OpenRoaming integration with Cisco Spaces
Introduction
Mobile device users across the globe wish to stay constantly connected to the Internet across locations and geographies. Be it when entering an airport, coffee shop, a retail store, hotel, workspaces, or any other location, users wish to be connected to the Internet all the time, quickly, and without tedious onboarding processes. Today this is difficult due to the availability of multiple SSIDs that display poorly designed captive portals, the risks of connecting to a rogue SSID, or entering an insecure shared username and password combination to access the Internet. These annoyances often force users to stay on cellular networks and use up precious data and sometimes having no coverage at all. OpenRoaming provides a solution to these issues.
OpenRoaming provides mobile users with a hassle-free, friction-less, guest Wi-Fi onboarding experience by linking together Access Providers (such as public venues, retailers, airports, and large enterprises) with Identity Providers (such as service provider carriers, devices, and cloud providers). OpenRoaming enables users to get connected online automatically and seamlessly after signing in just once using a trusted identity provider. The service is completely secure and fast, and mobile users need not have to guess which Wi-Fi network to use or use tedious captive portal onboarding processes repeatedly. Mobile users will automatically and seamlessly get connected to the Internet wherever they go, thereby allowing them to download, stream, video chat, play online games, and access the Internet whenever and wherever they are.
By leveraging the power of the Hotspot 2.0 technology and the global, unprecedented reach of Cisco’s network, OpenRoaming will allow any on-premise visitor/customer to seamlessly and securely get connected to the Internet and roam freely across 4G/5G and Wi-Fi 6 networks. The OpenRoaming Federation consists of Identity Providers such as Service Providers (leveraging your SIM card), device and cloud providers (such as Google and Apple ID), and Internet Wi-Fi providers. Access Providers such as retailers, hotels, and large venues to enable customers to automatically and seamlessly get connected to the Internet. This Wi-Fi connection is secured using industry-standard Wi-Fi Protected Access 2 (WPA2) protocols and encrypted authentication. Every network that users connect to will provide a seamless and secure experience, with a verified quality of experience, to help ensure that they are receiving the best and the most trusted Internet connectivity possible.
For example: If you run a retail or other public-access location, you will have the ability to accelerate your guest Wi-Fi attach rate at the click of a button. The amount of data you can gather about how people use your physical spaces can be leveraged with Cisco Spaces to help you better understand and identify your consumers’ behavior patterns, thereby creating an improved experience at your store and at the same time driving your business outcomes. Your customers will appreciate the better experience and you will be able to better engage with them.
Key Benefits
There are several benefits that businesses can gain from leveraging OpenRoaming.
-
Simplify Wi-Fi guest access for your customers on-site
-
Significantly increase your Wi-Fi attach rate on site
-
Increased security for Wi-Fi guest access
-
Provide a better user experience in your venue, by providing seamless connectivity to Wi-Fi and seamless roaming between Wi-Fi and LTE / 5G
-
Take back ownership of your customers’ data through Wi-Fi, and get more valuable analytics
-
Better engage with your customers through Wi-Fi, Cisco Spaces, and your loyalty app
-
Offload traffic from cellular to Wi-Fi, reducing operational expenses.
Pre-requisites for Configuring Meraki OpenRoaming
-
Ensure you have an active Cisco Spaces account.
-
Complete your Wireless Network Setup in the Cisco Spaces Dashboard.
-
Wireless network in Dashboard needs to be configured for firmware version 28.5 or above. This is the minimum firmware requirement for the feature to work.
Some MRs cannot support 28.x firmware version, OpenRoaming will not be supported for such networks. Please ensure that all APs in the network can run 28.5 or higher firmware version before configuring OpenRoaming.
Only Wi-Fi 5 wave 2, Wi-Fi 6 and Wi-Fi 6E APs support OpenRoaming feature.
Some clients might refuse to connect to SSIDs using OpenRoaming when configured with weak encryption methods (e.g., WPA1 or 'WPA1 and WPA2'). Please ensure the SSIDs are configured with strong encryption, such as 'WPA2 Only' or 'WPA3', under Wireless > Configure > Access Control, in the 'WPA encryption' section.
Configure Spaces Wireless Network Setup
It is recommended that you create a Spaces services account for the connection to Spaces via API.
To configure the Wireless Setup in Spaces Dashboard, follow the below steps:
-
Login to Spaces Dashboard https://dnaspaces.io/
-
Go to Setup → Wireless Networks.
-
On the Connect your wireless network, click “Connect” under Connect your Meraki.
-
Click Import Organization Using API.
-
Login to your Meraki dashboard, click on the logged-in account name (top-right), and click My profile. Scroll down to the API Access section. Click Generate to generate an API Key.
-
-
Back in Spaces Dashboard enter your Meraki API key in the API Key textbox.
-
Click Connect
-
Select your Organization and click on Add to import it in Cisco Spaces.
-
On the Location Hierarchy page, expand the More Actions menu.
-
Click Add Network to view the Add Network window.
-
Select your Network and click Add to import it into Cisco Spaces
Configure OpenRoaming SSID in Meraki Dashboard
To configure OpenRoaming in Cisco Meraki, follow the below steps:
1. Click on the OpenRoaming title in Spaces UI
2. Create an OpenRoaming profile with the required configuration.
3. Follow the steps shown by the Spaces UI to create an OpenRoaming profile.
3. Select the SSID which needs to be configured for OpenRoaming. If you want to create a new SSID then enter the name of the SSID and Spaces will create and configure the SSID for OpenRoaming.
5. After following all the steps an OpenRoaming profile will be created by DNAS Spaces. Activate this profile on the required Dashboard network.
If all the steps are followed correctly the status of OpenRoaming will change to Active and Cisco Meraki APs will start broadcasting the configured SSID for OpenRoaming.
For a detailed step by step process of configuring refer to Spaces OpenRoaming configuration document.
Note: Only one OpenRoaming SSID can be created on a per network level.
Client Examples
Android 11
Android 11 recognizes the OpenRoaming spec and if the device has multiple accounts, it will prompt you to select which one you want to use.
Successful client connection in dashboard:
Basic Troubleshooting
Client device is not connecting
Possible cause |
Next step |
OpenRoaming app is not installed |
The user needs to download the OpenRoaming app and sign in |
The client device is not signed into the OpenRoaming app |
Users who wish to connect to an OpenRoaming SSID need to sign into the app |
The user profile is not accepted |
Administrators need to check their Spaces settings to ensure the chosen client device is allowed |
The device is already connected to a known SSID |
Users need to manually choose the OpenRoaming SSID |
User is prompted for credentials
If a device is prompted for credentials, it's likely that:
- the SSID is misconfigured
- the OpenRoaming profile is not correctly configured on Spaces
Please check the OpenRoaming profile and, if necessary, recreate it.
Can't find OpenRoaming app in store
If the client device cannot find the app in the store, it's most likely because the device does not support Hotspot 2.0. Please as the customer to check the device specifications and if needed, upgrade its firmware.