OpenRoaming

The OpenRoaming app enables your customers to join your network seamlessly and automatically ​

Say goodbye to finding and typing Wi-Fi passwords, and to disruptive pop-up screens. With OpenRoaming, your mobile device can connect quickly, automatically, and securely to your trusted Wi-Fi network (All OpenRoaming use cases require to configure OpenRoaming app on DNA Spaces).​

Use Cases & Value

OpenRoaming supports multiple use cases across various industries. Here are some of the most common ways in which this app is delivering value to our customers.​

Seamless, secure onboarding & improve user insights​​

Improve onboarding experience with a seamless and secure Wi-Fi connection access for customers, students, or guests, and generate better customer insights​​​

Value Delivered: Enhanced Wi-Fi experience & improved customer insights​​

Useful to: IT teams, marketing, visitors​

Drive loyalty customer value​

Provide differentiated service for mobile app loyalty users by auto-onboarding mobile app users and engaging with them contextually​

Value Delivered: Improved loyalty guest experience & drive targeted engagement​​

Useful to: IT, Guest services teams, Sales & Marketing​

Carrier Indoor coverage ​

Provide enhanced indoor coverage for your customers, through seamless and secure Wi-Fi onboarding instead of expensive Distributed Antenna Systems (DAS) deployments​

Value Delivered: enhanced indoor coverage & cost saving for DAS deployment​

Useful to: IT teams, visitors

Monetize your network

Monetization through carrier offload of data onto the Wi-Fi network​

Value Delivered: additional revenue stream​

Useful to: IT teams, marketing

Address privacy MAC challenges​

Recognize device & users based on OpenRoaming ID instead of MAC ID, which eliminates any impacts brought by MAC randomization​

Value Delivered: keep all onboarding & analytics benefits without MAC randomization impact​

Useful to: IT, Guest services teams, Sales & Marketing​

AireOS/Catalyst

Meraki

Please complete the following pre-requisites for access to OpenRoaming​

OpenRoaming leverages the DNA Spaces Connector​

  1. Configure the DNA Spaces Connector (As in Step 1).​
  2. Go to DNA Spaces Dashboard and go into Setup > Wireless Networks.​
  3. ​Choose Wireless Setup and Connect via Spaces Connector.​
  4. The DNA Spaces Connector will be listed under View Connector (Created as in Step 1).​
  5. Under Connect via Spaces Connector > Add Controller, click Add Controllers.​
  6. In the Add Connector Window, select the required Spaces Connector.​
  7. Enter the IP Address and name of the AireOS controller.
  8. ​Set Controller Type to WLC (AireOS).​
  9. Select the required Controller SNMP Version and enter the necessary credentials.​
  10. Click Save & Close.​
  11. The added controller will be listed under View Controllers.​

  1. Go to OpenRoaming app within DNA Spaces Dashboard.​
  2. Click on the Hamburger menu and go to Setup.​
  3. Click on Create OpenRoaming Profile to configure a new OpenRoaming Hotspot profile.​
  4. Click on Enable Hotspot for Connector(s) to enable OpenRoaming Hotspot Connector on the configured connector.​
  5. Select the connector where the Hotspot Connector needs to be activated.​
  6. Copy the token and paste it in the DNA Spaces Connector running in the network.​

The configuration can be done manually on the respective controllers OR the configuration provided in the DNA Spaces Setup Page can be used.​

  1. Go to OpenRoaming app within DNA Spaces Dashboard.​
  2. Click on the Hamburger menu and go to Setup.​
  3. Select the required Wireless LAN Controller.​
  4. Select the required OpenRoaming Hotspot profile and click Continue.​
  5. Provide the WLAN-Id based on the controller chosen.​
  6. Configuration is generated based on the input.​
  7. Copy the configuration and paste it in the CLI.​

  1. Log into the Wireless Lan Controller.​
  2. Go to the Security Menu and select AAA > RADIUS > Authentication. Click New. ​
  3. In the Add a AAA server page:​
    • Set Network User to Enable.​
    • Set Management to Disable. ​
    • Set the Server Address to the IP address of the DNA Spaces Connector.​
    • Set the port to 1812. ​
    • Set the Shared Secret to radsec. ​
    • Set Auth Called Station ID Type to AP MAC Address SSID​.
  1. Go to the Security Menu and select AAA > RADIUS > Accounting. Click New.​
  2. In the Add a AAA server page:​
    1. Set Network User to Enable.​
    2. Set Tunnel Proxy to Disable. ​
    3. Set the Server Address to the IP address of the DNA Spaces Connector.​
    4. Set the port to 1813. ​
    5. Set the Shared Secret to radsec. ​
    6. Set Acct Called Station ID Type to AP MAC Address SSID.​

  1. Log into the Wireless Lan Controller and go to WLANs menu. ​
  2. Select WLANs and click create New.​
  3. In WLAN-Edit General Tab, set the status to Enabled.​
  4. In the Security/Layer2 tab:​
    1. Configure the required Layer 2 security and encryption.​
    2. Set Authentication Key Management to 802.1x.​
  5. In the Security/AAA servers tab, select the IP address of the OpenRoaming Hotspot Connector for both authentication and accounting.​
  1. Fill in EFT Form or contact carrieroffload-eft@cisco.com to join our EFT program for Carrier Offload.
  2. To set up DNA Spaces SDK, visit our setup guide for step-by-step instructions: https://dnaspaces.cisco.com/setupguide/feature-spaces-sdk/#prerequisites
Please complete the following pre-requisites for access to OpenRoaming​

OpenRoaming leverages the DNA Spaces Connector​

  1. Configure the DNA Spaces Connector (As in Step 1).​
  2. Go to DNA Spaces Dashboard and go into Setup > Wireless Networks.​
  3. ​Choose Wireless Setup and Connect via Spaces Connector.​
  4. The DNA Spaces Connector will be listed under View Connector (Created as in Step 1).​
  5. Under Connect via Spaces Connector > Add Controller, click Add Controllers.​
  6. In the Add Connector Window, select the required Spaces Connector.​
  7. Enter the IP Address and name of the Catalyst 9800.​
  8. ​Set Controller Type to Catalyst WLC / Catalyst 9800.​
  9. Enter the credentials for the controller.​
  10. Click Save & Close.​
  11. The added controller will be listed under View Controllers.

  1. Go to OpenRoaming app within DNA Spaces Dashboard.​
  2. Click on the Hamburger menu and go to Setup.​
  3. Click on Create OpenRoaming Profile to configure a new OpenRoaming Hotspot profile.​
  4. Click on Enable Hotspot for Connector(s) to enable OpenRoaming Hotspot Connector on the configured connector.​
  5. Select the connector where the Hotspot Connector needs to be activated.​
  6. Copy the token and paste it in the DNA Spaces Connector running in the network.​
The configuration can be done manually on the 9800 or the configuration provided in the DNA Spaces Setup Page can be used.​

Configuration via DNA Spaces

  1. Go to OpenRoaming app within DNA Spaces Dashboard.​
  2. Click on the Hamburger menu and go to Setup.​
  3. Select the required Wireless LAN Controller.​
  4. Select the required OpenRoaming Hotspot profile and click Continue.​
  5. Provide the WLAN name based on the controller chosen.​
  6. Select the either Catalyst: (17.2.1/17.3.1) (for IOS XE versions 17.2.1 or later) or Catalyst: (16.12.1/17.1.1) (for IOS XE versions earlier than 17.2.1)​
  7. Configuration is generated based on the input.​
  8. Copy the configuration and paste it in the CLI.​

Note: The generated configuration assumes the default Wireless Policy Profile and Policy Tag will be used. If using a different Wireless Policy Profile and Policy Tag, copy only the OpenRoaming HotSpot ANQP server.

Manual Configuration via 9800 WebUI

  1. Log into the 9800 WebUI.​
  2. Go to Configuration > Wireless > Hotspot/OpenRoaming.​
  3. In the ANQP Servers tab, click Add.​
  4. Enter a name for the server and check the box OpenRoaming. This will auto populate the settings with internet access enabled, network type as Chargeable Public, and the NAI Realms.​
  5. Edit the Network Type, NAI Realms, and Domains if necessary.​
  6. Select the required OpenRoaming Organization Identifier (OI) by clicking the blue arrow to move them to the Assigned ROI box. Enable the beacons by checking the box next to each Roaming OI.​
  7. Click Apply to Device.​

This step can be skipped if using the generated configuration from DNA Spaces as well as the default Wireless Policy Profile and Policy Tag.

1. Apply the OpenRoaming Hotspot ANQP Server to the Wireless Policy Profile

  1. Go to the WebUI of the Catalyst 9800.​
  2. Go to Configuration > Tags & Profiles > Policy.​
  3. Select the required Wireless Policy Profile.​
  4. In the Advanced tab, select the created Hotspot Server.​
  5. Click Update & Apply to Device.​

2. Map the OpenRoaming WLAN Profile and Wireless Policy Profile in the Policy Tag​

  1. Go to Configuration > Tags & Profiles > Tags.​
  2. In the Policy tab, click Add.​
  3. Under WLAN-POLICY Maps, click Add.​
  4. Select the OpenRoaming WLAN Profile and Wireless Policy Profile and click the checkbox to save the mapping.​
  5. Click Apply to Device.​

1. Log into the 9800 WebUI and go to Configuration > Security > AAA. ​

Procedure for AAA Authentication​

  1. Click on Add to create the RADIUS Server.​
  2. Provide a name to server.​
  3. Set the Server Address to the IP Address of the DNA Spaces Connector and the Key to radsec.
  4. Click Apply to Device.​
  5. Select Server Groups tab and click Add.​
  6. Provide a name to server group.​
  7. Set MAC-Delimiter to hyphen and add the created RADIUS server to the group.​
  8. Click Apply to Device.​

a. Select Authentication option and click Add.​ ​​

  • Provide a method list name.​
  • Set Type to dot1x.​
  • Set Group Type to group. ​
  • Select the server group created in previous step.​

b. Now select Authorization option and click Add.​

  • Provide a method list name.​
  • Set Type to exec.​
  • Set Group Type to group.​
  • Select the server group created in previous step.​

c. Now select Accounting option and click Add.

  • Provide a method list name.​
  • Set Type to identity.​
  • Select the server group created in previous step.​
  1. Go to Global Config > Show Advanced Settings.
  2. For Called-Station-id, select ap-macaddress-ssid for both Accounting and Authentication.​
  3. Click Apply.​

Configure the WLAN Profile​

  1. Log into the 9800 WebUI and go to Configuration > Tags & Profiles > WLANs.​
  2. Click Add to create a new WLAN.​
  3. In the General tab:
    • Set a name for the WLAN​
    • Set the status to Enabled.​
  4. In the Security/Layer2 tab: ​
    • Select the required Layer 2 security mode and encryption.​
    • Set Authentication Key Management to 802.1x.​
  5. In the Security/AAA tab, set the Authentication List to the AAA Authentication Method List containing the Hotspot Connector.​
  6. Click Apply to Device.​

Configure the Wireless Policy Profile​

  1. Go to Configuration > Tags & Profiles > Policy.​
  2. Select the required Wireless Policy Profile or click Add to create a new one.​
  3. In the Advanced tab, set the Accounting List to the AAA Accounting Method List containing the Hotspot Connector.​
  4. Apply the new settings to the device.​
  1. Fill in EFT Form or contact carrieroffload-eft@cisco.com to join our EFT program for Carrier Offload.
  2. To set up DNA Spaces SDK, visit our setup guide for step-by-step instructions: https://dnaspaces.cisco.com/setupguide/feature-spaces-sdk/#prerequisites

Please complete the following pre-requisites for Configuring Meraki OpenRoaming

  • Have an account provisioned on the Cisco DNA Spaces platform. If you don’t have an active account, please email dnaspaces@cisco.com
  • Create user account – Accept invitation from Cisco DNA Spaces & setup password
  • It is recommended that you create a DNA Spaces services account for the connection to DNA Spaces via API
  • To configure the Wireless Setup in DNA Spaces Dashboard, follow the below steps:
    • Login to DNA Spaces Dashboard https://dnaspaces.io/
    • Go to Setup > Wireless Networks
    • On Connect your wireless network, click “Connect” under Connect your Meraki
    • Click Import Organization Using API
      • a. Login to your Meraki dashboard, click on the logged-in account name (top-right), and click My profile. Scroll down to the API Access section. Click Generate to generate an API Key.
    • Back in DNA Spaces Dashboard enter your Meraki API key in the API Key textbox.
    • Click Connect
    • Select your Organization and click on Add to import it in Cisco DNA Spaces
    • On the Location Hierarchy page, expand the More Actions menu
    • Click Add Network to view the Add Network window
    • Select your Network and click Add to import it into Cisco DNA Spaces
  • To configure OpenRoaming in Cisco Meraki, follow the below steps:
    • Click on the OpenRoaming tile in DNA Spaces UI
    • Create an OpenRoaming profile with the required configuration
    • Follow the steps shown by the DNA Spaces UI to create an OpenRoaming profile
    • Select the SSID which needs to be configured for OpenRoaming. If you want to create a new SSID then enter the name of the SSID and DNA Spaces will create and configure the SSID for OpenRoaming
    • After following all the steps an OpenRoaming profile will be created by DNAS Spaces. Activate this profile on the required Dashboard network

If all the steps are followed correctly the status of OpenRoaming will change to Active and Cisco Meraki APs will start broadcasting the configured SSID for OpenRoaming.

For a detailed step by step process of configuring refer to DNA Spaces OpenRoaming configuration document at https://www.cisco.com/c/en/us/td/docs/wireless/cisco-dna-spaces/open-roaming/b-dnas-or-cg/m-config-or.html

Please take a moment to check if you’re able to successfully setup the app. Click on ‘yes’ to indicate it’s working. And on ‘Not yet’ if you need any assistance.​