Comprehensive WayFi Setup Guide for Aruba Wireless LAN Controller: RadSec & Passpoint Configuration

Learn how to configure your Aruba Wireless LAN Controller with WayFi’s RadSec and Hotspot 2.0 network. Follow this step-by-step guide for seamless and secure connectivity.

GUIDES

WayFi Wireless

1/28/20253 min read

An illustration showcasing the configuration of an Aruba Wireless LAN Controller for WayFi integrati
An illustration showcasing the configuration of an Aruba Wireless LAN Controller for WayFi integrati

WayFi Setup Guide: Aruba Wireless LAN Controller Configuration

Learn how to configure your Aruba Wireless LAN Controller to integrate seamlessly with WayFi’s RADIUS over TLS (RadSec) and Hotspot 2.0 (Passpoint) network. This step-by-step guide ensures secure and smooth connectivity for your wireless environment.

Overview

WayFi utilizes RadSec for secure authentication and Passpoint for user-friendly connectivity. You’ll configure the following:

  • RADIUS servers for authentication and accounting.

  • Hotspot 2.0 profiles for advanced network features.

  • Certificates and network-specific settings to optimize performance.

WayFi RadSec Authentication Servers

Prerequisites

Hardware & Software Requirements

  • ArubaOS version 6.4.x or later (supports RadSec and Hotspot 2.0).

  • Compatible access points.

WayFi Certificate Bundle

Contact WayFi support to obtain the following:

  • wayfi.radsec.cacert.pem (CA Certificate)

  • cert.pem (Client Certificate)

  • key.pem (Private Key)

NAS-ID Configuration

Ensure the NAS-ID is registered with WayFi. Typically, this is the MAC address of an access point or the eth0 interface.

Determine RadSec Support

  • If supported: Proceed with the steps below.

  • If not supported: Contact WayFi for a custom RadSec proxy solution.

Step 1: Log in to the Aruba Controller

  1. Access the Aruba Dashboard as an administrator.

  2. Navigate to Configuration in the left-hand menu.

Step 2: Configure RADIUS over TLS (RadSec)

1. Upload Certificates

  1. Go to Configuration > Security > Certificates.

  2. Upload the following:

    • CA Certificate: wayfi.radsec.cacert.pem

    • Client Certificate: cert.pem

    • Client Private Key: key.pem

2. Configure RADIUS Servers

  1. Navigate to Configuration > Authentication > Auth Servers.

  2. Click ➕ Add to create a new server:

    • Name: WayFi_RadSec

    • IP Address:

      • Primary: 24.144.66.102

      • Secondary: 178.128.133.4

    • Auth Port: 2083

    • Acc Port: 2083

    • Shared Secret: radsec

    • Server Name/SAN: Use radius.wayfiwireless.com (Primary) and radius2.wayfiwireless.com (Secondary).

    • NAS-ID: Use the MAC address of one AP or the eth0 interface.

  3. Save and deploy changes.

Step 3: Configure Hotspot 2.0 Profiles

1. Define ANQP Domain Name Profile

  1. Navigate to Configuration > System > Profiles > Wireless LAN > ANQP Domain Name.

  2. Click ➕ Add to create a new profile:

  3. Save the changes.

2. Define ANQP NAI Realm Profile

  1. Navigate to Configuration > System > Profiles > Wireless LAN > ANQP NAI Realm.

  2. Click ➕ Add to create a new profile:

  3. Save the changes.

3. Define Roaming Consortium OI

  1. Navigate to Configuration > System > Profiles > Wireless LAN > ANQP Roaming Consortium.

  2. Click ➕ Add to create a profile:

    • Profile Name: WayFi_RCOI

    • OI Values:

      • 8c1f646810

      • f4f5e8f5f4

      • baa2d00000

      • 00500f

      • 5a03ba0000

      • 004096

  3. Save the changes.

4. Define 3GPP PLMNID Profile

  1. Navigate to Configuration > System > Profiles > Wireless LAN > ANQP 3GPP Cell Network.

  2. Click ➕ Add to create a profile:

    • Profile Name: WayFi_3GPP

    • PLMNIDs:

      • 311,180

      • 313,100

      • 310,280

      • 310,410

      • 310,150

  3. Save the changes.

Step 4: Configure the Hotspot 2.0 Profile

  1. Navigate to Configuration > System > Profiles > Wireless LAN > Hotspot 2.0.

  2. Click ➕ Add to create a profile:

    • Profile Name: WayFi_HS20

    • Access Network Type: Chargeable Public

    • Assign Profiles:

      • Domain Name Profile: WayFi_DomainProfile

      • NAI Realm Profile: WayFi_RealmProfile

      • Roaming Consortium Profile: WayFi_RCOI

      • 3GPP PLMNID Profile: WayFi_3GPP

    • Enable the following:

      • Advertise Hotspot 2.0 Capability

      • RADIUS Chargeable User Identity (RFC4372)

      • RADIUS Location Data (RFC5580)

  3. Save and deploy changes.

Step 5: Configure the Wireless LAN

  1. Navigate to Configuration > WLANs.

  2. Click ➕ Add to create a new WLAN:

    • Name (SSID): .WayFi Cellular Booster (recommended for faster approval).

    • Primary Usage: Employee

    • Security: WPA2-Enterprise

    • RADIUS Server: Assign WayFi_RadSec.

  3. Save the changes.

Step 6: Configure the Virtual Access Point

  1. Navigate to Configuration > System > Profiles > Wireless LAN > Virtual AP.

  2. Click ➕ Add to create a profile:

    • Profile Name: WayFi_VAP

    • Forward Mode: Bridge (or your network preference).

    • Assign Profiles:

      • SSID Profile: WayFi_SSID

      • Hotspot 2.0 Profile: WayFi_HS20

      • AAA Profile: WayFi_AAA

  3. Save the changes.

Additional Settings

  1. Interim Update Interval:

    • Navigate to Configuration > Accounting and set it to 300 seconds.

  2. Chargeable User Identity (CUI):

    • Navigate to your RADIUS settings and enable Chargeable-User-Identity (CUI).

Troubleshooting

  1. Verify RADIUS settings, NAS IDs, and certificates.

  2. Confirm that your AP is broadcasting the .WayFi Cellular Booster SSID.

  3. Test connectivity with Passpoint-enabled devices.

  4. Check logs for RADIUS or Hotspot 2.0 errors.

By completing this guide, your Aruba Wireless LAN Controller will be fully integrated with WayFi, offering secure and seamless connectivity for your network.

FAQs

1. What is RadSec?
RadSec (RADIUS over TLS) is a secure protocol for encrypted network authentication.

2. What version of ArubaOS is required?
ArubaOS 6.4.x or later is required for RadSec and Hotspot 2.0 compatibility.

3. How do I obtain WayFi certificates?
Contact WayFi support to request the RadSec certificate bundle.

4. Why assign profiles for Hotspot 2.0?
Profiles like Domain Name, NAI Realm, and Roaming Consortium enable advanced Passpoint functionality.

5. Can I use the 6GHz band with WayFi?
Passpoint is optimized for 2.4GHz and 5GHz bands.

6. How do I troubleshoot RadSec issues?
Check RADIUS server configurations, NAS-ID settings, and logs for errors.