Skip to main content

Aruba - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on Aruba IAP, Mobility Controllers, or Aruba Central to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This provides seamless WPA2/WPA3-Enterprise connections without manual network selection or splash pages.

Supported Platforms

PlatformNotes
Aruba IAP (Instant Access Points)Standalone/cluster mode
Aruba Mobility ControllersCentralized deployment
Aruba CentralCloud-managed

Prerequisites

In Aruba:

  • Aruba access points with Hotspot 2.0 support
  • ArubaOS 8.x or Instant 8.x or later
  • Administrator access

In IronWifi Console (complete these first):

  1. Create a Network and note the RADIUS details
  2. Enable Passpoint on the network
  3. Configure realm, operator name, and domain settings

Aruba IAP Configuration

IAP Web Interface Configuration

Step 1: Configure RADIUS Server

  1. Log in to the IAP web interface
  2. Go to Security > Authentication Servers
  3. Click + to add new server:
    • Name: IronWifi
    • IP Address: IronWifi RADIUS IP
    • Auth Port: 1812
    • Accounting Port: 1813
    • Shared Key: Your RADIUS secret

Step 2: Create Wireless Profile

  1. Go to Networks
  2. Click + to create new network
  3. Configure:
    • Name: Passpoint-Network
    • Primary Usage: Employee
    • SSID: Your SSID name

Step 3: Configure VLAN and Security

  1. In VLAN tab, configure appropriate VLAN
  2. In Security tab:
    • Security Level: Enterprise
    • Authentication Server: IronWifi

Step 4: Enable Hotspot 2.0

  1. In network settings, find Hotspot 2.0 section
  2. Enable Hotspot 2.0
  3. Configure:

Network Information:

  • Internet: Yes
  • Access Network Type: Free Public Network
  • Venue Group: Business
  • Venue Type: Unspecified

Operator Information:

  • Operator Friendly Name: Your organization
  • Domain Name: ironwifi.net

Roaming Consortium:

5A03BA0000
004096

NAI Realm:

  • Realm: ironwifi.com
  • EAP Method: EAP-TTLS
  • Inner Auth: PAP, MSCHAPv2
  1. Save configuration

IAP CLI Configuration

# Configure RADIUS server
wlan auth-server IronWifi
  ip 1.2.3.4
  port 1812
  acctport 1813
  key your-secret

# Create WLAN profile
wlan ssid-profile Passpoint-Network
  essid Passpoint
  type employee
  opmode wpa2-aes
  auth-server IronWifi

# Configure Hotspot 2.0
hotspot hs20-profile Passpoint
  internet
  access-network-type free-public
  venue business
  domain-name ironwifi.net
  operator-name eng "IronWifi"
  roaming-consortium 5A03BA0000
  roaming-consortium 004096
  nai-realm ironwifi.com eap-ttls pap mschapv2

# Apply to SSID
wlan ssid-profile Passpoint-Network
  hs20-profile Passpoint

Aruba Mobility Controller Configuration

Web Interface

Configure RADIUS Server

  1. Go to Configuration > Security > Authentication > Servers
  2. Add new RADIUS server:
    • Name: IronWifi
    • Host: IronWifi RADIUS IP
    • Auth Port: 1812
    • Acct Port: 1813
    • Key: Your shared secret

Configure Server Group

  1. Go to Server Groups
  2. Create new group and add IronWifi server

Create Hotspot 2.0 Profile

  1. Go to Configuration > Wireless > AP Configuration
  2. Select Hotspot 2.0
  3. Add new profile:

General Settings:

  • Profile Name: Passpoint-Profile
  • Internet: Yes
  • Network Type: Free public network

Venue:

  • Group: Business
  • Type: Unspecified

Domain:

  • Domain Name: ironwifi.net

Operator:

  • Language: eng
  • Name: Your Organization

Roaming Consortium:

  • Add OIs: 5A03BA0000, 004096

NAI Realm:

  • Realm: ironwifi.com
  • EAP Method: EAP-TTLS

Apply to SSID

  1. Go to WLANs
  2. Create or edit WLAN
  3. Assign Hotspot 2.0 profile
  4. Configure WPA2-Enterprise security

Controller CLI Configuration

# RADIUS Server
aaa authentication-server radius "IronWifi"
  host 1.2.3.4
  key your-secret

aaa server-group "IronWifi-Group"
  auth-server IronWifi

# Hotspot 2.0 Profile
hotspot hs2-profile "Passpoint"
  internet
  access-network-type free
  venue-group business
  venue-type unspecified
  domain-name ironwifi.net
  operator-name eng "IronWifi"
  roaming-oi 5A03BA0000
  roaming-oi 004096
  nai-realm ironwifi.com encoding utf8 eap-type eap-ttls inner-auth pap

# WLAN Configuration
wlan ssid-profile "Passpoint-SSID"
  essid "Passpoint"
  opmode wpa2-aes
  hs2-profile "Passpoint"

wlan virtual-ap "Passpoint-VAP"
  ssid-profile "Passpoint-SSID"
  aaa-profile "IronWifi-AAA"

Aruba Central Configuration

Cloud Portal Setup

  1. Log in to Aruba Central
  2. Navigate to your group
  3. Go to WLANs
  4. Create new WLAN or edit existing

Hotspot 2.0 Configuration

  1. In WLAN settings, enable Hotspot 2.0
  2. Configure:
    • Internet Access: Enabled
    • Network Type: Free public
    • Domain: ironwifi.net
    • Operator Name: Your organization
  3. Add Roaming Consortium OIs
  4. Configure NAI Realm
  5. Save and push configuration

Troubleshooting

Network Not Discovered

  1. Verify Hotspot 2.0 is enabled
  2. Check GAS/ANQP responses
  3. Verify client Passpoint support
  4. Review AP logs

Authentication Issues

  1. Test RADIUS connectivity
  2. Verify shared secret
  3. Check IronWifi authentication logs
  4. Verify NAI realm configuration

Debug Commands (Controller)

# Show Hotspot 2.0 status
show hotspot hs2-profile

# Show ANQP statistics
show ap debug hotspot anqp

# Check client association
show user-table

# RADIUS debugging
debug aaa events all