Meraki

You are here:
Estimated reading time: 3 min

Please note: You need to be running a Meraki MX o Meraki Z1

Log in to your Meraki dashboard at https://dashboard.meraki.com

Click on Configuration on the left menu

Click Access Control on the left menú and configure with the following settings:

Association requirements Open (no encryption)
Splash page Sign-on with “My Radius Server”
RADIUS for splash page 1. Click Add a Server and add:

Host: *insert radius_server here*

Port: 1812

Secret: *insert radius_secret here*

 

2. Click Add a Server again and add:

Host: *insert radius_server2 here*

Port: 1812

Secret: *insert radius_secret here*

  *Note: When you eneter the radius server you may see an arror: “Host for RADIUS is not a valid IP address”. This is an expected error message, the field prefers an IP address but will still work with a domain name in this field.
RADIUS accounting RADIUS accounting is enabled

 

RADIUS accounting servers:

1. Click Add a Server and add:

Host: *insert radius_server here*

Port: 1813

Secret: *insert radius_secret here*

 

2. Click Add a Server again and add:

Host: *insert radius_server2 here*

Port: 1813

Secret: *insert radius_secret here*

*Note: You may not see the option to set up the RADIUS accounting. If this is the case, please raise a Meraki support case via Help/Cases/New Case requesting “Please can you enable RADIUS accounting on my account”.

*Note 2: the Meraki MX/Z1 does not support accounting, so please skip this step

Network access control Disabled: do not check clients for antivirus software
Assign group policies by device type Disabled: do not assign group policies automatically
Captive portal strength Block all access until sign-on is complete
Walled garden 1. Walled garden is enabled

2. Walled garden ranges – Copy and paste the list below:

*.*insert access_domain here*

*.meraki.com

*.portals.hostspot.mx

Simultaneous logins Allow simultaneos devices per user
Controller disconnection behavior Default for your settings: Restricted
Client IP assignment NAT mode: Use Meraki DHCP
VLAN tagging Don’t use VLAN tagging
  *Note: You may see an error saying the walled garden entry is invalid. In this case, raise a Meraki support case via Help/Cases/New Case and request “Please can you enable domain based walled garden support”

If you wish to support social network logins, you also need to add the domains below for each network you plan to support

Facebook *.facebook.com

*.fbcdn.net

*.akamaihd.net

*.connect.facebook.net

Under Captive Web Portal Login Page Settings:

Login URL http://portals.hostspot.mx/
Passwor Encryption No Encryption
Authentication Method PAP

Under Captive Web Portal Success Page Settings:

Show the success page… Disabled
After a successful login Redirect to an external page
Use simple URL address http://portals.hostspot.mx/

Under Optional Advanced Configuration:

Use network default settings Enabled
Use HTTP 302 a the redirection method Enabled
Enable HTTPS Yes

Under Walled Garden:

IMPORTANT: You will need to add the below entries one by one. Click on New, enter the domain and then click Apply. Repeat this until you have all domains in the list below.

portals.hostspot.mx

If you wish to support social network logins, you also need to add the domains below for each network you plan to support.

Facebook *.facebook.com

*.fbcdn.net

*.akamaihd.net

*.connect.facebook.net

Click Save

Next, click on <RADIUS Settings> and choose New. Configure with:

RADIUS Name                                            guest

Under Add a New RADIUS Server configure with:

IP Address/Domain Name radius1.hostspot.mx
Server Type Auth/Acct
Shared Secret (request a ticket through our platform on the support section)
Confirm Secret (request a ticket through our platform on the support section)
Server Role Primary

Click Apply to add, and then click on New to add another:

IP Address/Domain Name radius2.hostspot.mx
Server Type Auth/Acct
Shared Secret (request a ticket through our platform on the support section)
Confirm Secret (request a ticket through our platform on the support section)
Server Role Backup1

Click Apply again, and then click on Save

Under User Profile click on Add/Remove.

Select default-profile and click Save

Further down the page, beside Advanced Settings click Edit

Click on Service Settings and beside ALG Services click the Plus (+) icon Configure with:

Name guestwifi
DNS Enabled
HTTP Enabled

Click on Save and then Save again at the top right. The screen should now look like:

Finally, click on Continue at the top right.

You are now asked which of your access points you wish to push the new settings to (typically all your access points). Select all that apply, and click Update > Update Devices

Click Update.

Was this article helpful?
Dislike