Cisco Meraki

From Social ID Developers
Revision as of 14:10, 14 May 2019 by Vicente.santos (Talk | contribs)
Jump to: navigation, search

The following guide was created using Cisco Meraki MR18 APs.

Contents

Configuring the SSID

If you don't have a SSID, you need to setup one first.

To create a new SSID go to "Wireless > SSIDs", choose an unconfigured SSID, rename (e.g.: "CoffeeBean") and enable it:

Meraki ssid.png

Now you need to setup the SSID Access control and Splash page. The next steps explain each of them.

Configuring the Access Control

To configure the SSID Access Control, go to "Wireless > Access control", select the SSID previously created or your own SSID and apply the following settings:

Network Access

  • Association requirements: Open (no encryption)
  • Splash page: Sign-on with my RADIUS server

Meraki access control network access.png

RADIUS Server

RADIUS Authentication

On "RADIUS for splash page", click in "Add a Server" and fill with the following info:

  • Host: radius.socialidnow.com
  • Port: 1812
  • Secret: the provided RADIUS client secret

RADIUS Accounting

On "RADIUS accounting", select "RADIUS accounting is enabled".

On "RADIUS accounting servers", click in "Add a Server" and fill with the following info:

  • Host: radius.socialidnow.com
  • Port: 1813
  • Secret: the provided RADIUS client secret

Important note: by default, the "RADIUS accounting" settings are not available in the Meraki account. You need to open a support case to request Meraki to enable this option. Just go to "Help > Cases", create a new case and usually within a day Meraki enables it.

Meraki access control radius.png

You can also set "Captive portal strength" to "Block all access until sign-on is complete".

Walled Garden

Allow CoffeeBean Identity and Access Platform URLs and social network URLs by configuring the Walled garden destinations.

On "Walled garden", you need to enable it by choosing "Walled garden is enabled" and fill the required domains on "Walled garden ranges".

Add the entries according to Walled Garden for the Social Login URLs:

Meraki access walled garden.png

Important note: by default, the "Walled garden ranges" do not accept domain names and wildcards. You need to open a support case to request Meraki to enable this option. Just go to "Help > Cases", create a new case and usually within a day Meraki enables it.

Addressing and traffic

  • Client IP assignment: NAT mode: Use Meraki DHCP
  • Content filtering: Block adult content

Meraki access addressing and traffic.png

Then save your changes.

Configuring the Splash Page

To configure the SSID Splash Page, go to "Wireless > Splash page", select the SSID previously created or your own SSID.

You need to define a "Custom splash URL":

  • Or provide a URL where users will be redirected: the provided captive portal login URL

Meraki splash page custom splash url.png

On "Splash behavior", you can configure:

  • Splash frequency: customize how often your users will see the splash page (e.g: Every hour).
  • Where should users go after the splash page?: select "A different URL:" and fill the provided captive portal start URL

Meraki splash page custom splash behavior.png

Then save your changes.

SSID Availability

By default, the SSID is enabled on all APs.

If you want to limit on which APs the SSID is available, you can configure a Per-AP availability on "Wireless > SSID availability" by selecting which AP tags should be matched:

Meraki ssid availability.png

Then save your changes.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox