Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This configuration was tested on ArubaOS 8.7.1.1 (Vela build). Configuration of OpenRoaming (and Passpoint in general) is not possible via the UI, one needs to resort to CLI mode. The total configuration consists of multiple building blocks, each of which has its own section below. Much of it is copy&paste - the bits to adapt are marked with (warning).

You must also take care when looking at the configuration. Aruba InstantOn APs use different setting names for some items (notably the ANQP 3GPP network settings ).


Main body: "wlan ssid-profile" definition

...

hotspot hs-profile OpenRoaming
enable
no comeback-mode
no asra # no captive portal on this network
internet # internet access is provided
no pame-bi
no group-frame-block
no p2p-dev-mgmt
no p2p-cross-connect
addtl-roam-cons-ois 0 # there are not more than 3 roaming consortium OIs (-> no ANQP queries to be run)
gas-comeback-delay 500
query-response-length-limit 6
access-network-type private # eduroam networks are private to the R&E community
(warning)venue-group business # adjust to the classification of your hotspot
(warning)venue-type research-and-dev-facility # adjust to the classification of your hotspot
roam-cons-len-1 5 # OpenRoaming RCOIs are always 4.5 bytes long (5 octets rounded)
roam-cons-oi-1 5a03ba0000 # the main OpenRoaming RCOI: "OpenRoaming-All" (unsettled access, all identities welcome, baseline QoS)
roam-cons-len-2 3 # Cisco's legacy OpenRoaming RCOI is 3 bytes long
roam-cons-oi-2 004096 # Cisco's legacy OpenRoaming RCOI, still needed for their OpenRoaming app and Samsung OneUI onboarding workflow
roam-cons-len-3 0
advertisement-profile anqp-venue-name YourVenueInfo # description of the venue in ANQP. Definition see below.
advertisement-profile anqp-roam-cons OpenRoaming # in case a station does run ANQP for the list of RCOIs, also add the same RCOIs as an ANQP element
advertisement-profile anqp-roam-cons OpenRoamingCiscoLegacy # in case a station does run ANQP for the list of RCOIs, also add the same RCOIs as an ANQP element
 advertisement-profile anqp-nai-realm OpenRoaming_ANY_Realm # likely to be optional, but found to make the AP work when it didn't without it. Advertises the realms allowed to connect to this hotspot
advertisement-profile anqp-3gpp OpenRoaming_MNO # this is entirely optional. This defines several mobile operators who can switch to WiFi OpenRoaming on your network based on their MCC/MNC (PLMN) information

Uplink to authentication server: "auth-server"

...

MNO (mobile network operator) information in ANQP: "anqp-3gpp"

(The optional ANQP 3GPP profile can handle up to six mobile phone operator PLMNs. The PLMN is made up of the Mobile Country Code (MCC) and the Mobile Network Code (MNC). For example, AT&T has two PLMNs, 310280 and 310410, T-Mobile USA has one: 310260. It's 5-6 characters long. The values can usually be derived from the '@wlan.mncXXX.mccYYY.3gppnetwork.org' username you see on a network, any 0 prefix can be dropped). To date we are aware that AT&T and T-Mobile configure their SIMs to use OpenRoaming, if their PLMN is advertised.

hotspot anqp-3gpp-profile OpenRoaming_MNO
  enable
  3gpp-plmn1 PLMN_val            val1             # Look up the PLMN at https://mcc-mnc.net/
  :
  :
  3gpp-plmn6 xxxxxPLMN_val6