Skip to main content

Cambium - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on Cambium Networks cnPilot access points to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This eliminates manual network selection and provides WPA2/WPA3-Enterprise security across your wireless infrastructure.

Supported Platforms

  • cnMaestro - Cloud management platform
  • Cambium cnPilot - Enterprise access points
  • Cambium XV Series - Outdoor access points

Prerequisites

In Cambium:

  • Cambium access points with Hotspot 2.0 support
  • cnMaestro account or on-premises controller
  • Firmware version 6.x or later

In IronWifi Console (complete these first):

  1. Log in to IronWifi Management Console
  2. Navigate to Networks > select your network
  3. Enable Passpoint
  4. Note the following:
    • RADIUS Server IP addresses
    • RADIUS Secret
    • NAI Realm (e.g., ironwifi.com)
    • Roaming Consortium OIs

cnMaestro Cloud Configuration

cnMaestro Configuration

Step 1: Configure RADIUS Server

  1. Log in to cnMaestro
  2. Navigate to Configure > WLAN > AAA Servers
  3. Click Add AAA Server
  4. Configure:
    • Name: IronWifi-RADIUS
    • Type: RADIUS
    • Host: IronWifi RADIUS IP
    • Authentication Port: 1812
    • Accounting Port: 1813
    • Shared Secret: Your RADIUS secret
  5. Click Save

Step 2: Create WLAN Profile

  1. Go to Configure > WLAN > WLANs
  2. Click Add WLAN
  3. Configure basic settings:
    • WLAN Name: Passpoint-Secure
    • SSID: Your SSID name
    • Security: WPA2-Enterprise
    • AAA Server: IronWifi-RADIUS

Step 3: Enable Hotspot 2.0

  1. In the WLAN configuration, find Hotspot 2.0 section
  2. Enable Hotspot 2.0
  3. Configure the following:

Network Settings:

  • Internet Access: Enabled
  • Network Type: Free Public Network
  • Network Authentication: Not required

Venue Information:

  • Venue Group: Business
  • Venue Type: Unspecified Business

Domain Configuration:

  • Domain Name: ironwifi.net

Operator Information:

  • Operator Friendly Name: Your Organization Name
  • Language Code: eng

Step 4: Configure Roaming Consortium

  1. In Hotspot 2.0 settings, find Roaming Consortium
  2. Add Organization Identifiers (OIs): 
    5A03BA0000
    004096

Step 5: Configure NAI Realm

  1. Find NAI Realm section
  2. Add realm configuration:
    • Realm: ironwifi.com
    • EAP Method: EAP-TTLS
    • Inner Authentication: PAP, MSCHAPv2
  3. Save the configuration

Step 6: Apply to Access Points

  1. Go to Configure > AP Groups
  2. Select target AP group
  3. Assign the Passpoint WLAN profile
  4. Push configuration to devices

cnPilot On-Premises Configuration

Web Interface Configuration

Configure RADIUS

  1. Access AP web interface
  2. Go to Configuration > Security > RADIUS
  3. Add RADIUS server:
    • Server IP: IronWifi RADIUS IP
    • Port: 1812
    • Secret: Your shared secret
    • Accounting: Enable, port 1813

Configure Hotspot 2.0

  1. Go to Configuration > Wireless > WLAN
  2. Create or edit WLAN
  3. Enable Hotspot 2.0
  4. Configure:
Hotspot 2.0: Enabled
Internet: Yes
Network Type: Free Public
Venue: Business - Unspecified
Domain: ironwifi.net
Operator: Your Organization (eng)
Roaming Consortium: 5A03BA0000, 004096
NAI Realm: ironwifi.com, EAP-TTLS

CLI Configuration

# Configure RADIUS
radius-server host 1.2.3.4 key your-secret

# Create WLAN with Hotspot 2.0
wlan passpoint
  ssid "Passpoint"
  security wpa2-enterprise
  radius-server IronWifi
  hotspot20 enable
  hotspot20 internet enable
  hotspot20 network-type free-public
  hotspot20 venue-group business
  hotspot20 venue-type unspecified
  hotspot20 domain-name ironwifi.net
  hotspot20 operator-name eng "IronWifi"
  hotspot20 roaming-consortium 5A03BA0000
  hotspot20 roaming-consortium 004096
  hotspot20 nai-realm ironwifi.com eap-ttls pap

Advanced Configuration

3GPP Cellular Network Information

For carrier integration:

  1. In Hotspot 2.0 settings, find 3GPP Cellular Network
  2. Add MCC/MNC pairs for supported carriers: 
    MCC: 310, MNC: 410  (AT&T)
    MCC: 311, MNC: 480  (Verizon)

WAN Metrics

Configure WAN link information:

  1. Enable WAN Metrics
  2. Configure:
    • Link Status: Up
    • Symmetric Link: Yes
    • Downlink Speed: 100000 (kbps)
    • Uplink Speed: 50000 (kbps)

Connection Capability

Define available services:

ProtocolPortStatus
ICMP-Closed
TCP80Open
TCP443Open
TCP5060Open
UDP5060Open

Troubleshooting

Passpoint Network Not Visible

  1. Verify Hotspot 2.0 is enabled on WLAN
  2. Check firmware supports Hotspot 2.0
  3. Ensure client device has Passpoint enabled
  4. Verify ANQP responses are being sent

Authentication Failures

  1. Test RADIUS connectivity from AP
  2. Verify shared secret matches
  3. Check NAI realm configuration
  4. Review IronWifi authentication logs

Debug Commands

# Show Hotspot 2.0 status
show wlan hotspot20

# Show RADIUS statistics
show radius statistics

# Show connected clients
show clients

# Debug ANQP
debug hotspot20 anqp

cnMaestro Diagnostics

  1. Go to Monitor > Clients
  2. Check Passpoint association status
  3. Review authentication events
  4. Check AP connectivity status

Best Practices

  1. Firmware Updates: Keep APs on latest firmware for best Passpoint support
  2. Testing: Test with multiple Passpoint-capable devices
  3. Monitoring: Set up alerts for authentication failures
  4. Documentation: Document your OI and realm configuration
  5. Redundancy: Configure backup RADIUS servers