Meraki wireless, asking for splash auth on some Windows 11 pc's, when splash auth is not enabled

ronnieshih75
Building a reputation

Meraki wireless, asking for splash auth on some Windows 11 pc's, when splash auth is not enabled

One of our locations run all MR56 AP's on v29.5.1 firmware, and it has been so for many months.  The wireless network is tied to a template which defines all SSIDs and settings.  One of the SSIDs use 802.1X auth against RADIUS service running on our Forescout servers.  The SSID has no splash authentication enabled, with "None (direct access)" checked.  Basically, end users would login to the Windows OS, and Windows OS uses AD credential in the background, passes the creds to the RADIUS server and endpoint devices automatically connect.  We have had no issues with this setup, until recently, when we started upgrading some Windows 10 to Windows 11 OS.  We've come across a few instances of endpoint laptops getting the "Action required prompt" in the Windows 11 wifi widget.  Upon clicking on that, it opens a browser and attempts to connect to one of the dashboard URLs as if splash auth or captive portal is enabled.  This does not happen on all windows 11 endpoints, just some.  

 

This splash authentication attempts also show up in the event log of the relevant wifi network in the Meraki dashboard.

 

Any insight to why splash authentication is happening?

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

Are you sure that it's a Meraki splash page?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

Have you got an MX (which can also do splash page authentication)?

ronnieshih75
Building a reputation

It is a Meraki Nxxx URL.  But I do not have the full URL as I'm waiting for a field tech to tell me when it happens again.

 

We run MX85 + MR56, neither one of these have splash authentication enabled.  However, the wireless network that contains and run the MR56 during the time period this happened shows splash authentication attempts in Network-wide/Monitor/Event log

 

Get notified when there are additional replies to this discussion.