Configuring RFC 5580 Location Attributes
Feature History for RFC 5580 Location Attributes
This table provides release and related information for the feature explained in this module. This feature is also available in all the releases subsequent to the one in which they are introduced in, unless noted otherwise.
| Release | Feature | Feature Information |
| Cisco IOS XE Cupertino 17.9.1 | Support for RFC 5580 Location Attributes in the Controller | This feature uses the RFC 5580 location attributes to convey location-related information for authentication and accounting exchanges. The controller supports the following RFC 5580-related attributes:
|
Information About RFC 5580 Location Attributes
The RFC 5580 location attributes convey location-related information for authentication and accounting exchanges. The location information is useful in several scenarios. Wireless networks are deployed in public places, such as shopping malls, airports, hotels, and coffee shops by a diverse set of operators, such as wireless internet service providers (WISPs), cellular network operators, and fixed broadband networks. In all these scenarios, the network may need to know the user location to enable location-aware authorization, billing, or services. To preserve user privacy, the location information must be protected against unauthorized access and distribution.
The RFC 5580 defines two types of location:
- User location: This location is more specific to users.
- NAS location: This is the common location to host all the users. For instance, suppose you configure user location at AP1, other users connecting to AP1 will also have the same user location. Now other users coming from AP2 will have a different user location. Thus, if AP1 and AP2 are connected to the controller, and you configure a NAS location, then users from AP1 and AP2 are connected to the same NAS location.
Location Profiles
You can define certain profiles in each location. Profile refers to the attributes used to define the location. Each location has two profiles, namely, Civic and Geo.
The following are the location profiles:
- Civic Profile: In this profile, the location is described in terms of attributes such as Country, State, City, Area, and Postal Code.
- Geo Profile: In this profile, the location is described in terms of attributes such as Latitude, Longitude, and Altitude.
For users with both user location and NAS location, you can set their location in both Civic and Geo profile formats. Such users have the following locations:
- Civic User location
- Civic NAS location
- Geo User location
- Geo NAS location
Each location information, for instance, the civic user location, is sent using the following attributes:
- Location-Information
- Location-Data
Supported RFC 5580-Related Attributes
- Location-Information
- Location-Data CIVIC Profile: Country
- Location-Data CIVIC Profile: CAtype 1 (State)
- Location-Data CIVIC Profile: CAtype 3 (City)
- Location-Data CIVIC Profile: CAtype 23 (Venue Name)
- Location-Data CIVIC Profile: CAtype 24 (Zip Code)
- Location-Data GEO Profile (Longitude, Latitude, and Altitude)
- Operator Name
Thus, a user can have four locations and one operator name.
To transfer location information, the Out-of-Band Agreement (Flow 1) delivery method mentioned in RFC 5580 is supported. This is applicable only if the feature is enabled and location information is configured.
Information About Location-Capable Attribute
Cisco IOS-XE Dublin 17.11.1 supports the Location-Capable feature attribute from RFC 5580. This attribute is sent only in the network access requests. To enable the Location-Capable attribute, configure the radius-server attribute wireless location delivery out-of-band include-location-capable command. This attribute informs the RADIUS server that this device can send location information.
The RFC5580 supports three flows or modes of location delivery. As per the RFC, the Location-Capable attribute should be sent in Flow-2, which is location delivery based on Initial-Request. The above-mentioned configuration enables sending this attribute in Flow-1, which is Location delivery based on Out-of-Band agreement as well.
When an authentication or authorization request is received, the Location-Capable feature attribute is added to the request along with other location attributes as per the configuration (explained in the other section). This is applicable only for wireless clients. The RADIUS server might use this information to provide network access.
Restriction for Configuring RFC 5580 Location Attributes
This feature is supported only for 802.1X users.
Configuring Location Delivery Based on Out-of-Band Agreement (CLI)
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | radius-server attribute wireless location delivery out-of-band Example: Device(config)# radius-server attribute wireless location delivery out-of-band | Configures RFC 5580 Out-of-Band location support. |
| Step 3 | end Example: Device(config)# end | Returns to privileged EXEC mode. |
Configuring Location-Capable Attribute (CLI)
Use the radius-server attribute wireless location delivery out-of-band command to enable the feature globally.
You can use the radius-server attribute wireless location delivery out-of-band include-location-capable command to include the location-capable attribute along with other location attributes.
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | radius-server attribute wireless location delivery out-of-band include-location-capable Example: Device(config)# radius-server attribute wireless location delivery out-of-band include-location-capable | Configures RFC 5580 out-of-band location attributes along with enabling the location-capable attribute to be part of the access request. |
| Step 3 | end Example: Device(config)# end | Returns to privileged EXEC mode. |
Creating Location Attributes
Configuring a Civic Profile (CLI)
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | location civic-location identifier civic_identifier Example: Device(config)# location civic-location identifier USER_C_1 | Configures the civic profile for User location. Here, civic_identifier refers to the civic location identifier string. It can take up to 215 characters. You can enter a total of 250 bytes to configure civic address attributes. Cisco reserves 50 bytes for internal information. Therefore, the remaining 200 bytes can be used for user-configured civic location. |
| Step 3 | country country_ID Example: Device(config-civic)# country IN | Sets the country ID. Note: Only two-letter ISO 3166 country codes are accepted. |
| Step 4 | city city_name Example: Device(config-civic)# city Bangalore | Sets the city name. |
| Step 5 | state state_name Example: Device(config-civic)# state Karnataka | Sets the state name. |
| Step 6 | postal-code postal_code Example: Device(config-civic)# postal-code 562016 | Sets the postal code. |
| Step 7 | name residence_name Example: Device(config-civic)# name Nivas | Sets the residence name. |
| Step 8 | end Example: Device(config-civic)# end | Returns to privileged EXEC mode. |
You can configure the following types of civic attributes and add them to the RADIUS requests:
- Country
- City
- State
- Postal Code
- Name
Configuring a Geo Profile (CLI)
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | location geo-location identifier geo_identifier Example: Device(config)# location geo-location identifier USER_G_1 | Configures a Geo profile for user location. Here, geo_identifier refers to the geographic location identifier string. It can take up to 215 characters. |
| Step 3 | latitude latitude_in_degrees resolution [resolution_value] Example: Device(config-geo)# latitude "34 12 15" | Sets the latitude information. The optional parameters are documented within square brackets. While configuring the latitude, you can specify the resolution, in meters. If you do not specify any resolution, a default value of 10 meters is used. |
| Step 4 | longitude longitude_in_degrees resolution resolution_value Example: Device(config-geo)# longitude "111 59 44" | Sets the longitude information. The optional parameters are documented within square brackets. While configuring the longitude, you can specify the resolution, in meters. If you do not specify any resolution, a default value of 10 meters is used. |
| Step 5 | altitude altitude_value {feet resolution resolution_value | floor | meters resolution resolution_value} Example: Device(config-geo)# altitude 10 meters resolution 10 | Configures the altitude for the geographic location. The optional parameters are documented within square brackets.
|
| Step 6 | resolution resolution_value Example: Device(config-geo)# resolution 30 | Specifies a single common resolution for latitude and longitude. |
| Step 7 | end Example: Device(config-geo)# end | Returns to privileged EXEC mode. |
Configuring an Operator Name (CLI)
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | location operator identifier identifier_name Example: Device(config)# location operator identifier USER_O_1 | Configures an operator name for the user location. Here, identifier_name supports strings up to 215 characters in length. |
| Step 3 | name operator-name Example: Device(config-operator)# name ACT | Configures the location operator name. Here, operator-name supports strings up to 248 characters in length. |
| Step 4 | namespace-id {E212 | ICC | REALM | TADIG} Example: Device(config-operator)# namespace-id ICC | Configures the namespace for a location. The following are the namespace options:
|
| Step 5 | end Example: Device(config-operator)# end | Returns to privileged EXEC mode. Note:
|
Associating Location Attributes
Associating Location Attributes with User Location (CLI)
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | ap location name location_name Example: Device(config)# ap location name OFFICE | Configures a location name for an AP. |
| Step 3 | ap-eth-mac AP_Ethernet_MAC Example: Device(config-ap-location)# ap-eth-mac 0a0b.0cf0.0001 | Adds the AP to the location. Here, AP_Ethernet_MAC refers to the AP Ethernet MAC address. |
| Step 4 | location civic-location-id identifier_name Example: Device(config-ap-location)# location civic-location-id USER_C_1 | Associates the civic location attribute with the user location. |
| Step 5 | location geo-location-id identifier_name Example: Device(config-ap-location)# location geo-location-id USER_G_1 | Associates the geographic location attribute with the user location. |
| Step 6 | location operator-id identifier_name Example: Device(config-ap-location)# location operator-id USER_O_1 | Associates the operator location attribute with the user location. |
| Step 7 | end Example: Device(config-ap-location)# end | Returns to privileged EXEC mode. |
Associating Location Attributes with the NAS Location (CLI)
| Procedure | Command or Action | Purpose |
| Step 1 | configure terminal Example: Device# configure terminal | Enters global configuration mode. |
| Step 2 | radius-server attribute wireless location civic-location-id identifier_name Example: Device(config)# radius-server attribute wireless location civic-location-id NAS_C_1 | Associates the civic location attribute with the NAS location. Here, identifier_name supports strings up to 215 characters in length. |
| Step 3 | radius-server attribute wireless location geo-location-id identifier_name Example: Device(config)# radius-server attribute wireless location geo-location-id NAS_G_1 | Associates the geographic location attribute with the NAS location. Here, identifier_name supports strings up to 215 characters in length. Enter a valid or existing identifier name. |
| Step 4 | radius-server attribute wireless location operator-id identifier_name Example: Device(config)# radius-server attribute wireless location operator-id NAS_0_1 | Associates the operator location attribute with the NAS location. |
| Step 5 | end Example: Device(config)# end | Returns to privileged EXEC mode. |
Verifying RFC 5580 Location Attribute Configuration
To verify the location attributes associated with a given location, use the following command:
Device# show ap location details AAA_locationOutput:
- Location Name: AAA location
- Location description:
- Policy tag: default-policy-tag
- Site tag: default-site-tag
- RF tag: default-rf-tag
- AAA Location Status: Enabled
- Civic Location Identifier: NAS C 1
- Geo Location Identifier: NAS G 1
- Operator Name Identifier: NAS O 1
Configured list of APs: 38ed.18ca.5a20
To verify the Cisco AP location, use the following command:
Device# show ap name AP38ED.18CA.5A20 config generalOutput:
- Cisco AP Name: AP38ED.18CA.5A20
- Cisco AP Identifier: 38ed.18cb.cf00
- Country Code: Multiple Countries
- Regulatory Domain Allowed by Country:
- AP Country Code: US
- AP Regulatory Domain:
- 802.11bg: -A
- 802.11a: -A
- MAC Address: 38ed.18ca.5a20
- IP Address Configuration: Static IP assigned
- IP Address: 9.4.172.111
- IP Netmask: 255.255.255.0
- Gateway IP Address: 9.4.172.1
- Fallback IP Address Being Used:
- Domain:
- Name Server:
- CAPWAP Path MTU: 1485
- Capwap Active Window Size: 1
- Telnet State: Disabled
- CPU Type: ARMv7 Processor rev 0 (v7l)
- Memory Type: DDR3
- Memory Size: 995328 KB
- SSH State: Disabled
- Cisco AP Location: AAA location
To verify the location attributes associated with a given MAC address, use the following command:
Device# show wireless client mac 0080.5222.545c detailOutput:
- Client MAC Address: 0080.5222.545c
- Client MAC Type: Universally Administered Address
- Client DUID: NA
- Client IPv4 Address:
- AP MAC Address: 38ed.18cb.cf00
- AP Name: AP38ED.18CA.5A20
- AP slot: 1
- Client State: Associated
Policy Profile: default-policy-profile
Flex Profile: N/A
Civic Location Identifier: NAS C 1
Geo Location Identifier: NAS G 1
Operator Name Identifier: NAS O 1
Note: You will be able to view this output only if the RFC 5580 feature is enabled.Verifying Civic, Geo, and Operator Location Details
To verify the Civic location details, use the following command:
Device# show location civic-location identifier TEST1Civic location information:
- Identifier: TEST1
- Name: home
- City: Morges
- State: Vaud
- Postal code: 1110
- Country: CH
To verify the Geo location details, use the following command:
Device# show location geo-location identifier TEST4Geo location information:
- Identifier: TEST4
- Latitude: 46.5112700
- Longitude: 6.4985400
- Altitude: 380 meters
- Resolution: 10
- Resolution: 100
To verify the Operator location details, use the following command:
Device# show location operator-location identifier myoperatorOperator location information:
- Operator Identifier: myoperator
- Operator Name: myoperator
- Operator Namespace: REALM
