A splash page (or "captive portal") can be simply described as a page users would receive on the client device they connect with, which they are obliged to view and interact with, before they get to access the webpage they are actually looking for. A splash page could prompt for usernamehttps://sg.cdnki.com/what-symbol-on-the-wlc-dashboard-gui-would-you-need-to-select-in-order-to-configure-the-device---aHR0cHM6Ly9kb2N1bWVudGF0aW9uLm1lcmFraS5jb20v.webppassword credentials or it could be just a 'view and acknowledge' page before users are allowed access to the network. It can provide a customized branding experience to wiredhttps://documentation.meraki.com/wireless users. For example, the splash page can display a corporate logo and color scheme. The splash page can also show the terms of service, which might include an acceptable user agreement or a privacy statement. Both Meraki MX and Meraki MR devices allow administrators to use a splash page. A splash page can be enabled on the access control page for both. On an MX, you can go to Security & SD-WAN > Configure > Access Control. On an MR, you can go to Wireless > Configure > Access Control. Splash pages can be hosted by Meraki or by an external host. The picture you see below is a basic splash page prompting for usernamehttps://documentation.meraki.com/password credentials using Meraki authentication. Once you navigate to Wireless > Configure > Access Control in the dashboard and enable splash page, you will need to choose what type of authenticationhttps://documentation.meraki.com/network access you would be using for your splash page. A client device is prompted with a splash page after the client is associated to the wireless network. More information on the different association options is found on the Wireless Encryption and Authentication Overview document. Splash page network access options are: Users can access the network as soon as they associate. Users must view and acknowledge your splash page before being allowed on the network. The appearance of this page can be customized. You will need to choose Sponsor email domains when you select this option. When guests receive the splash page, they will be asked to enter their own name and email address first, then a valid sponsor email address within the sponsor email domain they chose. The owner of the sponsor email will receive a request from the user for network access and the request should be approved to be allowed on the network.
Users enter a mobile phone number and receive an authorization code via SMS.After a trial period of 25 texts, you will need to connect with your Twilio account on the Network wide settings page.
Users are redirected to the Cisco ISE web portal for device posturing and guest access.
Systems Manager Sentry enrollment requires that the connecting device be enrolled within one of the organization's System Manager networks before gaining access to the network. If a device attempts to connect with the network and is not enrolled within a Systems Manager network in the organization, the device will be presented with a prompt to enroll the device into the defined Systems Manager network. (See the picture below)
After selecting Systems Manager Sentry enrollment as a splash page, a new section will appear on the Access Control page, directly below the Splash Page section. This section allows further configuration of Systems Manager Sentry. Enrollment network: This dropdown is used to select the SM network that unenrolled devices will be prompted to enroll in before gaining access. Strength: Each setting allows for adjustment of the scope of devices that will be forced to enroll within a Systems Manager network. Enforce On: Select the checkbox for each device type that should be forced to enroll in a Systems Manager network before gaining network access.
Users choose from various pay-for-access options, or an optional free tier (possibly subject to a bandwidth limit). The splash page will look like the picture below. You can determine the pricing plans for users as you like and if you check the box for Hide bandwidth numbers?, the bandwidth limit you choose for the pricing plan will not be displayed for users on the splash page. When clients purchase network access, they receive a receipt by email. The Reply-to-address is the email address you want to use for the interaction with the user, or for setting a no-reply for billing emails. If VLANs are configured on the Security Appliance > Configure > Addressing and VLANs page, splash settings are configured separately for each VLAN. Use the Select VLAN drop-down at the top of the Security Appliance > Configure > Access Control page to choose the VLAN you wish to modify splash settings for. Splash page network access options for MX devices are limited compared to the options available for Meraki MR. The access control options available for MX devices include: Users can access the network as soon as they associate Users must view and acknowledge your splash page before being allowed on the network Sign-on with My Radius server https://documentation.meraki.com/ 3rd Party Credentials https://documentation.meraki.com/ Facebook Login Users must enter a username and password before being allowed on the network
When you enable a splash page using any of the network access options for MX or MR (except Cisco ISE authentication), you are going to see the Network Access Control field. Network Access Control (NAC) requires that clients connecting to the network have valid Antivirus software installed on the machine before gaining access. When a Windows client connects to an SSID with NAC enabled they will be presented with a Splash Page that utilizes a Java applet to scan the local system to ensure there is a compliant Antivirus program installed. Clients that pass this scan will be allowed onto the network. Clients that fail this check will be blocked and redirected to either download Microsoft Security Essentials or to the defined Remediation URL. For more detailed information, please see our Network Access Control (NAC) article. The following options can be configured for the captive portal that users are placed in before they have passed through the splash page:
This setting will bypass access firewall rules on Click-through splash-page SSID until the client does a sign-on in the captive portal. The option is disabled by default.
The Captive Portal API extends the power of the built-in Meraki splash page functionality by providing complete control of the content and authentication process. For more details, please check our developer documentation on the Captive Portal API. After the splash page has been enabled, administrators can customize the content and behavior of the splash portal. For MR, administrators can use Wireless > Configure > Splash Page. Administrators can set up a separate splash page for each SSID on this page. For MX, administrators can use Security Appliance > Configure > Splash page. Here you can choose among the Fluid, Classic, or Plain themes for the splash page. You can also create a custom theme using the "Create something new" button, or edit an existing custom theme by clicking on the grey pencil icon next to the theme. On the right side of the page, you can configure the color palates for the splash page. The Preview section allows you to preview various splash elements to see what they will look like for users. Here you can configure a custom splash URL that users will be redirected to if you do not wish to use the provided Meraki hosted splash pages. You can customize several elements of your Meraki hosted splash page. Here you can configure options related to the user's splash experience. There are two settings: It is possible to reset the splash page authorization and force a client to again be presented with the configured splash page. This may be useful in several situations, such as testing the splash page in a live environment with a specific client. Authorization can be revoked by performing the following: Certain types of devices cannot interact with a splash page in order to authenticate against it, such as gaming consoles, VoIP phones, or DVR systems. One way to allow these devices to successfully connect to an SSID configured with a splash page is to create a group policy to be applied to clients that require this bypass: This will allow all selected clients to use the newly created policy to bypass the splash page once the latest configuration has been applied to the Meraki devices serving splash pages. |