Your device supports WLAN connections according to the IEEE 802.11u standard and the Hotspot 2.0 specification, which is based on it. Using 802.11u you have the option to implement automatic authorization and authentication of your users on a local WLAN network (for example, within your company) or a Public Spot network. The prerequisite for this is that the relevant stations (smartphones, tablet PCs, notebooks, etc. ) also support connections for 802.11u and Hotspot 2.0. In detail, the following functions are offered:
- Automatic network selection In a 802.11u-enabled environment, the user does not have to manually detect and select an SSID. Instead, the client independently searches for and selects a suitable Wi-Fi network by automatically requesting and evaluating the operator and network data of all 802.11u‑ access points that are in range. A previous login to the access point is not required. Hotspot 2.0 stations also have the ability to retrieve information about the services available in a Wi-Fi network. If specific services that are relevant for a user (e.g., connections via HTTP, VPN or VoIP) are not available for a Wi-Fi network, any networks that do not meet the criteria are excluded from further searches. This ensures that users are always connected to the optimal network.
- Automatic authentication and authorization In 802.11u-enabled environments, the station automatically carries out the user's login if the necessary credentials are available. Authentication can be done, for example, using a SIM card, a username and password, or a digital certificate. Repetitive manual input of the credentials by the user in a login screen is no longer necessary. After successful authentication, the user can immediately use the desired services.
- Seamless handover Connections according to 802.11u and in conjunction with 802.21 facilitate the uninterrupted exchange of data connections between different network types. This enables users to switch their stations seamlessly from a cellular network to a WLAN network as soon as they get within range of a Hotspot 2.0 zone—and vice versa. The same is true for the transfer between two different operators if, for example, the user goes from one homogeneous network to another during a bus trip
- Automatic roaming Connections as per 802.11u facilitate roaming between different operator networks. If a user is in range of a Hotspot 2.0 zone of an operator for which he does not have any credentials, his station still has the option to switch to its home network. Authentication at a third-party Hotspot 2.0 zone is handled by the operator's roaming partner, which then allows the user to access the third-party Wi-Fi network. This is interesting not only in areas where there are only single network operators with access points, it is also especially attractive for people traveling abroad.
Example: For example, a user who is in transit in the city with his 802.11u-enabled smartphone (station) can enable the WLAN feature to browse the Internet. The station then starts trying to find all available Wi-Fi networks in the area. If any of the access points offer 802.11u, the station selects the one network that best fits the required service based on the operator and network information that was previously obtained, for example, from a hotspot offering Internet access from its own cellular network company. In this case, the subsequent authentication can be performed automatically via the SIM card so that the user does not need to intervene at any time during the process. The encryption method selected for the connection – e.g., WPA2 – is unaffected.
In summary, connections according to 802.11u and with Hotspot 2.0 enabled combine the security features and performance of classic Wi‑ Fi hotspots with the flexibility and simplicity of data cellular network connections. At the same time, they relieve the cellular networks by redistributing data traffic (and possibly also telephony) to the network connections and frequency bands offered by access points.
Passpoint® Release 2
As of LCOS 10.40 the extended Hotspot 2.0 feature in your WLAN device can be configured as per Passpoint® Release 2 as specified by the Wi‑Fi Alliance. The RADIUS server in the LCOS has been equipped with the necessary features since 10.32 version RU4.
Passpoint® Release 2 simplifies the onboarding of devices into a network using the WPA2-Enterprise (802.1X) encryption method. A dedicated onboarding SSID allows a user with a device that supports Passpoint® Release 2 to install a profile and automatically switch to the encrypted network using the stored credentials. This helps to implement hotspots that provide encrypted wireless communication. An onboarding SSID can be used to give guests temporary access credentials.
Similarly, a mobile service provider can relieve the load on their cellular network by introducing Wi-Fi offloading and allowing mobile devices with a SIM card to automatically log into their WLAN network. Customers' devices find the WLAN network from the mobile service provider and automatically login to the operator’s WLAN network using the user data stored on the SIM card.
Passpoint® Release 2 adds the following features to Hotspot 2.0:
- Online Sign-Up (OSU) – with Passpoint® Release 2, companies and network operators can use "Online Sign-Up" servers (OSU servers) to deliver profiles to their users. Using an open OSU SSID, users can identify various OSU servers by their icons and thus select the one that suits them best. The OSU server can optionally ask the user for credentials before providing a profile that best suits the user’s device. In addition to the open OSU-SSID, an encrypted SSID can be used to exchange user data by means of "anonymous EAP-TLS". This requires the use of a RADIUS server that supports "anonymous EAP-TLS". Note: An OSU server is not included with LCOS. However, solutions are available from LANCOM partners.
- OSU icons – icons corresponding to the supported OSU servers can be uploaded to the LCOS as files using the WEBconfig feature File management. We recommend PNG as the file format.
- Notification – the network can notify the user about an imminent logout from the RADIUS server. This may be the case if the user credentials have expired or if the specified connection duration has been reached.
- QoS Map – the "QoS Map Set" function enables an access point to instruct its clients to use a specific QoS map. This defines the values for the contention window (media access via EDCA) of the various access categories (voice, video, best effort and background data packets) and the corresponding DSCP parameters. At the same time, the access points also use the values stored in the QoS map. Note: Currently available are the two QoS maps required by the Wi-Fi-Alliance and the default QoS map of the LCOS.
