The Beacon

Aruba Air Pass: The bridge from Wi-Fi 6 to 5G

March 11, 2020 by Stuart Strickland

This content was originally published on the Aruba Networks blog.

Aruba Air Pass brings seamless cellular roaming to private enterprise networks with pre-negotiated operator agreements and a globally-accessible, secure authentication hub.

This week, we announce Aruba Air Pass, a new service to automatically and securely authenticate guests with public cellular network credentials on private enterprise Wi-Fi networks. Built on the technical foundations of Passpoint® and Wi-Fi Calling, Aruba Air Pass creates a roaming network across the Aruba enterprise customer footprint, extending cellular coverage and enhancing visitor and subscriber experience. With Aruba Air Pass, subscribers of any participating mobile network will enjoy seamless and secure guest access to Wi-Fi networks in all participating enterprise venues.

Aruba Air Pass marks an end to indoor cellular coverage gaps, an end to insecure open guest networks, and an end to the friction and hassle of manually hunting for Wi-Fi networks and jumping through the hoops of captive portals. But it also marks the beginning of a new kind of relationship between private enterprises and mobile network operators. Transforming this relationship is both an essential near-term aspect of Aruba Air Pass and foundational to its long-term strategic objectives.

Unlocking the full potential of Passpoint and Wi-Fi Calling

As technologies, Passpoint and Wi-Fi Calling have both been around for a long time and enjoy widespread support among mobile network operators. Wi-Fi Calling is mechanism for placing and receiving cellular calls and text messages over a Wi-Fi internet connection. It is widely supported by over 150 mobile network operators in 47 countries worldwide and is well-established as an effective mechanism for filling cellular coverage gaps indoors.[i] In fact, Wi-Fi Calling works so well that its adoption virtually eliminated the market for in-home femtocells. But Wi-Fi Calling depends upon first finding and getting onto a Wi-Fi network. That’s where Passpoint comes in.

Passpoint is a certification program of the Wi-Fi Alliance and the foundation of the Wireless Broadband Alliance’s Next Generation Hotspot interoperability initiative. Mobile phones with operator-issued Passpoint profiles are constantly on the lookout for Passpoint-capable Wi-Fi networks. Passpoint® is supported by major North American operators, a growing number of operators globally, and all major mobile handset manufacturers. Aruba infrastructure equipment has long been Passpoint certified. However, while the individual components have reached a critical mass, the absence of scalable mechanisms to create and manage complex roaming relationships and to convey authentication information among the many thousands of individual enterprise venues and scores of relevant mobile network operators has hindered support for Passpoint in private enterprise networks.


Aruba Air Pass Network Architecture

Aruba Air Pass leverages the Passpoint profiles and cellular credentials already pre-installed or pushed by mobile network operators, the Wi-Fi CERTIFIED Passpoint infrastructure equipment already installed in Aruba’s enterprise customer venues, and an existing ecosystem for inter-operator authentication. To this, Aruba Air Pass adds a globally-accessible, secure authentication hub to aggregate and scalably manage control-plane signaling between participating venues and mobile operator partners, design guides for Aruba customer deployments to ensure adequate local resource provisioning and a positive guest experience, and pre-negotiated roaming agreements with mobile operators. Because Aruba Air Pass opens a communication link between the mobile operator and the local enterprise network, it can also overcome a major gap in Wi-Fi Calling by giving operators visibility of the location and quality of the local network connections, allowing them to make more intelligent, closed-loop decisions when handing over between cellular and Wi-Fi coverage areas.

The value of Aruba Air Pass to enterprises and mobile network operators

Aruba Air Pass develops a mutually beneficial model for the relationships between enterprises and mobile operators. To the enterprise, Aruba Air Pass provides a hassle-free, cost-effective, neutral host resolution of indoor cellular coverage gaps. It fully leverages existing investments in Wi-Fi infrastructure to enable consistent guest experiences across multiple sites while also improving analytics by increasing the proportion of visitors associated with the local network. Aruba Air Pass further provides the enterprise with a framework for authentication of non-cellular credentials, enabling integration of network access with customer loyalty programs and cross-authentication among strategic partners.

For mobile network operators, Aruba Air Pass provides access to Aruba’s substantial global footprint of commercial real estate, spanning corporate enterprise, retail, hospitality, health care, education, and large public venues. Aruba Air Pass represents a cost-effective alternative to DAS domestically and to international roaming fees abroad. By curating a portfolio of high-quality managed enterprise networks, Aruba Air Pass delivers reliable subscriber experience with additional insights into local network resources and Wi-Fi neighbor cell information to improve the quality, continuity, and consistency of subscriber experience across cellular and Wi-Fi networks.

Aruba Air Pass builds a bridge from Wi-Fi 6 to 5G networks and services

Earlier in this series, I described how enterprise Wi-Fi is poised to become the on-ramp to 5G networks and services. Within 3GPP, the standards organization responsible for defining 5G, interfaces have been developed to deliver 5G services over Wi-Fi in a manner roughly analogous to Wi-Fi Calling. However, just as Wi-Fi Calling takes for granted that a subscriber has already found a suitable Wi-Fi network, the 5G standards are silent on how a mobile device should discover and authenticate itself on a Wi-Fi network. Aruba Air Pass closes this gap while also opening up a channel of communication between the mobile operator’s 5G network and the local, privately-managed enterprise Wi-Fi network. Through this channel, Aruba Air Pass can provide the mobile operator with visibility of quality of service and subscriber activity. In conjunction with Air Slice, a feature of Aruba’s Wi-Fi 6 offerings, an enterprise may even offer mobile operators a dedicated slice of its local network resources, with guaranteed minimum bit rates and deterministic latency. Aruba Air Pass thus puts privately-managed enterprise Wi-Fi networks in a position to serve as full-fledged roaming partners to 5G networks and enables mobile operators, in turn, to rely upon on these high-quality enterprise Wi-Fi networks as a cost-effective extension of their own 5G coverage.


The statements and opinions by each Wi-Fi Alliance member and those providing comments are theirs alone, and do not reflect the opinions or views of Wi-Fi Alliance or any other member. Wi-Fi Alliance is not responsible for the accuracy of any of the information provided by any member in posting to or commenting on this blog. Concerns should be directed to

Add new comment

We ask for your email only for internal use should we need/want to reach out to you.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • A day without Wi-Fi
  • FCC remarks from Ajit Pai, Chairman
  • What Wi-Fi trends are expected in 2020?
  • Wi-Fi 6 at CES 2019
  • Wi-Fi Aware™: Discover the world nearby
  • Wi-Fi CERTIFIED Passpoint™: Seamless, secure, easy-to-use Wi-Fi® hotspots
Wi-Fi Alliance News
Media Coverage
Wi-Fi 6E kommt: Mehr Platz im WLAN dank 6 Gigahertz
New Tech and Wi-Fi 6 Tools Aim to Make High-Speed Internet More Accessible
Extreme’s New Normal Looks Like Unlimited Cloud Data, Wi-Fi 6
Download Additional Resources
Frequently Asked Questions
  • How does Passpoint support service provider branding and customer relationships?

    Passpoint enabled mobile devices can choose networks based on a list of preferred (direct or partner) providers, specific services and/or the best performance characteristics. For service providers offering a managed experience, seamless authentication is a valuable element, and Passpoint networks also support deployments where a click-through screen is essential for acceptance of terms and conditions or branding.

  • How does Passpoint equipment support Wi-Fi roaming?

    Passpoint devices use industry-agreed uniform mechanisms for discovering and creating secured connections to hotspots. This allows a subscriber to experience seamless Wi-Fi connectivity to a hotspot anywhere in the world a user’s provider has roaming agreements. Passpoint is specified as a requirement for the Wireless Broadband Alliance’s industry work on Wi-Fi roaming.

  • What standards does Passpoint draw on?

    Passpoint is based on Hotspot 2.0 technology and makes use of elements of IEEE 802.1X, 802.11u, 802.11i, WPA2-Enterprise and WPA3™-Enterprise security, as well as some Wi-Fi Alliance defined mechanisms.

  • Who created the Passpoint program?

    Members of Wi-Fi Alliance created the program. The group which developed Passpoint includes service providers, mobile operators, fixed line operators, and makers of mobile devices and infrastructure equipment.

  • What does Passpoint mean for end users?

    In short, Passpoint provides a better Wi-Fi user experience while mobile. Users with certified Passpoint devices can enjoy the benefits of streamlined network selection and secure connectivity at Passpoint enabled hotspots. Passpoint-enabled devices operate based on user preference.

  • What does Passpoint bring to hospitality?

    Hospitality chains may own many brands but a single consolidated rewards program. Without Passpoint, either the rewards program SSID needs to be added at every hotel or users’ phones must be configured with several SSIDs. Passpoint can function with a single profile that identifies the rewards program instead of a hotel SSID. When a user visits an associated property, their device will automatically identify the access point and connect.

  • Can existing equipment be upgraded for Passpoint?

    The hardware and software platform of a given device determines whether it can be upgraded in the field. Equipment that has previously undergone certification testing can be updated and resubmitted for Passpoint certification.

  • Can legacy clients join a network with Passpoint access points?

    Legacy mobile devices can connect to Passpoint access points configured for open system authentication, although they will not enjoy Passpoint features for network selection, automatic authentication or expanded security. A user connecting to an open network with a legacy mobile device will manually find the available networks and then select and connect to the preferred network.

    The access points used in hotspot and enterprise networks are often configured to support multiple SSIDs (networks) on the same equipment; a configuration that offers a Passpoint-certified network and a separate open network allows Passpoint mobile devices to enjoy the full benefits while supporting legacy clients.

  • Does Passpoint support voice over Wi-Fi?

    The scope of Passpoint testing is to ensure that the mechanisms for seamless discovery and creation of a secured link are implemented correctly. It is application-agnostic.

  • What types of equipment are tested for Passpoint?

    Infrastructure equipment such as access points, and mobile and portable devices such as smartphones, tablets, and notebooks have been certified. Passpoint is available on both SIM and non-SIM Wi-Fi devices.

  • Are Wi-Fi CERTIFIED products protected by security?

    Yes. All Wi-Fi CERTIFIED products are tested for WPA2 or WPA3. The only way to be sure that a product meets the latest security standards is to purchase only Wi-Fi CERTIFIED products.


  • How does Wi-Fi Alliance help ensure product compatibility and a good user experience for certified products?

    Compatibility and quality are achieved through testing of Wi-Fi products. Consumers should always look for the Wi-Fi CERTIFIED logo to ensure the best user experience possible.


  • Which Wi-Fi Vantage technologies help quickly connect to another AP or another network?

    Wi-Fi Agile Multiband: Fast Basic Service Set (BSS) Transition, also known as Fast Transition, is based on IEEE 802.11r. Fast Transition enables devices to reauthenticate quickly with WPA2 security when roaming within the same Wi-Fi network, improving experience with latency sensitive applications such as voice over Wi-Fi.

    Wi-Fi Optimized Connectivity: Fast Initial Link Setup (FILS) Authentication is a mechanism defined in IEEE 802.11ai to enable fast authentication to APs using WPA2-Enterprise security.

  • Why should end users purchase Wi-Fi Vantage devices?

    Devices that are certified for Wi-Fi Vantage represent the most recent and interoperable Wi-Fi technologies for managed networks. Users will experience fewer connection interruptions during calls or video streaming, even while traversing through a transportation hub like a large airport. These devices, when used in a Wi-Fi Vantage enabled network, bring a more seamless and consistent connection and therefore a better mobile experience.

  • What is a managed network?

    Managed networks are Wi-Fi networks, such as those operated in airports, stadiums, schools, office buildings, retail and hotel locations and other venues, that are “managed” by network administrators to optimize their coverage, performance, and network access. These networks are frequently open to the public or offer access to subscribers.

  • What features are available in Wi-Fi Vantage devices today?

    Wi-Fi Vantage will evolve over time to introduce more advanced features as they become available. Today, all Wi-Fi Vantage devices contain the following enhanced feature sets to offer users the best experience when connecting to managed Wi-Fi networks:

    • Wi-Fi CERTIFIED Passpoint with Online Signup and Policy Provisioning
    • Wi-Fi CERTIFIED ac with advanced features of beamforming, concurrent dual band operation, and low density parity check  

    Wi-Fi Vantage adds the following feature sets to devices in 2018:

    • Wi-Fi CERTIFIED Agile Multiband, enabling devices to quickly identify and transition to a recommended AP, frequency band, or channel that gives the best connection
    • Wi-Fi CERTIFIED Optimized Connectivity improves roaming within a Wi-Fi network or to another network through optimized discovery, authentication, and reduced management frames
  • What features are planned for Wi-Fi Vantage devices in future generations?

    Future generations of Wi-Fi Vantage will add enhancements in network access, frequency band and channel management, and reduced connection times, resulting in improved roaming and management of Wi-Fi networks.

  • How does a user turn on WMM-Power Save?

    If implemented correctly, WMM-Power Save will activate automatically when a Wi-Fi CERTIFIED™ for WMM-Power Save client device is communicating with a Wi-Fi CERTIFIED™ for WMM-Power Save access point. There is no action needed from a user.

  • What is the Converged Wireless Group RF Profile Test?

    The Converged Wireless Group RF Profile Test is a test plan that was jointly developed by CTIA® and Wi-Fi Alliance® to provide detailed radio frequency performance profile in a mixed-network (Wi-Fi and Cellular) environment. Manufacturers of converged handsets and Wi-Fi networking infrastructure devices (access points) can participate in this test program to provide carriers with independent evaluations of their equipment, and carriers can use the test reports to compare handsets from different manufacturers. Completion of CWG testing does not result in a Wi-Fi certification.

  • What is the benefit of the Converged Wireless RF Profile Test to carriers?

    This industry-supported program provides detailed information about the RF performance of the Wi-Fi radio in a converged handset, as well as how the cellular and Wi-Fi radios impact one another. It provides a uniform evaluation approach that enables a standard way to contrast and compare converged devices.

  • What are the tests included in the Converged Wireless RF Profile?

    The comprehensive over-the-air testing program provides detailed measurements on key parameters, described in layperson terms below. The measurements are taken in a 360-degree environment in order to create “real-world” conditions:

    • Measurements to provide information about the reach of a Wi-Fi radio signal sent by a converged phone or AP, called transmit power (TRP, or Total Radiated Power)
    • Measurements to provide information about how well the Wi-Fi radio can detect an incoming signal in a converged phone or AP, called receive sensitivity (TIS, or Total Isotropic Sensitivity)

    In addition, the program includes:

    • Measurement of the signals ahead of the Wi-Fi antenna, called conducted power and sensitivity
    • Measurement of the reduction in sensitivity (desensitization) of a Wi-Fi receiver caused by the presence of an active cellular transmitter, and to ensure that the performance of the Wi-Fi receiver is within acceptable limits
    • Measurements of the desensitization of a cellular receiver caused by the presence of an active Wi-Fi transmitter, and to ensure that the performance of the cellular receiver is within acceptable limits

    To complete the testing a device must also be Wi-Fi CERTIFIED™ for core Wi-Fi interoperability and WPA2™ security, and CTIA certified for cellular performance.

Wi-Fi Alliance Member Publications
Nikon and T-Mobile Offer Latest Technology and New Service to Email Pictures Directly from Your Camera

Stuart Strickland

Aruba, a Hewlett Packard Enterprise company

Stuart Strickland is a Distinguished Technologist in the CTO team at Aruba, a Hewlett Packard Enterprise company, with a focus on strategic planning for Wi-Fi in relation to cellular networks. He represents Aruba in 3GPP, Wi-Fi Alliance, IEEE, and WBA on issues relating to spectrum allocation, Wi-Fi/cellular coexistence, and integrated network architectures. Prior to joining Aruba, he led Qualcomm’s Wi-Fi/small cell convergence and hybrid location strategies, served as Vice President of CSR’s location-based services business unit, as CTO of Insiteo, as lead software architect for the Radio Network Controller of Siemens’ first 3G network infrastructure, and as assistant professor of history at Northwestern University. He holds a PhD in the History of Science from Harvard University and an AB in the Philosophy of Mathematics from Columbia University.