WISPr or Wireless Internet Service Provider roaming (pronounced "whisper”) is a method for browser-based and smart-client login at a captive portal hotspot. It requires that radius be used for AAA and defines the required radius attributes. WISPr authentication by smart-clients (a mini web browser) uses SSL/XML based protocol for authentication to seamlessly login to Hotspots without the need for the user to interact with a captive portal. First supported on ArubaOS 6.2
Feature Notes :
ArubaOS supports authentication for Wireless Internet Service Provider roaming (WISPr). WISPr authentication allows clients to roam between hotspots using different ISPs.
Working With WISPr Authentication:
WISPr authentication allows a “smart client” to authenticate on the network when they roam between Wireless Internet Service Providers, even if the wireless hotspot uses an ISP for which the client may not have an account.
If you are a hotspot operator using WISPr authentication, and a client that has an account with your ISP attempts to access the Internet at your hotspot, then your ISP’s WISPr AAA server authenticates that client directly, and allows the client access on the network. If, however, the client only has an account with a partner ISP, then your ISP’s WISPr AAA server forwards that client’s credentials to the partner ISP’s WISPr AAA server for authentication. Once the client has been authenticated on the partner ISP, it is authenticated on your hotspot’s own ISP, as per their service agreements. After your ISP sends an authentication message to the controller, the controller assigns the
default WISPr user role to that client.
ArubaOS supports the following smart clients, which enable client authentication and roaming between hotspots by embedding iPass Generic Interface Specification (GIS) redirect, proxy, authentication and logoff messages within HTLM messages to the controller.
Configuration Steps :
Configuring WISPr Authentication:
A WISPr authentication profile includes parameters to define RADIUS attributes, the default role for authenticated WISPr users, maximum numbers of authenticated failures and logon wait times. The WISPr-Location-ID sent from the controller to the WISPr RADIUS server is the concatenation of the ISO Country Code, E.164 Country Code, E.164 Area Code and SSID/Zone parameters configured in this profile
The parameters to define WISPr RADIUS attributes are specific to the RADIUS server your ISP uses for WISPr authentication; contact your ISP to determine these values.
In the WebUI:
This section describes how to create and configure a new instance of a WISPr authentication profile in the WebUI.
1. Navigate to the Configuration > Security > Authentication > L3 Authentication page.
2. In the Profiles list, expand the WISPr Authentication Profile.
3. To define settings for an existing profile, click that profile name in the profiles list.
To create and define settings for a new WISPr Authentication profile, select an existing profile, then click the Save As button in the right window pane. Enter a name for the new profile in the entry field. at the top of the right window pane.
4. Define values for the following parameters
5. Click Apply.
6. In the Profiles list, select the Server Group entry below the WISPr Authentication profile
7. Click the Server Group drop-down list and select the group of RADIUS servers you want to use for WISPr authentication.
8. Click Apply.
In the CLI:
Use the following CLI commands to configure WISPr authentication. The first set of commands defines the RADIUS server used for WISPr authentication, the second set adds that server to a server group, and the third set of commands associates that server group with the WISPR authentication profile then defines the profile settings.
host)(config)# aaa authentication-server radius <rad_server_name>
(host)(config)# aaa server-group group <server-group>
(host)(config)# aaa authentication wispr