Hi all
We have a guest with the following settings:
- Network access: open
- Splashe page: Sign-on with SMS Authentication
We noticed that clients can log in without sms authentication even though it is enabled.
There is also no splash page. At the details of the client it is written:
Splash: Not authorized
Why does this suddenly stop working?
Solved! Go to solution.
With Meraki Support we have found the solution.
There were 2 "problems".
1. the access point could not connect to the splash page servers. (185.17.255.128/25, 209.206.57.0/24, 209.206.58.0/24 on TCP 80 and TCP 443)
2. set "Access control" ->"Controller disconnection behavior" to "Restricted".
That solved our problem.
Addition:
Even with another SSID with encryption and SMS authentication, there is no splash page and therefore no SMS authentication.
Make sure you set "Captive portal strength" to "Block all access until sign-on is complete".
Hi Philip
Thanks for your input. I have already set this option. I apologize for not having included this in my description.
I recall that there is an option for the setting of the splash page frequency, so quite possibly if the IP lease is long enough, a specific, previously authorised user does not have to re-authenticate if the DHCP lease is still valid.
I do recall a situation at a village pub where the guest network handed out long IP leases and the regulars would keep the same IP pretty well indefinitely. Which made for some interesting analysis, particularly when it came to unnoticed coincidences. The management were usually weeks ahead of the village gossips.
Thanks for your input!
I have created a new SSID with the following settings:
Network access Open
Splash page Billig
Captive portal strength Block all access until sign-on is complete
Splash frequency Every half hour
The client (new one) can still connect to this SSID and browsing to http and https sites.
For the test I was able to download an iso file (2GB) from a website without any problems.
And the DHCP lease duration . . .
In case the system still "sees" a validated user returning
We use bridge mode with VLAN tagging. The lease is 8 hours.
The client i uesed for the test was a new one and hasn't had a IP-adress.
With Meraki Support we have found the solution.
There were 2 "problems".
1. the access point could not connect to the splash page servers. (185.17.255.128/25, 209.206.57.0/24, 209.206.58.0/24 on TCP 80 and TCP 443)
2. set "Access control" ->"Controller disconnection behavior" to "Restricted".
That solved our problem.