Reduce BYOD Sign-ins.

dizzysn
Here to help

Reduce BYOD Sign-ins.

Hey folks,

 

I've just started a position at a school district that uses Meraki systems for everything. So far I like them quite a bit, but I'm not familiar with them at all, having previously come from small businesses that had basic network equipment, and a slightly larger company that utilized Ubiquiti. So I've got a question about a task I've been given to solve, that I'm kind of hitting a wall on:

 

We have three Wi-Fi networks. Protected LAN, Guest (for guest of the district only, limited to 15 IP addresses as this network doesn't go through our proxy) and a BYOD that authenticates through AD for teachers and students to use their own devices. For the purpose of this, we are focusing on Protected and BYOD. The issue we have is that people keep putting their devices on the Protected LAN network, because kids and teachers dislike having to login to the network so frequently.

 

What I've been asked to do, is reduce the number of sign-ins that are required. My manager was hoping we could have a scenario where someone logs in once, and then their device/login is remembered for a long period of time, ideally all school year, but realistically anything less to encourage people to use BYOD rather than Protected. Is there a way for me to achieve this? I've found where the BYOD network options are, but haven't been able to find anything about registering devices for a period of time.

 

Thanks in advance.

8 REPLIES 8
PhilipDAth
Kind of a big deal

If you are using a splash page then you can change the frequency of the logins.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Splash_Page_Frequenc... 

 

If you have Systems Manager licences (or don't mind buying them) and you are just attaching Apple devices then you could consider using Trusted Access.  This uses certificate based authentication, and once attached users will never be prompted again.  Android devices were meant to be supported but it didn't used to be very good.  I have not retried it recently.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_S... 

 

If you don't mind deploying a RADIUS server (such as NPS built into Windows Server) then you could change across to using WPA2-Enterprise mode.  There is no splash page and users are only prompted once when they connect.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_... 

 

Thanks for the reply. We currently have it set as "Sign-on with Active Directory", rather than a click-through splash page. As it's a state entity, they need to be able to find out who did what, on what device, if it ever comes to it (if a child is looking up things that trigger alerts for instance), so they require the logins to be active directory based.

nealgs
Building a reputation

Hi dizzysn,

 

You can adjust the time the splash page appears from half hourly up to, what appears to be, max 90 days.

 

Go to

 

Wireless > Configure > Splash page

 

then choose the relevant SSID you wish to change.  Scroll to the bottom of the page to the Splash behaviour section.

 

Set the Splash frequency to the relevant period.

 

Hope this helps 🙂

 

nealgs
Building a reputation

never mind, already answered - hehe 🙂

This is going to be a stupid question here, but only because the Meraki interface isn't the most user friendly (for me at least), can the splash page integrate with the active directory sign-ins?

PhilipDAth
Kind of a big deal

Your question implied you are already using a splash page for sign in with Active Directory, and you wanted to reduce the frequency of this.

 

If you are not already using a splash page - how are you authenticating the users with Active Directory?

Sorry Phil - Meraki is all new to me. There IS a splash page for the AD login. I've never worked with something like this and didn't realize that there were multiple settings for the splash page. I was looking at Wireless > Access Control and the splash page section was set to sign-on with AD, where I also saw the click through option. didn't realize there was a whole separate page that controlled the splash behavior. As this is now set to 90 days, if they leave the building and come back, will they have to login, or should it remember them? Thanks a lot!
PhilipDAth
Kind of a big deal

>if they leave the building and come back, will they have to login, or should it remember them? 

 

It will remember them.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels