OpenWiFi - Passpoint configuration

OpenWiFi - Passpoint configuration

Prerequisites

  1. Access to the Controller as a user with administrative privileges.
  2. Supported OpenWiFi device - this solution has been tested with EdgeCore EAP101
  3. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets):
    1. Email or document that contains this information

      OR

    2. Access to the IronWiFi Management Console - Sign in or Open Account
Sign in to the Controller, find your device and click Commands -> Configure. Paste the following configuration (update RADIUS server information to match your assigned RADIUS servers) and click Save.

Sample configuration:

{
  "interfaces": [
    {
      "ethernet": [
        {
          "select-ports": [
            "WAN*"
          ]
        }
      ],
      "ipv4": {
        "addressing": "dynamic"
      },
      "name": "WAN",
      "role": "upstream",
      "services": [
        "lldp"
      ]
    },
    {
      "ethernet": [
        {
          "select-ports": [
            "LAN*"
          ]
        }
      ],
      "ipv4": {
        "addressing": "static",
        "dhcp": {
          "lease-count": 100,
          "lease-first": 10,
          "lease-time": "6h"
        },
        "subnet": "192.168.1.1/24"
      },
      "name": "LAN",
      "role": "downstream",
      "services": [
        "ssh",
        "lldp"
      ],
      "ssids": [
        {
          "bss-mode": "ap",
          "encryption": {
            "ieee80211w": "optional",
            "proto": "none"
          },
          "name": "OpenWifi-hotspot",
          "services": [
            "captive"
          ],
          "wifi-bands": [
            "5G",
            "2G"
          ]
        },
        {
          "bss-mode": "ap",
          "encryption": {
            "ieee80211w": "optional",
            "key": "OpenWifi",
            "proto": "psk"
          },
          "name": "OpenWifi_wpa",
          "role": "downstream",
          "wifi-bands": [
            "2G",
            "5G"
          ]
        },
        {
          "name": "OpenWifi_offload",
          "wifi-bands": [
            "5G"
          ],
          "bss-mode": "ap",
          "encryption": {
            "proto": "wpa-mixed",
            "ieee80211w": "optional"
          },
          "services": [
            "radius-proxy"
          ],
          "radius": {
            "nas-identifier": "NAS-Lab",
            "chargeable-user-id": true,
            "authentication": {
              "host": "***.***.***.***",
              "port": *****,
              "secret": "*******",
              "request-attribute": [
                {
                  "id": 126,
                  "value": "s:TIP"
                }
              ]
            },
            "accounting": {
              "host": "***.***.***.***",
              "port": *****,
              "secret": "*******",
              "request-attribute": [
                {
                  "id": 126,
                  "value": "s:TIP"
                }
              ],
              "interval": 300
            }
          },
          "pass-point": {
            "venue-name": [
              "eng:Example passpoint_venue"
            ],
            "domain-name": [
              "apple.openroaming.net",
              "google.openroaming.net",
              "ciscooneid.openroaming.net",
              "openroaming.org",
              "ironwifi.net"
            ],
            "asra": false,
            "internet": true,
            "esr": false,
            "uesa": false,
            "access-network-type": 0,
            "hessid": "11:22:33:44:55:66",
            "venue-group": 2,
            "venue-type": 8,
            "connection-capability": [
              "1:0:2",
              "6:22:1",
              "17:5060:0"
            ],
            "roaming-consortium": [
              "AA146B0000",
              "BAA2D00000",
              "5a03ba0000",
              "004096"
            ],
            "disable-dgaf": true,
            "anqp-domain": 8888,
            "ipaddr-type-available": 14,
            "nai-realm": [
              "0,ironwifi.net,21[5:7][2:4],13[5:-1]"
            ],
            "osen": false,
            "anqp-3gpp-cell-net": [
              "310,410",
              "310,280",
              "310,150",
              "313,100"
            ],
            "friendly-name": [
              "eng:IronWiFi"
            ],
            "venue-url": [
              "http://www.example.com/info-eng"
            ],
            "auth-type": {
              "type": "terms-and-conditions"
            }
          }
        }
      ]
    }
  ],
  "metrics": {
    "health": {
      "interval": 120
    },
    "statistics": {
      "interval": 120,
      "types": [
        "ssids",
        "lldp",
        "clients"
      ]
    },
    "wifi-frames": {
      "filters": [
        "probe",
        "auth"
      ]
    }
  },
  "radios": [
    {
      "band": "5G",
      "channel": 52,
      "channel-mode": "HE",
      "channel-width": 80,
      "country": "CA"
    },
    {
      "band": "2G",
      "channel": 11,
      "channel-mode": "HE",
      "channel-width": 20,
      "country": "CA"
    }
  ],
  "services": {
    "radius-proxy": {
      "realms": [
        {
          "protocol": "radsec",
          "realm": [
            "*.mobile.operator.com"
          ],
          "host": "ipv4 address",
          "port": 2083,
          "auto-discover": false,
          "secret": "radsec",
          "use-local-certificates": false,
          "ca-certificate": "AAAAABBBBBCCCCDDDEEEEEEFFFFNPZ0F3SUJBZ0lKQUxIQmJFWmU3QTBzTUEwR0NTcUdTSWIzRFFFQkN3VUFNSUdvTVFzd0NRWUQKVlFRR0V3SlZVekVUTUJFR0ExVUVDQXdLUTJGc2FXWnZjbTVwWVRFUk1BOEdBMVVFQnd3SVUyRnVJRXB2YzJVeApIREFhQmdOVkJBb01FME5wYzJOdklGTjVjM1JsYlhNc0lFbHVZeTR4RkRBU0JnTlZCQXNNQzA5d1pXNXliMkZ0CmFXNW5NUmd3RmdZRFZRUUREQTl2Y0dWdWNtOWhiV2x1Wnk1dmNtY3hJekFoQmdrcWhraUc5dzBCQ1FFV0ZHVnUKWWkxa1pYWnZjSE5BWTJselkyOHVZMjl0TUI0WERURTVNRGt4TmpFeU1EYzFPVm9YRFRNNU1Ea3hNVEV5TURjMQpPVm93Z2FneEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJFd0R3WURWUVFICkRBaFRZVzRnU205elpURWNNQm9HQTFVRUNnd1RRMmx6WTI4Z1UzbHpkR1Z0Y3l3Z1NXNWpMakVVTUJJR0ExVUUKQ3d3TFQzQmxibkp2WVcxcGJtY3hHREFXQmdOVkJBTU1EMjl3Wlc1eWIyRnRhVzVuTG05eVp6RWpNQ0VHQ1NxRwpTSWIzRFFFSkFSWVVaVzVpTFdSbGRtOXdjMEJqYVhOamJ5NWpiMjB3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBCkE0SUNEd0F3Z2dJS0FvSUNBUUMwSmM0V3d2QlJJa3BsU0pmdVdZaWo1TTZ2WkRtYVpRNk82YjhGRjBNRVdhZ3UKRFZpVkpRM0JVZ1oyUUtET25JcktNZUlmS3ZWUzRNRWJMM3U0OHgveUtqb09IRkQ0aUhRRTdBUFBvd1BvZkVTcwp4emZveGkwYnozQ3FvK3pXRzVESVJ5V3krNFNDRGlsc2xBN25XU1l5TTdGeUZGWUxvWHdEZVY1N1MzNnJqN3hGClpXdjJ3NjI3dkNPUjJKM2RiYkRLR0ZneEZSVHhMK3I0SWlIWGN5Mm8zaUlwK3R3bDBablJydzBEME5aUmxwNzkKZ2VCS2E5VHZ1MUQxMDcxVWRDQjlaK3VZMFBrNEVaN1dlWVNjWjJhdkxtQjl3cVpkU1F0U2pTQ0xqNVlTOTZzTwpodmlOTWxDb1pNbDBkUE14T2RCb3JZOE52L1VodWk3WDBseUpjKytYaVVuVCs2c05KTXJUeWQ1bCt5OTBmZ0RrCmVqUTNhcWZsTDdRTy9SWjRGejhpL3dCQTRmTWR5TDkvYThqUzBiYWZlc01PZFFDUEd4TThNYXF3QUhZOUN0Z1cKWFFuWi9CT3l3bTArY1gxMkwyd3R3SGFjZ1F6bUROZ2R3NU5PdUdIVEdFcTBpUFVITFBrUXZWc1VTRTBpSUxmZgpXWkhpN2RhOHlsZi9WVktDVjN3U3pKdjc4NXB1c0Z6QVNxbHpLZnErYUs5T1A4bVhyS1dibFZCWHR0aE5mSWJ1CmcvaXNoWW4rYXIrcnlEdmRvL05vL202QjhCemNqVzRWWlIxQkszZUd1R3k2MkhxbTdHMkdZS1FpbkhzdElTYWsKeFFMK3IxOW1HcEhkbzdXcWgyd3ZVZmd6MXN4QjZxOVRhaWZoS21nbEJiSnV1dHpQRFViRHRqWHVlbGcvS1FJRApBUUFCbzJZd1pEQWRCZ05WSFE0RUZnUVVER1Z5QWU4THpNSjR0NVRuRVplVUpXeGVGcE13SHdZRFZSMGpCQmd3CkZvQVVER1Z5QWU4THpNSjR0NVRuRVplVUpXeGVGcE13RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQXpBT0JnTlYKSFE4QkFmOEVCQU1DQVlZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGcnlOZldoU2J4RitYS3Nhd29MT2l0bgpDd2ZkTUNrQUJvMWlvWFhyclB1M0xzYm9keXBEdUIwQ2NHdEI1WlZiQ1pSWXBTVFNWMjcramdhRVZlMG1zSk9vCjRoNVBYdnM0QklseTJ6RE1yaE9rTmIxSXN0Y1kyNFdtbGJRYUlBTGcwUW4zQXJTWStITUtUMjhoWjR6bVM3N3QKKzg3d0FYNmlBaGF5QktLWHhJQnQ4VEVTL0hXU0RWczl1RFY4ZjRNTzI0TGozQXBhQkpaV2dFcFpXYi9LdkRmSQp4ckJUK1loL2xTSWpvWGNvZHdNT2dMeTcrLzJrQjZQcXJtWktMcnFWZ3Byd3VXNDJVYVh4YkpYQnFvdmVURkxiCnhXaHA5T1kzbWxnTy9IbWthdS8rUnNLelJzYnJJWGZqRzRDT1ViOHh1ajV1WmZkQ2FYRVlWNnZwdnUwN0NTVEgKZk51VnlZYlMxampLZHRoWE9JQ2YvN3N4YTdiVlpOTkNOQWFwK21FcldPNXQxTEhXdi9ZL0ZYYk5TTVdadlozVApPM0RYc0p5K3grU1piZ283OWhzUktxeDFDSjQybktBaGM2WFZZUkRTOGs0SHZVSzBxbnpTaExvMm5MYTFCVUVMCkkzVnkybDVVMkMxMUYvTDRhNE1Pb2R0Z3h4L0Q5VjI0cWZnTVRPY3Q4bS9QRFB6b1ovL2NoTUpQUU5pWHV5SUEKWmlOUWRxRngrYWI2N1ErM3kwcGxKRDVjVk81Z01MN0F5dXZuMDJlalRhWFYrUkQxVmpoSkRCM0l1Y0FHUnIxLwpVTVVNbmlTZSt4S2FaVHA5SGtza0x2K051ZjV1Slc2VXVHZ0RIbUFCYUFEWUdTMGhKTFU2MjMxMTE3OWh4Q3NmCmVMNXJQdlVtMitRZWhDWURBUjR1Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=",
          "certificate": "AAAAABBBBBCCCCDDDEEEEEEFFFFS0tCk1JSUNHVENDQWNDZ0F3SUJBZ0lVUjEwVFR5NThxNVF2d1VlVEVsWnZRNE1tYzYwd0NnWUlLb1pJemowRUF3SXcKUVRFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBb1RDa0oxZEhSdmJuZHZiMlF4SFRBYkJnTlZCQU1URkVKMQpkSFJ2Ym5kdmIyUWdVbUZrYzJWaklFTkJNQjRYRFRJeE1EY3hNVEUyTXpNeE5Wb1hEVEl6TURjeE1URTJNek14Ck5Wb3dZakVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFvVENrSjFkSFJ2Ym5kdmIyUXhJekFoQmdOVkJBTVQKR21aaFkyVmliMjlyTG05eWFXOXVMbUZ5WldFeE1qQXVZMjl0TVJrd0Z3WUtDWkltaVpQeUxHUUJBUk1KUjI5dgpaMnhsT2xWVE1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTAvdXpKQ1FZVU1uTXpjMHFzaXBYClZreXkzdkdIM0hOZWxJQnkzTzFGaVMrdVVBa1NUS0VUSHduK1Nza3N1WjIzZnV0bWJzcEQ4bXZQUkI3bXlwZ24KZDZOMU1ITXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQXdHQTFVZApFd0VCL3dRQ01BQXdKUVlEVlIwUkJCNHdISUlhWm1GalpXSnZiMnN1YjNKcGIyNHVZWEpsWVRFeU1DNWpiMjB3CkZ3WURWUjBnQkJBd0RqQU1CZ29yQmdFRUFlNHFBUUVGTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUVKZ00yenoKUXJiR3NZMWticmNOZ1p2QTdBbE02WTllS3d6VWZHSzNGN2d3QWlBbDFmNlVBSGMxVlFmNUgwUVlRbjh4QW1WWAp6azJIQmI3MHMxQjEwN2NKY3c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t",
          "private-key": "AAAAABBBBBCCCCDDDEEEEEEFFFF0tLS0tCk1IY0NBUUVFSUg0cXVHblBndUIxckk1TnlXejc3ejBvOXRUOGhxN1dBbXVrcFRXa3J2cHdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMC91ekpDUVlVTW5NemMwcXNpcFhWa3l5M3ZHSDNITmVsSUJ5M08xRmlTK3VVQWtTVEtFVApId24rU3Nrc3VaMjNmdXRtYnNwRDhtdlBSQjdteXBnbmR3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQ=="
        },
        {
          "protocol": "radius",
          "realm": [
            "*.3gppnetwork.org"
          ],
          "auth-server": "***.***.***.***",
          "auth-port": *****,
          "auth-secret": "*******",
          "acct-server": "***.***.***.***",
          "acct-port": *****,
          "acct-secret": "*******"
        },
        {
          "protocol": "radius",
          "realm": [
            "ironwifi.net"
          ],
          "auth-server": "***.***.***.***",
          "auth-port": *****,
          "auth-secret": "*******",
          "acct-server": "***.***.***.***",
          "acct-port": *****,
          "acct-secret": "*******"
        },
        {
          "protocol": "block",
          "realm": [
            "*"
          ],
          "message": "realm-not-allowed"
        }
      ]
    },
    "captive": {
      "auth-mode": "uam",
      "auth-port": *****,
      "auth-secret": "*******",
      "auth-server": "***.***.***.***",
      "nasid": "IronWiFi",
      "uam-port": 3990,
      "uam-secret": "*******",
      "uam-server": "https://*******.ironwifi.com/*********/",
      "walled-garden-fqdn": [
        "telecominfraproject.com",
        "*.ironwifi.com"
      ]
    },
    "lldp": {
      "describe": "uCentral",
      "location": "universe"
    },
    "ssh": {
      "port": 22
    }
  },
  "uuid": 1675189282
}

    • Related Articles

    • TP-Link OMADA Passpoint

      This guide requires Passpoint enabled firmware on both the controller and Access Point. The lastest stable firmware for the controller is 1.30.7 Build 20250704 Rel.78617 (Stable), and you need to have the lastes dev / testing firmware installed on ...

    • TP-Link OMADA OpenRoaming

      This guide requires Passpoint enabled firmware on both the controller and Access Point. The lastest stable firmware for the controller is 1.30.7 Build 20250704 Rel.78617 (Stable), and you need to have the lastes dev / testing firmware installed on ...

    • Cambium cnMaestro - Passpoint configuration

      Prerequisites Access to the cnMaestro Dashboard as a user with administrative privileges. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets): Email or document that contains this information OR Access to ...

    • Ubiquiti Unifi - Passpoint Configuration

      This guide is for Network version 8.4.x and above ONLY. Ubiquiti has recently reintroduced Passpoint feature into their codebase. Further information about Unifi and Passpoint can be found on the Unifi website: Unifi Passpoint Prerequisites Access to ...

    • OpenWrt - Passpoint configuration

      Prerequisites OpenWrt compatible device with Passpoint-capable wireless device (PHY). OpenWrt 21.02, or newer, including wpad (hostapd) built with hs20 option. Full version of iw package in OpenWrt. 802.1x infrastructure (RADIUS server). Information ...