Meraki

Community

Guest WIFI user automation

Beagless
Comes here often
‎Jul 16 2019 2:35 AM
‎Jul 16 2019 2:35 AM

Guest WIFI user automation

Hey Meraki Community

Just wondering what other people are doing for guest wifi user automation

 

we're currently looking at the sponsor page to do it but was wondering what other people have used - API's or spalsh page (we need to have the account approved hence sponsor page)

 

thanks 🙂

0 Kudos
10 Replies 10
timeshimanshu
Getting noticed
‎Jul 16 2019 3:04 AM
‎Jul 16 2019 3:04 AM

That depends @Beagless we trust our guest hence we are using PSK. But sponsor page based authentication can be done with ISE.

0 Kudos
kYutobi
Kind of a big deal
‎Jul 16 2019 4:27 AM
‎Jul 16 2019 4:27 AM

Really depends on how you want your guests to access this. You can have either username and password set with Meraki authentication and cycle the passwords from one or many "guests users". Sponsor logins work well too. I even have a network that's OPEN and have fw rules set to DENY ALL. Then I just add a policy to approve who I want. 

Enthusiast
0 Kudos
In response to kYutobi
Beagless
Comes here often
‎Jul 16 2019 4:37 AM
‎Jul 16 2019 4:37 AM

have you by any chance used the api for wifi user creation ?

0 Kudos
In response to Beagless
kYutobi
Kind of a big deal
‎Jul 16 2019 4:56 AM
‎Jul 16 2019 4:56 AM

I have not. I'm also not too familiar with API's but there are some experts who mess with it here that can answer that.

 

Enthusiast
0 Kudos
In response to kYutobi
Beagless
Comes here often
‎Jul 16 2019 4:40 AM
‎Jul 16 2019 4:40 AM

Is it possible to customize the approval email that's sent,  to say send it to service now to open a ticket

0 Kudos
In response to Beagless
Uberseehandel
Kind of a big deal
‎Jul 16 2019 5:24 AM
‎Jul 16 2019 5:24 AM

After some consideration, I decided that all "Guests" should use an open isolated VLAN, that only connects to the Internet. Isolated means that Guests are also protected from each other. For the rest of it I really don't want to know, it can only lead to "complications". Personally, I do not connect to public WiFis that try and harvest information about users (they get the MAC, or think they do).

 

Other WIFi users may connect to an appropriate SSID for the local/remote access that user is entitled to. Allowing staff some form of Guest/Public access only encourages them to waste time on social media sites when they should be working.

 

There is nothing to stop genuine guests connecting to the Internet using their MNO service. Staff may be required to leave their personal phones in their locker when working. This isn't necessary in most businesses, but hotels, bars and restaurants tend to have a problem. When I lived abroad, my cleaning-lady (from a former Eastern Bloc nation) used my apartment's WiFi to run an Escort service.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
In response to Uberseehandel
kYutobi
Kind of a big deal
‎Jul 16 2019 5:26 AM
‎Jul 16 2019 5:26 AM

@Uberseehandel wrote:

After some consideration, I decided that all "Guests" should use an open isolated VLAN, that only connects to the Internet. Isolated means that Guests are also protected from each other. For the rest of it I really don't want to know, it can only lead to "complications". Personally, I do not connect to public WiFis that try and harvest information about users (they get the MAC, or think they do).

 

Other WIFi users may connect to an appropriate SSID for the local/remote access that user is entitled to. Allowing staff some form of Guest/Public access only encourages them to waste time on social media sites when they should be working.

 

There is nothing to stop genuine guests connecting to the Internet using their MNO service. Staff may be required to leave their personal phones in their locker when working. This isn't necessary in most businesses, but hotels, bars and restaurants tend to have a problem. When I lived abroad, my cleaning-lady (from a former Eastern Bloc nation) used my apartment's WiFi to run an Escort service.

 

@Uberseehandel OMG YIKES!!!

 

Enthusiast
0 Kudos
In response to kYutobi
Uberseehandel
Kind of a big deal
‎Jul 16 2019 5:52 AM
‎Jul 16 2019 5:52 AM

@kYutobi wrote:
@Uberseehandel wrote:

.When I lived abroad, my cleaning-lady (from a former Eastern Bloc nation) used my apartment's WiFi to run an Escort service.

 

@Uberseehandel OMG YIKES!!!

When one is a Master of the Universe, this is what you have to put up with. It is not necessarily a bad thing, it keeps one in touch with the rest of the world. And based on my experiences elsewhere, it is more common than one might imagine.

;-[]

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 16 2019 2:49 PM
‎Jul 16 2019 2:49 PM

Our customers tend to use a range of options:

 

* A simple Meraki click through splash page that only operates during the hours the business is open (a common choice)

* A simple WPA2-PSK

* Using the built in pre-paid billing option in "fast" mode.  Guest don't actually pay anything.  But this lets you pre-print a bunch of codes that you can give out to reception.  The billing functionality allows you to put in restrictions like only allowing a code to be used once, and a duration restriction.  You can also get reception to take a log of who they give them out to if you want this kind of auditing.

* We have a lot of retailers use Splash Access (a third party commercial service).  They offer a lot of analytics and integrations that retailers like.

 

I've mentioned sponsored access many times but no one has got us to set that up yet.  Also Splash Access have a much more powerfull sponsored access solution, and then also have an option to do rotating dailing WPA2-PSK's and a QR code that guests can scan to auto-setup the WiFi on their devices.

In response to PhilipDAth
Beagless
Comes here often
‎Jul 26 2019 12:39 AM
‎Jul 26 2019 12:39 AM

Hi Phillip

Thanks for that, very help indeed. I guess i'm looking at 2 options then

 

1. Splash page with sponsor access

2. Sponsored access page

 

do you know can much of the above be automated with the api ?

 

i guess where we are trying to get to is user puts in details then email sent to servicenow, servicenow uses api to approve and emails go back to user and servicenow

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.