Hotspot 2.0

Introduction to Hotspot 2.0

The Hotspot 2.0 feature enables IEEE 802.11 devices to interwork with external networks. The interworking service aids network discovery and selection, enabling information transfer from external networks. It provides information to the stations about the networks before association.

Interworking not only helps users within the home, enterprise, and public access domains, but also assists manufacturers and operators to provide common components and services for IEEE 802.11 customers. These services are configured on a per-WLAN basis on the Cisco Wireless Controller (controller).

Hotspot 2.0, also known as HS2 and Wi-Fi Certified Passpoint, is based on the IEEE 802.11u and Wi-Fi Alliance Hotspot 2.0 standards. It seeks to provide better bandwidth and services-on-demand to end users. The Hotspot 2.0 feature allows mobile devices to join a Wi-Fi network automatically, including during roaming, when the devices enter the Hotspot 2.0 area.

The Hotspot 2.0 feature has four distinct parts:

Hotspot 2.0 Beacon Advertisement: Allows a mobile device to discover Hotspot 2.0-compatible and 802.11u-compatible WLANs.
Access Network Query Protocol (ANQP) Queries: Sends queries about the networks from IEEE 802.11 devices, such as network type (private or public); connectivity type (local network, internet connection, and so on), or the network providers supported by a given network.
Online Sign-up: Allows a mobile device to obtain credentials to authenticate itself with the Hotspot 2.0 or WLAN.
Authentication and Session Management: Provides authentication (802.1x) and management of the STA session (session expiration, extension, and so on).

In order to mark a WLAN as Hotspot 2.0-compatible, the 802.11u-mandated information element and the Hotspot 2.0 information element is added to the basic service set (BSS) beacon advertised by the corresponding AP, and in WLAN probe responses.

Note

The Hotspot 2.0 feature supports only local mode or FlexConnect mode (central switching and central authentication).

FlexConnect local switching is only supported when the Open Roaming configuration template is set up using the wireless hotspot anqp-server server-name type open-roaming command. If the configuration diverges from this template, FlexConnect local switching will not be supported.

The following figure shows a standard deployment of the Hotspot 2.0 network architecture:

Figure 1. Hotspot 2.0 Deployment Topology

Configuring Hotspot 2.0

Configuring an Access Network Query Protocol Server

The Access Network Query Protocol Server (ANQP) is a query and response protocol that defines the services offered by an AP, usually at a Wi-Fi Hotspot 2.0.

Note

When configuring roaming-oi in the ANQP server, ensure that you set the beacon keyword for at least one roaming-oi, as mandated by the 802.11u standard.

Procedure

Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless hotspot anqp-server server-name

Example:

Device(config)# wireless hotspot anqp-server my_server

Configures a Hotspot 2.0 ANQP server.

Step 3

description description

Example:

Device(config-wireless-anqp-server)# description "My Hotspot 2.0"

Adds a description for the ANQP server.

Step 4

3gpp-info mobile-country-code mobile-network-code

Example:

Device(config-wireless-anqp-server)# 3gpp-info us mcc

Configures a 802.11u Third Generation Partnership Project (3GPP) cellular network.

The mobile-country-code should be a 3-digit decimal number. The mobile-network-code should be a 2-digit or 3-digit decimal number.

Step 5

anqp fragmentation-threshold threshold-value

Example:

Device(config-wireless-anqp-server)# anqp fragmentation-threshold 100

Configures the ANQP reply fragmentation threshold, in bytes.

The ANQP protocol can be customized by setting the fragmentation threshold, after which the ANQP reply is split into multiple messages.

Note

We recommend that you use the default values for the deployment.

Step 6

anqp-domain-id domain-id

Example:

Device(config-wireless-anqp-server)# anqp-domain-id 100

Configures the Hotspot 2.0 ANQP domain identifier.

Step 7

authentication-type { dns-redirect | http-https-redirect | online-enrollment | terms-and-conditions}

Example:

Device(config-wireless-anqp-server)# authentication-type online-enrollment

Configures the 802.11u network authentication type. Depending on the authentication type, a URL is needed for HTTP and HTTPS.

Step 8

connection-capability ip-protocol port-number { closed| open| unknown}

Example:

Device(config-wireless-anqp-server)# connection-capability 12 40 open

Configures the Hotspot 2.0 protocol and port capabilities.

Note

Hotspot 2.0 specifications require that you predefine some open ports and protocols. Ensure that you meet these requirements in order to comply with the Hotspot 2.0 specifications. See the connection-capability command in the Cisco Catalyst 9800 Series Wireless Controller Command Reference document for a list of open ports and protocols.

Step 9

domain domain-name

Example:

Device(config-wireless-anqp-server)# domain my-domain

Configures an 802.11u domain name. You can configure up to 32 domain names. The domain-name should not exceed 220 characters.

Step 10

ipv4-address-type ipv4-address-type

Example:

Device(config-wireless-anqp-server)# ipv4-address-type public

Configures an 802.11u IPv4 address type in the Hotspot 2.0 network.

Step 11

ipv6-address-type ipv6-address-type

Example:

Device(config-wireless-anqp-server)# ipv6-address-type available

Configures an 802.11u IPv6 address type in the Hotspot 2.0 network.

Step 12

nai-realm realm-name

Example:

Device(config-wireless-anqp-server)# nai cisco.com

Configures an 802.11u NAI realm profile that identifies the realm that is accessible using the AP.

Step 13

operating-class class-id

Example:

Device(config-wireless-anqp-server)# operating-class 25

Configures a Hotspot 2.0-operating class identifier.

Step 14

operator operator-name language-code

Example:

Device(config-wireless-anqp-server)# operator XYZ-operator eng

Configures a Hotspot 2.0 operator-friendly name in a given language. Use only the first three letters of the language, in lower case, for the language code. For example, use eng for English.

To see the full list of language codes, go to: http://www.loc.gov/standards/iso639-2/php/code_list.php.

Note

You can configure only one operator per language.

Step 15

osu-ssid SSID

Example:

Device(config-wireless-anqp-server)# osu-ssid test

Configures the SSID that wireless clients will use for OSU.

The SSID length can be up to 32 characters.

Step 16

roaming-oi OI-value [ beacon]

Example:

Device(config-wireless-anqp-server)# roaming-oi 24 beacon

Configures the 802.11u roaming organization identifier.

If the beacon keyword is specified, the roaming OUI is advertised in the AP WLAN beacon or probe response. Otherwise, it will only be returned while performing the roaming OUI ANQP query.

Note

The hex string of a roaming OUI should contain only lowercase letters.

Step 17

venue venue-name language-code

Example:

Device(config-wireless-anqp-server)# venue bank eng

Configures the 802.11u venue information.

The venue-name should not exceed 220 characters and the language-code should only be 2 or 3 lowercase letters (a-z) in length.

Configuring WAN Metrics

This procedure shows you how to configure the Wide Area Network (WAN) parameters such as uplink and downlink speed, link status, load, and so on.

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	wireless hotspot anqp-server `server-name` Example: `Device(config)# wireless hotspot anqp-server my_server`	Configures a Hotspot 2.0 ANQP server.
Step 3	wan-metrics downlink-load `load-value` Example: `Device(config-wireless-anqp-server)# wan-metrics downlink-load 100`	Configures the WAN downlink load.
Step 4	wan-metrics downlink-speed `speed` Example: `Device(config-wireless-anqp-server)# wan-metrics downlink-speed 1000`	Configures the WAN downlink speed, in kbps.
Step 5	wan-metrics full-capacity-link Example: `Device(config-wireless-anqp-server)# wan-metrics full-capacity-link`	Configures the WAN link to operate at its maximum capacity.
Step 6	wan-metrics link-status `{` down`\|` not-configured`\|` test-state`\|` up`}` Example: `Device(config-wireless-anqp-server)# wan-metrics link-status down`	Sets the WAN link status.
Step 7	wan-metrics load-measurement-duration `duration` Example: `Device(config-wireless-anqp-server)# wan-metrics load-measurement-duration 100`	Configures the uplink or downlink load measurement duration.
Step 8	wan-metrics uplink-load `load-value` Example: `Device(config-wireless-anqp-server)# wan-metrics uplink-load 100`	Configures the WAN uplink load.
Step 9	wan-metrics uplink-speed `speed` Example: `Device(config-wireless-anqp-server)# wan-metrics uplink-speed 1000`	Configures the WAN uplink speed, in kbps.

Configuring an Online Sign-Up Provider

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	wireless hotspot icon bootflash:`system-file-name` `media-type` `language-code` `icon-width` `icon-height` Example: `Device(config)# wireless hotspot icon bootflash:logo1 image eng 100 200`	Configures an icon for Hotspot 2.0 and its parameters, such as media type, language code, icon width, and icon height.
Step 3	wireless hotspot anqp-server `server-name` Example: `Device(config)# wireless hotspot anqp-server my_server`	Configures a Hotspot 2.0 ANQP server.
Step 4	osu-provider `osu-provider-name` Example: `Device(config-wireless-anqp-server)# osu-provider my-osu`	Configures a Hotspot 2.0 OSU provider name.
Step 5	name `osu-operator-name` `lang-code` `description` Example: `Device(config-anqp-osu-provider)# name xyz-oper eng xyz-operator`	Configures the name of the OSU operator in a given language. The osu-operator-name and description should not exceed 220 characters. The language code should be 2 or 3 lower-case letters (a-z).
Step 6	server-uri `server-uri` Example: `Device(config-anqp-osu-provider)# server-uri cisco.com`	Configures the server Uniform Resource Identifier (URI) of the OSU operator.
Step 7	method `{` oma-dm`\|` soap-xml-spp`}` Example: `Device(config-anqp-osu-provider)# method oma-dm`	Configures the primary supported OSU method of the OSU operator.
Step 8	nai-realm `nai-realm` Example: `Device(config-anqp-osu-provider)# nai-realm cisco.com`	Configures the Network Access Identifier (NAI) realm of the OSU operator. The nai-realm should not exceed 220 characters.
Step 9	icon `file-name` Example: `Device(config-anqp-osu-provider)# icon xyz.jpeg`	Configures the icon for the OSU provider. The file-name should not exceed 100 characters.

Configuring Hotspot 2.0 WLAN

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	wlan `wlan-name` `wlan-id` `ssid` Example: `Device(config)# wlan hs2 1 hs2`	Configures a WLAN and enters WLAN configuration mode.
Step 3	security wpa wpa2 gtk-randomize Example: `Device(config-wlan)# security wpa wpa2 gtk-randomize`	Configures random GTK for hole 196 mitigation. Hole 196 is the name of WPA2 vulnerability.
Step 4	no shutdown Example: `Device(config-wlan)# no shutdown`	Enables the WLAN.

Configuring an Online Subscription with Encryption WLAN

Online subscription with Encryption (OSEN) WLAN is used to onboard a Hotspot 2.0 network (to get the necessary credentials) in a secure manner.

Note

You cannot apply a policy profile to the OSEN WLAN if a Hotspot 2.0 server is enabled on the WLAN.

Procedure

Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wlan wlan-name wlan-id ssid

Example:

Device(config)# wlan hs2 1 hs2

Configures a WLAN and enters WLAN configuration mode.

Step 3

security wpa osen

Example:

Device(config-wlan)# security wpa osen

Enables WPA OSEN security support.

Note

OSEN and robust security network (RSN) are mutually exclusive. If RSN is enabled on a WLAN, OSEN cannot be enabled on the same WLAN.

Step 4

no shutdown

Example:

Device(config-wlan)# no shutdown

Enables the WLAN.

Attaching an ANQP Server to a Policy Profile

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	wireless profile policy `policy-profile-name` `ssid` Example: `Device(config)# wireless profile policy policy-hotspot`	Configures a policy profile.
Step 3	shutdown Example: `Device(config-wireless-policy)# shutdown`	Disables the policy profile.
Step 4	hotspot anqp-server `server-name` Example: `Device(config-wireless-policy)# hotspot anqp-server my-server`	Attaches the Hotspot 2.0 ANQP server to the policy profile.
Step 5	no shutdown Example: `Device(config-wireless-policy)# no shutdown`	Enables the policy profile.

What to do next

Attach the policy profile to the WLAN to make the WLAN Hotspot 2.0 enabled.

Configuring Interworking for Hotspot 2.0

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	wireless hotspot anqp-server `server-name` Example: `Device(config)# wireless hotspot anqp-server my_server`	Configures a Hotspot 2.0 ANQP server.
Step 3	network-type allowed `network-type` internet-access`{` allowed`\|` forbidden`}` Example: `Device(config-wireless-anqp-server)# network-type guest-private internet-access allowed`	Configures a 802.11u network type.
Step 4	hessid `HESSID-value` Example: `Device(config-wireless-anqp-server)# hessid 12.13.14`	(Optional) Configures a homogenous extended service set.
Step 5	group `venue-group` `venue-type` Example: `Device(config-wireless-anqp-server)# group business bank`	Selects a group type and venue type from the list of available options.

Configuring the Generic Advertisement Service Rate Limit

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 2	ap profile `profile-name` Example: `Device(config)# ap profile hs2-profile`	Configures an AP profile and enters AP profile configuration mode.
Step 3	gas-ap-rate-limit `request-number` `interval` Example: `Device(config-ap-profile)# gas-ap-rate-limit 20 120`	Configures the number of Generic Advertisement Services (GAS) request action frames sent to the controller by an AP in a given interval.
Step 4	exit Example: `Device(config-ap-profile)# exit`	Returns to global configuration mode.
Step 5	wireless hotspot gas-rate-limit `gas-requests-to-process` Example: `Device(config)# wireless hotspot gas-rate-limit 100`	Configures the number of GAS request action frames to be processed by the controller.

Verifying Hotspot 2.0 Configuration

Use the following show commands to verify the quality of service (QoS) and AP GAS rate limit.

To view whether a QoS map ID is user configured or the default one, use the following command:

Device# show ap profile <profile name> detailed

QoS Map                       : user-configured

To view the QoS map values used and their source, use the following command:

Device# show ap profile <profile name> qos-map  

QoS Map                       : default
DSCP ranges to User Priorities
 User Priority   DSCP low   DSCP high   Upstream UP to DSCP
-----------------------------------------------------------
             0          0           7                     0
             2         16          23                    10
             3         24          31                    18
             4         32          39                    26
             5         40          47                    34
             6         48          55                    46
             7         56          63                    48

DSCP to UP mapping exceptions
 DSCP   User Priority
---------------------
    0               0
    2               1
    4               1
    6               1
   10               2
   12               2
   14               2
   18               3
   20               3
   22               3

To view the AP rate limiter configuration, use the following command:

Device# show ap name AP0462.73e8.f2c0 config general | i GAS

GAS rate limit Admin status                     : Enabled
Number of GAS request per interval              : 30
GAS rate limit interval (msec)                  : 100

Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE 16.12.x

Bias-Free Language

Results

Chapter: Hotspot 2.0

Hotspot 2.0

Introduction to Hotspot 2.0

Configuring an Access Network Query Protocol Server

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configuring WAN Metrics

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configuring an Online Sign-Up Provider

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configuring Hotspot 2.0 WLAN

Procedure

Example:

Example:

Example:

Example:

Configuring an Online Subscription with Encryption WLAN

Procedure

Example:

Example:

Example:

Example:

Attaching an ANQP Server to a Policy Profile

Procedure

Example:

Example:

Example:

Example:

Example:

What to do next

Configuring Interworking for Hotspot 2.0

Procedure

Example:

Example:

Example:

Example:

Example:

Configuring the Generic Advertisement Service Rate Limit

Procedure

Example:

Example:

Example:

Example: