Ultimate WayFi Setup Guide for Ubiquiti UniFi APs: RadSec & Passpoint Configuration Made Easy

Learn how to set up Ubiquiti UniFi APs with WayFi’s RadSec and Passpoint-enabled network. Follow this step-by-step guide to configure RADIUS profiles, Hotspot 2.0, and advanced Passpoint settings for seamless connectivity.

GUIDES

WayFi Wireless

1/28/20253 min read

An illustrated step-by-step guide showing the configuration of Ubiquiti UniFi Access Points with Way
An illustrated step-by-step guide showing the configuration of Ubiquiti UniFi Access Points with Way

WayFi Setup Guide: Configure Ubiquiti UniFi APs for RadSec and Passpoint

Setting up Ubiquiti UniFi Access Points (APs) to integrate with WayFi’s RadSec and Passpoint-enabled network is easier than you might think. WayFi leverages RADIUS over TLS (RadSec) for secure authentication and Passpoint (Hotspot 2.0) for a seamless user experience. Follow this comprehensive guide to ensure a smooth configuration process.

Prerequisites for WayFi Setup

Before diving into the configuration steps, make sure the following requirements are met:

1. UniFi Network Version

Ensure your UniFi Network Controller is updated to version 8.4.54 or higher.

2. Access Point Firmware

Verify that your AP firmware is up-to-date with version 6.6.77 or 7.0.66 or higher.

3. WayFi RadSec Certificates

Obtain the necessary RadSec certificates from WayFi support:

  • wayfi.radsec.cacert.pem (CA Certificate)

  • cert.pem (Client Certificate)

  • key.pem (Private Key)

Step 1: Create a RADIUS Profile

1. Log Into the UniFi Controller

Access the UniFi Cloud Controller via UniFi Cloud Login.

2. Navigate to RADIUS Settings

Go to Settings > Profiles > RADIUS and click on Create New to open the RADIUS Profile configuration dialog.

3. Configure the RADIUS Profile

  • Profile Name: Enter WayFi-AAA.

  • RADIUS Assigned VLAN Support: Leave this unchecked.

Authentication Servers

Check the box for TLS and enter the following details for both servers:

  • Primary Server

    • IP Address: 24.144.66.102

    • Port: 2083

    • Shared Secret: radsec

  • Secondary Server

    • IP Address: 178.128.133.4

    • Port: 2083

    • Shared Secret: radsec

Upload Certificates

  • Client Certificate: Upload cert.pem.

  • Private Key: Upload key.pem (leave the Private Key Password blank).

  • CA Certificate: Upload wayfi.radsec.cacert.pem.

  • Password: If needed, will be provided by WayFi. Otherwise, omit/skip.

Accounting Servers

Check the box for Accounting and use the same server details as the Authentication Servers.

Interim Update Interval

Enable Interim Update Interval and set it to 300 seconds (5 minutes).

Click Apply Changes to save the RADIUS profile.

Step 2: Create the WayFi SSID

1. Access WiFi Settings

Navigate to Settings > WiFi and click Create New WiFi Network.

2. Configure Basic Network Settings

  • Name: Enter .WayFi Cellular Booster. (You can use any SSID, but this name speeds up location approval.)

  • Hotspot 2.0: Enable Passpoint.

3. Configure Passpoint Settings

  • Venue Name: Use the install location name as it appears on Google (e.g., “Main Street Mall”). If unavailable, enter WayFi.

  • Venue Type: Select the most accurate type, or choose Business - Unspecified.

  • Network Type: Choose Chargeable Public.

  • IP Address Type Availability:

    • IPv4: Port Restricted double NATed Private IPv4.

    • IPv6: Unavailable.

4. Add NAI Realms

Add the following realms:

5. WAN Metrics

Configure the following:

  • WAN Info: Checked.

  • At Capacity: Unchecked.

  • Download/Upload Speed: 1000 Mbps or actual.

  • Download/Upload Load: 0%.

  • Load Measurement Duration: Checked, set to 600 seconds.

Click Apply Changes to save.

Step 3: Configure Advanced Passpoint Settings

1. Domains (ANQP)

Add these domains:

2. Roaming Consortium OI (RCOI)

Add the following values:

  • f4f5e8f5f4

  • baa2d00000

  • 00500f

  • 5a03ba0000

  • 004096

3. 3GPP PLMNID

Add these PLMNIDs:

  • 311,180

  • 313,100

  • 310,280

  • 310,410

  • 310,150

    Add these PLMNIDs only once instructed by WayFi:

  • 310,240

  • 310,120

  • 310,310

  • 310,260

  • 312,530

Step 4: Finalize and Apply Network Settings

1. WiFi Band Settings

  • Enabled: 2.4 GHz and 5 GHz.

  • Disabled: 6 GHz (Passpoint compatibility issue).

2. Other Network Settings

  • Band Steering: Checked.

  • Hide WiFi Name: Unchecked.

  • Client Device Isolation: Checked.

  • Proxy ARP: Checked.

  • BSS Transition: Checked.

  • UAPSD: Checked.

  • Fast Roaming: Checked.

  • Multicast/Broadcast Traffic: Enable both enhancement and control. Leave the default settings for them once enabled.

3. Security Protocol

  • Select WPA2-Enterprise.

  • Assign the WayFi-AAA RADIUS profile created earlier.

  • Set NAS-ID to match the MAC address of one access point (e.g., e0e1a9b438eb).

Click Apply Changes to save.

Step 5: Test the WayFi Network

1. Verify SSID Broadcasting

Ensure the .WayFi Cellular Booster SSID is active.

2. Test Connectivity

Use a Passpoint-enabled device with any openroaming profile or supported carrier device to confirm auto-connect functionality.

3. Troubleshooting Tips

If issues arise, double-check:

  • NAS-ID configuration.

  • RADIUS profile settings and certificates.

  • Passpoint/Hotspot 2.0 configuration.

Additional Recommendations

  • VLAN Assignment: Use a dedicated VLAN to isolate WayFi traffic.

  • Client Isolation: Prevent peer-to-peer communication.

  • Multicast/Broadcast Control: Reduce network overhead.

  • Disable 6 GHz Band: For optimal compatibility, stick to 2.4 GHz and 5 GHz.

By following this guide, your Ubiquiti UniFi APs will be fully integrated with WayFi, providing secure and seamless connectivity using RadSec and Passpoint. If you encounter issues, contact WayFi support or open a ticket on the WayFi Discord.

FAQs

1. What is RadSec?
RadSec (RADIUS over TLS) is a secure protocol for authenticating and authorizing network users.

2. Can I enable Passpoint on older UniFi APs?
Passpoint requires newer firmware (6.6.77 or 7.0.66 or higher). Update your APs to use this feature.

3. Why is the 6 GHz band disabled?
On Ubiquiti Unifi devices, the 6ghz band requires the use of WPA3-Enterprise. This greatly limits the devices that will join your network. Due to this, for broader compatibility we recommend only using 2.4ghz and 5ghz or just 5ghz if spectrum is a concern.

4. How do I obtain the WayFi RadSec certificates?
Contact WayFi support to receive the necessary certificates.

5. Why is VLAN assignment recommended?
VLAN assignment ensures better traffic management and network security.

6. What is the NAS-ID used for?
The NAS-ID identifies an access point within the RADIUS configuration.

WayFi Wireless

6580 Monona Drive #1110
Monona, WI 53716

Helpful Pages

SUBSCRIBE TO OUR NEWSLETTER

New Partner Form

Network Registration

© 2024. All rights reserved.

Privacy

Terms

OpenRoaming Map

Location Qualifier Tool

Browser Extentions

Chrome App Store

Firefox Extension

Offload Earnings Estimator

TOOLS

WayFi Dashboard

RSS

info@wayfiwireless.com

+1 (608) 557-4400