Wireless Access

Reply
Highlighted
Occasional Contributor II

HotSpot 2.0

Hello everyone, 

 

The company I work for is looking into setting up HotSpot2.0 in some of our cites currently running AOS 8.X code. Ive been doing some research  and in some scenarios Ive seen that there is a local radius sever and in others it is external. 

 

Just trying to figure out if anyone has deployed it to find out some details reguarding Radius and connecting to the carries with SIM devices. 

 

Any help or guidence will be greatly appreciated. 


Accepted Solutions
Highlighted

Re: HotSpot 2.0

I have done that for a few operators when I was working in Saudi Arabia (using both Cisco and Aruba). I think I can help you with this one.

 

As part of your SSID configuration, you need to enable hotspot 2.0 for the specific SSID. AP will broadcast hotspot2.0 capability in its beacon frame. Client queries 3GPP network information through AQNP and Access Point responds with APs network and service provider identity. Client device validates this information & automatically associates to the passpoint (hotspot 2.0) AP.

 

On association, 802.1x will be performed by the client. You can either use EAP-SIM or EAP-AKA. Your AAA server will be the service provider AAA server. IF authentication succeeds, the client will be allowed network access.

 

From config perspective, you will need:

- To integrate with service provider AAA server

- Make sure your controller has L3/L4 reachability to the provider AAA server

- For ease of management, I would recommend use a RADIUS server between Aruba Controller and Service Provider AAA server. I have used Aptilo and Cisco PAR but quite sure ClearPass should work as well.

 

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.

View solution in original post


All Replies
Highlighted

Re: HotSpot 2.0

I have done that for a few operators when I was working in Saudi Arabia (using both Cisco and Aruba). I think I can help you with this one.

 

As part of your SSID configuration, you need to enable hotspot 2.0 for the specific SSID. AP will broadcast hotspot2.0 capability in its beacon frame. Client queries 3GPP network information through AQNP and Access Point responds with APs network and service provider identity. Client device validates this information & automatically associates to the passpoint (hotspot 2.0) AP.

 

On association, 802.1x will be performed by the client. You can either use EAP-SIM or EAP-AKA. Your AAA server will be the service provider AAA server. IF authentication succeeds, the client will be allowed network access.

 

From config perspective, you will need:

- To integrate with service provider AAA server

- Make sure your controller has L3/L4 reachability to the provider AAA server

- For ease of management, I would recommend use a RADIUS server between Aruba Controller and Service Provider AAA server. I have used Aptilo and Cisco PAR but quite sure ClearPass should work as well.

 

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.

View solution in original post

Highlighted
Occasional Contributor II

Re: HotSpot 2.0

jibran.Aziz,

 

Thanks,this is all very helpfull information.

 

When integrating with the service providers AAA, we contact them directly to do this or what way do we establish that?

Highlighted
MVP Guru

Re: HotSpot 2.0

You will need to have a contract with operators or roaming partners in order to get an authentication trust realized (access to operators authentication servers). If you are large enough, operators may speak to you, if it is for a small deployment chances are low that you get this done.

 

Also, this will be very dependent on the region you are in. There are two main 'challenges' in Passpoint/HS2.0 deployment: 1) Getting access to service providers SIM authentication (if you need SIM authentication), and 2) Getting client devices provisioned for Passpoint/HS2.0, which in many cases is a service provider job in most cases as well to make it 'zero touch' for your end users.

 

In a country like the US there is a high ratio of phones provisioned with Passpoint profiles already, I have not seen any provider in Europe doing the same.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted

Re: HotSpot 2.0

Yes, as Herman pointed out, it will be an agreement with the service provider. In my case, the service providers where the requestors.

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | CWNA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: