Meraki

Community

Guest Wifi with "internal" captive portal

suneq
Getting noticed
‎Nov 23 2021 6:13 AM
‎Nov 23 2021 6:13 AM

Guest Wifi with "internal" captive portal

Hi,

I am asked to design a Guest Wifi architecture for spokes with some basic requirements:

- Guest Wifi user should have access to Internet only

- A single Guest Wifi subnet should be used for all 600+ sites

 

However, the splash page should be stored in an internal server which is located in the Data Center / hub. This splash page will not be reachable via Internet. 

 

From my understanding, if the splash page is only reachable from AutoVPN tunnel, I guess that the Guest Wifi VLAN / subnet of each spoke should be advertise to the hub => so we cannot use single Guest Wifi subnet but we should have 1 subnet per spoke and things get more complicated.

Am I correct? Is there any way to meet the requirement? Thanks for your advice.

 

 

 

0 Kudos
4 Replies 4
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 23 2021 6:47 AM
‎Nov 23 2021 6:47 AM

Can the splash page be replicated in the native splash function of dashboard? That would greatly simplify your design, provide resiliency, and require no VPN tunnel.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Ryan_Miles
suneq
Getting noticed
‎Nov 23 2021 6:56 AM
‎Nov 23 2021 6:56 AM

Hi @Ryan_Miles, the client has their captive portal Ucopia which is working well and therfore, they do not want to change anything.

Any solution for that? Thanks.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 23 2021 12:34 PM
‎Nov 23 2021 12:34 PM

I don't think this is a good design.

 

If you want to write a captive portal integration take a look at the EXCAP guide (option 3).

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_captive_portal.pdf

Here is the developer guide:

https://developer.cisco.com/meraki/captive-portal-api/ 

 

Otherwise, if you want to pursue the layer 2 strategy, you'll need to deploy an MX in VPN concentrator mode wherever your portal server is.  Then configure the SSID to use tunnelling.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin... 

Beambox
New here
‎Dec 8 2021 6:30 AM
‎Dec 8 2021 6:30 AM

Regarding not making it accessible on the internet, I wonder if you could use some Cloudflare rules to handle this at the DNS level?

 

One unique aspect of the Meraki captive portal is that it passes in a selection of URL parameters with information such as the device MAC/IP.

 

You could filter based on this, concealing the splash page unless these URL params are present.



Beambox is a guest WiFi marketing solution that integrates with your Meraki dashboard.

MSP? Become a Beambox Partner and make recurring commissions by providing better guest WiFi to your ...
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.