Captive Portal Doestn Work

SOLVED
YouTee
Here to help

Captive Portal Doestn Work

Hi,

 

I'm testing two Meraki switches and two access points. Got two SSID configured, and one is using 802.1x with Windows server 2016 NPS and this works well.

 

Got another SSID that is intended for Guest access and is open and I'm using a different device for captive portal to allow access. Able to get the right IP address (from the device used for captive portal) on the right VLAN however I can't seem to get the CP page pop up so I can enter the credentials to log in for access

 

Probably something I'm missing. Any assistance will be really appreciated

 

 

1 ACCEPTED SOLUTION
YouTee
Here to help

Got this sorted. Here is my solution:

 

Guest SSID
Security - Open
Splash page - None (direct access)
Necessary vlan tag ID

 

Wireless>Firewall & traffic shaping
On my Guest SSID, I add a rule i.e., allow ipv4 TCP to my guest gateway (guest interface on my pfSense) destination port 8002 which is the default port for pfSense CP

View solution in original post

10 REPLIES 10
alemabrahao
Kind of a big deal
Kind of a big deal

Are you blocking all access until sign-on is complete?

 

alemabrahao_0-1669858462272.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I'm not using splash page. I'm getting my CP via a firewall(pfsense) which is also the DHCP for my guest access

 

YouTee_0-1669863219518.png

 

You must use "Click-through" option and configure a "Custom splash URL" under Wireless > CONFIGURE > Splash page

alemabrahao
Kind of a big deal
Kind of a big deal

It's not the only option, but in this case he must have to configure the walled garden setting the IP of his external page.

 

 

Manually specify an IP range or domain names users can access prior to sign-on. Meraki's splash page is automatically included in your walled garden. If you host your own splash page you must enter its information here.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I've tried that option to no avail. 

 

YouTee_0-1669929897561.png

 

alemabrahao
Kind of a big deal
Kind of a big deal

So It's a issue with your portal. I suggest to open a case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

It sounds like an issue on the CP side, rather than on the Meraki side.

My current setup works with Unifi AP/Controller and CP/DHCP via pfSense. Am trying to incorporate Meraki to the current setup to test and will setup another scenario later where Meraki will be the CP itself.

 

So, no there is no issue on the CP side AFAIK  

alemabrahao
Kind of a big deal
Kind of a big deal

You must have to configure the walled garden setting the IP of your external page.

 

 

Manually specify an IP range or domain names users can access prior to sign-on. Meraki's splash page is automatically included in your walled garden. If you host your own splash page you must enter its information here.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
YouTee
Here to help

Got this sorted. Here is my solution:

 

Guest SSID
Security - Open
Splash page - None (direct access)
Necessary vlan tag ID

 

Wireless>Firewall & traffic shaping
On my Guest SSID, I add a rule i.e., allow ipv4 TCP to my guest gateway (guest interface on my pfSense) destination port 8002 which is the default port for pfSense CP

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels