Cisco WLC 8.5 - Passpoint configuration

Cisco WLC 8.5 - Passpoint configuration

Prerequisites

  1. Access to the Cisco WLC Dashboard as a user with administrative privileges.
  2. Cisco access points and wireless LAN controller are deployed.
  3. Controller has basic networking configured and has the licenses required.
  4. Access points are connected to the controller and are online.
  5. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets):
    1. Email or document that contains this information

      OR

    2. Access to the IronWiFi Management Console - Sign in or Open Account

 

Creating your network / SSID

 

This document will guide you in configuring a Hotspot 2.0 (Passpoint) SSID in Cisco WLC.

1.   To start the configuration process, log in to the Cisco wireless LAN controller as admin.  For existing environments with additional users, log in as a user with administrative privileges.


2.   Click Advanced on the top right of the Dashboard.

3.   Click WLANs. The WLANs menu appears on the left side of the Dashboard.

4.   Select Create New on the top right, then click Go.


     The WLANs>New page appears.




 5.   For the new WLAN set Type to ‘WLAN’. Enter the Profile Name such as  "IronWiFi_Passpoint"

 6.   Enter the SSID, as "IronWiFi ".

 7.   For ID you may choose any value from the select menu.

 8.   Click Apply on the top right to save your changes.  
        The wireless LAN you added appears on the WLANs information page.

 9.   Click Save Configuration on the top right to commit the configuration.



 10.   Still on the WLANs information page, click the WLAN ID, such as “2”.
The WLANs > Edit page appears.

 11.   In General tab,

  • set SSID ‘Status’ to ‘Enabled
  • set ‘Broadcast SSID’ to ‘Enabled
  • set NAS-ID value to MAC address of your WLC controller.

 12.   Then click on the Security tab.



  13.   In Layer 2 section of Security tab
  • set Layer 2 Security as ‘WPA2+WPA3’,
  • enable WPA2 and WPA3 Policy 
  • set WPA2 Encryption to CCMP128(AES) .
  • Set PMF to Optional
  • Under ‘Authentication Key Management’ section enable 802.1X-SHA1 and 802.1X-SHA2

14.  Click on the Layer 3 tab. In the Layer 3 tab:
  • set Layer 3 Security to ‘None’.
  • set Captive Network Assistant Bypass to ‘None’.
15.   Click on AAA Servers tab:
  • Enable both Authentication and Accounting servers and set the following values as RADIUS servers:
    RADIUS Primary IP Address:   from the Console
    RADIUS Secondary IP Address:   from the Console
    Shared Secret: from the Console

  • Enable Interim Updates and set Interim Interval to 600 seconds.
  • Click Apply on the top right to save your changes.

    16.   Click Save Configuration on the top right to commit the configuration.
 

Update the 802.11u settings

 

  1. Go again to the WLANs section. Locate the wireless LAN you created and mouse over  to the right of the wireless LAN description. Select 802.11u from the drop-down menu.

    Ubiquiti passpoint configuration - 2023-02-01T095937.817

    The 802.11u Parameters page appears.

  2. Set “802.11u Status” to Enabled. The 802.11u information page refreshes with properties to set.

  3. Set “Internet Access” to Enabled.

  4. In the Realm List, enter domain ironwifi.net. Click Add. The Realm appears in the Realm Index
  5. Add Ironwifi.net to the Domain List.
  6. Add aa146b0000 OUI Name to the list with Is Beacon ticked.
      
      7. Click on the Realm Name you just created in the Realm Index. The 802.11u Parameters>EAP Details information page appears.
      8. Set EAP Method to “EAP-TTLS”, then click on “Add”. The EAP method appears in the EAP Index.
      9. Click on the added EAP-TTLS method and add 2 Non EAP Inner Auth method with MSCHAPv2 and PAP


      
      10.  Click Save Configuration on the top right to commit the configuration.

 Click Apply on the top right to save your changes.

Configure Hotspot 2.0


  1. Go again to the WLANs section. Locate the wireless LAN you created and mouse over    to the right of the wireless LAN description.
  2. Select Hotspot 2.0 from the drop-down menu.


The WLAN > Hotspot 2.0 information page appears.

      3. Set “Hotspot2 Enable” as Enabled
      4. Set WAN Link Status to Link Up
      5. Set WAN Metrics to reflect your WAN speed
          
 

      6. Click Apply on the top right to save your changes.

      7. Click Save Configuration on the top right to commit the configuration.

      8. Your SSID is now configured. In a few minutes after you have applied the last changes, your WLAN will have Hotspot 2.0 capabilities.
     

    • Related Articles

    • Cisco WLC 9800

      This page will guide you through the Captive Portal configuration for Cisco WLC 9800 hardware / VM and authentication via IronWiFi. IronWiFi Console Configuration Log into the IronWiFi console or register for free Create a new network After that, ...

    • Cisco WLC

      This page explains the configuration of the Cisco Wireless LAN Controller to work with IronWifi Captive Portal. IronWiFi Console Configuration Log into the IronWiFi console or register for free Create a new network After that, create a new captive ...

    • Cisco Catalyst 9800 - Passpoint configuration

      Prerequisites Access to the Cisco WLC Dashboard as a user with administrative privileges. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets): Email or document that contains this information OR Access to ...

    • Cambium cnMaestro - Passpoint configuration

      Prerequisites Access to the cnMaestro Dashboard as a user with administrative privileges. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets): Email or document that contains this information OR Access to ...

    • Ubiquiti Unifi - Passpoint Configuration

      This guide is for Network version 8.4.x and above ONLY. Ubiquiti has recently reintroduced Passpoint feature into their codebase. Further information about Unifi and Passpoint can be found on the Unifi website: Unifi Passpoint Prerequisites Access to ...