Skip to main content

TP-Link Omada - Passpoint Configuration

Configure Passpoint (Hotspot 2.0) on TP-Link Omada SDN Controller and EAP series access points to enable automatic WiFi authentication through IronWifi's cloud RADIUS service. This eliminates manual network selection and provides WPA2/WPA3-Enterprise security across your wireless infrastructure.

Supported Platforms

  • Omada Controller - Hardware, software, or cloud
  • Omada EAP Series - Enterprise access points (EAP660 HD, EAP670, etc.)

Prerequisites

  • Omada Controller 5.x or later
  • Omada EAP access points with Hotspot 2.0 support (Wi-Fi 6 models recommended)
  • Network connectivity to IronWifi RADIUS servers

In IronWifi Console (complete these first):

  1. Log in to IronWifi Management Console
  2. Navigate to Networks > select your network
  3. Enable Passpoint
  4. Note the following:
    • Primary RADIUS Server IP
    • Secondary RADIUS Server IP
    • RADIUS Secret
    • NAI Realm (e.g., ironwifi.com)
    • Roaming Consortium OIs

Important Note

Passpoint/Hotspot 2.0 support varies by Omada AP model and firmware version. Verify your specific model supports Hotspot 2.0 before proceeding.

Omada Controller Configuration

Omada Controller Setup

Step 1: Configure RADIUS Profile

  1. Log in to Omada Controller
  2. Navigate to Settings > Authentication > RADIUS Profile
  3. Click Create New RADIUS Profile
  4. Configure:
    • Name: IronWifi
    • Authentication Server:
      • IP Address: IronWifi RADIUS IP
      • Port: 1812
      • Shared Secret: Your RADIUS secret
    • Accounting Server:
      • IP Address: IronWifi RADIUS IP
      • Port: 1813
      • Shared Secret: Your RADIUS secret
  5. Click Create

Step 2: Create Wireless Network

  1. Go to Settings > Wireless Networks
  2. Click Create New Wireless Network
  3. Configure basic settings:
    • Name: Passpoint-Network
    • SSID: Passpoint
    • Security Mode: WPA2-Enterprise
    • RADIUS Profile: IronWifi
  4. Click Apply

Step 3: Enable Hotspot 2.0

  1. In the wireless network settings, find Advanced Settings
  2. Locate Hotspot 2.0 section
  3. Enable Hotspot 2.0

Step 4: Configure Hotspot 2.0 Settings

Interworking Settings:

  • Access Network Type: Free public network
  • Internet: Enabled
  • ASRA: Disabled
  • ESR: Disabled
  • UESA: Disabled

Venue Information:

  • Venue Group: Business
  • Venue Type: Unspecified Business
  • Venue Name: Your Location (Language: eng)

Step 5: Configure Domain Name

  1. In Hotspot 2.0 settings, find Domain Name List
  2. Click Add
  3. Enter: ironwifi.net

Step 6: Configure Roaming Consortium

  1. Find Roaming Consortium List
  2. Add Organization Identifiers:
    • Click Add
    • Enter OI: 5A03BA0000
    • Click Add
    • Enter OI: 004096

Step 7: Configure NAI Realm

  1. Find NAI Realm List

  2. Click Add NAI Realm

  3. Configure:

    • NAI Realm: ironwifi.com
    • EAP Method: EAP-TTLS
    • Inner Authentication: PAP

  4. Save all settings

Per-Site Configuration

For multi-site deployments:

Site-Level Settings

  1. Select target site in Omada Controller
  2. Go to Settings > Wireless Networks
  3. Configure Passpoint network per site
  4. Adjust settings as needed per location

Venue-Specific Configuration

Customize venue information per site:

SettingExample Values
Venue GroupBusiness, Residential, Educational
Venue TypeHotel, Restaurant, Coffee Shop
Venue Name"Site Name (eng)"

Advanced Configuration

WAN Metrics

If available in your firmware:

  1. Find WAN Metrics in Hotspot 2.0 settings
  2. Configure:
    • Link Status: Up
    • Symmetric Link: Yes
    • Downlink Speed: 100000 (kbps)
    • Uplink Speed: 50000 (kbps)

Connection Capability

Define available network services:

ProtocolPortStatus
ICMP-Closed
TCP80Open
TCP443Open
TCP5060Open
UDP5060Open

3GPP Cellular Information

For carrier integration (if supported):

  • MCC/MNC pairs for carrier identification
  • Enables carrier WiFi offload

Omada Cloud Controller

Cloud Configuration

If using Omada Cloud Controller:

  1. Log in to omada.tplinkcloud.com
  2. Select your controller
  3. Follow the same configuration steps
  4. Configuration syncs to local controller/APs

Limitations

Cloud controller may have:

  • Delayed configuration sync
  • Limited advanced Hotspot 2.0 options
  • Check local controller for full feature set

Verification

Check Configuration

  1. Go to Devices > select an AP
  2. View Configuration tab
  3. Verify Passpoint settings applied

Monitor Clients

  1. Go to Clients
  2. Filter by SSID: Passpoint
  3. Check connection status

Verify RADIUS

  1. Go to Insights > Events
  2. Filter for authentication events
  3. Verify successful authentications

Troubleshooting

Network Not Discovered

  1. Verify Hotspot 2.0 Enabled

    • Check WLAN settings
    • Ensure HS2.0 toggle is on

  2. Check AP Support

    • Verify AP model supports Hotspot 2.0
    • Update firmware if needed

  3. Verify Client Support

    • Ensure device has Passpoint enabled
    • Check device supports Passpoint

Authentication Failures

  1. Test RADIUS Connectivity

    • Check network path to RADIUS server
    • Verify firewall allows UDP 1812/1813

  2. Verify Credentials

    • Check RADIUS secret matches
    • Verify NAI realm configuration

  3. Review Logs

    • Check Omada Controller logs
    • Review IronWifi authentication logs

Common Issues

IssueSolution
AP doesn't show HS2.0 optionUpdate firmware or check model support
Clients don't connect automaticallyVerify roaming consortium and NAI realm
Authentication timeoutCheck RADIUS server connectivity
Intermittent failuresCheck for IP conflicts or network issues

Debug Steps

  1. Controller Logs

    • Go to System > Logs
    • Filter for wireless/authentication events

  2. AP Status

    • Check AP is online
    • Verify configuration adopted

  3. Client Diagnostics

    • Check client supplicant logs
    • Verify certificate if using EAP-TLS

Firmware Requirements

Minimum Versions

ComponentMinimum Version
Omada Controller5.0.0
EAP660 HD1.0.0
EAP6701.0.0
EAP615-WallCheck release notes
  • Use latest stable firmware
  • Check TP-Link release notes for Hotspot 2.0 fixes
  • Test after firmware updates

Best Practices

  1. Verify AP Support: Not all Omada APs support Hotspot 2.0
  2. Keep Updated: Use latest controller and AP firmware
  3. Test Thoroughly: Test with multiple Passpoint-capable devices
  4. Monitor: Set up alerts for authentication failures
  5. Documentation: Document your configuration for support
  6. Redundancy: Configure backup RADIUS servers