WLAN as easy as a mobile service. Philipp Michalschik LANCOM Systems GmbH

Similar documents
ORGANIZATION INITIATIVE DETAILS IEEE u u amendment to standard published in February Wi-Fi Alliance Hotspot 2.

Wi-Fi CERTIFIED Passpoint (Release 1) Deployment Guidelines

Contents. Hotspot2.0 and ANDSF for Smart Mobile User Connectivity

Hotspot 2.0 and ANDSF for Smart Mobile User Connectivity

WI-FI ROAMING BUILDING ON ANDSF AND HOTSPOT2.0

Carrier Wi-Fi Guidelines

Deploying iphone and ipad Virtual Private Networks

Achieving carrier-grade Wi-Fi in the 3GPP world

Aradial Enforcer / AAA Features & capabilities

How to enroll Android devices in SoMobile. Content Introduction... 1 Prerequisites... 1 Enrollment... 2

U.S. Patent Appl. No. 13/ filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD

How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:

white paper Using NFV to Enable a Managed WLAN Service Offering

Manual Data Configuration

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Co-existence of Wireless LAN and Cellular Henry Haverinen Senior Specialist Nokia Enterprise Solutions

3G/Wi-Fi Seamless Offload

VLANs. Application Note

On-boarding and Provisioning with Cisco Identity Services Engine

AAA & Captive Portal Cloud Service TM and Virtual Appliance

Security Awareness. Wireless Network Security

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Security and Authentication Concepts

Advanced Administration

WLAN Traffic Offload in LTE

ADMINISTRATION GUIDE Cisco Small Business

Wireless Technology Seminar

When enterprise mobility strategies are discussed, security is usually one of the first topics

BYOD: BRING YOUR OWN DEVICE.

How To Improve Alancom Vpn On A Pc Or Mac Or Ipad (For A Laptop) With A Network Card (For Ipad) With An Ipad Or Ipa (For An Ipa) With The Ipa 2.

Enterprise Security with mobilecho

Policy and Profile Reference Guide. BES10 Cloud Market Preview

GPC JagTalk Secure Wireless Network. Connection Instructions

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

by Daan Stakenburg and Jason Crampton ISTOCKPHOTO/THINKSTOCK

Cisco Virtual Office Flexibility and Productivity for the Remote Workforce

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Configuration Manual English version

Solving the Sticky Client Problem in Wireless LANs SOLVING THE STICKY CLIENT PROBLEM IN WIRELESS LANS. Aruba Networks AP-135 and Cisco AP3602i

Certified Wireless Security Professional (CWSP) Course Overview

Wireless Network Configuration Guide

Authentication, Authorization and Accounting (AAA) Protocols

COMMUNICATIONS ALLIANCE LTD PUBLIC WI-FI NETWORKS INDUSTRY INFORMATION PAPER MAY 2012

Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database

Application Note User Groups

Guide for Businesses

vwlan External RADIUS 802.1x Authentication

The Network Discovery and Selection Problem. Draft-ietf-eap-netsel-problem-06.txt Paul Congdon & Bernard Aboba IEEE 802.

Application Note Secure Enterprise Guest Access August 2004

Quick Start Guide for Zone Director Controller

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

AudiaFLEX Voice-over-IP Interface. Preliminary Steps. Configuring a Cisco CallManager system to work with Biamp s VoIP-2 card

TrustSec How-To Guide: On-boarding and Provisioning

BlackBerry Business Cloud Services. Policy Reference Guide

Telfort Mobile Internet Software User Manual

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

WIRELESS SETUP FOR WINDOWS 7

Nimble out-out-of-band authentication for EAP

Licensing Guide BES12. Version 12.1

Cellular Data Offload. And Extending Wi-Fi Coverage. With Devicescape Easy WiFi

WiNG 5.X How-To Guide

INTRODUCTION... 2 Windows Windows Mac OS X Ubuntu Advanced routing Windows Mac OS X Ubuntu...

Network Access Control and Cloud Security

Wireless Local Area Networks (WLANs)

UAG4100 Support Notes

Executive Summary Introduction Drivers for Wi-Fi Recent Wi-Fi Enablers Evolving Standards...

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

GSU JagTalk Secure Wireless Network. Connection Instructions

802.1X Authentication

Using 2 nd router as Wireless Access Point (AP)

Enabling WISPr (Hotspot Services) in the ZoneDirector

Cisco Virtual Office Express

Bluesocket virtual Wireless Local Area Network (vwlan) FAQ

Lab Organizing CCENT Objectives by OSI Layer

Next Generation Wireless Local Area Networks

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation

Network Working Group Request for Comments: 5113 Category: Informational Microsoft J. Korhonen, Ed. TeliaSonera F. Bari AT&T January 2008

Deploying iphone and ipad Apple Configurator

MSC-131. Design and Deploy AirDefense Solutions Exam.

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Case Study - Configuration between NXC2500 and LDAP Server

Bring Your Own Design: Implemen4ng BYOD Without Going Broke or Crazy. Eric Stresen- Reuter Technical Director Ruckus Wireless

How to Connect to UCO s Wireless Network on an Android Device

Security. TestOut Modules

pfsense Captive Portal: Part One

Product Description. HUAWEI E5338 Mobile WiFi V200R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

WiFi Anywhere. Multi Carrier 3G/4G WiFi Router. IntraTec Solutions Ltd

How To Deliver Next Generation Hotspot Services

Administering Jive Mobile Apps

WFA Device 1.0. Template Version 1.01 January 2006

WiFiLAN Cloud. Wifi soft Solutions

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Enhancing the Mobile Experience with Connectivity

Network Security 1 Module 4 Trust and Identity Technology

How To Secure A Wireless Network With A Wireless Device (Mb8000)

Nokia Networks. Voice over Wi-Fi. White paper. Nokia Networks white paper Voice over Wi-Fi

AWiMA: An architecture for Adhoc Wireless Mobile internet-access

Cisco AnyConnect Mobility Client Installation and Use. For Select Samsung Android. 01/06/12 mlw

Thank you for purchasing the Mobile WiFi. This Mobile WiFi brings you a high speed wireless network connection.

Transcription:

WLAN as easy as a mobile service Philipp Michalschik LANCOM Systems GmbH!1

Mobile Service Turn your mobile device on Enter PIN to unlock SIM Mobile device connects to your service provider automatically!2

WLAN Turn WLAN on Wait for list of scanned SSIDs Choose an SSID (that you like) Enter credentials (passphrase, username/ password, web-auth, certificate)!3

Network Selection without 802.11u Typically: Choice of Connection is up to the user Access Type unknown to user (Is this the right SSID for me? Do I have the required credentials? Is Internet available?) Different connection options via different SSIDs In a hotspot scenario: Each roaming partner requires its own SSID!4

802.11u - Interworking with External Networks STA can interwork with external networks (e.g. mobile service provider) in a hotspot or public network Information transfer (from external network prior to association) MAC layer enhancements for end-to-end communication of typically higher layer solutions Wi-Fi Alliance (WFA) Certification: Passpoint (based on HotSpot2.0 (HS2.0) element)!5

IEEE 802.11u/Passpoint STA scans for SSIDs with Interworking and HS2.0 Element Access based on credentials on STA rather than just SSID name(s) STA can get authenticated by external Authenticator, Hotspot with Proxy AAA service One SSID for multiple roaming partners (3GPP, Realm, Roaming partner) Initial Connection without user interaction possible, due to already installed credentials (compare to mobile service)!6

New Elements in Beacon Interworking Advertisement Protocol Roaming Consortium!7

!8

Interworking Element Defines Network Type: Private, Private-GuestAccess, Public(-free/- charge), [ ] Internet available on SSID? Additional Step(s) Required for Access (ASRA): Web-auth/WISPr (un-authenticated) Emergency Services Accessible ((U)ESA): USA notifies people e.g. tornado warnings Venue Information: Group (Restaurant, Business, Educational, ); Type (Stadium, Restaurant, Library, ) Homogenous Extended Service Set ID (HESSID): Same ESS across multiple APs (Roaming)!9

Roaming Consortium Each Service Provider (SP) or group of SPs requires an IEEE organization identifier (OI), globally unique(!) Up to 3 OIs in a Beacon (Saves Airtime) Additional OIs within Advertisement Protocol!10

Advertisement Protocol [1] Additional Information to the STA General Advertisement Service (GAS) frames to query specific information on device request via ANQP Access Network Query Protocol (ANQP) STA does not have an IP yet => L2 Protocol!11

Advertisement Protocol Cont. Venue Name (readable for humans e.g. Duesseldorf Airport ) Network Authentication Type Info: Do users have to accept Terms and Conditions? HTTP(S) Redirect URL On-line enrollment IPv4 Info: Public IP?, NAT, Port restricted IPv6 Info: Available?!12

NAI Realm Network Access Identifier (NAI): user@realm (e.g. joe@example.com) Indicate Extensible Authentication Protocol (EAP) types: Client Credential (Token, certificate, username/ password, SIM) Inner authentication method (PAP, CHAP, MSCHAP, MSCHAPv2)!13

3GPP Cellular Public Land Mobile Network (PLMN) ID, comprised of the Mobile Country Code (MCC) and Mobile Network Code (MNC) Mobile STA with cellular subscription looks for matching PLMN ID EAP-SIM (2G/3G SIM cred.) or EAP-AKA (4G USIM cred.)!14

!15 [2]

HotSpot2.0 Vendor specific ANQP format for additional information WAN metrics: Link status: up/down/test Down-/Uplink speed, load and load measurement duration Connection capabilities: Common IP protocols and ports (Firewall!) NAI Home Realm Query: STA asks if AP supports any of its installed/configured NAI realms Operating class indication element: On which channels are APs with Passpoint enabled!16

Devices Passpoint capable devices: Apple ios 7 devices Android devices (if option is enabled): e.g. Samsung Galaxy S4/Note3, Sony Xperia Z1, LG G2/Flex, HTC One/One Max AP/WLC: Ruckus, Cisco, Aruba, Motorola, Xirrus and LANCOM :-) Networks with 802.11u still support non-11u clients!17

Conclusion Connection decision is moved from the user to the STA (like mobile service) Valuable information prior to association Slowly but steady growing STA support Perfect for mobile data offloading in high density venues (e.g. stadium, shopping malls, airports)!18

Thank you for your attention! Questions?!19

Known Issues Devices connect to known SSIDs before searching Passpoint SSIDs A lot to configure on AP and STA for good connection choices Bad Wi-Fi connection is not indicated (You are too far away from the AP) WAN connection could be under-provisioned!20

Mixed Stuff Proper QoS Map (DSCP to UP) Mapping for each Service Provider 802.21: Media Independent Handover (MIH) support Mobile Data Offloading (MDO) in high density areas e.g. stadium or airport!21

Bibliography [1]: GAS/ANQP graph on page 11: http:// a030f85c1e25003d7609- b98377aee968aad08453374eb1df3398.r40.cf2.rackc dn.com/wp/wp-how-interworking-works.pdf (page 6) [2]: Connection graph on page 15: www.terena.org/ activities/tf-mobility/meetings/26/07-11u-dave.pptx (page 9)!22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information