Cisco Meraki Dashboard API integration method, Cisco Meraki networks import into Cloudi-Fi, Cisco Meraki SSID & splash page configuration
This article details steps to import your Meraki networks into Cloudi-Fi and activate your Meraki guest WIFI authentication on your MR/MX, using Cloudi-Fi's captive portal.
Summary:
-
Meraki API enablement,
-
Use Cloudi-Fi wizard to import any existing Meraki network,
-
Configure Meraki SSID and Splash page manually (optional)
1) Enable API access to the Meraki portal
Go to the Meraki administration page, go to Organization Settings Menu,

Tick the box « Enable access to the Cisco Meraki Dashboard API and save changes.

2) Generate the API Key
After enabling the API, go to your profile and scroll down to the « API access » section.

Click on Generate a new API key and save it on your workstation.
Tick the box to confirm that you saved the key and click on Done.

Note: there is a limit of only two API keys per profile.
3) Import the API key Into the Cloudi-Fi portal
Go to Cloudi-Fi administration UI Settings Integrations Select "Meraki" in the integration list
From the Meraki integration screen, create a new Activation by clicking on the "Enable this activation" button.

As of today, only Automatic synchronization mode is available. A manual mode will be added for companies that don't want to share an API key. Click on Automatic to continue.

-
( 1 ) Select Meraki cloud ( World or China )
-
( 2 ) Paste the API key generated on the Meraki portal

It could be useful to create multiple activations if you have devices connected to different Meraki Clouds or to multiple Meraki Organisations.
4) Run the wizard to configure your Cloudi-Fi locations
The wizard is used to import your Meraki networks automatically. They will be available as Cloudi-Fi locations.
-
Click on connect to start the synchronization process.
-
The wizard will directly retrieve networks and device details from Meraki.

-
Define the synchronization target on the following screen by choosing the device type to import ( MX / MR )
-
Restrict synchronized Networks or Devices by selecting Networks or Tags to sync in the Scan section.

-
The last step allows you to deploy your Meraki guest WIFI from Cloudi-Fi on a chosen SSID. If you don't want to let Cloudi-Fi change your Meraki configuration, you can select "Manual" to get the information required to set up your Meraki Splash page / ACLs with Cloudi-Fi.

5) Verify Cloudi-Fi locations creation
Verify that Meraki networks are successfully imported as Cloudi-Fi locations in the LOCATIONS menu :

If you edit the location, you can see that the Wizard has automatically imported the MAC addresses of the Meraki devices. This parameter is used to identify the location.

6) Create the Guest SSID ( optional / when Manual SSID configuration is selected )
Note that menus are different between MR and MX devices.
For MX devices, go to Security & SD-WAN Wireless settings.

Enable an available SSID, fill in a name and choose Security: Open

For MR devices, go to Wireless SSIDs.

Enable an available SSID, fill in a name and save changes.

Then go to Wireless Access control, select your SSID and
-
select "Open (no encryption)" in Association requirements
-
select the "Click-through" method for the Splash page


7) Authorise unauthenticated users to access to "cloudi-fi.net" domain
You also have to authorize unauthenticated users to access to "cloudi-fi.net" domain to allow them to access the Cloudi-Fi captive portal.
Depending on the authentification methods you have enabled on your captive portal, you may have to add additional domains in the Walled garden ranges.
Cloudi-Fi support will provide you with the needed extra domains.
For MX devices, go to Security & SD-WAN Access Control
In the Walled garden ranges, add *.cloudi-fi.net

For MR devices, go to Wireless Access Control
In the Walled garden ranges, add *.cloudi-fi.net

8) Configure how WiFi clients will retrieve an IP
For MR devices, go to Wireless Access Control
This setting depends on your network architecture, for instance, if you already have a DHCP server and dedicated DHCP range for Guest users.
For easy deployment, we recommend using the "NAT mode" option.
The Access-Point will act as a DHCP server, and all WiFi clients will be seen outside of the wireless network with the Access Point LAN IP.

9) Configure the Splash page in Meraki administration
For MX devices, go to Security & SD-WAN Splash page

Select your VLAN and choose to use a Custom splash URL and fill the Cloudi-Fi URL

For MR devices, go to the Wireless Splash page

Select your SSID and choose to use a Custom splash URL, and fill in the Cloudi-Fi URL

10) Prevent Guest users from accessing your internal networks
For MR devices, go to Wireless Firewall & Traffic Shaping
Select your SSID and modify the existing rule to deny Guest users access to private IP ranges and Save

For more information on Cloudi-Fi solution partnership with Cisco Meraki, you can consult our Cisco Meraki Partner page here.
Comments
0 comments