Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Guest Network with ACLs doesn't load captive portal splash page

TinOmen
Here to help
‎Jul 12 2023 3:36 PM
‎Jul 12 2023 3:36 PM

Guest Network with ACLs doesn't load captive portal splash page

Ok community, I have an interesting issue.  I'm attempting to move my guest network from the Meraki NAT to a bridged VLAN config (the reason for this is because Meraki NAT routes the traffic out through the management network to the internet, which on our firewall has no restrictions).  

 

So I've configured a VLAN and ACLs.  I'll post them below.  Long story short, the captive portal will not load and I can't find any documentation on where the Meraki captive portal actually resides or what I should add to the ACL to allow the captive portal.

 

When I connect to this VLAN on the switch or from the WiFi without captive portal, everything swims along perfectly.

 

I've tried the following troubleshooting steps:

- Changed the SSID firewall setting to allow to LAN traffic

- Removed the Client Isolation line of the ACL

- Changed lines in the ACL to allow all traffic to and from the VLAN's Gateway address

- Turned on Walled Garden and turned it off (Walled Garden says the Meraki splash is automatically allowed.

 

I'm probably missing something really obvious here, but any help would be appreciated.


TinOmen_0-1689201379373.png

 

0 Kudos
Subscribe
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 12 2023 3:38 PM
‎Jul 12 2023 3:38 PM

You need to allow DNS, HTTP and HTTPS. I think it's enough to work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 12 2023 3:43 PM
‎Jul 12 2023 3:43 PM

But I think it's not necessary because you can block all the traffic for LAN on the firewall SSID configuration.

 

https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/Configuring_SSIDs_and_Access_Con...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
TinOmen
Here to help
‎Jul 13 2023 7:08 AM
‎Jul 13 2023 7:08 AM

I understand that's the easy route here, but I'd like to have this vlan cut off completely there and on the swtiches.  I'm just trying to de-mystify the splash page.  If I turn off the splash page, the vlan works well.  Internet only and it's completely cut off with client isolation.  I'm just missing a piece that's blocking the splash.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.