Prerequisites

1. Access to the Meraki Dashboard as a user with administrative privileges.
2. Supported Meraki device - this solution works with all devices of the MR series.
3. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets):
   1. Email or document that contains this information
      
      OR
      
      
   2. Access to the IronWiFi Management Console - Sign in or Open Account

WPA2-Enterprise configuration

To start, you need to configure your Meraki with the exact same configuration required for supporting the WPA2 Enterprise service.

In the Meraki dashboard, configure the SSID and Access Control

1. Log in to the Meraki dashboard
2. Navigate to Wireless -> Access Control
3. Select an SSID
4. Enter an SSID name
5. Change SSID status to Enabled
6. Select Enterprise with my RADIUS server as the security type
7. Select none for the splash page
8. Open RADIUS section, click Add server, and enter information about your assigned RADIUS authentication and accounting servers - RADIUS server IP addresses, port numbers, and secrets
   
   

In the Meraki dashboard, configure Hotspot 2.0

1. Click on Wireless -> Hotspot 2.0 -> and select the SSID from Step 2.
2. Enable Hotspot 2.0
3. Enter your venue name, select your venue type, and network type that best describes your network 
4. To the domain list, add the following:
   1. ironwifi.net
      
      To enable OpenRoaming functionality, add also these domains -  
      
      
   2. apple.openroaming.net
   3. google.openroaming.net
   4. openroaming.org
   5. ciscooneid.openroaming.net
5. The following OI should be added to the Roaming Consortium list:
   
   1. AA146B0000
      
      These additional OIs are needed to enable OpenRoaming -   
      
      
   2. BAA2D00000
   3. 5a03ba0000
   4. 004096
      
      
      
6. Click on the Create realm button in the section NAI Realms and add the following:
   
   1. The format is 0
   2. Realm name - ironwifi
   3. Click Add an EAP method -> add Method ID and Authentication Methods:
      1. 13: EAP-TLS - Certificate
      2. 21: EAP-TTLS - PAP, MSCHAP, MSCHAPv2
         
         The additional methods are needed for SIM card authentication -   
         
         
      3. 18: EAP-SIM: SIM, USIM
      4. 23: EAP-AKA: SIM, USIM
      5. 50: EAP-AKA: SIM, USIM
      

Next, enter the following pairs, one per line, in the MCC/MNC section below:

     ● 310 410
     ● 310 280
     ● 310 150
     ● 313 100

Click the Save Changes button.

This is an example of how the finished configuration should look like: 

Install the Passpoint profile on your client devices

This feature is available only to customers with IronWiFi Captive Portal service enabled.

1. Sign in to the IronWiFi Management Console -> Networks -> Captive Portals -> click portal name
2. Under the Provisioning URL field on the Captive Portal settings page, add Operator name. This name will be displayed on your guests device to help them identify your network.
3. Click on the Provisioning URL (OSU) link. Invite your users to visit this link before arriving to set up their devices for fast, easy and secure network connection.
   
   
4. Authenticate using one of the available authentication methods
   
   
5. Install the Passpoint profile by clicking the Download Passpoint Profile button and following the instructions
   
   
   
   
6. If you want to install an OpenRoaming profile that can be used to access compatible networks worldwide, you can do so on this page - https://osu.ironwifi.com
   
   

Connect to the Hotspot 2.0 network

1. Using the newly installed profile (OperatorName @ IRONWIFI) connect to the network