cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

data usage bypassing sponsored guest

SOLVED
Conversationalist

data usage bypassing sponsored guest

We recently implemented "Sponsored Guest" splash page. I have noticed some users mobile phones have data usage though they are not authorized. I tried it myself and was able to connect to the network but not go through the portal and it will allow some app usage to pull data as long as it's not through the browser. Any thoughts on how to cut this off?

 

Here are my access control settings:

 

Association Requirements - Open

Splash Page - Sponsored Guest Login

Email Domains - Our corporate domain

Duration - 1 day

NAC - Disabled

Group Policies - Disabled

Captive Portal Strength - Block all access until sign-on is complete

Walled Garden is enabled

Walled Garden ranges - Our DHCP/DNS server

Controller Disconnection Behavior - REstricted

IP Assignment - Bridge mode

VLAN tagging - On - Use a vlan that is segmented to only allow Inet traffic and no access to internal networks other than dhcp.

Content filtering - Off

Bonjour off

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: data usage bypassing sponsored guest

Are you sure the phone hasn't failed over to 4G?

 

How do you know the apps are able to pull data?  I think I would do a packet capture on the AP of the client to confirm this.

5 REPLIES 5
Kind of a big deal

Re: data usage bypassing sponsored guest

Set this option under the SSID settings.

 

1.PNG

Conversationalist

Re: data usage bypassing sponsored guest

Thanks for the quick reply.  It is already set.

Kind of a big deal

Re: data usage bypassing sponsored guest

Are you sure the phone hasn't failed over to 4G?

 

How do you know the apps are able to pull data?  I think I would do a packet capture on the AP of the client to confirm this.

Conversationalist

Re: data usage bypassing sponsored guest

Ok, so a packet capture on myself shows outbound traffic captured but nothing is coming back inbound. I guess the usage showing in the Meraki dashboard under clients > show detail while "not authorized" would be previous days usage though they are not authorized for today. I think it was a view issue on my part since the portal lasts for 24 hours and I had client usage view set to 1 week. I thought it odd but didn't have a chance to chase it down. Thanks for the direction!

Head in the Cloud

Re: data usage bypassing sponsored guest

Hi @zrunner626 

 

I have not seen any of our clients wireless network with this behavior.

As @PhilipDAth suggested "Block all access until sign-on is complete" should do the job.

 

A piece of information from the below url says

Once a device is authorized this method will not ask for authentication again for the permitted duration.

 

May be your devices are already authorized. Could you verify this please?

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Sponsored_Guest

 

If a user disconnects and reconnects within the approved time, the device will automatically get internet access. If the user reconnects to the SSID after the approval period is expired the whole process will be repeated again. This function is currently limited to a maximum of 1 day (24 hours) per authorization.

 

Note: Devices that have been authenticated for a specified duration cannot have their authentication manually revoked, and admins will have to wait for the authorized duration to end for access to expire. Devices are authorized by user accounts, and authorization applies to any device using the approved credentials. 

Cheers
Ajit
ajitsnw@gmail.com
https://www.linkedin.com/in/ajitkumarverma/
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.