Guest access – Cisco Meraki

In this topic, you will learn how to configure a Cisco Meraki access point to work together with the Portnox™ Cloud captive portal for guest user authentication.

Before you begin configuring your access point, you must configure the guest network in Portnox Cloud and note down the values of the fields: IP (for walled garden) and Captive Portal URL.

Important: This guide provides general instructions for integrating Portnox Cloud with specific third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed configuration of third-party devices is typically best handled by the manufacturer.
  1. In the Meraki web interface, select your network, and then click on the Wireless > Access control menu option.

  2. In the Access control pane, select the SSID that you want to edit.

    Note: You can choose an existing SSID to reconfigure it or one of the unconfigured SSIDs.
  3. In the Basic info section, enter the SSID for your network if you are configuring an unconfigured SSID or keep/modify your current SSID as needed. Also, make sure that the SSID status is set to Enabled.

    In this example, we used the SSID VORLON_GUEST, but you can use any SSID you like.

  4. In the Security section, select the Open (no encryption) option.

  5. Scroll down to the RADIUS section and click on the heading to expand this section. In the RADIUS servers subsection, click on the Add server link to add the Portnox Cloud RADIUS server.

  6. In the Host IP or FQDN field, enter the IP address of the Portnox Cloud RADIUS server that you created earlier, in the Auth port field, enter the authentication port for this RADIUS server, and in the Secret field, enter the shared secret for this server.

    Important: If you limit access to your cloud RADIUS servers based on the source IP address (Settings > Services > CLEAR RADIUS SERVICE > CLEAR RADIUS instance > Restrict access to CLEAR RADIUS service > Allow access only from the following IP addresses), then you must add the following Meraki IP address ranges to Permitted IP addresses: 209.206.48.0/20, 158.115.128.0/19, 216.157.128.0/20. Otherwise, the captive portal will not work, and the following error will be shown when attempting connection: Cannot proceed due to next errors: Access denied.
    1. Optional: Test the connectivity to the server. Enter the credentials of an account that is registered in your Cloud in the Username and Password fields, and then click on the Begin test button.

    2. Close the test pop-up by clicking on the Cancel link.
    3. Click on the Done button to add the Cloud RADIUS server.

  7. If you use two Cloud RADIUS servers in both regions, repeat the above steps for the second RADIUS server.
  8. Scroll back up to the Splash page section and select the Sign-on with option. In the Sign-on with field, select the my RADIUS server option.

  9. In the Advanced splash settings subsection, select the Block all access until sign-on is complete option, set the Walled garden switch to Enabled, and in the Walled garden ranges field, enter the IP addresses for walled garden that you obtained when you configured the guest network in Portnox Cloud.

  10. Click on the Save button to save your configuration.

  11. In the left-hand side menu, select the Wireless > Splash page option.

  12. In the Custom splash URL section, enter the Captive Portal URL that you obtained when you configured the guest network in Portnox Cloud.

    Note: If using a custom splash URL, other settings in this section, such as the Splash frequency, do not apply to the custom captive portal (in this case, the Portnox Cloud captive portal). The Portnox Cloud guest network configuration has the Session Expiration parameter instead, and sends it in the response to the NAS device, but it is up to the NAS device if it applies the received value.
  13. Click on the Save button to save your configuration.

Result: Your guest users can now access the guest Wi-Fi network, using the Portnox Cloud guest network management functionality.