Hi,
I am looking for help with integrating our external captive portal with Meraki Cloud controller.
Of course, I did some search before to see if anyone already asked for the same question and found lot of responses, but all of them are referring to “Sign-on Splash” solution which I think is not quire suitable for our case.
So, here is my scenario that I need to achieve.
Guest’s Flow
- Guest connects to AP.
- Meraki sends RADIUS access request message to OUR FreeRADIUS server.
- If authenticated, then Meraki grants access to the network with Session Bandwidth, Session Duration and Session Idle Timeout parameters provided in RADIUS response and end of the flow.
- Otherwise see next steps.
- AP redirects the client to splash server.
- Splash page displays content and includes additional parameters in the URL. Required dynamic parameters to be injected by Meraki are MAC and VLAN.
- Guest interacts with the site.
- Form submission sends data to OUR backend.
- OUR backend talks to Meraki via Northbound Interface and authenticates the user using MAC address (additional parameters also possible)
- Meraki sends RADIUS access request message to OUR FreeRADIUS server to confirm the authentication .
- If authenticated, then Meraki grants access to the network with Session Bandwidth, Session Duration and Session Idle Timeout parameters provided in RADIUS response and end of the flow.
- Otherwise, user stays on Login page.
- Once authenticated, Meraki may cache Guest’s authentication status and not to interact with FreeRADIUS on Guest’s disconnect-connect cycles. But if Guest tries to access previously not authenticated VLAN then the flow should start from step 1.
- Meraki should send accounting data to OUR FreeRADIUS server.
Administrator’s capabilities (from our backend side)
- Administrator can query Guest’s status by MAC and VLAN by sending request to Northbound interface.
- Administrator can remove Guest from the network by MAC and VLAN by sending request to Northbound interface.
Thanks in advance for any help.
