Guest Wifi with "internal" captive portal

suneq
Getting noticed

Guest Wifi with "internal" captive portal

Hi,

I am asked to design a Guest Wifi architecture for spokes with some basic requirements:

- Guest Wifi user should have access to Internet only

- A single Guest Wifi subnet should be used for all 600+ sites

 

However, the splash page should be stored in an internal server which is located in the Data Center / hub. This splash page will not be reachable via Internet. 

 

From my understanding, if the splash page is only reachable from AutoVPN tunnel, I guess that the Guest Wifi VLAN / subnet of each spoke should be advertise to the hub => so we cannot use single Guest Wifi subnet but we should have 1 subnet per spoke and things get more complicated.

Am I correct? Is there any way to meet the requirement? Thanks for your advice.

 

 

 

3 REPLIES 3
rymiles
Meraki Employee

Can the splash page be replicated in the native splash function of dashboard? That would greatly simplify your design, provide resiliency, and require no VPN tunnel.

suneq
Getting noticed

Hi @rymiles, the client has their captive portal Ucopia which is working well and therfore, they do not want to change anything.

Any solution for that? Thanks.

PhilipDAth
Kind of a big deal

I don't think this is a good design.

 

If you want to write a captive portal integration take a look at the EXCAP guide (option 3).

https://meraki.cisco.com/lib/pdf/meraki_whitepaper_captive_portal.pdf

Here is the developer guide:

https://developer.cisco.com/meraki/captive-portal-api/ 

 

Otherwise, if you want to pursue the layer 2 strategy, you'll need to deploy an MX in VPN concentrator mode wherever your portal server is.  Then configure the SSID to use tunnelling.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels