OpenWiFi - Passpoint configuration

OpenWiFi - Passpoint configuration

Prerequisites

  1. Access to the Controller as a user with administrative privileges.
  2. Supported OpenWiFi device - this solution has been tested with EdgeCore EAP101
  3. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets):
    1. Email or document that contains this information

      OR

    2. Access to the IronWiFi Management Console - Sign in or Open Account
Sign in to the Controller, find your device and click Commands -> Configure. Paste the following configuration (update RADIUS server information to match your assigned RADIUS servers) and click Save.

Sample configuration:

{
  "interfaces": [
    {
      "ethernet": [
        {
          "select-ports": [
            "WAN*"
          ]
        }
      ],
      "ipv4": {
        "addressing": "dynamic"
      },
      "name": "WAN",
      "role": "upstream",
      "services": [
        "lldp"
      ]
    },
    {
      "ethernet": [
        {
          "select-ports": [
            "LAN*"
          ]
        }
      ],
      "ipv4": {
        "addressing": "static",
        "dhcp": {
          "lease-count": 100,
          "lease-first": 10,
          "lease-time": "6h"
        },
        "subnet": "192.168.1.1/24"
      },
      "name": "LAN",
      "role": "downstream",
      "services": [
        "ssh",
        "lldp"
      ],
      "ssids": [
        {
          "bss-mode": "ap",
          "encryption": {
            "ieee80211w": "optional",
            "proto": "none"
          },
          "name": "OpenWifi-hotspot",
          "services": [
            "captive"
          ],
          "wifi-bands": [
            "5G",
            "2G"
          ]
        },
        {
          "bss-mode": "ap",
          "encryption": {
            "ieee80211w": "optional",
            "key": "OpenWifi",
            "proto": "psk"
          },
          "name": "OpenWifi_wpa",
          "role": "downstream",
          "wifi-bands": [
            "2G",
            "5G"
          ]
        },
        {
          "name": "OpenWifi_offload",
          "wifi-bands": [
            "5G"
          ],
          "bss-mode": "ap",
          "encryption": {
            "proto": "wpa-mixed",
            "ieee80211w": "optional"
          },
          "services": [
            "radius-proxy"
          ],
          "radius": {
            "nas-identifier": "NAS-Lab",
            "chargeable-user-id": true,
            "authentication": {
              "host": "***.***.***.***",
              "port": *****,
              "secret": "*******",
              "request-attribute": [
                {
                  "id": 126,
                  "value": "s:TIP"
                }
              ]
            },
            "accounting": {
              "host": "***.***.***.***",
              "port": *****,
              "secret": "*******",
              "request-attribute": [
                {
                  "id": 126,
                  "value": "s:TIP"
                }
              ],
              "interval": 300
            }
          },
          "pass-point": {
            "venue-name": [
              "eng:Example passpoint_venue"
            ],
            "domain-name": [
              "apple.openroaming.net",
              "google.openroaming.net",
              "ciscooneid.openroaming.net",
              "openroaming.org",
              "ironwifi.net"
            ],
            "asra": false,
            "internet": true,
            "esr": false,
            "uesa": false,
            "access-network-type": 0,
            "hessid": "11:22:33:44:55:66",
            "venue-group": 2,
            "venue-type": 8,
            "connection-capability": [
              "1:0:2",
              "6:22:1",
              "17:5060:0"
            ],
            "roaming-consortium": [
              "AA146B0000",
              "BAA2D00000",
              "5a03ba0000",
              "004096"
            ],
            "disable-dgaf": true,
            "anqp-domain": 8888,
            "ipaddr-type-available": 14,
            "nai-realm": [
              "0,ironwifi.net,21[5:7][2:4],13[5:-1]"
            ],
            "osen": false,
            "anqp-3gpp-cell-net": [
              "310,410",
              "310,280",
              "310,150",
              "313,100"
            ],
            "friendly-name": [
              "eng:IronWiFi"
            ],
            "venue-url": [
              "http://www.example.com/info-eng"
            ],
            "auth-type": {
              "type": "terms-and-conditions"
            }
          }
        }
      ]
    }
  ],
  "metrics": {
    "health": {
      "interval": 120
    },
    "statistics": {
      "interval": 120,
      "types": [
        "ssids",
        "lldp",
        "clients"
      ]
    },
    "wifi-frames": {
      "filters": [
        "probe",
        "auth"
      ]
    }
  },
  "radios": [
    {
      "band": "5G",
      "channel": 52,
      "channel-mode": "HE",
      "channel-width": 80,
      "country": "CA"
    },
    {
      "band": "2G",
      "channel": 11,
      "channel-mode": "HE",
      "channel-width": 20,
      "country": "CA"
    }
  ],
  "services": {
    "radius-proxy": {
      "realms": [
        {
          "protocol": "radsec",
          "realm": [
            "*.mobile.operator.com"
          ],
          "host": "ipv4 address",
          "port": 2083,
          "auto-discover": false,
          "secret": "radsec",
          "use-local-certificates": false,
          "ca-certificate": "AAAAABBBBBCCCCDDDEEEEEEFFFFNPZ0F3SUJBZ0lKQUxIQmJFWmU3QTBzTUEwR0NTcUdTSWIzRFFFQkN3VUFNSUdvTVFzd0NRWUQKVlFRR0V3SlZVekVUTUJFR0ExVUVDQXdLUTJGc2FXWnZjbTVwWVRFUk1BOEdBMVVFQnd3SVUyRnVJRXB2YzJVeApIREFhQmdOVkJBb01FME5wYzJOdklGTjVjM1JsYlhNc0lFbHVZeTR4RkRBU0JnTlZCQXNNQzA5d1pXNXliMkZ0CmFXNW5NUmd3RmdZRFZRUUREQTl2Y0dWdWNtOWhiV2x1Wnk1dmNtY3hJekFoQmdrcWhraUc5dzBCQ1FFV0ZHVnUKWWkxa1pYWnZjSE5BWTJselkyOHVZMjl0TUI0WERURTVNRGt4TmpFeU1EYzFPVm9YRFRNNU1Ea3hNVEV5TURjMQpPVm93Z2FneEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJFd0R3WURWUVFICkRBaFRZVzRnU205elpURWNNQm9HQTFVRUNnd1RRMmx6WTI4Z1UzbHpkR1Z0Y3l3Z1NXNWpMakVVTUJJR0ExVUUKQ3d3TFQzQmxibkp2WVcxcGJtY3hHREFXQmdOVkJBTU1EMjl3Wlc1eWIyRnRhVzVuTG05eVp6RWpNQ0VHQ1NxRwpTSWIzRFFFSkFSWVVaVzVpTFdSbGRtOXdjMEJqYVhOamJ5NWpiMjB3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBCkE0SUNEd0F3Z2dJS0FvSUNBUUMwSmM0V3d2QlJJa3BsU0pmdVdZaWo1TTZ2WkRtYVpRNk82YjhGRjBNRVdhZ3UKRFZpVkpRM0JVZ1oyUUtET25JcktNZUlmS3ZWUzRNRWJMM3U0OHgveUtqb09IRkQ0aUhRRTdBUFBvd1BvZkVTcwp4emZveGkwYnozQ3FvK3pXRzVESVJ5V3krNFNDRGlsc2xBN25XU1l5TTdGeUZGWUxvWHdEZVY1N1MzNnJqN3hGClpXdjJ3NjI3dkNPUjJKM2RiYkRLR0ZneEZSVHhMK3I0SWlIWGN5Mm8zaUlwK3R3bDBablJydzBEME5aUmxwNzkKZ2VCS2E5VHZ1MUQxMDcxVWRDQjlaK3VZMFBrNEVaN1dlWVNjWjJhdkxtQjl3cVpkU1F0U2pTQ0xqNVlTOTZzTwpodmlOTWxDb1pNbDBkUE14T2RCb3JZOE52L1VodWk3WDBseUpjKytYaVVuVCs2c05KTXJUeWQ1bCt5OTBmZ0RrCmVqUTNhcWZsTDdRTy9SWjRGejhpL3dCQTRmTWR5TDkvYThqUzBiYWZlc01PZFFDUEd4TThNYXF3QUhZOUN0Z1cKWFFuWi9CT3l3bTArY1gxMkwyd3R3SGFjZ1F6bUROZ2R3NU5PdUdIVEdFcTBpUFVITFBrUXZWc1VTRTBpSUxmZgpXWkhpN2RhOHlsZi9WVktDVjN3U3pKdjc4NXB1c0Z6QVNxbHpLZnErYUs5T1A4bVhyS1dibFZCWHR0aE5mSWJ1CmcvaXNoWW4rYXIrcnlEdmRvL05vL202QjhCemNqVzRWWlIxQkszZUd1R3k2MkhxbTdHMkdZS1FpbkhzdElTYWsKeFFMK3IxOW1HcEhkbzdXcWgyd3ZVZmd6MXN4QjZxOVRhaWZoS21nbEJiSnV1dHpQRFViRHRqWHVlbGcvS1FJRApBUUFCbzJZd1pEQWRCZ05WSFE0RUZnUVVER1Z5QWU4THpNSjR0NVRuRVplVUpXeGVGcE13SHdZRFZSMGpCQmd3CkZvQVVER1Z5QWU4THpNSjR0NVRuRVplVUpXeGVGcE13RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQXpBT0JnTlYKSFE4QkFmOEVCQU1DQVlZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGcnlOZldoU2J4RitYS3Nhd29MT2l0bgpDd2ZkTUNrQUJvMWlvWFhyclB1M0xzYm9keXBEdUIwQ2NHdEI1WlZiQ1pSWXBTVFNWMjcramdhRVZlMG1zSk9vCjRoNVBYdnM0QklseTJ6RE1yaE9rTmIxSXN0Y1kyNFdtbGJRYUlBTGcwUW4zQXJTWStITUtUMjhoWjR6bVM3N3QKKzg3d0FYNmlBaGF5QktLWHhJQnQ4VEVTL0hXU0RWczl1RFY4ZjRNTzI0TGozQXBhQkpaV2dFcFpXYi9LdkRmSQp4ckJUK1loL2xTSWpvWGNvZHdNT2dMeTcrLzJrQjZQcXJtWktMcnFWZ3Byd3VXNDJVYVh4YkpYQnFvdmVURkxiCnhXaHA5T1kzbWxnTy9IbWthdS8rUnNLelJzYnJJWGZqRzRDT1ViOHh1ajV1WmZkQ2FYRVlWNnZwdnUwN0NTVEgKZk51VnlZYlMxampLZHRoWE9JQ2YvN3N4YTdiVlpOTkNOQWFwK21FcldPNXQxTEhXdi9ZL0ZYYk5TTVdadlozVApPM0RYc0p5K3grU1piZ283OWhzUktxeDFDSjQybktBaGM2WFZZUkRTOGs0SHZVSzBxbnpTaExvMm5MYTFCVUVMCkkzVnkybDVVMkMxMUYvTDRhNE1Pb2R0Z3h4L0Q5VjI0cWZnTVRPY3Q4bS9QRFB6b1ovL2NoTUpQUU5pWHV5SUEKWmlOUWRxRngrYWI2N1ErM3kwcGxKRDVjVk81Z01MN0F5dXZuMDJlalRhWFYrUkQxVmpoSkRCM0l1Y0FHUnIxLwpVTVVNbmlTZSt4S2FaVHA5SGtza0x2K051ZjV1Slc2VXVHZ0RIbUFCYUFEWUdTMGhKTFU2MjMxMTE3OWh4Q3NmCmVMNXJQdlVtMitRZWhDWURBUjR1Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=",
          "certificate": "AAAAABBBBBCCCCDDDEEEEEEFFFFS0tCk1JSUNHVENDQWNDZ0F3SUJBZ0lVUjEwVFR5NThxNVF2d1VlVEVsWnZRNE1tYzYwd0NnWUlLb1pJemowRUF3SXcKUVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBb1RDa0oxZEhSdmJuZHZiMlF4SFRBYkJnTlZCQU1URkVKMQpkSFJ2Ym5kdmIyUWdVbUZrYzJWaklFTkJNQjRYRFRJeE1EY3hNVEUyTXpNeE5Wb1hEVEl6TURjeE1URTJNek14Ck5Wb3dZakVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFvVENrSjFkSFJ2Ym5kdmIyUXhJekFoQmdOVkJBTVQKR21aaFkyVmliMjlyTG05eWFXOXVMbUZ5WldFeE1qQXVZMjl0TVJrd0Z3WUtDWkltaVpQeUxHUUJBUk1KUjI5dgpaMnhsT2xWVE1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTAvdXpKQ1FZVU1uTXpjMHFzaXBYClZreXkzdkdIM0hOZWxJQnkzTzFGaVMrdVVBa1NUS0VUSHduK1Nza3N1WjIzZnV0bWJzcEQ4bXZQUkI3bXlwZ24KZDZOMU1ITXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQXdHQTFVZApFd0VCL3dRQ01BQXdKUVlEVlIwUkJCNHdISUlhWm1GalpXSnZiMnN1YjNKcGIyNHVZWEpsWVRFeU1DNWpiMjB3CkZ3WURWUjBnQkJBd0RqQU1CZ29yQmdFRUFlNHFBUUVGTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUVKZ00yenoKUXJiR3NZMWticmNOZ1p2QTdBbE02WTllS3d6VWZHSzNGN2d3QWlBbDFmNlVBSGMxVlFmNUgwUVlRbjh4QW1WWAp6azJIQmI3MHMxQjEwN2NKY3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t",
          "private-key": "AAAAABBBBBCCCCDDDEEEEEEFFFF0tLS0tCk1IY0NBUUVFSUg0cXVHblBndUIxckk1TnlXejc3ejBvOXRUOGhxN1dBbXVrcFRXa3J2cHdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMC91ekpDUVlVTW5NemMwcXNpcFhWa3l5M3ZHSDNITmVsSUJ5M08xRmlTK3VVQWtTVEtFVApId24rU3Nrc3VaMjNmdXRtYnNwRDhtdlBSQjdteXBnbmR3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQ=="
        },
        {
          "protocol": "radius",
          "realm": [
            "*.3gppnetwork.org"
          ],
          "auth-server": "***.***.***.***",
          "auth-port": *****,
          "auth-secret": "*******",
          "acct-server": "***.***.***.***",
          "acct-port": *****,
          "acct-secret": "*******"
        },
        {
          "protocol": "radius",
          "realm": [
            "ironwifi.net"
          ],
          "auth-server": "***.***.***.***",
          "auth-port": *****,
          "auth-secret": "*******",
          "acct-server": "***.***.***.***",
          "acct-port": *****,
          "acct-secret": "*******"
        },
        {
          "protocol": "block",
          "realm": [
            "*"
          ],
          "message": "realm-not-allowed"
        }
      ]
    },
    "captive": {
      "auth-mode": "uam",
      "auth-port": *****,
      "auth-secret": "*******",
      "auth-server": "***.***.***.***",
      "nasid": "IronWiFi",
      "uam-port": 3990,
      "uam-secret": "*******",
      "uam-server": "https://*******.ironwifi.com/*********/",
      "walled-garden-fqdn": [
        "telecominfraproject.com",
        "*.ironwifi.com"
      ]
    },
    "lldp": {
      "describe": "uCentral",
      "location": "universe"
    },
    "ssh": {
      "port": 22
    }
  },
  "uuid": 1675189282
}

    • Related Articles

    • Cambium cnMaestro - Passpoint configuration

      Prerequisites Access to the cnMaestro Dashboard as a user with administrative privileges. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets): Email or document that contains this information OR Access to ...

    • OpenWrt - Passpoint configuration

      Prerequisites OpenWrt compatible device with Passpoint-capable wireless device (PHY). OpenWrt 21.02, or newer, including wpad (hostapd) built with hs20 option. Full version of iw package in OpenWrt. 802.1x infrastructure (RADIUS server). Information ...

    • Meraki - Passpoint configuration

      Prerequisites Access to the Meraki Dashboard as a user with administrative privileges. Supported Meraki device - this solution works with all devices of the MR series. Information about the assigned RADIUS servers (Server IP address, port numbers, ...

    • Ubiquiti Unifi - Passpoint Configuration

      Prerequisites Access to the Ubiquiti Dashboard as a user with administrative privileges. Supported Ubiquiti device. These access points have Hotspot 2.0 certification: UAP-AC-M-PRO UAP-AC-LITE UAP-AC-PRO UAP-AC-IW UAP-AC-M These access points are not ...

    • Invalid Signature error when downloading Passpoint profile on Windows

      Due to change of logic introduced in Windows update in the past few months, that was seemingly reversed in the latest Experience Pack, whilst downloading Passpoint profile on Windows machine from the Captive Portal environment, you might encounter ...