Configure Passpoint Policy NAI Realm

About this task

The Network Access Identifier (NAI) is the user identity submitted by the hotspot requesting client during authentication. The standard syntax is user@realm. NAI is frequently used when roaming, to identify the user and assist in routing an authentication request to the user's authentication server. The realm name is often the domain name of the service provider.


  1. Select Policies > Passpoint > Policy Name > NAI Realm.
  2. Select to create a new NAI realm configuration for passpoint hotspot utilization, to modify the attributes of an existing configuration, or to remove a selected configuration from the existing policies.

    Provide a realm name.

  3. Set the following EAP Method attributes to secure the NAI realm used by the passpoint policy:
    Index Select an EAP instance index from 1 to 10 to apply to this hotspot‘s EAP credential exchange and verification session. NAIs are often user identifiers in the EAP authentication protocol
    Method Set an EAP method for the NAI realm.

    Options include identity, otp, gtc, rsa-public-key, tls, sim, ttls, peap, ms-auth, ms-authv2, fast, psk, and ikev2

    Authentication Type Specify the EAP method authentication type.

    Options include expanded-eap, non-eap-inner, inner-eap, expanded-inner-eap, credential, tunn-eap-credential, and vendor

    Authentication Value If you are setting the authentication type to either non-eap-inner, inner-eap, credential, or tunnel-eap-credential, define an authentication value that must be shared with the EAP credential validation server resource.

    Options include chap, mschap, mschapv2, and pap

    Authentication Vendor ID If the authentication type is set to either expanded-eap or expanded-inner-eap, set a six-character authentication vendor ID. This ID must match the ID utilized by the EAP server resource
    Authentication Vendor Specific If required, add 2 to 510 character vendor-specific authentication data required for the selected authentication type. Type the value in an a- FA -F0-9 format
    Authentication Vendor Type Set an eight-character authentication vendor type used exclusively for the expanded-eap or expanded-inner-eap authentication types
  4. Select Add to save the NAI realm updates.