Meraki

Community

Qr code + splash page + iOS - not works

AndreaAcea
Comes here often
3 weeks ago
3 weeks ago

Qr code + splash page + iOS - not works

Hi everyone,

I’m facing a persistent issue with my Guest Wi-Fi setup on Meraki APs. Here are the details of my configuration:

  • SSID Security: Open

  • Splash Page: Sponsored Guest Login

  • Addressing: NAT Mode (Meraki AP assigned)

  • Clients: Specifically affecting iPhones (iOS).

The Problem: When a guest scans a QR code to join the network, the iPhone connects to the SSID, but the Captive Network Assistant (CNA) popup (the splash page) does not appear automatically.

The device often stays in a "limited connectivity" state or, worse, switches back to 4G/LTE because it doesn't detect the captive portal immediately. If the user manually navigates to an HTTP site like neverssl.com, the splash page appears and works perfectly, but the "Initial Redirect" via QR code is failing.

What I’ve tried:

  1. Verified that apple.com and captive.apple.com are NOT in the Walled Garden.

  2. Tested with both "Captive portal browser" set to "Appear" and "Block".

  3. Support suggested looking into RFC 8908 (DHCP Option 114), but I don't see any option to configure the Captive Portal API URL in my dashboard under NAT Mode.

My Goal: I need the Splash Page to trigger instantly when the QR code is scanned, without forcing the user to manually open Safari or toggle Airplane Mode.

Has anyone successfully implemented RFC 8908 on Meraki NAT mode? Or is there a specific "Feature Flag" that Support needs to enable to make the hijacking of iOS traffic more aggressive?

Any advice or workaround would be greatly appreciated.

 

 

Labels:
0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Are you using an external portal or the Meraki portal as your homepage?

If it's external, is the URL or IP address allowed in Walled Garden?

 

 

Allow captive.apple.com and keep apple.com blocked. If possible move the SSID to Bridge Mode.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
AndreaAcea
Comes here often
3 weeks ago
3 weeks ago

 

Hi,

 

thanks for your feedback.

 

In line my answer:

  • We are using the Meraki-hosted portal (custom HTML injected in the dashboard).

  • Regarding captive apple, if I whitelist it, the iOS CNA won't trigger, and the user won't see the splash page at all. We want to force the popup, so we need the redirection to be intercepted effectively.

  • I am currently in NAT Mode because we don't want to manage a separate DHCP server for guests at this stage or I need to ask out network operator for further information. 

 

What do you suggest?

 

Thanks,

 

AP

 

0 Kudos
In response to AndreaAcea
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

The best solution would be to move the SSID to Bridge mode. Can you test this to see if it resolves the problem?

 

Apple's CNA often fails because the AP performs local NAT/DHCP, and the L3 handshake takes long enough for iOS to distrust the network.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
AndreaAcea
Comes here often
3 weeks ago
3 weeks ago

Let me try and then I will update you.

 

Many thanks,

 

AP

0 Kudos
ffiol
Comes here often
2 weeks ago
2 weeks ago

Sorry, I'm in the wrong place.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.