Configuring a Passpoint Service Profile in a WLAN Network

Passpoint Passpoint is a Wi-Fi certified solution that enables the mobile devices to automatically authenticate on enterprise Wi-Fi networks using their cellular credentials. is a Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. certified solution that enables the mobile devices to automatically authenticate on enterprise Wi-Fi networks using their cellular credentials. Once a user accesses the Wi-Fi network offered at a location, the Passpoint-enabled client devices will automatically connect on subsequent visits. This eliminates the need for users to search for and choose a network, request Wi-Fi access, and re-enter authentication credentials on subsequent visits. Passpoint automates the authentication process, enabling more seamless connectivity between the Wi-Fi networks and mobile devices, all while delivering enterprise-level security. Passpoint provisioning supports onboarding of new devices (with or without a SIM Subscriber Identity Module. SIM is an integrated circuit that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used for identifying and authenticating subscribers on mobile telephony devices. card) by establishing credential information and providing policy information to the mobile device.

Key Features

The following are some of the key features of Passpoint:

• Automatic network discovery and selection
• Simplified online sign-up and instant account provisioning
• Seamless network access and roaming between hotspots Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet.
• Enhanced WPA3 security

To configure a Passpoint service profile in a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network, complete the following steps:

• Step 1: Creating a Wireless Network Profile
• Step 2: Configuring VLAN Settings for Wireless Network
• Step 3: Configuring Security Settings for Wireless Network
• Step 4: Adding Passpoint Service Profile

Step 1: Creating a Wireless Network Profile

To configure WLAN settings, complete the following steps:

1. In the WebUI, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click the WLANs tab.

   The WLANs details page is displayed.

5. In the WLANs tab, click + Add SSID.

   The Create a New Network page is displayed.

6. In the General tab, enter a name in the Name (SSID) text-box. Under Advanced Settings, configure the advanced settings parameters for an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. For more information, see Advanced Settings Parameters
7. Click Next.

Step 2: Configuring VLAN Settings for Wireless Network

To configure VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. settings for an SSID, complete the following steps:

1. Under VLANs, configure the VLAN settings for an SSID. For more information, see VLANs Parameters.
2. Click Next.

Step 3: Configuring Security Settings for Wireless Network

To configure security settings, complete the following steps:

1. In the Security tab, select Enterprise in the Security Level slider.
2. Select an encryption key from the Key Management drop-down list:

   • WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES.-Enterprise—Select this option to use WPA2 security. The WPA2 Enterprise requires user authentication and requires the use of a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server for authentication.

   • WPA3-Enterprise(GCM 256)—Select this option to use WPA3 security employing GCM encryption operation mode limited to encrypting 256 bits of plain text.
   • WPA3-Enterprise(CCM 128)—Select this option to use WPA3 security employing CCM encryption operation mode limited to encrypting 128 bits of plain text.

3. Select a primary radius server from the Primary Server drop-down list. For more information, see Configuring Security Settings for Wireless Network.

The Passpoint Service Profile option will not be available if CloudAuth Cloud Authentication and Policy allows you to configure user and client access policies that provide a secured, cloud-based network access control (NAC). is selected in the Primary Server field . If you select the Primary Server as CloudAuth, configure the Cloud Authentication and Policy policy for the users and devices to access the network.

Step 4: Adding Passpoint Service Profile

To add passpoint service profile, complete the following steps:

1. Under Advanced Settings in Security tab, select a profile from the Passpoint Service Profile drop-down list. To add a passpoint service profile, complete the following steps:
   1. Click Manage Passpoint Services.
   2. In the Passpoint Services Profiles page, click + Add Profile.
   3. In the Add Profile window, enter a name for the profile.
      • Click Access Network and enter values for the following parameters:
        • Domain Name—Specify a domain name in the text-box. For example: arubanetworks.com
        • Internet—Enable the Internet toggle switch.
        • Radius Location Data —Enabling this parameter allows the RADIUS server to identify the location of the user.
        • Radius Chargeable User Identity —Enabling this parameter allows the home network to identify the location of the user and in gathering the roaming details. This can be used for billing.
        • Operator Friendly Name—Specify the operator info who is operating the service. For example: HPE Aruba Networking.
        • Venue/Operator Language—An ISO 639 language code that identifies the language used in the Venue Name and Operator Friendly Name fields.
        • Venue Name—Specify venue name from APs associated with the profile.
        • Venue Group—Select one of the venue groups from APs associated with the profile.
        • Venue Type—Select one of the venue type from APs associated with the profile.
        • Network Type—Select an appropriate network type from the drop-down list.
        • IPv4—Select an appropriate IPv4 address from the drop-down list.
        • IPv6—Select an appropriate IPv6 address from the drop-down list.
      • Click Identity Provider and enter values for the following parameters:
        • Select a NAI Realm from the NAI Realms table. To add a NAI realm, click + Add and specify the parameters in the ADD PROFILE page:
          • Realm Name—Specify the Name of the NAI realm. The realm name is often the domain name of the service provider.
          • Realm Encoding—Select the realm encoding from the drop-down list as UTF-8 formatted character string or rfc4282.
          • Home Realm—Enable the Home Realm toggle switch to mark the realm in this profile as the NAI Home Realm.
          • EAP Method—Select one of the options to identify the EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  authentication method supported by the realm.
          • Authentication param—Select an ID and value from the ID and Value drop-down list.
          • Click OK.
        • Select the 3GPP Third Generation Partnership Project. 3GPP is a collaborative project aimed at developing globally acceptable specifications for third generation mobile systems. PLMN Public Land Mobile Network. PLMS is a network established and operated by an administration or by a Recognized Operating Agency for the specific purpose of providing land mobile telecommunications services to the public. IDs from the PLM1, PLMN2, PLMN3, PLMN4, PLMN5, and PLMN6 drop-down list.
      • Click Roaming Consortium and then specify the organization identifiers in the Roaming Consortium OI 1, Roaming Consortium OI 2, and Roaming Consortium OI 3.
   4. Click Save.
2. Expand Accounting and then specify the following parameters:
   1. Select a server from the Accounting drop-down list.
   2. Set the accounting interval in the Accounting Interval text-box.
3. Click Next.
4. Under Access, configure the access settings for an SSID. For more information, see Configuring ACLs for User Access to a Wireless Network.
5. Click Next.

The Summary tab displays all the settings configured in the General, VLANs, Security, and Access tabs.

6. Click Finish.