Hi MuhammadHasan,

Guest SSID is configured with Cisco ISE. What do you mean by Meraki Walled Garden is not?

• Walled Garden: Specifies which IP addresses, IP ranges, or hosts an unauthenticated client can access regardless of Captive Portal Strength.

Clients who have not authenticated are unable to access network resources outside of the Captive Portal with the exception of IP address, ranges or hosts specified in the Walled Garden.

Documentation - https://documentation.meraki.com/MR/Encryption_and_Authentication/CWA_-_Central_Web_Authentication_w...

Point 1 - The IP address of the Cisco ISE server needs to be added to the Walled garden under Advanced splash settings to ensure that a client will be permitted through the Walled garden before being authenticated by the Cisco ISE server.

Point 2 - Make sure the APs can communicate with your Cisco ISE server - make sure to add APs IP addresses to Cisco ISE Server as Clients.

Point 3 - While trying to connect - start taking

1. Wired Packet capture on the AP
2. Monitoring Mode PCAP (if your AP allow - wireless pcap with Tx enabled)
3. PCAP on the Test PC - install Wireshark:

• Filter the PCAP for the MAC Address of the Test device - what kind of traffic do you see?
• Is the URL for the redirect page added to the Walled garden?
• Is your client device trying to resolve the URL of the Redirect page when you filter the Wired PCAP for DNS?
• When you filter the Wired PCAP for "http" do you see "Temporary Redirect"?

Point 4 - If you still don't see the Redirect - Generate HTTP GET by visiting http://neverssl.com/ to see if this will trigger a splash page redirection - take the same packet capture as above ^

Additional Troubleshooting guide - https://documentation.meraki.com/MR/MR_Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting#Spla...