Hotspot 2.0 Configuration Example
Hotspot 2.0, also known as Passpoint, is a service provider feature that assists with carrier offloading. Hotspot 2.0 SSIDs include additional 802.11u information that supported client devices can use to determine if they are able to join the network automatically. The configuration example below demonstrates the basic capabilities of Hotspot 2.0 using the Meraki APs and a Apple iPhone.
Please refer to our Meraki Hotspot 2.0 documentation for a complete list of supported 802.11u elements.
Dashboard Configuration
The following sections outline how to configure Hotspot 2.0 in the Meraki Dashboard:
Configure WPA2-Enterprise Authentication on an SSID
WPA2-Enterprise is required for Passpoint/Hotspot 2.0, as shown below on the Wireless > Configure > Access control page:
Create a User Authorized for the SSID
If using an external authentication server such as Active Directory or RADIUS, ensure that a user has been created on that server.
For this configuration example we are using Meraki hosted 802.1X RADIUS, so we create a user on the Network Wide > Configure > Users page:
Configure Hotspot 2.0
On the Wireless > Configure > Hotspot 2.0 page, select the WPA2-Enterprise SSID configured in the previous step. Set Hotspot 2.0 to Enabled, then enter both an Operator Name and a domain in the Domain List. This example uses the t-one SSID, and is configured to broadcast Meraki Product Management as the Operator and meraki.local as the Domain.
There are a number of additional configuration options that are not used in this example:
Configure iOS Profile
In our example with an iPhone, a custom iOS profile for Hotspot 2.0 needs to be created and installed using Apple Configurator.
Prepare & Install Profile
When Apple Configurator first opens, click the Prepare button at the top of the page, then click the Install Profiles... button:
Connect an iOS Device
Ensure that you have an iOS device plugged in, then click the Next button when it appears:
Create a New Profile
Click New Profile and give it a unique name. For this example, the iOS profile is named Meraki Hotspot 2.0 Demo:
Add Wifi Settings to the Profile
Now that a profile has been created, it must be configured with the appropriate Hotspot 2.0 network information:
SSID & Network Type
Leave the SSID blank and change the Network Type to Passpoint:
Note: If choosing to use a Hidden SSID, note that the SSID name and WPA2 passphrase are case sensitive. When configuring the wireless profile on the client device ensure that they are identical to how they are configured in Dashboard. If you do not have the SSID name value entered correctly on your wireless client, your device will not be able to receive a response from the AP when probing for the wireless network.
EAP Information
Select the Accepted EAP Types for your configuration. In this example, we are using TTLS because we are interfacing with the Meraki Hosted 802.1X RADIUS server.
Enter the Username and Password for the user that was created earlier:
Add Trusts
Under the Trust tab, enter radius.meraki.com as a Trusted Server Certificate Name.
Add Hotspot 2.0 Elements
Enter the Passpoint service provider as the Provider Display Name. Additionally, add the Hotspot 2.0 Domain Name as configured in Dashboard.
This example uses Meraki Product Management as the service provider name and meraki.local as the Domain.
Save and Apply the Profile
Click Save on the main configuration dialog box. Check the box next to the newly created proflle and click Next to apply it to the device.
Finish Installing Profile on iOS Device
On the iOS device, follow the on-screen instructions to install the profile:
Verify the Profile is installed
Ensure that the new profile is listed in the Profiles on the device. There may be multiple profiles on the device; in this example the device has two other profiles, including the Meraki MDM profile:
Verify Hotspot 2.0 Functionality
Ensure that there are no other preferred Wireless networks within range of the device. When the Hotspot 2.0 SSID is the only SSID within range, the iPhone will join the network automatically: