Guest access – Cisco Meraki

In this topic, you will learn how to configure a Cisco Meraki access point to work together with the Portnox™ Cloud captive portal for guest user authentication.

Before you begin configuring your access point, you must configure the guest network in Portnox Cloud and note down the values of the fields: IP (for walled garden) and Captive Portal URL.

Warning: We tested this configuration on a Meraki MR33 access point in our Meraki lab, but we cannot guarantee that it will cover every Meraki product and version. Also, the configuration is generic and may not fit every single environment. Therefore, to get the most accurate and current configuration guidance on 802.1X configuration, we strongly recommend that you refer to the documentation provided by Meraki on these topics for your particular device models.
  1. In the Meraki web interface, select your network, and then click on the Wireless > Access control menu option.

  2. In the Access control pane, select the SSID that you want to edit.

    Note: You can choose an existing SSID to reconfigure it or one of the unconfigured SSIDs.
  3. In the Basic info section, enter the SSID for your network if you are configuring an unconfigured SSID or keep/modify your current SSID as needed. Also, make sure that the SSID status is set to Enabled.

    In this example, we used the SSID VORLON_GUEST, but you can use any SSID you like.

  4. In the Security section, select the Open (no encryption) option.

  5. Scroll down to the RADIUS section and click on the heading to expand this section. In the RADIUS servers subsection, click on the Add server link to add the Portnox Cloud RADIUS server.

  6. In the Host IP or FQDN field, enter the IP address of the Portnox Cloud RADIUS server that you created earlier, in the Auth port field, enter the authentication port for this RADIUS server, and in the Secret field, enter the shared secret for this server.

    1. Optional: Test the connectivity to the server. Enter the credentials of an account that is registered in your Cloud in the Username and Password fields, and then click on the Begin test button.

    2. Close the test pop-up by clicking on the Cancel link.
    3. Click on the Done button to add the Cloud RADIUS server.

  7. If you use two Cloud RADIUS servers in both regions, repeat the above steps for the second RADIUS server.
  8. Scroll back up to the Splash page section and select the Sign-on with option. In the Sign-on with field, select the my RADIUS server option.

  9. In the Advanced splash settings subsection, select the Block all access until sign-on is complete option, set the Walled garden switch to Enabled, and in the Walled garden ranges field, enter the IP addresses for walled garden that you obtained when you configured the guest network in Portnox Cloud.

  10. Click on the Save button to save your configuration.

  11. In the left-hand side menu, select the Wireless > Splash page option.

  12. In the Custom splash URL section, enter the Captive Portal URL that you obtained when you configured the guest network in Portnox Cloud.

    Note: If using a custom splash URL, other settings in this section, such as the Splash frequency, do not apply to the custom captive portal (in this case, the Portnox Cloud captive portal). The Portnox Cloud guest network configuration has the Session Expiration parameter instead, and sends it in the response to the NAS device, but it is up to the NAS device if it applies the received value.
  13. Click on the Save button to save your configuration.

Result: Your guest users can now access the guest Wi-Fi network, using the Portnox Cloud guest network management functionality.