Versions Compared

Old Version 4

changes.mady.by.user Stefan Winter

Saved on

compared with

New Version 5

changes.mady.by.user Stefan Winter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: indentation

...

wlan ssid-profile PasspointAruba
  enable
  type employee
  (warning)essid PasspointAruba                                        # ANPs choice and irrelevant for OpenRoaming purposes
  opmode wpa2-aes
  max-authentication-failures 0
  auth-server OR_Proxy_eduroamOT                              # we will only connect you if you are an eduroam SP! Definition see below.
  rf-band all
  captive-portal disable
  dtim-period 1
  broadcast-filter arp
  dmo-channel-utilization-threshold 90
  local-probe-req-thresh 0
  max-clients-threshold 64
  hotspot-profile OpenRoaming                                 # the important bit. Definition see below.

...

hotspot hs-profile OpenRoaming
  enable
  no comeback-mode
  no asra                                                     # no captive portal on this network
  internet                                                    # internet access is provided
  no pame-bi
  no group-frame-block
  no p2p-dev-mgmt
  no p2p-cross-connect
  addtl-roam-cons-ois 0                                       # there are not more than 3 roaming consortium OIs (-> no ANQP queries to be run)
  gas-comeback-delay 500
  query-response-length-limit 6
  access-network-type private                                 # eduroam networks are private to the R&E community
  (warning)venue-group business                                        # adjust to the classification of your hotspot
  (warning)venue-type research-and-dev-facility                        # adjust to the classification of your hotspot
  roam-cons-len-1 5                                           # OpenRoaming RCOIs are always 4.5 bytes long (5 octets rounded)
  roam-cons-oi-1 5a03ba0000                                   # the main OpenRoaming RCOI: "OpenRoaming-All" (unsettled access, all identities welcome, baseline QoS)
  roam-cons-len-2 3                                           # Cisco's legacy OpenRoaming RCOI is 3 bytes long
  roam-cons-oi-2 004096                                       # Cisco's legacy OpenRoaming RCOI, still needed for their OpenRoaming app and Samsung OneUI onboarding workflow
  roam-cons-len-3 0
  advertisement-profile anqp-venue-name YourVenueInfo         # description of the venue in ANQP. Definition see below.
  advertisement-profile anqp-roam-cons OpenRoaming            # in case a station does run ANQP for the list of RCOIs, also add the same RCOIs as an ANQP element
  advertisement-profile anqp-roam-cons OpenRoamingCiscoLegacy # in case a station does run ANQP for the list of RCOIs, also add the same RCOIs as an ANQP element

...

wlan auth-server OR_Proxy_eduroamOT
  (warning)ip ...                                                      # IP address of the preliminary OpenRoaming ANP-side proxy of eduroam OT
  port 1812
  acctport 1813
  (warning)key ...                                                     # your shared secret for the preliminary OpenRoaming ANP-side proxy of eduroam OT
  service-type-framed-user 1x

...

wlan auth-server OR_Proxy_eduroamOT
  radsec
  ip openroaming-ap.eduroam.org                                 # this is the real hostname
  port 1812                                                     # these don't matter, it is an ArubaOS artifact. The port used is TCP/2083.
  acctport 1813                                                 # these don't matter, it is an ArubaOS artifact. The port used is TCP/2083.
  rfc5997 auth-only
  service-type-framed-user 1x

wlan cert-assignment-profile
  pki-cert-assign application radsec cert-type ClientCert certname RADIUS-TLS-Cert # "RADIUS-TLS-Cert" is the friendly name given to the certificate during upload in the web interface (Maintenance -> Certificates -> Upload -> Client)

...

hotspot anqp-venue-name-profile YourVenueInfo
  enable
  (warning)venue-group business                                        # repeats beacon info (see above) in ANQP
  (warning)venue-type research-and-dev-facility                        # repeats beacon info (see above) in ANQP
  venue-lang-code eng                                         # a descriptive name for the venue in English language follows
  (warning)venue-name "RESTENA Offices"                                # the name in English

...

hotspot anqp-roam-cons-profile OpenRoaming
  enable
  roam-cons-oi-len 5
  roam-cons-oi 5A03BA0000

hotspot anqp-roam-cons-profile OpenRoamingCiscoLegacy
  enable
  roam-cons-oi-len 3
  roam-cons-oi 004096