Meraki

Community

Splash page configuration either AD or RADIUS on MR46 AP's

JBlack
New here
yesterday
yesterday

Splash page configuration either AD or RADIUS on MR46 AP's

We are working to implement BYOD on an SSID across campus and are hitting roadblocks configuring the splash page.  When testing with AD config it fails on all AP's.  Same for RADIUS.  We can test RADIUS for other SSID's that use it for security and it works fine in that configuration.  Is there perhaps some different configuration for splash page vs. security when using RADIUS?  Fairly new to Meraki and first time working with RADIUS.  Not sure what's preventing communication for the AD config, was hoping to use RADIUS alternatively.  Any suggestions or course of action appreciated!  Have been working with Meraki documentation that's helped us get this far.

 

RADIUS Splash Page.jpg

0 Kudos
6 Replies 6
Mloraditch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

See this note:

 

Note: RADIUS access request messages for a splash page will be sourced from the dashboard, not from the local Meraki devices. As such, the RADIUS server's private LAN IP address cannot be specified here.

Located here: https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Design_and_Configure/C...

LDAP will not have that oddity: https://documentation.meraki.com/Wireless/Operate_and_Maintain/How_Tos/Splash_Page/Configuring_Splas...

But it does use Secure LDAP over TLS, so if you don't have that configured properly, you may have issues. Packet captures and logs on your DC can help determine that or Meraki Support can help clarify as well if you aren't sure how to read the captures.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

To add to Mloraditch excellent answer, this is because the splash page is hosted and served from a server on the Internet, not from inside your network.  Consequently, the RADIUS request comes from the Internet.

 

It is a real pain.

 

Could you use Entra ID authentication instead?

https://documentation.meraki.com/Wireless/Design_and_Configure/Configuration_Guides/Encryption_and_A...

 

alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

What @Mloraditch  means is that your Radius server must respond to the internet, meaning you need to create an inbound NAT for your server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
JBlack
New here
yesterday
yesterday

Ah.  So in that case if using the AD authentication config the request would also come from the internet?  That might explain why nothing is getting through to port 3268 when testing in CP.

 

Is there perhaps a guide or best practices for configuring firewall to allow the necessary traffic for an AD splash page?  Any thoughts which would be the better approach RADIUS vs AD?

0 Kudos
In response to JBlack
Mloraditch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

For AD the requests come locally from the APs: https://documentation.meraki.com/Wireless/Operate_and_Maintain/How_Tos/Splash_Page/Integrating_Activ...

I would use AD over RADIUS (presuming you are using NPS or another non ISE solution) because I don't want my RADIUS server exposed to the internet, but I would also use the Entra integration @PhilipDAth  linked over either of these.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
JBlack
New here
yesterday
yesterday

Thank you all for the input!  We do have Entra integration that I have just confirmed so will be exploring that avenue for our BYOD splash page.  Hopefully I won't need to post anymore, fingers crossed!

 

May you all have wonderful holidays!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.