Generic Technical Onboarding for Carrier Offload on WayFi Wireless | Step-by-Step Guide
Learn how to configure RadSec and RADIUS settings for WayFi networks, including certificate setup, RadSecproxy deployment, and Hotspot 2.0 configuration. Follow this comprehensive guide to get your wireless controller RadSec-ready.
GUIDES
WayFi Wireless
1/28/20253 min read


RadSec / RADIUS Settings for WayFi: Complete Configuration Guide
Configuring RadSec (RADIUS over TLS) for your WayFi wireless network can enhance security and streamline connectivity for users. This guide provides detailed, step-by-step instructions to ensure your wireless network is set up correctly, whether your wireless controller supports RadSec natively or requires additional configuration.
Determine RadSec Support
The first step in setting up RadSec for your WayFi network is determining whether your wireless controller supports RADIUS over TLS (RadSec). Here’s how to verify:
Check Controller Documentation: Review your wireless controller’s user manual or official documentation for any mention of TLS or RadSec support in the RADIUS settings.
Inspect Settings: Access your controller’s settings interface and look for options like "TLS" or "RadSec." If found, your controller supports RadSec.
If your controller supports RadSec, proceed to the next section. If it doesn’t, skip to the My Wireless Controller Does Not Support RadSec section.
My Wireless Controller DOES Support RadSec
Obtain Your RadSec Certificates
RadSec requires certificates for authentication. Follow these steps to acquire them:
Open a Ticket: Submit a request on the WayFi Discord or contact your assigned representative.
Register NASIDs: Ensure the NASID (Network Access Server Identifier) for each location is registered in advance.
Once you receive the certificates, continue with configuration.
Configure RadSec in Your Wireless Controller
Use the following steps to integrate the RadSec certificates and configure RADIUS settings for your WayFi SSID:
Upload Certificates
Upload or paste the contents of the provided certificates into the designated fields on your wireless controller:
CA Certificate: wayfi.radsec.cacert.pem
Client Certificate: cert.pem
Client Private Key: key.pem
Set RADIUS Settings
For both Authentication and Accounting, apply the following settings:
Primary Server IP: 24.144.66.102
Primary Server Port: 2083
Shared Secret: radsec
RadSec Server Name (if needed): radius.wayfiwireless.com
Backup Server IP: 178.128.133.4
Backup Server Port: 2083
Shared Secret: radsec
RadSec Server Name (if needed): radius2.wayfiwireless.com
Save and apply the settings. Your controller is now ready to use RadSec.
My Wireless Controller DOES NOT Support RadSec
If your wireless controller lacks RadSec support, WayFi offers a solution.
Obtain a Custom RadSecproxy Instance
Contact WayFi support to request a free custom RadSecproxy instance. This proxy acts as an intermediary, translating RadSec requests for controllers that don’t natively support it.
Download and Deploy RadSecproxy
Download the Proxy: Access and download the RadSecproxy from its official repository.
Configure the Proxy: Follow the instructions in the README documentation to set up RadSecproxy as an intermediary.
Apply RADIUS Settings: Update your WayFi SSID to point to the proxy:
Authentication Server IP: (Your RadSecproxy IP)
Authentication Server Port: 1812
Accounting Server IP: (Your RadSecproxy IP)
Accounting Server Port: 1813
Shared Secret: radsec
With these steps complete, your RadSecproxy is fully configured.
SSID / WiFi Name
For optimal performance, it’s recommended to use the SSID .WayFi Cellular Booster. While you can use any name, this SSID ensures faster device approval and connection times.
Hotspot 2.0 (Passpoint) Configuration
Enable Hotspot 2.0 for your WayFi SSID to simplify roaming and enhance connectivity. Use the following settings:
Network Type
Set the network type to Chargeable Public.
Domains
Configure these domains for roaming:
NAI Realms
Set the following NAI Realms with Certificate, EAP-TTLS:
Roaming Consortium OI (RCOI)
Add these values for roaming support:
8c1f646810
f4f5e8f5f4
baa2d00000
00500f
5a03ba0000
004096
3GPP PLMNID (MCC,MNC)
Specify the following MCC (Mobile Country Code) and MNC (Mobile Network Code) combinations in order of priority. If your controller limits the number of entries, convert them to wlan.mncXXX.mccXXX.3gppnetwork.org format:
311,180
313,100
310,280
310,410
310,150
NAS Identifier
For optimal network management and security, set the NASID of your Access Points (APs) to match the MAC address of one AP at the location. This approach minimizes trackable entities and simplifies administration.
If your platform doesn’t support this configuration, contact WayFi support for assistance.
Interim-Update Interval
Set the Accounting Interim-Update Interval to a minimum of 5 minutes (300 seconds). This ensures timely updates on session accounting.
Chargeable User Identity (CUI)
Enable the Chargeable-User-Identity (CUI) attribute in your RADIUS Authentication and Accounting packets. Check your vendor’s documentation for specific steps to activate this feature.
Final Steps
Once all configurations are complete, your AP should begin broadcasting the new WayFi SSID. Set up a test device to verify connectivity and confirm that the network is functioning as intended.
Frequently Asked Questions (FAQs)
1. What is RadSec, and why is it important?
RadSec (RADIUS over TLS) provides encrypted communication for RADIUS authentication and accounting, ensuring data security and privacy.
2. How do I know if my wireless controller supports RadSec?
Check your wireless controller’s documentation or look for TLS or RadSec options in its RADIUS settings.
3. What if my controller doesn’t support RadSec?
You can deploy a custom RadSecproxy provided by WayFi to enable RadSec functionality.
4. Why should I use the .WayFi Cellular Booster SSID?
Using this SSID speeds up device approval and ensures seamless connectivity.
5. What is Hotspot 2.0, and why should I enable it?
Hotspot 2.0 simplifies roaming and connectivity by allowing devices to connect to WiFi networks without manual intervention.
6. What is a NAS Identifier, and why is it necessary?
The NASID helps identify network access servers and minimizes trackable entities, improving privacy and administrative efficiency.
With this comprehensive guide, your WayFi network will be secure, efficient, and ready for seamless connectivity. For additional support, reach out to WayFi representatives or visit the official WayFi Discord.
WayFi Wireless
Helpful Pages
SUBSCRIBE TO OUR NEWSLETTER
© 2024 - 2025. All rights reserved.
Browser Extentions
TOOLS