hgot07 Hotspot Blog

主に無線LANや認証連携などの技術についてまとめるブログです。ネコは見る専。

Affordable access points supporting Passpoint (March 2021)

I've been looking for affordable access points (approx. <30,000JPY) capable of Passpoint, aka Hotspot 2.0.

The following models have been found to support Passpoint, according to our tests using "actual" devices.

Unfortunately, Passpoint isn't always supported on the actual devices in the market even if the products are marked with Passpoint-certified. :<

In the following list, only the basic Release 1 capabilities are tested unless otherwise mentioned.

Disclaimers

There's no warranty of any kind. The list is provided "AS IS."

 

Ubiquiti

Passpoint is found to work on the following models, i.e., in this AC generation (not newer).

  • AC Pro
  • AC Lite
  • AC Long Range (LR)

AP firmware 3.x used to support Passpoint, but it cannot be adopted by newer controller firmware (6.x).

After upgrading the controller to 6.x, the  AP needs to have firmware 4.x or newer. However, in order to use Passpoint, beta firmware 5.x is needed, i.e., the combination of 6.x controller and 5.x AP works.

The 5.x beta firmware is available at https://community.ui.com/releases (login required).

 

The following models have been found NOT to support Passpoint so far.

  • nanoHD
  • Dream Machine (UDM)
  • UniFi 6 Lite (U6-Lite)
  • UniFi 6 Pro (U6-Pro) [added Mar. 10, 2022]

The controller on UDM shows "HOTSPOT 2.0 [COMING SOON]" but the meaning isn't clear at the moment.

f:id:hgot07:20210222212901p:plain

 

Pros:

  • Relatively cheep.
  • Passpoint works better than expected.
  • Rel. 2 support.

Cons:

  • Company's support is weak. Even the Passpoint-capable models aren't clarified.
  • A controller (like Cloud Key) is required on-site in addition to the APs.
  • Functions are not so consistent. Some functions are missing in new UI. GUI changes cause some confusions.
  • No secure VPN tunnel.
  • Product availability is low in Japan. :<

 

Aruba

The affordable Aruba AP 200 series support Passpoint. We've spotted the following models. There's no GUI for Passpoint configuration. CLI operation is needed, and the configuration is more complex compared with that of Ubiquiti and Meraki.

  • AP-207
  • AP-203H
  • AP-203R

Aruba Instant OS is also available on AP-20x, i.e., standalone configuration is possible.

If a controller is used, a secure VPN becomes available. However, the VPN bandwidth of 200 series isn't very good (specification sheet reads "Maximum IPsec encrypted wired throughput: 20Mbps").

Aruba Instant On series doesn't support Passpoint at the moment. There's no configuration menu for Passpoint.

 

Pros:

  • High stability for professional use.
  • VPN is available.

Cons:

  • Instant On may be replacing the 200 series but Passpoint isn't supported.
  • No GUI for Passpoint configuration.
  • Passpoint configuration requires some background knowledge.
  • VPN is slow.

 

MikroTik

Passpoint support is still in beta phase as of this writing. We've found the following models work. You cannot expect too much.

  • hAP ac
  • hAP ac Lite
  • hAP ac2

CLI operation is needed.

Manual:Interworking Profiles - MikroTik Wiki

As of this writing, iOS/iPad 14.x won't connect to MikroTik devices via Hotspot 2.0. Invesitigation is under way (probably).
[update on 4 June, 2021] This issue has been solved on RouterOS 6.48.3 and 6.47.10 (long-term).

Mobile eduroam/Passpoint AP using hAP ac (in Shinkansen)

Mobile eduroam/Passpoint AP using hAP ac (in Shinkansen)

 

Pros:

  • Inexpensive.
  • A wide variety of VPN methods.
  • Suitable for Managed Wi-Fi use.
  • WireGuard, a fast VPN, is coming. (RouterOS v7)

Cons:

  • Still in beta.
  • CLI configuration only.
  • Difficult configuration including manual encoding.
  • Product availability is low.

 

Cisco Meraki

I cannot say "affordable" but having a Meraki AP as a reference is recommended if one wants to work with Passpoint.

I've tested MR18, MR33, MR36.

Meraki Go doesn't support Passpoint at the moment.

 

Pros:

  • Would be a kind of standard.
  • More stable (at last!).
  • Easier configuration on the cloud dashboard.

Cons:

  • Not so affordable.
  • Subscription-based.

 

Why affordable APs supporting Passpoint are indispensable?

That's because small APs are required for Passpoint adoption in small-/mid-sized businesses. For example, a small cafe wants to provide a nice Free Wi-Fi service using an inexpensive AP. If Passpoint APs were all expensive, venue owners won't subscribe to a Wi-Fi solution with Passpoint / roaming and they would continue using insecure open Wi-Fi only.

Another reason is that inexpensive models can provide engineers with good opportunities for trying and learning the Passpoint system. It's quite important to have a large number of engineers who become familiar with new technologies;, not only Passpoint but also Wi-Fi roaming.

 

Please let me know if you found any other affordable models.

Enjoy Passpoint! :-)