Cisco Meraki

Cisco Meraki

This page explains the configuration of Cisco Meraki wireless access points for external Captive Portal and RADIUS server authentication.

IronWiFi Console Configuration

  1. Log into the IronWiFi console or register for free
  2. Create a new network
  3. After that, create a new captive portal, with vendor Cisco Meraki

Access Point Configuration

Sign-in to the Meraki cloud portal.

  1. Navigate to Wireless -> Configure -> SSIDs and define a network that we will protect with a Captive Portal with RADIUS authentication. Click edit settings next to Access Control. Configure Access Control with:
  • Association requirements - Open (no encryption)
  • Splash page - Sign-on with my RADIUS server

RADIUS for splash page

  • 1. Host - get this value from the IronWiFi console
  • 1. Port - get this value from the IronWiFi console
  • 1. Secret - get this value from the IronWiFi console
  • 2. Host - get this value from the IronWiFi console
  • 2. Port - get this value from the IronWiFi console
  • 2. Secret - get this value from the IronWiFi console
  • Failover policy - Deny access
  • Load balancing policy - Strict priority order
  • Network access control - Disabled
  • Assign group policies by device type - Disabled
  • Walled Garden - Walled Garden is enabled
  • Walled Garden Ranges - 107.178.250.42/32

RADIUS accounting - If you don't see RADIUS Accounting servers, contact Meraki support to enable this feature in your account.

  • RADIUS accounting - enabled
  • 1. Host - get this value from the IronWiFi console
  • 1. Port - get this value from the IronWiFi console
  • 1. Secret - get this value from the IronWiFi console
  • 2. Host -get this value from the IronWiFi console
  • 2. Port -get this value from the IronWiFi console
  • 2. Secret -get this value from the IronWiFi console
  • Data-Carrier Detect - enabled
  1. Navigate to Wireless -> Configure -> Splash page and configure:
  • Custom Splash URL -get this value from the IronWiFi console

If data-carrier detect is enabled, sessions will be revoked and accounted for whenever a client disassociates from a network. To allow clients to reassociate to the network without re-authorization, do not enable data-carrier detect.

If you have devices that don't have support for two way authentication like printers, Smart TV, etc., you can white-list these devices directly in the Meraki Console -

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Blocking_and_Whitelisting_Clients

    • Related Articles

    • Cisco WLC 9800

      This page will guide you through the Captive Portal configuration for Cisco WLC 9800 hardware / VM and authentication via IronWiFi. IronWiFi Console Configuration Log into the IronWiFi console or register for free Create a new network After that, ...

    • Meraki - OpenRoaming configuration

      Prerequisites Access to the Meraki Dashboard as a user with administrative privileges. Supported Meraki device - this solution works with all devices of the MR series. Information about the assigned RADIUS servers (Server IP address, port numbers, ...

    • Cisco WLC

      This page explains the configuration of the Cisco Wireless LAN Controller to work with IronWifi Captive Portal. IronWiFi Console Configuration Log into the IronWiFi console or register for free Create a new network After that, create a new captive ...

    • Cisco Catalyst

      IronWiFi Console Configuration Log into the IronWiFi console or register for free Create a new network After that, create a new captive portal, with vendor Cisco catalyst Access Point Configuration Open a web browser and log in to your Cisco Catalyst ...

    • Meraki - Passpoint configuration

      Prerequisites Access to the Meraki Dashboard as a user with administrative privileges. Supported Meraki device - this solution works with all devices of the MR series. Information about the assigned RADIUS servers (Server IP address, port numbers, ...