "2G", "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } + "ssids": [ + { + "name": "VLAN 100 Wi-Fi", + "wifi-bands": [ + "2G", "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } } - ] - }, - { - "name": "WAN200", - "role": "upstream", - "vlan": { - "id": 200 - }, - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ssids": [ - { - "name": "VLAN 200 Wi-Fi", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } - } - ] - }, + ] + }, + { + "name": "WAN200", + "role": "upstream", + "vlan": { + "id": 200 + }, + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ssids": [ + { + "name": "VLAN 200 Wi-Fi", + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } + } + ] + }, ``` {% endtab %} {% endtabs %} -In all cases the WAN port without VLAN id is using DHCP to obtain a management IP address. +In all cases the WAN port without VLAN id is using DHCP to obtain a management IP address. Each additional "upstream" role interface with an SSID associated have no IP configuration. diff --git a/configuration-examples/basic-device-provisioning/nat-gateway-mode-ssid.md b/configuration-examples/basic-device-provisioning/nat-gateway-mode-ssid.md index 15d1fd3..661afc9 100644 --- a/configuration-examples/basic-device-provisioning/nat-gateway-mode-ssid.md +++ b/configuration-examples/basic-device-provisioning/nat-gateway-mode-ssid.md @@ -9,77 +9,77 @@ Creating a NAT Gateway is easily done via association to an interface having a r {% tabs %} {% tab title="Dual SSID NAT" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - } + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + } }, - { - "name": "LAN", - "role": "downstream", - "services": [ "ssh", "lldp" ], - "ethernet": [ - { - "select-ports": [ - "LAN*" - ] - } - ], - "ipv4": { - "addressing": "static", - "subnet": "192.168.1.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } - }, - "ssids": [ - { - "name": "OpenWifi_2GHz", + { + "name": "LAN", + "role": "downstream", + "services": [ "ssh", "lldp" ], + "ethernet": [ + { + "select-ports": [ + "LAN*" + ] + } + ], + "ipv4": { + "addressing": "static", + "subnet": "192.168.1.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } + }, + "ssids": [ + { + "name": "OpenWifi_2GHz", "role": "downstream", - "wifi-bands": [ - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } - }, - { - "name": "OpenWifi_5GHz", + "wifi-bands": [ + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } + }, + { + "name": "OpenWifi_5GHz", "role": "downstream", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWifi", - "ieee80211w": "optional" - } - } - ] + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWifi", + "ieee80211w": "optional" + } + } + ] - } + } ``` {% endtab %} {% endtabs %} -Based on the above Dual SSID NAT configuration, a unique 2GHz and 5GHz SSID are created and logically bound to the same NAT LAN side network. +Based on the above Dual SSID NAT configuration, a unique 2GHz and 5GHz SSID are created and logically bound to the same NAT LAN side network. -The NAT service is inherited by the downstream role with DHCP addressing defined according to the range set within the downstream "ipv4" configuration. +The NAT service is inherited by the downstream role with DHCP addressing defined according to the range set within the downstream "ipv4" configuration. diff --git a/configuration-examples/captive-portal.md b/configuration-examples/captive-portal.md index 7cd27ad..25427dd 100644 --- a/configuration-examples/captive-portal.md +++ b/configuration-examples/captive-portal.md @@ -4,54 +4,54 @@ description: OpenWiFi 2.0 # Captive Portal -OpenWiFi supports multiple models for Captive Portal. A built-in captive portal is described below. With multiple overlay tunnel services such as GRE and L2TP in addition to VLAN features, OpenWiFi is also easily deployed with any number of Captive Portal appliance solutions in either in-band or out-of-band style deployments. +OpenWiFi supports multiple models for Captive Portal. A built-in captive portal is described below. With multiple overlay tunnel services such as GRE and L2TP in addition to VLAN features, OpenWiFi is also easily deployed with any number of Captive Portal appliance solutions in either in-band or out-of-band style deployments. -### Local Captive Portal +## Local Captive Portal Creating a local captive portal involves associating the "captive" service with an interface. In the example below, "captive" is enabled on a downstream role interface. Any associated SSID on LAN side of this Access Point will be subject to configuration of the local captive portal. This would also apply to LAN interfaces if also associated with "captive". ```text - { - "name": "captive", - "role": "downstream", - "captive": { - "max-clients": 32, - "gateway-name": "Lobby Wi-Fi Welcome", - "upload-rate": 10, - "download-rate": 20, - "upload-quota": 300, - "download-quota": 300 - }, - "ipv4": { - "addressing": "static", - "subnet": "192.168.2.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } - }, - "ssids": [ - { - "name": "Office Lobby Wi-Fi", - "wifi-bands": [ - "5G", - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "none", - "ieee80211w": "optional" - }, - "roaming": { - "message-exchange": "ds", - "generate-psk": true - } - } - ] - } - ], + { + "name": "captive", + "role": "downstream", + "captive": { + "max-clients": 32, + "gateway-name": "Lobby Wi-Fi Welcome", + "upload-rate": 10, + "download-rate": 20, + "upload-quota": 300, + "download-quota": 300 + }, + "ipv4": { + "addressing": "static", + "subnet": "192.168.2.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } + }, + "ssids": [ + { + "name": "Office Lobby Wi-Fi", + "wifi-bands": [ + "5G", + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "none", + "ieee80211w": "optional" + }, + "roaming": { + "message-exchange": "ds", + "generate-psk": true + } + } + ] + } + ], ``` -Local captive portal will redirect to a default landing page and display the name as configured in "gateway-name". Per associated user bandwidth and usage quota limits and total association limits may all be defined. +Local captive portal will redirect to a default landing page and display the name as configured in "gateway-name". Per associated user bandwidth and usage quota limits and total association limits may all be defined. diff --git a/configuration-examples/expresswifi.md b/configuration-examples/expresswifi.md index 854958b..c488891 100644 --- a/configuration-examples/expresswifi.md +++ b/configuration-examples/expresswifi.md @@ -12,73 +12,73 @@ For information about becoming an expressWIFI partner please visit their [site.] ![](../.gitbook/assets/image%20%2840%29.png) -### Configuration +## Configuration -ExpressWiFi builds a captive portal experience using a control plane protocol called OpenFlow. -Configuring OpenWiFi for use with expressWiFi is as simple as defining a downstream interface and associating with an SSID and the open-flow service. +ExpressWiFi builds a captive portal experience using a control plane protocol called OpenFlow. +Configuring OpenWiFi for use with expressWiFi is as simple as defining a downstream interface and associating with an SSID and the open-flow service. {% tabs %} {% tab title="expressWIFI" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "lldp" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - } + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "services": [ "lldp" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + } }, - { - "name": "LAN", - "role": "downstream", - "services": [ "ssh", "lldp", "open-flow"], - "ethernet": [ - { - "select-ports": [ - "LAN*" - ] - } - ], - "ipv4": { - "addressing": "static", - "subnet": "192.168.1.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } + { + "name": "LAN", + "role": "downstream", + "services": [ "ssh", "lldp", "open-flow"], + "ethernet": [ + { + "select-ports": [ + "LAN*" + ] + } + ], + "ipv4": { + "addressing": "static", + "subnet": "192.168.1.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } }, - "ssids": [ - { - "name": "ExpressWiFi", - "wifi-bands": [ - "5G", "2G" - ], - "bss-mode": "ap" - } - ] - } - ], - "services": { - "lldp": { - "describe": "OpenWiFi - expressWiFi", - "location": "Hotspot" - }, - "ssh": { - "port": 22 - }, - "open-flow": { - "controller": " IP / FQDN of expressWiFi Controller " - } - } + "ssids": [ + { + "name": "ExpressWiFi", + "wifi-bands": [ + "5G", "2G" + ], + "bss-mode": "ap" + } + ] + } + ], + "services": { + "lldp": { + "describe": "OpenWiFi - expressWiFi", + "location": "Hotspot" + }, + "ssh": { + "port": 22 + }, + "open-flow": { + "controller": " IP / FQDN of expressWiFi Controller " + } + } ``` {% endtab %} {% endtabs %} diff --git a/configuration-examples/gre.md b/configuration-examples/gre.md index f8e754d..be4b8b9 100644 --- a/configuration-examples/gre.md +++ b/configuration-examples/gre.md @@ -4,60 +4,60 @@ description: OpenWiFi 2.0 # GRE -OpenWiFi 2.0 supports Generic Routing Encapsulation as an available "tunnel" protocol type. +OpenWiFi 2.0 supports Generic Routing Encapsulation as an available "tunnel" protocol type. -This makes it possible to configure GRE for multiple types of deployments as any interface may be encapsulated by the "tunnel" parameter. +This makes it possible to configure GRE for multiple types of deployments as any interface may be encapsulated by the "tunnel" parameter. -For example, to send all content of a specific SSID over an GRE tunnel, the following configuration would apply. +For example, to send all content of a specific SSID over an GRE tunnel, the following configuration would apply. ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - } - }, - { - "name": "GRE", - "role": "upstream", - "vlan": { - "id": 20 - }, - "tunnel": { - "proto": "gre", - "peer-address": "far end IP address" - }, - "ssids": [ - { - "name": "Tunneled SSID via GRE from VLAN 20 Interface", - "wifi-bands": [ - "2G", "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "none", - "ieee80211w": "optional" - }, - "rate-limit": { - "ingress-rate": 100, - "egress-rate": 100 - }, - "roaming": { - "message-exchange": "ds", - "generate-psk": true - } + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] } - ] - }, + ], + "ipv4": { + "addressing": "dynamic" + } + }, + { + "name": "GRE", + "role": "upstream", + "vlan": { + "id": 20 + }, + "tunnel": { + "proto": "gre", + "peer-address": "far end IP address" + }, + "ssids": [ + { + "name": "Tunneled SSID via GRE from VLAN 20 Interface", + "wifi-bands": [ + "2G", "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "none", + "ieee80211w": "optional" + }, + "rate-limit": { + "ingress-rate": 100, + "egress-rate": 100 + }, + "roaming": { + "message-exchange": "ds", + "generate-psk": true + } + } + ] + }, ``` In the above example, the WAN untagged port will request DHCP in addition to present a VLAN interface with id 20 that both initiates the GRE tunnel as well as passes SSID traffic over that tunnel. diff --git a/configuration-examples/l2tp.md b/configuration-examples/l2tp.md index b6acb92..c57a870 100644 --- a/configuration-examples/l2tp.md +++ b/configuration-examples/l2tp.md @@ -4,63 +4,62 @@ description: OpenWiFi 2.0 # L2TP -Layer 2 Tunneling Protocol may be associated to any interface using the "tunnel" configuration option. +Layer 2 Tunneling Protocol may be associated to any interface using the "tunnel" configuration option. -This makes it possible to configure L2TP for multiple types of deployments as any interface may be encapsulated by the "tunnel" parameter. +This makes it possible to configure L2TP for multiple types of deployments as any interface may be encapsulated by the "tunnel" parameter. -For example, to send all content of a specific SSID over an L2TP tunnel, the following configuration would apply. +For example, to send all content of a specific SSID over an L2TP tunnel, the following configuration would apply. ```text - { - "name": "LAN", - "role": "downstream", - "services": [ "ssh" ], - "ethernet": [ - { - "select-ports": [ - "LAN*" - ] - } - ], - "ipv4": { - "addressing": "static", - "subnet": "192.168.1.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } - } - }, - { - "name": "L2TP", - "role": "downstream", - "tunnel": { - "proto": "l2tp", - "server": " far end IP address ", - "user-name": "secret-l2tp-username", - "password": "secrectPassword" - }, - "ipv4": { - "addressing": "static", - "subnet": "192.168.10.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } - }, - "ssids": [ - { - "name": "Tunneled SSID", - "wifi-bands": [ - "5G", "2G" - ], - "bss-mode": "ap" - } - ] - } - ], - + { + "name": "LAN", + "role": "downstream", + "services": [ "ssh" ], + "ethernet": [ + { + "select-ports": [ + "LAN*" + ] + } + ], + "ipv4": { + "addressing": "static", + "subnet": "192.168.1.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } + } + }, + { + "name": "L2TP", + "role": "downstream", + "tunnel": { + "proto": "l2tp", + "server": " far end IP address ", + "user-name": "secret-l2tp-username", + "password": "secrectPassword" + }, + "ipv4": { + "addressing": "static", + "subnet": "192.168.10.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } + }, + "ssids": [ + { + "name": "Tunneled SSID", + "wifi-bands": [ + "5G", "2G" + ], + "bss-mode": "ap" + } + ] + } + ], ``` diff --git a/configuration-examples/mesh.md b/configuration-examples/mesh.md index d9ed5d6..0a1871f 100644 --- a/configuration-examples/mesh.md +++ b/configuration-examples/mesh.md @@ -4,7 +4,7 @@ description: OpenWiFi 2.0 # Mesh -OpenWiFi Mesh has been designed to eliminate configuration complexity while also remaining capable of advanced topology designs including Multi-Gateway, Multi-SSID, VLAN, and Zero Touch Mesh onboarding. +OpenWiFi Mesh has been designed to eliminate configuration complexity while also remaining capable of advanced topology designs including Multi-Gateway, Multi-SSID, VLAN, and Zero Touch Mesh onboarding. The physical wired interface\(s\) to participate in the mesh topology egress are defined with the protocol "mesh". @@ -13,69 +13,69 @@ The logical wireless interface\(s\) to participate in mesh topology are defined {% tabs %} {% tab title="Basic Mesh" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", + "interfaces": [ + { + "name": "WAN", + "role": "upstream", "tunnel": { - "proto": "mesh" - }, - "services": [ "lldp" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "transit", - "wifi-bands": [ - "5G" - ], - "bss-mode": "mesh", - "encryption": { - "proto": "psk2", - "key": "meshpassword", - "ieee80211w": "optional" - } - }, + "proto": "mesh" + }, + "services": [ "lldp" ], + "ethernet": [ { - "name": "2GHz Clients", - "wifi-bands": [ - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "transit", + "wifi-bands": [ + "5G" + ], + "bss-mode": "mesh", + "encryption": { + "proto": "psk2", + "key": "meshpassword", + "ieee80211w": "optional" + } + }, + { + "name": "2GHz Clients", + "wifi-bands": [ + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", "key": "OpenWiFi", - "ieee80211w": "optional" - } - }, - { - "name": "5GHz Clients", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "key": "OpenWiFi", - "ieee80211w": "optional" - } + "ieee80211w": "optional" + } + }, + { + "name": "5GHz Clients", + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "key": "OpenWiFi", + "ieee80211w": "optional" + } - } - ] - }, + } + ] + }, ``` {% endtab %} {% endtabs %} -In this basic mesh, dual SSIDs are configured for clients while an SSID for mesh transit is configured for IEEE802.11s client associations. Additional mesh clients simply use the same approach, no other configuration is required for the client to participate in this mesh. +In this basic mesh, dual SSIDs are configured for clients while an SSID for mesh transit is configured for IEEE802.11s client associations. Additional mesh clients simply use the same approach, no other configuration is required for the client to participate in this mesh. -Advanced examples with VLANs and roaming are all possible by adding additional configuration steps. +Advanced examples with VLANs and roaming are all possible by adding additional configuration steps. diff --git a/configuration-examples/metrics.md b/configuration-examples/metrics.md index 6f6fc28..bfda06a 100644 --- a/configuration-examples/metrics.md +++ b/configuration-examples/metrics.md @@ -4,72 +4,72 @@ description: OpenWiFi 2.0 # Metrics -### Metrics +## Metrics -Several metrics are reported during intervals to the OpenWiFi Gateway. In general metrics contain traffic counters, neighbor tables, discovered clients. +Several metrics are reported during intervals to the OpenWiFi Gateway. In general metrics contain traffic counters, neighbor tables, discovered clients. -Each OpenWiFi device is capable of sending statistics on SSID, LLDP, and associated Clients learned by the device. +Each OpenWiFi device is capable of sending statistics on SSID, LLDP, and associated Clients learned by the device. -Additionally, OpenWiFi devices expose all 802.11 management data within wifi-frames and to assist network troubleshooting and client fingerprinting solutions OpenWiFi provides dhcp-snooping for all possible client exchanges over DHCP and DHCPv6. +Additionally, OpenWiFi devices expose all 802.11 management data within wifi-frames and to assist network troubleshooting and client fingerprinting solutions OpenWiFi provides dhcp-snooping for all possible client exchanges over DHCP and DHCPv6. ```text - "metrics": { - "statistics": { - "interval": 60, - "types": [ "ssids", "lldp", "clients" ] - }, - "health": { - "interval": 300 - }, - "wifi-frames": { - "filters": [ "probe", - "auth", - "assoc", - "disassoc", - "deauth", - "local-deauth", - "inactive-deauth", - "key-mismatch", - "beacon-report", - "radar-detected"] - }, - "dhcp-snooping": { - "filters": [ "ack", - "discover", - "offer", - "request", - "solicit", - "reply", - "renew" ] - } + "metrics": { + "statistics": { + "interval": 60, + "types": [ "ssids", "lldp", "clients" ] + }, + "health": { + "interval": 300 + }, + "wifi-frames": { + "filters": [ "probe", + "auth", + "assoc", + "disassoc", + "deauth", + "local-deauth", + "inactive-deauth", + "key-mismatch", + "beacon-report", + "radar-detected"] + }, + "dhcp-snooping": { + "filters": [ "ack", + "discover", + "offer", + "request", + "solicit", + "reply", + "renew" ] + } ``` -The metrics data is sent to OpenWiFi Gateway at the intervals set where configurable. +The metrics data is sent to OpenWiFi Gateway at the intervals set where configurable. Metrics must be associated with the interfaces they are to report on. For example, to send DHCP data from LAN to OpenWiFi Gateway, the following configuration would apply. ```text - { - "name": "LAN", - "role": "downstream", - "services": [ "ssh", "lldp", "dhcp-snooping" ], - "ethernet": [ - { - "select-ports": [ - "LAN*" - ] - } - ], - "ipv4": { - "addressing": "static", - "subnet": "192.168.1.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } - } - } - ], + { + "name": "LAN", + "role": "downstream", + "services": [ "ssh", "lldp", "dhcp-snooping" ], + "ethernet": [ + { + "select-ports": [ + "LAN*" + ] + } + ], + "ipv4": { + "addressing": "static", + "subnet": "192.168.1.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } + } + } + ], ``` diff --git a/configuration-examples/multi-psk-mdu-multiple-shared-key.md b/configuration-examples/multi-psk-mdu-multiple-shared-key.md index 67d1a12..2824a26 100644 --- a/configuration-examples/multi-psk-mdu-multiple-shared-key.md +++ b/configuration-examples/multi-psk-mdu-multiple-shared-key.md @@ -4,38 +4,38 @@ description: OpenWiFi 2.0 # Multi-PSK \(MDU Shared Key\) -Multiple Pre Shared Key is a popular configuration option in Multi Dwelling Unit, dormitory or similar environment where it is costly to implement complex 802.1x security however that same level of per-client security is highly desired. +Multiple Pre Shared Key is a popular configuration option in Multi Dwelling Unit, dormitory or similar environment where it is costly to implement complex 802.1x security however that same level of per-client security is highly desired. A SSID when configured for multi-psk can have multiple PSK/VID mappings. Each one of them can be bound to a specific MAC or be a wildcard. ```text - "ssids": [ - { - "name": "MDU Wi-Fi", - "wifi-bands": [ - "5G", - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "psk2", - "ieee80211w": "optional", - "key": "OpenWifi" - }, - "multi-psk": [ - { - "key": "akey", - "vlan-id": 100 - }, - { - "key": "bkey" - } - ], - "roaming": { - "message-exchange": "ds", - "generate-psk": true - } - } - ] + "ssids": [ + { + "name": "MDU Wi-Fi", + "wifi-bands": [ + "5G", + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "psk2", + "ieee80211w": "optional", + "key": "OpenWifi" + }, + "multi-psk": [ + { + "key": "akey", + "vlan-id": 100 + }, + { + "key": "bkey" + } + ], + "roaming": { + "message-exchange": "ds", + "generate-psk": true + } + } + ] ``` diff --git a/configuration-examples/p4.md b/configuration-examples/p4.md index 1f8c278..876c34f 100644 --- a/configuration-examples/p4.md +++ b/configuration-examples/p4.md @@ -4,5 +4,5 @@ description: OpenWiFi 2.0 # P4 -Content coming soon... +Content coming soon... diff --git a/configuration-examples/passpoint-r1/README.md b/configuration-examples/passpoint-r1/README.md index 77dd6fc..91ba0cb 100644 --- a/configuration-examples/passpoint-r1/README.md +++ b/configuration-examples/passpoint-r1/README.md @@ -4,7 +4,7 @@ description: OpenWiFi 2.0 # Passpoint® -Passpoint® brings seamless, automatic and secure Wi-Fi connectivity using either pre-provisioned credentials or the SIM card in a mobile device. Passpoint provides simple, fast online sign-up and provisioning that is only required upon a user’s first visit to a Passpoint network. Once a Passpoint enabled device contains the Wi-Fi AP or network credentials, it will discover and securely connect when the user is nearby—without requiring additional user action. This makes staying connected while mobile infinitely easier, and because Passpoint employs enterprise-level security, users can feel confident their data is better protected. +Passpoint® brings seamless, automatic and secure Wi-Fi connectivity using either pre-provisioned credentials or the SIM card in a mobile device. Passpoint provides simple, fast online sign-up and provisioning that is only required upon a user’s first visit to a Passpoint network. Once a Passpoint enabled device contains the Wi-Fi AP or network credentials, it will discover and securely connect when the user is nearby—without requiring additional user action. This makes staying connected while mobile infinitely easier, and because Passpoint employs enterprise-level security, users can feel confident their data is better protected. Passpoint® also delivers more value to carriers, service providers, and IT managers of enterprise networks, enabling: diff --git a/configuration-examples/passpoint-r1/advertising-services.md b/configuration-examples/passpoint-r1/advertising-services.md index 173c4f0..7318f0e 100644 --- a/configuration-examples/passpoint-r1/advertising-services.md +++ b/configuration-examples/passpoint-r1/advertising-services.md @@ -4,17 +4,17 @@ description: OpenWiFi 2.0 # Advertising Services -Passpoint® requires ANQP to supply three information elements from the Access Point. +Passpoint® requires ANQP to supply three information elements from the Access Point. -#### PLMN-Id +## PLMN-Id Public Land Mobile Network Id is defined by 3GPP and comprised of two, three digit numbers to uniquely identify the Mobile Network Operator \(MNO\). -#### Realm +## Realm -A Fully Qualified Domain Name \(FQDN\) is a realm representing the service provider of the Wi-Fi service. Non MNO operators are an example of 'realm-based' service advertisements. Examples include Cable MSOs, Enterprises or other on MNO providers. Authentication methods used with realm-based configuration are EAP-TLS and EAP-TTLS. +A Fully Qualified Domain Name \(FQDN\) is a realm representing the service provider of the Wi-Fi service. Non MNO operators are an example of 'realm-based' service advertisements. Examples include Cable MSOs, Enterprises or other on MNO providers. Authentication methods used with realm-based configuration are EAP-TLS and EAP-TTLS. -#### OI / RCOI +## OI / RCOI -Organization Id or as defined by Wireless Broadband Alliance, Roaming Consortium Organization Id indicate the federated identity capable of authentication. Examples would be OpenRoaming, Eduroam and follow the Passpoint® EAP authentication methods. +Organization Id or as defined by Wireless Broadband Alliance, Roaming Consortium Organization Id indicate the federated identity capable of authentication. Examples would be OpenRoaming, Eduroam and follow the Passpoint® EAP authentication methods. diff --git a/configuration-examples/passpoint-r1/configuration-introduction.md b/configuration-examples/passpoint-r1/configuration-introduction.md index cc57602..9d1bcbf 100644 --- a/configuration-examples/passpoint-r1/configuration-introduction.md +++ b/configuration-examples/passpoint-r1/configuration-introduction.md @@ -4,11 +4,11 @@ description: OpenWiFi 2.0 # Configuration Introduction -TIP OpenWiFi devices implement support for both the air interface and systems interfaces necessary to support Passpoint® Release 2 and above. Once also termed Hotspot 2.0, IEEE 802.11u specified added air interface fields exposing Access Network Query Protocol interactions for clients to discovery Access Point capabilities. +TIP OpenWiFi devices implement support for both the air interface and systems interfaces necessary to support Passpoint® Release 2 and above. Once also termed Hotspot 2.0, IEEE 802.11u specified added air interface fields exposing Access Network Query Protocol interactions for clients to discovery Access Point capabilities. -Wi-Fi Alliance expanded ANQP to include Online Signup \(OSU\) concepts to leverage seamless onboarding and client security for Passpoint® networks. Following on from these efforts, Wireless Broadband Alliance has provided the necessary system interfaces for identity, security, mobile offload within a common federated operator solution known as OpenRoaming. +Wi-Fi Alliance expanded ANQP to include Online Signup \(OSU\) concepts to leverage seamless onboarding and client security for Passpoint® networks. Following on from these efforts, Wireless Broadband Alliance has provided the necessary system interfaces for identity, security, mobile offload within a common federated operator solution known as OpenRoaming. -TIP OpenWiFi enables operators to deploy the full range of Passpoint® and OpenRoaming solutions. +TIP OpenWiFi enables operators to deploy the full range of Passpoint® and OpenRoaming solutions. @@ -80,7 +80,6 @@ TIP OpenWiFi enables operators to deploy the full range of Passpoint® and OpenR
OSU

Online Signup - Advertised over ANQP contains:

-

  • OSU SSID
  • OSU URI
    • @@ -98,5 +97,3 @@ TIP OpenWiFi enables operators to deploy the full range of Passpoint® and OpenR
- - diff --git a/configuration-examples/passpoint-r1/passpoint-r-configuration.md b/configuration-examples/passpoint-r1/passpoint-r-configuration.md index 1601c99..3838930 100644 --- a/configuration-examples/passpoint-r1/passpoint-r-configuration.md +++ b/configuration-examples/passpoint-r1/passpoint-r-configuration.md @@ -4,7 +4,7 @@ description: OpenWiFi 2.0 # Passpoint® Configuration -Ahead of the Provisioning service coming in release 2.1 sprint, it is possible to configure all Passpoint attributes as OpenWiFi has tested in prior OpenWiFi releases. +Ahead of the Provisioning service coming in release 2.1 sprint, it is possible to configure all Passpoint attributes as OpenWiFi has tested in prior OpenWiFi releases. Capabilities for Hotspot 2.0 / Passpoint® include: @@ -21,108 +21,106 @@ Capabilities for Hotspot 2.0 / Passpoint® include: * firendly-name * icons - - ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "OpenRoaming", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "wpa-mixed", - "ieee80211w": "optional" - }, - "radius": { - "nas-identifier": "TIPLABAP101", - "chargeable-user-id": true, - "authentication": { - "host": "IP Address of RADIUS", - "port": 11812, - "secret": "passphrase", - "request-attribute": [ - { - "id": 126, - "value": "s:TIP" - } - ] - }, - "accounting": { - "host": "IP Address of RADIUS", - "port": 11813, - "secret": "passphrase", - "request-attribute": [ - { - "id": 126, - "value": "s:TIP" - } - ], - "interval": 600 - } - }, - "pass-point": { - "venue-name": [ - "eng:Example passpoint_venue", - "fra:Exemple de lieu" - ], - "venue-group": 2, - "venue-type": 8, - "venue-url": [ - "http://www.example.com/info-fra", - "http://www.example.com/info-eng" - ], - "auth-type": { - "type": "terms-and-conditions" - }, - "domain-name": "onboard.example.com", - "nai-realm": [ - "0,oss.example.com,21[5:7][2:4]" - ], - "osen": false, - "anqp-domain": 1234, - "anqp-3gpp-cell-net": [ - "310,260", - "310,410" - ], - "friendly-name": [ - "eng:TIPLabs", - "fra:TIPLabs" - ], - "icons": [ - { - "icon": "iVBORw0KGgoAAAANSUhEUgAAACIAAAAiCAYAAAA6RwvCAAAACXBIWXMAAAsSAAALEgHS3X78AAAEDklEQVRYhc1YTUgUcRR/q7uGUzsuYSClNRcbymS3wII6KNF0Cly7dHSNioIiD3Ppg9IOETHQB50S2vUqhBt1qBZ0pWuQG3VYJJ1SI8h0d4qRsnbjrW+Xv+N87VbYg2H/M/P/v/d732/W499+KA9rTFo64fECLSqBoitCBwDEAGCbxZYxAOjjZDVpxYMXpYIhqiq1BYEYtQGB1I57dEWIOPErG4iuCAKBuM08TgFAFyerHrxwDQCPmPdROmNJ3jIAoFZ9JhZAEB2crGaKDzhZjQNAnM5E6TGetQTjyiK6IsSIoZkbwiwIljhZxXOD9KgdrWklw9EiuiKEAaCbbrMUnKhxCAAynKyqDixuM+cRiOl+UyCEvI+EBRkQ6IJxurfMBJZwv66UDBHRFWHczIKrXEN+nSItgsyrGAOiRLwoPedF6YoVEIM7kGdSV4SQLRCK7KhhT4rqQcwExGMAkACgnxelUxZYUPs7ZFEg5VbxMlqk1wBgNyerIU5WO8ysAQA36XcRAIbMUKAbOFntJTe/L4Ix1hYjkE5mHbYQXiItnXhB67taOmGaOQwgleKuxN8UiMGXKRfZUAmxigXY82zW8EzOT7oRwotS0bwRXpRuOFmFUtdUBuuajRTVeB0sU9sA1QhborQ1lVFx04PlGClGf0xLJ2zjyYlKrjkz0jC/wZcrmG0p55m8L5fFZ5PbjYeHtxZk1HpzkwlGRgnI8Dt/0TVIY/cBrjkx5UXpAS07eVEKubHK67l1JRnAyKjYNRSoPXRbjRWTFyXHOLEiFsgvKmJ4zTqAMFZgPFOHzZAXpYDNUbCSwQJBrYJUgrfYgAhR9wXGInEahILMOysylVGWa0jbOGnfz2QNUoQ0bedFaVUvcSLXQAhEkoajQS2dYMs1UDELU3PrZord3wVCAw6aNKWlEzhXBHRFKMwk8p75q9jEtHRCpXEQwUR5UQo7s3UBBKczFHbiyL4ZqoYpZu6MZH9U4ZQOQxP+BRqQBUrhQhev9eaHRuUdL3VFwPnVNogtgVATHD490tA6NMFv4WtycKHtyz2mnwSeqhve4mLmm4+b/uqDYpnH2DkXWniz+NPjO/qkMTT9zdtpNoO4tYiAzOPLhQ4iOzPZ86H5RuZ98th2reXy3rlXz8Iflpr8S1n2Q+pS29yu9b7c/K88VHc9bpq1m+CdgKhN/iW4vv/z9IHNi1MX277UsYMvCe06G1zQWuu/PzQR9Ch+ZKaG8+YWotLHOqcZ12qKFxoGmjOfTk70HG/J9B1vyaBV+unzoETF7xcLHpHW+u/xyZ537VRjIlSDygKCKZpsGGjupfqwTAOSrXlXUjMYJjLkc6tcIECpOupe8J8RGyPo/+y/EGJBK6a5/+b/EU8+v+Y4AADgN/LdfxH+Qd9IAAAAAElFTkSuQmCC", - "width": 32, - "height": 32, - "type": "image/png", - "language": "fra" - }, - { - "icon": "iVBORw0KGgoAAAANSUhEUgAAACIAAAAiCAYAAAA6RwvCAAAACXBIWXMAAAsSAAALEgHS3X78AAAEDklEQVRYhc1YTUgUcRR/q7uGUzsuYSClNRcbymS3wII6KNF0Cly7dHSNioIiD3Ppg9IOETHQB50S2vUqhBt1qBZ0pWuQG3VYJJ1SI8h0d4qRsnbjrW+Xv+N87VbYg2H/M/P/v/d732/W499+KA9rTFo64fECLSqBoitCBwDEAGCbxZYxAOjjZDVpxYMXpYIhqiq1BYEYtQGB1I57dEWIOPErG4iuCAKBuM08TgFAFyerHrxwDQCPmPdROmNJ3jIAoFZ9JhZAEB2crGaKDzhZjQNAnM5E6TGetQTjyiK6IsSIoZkbwiwIljhZxXOD9KgdrWklw9EiuiKEAaCbbrMUnKhxCAAynKyqDixuM+cRiOl+UyCEvI+EBRkQ6IJxurfMBJZwv66UDBHRFWHczIKrXEN+nSItgsyrGAOiRLwoPedF6YoVEIM7kGdSV4SQLRCK7KhhT4rqQcwExGMAkACgnxelUxZYUPs7ZFEg5VbxMlqk1wBgNyerIU5WO8ysAQA36XcRAIbMUKAbOFntJTe/L4Ix1hYjkE5mHbYQXiItnXhB67taOmGaOQwgleKuxN8UiMGXKRfZUAmxigXY82zW8EzOT7oRwotS0bwRXpRuOFmFUtdUBuuajRTVeB0sU9sA1QhborQ1lVFx04PlGClGf0xLJ2zjyYlKrjkz0jC/wZcrmG0p55m8L5fFZ5PbjYeHtxZk1HpzkwlGRgnI8Dt/0TVIY/cBrjkx5UXpAS07eVEKubHK67l1JRnAyKjYNRSoPXRbjRWTFyXHOLEiFsgvKmJ4zTqAMFZgPFOHzZAXpYDNUbCSwQJBrYJUgrfYgAhR9wXGInEahILMOysylVGWa0jbOGnfz2QNUoQ0bedFaVUvcSLXQAhEkoajQS2dYMs1UDELU3PrZord3wVCAw6aNKWlEzhXBHRFKMwk8p75q9jEtHRCpXEQwUR5UQo7s3UBBKczFHbiyL4ZqoYpZu6MZH9U4ZQOQxP+BRqQBUrhQhev9eaHRuUdL3VFwPnVNogtgVATHD490tA6NMFv4WtycKHtyz2mnwSeqhve4mLmm4+b/uqDYpnH2DkXWniz+NPjO/qkMTT9zdtpNoO4tYiAzOPLhQ4iOzPZ86H5RuZ98th2reXy3rlXz8Iflpr8S1n2Q+pS29yu9b7c/K88VHc9bpq1m+CdgKhN/iW4vv/z9IHNi1MX277UsYMvCe06G1zQWuu/PzQR9Ch+ZKaG8+YWotLHOqcZ12qKFxoGmjOfTk70HG/J9B1vyaBV+unzoETF7xcLHpHW+u/xyZ537VRjIlSDygKCKZpsGGjupfqwTAOSrXlXUjMYJjLkc6tcIECpOupe8J8RGyPo/+y/EGJBK6a5/+b/EU8+v+Y4AADgN/LdfxH+Qd9IAAAAAElFTkSuQmCC", - "width": 32, - "height": 32, - "type": "image/png", - "language": "eng" - } - ] - } - } - ] - }, + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "OpenRoaming", + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "wpa-mixed", + "ieee80211w": "optional" + }, + "radius": { + "nas-identifier": "TIPLABAP101", + "chargeable-user-id": true, + "authentication": { + "host": "IP Address of RADIUS", + "port": 11812, + "secret": "passphrase", + "request-attribute": [ + { + "id": 126, + "value": "s:TIP" + } + ] + }, + "accounting": { + "host": "IP Address of RADIUS", + "port": 11813, + "secret": "passphrase", + "request-attribute": [ + { + "id": 126, + "value": "s:TIP" + } + ], + "interval": 600 + } + }, + "pass-point": { + "venue-name": [ + "eng:Example passpoint_venue", + "fra:Exemple de lieu" + ], + "venue-group": 2, + "venue-type": 8, + "venue-url": [ + "http://www.example.com/info-fra", + "http://www.example.com/info-eng" + ], + "auth-type": { + "type": "terms-and-conditions" + }, + "domain-name": "onboard.example.com", + "nai-realm": [ + "0,oss.example.com,21[5:7][2:4]" + ], + "osen": false, + "anqp-domain": 1234, + "anqp-3gpp-cell-net": [ + "310,260", + "310,410" + ], + "friendly-name": [ + "eng:TIPLabs", + "fra:TIPLabs" + ], + "icons": [ + { + "icon": "iVBORw0KGgoAAAANSUhEUgAAACIAAAAiCAYAAAA6RwvCAAAACXBIWXMAAAsSAAALEgHS3X78AAAEDklEQVRYhc1YTUgUcRR/q7uGUzsuYSClNRcbymS3wII6KNF0Cly7dHSNioIiD3Ppg9IOETHQB50S2vUqhBt1qBZ0pWuQG3VYJJ1SI8h0d4qRsnbjrW+Xv+N87VbYg2H/M/P/v/d732/W499+KA9rTFo64fECLSqBoitCBwDEAGCbxZYxAOjjZDVpxYMXpYIhqiq1BYEYtQGB1I57dEWIOPErG4iuCAKBuM08TgFAFyerHrxwDQCPmPdROmNJ3jIAoFZ9JhZAEB2crGaKDzhZjQNAnM5E6TGetQTjyiK6IsSIoZkbwiwIljhZxXOD9KgdrWklw9EiuiKEAaCbbrMUnKhxCAAynKyqDixuM+cRiOl+UyCEvI+EBRkQ6IJxurfMBJZwv66UDBHRFWHczIKrXEN+nSItgsyrGAOiRLwoPedF6YoVEIM7kGdSV4SQLRCK7KhhT4rqQcwExGMAkACgnxelUxZYUPs7ZFEg5VbxMlqk1wBgNyerIU5WO8ysAQA36XcRAIbMUKAbOFntJTe/L4Ix1hYjkE5mHbYQXiItnXhB67taOmGaOQwgleKuxN8UiMGXKRfZUAmxigXY82zW8EzOT7oRwotS0bwRXpRuOFmFUtdUBuuajRTVeB0sU9sA1QhborQ1lVFx04PlGClGf0xLJ2zjyYlKrjkz0jC/wZcrmG0p55m8L5fFZ5PbjYeHtxZk1HpzkwlGRgnI8Dt/0TVIY/cBrjkx5UXpAS07eVEKubHK67l1JRnAyKjYNRSoPXRbjRWTFyXHOLEiFsgvKmJ4zTqAMFZgPFOHzZAXpYDNUbCSwQJBrYJUgrfYgAhR9wXGInEahILMOysylVGWa0jbOGnfz2QNUoQ0bedFaVUvcSLXQAhEkoajQS2dYMs1UDELU3PrZord3wVCAw6aNKWlEzhXBHRFKMwk8p75q9jEtHRCpXEQwUR5UQo7s3UBBKczFHbiyL4ZqoYpZu6MZH9U4ZQOQxP+BRqQBUrhQhev9eaHRuUdL3VFwPnVNogtgVATHD490tA6NMFv4WtycKHtyz2mnwSeqhve4mLmm4+b/uqDYpnH2DkXWniz+NPjO/qkMTT9zdtpNoO4tYiAzOPLhQ4iOzPZ86H5RuZ98th2reXy3rlXz8Iflpr8S1n2Q+pS29yu9b7c/K88VHc9bpq1m+CdgKhN/iW4vv/z9IHNi1MX277UsYMvCe06G1zQWuu/PzQR9Ch+ZKaG8+YWotLHOqcZ12qKFxoGmjOfTk70HG/J9B1vyaBV+unzoETF7xcLHpHW+u/xyZ537VRjIlSDygKCKZpsGGjupfqwTAOSrXlXUjMYJjLkc6tcIECpOupe8J8RGyPo/+y/EGJBK6a5/+b/EU8+v+Y4AADgN/LdfxH+Qd9IAAAAAElFTkSuQmCC", + "width": 32, + "height": 32, + "type": "image/png", + "language": "fra" + }, + { + "icon": "iVBORw0KGgoAAAANSUhEUgAAACIAAAAiCAYAAAA6RwvCAAAACXBIWXMAAAsSAAALEgHS3X78AAAEDklEQVRYhc1YTUgUcRR/q7uGUzsuYSClNRcbymS3wII6KNF0Cly7dHSNioIiD3Ppg9IOETHQB50S2vUqhBt1qBZ0pWuQG3VYJJ1SI8h0d4qRsnbjrW+Xv+N87VbYg2H/M/P/v/d732/W499+KA9rTFo64fECLSqBoitCBwDEAGCbxZYxAOjjZDVpxYMXpYIhqiq1BYEYtQGB1I57dEWIOPErG4iuCAKBuM08TgFAFyerHrxwDQCPmPdROmNJ3jIAoFZ9JhZAEB2crGaKDzhZjQNAnM5E6TGetQTjyiK6IsSIoZkbwiwIljhZxXOD9KgdrWklw9EiuiKEAaCbbrMUnKhxCAAynKyqDixuM+cRiOl+UyCEvI+EBRkQ6IJxurfMBJZwv66UDBHRFWHczIKrXEN+nSItgsyrGAOiRLwoPedF6YoVEIM7kGdSV4SQLRCK7KhhT4rqQcwExGMAkACgnxelUxZYUPs7ZFEg5VbxMlqk1wBgNyerIU5WO8ysAQA36XcRAIbMUKAbOFntJTe/L4Ix1hYjkE5mHbYQXiItnXhB67taOmGaOQwgleKuxN8UiMGXKRfZUAmxigXY82zW8EzOT7oRwotS0bwRXpRuOFmFUtdUBuuajRTVeB0sU9sA1QhborQ1lVFx04PlGClGf0xLJ2zjyYlKrjkz0jC/wZcrmG0p55m8L5fFZ5PbjYeHtxZk1HpzkwlGRgnI8Dt/0TVIY/cBrjkx5UXpAS07eVEKubHK67l1JRnAyKjYNRSoPXRbjRWTFyXHOLEiFsgvKmJ4zTqAMFZgPFOHzZAXpYDNUbCSwQJBrYJUgrfYgAhR9wXGInEahILMOysylVGWa0jbOGnfz2QNUoQ0bedFaVUvcSLXQAhEkoajQS2dYMs1UDELU3PrZord3wVCAw6aNKWlEzhXBHRFKMwk8p75q9jEtHRCpXEQwUR5UQo7s3UBBKczFHbiyL4ZqoYpZu6MZH9U4ZQOQxP+BRqQBUrhQhev9eaHRuUdL3VFwPnVNogtgVATHD490tA6NMFv4WtycKHtyz2mnwSeqhve4mLmm4+b/uqDYpnH2DkXWniz+NPjO/qkMTT9zdtpNoO4tYiAzOPLhQ4iOzPZ86H5RuZ98th2reXy3rlXz8Iflpr8S1n2Q+pS29yu9b7c/K88VHc9bpq1m+CdgKhN/iW4vv/z9IHNi1MX277UsYMvCe06G1zQWuu/PzQR9Ch+ZKaG8+YWotLHOqcZ12qKFxoGmjOfTk70HG/J9B1vyaBV+unzoETF7xcLHpHW+u/xyZ537VRjIlSDygKCKZpsGGjupfqwTAOSrXlXUjMYJjLkc6tcIECpOupe8J8RGyPo/+y/EGJBK6a5/+b/EU8+v+Y4AADgN/LdfxH+Qd9IAAAAAElFTkSuQmCC", + "width": 32, + "height": 32, + "type": "image/png", + "language": "eng" + } + ] + } + } + ] + }, ``` diff --git a/configuration-examples/radius-authenticated-ssid/README.md b/configuration-examples/radius-authenticated-ssid/README.md index 79602ed..e208da2 100644 --- a/configuration-examples/radius-authenticated-ssid/README.md +++ b/configuration-examples/radius-authenticated-ssid/README.md @@ -4,86 +4,86 @@ description: OpenWiFi 2.0 # RADIUS Authenticated SSID -When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis. +When authenticating clients with back office RADIUS systems, the configuration of OpenWiFi permits this on a per SSID basis. {% tabs %} {% tab title="Simple RADIUS" %} ```text - "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "OpenWifi", - "wifi-bands": [ - "5G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "wpa2", - "ieee80211w": "optional" - }, - "radius": { - "authentication": { - "host": "192.168.178.192", - "port": 1812, - "secret": "secret" - }, - "accounting": { - "host": "192.168.178.192", - "port": 1813, - "secret": "secret" - } - } - } - ] - }, + "interfaces": [ + { + "name": "WAN", + "role": "upstream", + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "OpenWifi", + "wifi-bands": [ + "5G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "wpa2", + "ieee80211w": "optional" + }, + "radius": { + "authentication": { + "host": "192.168.178.192", + "port": 1812, + "secret": "secret" + }, + "accounting": { + "host": "192.168.178.192", + "port": 1813, + "secret": "secret" + } + } + } + ] + }, ``` {% endtab %} {% tab title="EAP-Local SSID" %} ```text - "ssids": [ - { - "name": "OpenWifi", - "wifi-bands": [ - "2G" - ], - "bss-mode": "ap", - "encryption": { - "proto": "wpa2", - "ieee80211w": "optional" - }, - "certificates": { - "ca-certificate": "/etc/ucentral/cas.pem", - "certificate": "/etc/ucentral/cert.pem", - "private-key": "/etc/ucentral/key.pem" - }, - "radius": { - "local": { - "server-identity": "OpenWiFi-Local-EAP", - "users": [ - { - "user-name": "open", - "password": "wifi" - } - ] - } - } - } - ] - }, + "ssids": [ + { + "name": "OpenWifi", + "wifi-bands": [ + "2G" + ], + "bss-mode": "ap", + "encryption": { + "proto": "wpa2", + "ieee80211w": "optional" + }, + "certificates": { + "ca-certificate": "/etc/ucentral/cas.pem", + "certificate": "/etc/ucentral/cert.pem", + "private-key": "/etc/ucentral/key.pem" + }, + "radius": { + "local": { + "server-identity": "OpenWiFi-Local-EAP", + "users": [ + { + "user-name": "open", + "password": "wifi" + } + ] + } + } + } + ] + }, ``` {% endtab %} {% endtabs %} @@ -151,7 +151,6 @@ Many parameters are possible with RADIUS authentications given the many methods
  • port ( example 1813)
  • secret ( Shared secret with RADIUS server )
    • -

    Additional methods within Access-Request sent in Accounting