Cisco Meraki
Splash Page
A splash page (also known as a ‘captive portal’) can provide a customized branding experience to wireless users in addition to prompting for username/password credentials. For example, the splash page can display a corporate logo and color scheme. The splash page can also show the terms of service, which might include an acceptable use agreement or a privacy statement.
Click-Through Splash Page
When configured, a click-through splash page displays a fully customizable HTML page to the wireless client the first time the client opens a web browser and makes an HTTP request. An administrator can use this splash page to display an acceptable use policy or network announcements. The client is only granted network access after clicking the “Continue” button on the splash page.
The click-through splash page is hosted by the Meraki cloud. As such, the network must have connectivity to the Meraki cloud in order to display the splash page. If the Meraki cloud is unreachable for some reason, the administrator can configure whether new wireless users should be admitted to the wireless network without seeing the splash page. This setting is under the Configure tab on the Access Control page in the “Disconnection behavior” section.
Sign-On Splash Page
A sign-on splash page provides the functionality of the click-through splash page, but adds the ability to prompt the wireless client for a username and password. The client is only granted network access after he enters a username and password that are validated against a backend authentication server (either a Meraki-hosted authentication server or a customer-hosted RADIUS, Active Directory or LDAP server).
The sign-on splash page may be hosted by the Meraki cloud or on an external web server. An administrator can configure whether new wireless clients are able to obtain network access when the sign-on splash page cannot be displayed or when the username/password credentials cannot be validated (i.e., the authentication server is unreachable). This setting is under the Configure tab on the Access Control page in the “Disconnection behavior” section.
The sign-on splash page can be configured to allow or disallow multiple simultaneous logins for a single set of user credentials.
Hosting Your Own Splash Pages
Meraki also supports the ability for you to host splash pages on your own web server.
This capability is referred to as “EXCAP” (short for external captive portal) for externally hosted captive portals. Using EXCAP, it is possible to deliver a highly customized user sign-on experience, such as video advertising and credit card billing. For additional information, please see Meraki’s Captive Portal Solution Guide.
Billing Spash Page
When configuring an SSID as a wireless hotspot, an administrator can utilize Meraki’s integrated billing features to grant network access only to paying users. Billing is enabled as a network sign-on method. It is configured under the Configure tab on the Access Control page.
- Credit Cards
- Prepaid Cards
- Customization of Billing Splash Pages
- Account Activity Page
SMS Splash Page
Using the Meraki cloud, it is possible to allow new users to sign on via SMS authentication codes. By utilizing this approach, an administrator can tie each new user to a unique phone number that is displayed on the Clients page in dashboard under the ‘Recent User’ column. This data can be used to run SMS campaigns and for validation purposes to ensure that a user has provided personal information that can be used to track them, should they abuse the network.
Splash Sign-on Flow
The network sign-on method for a new user will be as follows:
1) User accesses SSID with SMS splash authentication enabled.
2) Splash page requesting phone number is displayed.
3) User enters their phone number, an authorization code is sent via the user’s carrier to their phone.
4) User enters the unique authorization code into the splash page and presses the ‘enter’ button, is granted access.
5) The user’s phone number is stored in dashboard, and can be seen by adding the ‘Recent User’ column on the Monitor > Clients page.
Facebook Login
Meraki and Facebook provide a social sign-on experience for users logging into Wi-Fi hotspots. Similar to how Meraki splash pages can be used for a customized branding experience, you can now use a specific Facebook page as the sign-on page a user sees when they first log in with Wi-Fi. Users can then check-in with their Facebook credentials, update their status, and ‘like’ the Facebook page.
The Facebook Wi-Fi FAQ is available on the Facebook website.
Google Sign-in
Using the oAuth protocol, Meraki MR access points are able to authenticate users via a sign-on splash page for network access control.
System Manager Sentry enrollment
The SSID on which Sentry is enabled requires a mobile device to be enrolled in any one of an organization’s SM networks before granting the device access to connect to the SSID. If the device is not enrolled in an existing SM network, the user is prompted with a click to accept message that will enroll the device into the SM network as well as provide any configuration profiles and required apps previously configured.
Wireless User Logins
While the Clients page shows a list of devices, the Logins page shows a list of users. A user can login with multiple devices.
The Logins page shows users who have logged in with one of the following authentication methods:
- Sign-on splash pages with a Meraki-hosted authentication server
- Billing logins
Like the Clients page, the Logins page allows an administrator to filter users by the SSID on which they associated, display different columns of information, sort by different columns, and adjust the zoom level by timeframe.