Using this table you manage the profile lists for the NAI realms. With these lists you have the ability to group certain ANQP elements. These include the realms of the hotspot operator and its roaming partners, as well as the associated authentication methods and parameters. Stations use the information stored in this list to determine whether they have the hotspot operator or one of its roaming partners have valid credentials.
- Name
- Assign a name for the NAI realm profile, such as the name of the service provider or service to which the NAI realm belongs. This name will appear later in the ANQP profile in the selection for NAI realm list.
- NAI realm
- Enter the realm for the Wi‑Fi network. The identification of the NAI realm consists of the username and a domain, which can be extended using regular expressions. The syntax for an NAI realm is defined in RFC 2486 and, in the simplest case, is <username>@<realm>. For user746@providerX.org, the corresponding realm is providerX.org.
- EAP-Method
- Select a language for the NAI realm from the list. EAP stands for the authentication profile (Extensible Authentication Protocol), followed by the corresponding authentication method Possible values are:
- EAP-TLS
- Authentication using Transport Layer Security (TLS). Select this setting when authentication via the relevant NAI realm is performed by a digital certificate that the user has to install.
- EAP-SIM
- Authentication via the Subscriber Identity Module (SIM). Select this setting when authentication via the relevant NAI realm is performed by the GSM Subscriber Identity Module (SIM card) of the station.
- EAP-TTLS
- Authentication via Tunneled Transport Layer Security (TTLS). Select this setting when authentication via the relevant NAI real is performed using a username and password. For security reasons, the connection is tunneled for this method.
- EAP-AKA
- Authentication using Authentication and Key Agreement (AKA). Select this setting when authentication via the relevant NAI realm is performed by the UMTS Subscriber Identity Module (USIM card) of the station.
- None
- Select this setting when the relevant NAI realm does not require authentication.
- Authentication parameters
- Click the authentication parameters that match the EAP method, e.g. for EAP-TTLS
NonEAPAuth.MSCHAPV2,Credential.UserPass
or for EAP-TLS Credentials.Certificate.
Possible values are:
Table 1. Overview of possible authentication parameters Parameter Sub-Parameter Comment NonEAPAuth Identifies the protocol that the realm requires for phase 2 authentication: PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol, original CHAP implementation, specified in RFC 1994 MSCHAP Implementation of Microsoft CHAP V1, specified in RFC 2433 MSCHAPV2 Implementation of Microsoft CHAP V2, specified in RFC 2759 Credentials Describes the type of authentication that the realm accepts: SIM SIM card USIM USIM card NFCSecure NFC chip HWToken* Hardware token SoftToken* Software token Certificate Digital certificate UserPass Username and password None No credentials required TunnelEAPCredentials.* SIM* SIM card USIM* USIM card NFCSecure* NFC chip HWToken* Hardware token SoftToken* Software token Certificate* Digital certificate UserPass* Username and password Anonymous* Anonymous login
