Step-by-step instructions to set up an API captive portal with Cisco Meraki access points and Cloudi-Fi for user authentication.
Table of contents
Step 2: Connect your Meraki Organization with your Cloudi-Fi tenant
Step 3: Define the synchronization settings
Step 5: Verify Cloudi-Fi location creation
Step 6 (*): Create the Guest SSID
Step 7 (*): Allow unauthenticated users to access to "*.cloudi-fi.net" domain
Step 8 (*): Configure the Splash page in the Meraki administration
Step 9 (*): Prevent Guest users from accessing your internal networks
(*) Optional - when Manual SSID configuration is selected (see Step 4: Configure SSID)
Use case:
The following sections will provide step-by-step instructions to enable Cloudi-Fi cloud-based WiFi Captive portal service with your existing Meraki architecture.
Prerequisites:
Before starting, ensure that you have the following prerequisites:
- A Cisco Meraki access point.
- Access to the Cisco Meraki dashboard.
- Knowledge of your network’s IP addressing scheme.
- Enable API access to the Meraki portal and synchronise your Meraki networks with Cloudi-Fi.
Go to the Meraki administration page > Organization > Settings Menu > Dashboard API access and tick the box « Enable access to the Cisco Meraki Dashboard API”
Save changes.
Step 1: Generate the API Key
After enabling the API, go to Organization > Settings Menu > Dashboard API access > profile
Step 2: Connect your Meraki Organization with your Cloudi-Fi tenant
Go to Cloudi-Fi administration UI > Configuration > Integrations and select "Meraki" in the integration list
If the “Integration” section is unavailable, check that the “Integration Menu“ is enabled for your Administrator’s profile.
Then click on “Enable this Integration” to create a new Activation.
As of today, only “Automatic synchronization” mode is available. A manual mode will be added for companies that don't want to share an API key. Click on Automatic to continue.
Then select the Meraki Cloud (World or China) and Paste the API key generated on the Meraki portal and click on "Connect" to start the synchronization process. It will run the wizard to configure your Cloudi-Fi locations. The wizard is used to import your Meraki networks automatically. They will be available as Cloudi-Fi Admin UI > locations.
Note: It could be useful to create multiple activations if you have devices connected to different Meraki Clouds or multiple Meraki Organisations.
Step 3: Define the synchronization settings
Then, you have to define the following parameter
- Activation name
- Create_locations
- From networks - only network tags will be imported
- From AP tags - only AP tags will be imported
- Import
- Both MR and MX
- Only MX
- Only MR
- Scan
- Everywhere - every time a new network is created in Meraki, it will appear in the locations list
- Only some networks / Only some networks tags - every time a new network is created in Meraki, it will appear in the integration and the customer can decide to import it or not
Step 4: Configure SSID
The last step lets you deploy your Meraki guest WIFI from Cloudi-Fi on a chosen SSID.
- Automatic: Cloudi-Fi will push Guest configuration on SSIDs selected
- Manual: if you don't want to let Cloudi-Fi change your Meraki configuration, you can select "Manual" to get the information required to set up your Meraki Splash page / ACLs with Cloudi-Fi.
Step 5: Verify Cloudi-Fi location creation
Verify that Meraki networks are successfully imported as Cloudi-Fi locations Cloudi-Fi > Admin UI > Locations.
If you edit the location, you can see that the Wizard has automatically imported the MAC addresses of the Meraki devices. This parameter is used to identify the location.
Step 6 (*): Create the Guest SSID
(*) Optional - when Manual SSID configuration is selected (see Step 4: Configure SSID)
Verify that Meraki networks are successfully imported as Cloudi-Fi locations Cloudi-Fi > Admin UI > Locations.
For MX devices, go to Meraki Dashboard > Security & SD-WAN > Wireless settings
Then, enable an available SSID, fill in a name and choose Security (Open)
For MR devices, go to Meraki Dashboard > Wireless > SSID
Then enable an available SSID, fill in a name and save changes.
Then go to Meraki Dashboard > Wireless > Access control and select your SSID
- Security: select “Open (no encryption)”
- WPA encryption: select “Disabled”
- Splash page: select “Click Through”
- Client IP and VLAN: This setting depends on your network architecture, for instance, if you already have a DHCP server and dedicated DHCP range for Guest users. For easy deployment, we recommend using the "NAT mode" option. The Access-Point will act as a DHCP server, and all WiFi clients will be seen outside of the wireless network with the Access Point LAN IP.
Step 7 (*): Allow unauthenticated users to access to "*.cloudi-fi.net" domain
(*) Optional - when Manual SSID configuration is selected (see Step 4: Configure SSID)
You also have to authorize unauthenticated users to access to "cloudi-fi.net" domain to allow them to access the Cloudi-Fi captive portal. Depending on the authentication methods you have enabled on your captive portal, you may have to add additional domains in the Walled Garden ranges.
For MX devices, go to Meraki Dashboard > Security & SD-WAN > Access Control
- Splash page: select “Click Through”
- Network access control: select “Disabled”
- Captive portal strength: select “Block all access until sign-on is complete”
- Walled garden: select “Walled garden is enabled”
- Walled garden range: *.cloudi-fi.net
- Controller disconnection behavior: select “Restricted: only currently associated clients and whitelisted devices will be able to use the network”
For MR devices, go to Meraki Dashboard > Wireless > Access Control. Then select your SSID and in the Walled garden ranges, add *.cloudi-fi.net
- Captive portal strength: select “Block all access until sign-on is complete”
- Walled garden: select “enabled”
- Walled garden range: *.cloudi-fi.net
- Controller disconnection behavior: select “Restricted”
Step 8 (*): Configure the Splash page in the Meraki administration
(*) Optional - when Manual SSID configuration is selected (see Step 4: Configure SSID)
For MX devices, go to Meraki Dashboard > Security & SD-WAN > Splash page . Then Select your VLAN, choose to use a Custom splash URL and fill in the Cloudi-Fi URL (see Custom Splash Page in Step 4: Configure SSID)
Step 9 (*): Prevent Guest users from accessing your internal networks
(*) Optional - when Manual SSID configuration is selected (see Step 4: Configure SSID)
For MR devices, go to Meraki Dashboard > Wireless > Firewall & Traffic Shaping
Select your SSID and modify the existing rule to deny Guest users access to private IP ranges and Save
For more information on Cloudi-Fi solution partnership with Cisco Meraki, you can consult our Cisco Meraki Partner page here.
Troubleshooting:
If you still encounter any issues during the setup or operation, you can first follow Cloudi-Fi's first-level troubleshooting guide. If you are still facing issues, we invite you to contact the Cloudi-Fi support team.
What’s Next?
Congratulations on enabling the API captive portal with Cisco Meraki!