Skip to main content

Cisco Meraki - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on Cisco Meraki MR access points to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This provides seamless WPA2/WPA3-Enterprise connections without manual network selection or splash pages.

Prerequisites

  • Meraki MR series access points
  • Meraki Dashboard access with appropriate permissions
  • Enterprise license for Hotspot 2.0 features
  • IronWifi account with Passpoint enabled

Supported Hardware

Passpoint is supported on:

  • Meraki MR series access points (MR20, MR33, MR42, MR46, MR52, MR56, etc.)
  • Meraki MX with integrated wireless (limited support)

IronWifi Console Setup

  1. Log in to IronWifi Management Console
  2. Go to Networks > select your network
  3. Enable Passpoint
  4. Configure Passpoint settings:
    • Realm: Your authentication realm
    • Domain Name: ironwifi.net
    • Operator Name: Your organization
  5. Note RADIUS server details

Meraki Dashboard Configuration

Step 1: Configure RADIUS

  1. Log in to Meraki Dashboard
  2. Navigate to Wireless > Configure > Access Control
  3. Select your SSID (or create new)
  4. Under RADIUS servers, add:
    • Host: IronWifi RADIUS IP
    • Port: 1812
    • Secret: Your RADIUS shared secret
  5. Enable RADIUS accounting
  6. Add accounting server with port 1813

Step 2: Create Hotspot 2.0 SSID

  1. Go to Wireless > Configure > SSIDs
  2. Enable an SSID and configure:
    • Name: Your Passpoint network name
    • Association requirements: Enterprise with my RADIUS server

Step 3: Enable Hotspot 2.0

  1. In the SSID configuration, find Hotspot 2.0
  2. Enable Hotspot 2.0
  3. Configure:

General Settings

  • Access Network Type: Public network with fee
  • Internet: Available
  • Authentication Type: Online signup supported

Venue Information

  • Venue Group: Business
  • Venue Type: Unspecified Business

Operator Information

  • Operator Name: Your organization name
  • Domain Name: ironwifi.net

Roaming Consortium

Add OIs:

5A03BA0000
004096

NAI Realms

  • Realm: ironwifi.com
  • EAP Method: EAP-TTLS with PAP/MSCHAPv2
  • EAP Method: EAP-TLS
  1. Click Save Changes

API Configuration

For programmatic configuration via Meraki API:

import requests

api_key = "YOUR_MERAKI_API_KEY"
network_id = "YOUR_NETWORK_ID"

headers = {
    "X-Cisco-Meraki-API-Key": api_key,
    "Content-Type": "application/json"
}

# Configure SSID with Hotspot 2.0
ssid_config = {
    "name": "Passpoint-Network",
    "enabled": True,
    "authMode": "8021x-radius",
    "radiusServers": [
        {
            "host": "us-east1.ironwifi.com",
            "port": 1812,
            "secret": "your-secret"
        }
    ],
    "radiusAccountingEnabled": True,
    "dot11r": {
        "enabled": True
    }
}

response = requests.put(
    f"https://api.meraki.com/api/v1/networks/{network_id}/wireless/ssids/0",
    headers=headers,
    json=ssid_config
)

OpenRoaming Configuration

Enable OpenRoaming

  1. In Hotspot 2.0 settings, add OpenRoaming consortium OIs
  2. Configure NAI realm for OpenRoaming
  3. Enable OpenRoaming in IronWifi console

Cisco OpenID Integration

Meraki supports Cisco OpenID for OpenRoaming:

  1. Go to Wireless > Configure > Hotspot 2.0
  2. Enable Cisco OpenRoaming
  3. This automatically configures:
    • Cisco consortium OIs
    • Default NAI realms
    • RADIUS proxy settings

Testing

Verify Configuration

In Meraki Dashboard:

  1. Go to Wireless > Monitor > Clients
  2. Look for Passpoint-authenticated clients
  3. Check client details for authentication method

Client Testing

iOS:

  1. Install Passpoint profile
  2. Observe automatic connection
  3. Verify in Settings > Wi-Fi

Android:

  1. Enable Wi-Fi
  2. Device should auto-discover network
  3. Check Wi-Fi connection details

Troubleshooting Tools

In Meraki Dashboard:

  1. Wireless > Monitor > Event Log - Authentication events
  2. Wireless > Monitor > Clients - Client details
  3. Organization > Monitor > Summary - Overall health

Troubleshooting

Passpoint Network Not Visible

  1. Verify Hotspot 2.0 is enabled
  2. Check AP firmware is current
  3. Ensure client supports Passpoint
  4. Verify SSID is not hidden

Authentication Failures

  1. Check RADIUS server connectivity (Dashboard > RADIUS test)
  2. Verify shared secret
  3. Review IronWifi authentication logs
  4. Check NAI realm configuration

Intermittent Connections

  1. Check for coverage gaps
  2. Review channel utilization
  3. Verify RADIUS timeout settings
  4. Check for firmware updates

OpenRoaming Not Working

  1. Verify consortium OIs are correct
  2. Check OpenRoaming is enabled in IronWifi
  3. Ensure client has valid OpenRoaming credentials
  4. Review roaming logs

Best Practices

  1. Use dedicated SSID - Separate Passpoint from regular WPA2-PSK networks
  2. Enable 802.11r - Improves roaming performance
  3. Test with multiple devices - iOS, Android, Windows
  4. Monitor authentication logs - Track success rates
  5. Keep firmware updated - Latest AP firmware