Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiWiFi and FortiAP Configuration Guide

Hotspot 2.0 configuration

Hotspot 2.0 ANQP configuration

Hotspot 2.0 Access Network Query Protocol (ANQP) is a query and response protocol that defines seamless roaming services offered by an AP. To configure Hotspot 2.0 ANQP, use the CLI commands available under config wireless-controller hostspot20:

Note

A hotspot profile needs to be attached to VAP, and can only be attached to an enterprise security VAP. You can configure the security type and attach the hotspot profile with the following commands:

config wireless-controller vap

edit {name}

set security wpa2-only-enterprise

set hotspot20-profile {string}

next

end

Syntax

config wireless-controller hotspot20 anqp-3gpp-cellular

edit {name}

config mcc-mnc-list

edit {id}

set id {integer}

set mcc {string}

set mnc {string}

next

next

end

config wireless-controller hotspot20 anqp-ip-address-type

edit {name}

set ipv6-address-type {option}

set ipv4-address-type {option}

next

end

config wireless-controller hotspot20 anqp-nai-realm

edit {name}

config nai-list

edit {name}

set encoding {enable | disable}

set nai-realm {string}

config eap-method

edit {index}

set method {option}

config auth-param

edit {index}

set id {option}

set val {option}

next

next

next

next

end

config wireless-controller hotspot20 anqp-network-auth-type

edit {name}

set auth-type {option}

set url {string}

next

end

config wireless-controller hotspot20 anqp-roaming-consortium

edit {name}

config oi-list

edit {index}

set oi {string}

set comment {string}

next

next

end

config wireless-controller hotspot20 anqp-venue-name

edit {name}

config value-list

edit {index}

set lang {string}

set value {string}

next

next

end

config wireless-controller hotspot20 h2qp-conn-capability

edit {name}

set icmp-port {option}

set ftp-port {option}

set ssh-port {option}

set http-port {option}

set tls-port {option}

set pptp-vpn-port {option}

set voip-tcp-port {option}

set voip-udp-port {option}

set ikev2-port {option}

set ikev2-xx-port {option}

set esp-port {option}

next

end

config wireless-controller hotspot20 h2qp-operator-name

edit {name}

config value-list

edit {index}

set lang {string}

set value {string}

next

next

end

config wireless-controller hotspot20 h2qp-osu-provider

edit {name}

config friendly-name

edit {index}

set lang {string}

set friendly-name {string}

next

set server-uri {string}

set osu-method {option}

set osu-nai {string}

config service-description

edit {service-id}

set lang {string}

set service-description {string}

next

set icon {string}

next

end

config wireless-controller hotspot20 h2qp-wan-metric

edit {name}

set link-status {option}

set symmetric-wan-link {option}

set link-at-capacity {enable | disable}

set uplink-speed {integer}

set downlink-speed {integer}

set uplink-load {integer}

set downlink-load {integer}

set load-measurement-duration {integer}

next

end

config wireless-controller hotspot20 hs-profile

edit {name}

set access-network-type {option}

set access-network-internet {enable | disable}

set access-network-asra {enable | disable}

set access-network-esr {enable | disable}

set access-network-uesa {enable | disable}

set venue-group {option}

set venue-type {option}

set hessid {mac address}

set proxy-arp {enable | disable}

set l2tif {enable | disable}

set pame-bi {enable | disable}

set anqp-domain-id {integer}

set domain-name {string}

set osu-ssid {string}

set gas-comeback-delay {integer}

set gas-fragmentation-limit {integer}

set dgaf {enable | disable}

set deauth-request-timeout {integer}

set wnm-sleep-mode {enable | disable}

set bss-transition {enable | disable}

set venue-name {string}

set roaming-consortium {string}

set nai-realm {string}

set oper-friendly-name {string}

config osu-provider

edit {name}

next

set wan-metrics {string}

set network-auth {string}

set 3gpp-plmn {string}

set conn-cap {string}

set qos-map {string}

set ip-addr-type {string}

next

end

config wireless-controller hotspot20 icon

edit {name}

config icon-list

edit {name}

set lang {string}

set file {string}

set type {option}

set width {integer}

set height {integer}

next

next

end

config wireless-controller hotspot20 qos-map

edit {name}

config dscp-except

edit {index}

set dscp

set up

next

config dscp-range

edit {index}

set up

set low

set high

next

next

end

Hotspot 2.0 Release 3 profile configuration

Wi-Fi Alliance Hotspot 2.0 Release 3 introduces new features that you can use to configure hotspot profiles.

The following six hotspot profile options are available for Release 3:

release

Hotspot 2.0 Release number (1, 2, 3, default = 2).

venue-url

Venue name.

oper-icon

Operator icon.

advice-of-charge

Advice of charge.

osu-provider-nai

Online sign up (OSU) provider network access identifier (NAI).

terms-and-conditions

Terms and conditions.
To configure wireless controller hotspot 20 hs-profile related settings

config wireless-controller hotspot20 hs-profile

edit "profile1"

set release 3

set venue-url "venue-ulr-config1"

set oper-icon "icon-orange"

set advice-of-charge "aoc1"

set osu-provider-nai "osu_nai1"

set terms-and-conditions "tc-1"

next

end

config wireless-controller hotspot20 anqp-venue-url

edit "venue-ulr-config1"

config value-list

edit 1

set number 1

set value "https://venue-server.r2m-testbed.wi-fi.org/floorplans/index.html"

next

end

next

end

config wireless-controller hotspot20 icon

edit "icon-orange"

config icon-list

edit "icon_orange_zxx.png"

set lang "zxx"

set file "icon_orange_zxx.png"

set width 128

set height 61

next

end

next

end

config wireless-controller hotspot20 h2qp-advice-of-charge

edit "aoc1"

config aoc-list

edit "list1"

config plan-info

edit "plan1"

set lang "ENG"

set currency "USD"

set info-file "time_plan1"

next

end

next

end

next

end

config wireless-controller hotspot20 h2qp-osu-provider-nai

edit "osu_nai1"

config nai-list

edit "nai1"

set osu-nai "anonymous@hotspot.net"

next

end

next

end

config wireless-controller hotspot20 h2qp-terms-and-conditions

edit "tc-1"

set filename "tandc-id1-content.txt"

set timestamp 13578042

set url "https://tandc-server.r2m-testbed.wi-fi.org"

next

end

To verify the hotspot profile

# diagnose wireless-controller wlac -c hsprof

 

HSPROF (003/005) vdom,name: root, profile1

venue url        : venue-ulr-config1

operator icon    : icon-orange

advice of charge : aoc1

osu provider nai : osu_nai1

terms and conditions : tc-1

wlan cnt         : 2

vap 001 : 0    ssid_wpa3_en

vap 002 : 0    ssid_ent

To enable OSEN as part of key management in a WPA2/WPA3 enterprise radius authentication SSID

config wireless-controller vap

edit "ssid_ent"

set ssid "ssid_ent"

set security wpa2-only-enterprise

set auth radius

set radius-server "wifi-radius"

set schedule "always"

set hotspot20-profile "profile1"

set osen enable

next

end

To verify the SSID options

# diagnose wireless-controller wlac -c wlan

 

WLAN (002/003) vdom,name: root, ssid_ent

vlanid : 0 (auto vlan intf disabled)

hotspot20-profile : profile1

osen : 1

ssid : ssid_ent radius_server : wifi-radius

Hotspot 2.0 configuration

Hotspot 2.0 ANQP configuration

Hotspot 2.0 Access Network Query Protocol (ANQP) is a query and response protocol that defines seamless roaming services offered by an AP. To configure Hotspot 2.0 ANQP, use the CLI commands available under config wireless-controller hostspot20:

Note

A hotspot profile needs to be attached to VAP, and can only be attached to an enterprise security VAP. You can configure the security type and attach the hotspot profile with the following commands:

config wireless-controller vap

edit {name}

set security wpa2-only-enterprise

set hotspot20-profile {string}

next

end

Syntax

config wireless-controller hotspot20 anqp-3gpp-cellular

edit {name}

config mcc-mnc-list

edit {id}

set id {integer}

set mcc {string}

set mnc {string}

next

next

end

config wireless-controller hotspot20 anqp-ip-address-type

edit {name}

set ipv6-address-type {option}

set ipv4-address-type {option}

next

end

config wireless-controller hotspot20 anqp-nai-realm

edit {name}

config nai-list

edit {name}

set encoding {enable | disable}

set nai-realm {string}

config eap-method

edit {index}

set method {option}

config auth-param

edit {index}

set id {option}

set val {option}

next

next

next

next

end

config wireless-controller hotspot20 anqp-network-auth-type

edit {name}

set auth-type {option}

set url {string}

next

end

config wireless-controller hotspot20 anqp-roaming-consortium

edit {name}

config oi-list

edit {index}

set oi {string}

set comment {string}

next

next

end

config wireless-controller hotspot20 anqp-venue-name

edit {name}

config value-list

edit {index}

set lang {string}

set value {string}

next

next

end

config wireless-controller hotspot20 h2qp-conn-capability

edit {name}

set icmp-port {option}

set ftp-port {option}

set ssh-port {option}

set http-port {option}

set tls-port {option}

set pptp-vpn-port {option}

set voip-tcp-port {option}

set voip-udp-port {option}

set ikev2-port {option}

set ikev2-xx-port {option}

set esp-port {option}

next

end

config wireless-controller hotspot20 h2qp-operator-name

edit {name}

config value-list

edit {index}

set lang {string}

set value {string}

next

next

end

config wireless-controller hotspot20 h2qp-osu-provider

edit {name}

config friendly-name

edit {index}

set lang {string}

set friendly-name {string}

next

set server-uri {string}

set osu-method {option}

set osu-nai {string}

config service-description

edit {service-id}

set lang {string}

set service-description {string}

next

set icon {string}

next

end

config wireless-controller hotspot20 h2qp-wan-metric

edit {name}

set link-status {option}

set symmetric-wan-link {option}

set link-at-capacity {enable | disable}

set uplink-speed {integer}

set downlink-speed {integer}

set uplink-load {integer}

set downlink-load {integer}

set load-measurement-duration {integer}

next

end

config wireless-controller hotspot20 hs-profile

edit {name}

set access-network-type {option}

set access-network-internet {enable | disable}

set access-network-asra {enable | disable}

set access-network-esr {enable | disable}

set access-network-uesa {enable | disable}

set venue-group {option}

set venue-type {option}

set hessid {mac address}

set proxy-arp {enable | disable}

set l2tif {enable | disable}

set pame-bi {enable | disable}

set anqp-domain-id {integer}

set domain-name {string}

set osu-ssid {string}

set gas-comeback-delay {integer}

set gas-fragmentation-limit {integer}

set dgaf {enable | disable}

set deauth-request-timeout {integer}

set wnm-sleep-mode {enable | disable}

set bss-transition {enable | disable}

set venue-name {string}

set roaming-consortium {string}

set nai-realm {string}

set oper-friendly-name {string}

config osu-provider

edit {name}

next

set wan-metrics {string}

set network-auth {string}

set 3gpp-plmn {string}

set conn-cap {string}

set qos-map {string}

set ip-addr-type {string}

next

end

config wireless-controller hotspot20 icon

edit {name}

config icon-list

edit {name}

set lang {string}

set file {string}

set type {option}

set width {integer}

set height {integer}

next

next

end

config wireless-controller hotspot20 qos-map

edit {name}

config dscp-except

edit {index}

set dscp

set up

next

config dscp-range

edit {index}

set up

set low

set high

next

next

end

Hotspot 2.0 Release 3 profile configuration

Wi-Fi Alliance Hotspot 2.0 Release 3 introduces new features that you can use to configure hotspot profiles.

The following six hotspot profile options are available for Release 3:

release

Hotspot 2.0 Release number (1, 2, 3, default = 2).

venue-url

Venue name.

oper-icon

Operator icon.

advice-of-charge

Advice of charge.

osu-provider-nai

Online sign up (OSU) provider network access identifier (NAI).

terms-and-conditions

Terms and conditions.
To configure wireless controller hotspot 20 hs-profile related settings

config wireless-controller hotspot20 hs-profile

edit "profile1"

set release 3

set venue-url "venue-ulr-config1"

set oper-icon "icon-orange"

set advice-of-charge "aoc1"

set osu-provider-nai "osu_nai1"

set terms-and-conditions "tc-1"

next

end

config wireless-controller hotspot20 anqp-venue-url

edit "venue-ulr-config1"

config value-list

edit 1

set number 1

set value "https://venue-server.r2m-testbed.wi-fi.org/floorplans/index.html"

next

end

next

end

config wireless-controller hotspot20 icon

edit "icon-orange"

config icon-list

edit "icon_orange_zxx.png"

set lang "zxx"

set file "icon_orange_zxx.png"

set width 128

set height 61

next

end

next

end

config wireless-controller hotspot20 h2qp-advice-of-charge

edit "aoc1"

config aoc-list

edit "list1"

config plan-info

edit "plan1"

set lang "ENG"

set currency "USD"

set info-file "time_plan1"

next

end

next

end

next

end

config wireless-controller hotspot20 h2qp-osu-provider-nai

edit "osu_nai1"

config nai-list

edit "nai1"

set osu-nai "anonymous@hotspot.net"

next

end

next

end

config wireless-controller hotspot20 h2qp-terms-and-conditions

edit "tc-1"

set filename "tandc-id1-content.txt"

set timestamp 13578042

set url "https://tandc-server.r2m-testbed.wi-fi.org"

next

end

To verify the hotspot profile

# diagnose wireless-controller wlac -c hsprof

 

HSPROF (003/005) vdom,name: root, profile1

venue url        : venue-ulr-config1

operator icon    : icon-orange

advice of charge : aoc1

osu provider nai : osu_nai1

terms and conditions : tc-1

wlan cnt         : 2

vap 001 : 0    ssid_wpa3_en

vap 002 : 0    ssid_ent

To enable OSEN as part of key management in a WPA2/WPA3 enterprise radius authentication SSID

config wireless-controller vap

edit "ssid_ent"

set ssid "ssid_ent"

set security wpa2-only-enterprise

set auth radius

set radius-server "wifi-radius"

set schedule "always"

set hotspot20-profile "profile1"

set osen enable

next

end

To verify the SSID options

# diagnose wireless-controller wlac -c wlan

 

WLAN (002/003) vdom,name: root, ssid_ent

vlanid : 0 (auto vlan intf disabled)

hotspot20-profile : profile1

osen : 1

ssid : ssid_ent radius_server : wifi-radius