Guest access – Cisco Meraki
In this topic, you will learn how to configure a Cisco Meraki access point to work together with the Portnox™ Cloud captive portal for guest user authentication.
Before you begin configuring your access point, you must configure the guest network in Portnox Cloud and note down the values of the fields: IP (for walled garden) and Captive Portal URL.
Warning: We tested this configuration on a Meraki MR33 access point in our Meraki lab, but we cannot guarantee that
it will cover every Meraki product and version. Also, the configuration is generic and may not fit every single environment.
Therefore, to get the most accurate and current configuration guidance on 802.1X configuration, we strongly recommend that
you refer to the documentation provided by Meraki on these topics for your particular device models.
-
In the Meraki web interface, select your network, and then click on the
menu option.
-
In the Access control pane, select the SSID that you want to edit.
Note: You can choose an existing SSID to reconfigure it or one of the unconfigured SSIDs.
-
In the Basic info section, enter the SSID for your network if you are configuring an
unconfigured SSID or keep/modify your current SSID as needed. Also, make sure that the SSID
status is set to Enabled.
In this example, we used the SSID VORLON_GUEST, but you can use any SSID you like.
-
In the Security section, select the Open (no encryption) option.
-
Scroll down to the RADIUS section and click on the heading to expand this section. In the
RADIUS servers subsection, click on the Add server link to add the
Portnox Cloud RADIUS server.
-
In the Host IP or FQDN field, enter the IP address of the Portnox Cloud RADIUS server that you created earlier, in the Auth port field, enter
the authentication port for this RADIUS server, and in the Secret field, enter the shared secret
for this server.
- If you use two Cloud RADIUS servers in both regions, repeat the above steps for the second RADIUS server.
-
Scroll back up to the Splash page section and select the Sign-on with
option. In the Sign-on with field, select the my RADIUS server
option.
-
In the Advanced splash settings subsection, select the Block all access until sign-on
is complete option, set the Walled garden switch to
Enabled, and in the Walled garden ranges field, enter the IP addresses
for walled garden that you obtained when you configured the
guest network in Portnox Cloud.
-
Click on the Save button to save your configuration.
-
In the left-hand side menu, select the
option.
-
In the Custom splash URL section, enter the Captive Portal URL that you
obtained when you configured the guest network in Portnox
Cloud.
Note: If using a custom splash URL, other settings in this section, such as the Splash frequency, do not apply to the custom captive portal (in this case, the Portnox Cloud captive portal). The Portnox Cloud guest network configuration has the Session Expiration parameter instead, and sends it in the response to the NAS device, but it is up to the NAS device if it applies the received value.
-
Click on the Save button to save your configuration.
Result: Your guest users can now access the guest Wi-Fi network, using the Portnox Cloud guest network management functionality.