Meraki - Passpoint configuration

In this guide we describe how to configure your Meraki devices to work with Passpoint profiles


  1. Access to the Meraki Dashboard as a user with administrative privileges.
  2. Supported Meraki device - this solution works with all devices of the MR series.
  3. Information about the assigned RADIUS servers (Server IP address, port numbers, shared secrets):
    1. Email or document that contains this information


    2. Access to the IronWiFi Management Console - Sign in or Open Account

WPA2-Enterprise configuration

To start, you need to configure your Meraki with the exact same configuration required for supporting the WPA2 Enterprise service.

In the Meraki dashboard, configure the SSID and Access Control

  1. Log in to the Meraki dashboard
  2. Navigate to Wireless -> Access Control
  3. Select an SSID
  4. Enter an SSID name
  5. Change SSID status to Enabled
  6. Select Enterprise with my RADIUS server as the security type
  7. Select none for the splash page
  8. Open RADIUS section, click Add server, and enter information about your assigned RADIUS authentication and accounting servers - RADIUS server IP addresses, port numbers, and secrets

radius servers

In the Meraki dashboard, configure Hotspot 2.0

  1. Click on Wireless -> Hotspot 2.0 -> and select the SSID from Step 2.
  2. Enable Hotspot 2.0
  3. Enter your venue name, select your venue type, and network type that best describes your network 
  4. To the domain list, add the following:

  5. The following OI should be added to the Roaming Consortium list:
    1. AA146B0000

  6. Click on the Create realm button in the section NAI Realms and add the following:
    1. The format is 0
    2. Realm name - ironwifi
    3. Click Add an EAP method -> add Method ID and Authentication Methods:
      1. 13: EAP-TLS - Certificate
      2. 21: EAP-TTLS - PAP, MSCHAP, MSCHAPv2

Click the Save Changes button.

This is an example of how the finished configuration should look like: 



Install the Passpoint profile on your client devices


This feature is available only to customers with IronWiFi Captive Portal service enabled.


  1. Sign in to the IronWiFi Management Console -> Networks -> Captive Portals -> click portal name
  2. Under the Provisioning URL field on the Captive Portal settings page, add Operator name. This name will be displayed on your guests device to help them identify your network.
  3. Click on the Provisioning URL (OSU) link. Invite your users to visit this link before arriving to set up their devices for fast, easy and secure network connection.

  4. Authenticate using one of the available authentication methods

  5. Install the Passpoint profile by clicking the Download Passpoint Profile button and following the instructions

  6. If you want to install an OpenRoaming profile that can be used to access compatible networks worldwide, you can do so on this page -

Connect to the Hotspot 2.0 network

  1. Connect to the network by using the recently installed profile, which can be found under the name "OperatorName @ IRONWIFI".



Captive Portal access control

After successful association to the network, you can add more advanced IronWiFi Captive Portal access control.

1. In the IronWiFi console, create a Captive Portal of type Meraki (Click-Through)



2. Add as many authentication providers as you want


3. In the Meraki Dashboard, enable Splash page of type Click-through


4. Go to Wireless -> Configure Splash page, select the SSID, and add a Custom splash URL