Comprehensive WayFi Setup Guide for Aruba Wireless LAN Controller: RadSec & Passpoint Configuration
Learn how to configure your Aruba Wireless LAN Controller with WayFi’s RadSec and Hotspot 2.0 network. Follow this step-by-step guide for seamless and secure connectivity.
GUIDES
WayFi Wireless
1/28/20253 min read
WayFi Setup Guide: Aruba Wireless LAN Controller Configuration
Learn how to configure your Aruba Wireless LAN Controller to integrate seamlessly with WayFi’s RADIUS over TLS (RadSec) and Hotspot 2.0 (Passpoint) network. This step-by-step guide ensures secure and smooth connectivity for your wireless environment.
Overview
WayFi utilizes RadSec for secure authentication and Passpoint for user-friendly connectivity. You’ll configure the following:
RADIUS servers for authentication and accounting.
Hotspot 2.0 profiles for advanced network features.
Certificates and network-specific settings to optimize performance.
WayFi RadSec Authentication Servers
Primary Server: radius.wayfiwireless.com (IP: 24.144.66.102, Port: 2083)
Secondary Server: radius2.wayfiwireless.com (IP: 178.128.133.4, Port: 2083)
Prerequisites
Hardware & Software Requirements
ArubaOS version 6.4.x or later (supports RadSec and Hotspot 2.0).
Compatible access points.
WayFi Certificate Bundle
Contact WayFi support to obtain the following:
wayfi.radsec.cacert.pem (CA Certificate)
cert.pem (Client Certificate)
key.pem (Private Key)
NAS-ID Configuration
Ensure the NAS-ID is registered with WayFi. Typically, this is the MAC address of an access point or the eth0 interface.
Determine RadSec Support
If supported: Proceed with the steps below.
If not supported: Contact WayFi for a custom RadSec proxy solution.
Step 1: Log in to the Aruba Controller
Access the Aruba Dashboard as an administrator.
Navigate to Configuration in the left-hand menu.
Step 2: Configure RADIUS over TLS (RadSec)
1. Upload Certificates
Go to Configuration > Security > Certificates.
Upload the following:
CA Certificate: wayfi.radsec.cacert.pem
Client Certificate: cert.pem
Client Private Key: key.pem
2. Configure RADIUS Servers
Navigate to Configuration > Authentication > Auth Servers.
Click ➕ Add to create a new server:
Name: WayFi_RadSec
IP Address:
Primary: 24.144.66.102
Secondary: 178.128.133.4
Auth Port: 2083
Acc Port: 2083
Shared Secret: radsec
Server Name/SAN: Use radius.wayfiwireless.com (Primary) and radius2.wayfiwireless.com (Secondary).
NAS-ID: Use the MAC address of one AP or the eth0 interface.
Save and deploy changes.
Step 3: Configure Hotspot 2.0 Profiles
1. Define ANQP Domain Name Profile
Navigate to Configuration > System > Profiles > Wireless LAN > ANQP Domain Name.
Click ➕ Add to create a new profile:
Profile Name: WayFi_DomainProfile
Domain Names: Add these one per line:
Save the changes.
2. Define ANQP NAI Realm Profile
Navigate to Configuration > System > Profiles > Wireless LAN > ANQP NAI Realm.
Click ➕ Add to create a new profile:
Profile Name: WayFi_RealmProfile
NAI Realms:
*hellohelium.com, Certificate, EAP-TTLS
*freedomfi.com, Certificate, EAP-TTLS
*wayru.io, Certificate, EAP-TTLS
Save the changes.
3. Define Roaming Consortium OI
Navigate to Configuration > System > Profiles > Wireless LAN > ANQP Roaming Consortium.
Click ➕ Add to create a profile:
Profile Name: WayFi_RCOI
OI Values:
8c1f646810
f4f5e8f5f4
baa2d00000
00500f
5a03ba0000
004096
Save the changes.
4. Define 3GPP PLMNID Profile
Navigate to Configuration > System > Profiles > Wireless LAN > ANQP 3GPP Cell Network.
Click ➕ Add to create a profile:
Profile Name: WayFi_3GPP
PLMNIDs:
311,180
313,100
310,280
310,410
310,150
Save the changes.
Step 4: Configure the Hotspot 2.0 Profile
Navigate to Configuration > System > Profiles > Wireless LAN > Hotspot 2.0.
Click ➕ Add to create a profile:
Profile Name: WayFi_HS20
Access Network Type: Chargeable Public
Assign Profiles:
Domain Name Profile: WayFi_DomainProfile
NAI Realm Profile: WayFi_RealmProfile
Roaming Consortium Profile: WayFi_RCOI
3GPP PLMNID Profile: WayFi_3GPP
Enable the following:
Advertise Hotspot 2.0 Capability
RADIUS Chargeable User Identity (RFC4372)
RADIUS Location Data (RFC5580)
Save and deploy changes.
Step 5: Configure the Wireless LAN
Navigate to Configuration > WLANs.
Click ➕ Add to create a new WLAN:
Name (SSID): .WayFi Cellular Booster (recommended for faster approval).
Primary Usage: Employee
Security: WPA2-Enterprise
RADIUS Server: Assign WayFi_RadSec.
Save the changes.
Step 6: Configure the Virtual Access Point
Navigate to Configuration > System > Profiles > Wireless LAN > Virtual AP.
Click ➕ Add to create a profile:
Profile Name: WayFi_VAP
Forward Mode: Bridge (or your network preference).
Assign Profiles:
SSID Profile: WayFi_SSID
Hotspot 2.0 Profile: WayFi_HS20
AAA Profile: WayFi_AAA
Save the changes.
Additional Settings
Interim Update Interval:
Navigate to Configuration > Accounting and set it to 300 seconds.
Chargeable User Identity (CUI):
Navigate to your RADIUS settings and enable Chargeable-User-Identity (CUI).
Troubleshooting
Verify RADIUS settings, NAS IDs, and certificates.
Confirm that your AP is broadcasting the .WayFi Cellular Booster SSID.
Test connectivity with Passpoint-enabled devices.
Check logs for RADIUS or Hotspot 2.0 errors.
By completing this guide, your Aruba Wireless LAN Controller will be fully integrated with WayFi, offering secure and seamless connectivity for your network.
FAQs
1. What is RadSec?
RadSec (RADIUS over TLS) is a secure protocol for encrypted network authentication.
2. What version of ArubaOS is required?
ArubaOS 6.4.x or later is required for RadSec and Hotspot 2.0 compatibility.
3. How do I obtain WayFi certificates?
Contact WayFi support to request the RadSec certificate bundle.
4. Why assign profiles for Hotspot 2.0?
Profiles like Domain Name, NAI Realm, and Roaming Consortium enable advanced Passpoint functionality.
5. Can I use the 6GHz band with WayFi?
Passpoint is optimized for 2.4GHz and 5GHz bands.
6. How do I troubleshoot RadSec issues?
Check RADIUS server configurations, NAS-ID settings, and logs for errors.
WayFi Wireless
Helpful Pages
SUBSCRIBE TO OUR NEWSLETTER
© 2024 - 2025. All rights reserved.
Browser Extentions
TOOLS