Skip to main content

TP-Link Omada - OpenRoaming Configuration

Configure OpenRoaming on TP-Link Omada SDN Controller and EAP series access points with IronWifi RADIUS authentication and Hotspot 2.0. This guide covers RADIUS server configuration, roaming consortium OI setup, and NAI realm configuration through the Omada Controller interface.

Quick Start

  1. Enable OpenRoaming in IronWifi Console and note RADIUS details
  2. Configure RADIUS profile in Omada Controller
  3. Create wireless network with WPA2-Enterprise
  4. Enable Hotspot 2.0 on the SSID
  5. Add roaming consortium OIs: 5A03BA0000, 5A03BA0200, 004096
  6. Configure NAI realms for ironwifi.com

Prerequisites

  • Omada Controller 5.x or later (hardware, software, or cloud)
  • Omada EAP access points with Hotspot 2.0 support (Wi-Fi 6 models recommended)
  • Network connectivity to IronWifi RADIUS servers

In IronWifi Console (complete these first):

  1. Create or select a Network in the IronWifi Console
  2. Enable OpenRoaming from the dropdown menu
  3. Configure roaming type (Settled or Settlement-free)
  4. Note the RADIUS server details (IP address, port, and shared secret)

OpenRoaming Overview

TP-Link Omada supports OpenRoaming through:

  • Hotspot 2.0 (Passpoint) - Automatic network discovery and selection
  • 802.11u - Interworking protocol for network information
  • WPA2/WPA3-Enterprise - Secure authentication via RADIUS

Omada Controller Configuration

Step 1: Configure RADIUS Profile

  1. Log in to Omada Controller
  2. Navigate to Settings > Authentication > RADIUS Profile
  3. Click Create New RADIUS Profile
  4. Configure:
SettingValue
NameIronWifi-OpenRoaming
Authentication Server IPIronWifi RADIUS IP
Authentication Port1812
Authentication SecretYour RADIUS secret
Accounting Server IPIronWifi RADIUS IP
Accounting Port1813
Accounting SecretYour RADIUS secret
  1. Click Create

Step 2: Create Wireless Network

  1. Go to Settings > Wireless Networks
  2. Click Create New Wireless Network
  3. Configure basic settings:
    • Name: OpenRoaming
    • SSID: OpenRoaming
    • Security Mode: WPA2-Enterprise
    • RADIUS Profile: IronWifi-OpenRoaming
  4. Click Apply

Step 3: Enable Hotspot 2.0

  1. In the wireless network settings, find Advanced Settings
  2. Locate Hotspot 2.0 section
  3. Enable Hotspot 2.0

Step 4: Configure Interworking Settings

SettingValue
Access Network TypeFree public network
InternetEnabled
ASRADisabled
ESRDisabled
UESADisabled

Step 5: Configure Venue Information

SettingValue
Venue GroupBusiness
Venue TypeUnspecified Business
Venue NameYour Location (Language: eng)

Step 6: Configure Domain Name

  1. In Hotspot 2.0 settings, find Domain Name List
  2. Click Add
  3. Enter: ironwifi.net

Step 7: Configure Roaming Consortium

Add Organization Identifiers for OpenRoaming:

OIDescription
5A03BA0000WBA OpenRoaming (Settled)
5A03BA0200WBA OpenRoaming (Settlement-free)
004096Cisco OpenRoaming
  1. Find Roaming Consortium List
  2. Click Add for each OI above

Step 8: Configure NAI Realm

  1. Find NAI Realm List

  2. Click Add NAI Realm

  3. Configure:

    • NAI Realm: ironwifi.com
    • EAP Method: EAP-TTLS
    • Inner Authentication: PAP

  4. Save all settings

Multi-Site Configuration

For organizations with multiple locations:

Site-Level Settings

  1. Select target site in Omada Controller
  2. Go to Settings > Wireless Networks
  3. Configure OpenRoaming network per site
  4. Adjust venue information per location

Venue-Specific Configuration

Customize venue information for each site:

SettingExample Values
Venue GroupBusiness, Residential, Educational
Venue TypeHotel, Restaurant, Coffee Shop
Venue Name"Location Name (eng)"

Advanced Configuration

WAN Metrics

If available in your firmware:

SettingValue
Link StatusUp
Symmetric LinkYes
Downlink Speed100000 (kbps)
Uplink Speed50000 (kbps)

Connection Capability

Define available network services:

ProtocolPortStatus
TCP80Open
TCP443Open
TCP5060Open (SIP)
UDP5060Open (SIP)

3GPP Cellular Information

For carrier WiFi offload (if supported):

  • Configure MCC/MNC pairs for carrier identification
  • Enables automatic offload from cellular networks

Omada Cloud Controller

If using Omada Cloud Controller:

  1. Log in to omada.tplinkcloud.com
  2. Select your controller
  3. Follow the same configuration steps
  4. Configuration syncs to local controller and APs

Limitations

  • Configuration sync may be delayed
  • Some advanced Hotspot 2.0 options may be limited
  • Use local controller for full feature access

Testing OpenRoaming

Omada Controller Verification

  1. Go to Devices > select an AP
  2. View Configuration tab
  3. Verify Hotspot 2.0 settings are applied

Client Testing

iOS:

  • Users with Apple ID should auto-connect
  • Or install OpenRoaming profile from IronWifi

Android:

  • Enable Passpoint in WiFi settings
  • Sign in with Google account
  • Device auto-connects to OpenRoaming networks

Monitor Connections

  1. Go to Clients
  2. Filter by SSID: OpenRoaming
  3. Check connection and authentication status

RADIUS Verification

  1. Go to Insights > Events
  2. Filter for authentication events
  3. Verify successful authentications in IronWifi console

Troubleshooting

Network Not Discovered

  1. Verify Hotspot 2.0 Enabled

    • Check WLAN settings
    • Ensure HS2.0 toggle is on

  2. Check AP Support

    • Verify AP model supports Hotspot 2.0
    • Update firmware if needed

  3. Verify Client Support

    • Ensure device has Passpoint enabled
    • Check device supports OpenRoaming

Authentication Failures

  1. Test RADIUS Connectivity

    • Check network path to RADIUS server
    • Verify firewall allows UDP 1812/1813

  2. Verify Credentials

    • Check RADIUS secret matches
    • Verify NAI realm configuration

  3. Review Logs

    • Check Omada Controller logs
    • Review IronWifi authentication logs

Common Issues

IssueSolution
AP doesn't show HS2.0 optionUpdate firmware or check model support
Clients don't connect automaticallyVerify roaming consortium and NAI realm
Authentication timeoutCheck RADIUS server connectivity
Intermittent failuresCheck for IP conflicts or network issues

Firmware Requirements

Minimum Versions

ComponentMinimum Version
Omada Controller5.0.0
EAP660 HD1.0.0
EAP6701.0.0
EAP615-WallCheck release notes
  • Use latest stable firmware for best OpenRoaming support
  • Check TP-Link release notes for Hotspot 2.0 improvements
  • Test after firmware updates

Best Practices

  1. Verify AP Support: Not all Omada APs support Hotspot 2.0
  2. Keep Updated: Use latest controller and AP firmware
  3. Test Thoroughly: Test with multiple Passpoint-capable devices
  4. Monitor: Set up alerts for authentication failures
  5. Documentation: Document your configuration for support
  6. Redundancy: Configure backup RADIUS servers