Detailed Setup Guides
See detailed setup instructions for the most common enterprise & service provider Wi-Fi controllers. These guides are provided as a courtesy and may not match the experience on your particular firmware. Contact your Wi-Fi equipment manufacturer for additional support.
- Aruba
- Cambium
- Cisco Catalyst
- Cisco Meraki
- Edgecore
- Fortigate
- Juniper Mist
- Mikrotik
- Ruckus
- Ubiquiti UniFi
Generic Setup Instructions
Orion works with any access point that supports Passpoint. If your vendor is not listed above, or the steps listed above do not match your vendor's version, you can still configure your Passpoint-compatible network for Orion.
Orion is deployed to your existing Wi-Fi infrastructure as a new "Orion" SSID. Use your wireless controller's administrative interface to apply the below settings.
Orion SSID
Add a new SSID with the following parameters:
| Network Name / SSID | Orion |
| Hidden SSID | No |
| Network Security | WPA2 Enterprise (802.1x) |
| RADIUS Server | See "RadSec / Radius settings" |
| Hotspot 2.0 / Passpoint | See "Hotspot 2.0 configuration" |
RadSec / RADIUS settings
RADIUS Server IPs
Determine if your wireless controller supports RADIUS over TLS (RadSec) and expand the relevant section below. If you're not sure, consult your wireless controller documentation, or look for a "TLS" or "RadSec" option in your wireless controller's RADIUS settings.
My wireless controller DOES support RadSec
Download your radsec.zip from Orion Supply Settings and unzip it.
In your wireless controller, upload or copy/paste the contents of:
bw.radsec.cacert.pemas a radsec CA certificatecert.pemas radsec client certificatekey.pemas radsec client private key
Apply the following RADIUS settings to your Orion SSID
for both Authentication and Accounting:
| Primary Server IP | 216.239.32.91 |
| Primary Server Port | 2083 |
| Secondary Server IP | 216.239.34.91 |
| Secondary Server Port | 2083 |
| Shared Secret | radsec |
| Radsec Server Name / SAN (if needed) | *.orion.area120.com |
My wireless controller DOES NOT support RadSec
- Download and deploy Orion Radsecproxy, following the steps in the README
- Apply the following RADIUS settings to your Orion SSID:
| Authentication Server IP | Your radsecproxy IP |
| Authentication Server Port | 1812 |
| Accounting Server IP | Your radsecproxy IP |
| Accounting Server Port | 1813 |
| Shared Secret | radsec |
NAS Identifier
Networks in Orion are automatically named based on their NAS-Identifier attribute. All APs on a shared network should use the same NAS Identifier.
Interim-Update Interval
Set your Accounting Interim-Update interval to 5 minutes (300 seconds).
Chargeable User Identity
Your RADIUS Authentication and Accounting packets must include a Chargeable-User-Identity (CUI) attribute.
Hotspot 2.0 (Passpoint) configuration
Enable Hotspot 2.0 on your Orion SSID with the following settings:
| Roaming Consortium OI (RCOI) |
|
| Network Type | Chargeable Public |
Once the above steps are complete, your AP should begin broadcasting a new "Orion" SSID. You can proceed to set up your test device.
Next: Install the Orion Network Verification app