Logging in
Open a web browser and log in to your Meraki dashboard at https://dashboard.meraki.com
Access Control
Click Wireless > Access Control on the left menu. From the SSID dropdown, choose the one you wish to use, then configure with the below settings:
SSID (name): | Guest WiFi (or whatever you wish) |
SSID status: | Enabled |
Security: | Open |
Splash page: | Sign-on with my RADIUS server |
Under Advanced splash settings configure:
Captive portal strength: | Block all access until sign-on is complete |
Walled garden: | Enabled - please refer to this list |
Simultaneous logins: | Allow |
Controller disconnection behavior: | Default |
Under RADIUS click Add server and add:
Host IP or FQDN: | *insert radius_server here* |
Auth Port: | 1812 |
Secret: | *insert radius_secret here* |
Click Add server again and add:
Host IP or FQDN: | *insert radius_server2 here* |
Auth Port: | 1812 |
Secret: | *insert radius_secret here* |
Under RADIUS accounting servers click Add server and add:
Host IP or FQDN: | *insert radius_server here* |
Auth Port: | 1813 |
Secret: | *insert radius_secret here* |
Click Add server again and add:
Host IP or FQDN: | *insert radius_server2 here* |
Auth Port: | 1813 |
Secret: | *insert radius_secret here* |
Accounting interim interval: | 4 minutes |
Under Advanced RADIUS settings (if present) configure:
Called-Station-ID | 1 - AP MAC address (remove any others) |
NAS ID | 1 - AP MAC address (remove any others) |
Server timeout: | 5 seconds |
Retry count: | 3 |
Data-carrier detect: | Disable |
Client IP and VLAN: | Meraki AP assigned (NAT) |
Click on Save Changes.
Splash Page
Click Wireless > Splash Page on the left and configure with:
Custom splash URL: | *insert access_url here* |
Where should users go after the splash page? |
A Different URL: *insert redirect_url here* |
Click Save changes.
Secure Access Control
Click Wireless > Access Control on the left menu. From the SSID dropdown, choose the one you wish to use, then configure with the below settings:
SSID (name): | Secure Guest WiFi (or whatever you wish) |
SSID status: | Enabled |
Security: | Enterprise with my RADIUS server |
Wi-Fi Personal Network (WPN): | Disbled |
WPA encryption: | WAP2 only |
Splash page: | Click-through |
Security Type: | WPA2 Enterprise (802.1X) |
Under Advanced splash settings configure:
Captive portal strength: | Block all access until sign-on is complete |
Walled garden: | Enabled - please refer to this list |
Controller disconnection behavior: | Default |
Under RADIUS servers click Add server and add:
Host IP or FQDN: | rad1-secure.purple.ai |
Auth Port: | 2083 |
Secret: | radsec |
RadSec: | Enabled |
Click Add server again and add:
Host IP or FQDN: | rad2-secure.purple.ai |
Auth Port: | 2083 |
Secret: | radsec |
RadSec: | Enabled |
Under RADIUS accounting servers click Add server and add:
Host IP or FQDN: | rad1-secure.purple.ai |
Auth Port: | 2083 |
Secret: | radsec |
RadSec: | Enabled |
Click Add server again and add:
Host IP or FQDN: | rad2-secure.purple.ai |
Auth Port: | 2083 |
Secret: | radsec |
RadSec: | Enabled |
Accounting interim interval: | 4 minutes |
RADSec TLS idle timeout: | 15 minutes |
RADIUS testing: | Disabled |
RADIUS CoA support: | Disabled |
RADIUS proxy: | Enabled |
Under Advanced RADIUS settings configure:
NAS ID | 1 - AP MAC address (remove any others) |
Server timeout: | 5 seconds |
Retry count: | 3 |
Click Save to save.
Hotspot 2.0 (Passpoint) Configuration
Click Wireless > Hotspot 2.0 on the left menu. From the SSID dropdown, choose your Secure SSID and configure with:
SSID (name): | Secure Guest WiFi (or whatever you wish) |
SSID status: | Enabled |
Security: | Enterprise with my RADIUS server |
Wi-Fi Personal Network (WPN): | Disbled |
WPA encryption: | WAP2 only |
Splash page: | None |
Security Type: | WPA2 Enterprise (802.1X) |
Passpoint: | Enabled |
Operators: | OpenRoaming-Settlement-Free |
Venue Name: | Your Venue Name |
Under Advanced Settings configure with:
Hotspot 2.0: | Enabled |
Operator name: | PURPLE:GB |
Venue Name: | (whatever you wish) |
Venue type: | (whatever you wish) |
Network type: | Free public network |
Domain List: | securewifi.purple.ai |
Roaming Consortium OIs: | 5A03BA0000 004096 |
NAI Realms: |
click Create realm and configure:
click Add an EAP method and configure:
Click Save. |
Click Save Changes.
Secure Splash Page
Click Wireless > Splash Page on the left and configure with:
Custom splash URL: | *insert access_url here* |
Where should users go after the splash page? |
A Different URL: *insert redirect_url here* |
Click Save changes.
Configuration Complete
The configuration is now complete.