Just to remind you that regardless of vendor, the AP looks for HTTP GET requests on TCP port 80 in order to redirect users to the Splash page. If Block all access until sign-on is complete is enabled for the Captive Portal Strength, and the user attempts to access a web page that uses HTTPS, the AP will be unable to redirect the browser to the Splash page because the web traffic is encrypted. Additionally, if the user attempts the access a web page that uses a different port other than TCP port 80 the connection will also be blocked. In either case, the user's browser will timeout. If this is occurring, verify users are accessing a web page using HTTP over TCP port 80. I particularly don't like using Splash page because it is an open authentication without encryption (remembering that it is vendor independent). So what can I say that this is not unique to Meraki, my suggestion is, if you want to raise the level of security use another wireless authentication method.
... View more