Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Generic RADIUS Location Information Delivery Service
This section details the implementation of location information delivery in RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. conforming to the specifications of RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss.-5580. The location information is utilized during authentication and authorization phases and is integrated with accounting services.
AOS-8 supports the following methods of location delivery based on AP-based information:
-
Location delivery through out-of-band agreements as per configuration settings.
-
Location delivery upon initial request, using location-capable and requested-location-info attributes during access-challenge and access-request phases.
-
Inclusion of location information in accounting messages, using the requested-location-info attribute in access-accept messages.
In addition, AOS-8 supports the following location-related RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. attributes:
-
Operator-Name (Attribute Type = 126) with NameSpace of 'REALM' only.
-
Location-Information (Attribute Type = 127) for basic location identification.
-
Location-Data (Attribute Type = 128), which includes Civic Address Elements such as:
-
CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-type 22 (Additional Location Info)
-
Location-Capable (Attribute Type = 131) to indicate if a device can provide its location.
-
Requested-Location-Info (Attribute Type = 132) for devices requesting specific location data.
The Country value displayed in the AP location details is determined based on the regulatory country code assigned to the access point. This ensures that the location information complies with local wireless transmission regulations.
This service is compatible with wireless and wired clients connected to access points. It currently only supports civic location profiles, which use the standard postal address formats. Future releases will expand to include geospatial location capabilities.
Access Point Location Profile
AP location profiles are visible to users by accessing the Configuration> System > Profiles > AP location page.
This page displays and allows users to configure elements such as:
-
NameSpace ID: Only “REALM” is allowed in AOS-8. It cannot be configured.
-
Operator Name: Can be configured.
-
Location Profile Type: Only Civic location is supported. It is not configurable.
-
Civic Address Elements: Only State, City, Landmark, Additional Location Info, Venue Name, Postal Code, Building and Type of Place are supported in AOS-8. It is configurable.
Location Attributes in RADIUS Access and Accounting Requests
Location-related attributes in RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. access and accounting requests are configured by the ap location-profile command. This command allows the configuration of the civic location data in the system and assign it to the ap-group or to the ap-name profiles. This command contains parameters that help in identifying the physical location of APs within the network.
The following parameters under aaa-profile control whether location-related attributes are included in RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. packets unconditionally. These two parameters should be used based on Out-of-Band agreements between AOS-8 and RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. servers:
-
radius-loc-obj-in-access: default is disabled. Location-related attributes will be included in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Access-Requests when it is enabled.
-
radius-loc-obj-in-accting: default is disabled. Location-related attributes will be included in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Accounting-Requests when it is enabled.
Backward Compatibility with Location Delivery in Hotspot 2.0 Service
In earlier releases, AOS-8 has integrated a location delivery mechanism based on Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 service (also know as Passpoint). Location configurations are done through Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 profiles.
Refer to Hotspot 2.0 for further details.
The legacy Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0-based location delivery mechanism and the new location-delivery service based on AP-location profile can co-exist in the AOS-8 environment and are mutually exclusive. For this to be possible, users should consider the following:
-
Location sharing during access requests: If users switch to the radius-loc-obj-in-access option, location details will be included every time an Access-Request RADIUS packet sent to a RADIUS server requesting authorization. is sent.
-
Location sharing in accounting requests: By enabling radius-loc-obj-in-accting, location information will be included in all RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Accounting-Requests without exceptions.
-
Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 for access requests: If radius-loc-obj-in-access is disabled and location is enabled in Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 profiles, the system will default to the legacy Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 method for sending location information with RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Access-Requests.
-
Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 for accounting requests: With radius-loc-obj-in-accting disabled and location active in Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 profiles, the legacy Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 approach is used to send location information with RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Accounting-Start and Accounting-Stop Requests.
-
Default location capability: Unless other configurations are specified, the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Location-Capable attribute is included by default in all Access-Request RADIUS packet sent to a RADIUS server requesting authorization. packets. Location delivery for the initial request and subsequent accounting messages is managed via ap location-profile.