Location-Information for Access and Accounting Requests

This section details the implementation of location information delivery in RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , conforming to the specifications of RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss.-5580.

Location Delivery Methods and Location-related RADIUS Attributes

Location information is useful while deploying wireless networks. It can be used to enforce different policies based on the client's location during authentication and authorization. Additionally, location information helps in billing with accounting services.

AP-based location is used to provide the source of Location-Data for Location Delivery. Currently, only Civic Location Profile is supported.

AOS-10 supports the following methods of location delivery based on AP-based information:

  1. Location delivery based on Out-of-Band agreements (using configuration).

  2. Location delivery based on Initial Request (using Location-Capable and Requested-Location-Info attributes during Access-Challenge and Access-request exchanges).

  3. Inclusion of location information in accounting messages.

RADIUS attributes are defined in RFC-5580 that can be used to convey location-related information within authentication and accounting exchanges. AOS-10 supports the following location-related RADIUS attributes defined in RFC-5580 to be exchanged between RADIUS client and RADIUS server:

  1. Operator-Name (Attribute Type = 126)

  2. Location-Information (Attribute Type = 127)

  3. Location-Data (Attribute Type = 128), which includes Civic Address (CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.) Elements such as:

    • CA-type 1 (State)

    • CA-type 3 (City)

    • CA-type 19 (House Number)

    • CA-type 21 (Landmark)

    • CA-type 22 (Additional Location Info)

    • CA-type 23 (Venue Name)

    • CA-type 24 (Postal- Code)

    • CA-type 25 (Building)

    • CA-type 29 (Type of Place)

    • CA-type 34 (Primary Road Name)

  4. Basic-Location-Policy-Rules (Attribute Type = 129)

  5. Extended-Location-Policy-Rules (Attribute Type = 130)

  6. Location-Capable (Attribute Type = 131)

  7. Requested-Location-Info (Attribute Type = 132)

The Country value displayed in the AP location details is determined based on the regulatory country code assigned to the access point. This ensures that the location information complies with local wireless transmission regulations.

This service is compatible with wireless and wired clients connected to access points. It currently only supports civic location profiles, which use the standard postal address formats.

Configuring Location Attributes in RADIUS Access and Accounting Requests

Location-related RADIUS attributes are configurable only through HPE Aruba Networking Central APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. For more information on using APIs, see APIs for Gateway Management.

Perform the following steps:

  1. Configure the AP location information through HPE Aruba Networking Central API.

    ap-location-config

     

    Operator-Name

    NameSpace

    location-type

    Location-Data (ca-element)

    CA-type State

    CA-type City

    CA-type House Number

    CA-type Landmark

    CA-type Additional Location Info

    CA-type Venue Name

    CA-type Zip Code

    CA-type Building

    CA-type Type of Place

    CA-type Primary Road Name

  2. For Location Delivery based on Out-of-Band agreements, enable the following RADIUS location objects through HPE Aruba Networking Central API:

    • radius-loc-obj-in-access—Default, disabled. Enable to include location-related attributes in the RADIUS Access-Requests.

    • radius-loc-obj-in-accting—Default, disabled. Enable to include location-related attributes in the RADIUS Accounting-Requests.

You can use the show ap debug stm-config command to view the AP location information for debugging purposes.