Prerequisites
Ubiquiti device support
These access points have Hotspot 2.0 certification:
- UAP-AC-M-PRO
- UAP-AC-LITE
- UAP-AC-PRO
- UAP-AC-IW
- UAP-AC-M
These access points are not supported:
- UAP-nanoHD
- UAP-FlexHD
- UAP-BeaconHD
- UAP-IW-HD
- U6 series
Wireless controller release
Ubiquiti recommends using release 5.14.23 for Cloud4Wi Passpoint solution.
Note that 7.4.x firmware is not currently supported:
Version 7.4.x is lacking the HotSpot 2.0 profiles page in the legacy UI. While you can still create an SSID and choose an existing HotSpot 2.0 profile, the ability to create a new profile is not anymore available in this version. To create a new HS2.0 profile, you'll need to downgrade to version 7.3.x.
About this guide
This guide describes how to set up and test your Ubiquiti UniFi environment so you can use it with Cloud4Wi Passpoint:
- Log in to the Ubiquiti UniFi dashboard as a user with administrative privileges.
- Update Ubiquiti UniFi access points with firmware that supports Hotspot 2.0.
- Configure a secure RADIUS connection.
- Configure the wireless LAN.
- Troubleshoot the configuration.
Log in to the Ubiquiti UniFi Dashboard
To start the configuration process, log in to the Ubiquiti UniFi Dashboard as admin. For existing environments with additional users, log in as a user with administrative privileges.
The Ubiquiti UniFi Dashboard appears.
Note: There are a number of options you can set. Only the options that require your input are shown. Default values are used for options that don’t need adjustment.
Update the access point firmware
Before starting the Hotspot 2.0 (HS 2.0) configuration, update the access points (APs) with firmware that supports Hotspot 2.0.
Ubiquiti recommends that the UniFi access points run firmware version 4.3.13.11253 or later. Firmware versions before 4.3.13.11253 don’t support Hotspot 2.0.
Warning: Upgrading access point firmware is a disruptive event that introduces downtime during the upgrade process. It can take up to 15 minutes. Upgrade the firmware during a downtime or maintenance window. |
- Select Devices from the menu on the left side of the Ubiquiti UniFi Dashboard.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Your access points display.
If there’s an update available, an Upgrade option appears when you hover over each access point (along with the Locate and Restart options in list view). In grid view, a small upgrade icon appears to the upper right of each device. - Follow the firmware upgrade documentation provided by Ubiquiti based on the access points in your environment.
Configure a secure RADIUS connection
Configure the RADIUS Profile
- Select Settings at the bottom left of the Dashboard.
The Settings menu appears. - Select Profiles from the Settings menu and click + Create New RADIUS Profile.
The Create New RADIUS Profile page appears. - Enter the RADIUS Profile Name, such as “Cloud4Wi_radius”.
- (Optional) Check the box next to VLAN Support as applicable to the existing network.
- Enter the RADIUS service values shown for the primary authentication server.
RADIUS Primary IP Address: 52.48.102.108
Port: 1812
Shared Secret: <as communicated by Cloud4Wi team>
- Click + Add Auth Server to add the secondary RADIUS authentication server.
RADIUS Secondary IP Address: 34.252.97.217
Port: 1812
Shared Secret: <as communicated by Cloud4Wi team>
- Click the box next to Enable accounting. The Accounting section is below the RADIUS Auth Server section.
The RADIUS accounting server options appear. - Check the box next to Enable Interim Update and change the value to 300 (seconds).
- Enter the RADIUS service values shown for the primary RADIUS accounting server.
RADIUS Primary IP Address: 52.48.102.108
Port: 1813
Shared Secret: <as communicated by Cloud4Wi team> - Click + Add Auth Server to add the secondary RADIUS accounting server.
RADIUS Secondary IP Address: 34.252.97.217
Port: 1813
Shared Secret: <as communicated by Cloud4Wi team>
- Click Save at the bottom left.
A message appears at the top right indicating that the RADIUS profile changes are saved.
Configure the wireless LAN
Configure Hotspot 2.0
Hotspot 2.0 allows mobile devices to join a network automatically, including during roaming, when the devices enter the Hotspot 2.0 area.
The Hotspot 2.0 configuration is quite long. You can go through the whole configuration all at once or save changes after each major section and then edit the saved configuration.
- Select Settings at the bottom left of the Dashboard.
The Settings menu appears. - Select Services.
You might see a message indicating that you need to connect a UniFiSecurity Gateway to enable the RADIUS configuration. Ignore that message and continue to the Hotspot2.0 configuration. - Click Hotspot 2.0 on the menu bar at the top of the page.
The Hotspot 2.0 page appears. - Click +Create New Hotspot 2.0 Profile.
The Create New Hotspot 2.0 Profile page appears. - Enter the Hotspot 2.0 Profile Name, such as “Cloud4Wi_hotspot”.
- Expand Internetworking Information by clicking > next to it.
- For Network Type, select Free public network.
- For Network Access, click the box next to Internet.
- Scroll down to Online Sign-up Related Settings.
Note: Online Sign-up isn’t used in Cloud4Wi. This is just a required setting to make Cloud4Wi work on Ubiquiti. - Enter the OSU SSID, such as “Cloud4Wi_Wifi”. It can be any non-zero value. Leaving it blank stops the SSID broadcast.
Note: Online Sign-up isn’t used in Cloud4Wi. This is just a required setting to make Cloud4Wi Passpoint work on Ubiquiti. - Scroll down to Venue Information.
- For Venue Group and Venue Type, select the most appropriate values, such as Business and Professional Office, respectively.
- Select a Language.
- Enter a value for the Venue Name.
- Click +Add Venue Name on the bottom right of Venue Information.
- Expand Operator Friendly Name List by clicking > next to it.
- Select a Language.
- For Text, enter the name of the Hotspot 2.0 operator, such as “Cloud4Wi”.
- Click +Add Operator Friendly Name on the bottom right of Operator Friendly Name List.
- Expand NAI Realm List by clicking > next to it.
- Click +Add NAI Realm. The Add NAI realm list entry dialog box appears.
- Enter a Name, such as “Cloud4Wi Secure WiFi”.
- Click the box next to Realm Enabled.
- For EAP Method, select EAP-TTLS, Non-EAP Inner Authentication as Auth Type and MSCHAPv2 as Auth Subtype
- Click Submit at the bottom right of the dialog box. You return to the Create Hotspot 2.0 Profile page.
- Expand Domain Name List by clicking > next to it.
- For Name, enter the Passpoint domain name shown in your Passpoitn settings of the Cloud4Wi dashboard.
- Click +Add Domain Name.
- Select “Enable WAN metrics”.
- Insert uplink and downlink speeds (such as 10000 Kbps). Ensure the Link Status is Up and make sure it is not marked as “At Capacity”.
- Click Save at the bottom left.
A message appears at the top right indicating that the Hotspot 2.0 profile changes are saved.
Configure SSID with RADIUS profile and Hotspot 2.0 profile
If you're new to Cloud4Wi, we recommend creating a new SSID to avoid impacting any existing SSID configurations running in production.
- Select Settings at the bottom left of the Dashboard.
The Settings menu appears. - Select Wireless Networks from the Settings menu and click + Create New Wireless Network.
The Create New Wireless Network page appears. - Enter Name/SSID, such as ‘Secure WiFi’
- For Security, select WPA Enterprise. RADIUS profile options appear so you can associate the RADIUS profile with the wireless LAN.
- Select the RADIUS Profile you created, “Cloud4Wi_radius”.
- Click the box next to Enable Hotspot 2.0.
- Select the Hotspot 2.0 profile you created, “Cloud4Wi_hotspot”.
- Click Save at the bottom left.
A message appears at the top right indicating that the wireless network changes are saved.