Passpoint Capabilities and requirements for APs
I think the requirements and capabilities of Passpoint certification would be a good start to the this blog series. To be able to support features introduced with 802.11u standard and get certified by WiFi Alienace to comply with Passpoint certification specific requirements from equipment vendors and operators has to be met.
To be able to make the user happy and user internet experience buttery smooth, the technical requirements have to be met by mobile device, access point devices, hotspot operators and service providers.
To make sure that all devices have the same authentication method the following credential types and EAP methods have to be supported:
- If using certificate as a credential type, EAP-TLS EAP method has to be used,
- if using SIM or USIM credentials, EAP-SIM and EAP-AKA must be supported,
- if using username and password (with serv side certs) credentials, EAP-TTLS with MSCHAPv2 has to be supported.
Personally I see WiFi Alliance extending the EAP methods to MD5, LEAP and PEAP (keep calm, I am just kidding about MD5 and LEAP), to make it easier for enterprises to adopt 802.11u. Contrary to the common believe 802.11u can bring tons of added value to enterprise networks.
So lets browse trough required capabilities for the Access Points:
- WPA-2 enterprise only. No WEP and TKIP supported (thank you!!!),
- All EAP methods listed above,
- The “Internetworking” information element supporting “Venue Info” and “Homogeneous extended service set identifier or HESSID” fields as defined in 802.11u standard (do not worry, I will explain in details every element for my blog readers convenience),
- The “Roaming Consortium” information element has to be supported (again referring to 802.11u standard),
- Interworking bit in the “Extended Capabilities” information element has to be set to comply with 802.11u,
- The “Basic Service Set Load” element has to be supported as it contains the information on the current device population and channel utilization in the Basic Service Set,
- These ANQP elements (Access Network Query Protocol, defined in 802.11u… yes, we will talk extensively about this bugger) has to have: “Venue Name” information, “Network Authentication Type” information, “Roaming Consortium” list, “IP Address Type Availability” information, “Network Access Identifier Realm” list, “3GPP Cellular Network” information, “Domain Name” list.
- Hotspot 2.0 (HS) specific ANQP elements have to be supported: “HS Query list”, “HS Capability list”, “Operator Friendly Name”, “WAN Metrics”, “Connection Capability” and “Network Access Identifier Realm query”.
- Proxy ARP service has to be supported to comply with 802.11v-2011, Amendment 8.
- L2 traffic inspection and filtering has to be implemented if the Access Network type element is set to “Free Public Network” or “Chargeable Public Network”.
- AP has to have the capability to disable downstream forwarding of multicast and broadcast frames,
- AP has to have the ability to disable P2P cross connect. This is done by advertising the P2P Manageability attribute with the Cross Connection Permitted field set as 0.
Enough for the part one of the series. I will continue with mobile devices, operators and service providers requirements on the next blog and then we will dive deep into the 802.11u standard itself.