Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

HotSpot 2.0

This thread has been viewed 11 times

  • 1.  HotSpot 2.0

    Posted Jan 28, 2020 08:30 PM

    Hello everyone, 

     

    The company I work for is looking into setting up HotSpot2.0 in some of our cites currently running AOS 8.X code. Ive been doing some research  and in some scenarios Ive seen that there is a local radius sever and in others it is external. 

     

    Just trying to figure out if anyone has deployed it to find out some details reguarding Radius and connecting to the carries with SIM devices. 

     

    Any help or guidence will be greatly appreciated. 



  • 2.  RE: HotSpot 2.0
    Best Answer

    Posted Jan 28, 2020 09:09 PM

    I have done that for a few operators when I was working in Saudi Arabia (using both Cisco and Aruba). I think I can help you with this one.

     

    As part of your SSID configuration, you need to enable hotspot 2.0 for the specific SSID. AP will broadcast hotspot2.0 capability in its beacon frame. Client queries 3GPP network information through AQNP and Access Point responds with APs network and service provider identity. Client device validates this information & automatically associates to the passpoint (hotspot 2.0) AP.

     

    On association, 802.1x will be performed by the client. You can either use EAP-SIM or EAP-AKA. Your AAA server will be the service provider AAA server. IF authentication succeeds, the client will be allowed network access.

     

    From config perspective, you will need:

    - To integrate with service provider AAA server

    - Make sure your controller has L3/L4 reachability to the provider AAA server

    - For ease of management, I would recommend use a RADIUS server between Aruba Controller and Service Provider AAA server. I have used Aptilo and Cisco PAR but quite sure ClearPass should work as well.

     



  • 3.  RE: HotSpot 2.0

    Posted Jan 28, 2020 10:32 PM

    jibran.Aziz,

     

    Thanks,this is all very helpfull information.

     

    When integrating with the service providers AAA, we contact them directly to do this or what way do we establish that?



  • 4.  RE: HotSpot 2.0

    EMPLOYEE
    Posted Jan 29, 2020 05:05 AM

    You will need to have a contract with operators or roaming partners in order to get an authentication trust realized (access to operators authentication servers). If you are large enough, operators may speak to you, if it is for a small deployment chances are low that you get this done.

     

    Also, this will be very dependent on the region you are in. There are two main 'challenges' in Passpoint/HS2.0 deployment: 1) Getting access to service providers SIM authentication (if you need SIM authentication), and 2) Getting client devices provisioned for Passpoint/HS2.0, which in many cases is a service provider job in most cases as well to make it 'zero touch' for your end users.

     

    In a country like the US there is a high ratio of phones provisioned with Passpoint profiles already, I have not seen any provider in Europe doing the same.



  • 5.  RE: HotSpot 2.0

    Posted Jan 30, 2020 05:57 PM

    Yes, as Herman pointed out, it will be an agreement with the service provider. In my case, the service providers where the requestors.