Meraki

Community

Authentication Method

Ahmed900
Comes here often
Saturday
Saturday

Authentication Method

Hi all 
I'm new to cisco Meraki and I'm using MR55 device 
The thing is I have my network called Corporate and I want my staff to use the network normally with their laptop,
but if they managed to know the password and try to use it with their phone, I want them to authenticate in a splash page for example with different password. 

Can someone guide me on this 

Thanks  

0 Kudos
5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal
Saturday
Saturday

I assume you won't achive this reliably with the build in tools.

One option worth a test is to have two group policies in the WLAN, one default without splash page and one with a splash page. The later gets assigned based on the end device:

KarstenI_0-1740241915098.jpeg

 

For the "if they managed to know the password":

Normally the users can always find out the passphrase. This is only forbidden when the WLAN profile is pushed with an MDM like Meraki Systems Manager.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
DarrenOC
Kind of a big deal
Kind of a big deal
Saturday
Saturday

Something tells me here no matter which way they authenticate they’re going to end up on your corporate network.

 

How is your internal network segmented?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Can we take a step back - what are you trying to achieve?

 

The end result (from above) is that both corporate and personal devices will have access to the same network.

 

What do you gain by making people enter two passwords from a personal device?

sinelnyyk
Meraki Employee
Meraki Employee
20 hours ago
20 hours ago

Hi @Ahmed900,

I agree with @PhilipDAth, at first its important to understand what you're trying to achieve.

With this said, I think you can use the setup with PSK and Sign-on splash page, and in the dashboard settings you can put the laptops into a white list manually, and in this case these clients won't need to go through splash authentication. And if users try to enter connect to the SSID from their phone knowing the PSK, they will be met with the splash page. This method, however, don't prevent them from connecting if they know the password for the splash page. Something similar is outlined in this KB.

I believe the best way to go here if you want to restrict access from phones would be some sort of MAC address-based, or cert-based authentication.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
BlakeRichardson
Kind of a big deal
Kind of a big deal
11 hours ago
11 hours ago

You would probably be better using 802.1x and applying group policies to the different device types i.e. BYOD and company owned. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.