ResourcesTechnical EngineeringDeep Dive: Passpoint (Hotspot 2.0) vs. WBA OpenRoaming

Deep Dive: Passpoint (Hotspot 2.0) vs. WBA OpenRoaming

2024-05-20
WiFi Universe Team

Executive Summary: The Difference Between the Car and the Highway

For network engineers, the terms "Passpoint," "Hotspot 2.0," and "OpenRoaming" are often used interchangeably, leading to architectural confusion. To design a proper federation strategy, one must distinguish between the technical standard and the business framework.

  • Protocol
    Passpoint (Hotspot 2.0) is the vehicle. It is the technical certification based on the IEEE 802.11u standard that allows a mobile device to discover and authenticate to a Wi-Fi network automatically, without user intervention.
  • Federation
    WBA OpenRoaming is the global highway system. It is the trust ecosystem managed by the Wireless Broadband Alliance (WBA) that allows Identity Providers (Google, Samsung) and Access Providers (Venues, Airports) to trust each other's credentials.

"You cannot have OpenRoaming without Passpoint, but you can have Passpoint without OpenRoaming."

1. The Protocol Layer: What is Passpoint (Hotspot 2.0)?

Passpoint is the trade name for the Wi-Fi Alliance certification program based on the IEEE 802.11u amendment. Its primary engineering goal is to solve the "Network Selection" problem.

In legacy Wi-Fi, a client device (STA) scans for a known SSID. If the SSID matches a profile, it attempts to connect. In a Passpoint environment, the decision logic moves from SSID recognition to credential recognition. The device does not look for a specific network name; it looks for a network that supports its credentials.

The Discovery Mechanism: GAS and ANQP

The core innovation of 802.11u is the ability to communicate with the Access Point (AP) pre-association. Before the device commits to a handshake, it queries the AP to see if a roaming agreement exists.

GAS (Generic Advertisement Service) The transport mechanism that allows the transportation of advertisement frames between the STA and the network.
ANQP (Access Network Query Protocol) The actual query protocol used within the GAS frames to ask questions like "Do you support T-Mobile?"

The Technical Flow

  1. Beacon Advertisement: The AP broadcasts beacons containing the Interworking Element (IE). This bit acts as a flag, telling scanning devices, "I support 802.11u/Passpoint."
  2. GAS Request: The mobile device sees the IE and sends a GAS Initial Request frame to the AP.
  3. ANQP Query: Inside that frame, the device asks: "What are the Roaming Consortium Organizational Identifiers (RCOIs) supported here?"
  4. Response & Decision: The AP replies. If the response matches a profile installed on the device, the device proceeds to the WPA2/WPA3-Enterprise handshake.

2. The Federation Layer: What is WBA OpenRoaming?

If Passpoint is the mechanism for the device to speak to the network, OpenRoaming is the legal and technical framework that allows them to trust one another. WBA OpenRoaming solves the scalability issue of bilateral agreements through a Hub-and-Spoke trust model anchored in a Public Key Infrastructure (PKI).

The Packet Flow: Anatomy of a Handshake

  1. 01. AP broadcasts OpenRoaming RCOI (5A-03-BA) in beacon.
  2. 02. Device recognizes RCOI matches stored profile.
  3. 03. Device sends ANQP Query via GAS.
  4. 04. AP Controller looks up IdP via DNS (NAPTR) and opens RadSec Tunnel (TCP/2083).
  5. 05. Mutual TLS (mTLS) exchange of WBA certificates.
  6. 06. User credentials flow through tunnel -> Access-Accept.

3. Deep Dive: Decoding the RCOI

The RCOI is the primary filter for roaming. If the RCOI doesn’t match exactly, the device will not attempt an ANQP query.

Type Base OUI (Hex) Meaning
Settlement-Free 5A-03-BA The Standard. Used for guest access, offloading, and general public Wi-Fi. No money changes hands.
Settled (Paid) BA-A2-D0 Used when the Venue expects payment (e.g., a premium airport tier charging the carrier).
Legacy (Cisco) 00-40-96 Vital for Compatibility. Many older devices and Samsung OneUI profiles still look for this.

Engineering Note: To maximize compatibility, you should typically broadcast the Standard Settlement-Free RCOI (5A-03-BA-00-00) and the Legacy RCOI (00-40-96).

4. Implementation Guide: Configuring the Hardware

Vendor Cisco Catalyst 9800 (IOS XE)

  • Step 1 (ANQP Server): Navigate to Configuration > Wireless > Hotspot 2.0 > ANQP Server. Define Venue Name and add RCOIs 5A03BA and 004096.
  • Step 2 (Profile): Create a Server Profile, link the ANQP server, and ensure GAS is enabled.
  • Step 3 (WLAN): In the WLAN profile, set Security to WPA2+WPA3 Enterprise. Under the Hotspot 2.0 tab, enable the feature and select your profile.

Vendor Cisco Meraki

  • Step 1: Go to Wireless > Configure > Access Control. Select your SSID (WPA2-Enterprise).
  • Step 2: Set Hotspot 2.0 to "Enabled."
  • Step 3: Manually add Roaming Consortiums: 5A03BA and 004096.

Vendor HPE Aruba Networking

  • Step 1: In Central, create a Passpoint Service Profile.
  • Step 2: Define the NAI Realm (e.g., *.openroaming.org) and set EAP Method to EAP-TLS.
  • Step 3: Add the Roaming Consortium OIs (5A03BA, 004096).
  • Step 4: Enable Hotspot 2.0 on the WLAN Security tab and apply the Service Profile.
Find OpenRoaming & Passpoint Enabled Solutions →

Was this guide helpful?

Speak to an Expert