Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Air Pass Overview
Air Pass is supported in this release as a selectively available feature. Air Pass Air Pass is a roaming service designed to enable mobile network operators (MNOs) to extend their 5G cellular coverage and automatically roam on enterprise networks powered by Aruba networking gear. is currently available for Central deployments in US clusters only. Contact your Aruba Account Manager to enable it in your Aruba Central account.
Air Pass offers a seamless cellular roaming solution to connect to the enterprise networks. Air Pass is a roaming service designed to enable MNOs to extend their 5G cellular coverage and automatically roam on enterprise networks powered by Aruba networking gear.
Passpoint Passpoint is a Wi-Fi certified solution that enables the mobile devices to automatically authenticate on enterprise Wi-Fi networks using their cellular credentials. is a technology that enables mobile devices to automatically authenticate on enterprise Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. networks using their cellular credentials.
For Air Pass service, the MNOs provision Passpoint profiles on the SIM Subscriber Identity Module. SIM is an integrated circuit that is intended to securely store the International Mobile Subscriber Identity (IMSI) number and its related key, which are used for identifying and authenticating subscribers on mobile telephony devices.-enabled devices of their subscribers. Administrators configure Air Pass on the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network for guest users in the following way:
-
After receiving an authentication request from a guest user to connect to a WLAN network, HPE Aruba Networking Central proxies the authentication request to the MNOs.
-
The MNOs validate and respond to the authentication request.
-
If the authentication request is passed successfully by the MNO Mobile Network Operator. A mobile network operator is a telecommunications service provider organisation that provides wireless voice and data communication for its subscribed mobile users., HPE Aruba Networking Central then configures a role-based policy to provide guest access to the WLAN network.
Figure 1 Air Pass Architecture Diagram
Key Features
The following are some of the key features of Air Pass:
- Provides frictionless onboarding of guest devices to Wi-Fi without going through the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.. It is beneficial at places like schools, universities, hotels, retail stores, hospitals, and other indoor venues that provide enterprise Wi-Fi hotspots Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet..
- With Air Pass, mobile users of a mobile network enjoy seamless and secure guest access to Wi-Fi networks in the enterprise venues.
- Empowers the enterprise Wi-Fi networks to serve as full-fledged roaming partners to the mobile operator’s 5G networks and in turn, allows the mobile operators to rely upon the enterprise Wi-Fi networks as a cost-effective extension of their own 5G coverage.
- Enables 5G experience with Wi-Fi 5/6/6E.
- Provides seamless transition and authentication of 4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. and 5G users to Wi-Fi networks.
- Provides role-based control and simplified device onboarding using enterprise security.
- Uses WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. and WPA3 Enterprise wireless security.
- Works with Aruba ClearPass ClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. for AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis.-powered insights and access control.
- Enables cellular roaming in the existing Aruba Wi-Fi 4/5 WLANs without hardware upgrades. This feature is not supported on all AP models. Contact your Aruba Account Manager for details.
- Air Pass is a function of HPE Aruba Networking Central that is only available for use in the United States. Usage of Air Pass outside of the United States may subject you to additional liability, and you acknowledge that risk through your use of Air Pass. Terms and conditions associated with Air Pass may be found on https://www.arubanetworks.com/legal/, and may be updated at HPE’s sole discretion from time to time.
- All devices auto-connect to Air Pass SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. However, the following devices fail to connect automatically:
- Pixel running Android 10
- Pixel running Android 11
- Pixel running Android 12
For more information on Air Pass configuration, see Configuring Air Pass in a WLAN Network.
Support for MSP
Air Pass is now enabled for tenants that are managed within the MSP account. The MSP administrator can configure Air Pass and perform actions such as debug, troubleshoot authentication for each tenant and delete configuration on one tenant if required. MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. Admin can enable Air Pass at the tenant level. To configure Air Pass for MSP tenants, see Configuring Air Pass in a WLAN Network.
Understanding Air Pass Authorization Workflow with HPE Aruba Networking Central
The following sections explain how Air Pass authorization works with HPE Aruba Networking Central and the WLAN network.
- Step 1: Configuring Air Pass on HPE Aruba Networking Central
- Step 2: Authorization Request from Clients
- Step 3: Connecting the Clients to HPE Aruba Networking Central
- Step 4: Accessing the Network
Step 1: Configuring Air Pass on HPE Aruba Networking Central
Configure Air Pass in a WLAN network for guest users. For more information, Configuring Air Pass in a WLAN Network.
Step 2: Authorization Request from Clients
- The APs broadcast Passpoint beacons to all the clients at regular intervals.
- The clients regularly scan for Wi-Fi APs that use Passpoint to broadcast their service provider reachability. It allows the clients to choose an appropriate AP for Wi-Fi service before initiating authentication.
- On receiving the Passpoint beacon, the clients proceed with an ANQP Access Network Query Protocol. ANQP is a query and a response protocol for Wi-Fi hotspot services. ANQP includes information Elements (IEs) that can be sent from the AP to the client to identify the AP network and service provider. The IEs typically include information about the domain name of the AP operator, the IP addresses available at the AP, and information about potential roaming partners accessible through the AP. If the client responds with a request for a specific IE, the AP will send a Generic Advertisement Service (GAS) response frame with the configured ANQP IE information. request for more information. It sends a 3GPP Third Generation Partnership Project. 3GPP is a collaborative project aimed at developing globally acceptable specifications for third generation mobile systems. network information query to the AP.
- On receiving the ANQP request, the AP sends the ANQP response. It sends the PLMN Public Land Mobile Network. PLMS is a network established and operated by an administration or by a Recognized Operating Agency for the specific purpose of providing land mobile telecommunications services to the public. list that includes a list of servers on which authentication needs to be performed.
- Once the subscriber selects the compatible authentication server, the WLAN association occurs between the clients and the AP.
Step 3: Connecting the Clients to HPE Aruba Networking Central
- The AP sends an EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. request to the client.
- On receiving the EAP request, the client sends an EAP response. The EAP response includes the unique identification information specific to the SIM credentials of the client.
- The AP transmits the EAP response to the HPE Aruba Networking Central.
- On receiving the EAP response, the HPE Aruba Networking Central validates and then dynamically proxies the authentication request to the applicable MNO.
- The MNO validates the authentication request against its database and sends the EAP success response to the HPE Aruba Networking Central.
Step 4: Accessing the Network
On successful authentication, the AP provides an IP address to the client to access the Wi-Fi network. The Role set by an admin during the SSID configuration is applied for the Guest's access to a network.