SP Identification

The hotspot SP Identification tab displays hotspot properties for service provider identification and authentication.

To configure SP Identification for the hotspot:

Configure a WLAN Services Hotspot. For more information, see Configure Hotspot.
Select the SP Identification tab.

Service Provider Identification
Configure the following parameters:
Realm. The NAI (Network Access Identification) Realms list is a FQDN (Fully-Qualified Domain Name) of the service provider. This is a list of realms that can be successfully authenticated. Each realm may have up to four supported EAP methods.
Note
Wildcards are supported. For example, for realm, you can enter *.extreme.area120.com, instead of entering specific realms.

To add realms:
1. Select New.
2. Enter a value in the Realm field. The NAI Realm is a FQDN of the service provider.
3. Select the EAP Method.
Realm Configuration
Configure an NAI Realm list for each hotspot as follows:
- Add all realms that can authenticate the logon credentials or certificate credentials of a mobile device, including the realms of all roaming partners that are accessible from the hotspot AP. Include the realm of the home SP.
- Add a realm for the PLMN ID. This is the cellular network identity based on public land mobile network (PLMN) information.
- You can configure the EAP method list to support devices that do not know the EAP methods that are being used by a given service provider.
If the device has been provisioned with the home service provider, the device does not need to use the EAP methods in the NAI Realm List. The mobile device knows the EAP method required to authenticate against its home service provider and automatically uses it.

Note
Keep your DNS server records up to date so that mobile devices can resolve the server domain names (FQDN).

Mobile devices with a SIM or USIM credential, can obtain a realm from the hotspot NAI Realm list. While 3GPP credentials are usually used to access a hotspot, a targeted NAI home query is an efficient alternative approach. The device's connection manager compares the realm information in the list to the information that is stored on the device. The connection manager uses the mobile device‘s pre-configured user preferences and policy to make a decision between a hotspot AP or a non-hotspot AP, if both are available.

Roaming Consortium. Configure authentication of mobile devices to the members of a roaming consortium, or for a particular service provider that has a roaming consortium. Add the appropriate IEEE-assigned Organizational Identifier (OI). Specify up to eight identifiers unique to the organization that are part of the MAC address.
Note
The order of the roaming consortium definition is important and it is preserved during configuration changes and system upgrade. The AP39xx access points continue to support only two identifiers. The AP39xx receives the first two identifiers in the list.

Use roaming consortium authentication when you do not know all the authenticated realms. Using identifiers unique to the organization in the beacon is a battery efficient roaming method because there are no ANQP queries needed.
3GPP Cellular Network. This is a list of cellular network IDs in the form of mobile country code (MCC), mobile network code (MNC). This list establishes whether an AP has a roaming arrangement with the 3GPP service providers.
1. Select New to expand the 3GPP Cellular Network pane.
2. Enter the MCC and MNC values.
3. Provide an optional description. The Description field supports up to 32 bytes and UTF-8 format.
  Note
  The New button remains unavailable until valid values are entered in both fields.
4. Select New to accept the entered values and open a new row.
After you have finished configuring the SP Identification tab, select OK to save the configuration.