Ubiquiti UniFi - Passpoint Configuration
Configure Passpoint (Hotspot 2.0) on Ubiquiti UniFi access points to enable automatic WiFi authentication through IronWiFi's cloud RADIUS service. This provides seamless WPA2/WPA3-Enterprise connections without manual network selection or splash pages.
Prerequisites
In UniFi:
- UniFi access points with Hotspot 2.0 support (see table below)
- UniFi Network Controller 6.0 or later
- Administrator access
In IronWiFi Console (complete these first):
- Create a Network and note the RADIUS details
- Enable Passpoint on the network
- Configure realm, operator name, and domain settings
Supported Hardware
| Series | Models |
|---|---|
| UniFi 6 | U6-LR, U6-Pro, U6-Lite, U6-Mesh, U6-Enterprise |
| UniFi 5 | UAP-AC-Pro, UAP-AC-HD, UAP-AC-SHD |
| UniFi 6E | All WiFi 6E models |
UniFi Controller Configuration
Step 1: Create RADIUS Profile
- Open UniFi Network Application
- Go to Settings > Profiles > RADIUS
- Click Create New
- Configure:
- Name: IronWiFi-RADIUS
- Authentication Server: IronWiFi RADIUS IP
- Port: Customer Authentication Port
- Shared Secret: Your RADIUS secret
- Accounting: Enable
- Accounting Server: Same as authentication
- Accounting Port: Customer Accounting Port
Step 2: Create Wireless Network
- Go to Settings > WiFi
- Click Create New
- Configure basic settings:
- Name/SSID: Your Passpoint network name
- Security Protocol: WPA2/WPA3 Enterprise
- RADIUS Profile: Select IronWiFi-RADIUS
Step 3: Enable Hotspot 2.0
- In the WiFi network settings, scroll to Hotspot 2.0
- Enable Hotspot 2.0
- Configure:
Network Settings
- Access Network Type: Free Public Network (or appropriate type)
- Internet Access: Enabled
- Venue Group: Business (or appropriate)
- Venue Type: Unspecified Business
Operator Settings
- Operator Friendly Name: Your organization name
- Domain Names:
ironwifi.net
Roaming Consortium
Add the following OIs:
NAI Realm
- Realm: (or your realm)
ironwifi.com - EAP Methods: EAP-TTLS, EAP-TLS
- Click Apply Changes
Configuration via UniFi API
For automation or advanced configuration:
OpenRoaming Configuration
To enable OpenRoaming on UniFi:
- Navigate to the Hotspot 2.0 settings
- Add OpenRoaming consortium OIs:
- - WBA OpenRoaming Settlement-free
5A03BA0000 - - WBA OpenRoaming Settlement-free (Cloud ID)
5A03BA0200
- Configure NAI realm for OpenRoaming authentication
- Enable in IronWiFi console under Networks > OpenRoaming
Testing Passpoint
From iOS
- Ensure Passpoint profile is installed
- Device should automatically discover and connect
- Check Settings > WiFi for Passpoint indicator
From Android
- Enable WiFi
- Device should auto-discover Passpoint network
- Check connection in WiFi settings
Verification Commands
On UniFi Controller:
Troubleshooting
Network Not Discovered
- Verify Hotspot 2.0 is enabled in network settings
- Check AP firmware is up to date
- Ensure client device supports Passpoint
- Verify domain names and realm configuration
Authentication Fails
- Check RADIUS connectivity from UniFi
- Verify shared secret matches IronWiFi configuration
- Review authentication logs in IronWiFi console
- Ensure NAI realm matches user credentials
Clients Don't Auto-Connect
- Verify Passpoint profile is installed on client
- Check roaming consortium OIs match
- Ensure credential realm matches NAI realm
- Review client device Passpoint settings
Intermittent Connectivity
- Check for AP firmware updates
- Verify RADIUS timeout settings
- Review access point logs
- Check for channel interference
Best Practices
- Use unique SSID - Don't overlap with regular networks
- Test thoroughly - Verify with multiple device types
- Monitor logs - Track authentication success/failures
- Update firmware - Keep APs on latest stable version
- Document configuration - Record all settings for troubleshooting
Related Topics
Same vendor
Standards & reference
Was this page helpful?