IEEE 802.11u-2011 is an amendment to the IEEE 802.11-2007 standard to add features that improve interworking with external networks.

802.11 is a family of IEEE technical standards for mobile communication devices such as laptop computers or multi-mode phones to join a wireless local area network (WLAN) widely used in the home, public hotspots and commercial establishments.

The IEEE 802.11u standard was published on February 25, 2011.

Some amendments added to IEEE 802.11

Network discovery and selection

  1. Provides for the discovery of suitable networks (preassociation) through the advertisement of access network type {private network, free public network, for-fee public network}, roaming consortium, and venue information.
  2. Generic Advertisement Service (GAS), which provides for Layer 2 transport of an advertisement protocol's frames between a mobile device and a server in the network prior to authentication. The access point is responsible for the relay of a mobile device's query to a server in the carrier's network and for delivering the server's response back to the mobile.
  3. Provides Access Network Query Protocol (ANQP), which is a query and response protocol used by a mobile device to discover a range of information, including the hotspot operator's domain name (a globally unique, machine-searchable data element); roaming partners accessible via the hotspot along with their credential type and EAP method supported for authentication; IP address type availability (for example, IPv4, IPv6); and other metadata useful in a mobile device's network selection process.

QoS map distribution

This provides a mapping between the IP's differentiated services code point (DSCP) to over-the-air Layer 2 priority on a per-device basis, facilitating end-to-end QoS.

For users who are not pre-authorized

IEEE 802.11 currently makes an assumption that a user's device is pre-authorized to use the network. IEEE 802.11u covers the cases where that device is not pre-authorized. A network will be able to allow access based on the user's relationship with an external network (e.g. hotspot roaming agreements), or indicate that online enrollment is possible, or allow access to a strictly limited set of services such as emergency services (client to authority and authority to client.)

From a user perspective, the aim is to improve the experience of a traveling user who turns on a laptop in a hotel many miles from home, or uses a mobile device to place a phone call. Instead of being presented with a long list of largely meaningless SSIDs the user could be presented with a list of networks, the services they provide, and the conditions under which the user could access them. 802.11u is central to the adoption of UMA and other approaches to network mobile devices.

Encourages mesh deployment

Because a relatively sophisticated set of conditions can be presented, arbitrary contracts could be presented to the user, and might include providing information on motive, demographics or geographic origin of the user. As such data is valuable to tourism promotion and other public functions, 802.11u is thought to motivate more extensive deployment of IEEE 802.11s mesh networks.[citation needed]

Mobile cellular network off-load to Wi-Fi

Mobile users, whose devices can move between 3G and Wi-Fi networks at a low level using 802.21 handoff, also need a unified and reliable way to authorize their access to all of those networks. 802.11u provides a common abstraction that all networks regardless of protocol can use to provide a common authentication experience.

Mandatory requirements

The IEEE 802.11u requirements specification contains requirements in the areas of enrollment, network selection, emergency call support, emergency alert notification, user traffic segmentation, and service advertisement.


Hotspot 2.0

The Wi-Fi Alliance uses IEEE 802.11u in its "Wi-Fi Certified Passpoint" program, also known as "Hotspot 2.0".[1] Apple devices running iOS 7 support Hotspot 2.0.[2][3]


There have been proposals to use IEEE 802.11u for access points to signal that they allow EAP-TLS using only server-side authentication.[4] Unlike most TLS implementations of HTTPS, such as major web browsers, the majority of implementations of EAP-TLS require client-side X.509 certificates without giving the option to disable the requirement, even though the standard does not mandate their use, which some have identified as having the potential to dramatically reduce adoption of EAP-TLS and prevent "open" but encrypted access points.[5][6]

See also


  1. ^ Parrish, Kevin (23 February 2012). "Wi-Fi Passpoint Standard Will End Hotspot Sign-Ons". Tom's Guide. IDG News Service.
  2. ^ Brodkin, Jon (11 June 2013). "iOS 7 will hop from one Wi-Fi hotspot to another, no password needed". Ars Technica.
  3. ^ Tofel, Kevin C. (11 June 2013). "Apple iOS 7 supports Wi-Fi Hotspot 2.0 for next-gen network roaming". GigaOm.
  4. ^ Byrd, Christopher (1 November 2011). "Open Secure Wireless 2.0". Retrieved 2017-05-04.
  5. ^ Byrd, Christopher (5 May 2010). "Open Secure Wireless" (PDF). Retrieved 2017-05-04.
  6. ^ RFC 5216: The EAP-TLS Authentication Protocol, Internet Engineering Task Force, March 2008, The certificate_request message is included when the server desires the peer to authenticate itself via public key. While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means.