You are here: Home > CLI Commands > Just_CLI_Topics > wlan hotspot anqp-nai-realm-profile

wlan hotspot anqp-nai-realm-profile

wlan hotspot anqp-nai-realm-profile <profile-name>

clone <source>

nai-home-realm

nai-realm-auth-id-1|nai-realm-auth-id-2 {credential-type|expanded-eap|expanded-inner-eap|inner-auth-eap|non-eap-inner-auth|reserved|tunneled-eap-credential-type}

nai-realm-auth-value-1|nai-realm-auth-value-2 {cred-cert|cred-hw-token|cred-nfc|cred-none|cred-rsvd|cred-sim|cred-soft-token|cred-user-pass|cred-usim|cred-vendor-spec|eap-crypto-card|eap-generic-token-card|eap-identity|eap-method-aka|eap-method-sim|eap-method-tls|eap-method-ttls|eap-notification|eap-one-time-password|eap-peap|eap-peap-mschapv2|non-eap-chap|non-eap-mschap|non-eap-mschapv2|non-eap-pap|non-eap-rsvd|reserved|tun-cred-anon|tun-cred-cert|tun-cred-hw-token|tun-cred-nfc|tun-cred-rsvd|tun-cred-sim|tun-cred-soft-token|tun-cred-user-pass|tun-cred-usim|tun-cred-vendor-spec}

nai-realm-eap-method crypto-card|eap-aka|eap-sim|eap-tls|eap-ttls|generic-token-  card|identity|notification|one-time-password|peap|peap-mschapv2

nai-realm-encoding <nai-realm-encoding>

nai-realm-name <nai-realm-name>

no

Description

This command defines a Network Access Identifier (NAI) realm whose information can be sent as an Access network Query Protocol (ANQPAccess Network Query Protocol. ANQP is a query and a response protocol for Wi-Fi hotspot services. ANQP includes information Elements (IEs) that can be sent from the AP to the client to identify the AP network and service provider. The IEs typically include information about the domain name of the AP operator, the IP addresses available at the AP, and information about potential roaming partners accessible through the AP. If the client responds with a request for a specific IE, the AP will send a Generic Advertisement Service (GAS) response frame with the configured ANQP IE information.) information element in a Generic Advertisement Service (GASGeneric Advertisement Service. GAS is a request-response protocol, which provides Layer 2 transport mechanism between a wireless client and a server in the network prior to authentication. It helps in determining a wireless network infrastructure before associating clients, and allows clients to send queries to multiple 802.11 networks in parallel. ) query response.

Syntax

Parameter

Description

<profile-name>

 

Name of the ANQPAccess Network Query Protocol. ANQP is a query and a response protocol for Wi-Fi hotspot services. ANQP includes information Elements (IEs) that can be sent from the AP to the client to identify the AP network and service provider. The IEs typically include information about the domain name of the AP operator, the IP addresses available at the AP, and information about potential roaming partners accessible through the AP. If the client responds with a request for a specific IE, the AP will send a Generic Advertisement Service (GAS) response frame with the configured ANQP IE information. NAI realm profile.

clone <source>

 

Copies an existing NAI Realm profile.

nai-home-realm

Marks the realm in this profile as the NAI Home Realm.

nai-realm-auth-id-1|nai-realm-auth-id-2

Use the nai-realm-auth-id-1 command to send the one of the following authentication methods for the primary NAI realm ID.

Use the nai-realm-auth-id-2 command to send the one of the following authentication methods for the secondary NAI realm ID.

credential-type

The specified authentication ID uses credential authentication.

expanded-eap

The specified authentication ID uses the expanded EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  authentication method.

expanded-inner-eap

The specified authentication ID uses the expanded inner EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  authentication method.

inner-auth-eap

The specified authentication ID uses inner EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  authentication type.

non-eap-inner-auth

The specified authentication ID uses non-EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  inner authentication type.

reserved

The specified authentication ID uses Reserved authentication type.

tunneled-eap-credential-type

The specified authentication ID uses the tunneled EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  credential type.

nai-realm-auth-value-1|nai-realm-auth-value-2

Use the nai-ream-auth-value-1 command to select an authentication value for the authentication method specified by nai-realm-auth-id-1.

Use the nai-ream-auth-value-2 command to select the authentication value for the authentication method specified by nai-realm-auth-id-2.

cred-cert

Credential - Certificate.

cred-hw-token

Credential - Hardware Token.

cred-nfc

Credential - NFCNear-Field Communication. NFC is a short-range wireless connectivity standard (ECMA-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they touch or are brought closer (within a few centimeters of distance). The standard specifies a way for the devices to establish a peer-to-peer (P2P) network to exchange data..

cred-none

Credential - None.

cred-rsvd

Credential - Reserved.

cred-sim

Credential - SIMSubscriber Identity Module. SIM is an integrated circuit that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used for identifying and authenticating subscribers on mobile telephony devices..

cred-soft-token

Credential - Soft Token.

cred-user-pass

Credential - Username and password.

cred-usim

Credential - USIM.

cred-vendor-spec

Credential - Vendor-specific.

eap-crypto-card

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - Crypto-card.

eap-generic-token-card

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - Generic-Token-Card.

eap-identity

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - Identity.

eap-method-aka

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - AKA.

eap-method-sim

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - SIMSubscriber Identity Module. SIM is an integrated circuit that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used for identifying and authenticating subscribers on mobile telephony devices. - GSM Subscriber Iden.

eap-method-tls

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. - Transport Layer Sec.

eap-method-ttls

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - TTLS - Tunneled Transport Security.

eap-notification

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - Notification.

eap-one-time-password

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - One-Time-Password.

eap-peap

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - PEAPProtected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS..

eap-peap-mschapv2

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - PEAPProtected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. MSCHAP V2.

non-eap-chap

Non-EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients..

non-eap-mschap

Non-EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - MSCHAP.

non-eap-mschapv2

Non-EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - MSCHAPv2.

non-eap-pap

Non-EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure..

non-eap-rsvd

Non-EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Method - Reserved for future use.

reserved

Reserved for future use.

tun-cred-anon

Tunneled Credential - ANONYMOUS.

tun-cred-cert

Tunneled Credential - CERTIFICATE .

tun-cred-hw-token

Tunneled Credential - Hardware Token.

tun-cred-nfc

Tunneled Credential - NFCNear-Field Communication. NFC is a short-range wireless connectivity standard (ECMA-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they touch or are brought closer (within a few centimeters of distance). The standard specifies a way for the devices to establish a peer-to-peer (P2P) network to exchange data..

tun-cred-rsvd

Tunneled Credential - RESERVED.

tun-cred-sim

Tunneled Credential - SIMSubscriber Identity Module. SIM is an integrated circuit that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used for identifying and authenticating subscribers on mobile telephony devices..

tun-cred-soft-token

Tunneled Credential - Soft Token.

tun-cred-user-pass

Tunneled Credential - USERNAME and PASSWORD.

tun-cred-usim

Tunneled Credential - USIM.

tun-cred-vendor-spec

Tunneled Credential - VENDOR SPECIFIC.

nai-realm-eap-method

Select one of the options below to identify the EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  authentication method supported by the hotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. realm.

crypto-card

Crypto card authentication

eap-aka

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  for UMTSUniversal Mobile Telecommunication System. UMTS is a third generation mobile cellular system for networks. See 3G. Authentication and Key Agreement

eap-sim

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  for GSM Subscriber Identity Modules

eap-tls

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. -Transport Layer Security

eap-ttls

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. -Tunneled Transport Layer Security

generic-token-card

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Generic Token Card (EAP-GTCEAP – Generic Token Card. (non-tunneled).)

identity

EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Identity type

notification

The hotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. realm uses EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Notification messages for authentication.

one-time-password

Authentication with a single-use password.

peap

Protected Extensible Authentication Protocol

peap-mschapv2

Protected Extensible Authentication Protocol with Microsoft CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients. version 2

nai-realm-encoding <nai-realm-encoding>

Issue this command if the NAI realm named defined by nai-realm-name <nai-realm-name> is a UTF-8 formatted character string that is not formatted in accordance with IETF RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 4282.

nai-realm-name <nai-realm-name>

Name of the NAI realm. The realm name is often the domain name of the service provider.

no

Negates or removes any existing parameter

Usage Guidelines

An AP’s NAI Realm profile identifies and describes a NAI realm accessible using the AP, and the method that this NAI realm uses for authentication. These settings configured in this profile determine the NAI realm elements that are included as part of a GASGeneric Advertisement Service. GAS is a request-response protocol, which provides Layer 2 transport mechanism between a wireless client and a server in the network prior to authentication. It helps in determining a wireless network infrastructure before associating clients, and allows clients to send queries to multiple 802.11 networks in parallel. Response frame.

Values configured in this profile will not be sent to clients unless you:

1. Associate the ANQPAccess Network Query Protocol. ANQP is a query and a response protocol for Wi-Fi hotspot services. ANQP includes information Elements (IEs) that can be sent from the AP to the client to identify the AP network and service provider. The IEs typically include information about the domain name of the AP operator, the IP addresses available at the AP, and information about potential roaming partners accessible through the AP. If the client responds with a request for a specific IE, the AP will send a Generic Advertisement Service (GAS) response frame with the configured ANQP IE information. NAI Realm profile with an ANQPAccess Network Query Protocol. ANQP is a query and a response protocol for Wi-Fi hotspot services. ANQP includes information Elements (IEs) that can be sent from the AP to the client to identify the AP network and service provider. The IEs typically include information about the domain name of the AP operator, the IP addresses available at the AP, and information about potential roaming partners accessible through the AP. If the client responds with a request for a specific IE, the AP will send a Generic Advertisement Service (GAS) response frame with the configured ANQP IE information. advertisement profile. (wlan hotspot advertisement profile <profile-name>anqp-nai-realm-profile <profile-name>)

2. Associate the ANQPAccess Network Query Protocol. ANQP is a query and a response protocol for Wi-Fi hotspot services. ANQP includes information Elements (IEs) that can be sent from the AP to the client to identify the AP network and service provider. The IEs typically include information about the domain name of the AP operator, the IP addresses available at the AP, and information about potential roaming partners accessible through the AP. If the client responds with a request for a specific IE, the AP will send a Generic Advertisement Service (GAS) response frame with the configured ANQP IE information. advertisement profile with a HotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. profile. (wlan hotspot h2-profileadvertisement-profile <profile-name>)

3. Enable the hotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. feature within that HotspotHotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. profile. (wlan hotspot h2-profile <profile-name>hotspot-enable)

Example

(host) [md] (config) #wlan hotspot anqp-nai-realm-profile home

(host) [md] (ANQP NAI Realm Profile "home") #enable

(host) [md] (ANQP NAI Realm Profile "home") #nai-realm-name corp-hotspot.com

(host) [md] (ANQP NAI Realm Profile "home") #nai-realm-auth-id-1 credential-type

(host) [md] (ANQP NAI Realm Profile "home") #nai-realm-auth-value-1 cred-cert

(host) [md] (ANQP NAI Realm Profile "home") #nai-home-realm

(host) [md] (config) #wlan hotspot anqp-nai-realm-profile non-home

(host) [md] (ANQP NAI Realm Profile "non-home") #nai-realm-name corp-hotspot-roam.com

(host) [md] (ANQP NAI Realm Profile "non-home") #nai-realm-eap-method eap-sim

(host) [md] (ANQP NAI Realm Profile "non-home") #nai-realm-auth credential-type

Command History

Version

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/