Configuring RFC 5580 Location Attributes

Feature History for RFC 5580 Location Attributes

This table provides release and related information for the feature explained in this module.

This feature is also available in all the releases subsequent to the one in which they are introduced in, unless noted otherwise.

Table 1. Feature History for RFC 5580 Location Attributes

Release

Feature

Feature Information

Cisco IOS XE Cupertino 17.9.1

Support for RFC 5580 Location Attributes in the Controller

This feature uses the RFC 5580 location attributes to convey location-related information for authentication and accounting exchanges.

The controller supports the following RFC 5580-related attributes:

  • Location-Information

  • Location-Data CIVIC Profile: Country

  • Location-Data CIVIC Profile: CAtype 1 (State)

  • Location-Data CIVIC Profile: CAtype 3 (City)

  • Location-Data CIVIC Profile: CAtype 23 (Venue Name)

  • Location-Data CIVIC Profile: CAtype 24 (Zip Code)

  • Location-Data GEO Profile (Longitude, Latitude, and Altitude)

  • Operator Name

Information About RFC 5580 Location Attributes

The RFC 5580 location attributes convey location-related information for authentication and accounting exchanges.

The location information is useful in several scenarios. Wireless networks are deployed in public places, such as shopping malls, airports, hotels, and coffee shops by a diverse set of operators, such as wireless internet service providers (WISPs), cellular network operators, and fixed broadband networks. In all these scenarios, the network may need to know the user location to enable location-aware authorization, billing, or services.

To preserve user privacy, the location information must be protected against unauthorized access and distribution.

The RFC 5580 defines two types of location:

  • User location: This location is more specific to users.


    Note

    The user location is configured in AP.

  • NAS location: This is the common location to host all the users. For instance, suppose you configure user location at AP1, other users connecting to AP1 will also have the same user location. Now other users coming from AP2 will have a different user location. Thus, if AP1 and AP2 are connected to the controller, and you configure a NAS location, then users from AP1 and AP2 are connected to the same NAS location.


    Note

    The NAS location is configured in AAA.

You can define certain profiles in each location. Profile refers to the attributes used to define the location. Each location has two profiles, namely, Civic and Geo.

The following are the location profiles:

  • Civic Profile: In this profile, the location is described in terms of attributes such as Country, State, City, Area, and Postal Code.

  • Geo Profile: In this profile, the location is described in terms of attributes such as Latitude, Longitude, and Altitude.

For users with both user location and NAS location, you can set their location in both Civic and Geo profile formats. Such users have the following locations:

  • Civic User location

  • Civic NAS location

  • Geo User location

  • Geo NAS location

Each location information, for instance, the civic user location, is sent using the following attributes:

  • Location-Information

  • Location-Data

The controller supports the following RFC 5580-related attributes:

  • Location-Information

  • Location-Data CIVIC Profile: Country

  • Location-Data CIVIC Profile: CAtype 1 (State)

  • Location-Data CIVIC Profile: CAtype 3 (City)

  • Location-Data CIVIC Profile: CAtype 23 (Venue Name)

  • Location-Data CIVIC Profile: CAtype 24 (Zip Code)

  • Location-Data GEO Profile (Longitude, Latitude, and Altitude)

  • Operator Name

Thus, a user can have four locations and one operator name.

To transfer location information, the Out-of-Band Agreement (Flow 1) delivery method mentioned in RFC 5580 is supported.

This is applicable only if the feature is enabled and location information is configured.

Information About Location-Capable Attribute

Cisco IOS-XE Dublin 17.11.1 supports the Location-Capable feature attribute from RFC 5580. This attribute is sent only in the network access requests. To enable the Location-Capable attribute, configure the radius-server attribute wireless location delivery out-of-band include-location-capable command. This attribute informs the RADIUS server that this device can send location information.

The RFC5580 supports three flows or modes of location delivery. As per the RFC, the Location-Capable attribute should be sent in Flow-2, which is location delivery based on Initial-Request. The above-mentioned configuration enables sending this attribute in Flow-1, which is Location delivery based on Out-of-Band agreement as well.

When an authentication or authorization request is received, the Location-Capable feature attribute is added to the request along with other location attributes as per the configuration (explained in the other section). This is applicable only for wireless clients. The RADIUS server might use this information to provide network access.

Restriction for Configuring RFC 5580 Location Attributes

This feature is supported only for 802.1X users.

Configuring Location Delivery Based on Out-of-Band Agreement (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

radius-server attribute wireless location delivery out-of-band

Example:

Device(config)# radius-server attribute wireless location delivery out-of-band

Configures RFC 5580 Out-of-Band location support.

Step 3

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Configuring Location-Capable Attribute (CLI)

Use the radius-server attribute wireless location delivery out-of-band command to enable the feature globally.

You can use the radius-server attribute wireless location delivery out-of-band include-location-capable command to include the location-capable attribute along with other location attributes.

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

radius-server attribute wireless location delivery out-of-band include-location-capable

Example:

Device(config)# radius-server attribute wireless location delivery out-of-band include-location-capable

Configures RFC 5580 out-of-band location attributes along with enabling the location-capable attribute to be part of the access request.

Step 3

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Creating Location Attributes

Configuring a Civic Profile (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

location civic-location identifier civic_identifier

Example:

Device(config)# location civic-location identifier USER_C_1

Configures the civic profile for User location.

Here, civic_identifier refers to the civic location identifier string. It can take up to 215 characters. You can enter a total of 250 bytes to configure civic address attributes. Cisco reserves 50 bytes for internal information. Therefore, the remaining 200 bytes can be used for user-configured civic location.

Note

 

You can configure the following types of civic attributes and add them to the RADIUS requests:

  • Country

  • City

  • State

  • Postal Code

  • Name

Step 3

country country_ID

Example:

Device(config-civic)# country IN

Sets the country ID.

Note

 

Only two-letter ISO 3166 country codes are accepted.

Step 4

city city_name

Example:

Device(config-civic)# city Bangalore

Sets the city name.

Step 5

state state_name

Example:

Device(config-civic)# state Karnataka

Sets the state name.

Step 6

postal-code postal_code

Example:

Device(config-civic)# postal-code 562016

Sets the postal code.

Step 7

name residence_name

Example:

Device(config-civic)# name Nivas

Sets the residence name.

Step 8

end

Example:

Device(config-civic)# end

Returns to privileged EXEC mode.

Configuring a Geo Profile (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

location geo-location identifier geo_identifier

Example:

Device(config)# location geo-location identifier USER_G_1

Configures a Geo profile for user location.

Here, geo_identifier refers to the geographic location identifier string. It can take up to 215 characters.

Step 3

latitude latitude_in_degrees resolution [resolution_value]

Example:

Device(config-geo)# latitude "34 12 15"

Sets the latitude information. The optional parameters are documented within square brackets.

While configuring the latitude, you can specify the resolution, in meters. If you do not specify any resolution, a default value of 10 meters is used.

Step 4

longitude longitude_in_degrees resolution resolution_value

Example:

Device(config-geo)# longitude "111 59 44"

Sets the longitude information. The optional parameters are documented within square brackets.

While configuring the longitude, you can specify the resolution, in meters. If you do not specify any resolution, a default value of 10 meters is used.

Step 5

altitude altitude_value {feet resolution resolution_value | floor | meters resolution resolution_value}

Example:

Device(config-geo)# altitude 10 meters resolution 10

Configures the altitude for the geographic location. The optional parameters are documented within square brackets.

  • altitude_value : Refers to the altitude, in feet, floors, or meters.

  • resolution_value : Refers to the resolution, in feet or meters.

    Note

     

    Both the altitude and the altitude resolution must be in the same unit.

Step 6

resolution resolution_value

Example:

Device(config-geo)# resolution 30

Specifies a single common resolution for latitude and longitude.

Step 7

end

Example:

Device(config-geo)# end

Returns to privileged EXEC mode.

Configuring an Operator Name (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

location operator identifier identifier_name

Example:

Device(config)# location operator identifier USER_O_1

Configures an operator name for the user location.

Here, identifier_name supports strings up to 215 characters in length.

Step 3

name operator-name

Example:

Device(config-operator)# name ACT

Configures the location operator name.

Here, operator-name supports strings up to 248 characters in length.

Step 4

namespace-id {E212 | ICC | REALM | TADIG}

Example:

Device(config-operator)# namespace-id ICC

Configures the namespace for a location.

The following are the namespace options:

  • E212 : Refers to the Mobile Country Code (MCC) and Mobile Network Code (MNC).

  • ICC : Refers to the International Telecommunication Union Carrier Codes (ICC).

  • REALM : Refers to any registered domain name.

  • TADIG : Refers to the Transferred Account Data Interchange Group (TADIG) code.

Note

 

  • If you have not configured any namespace, REALM is used as the default value.

  • The operator name can be associated with both NAS-Location and USER-Location. When an operator name is configured at both the locations, the operator name that is configured in USER-Location takes precedence.

Step 5

end

Example:

Device(config-operator)# end

Returns to privileged EXEC mode.

Associating Location Attributes with User Location (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

ap location name location_name

Example:

Device(config)# ap location name OFFICE

Configures a location name for an AP.

Step 3

ap-eth-mac AP_Ethernet_MAC

Example:

Device(config-ap-location)# ap-eth-mac 0a0b.0cf0.0001

Adds the AP to the location.

Here, AP_Ethernet_MAC refers to the AP Ethernet MAC address.

Step 4

location civic-location-id identifier_name

Example:

Device(config-ap-location)# location civic-location-id USER_C_1

Associates the civic location attribute with the user location.

Step 5

location geo-location-id identifier_name

Example:

Device(config-ap-location)# location geo-location-id USER_G_1

Associates the geographic location attribute with the user location.

Step 6

location operator-id identifier_name

Example:

Device(config-ap-location)# location operator-id USER_O_1

Associates the operator location attribute with the user location.

Step 7

end

Example:

Device(config-ap-location)# end

Returns to privileged EXEC mode.

Associating Location Attributes with the NAS Location (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

radius-server attribute wireless location civic-location-id identifier_name

Example:

Device(config)# radius-server attribute wireless location civic-location-id NAS_C_1

Associates the civic location attribute with the NAS location.

Here, identifier_name supports strings up to 215 characters in length.

Step 3

radius-server attribute wireless location geo-location-id identifier_name

Example:

Device(config)# radius-server attribute wireless location geo-location-id NAS_G_1

Associates the geographic location attribute with the NAS location.

Here, identifier_name supports strings up to 215 characters in length. Enter a valid or existing identifier name.

Step 4

radius-server attribute wireless location operator-id identifier_name

Example:

Device(config)# radius-server attribute wireless location operator-id NAS_0_1

Associates the operator location attribute with the NAS location.

Step 5

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Verifying RFC 5580 Location Attribute Configuration

To verify the location attributes associated with a given location, use the following command:

Device# show ap location details AAA_location
Location Name......................: AAA_location
Location description...............:
Policy tag.........................: default-policy-tag
Site tag...........................: default-site-tag
RF tag.............................: default-rf-tag
AAA Location Status ...............: Enabled
Civic Location Identifier : NAS_C_1
Geo Location Identifier   : NAS_G_1
Operator Name Identifier  : NAS_O_1

Configured list of APs
38ed.18ca.5a20

To verify the Cisco AP location, use the following command:

Device# show ap name AP38ED.18CA.5A20 config general
Cisco AP Name   : AP38ED.18CA.5A20
=================================================

Cisco AP Identifier                             : 38ed.18cb.cf00
Country Code                                    : Multiple Countries :
Regulatory Domain Allowed by Country            : 802.11bg:   802.11a:   802.11 6GHz:
AP Country Code                                 : US  -
AP Regulatory Domain
  802.11bg                                      : -A
  802.11a                                       : -A
MAC Address                                     : 38ed.18ca.5a20
IP Address Configuration                        : Static IP assigned
IP Address                                      : 9.4.172.111
IP Netmask                                      : 255.255.255.0
Gateway IP Address                              : 9.4.172.1
Fallback IP Address Being Used                  : 
Domain                                          :
Name Server                                     :
CAPWAP Path MTU                                 : 1485
Capwap Active Window Size                       : 1
Telnet State                                    : Disabled
CPU Type                                        :  ARMv7 Processor rev 0 (v7l)
Memory Type                                     : DDR3
Memory Size                                     : 995328 KB
SSH State                                       : Disabled
Cisco AP Location                               : AAA_location
-
-
-

To verify the location attributes associated with a given MAC address, use the following command:

Device# show wireless client mac 0080.5222.545c detail

Client MAC Address : 0080.5222.545c
Client MAC Type : Universally Administered Address
Client DUID: NA
Client IPv4 Address :
AP MAC Address : 38ed.18cb.cf00
AP Name: AP38ED.18CA.5A20
AP slot : 1
Client State : Associated
Policy Profile : default-policy-profile
Flex Profile : N/A
…
Civic Location Identifier : NAS_C_1
Geo Location Identifier   : NAS_G_1
Operator Name Identifier  : NAS_O_1

Note

You will be able to view this output only if the RFC 5580 feature is enabled.

To verify the Civic location details, use the following command:

Device# show location civic-location identifier TEST1
Civic location information
--------------------------
Identifier              : TEST1
Name                    : home
City                    : Morges
State                   : Vaud
Postal code             : 1110
Country                 : CH

To verify the Geo location details, use the following command:

Device# show location geo-location identifier TEST4
Geo location information
------------------------
Identifier  : TEST4
Latitude    : 46.5112700           
Longitude   : 6.4985400            
Altitude    : 380 meters           Resolution : 10
Resolution  : 100

To verify the Operator location details, use the following command:

Device# show location operator-location identifier myoperator
Operator location information
------------------------
Operator Identifier     : myoperator
Operator Name           : myoperator
Operator Namespace      : REALM
------------------------