Cisco Meraki (MR series)

Follow

Purpose

This guide shows how to configure a Cisco Meraki device (MR series) for Volare.

Please note that the images contained in this article may contain outdated configuration data. Therefore, please check the data contained in the article "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.

Prerequisites

This article applies to the following models:

  • MR12
  • MR16
  • MR18
  • MR26
  • MR34
  • MR24
  • MR62
  • MR66
To use these access points, it is necessary for the router to be connected to the Internet.
 
It is recommended to update your device firmware to the last available version.
You may choose to configure the device to automatically receive and install last firmware updates.

Configuring your SSID and access controls

The first step is configuring the SSID of the access point.
Please select your organization and group, then select Wireless in the drop-down menu and then click SSIDs under the Configure subsection.
 

Then select your SSID. If you want to use an inactive SSID, please click on Show all my SSIDs.

 
Then enable your inactive SSID.
 

If your network is disabled, please enable it.

 
You can rename the SSID at your convenience by clicking rename.
 
 

Then, by clicking edit settings, you can configure access settings for the network.

In the Association requirements section no encryption should be set, since end-users will perform the authentication against a RADIUS server.

In the Splash page section you must set how the end-user will access the Internet. Since the purpose is to use the device as an access point, you must enable the RADIUS authentication as shown below.

Then you must set the IP address and the port for the RADIUS server, for both authorization and accounting phases. You can configure the device to support a primary and a secondary RADIUS server.

Please ensure that end-user will not be able to access the network in case RADIUS servers are not available

You also must set the complete access to the Internet only for authenticated end-users. To do this you must set Captive portal strength to Block all access until sign-on is complete.

Then you have to configure the walled garden, that is the list of hosts or IP addresses ranges that can be visited by end-users even without being authenticated.
in order to use this functionality in the most effective way, we recommend to make a request to Cisco Meraki asking for the activation of walled garden feature. This will allow to open not only hostnames to end-users, but even IP address ranges (by using CIDR notation) and subdomains (by using domain wildcards).
After the activation of this feature, a tip below the Walled garden input will indicate the right syntax to enter new domains.

In order to configure the walled garden please check the following articles:
Please note that it is necessary to add the Welcome Portal URL into this list, otherwise you can experience problems. You can find this URL in the Parameters for the solution paragraph, as Custom splash URL field.
 
 
Then NAT mode or Bridge mode can be chosen according to the network configuration chosen.
 
 
If chosen, it is possible to set VLAN tagging, in order to direct traffic to specific VLANs.
 
 
You can set the version of the IEEE 802.11 protocol to use.
 
 
Then save your changes.
 


Configuring the Splash page

The network and the authentication policies are now configured, but we need to set the page where unauthenticated end-users are redirected, that is the Welcome Portal.
In order to get the correct WPortal URL, please check the paragraph "Parameters for the Solution" at the bottom of the page, since it is certainly updated.

You can do this by clicking Splash page.

In the next page, please select your SSID.

Please select the Welcome Portal URL under Custom splash URL.

And under Splash behavior, in the input field called Where should users go after the splash page?

Then save your changes.
 


Allowing free access to the CDN

Explained in the article Enabling the CDN, you must add some IP addresses to the walled garden in order to support the access to the CDN.
The domains to add for this purpose are:

  • c4wstatic.cloud4wi.com
  • c4wstaticjs.cloud4wi.com

Entering the device to the Admin Panel

For Cisco Meraki devices, the Admin Panel requires only the MAC address and the Identifier field is not required.
 
If you need help in finding the MAC address of your device, please check the following article from Cisco Meraki documentation: Locating the MAC address of Cisco Meraki devices.
 
In order to add a new access point to the system, please see How to add an access point.

Parameters for the Solution

The parameters indicated above for the Mode Settings section are mandatory for the proper functioning. The parameters to integrate the device with the Solution are the following:

RADIUS for splash page (primary)
Host: 54.247.117.188
Port: 1812
Secret: (it will be communicated by Cloud4Wi)
 
RADIUS for splash page (secondary)
Host: 79.125.111.180
Port: 1812
Secret: (it will be communicated by Cloud4Wi)

RADIUS accounting servers (primary)
Host: 54.247.117.188
Port: 1813
Secret: (it will be communicated by Cloud4Wi)

RADIUS accounting servers (secondary)
Host: 79.125.111.180
Port: 1813
Secret: (it will be communicated by Cloud4Wi)

Custom splash URL

URL: https://splashportal.cloud4wi.com/

Splash behavior
URL: https://splashportal.cloud4wi.com/

Please note that it is necessary to enter the Welcome Portal URL exactly as it is written above.
If you enter the Welcome Portal URL in different formats (e.g. https://splashportal.cloud4wi.com/c4wportal/mysplashportal), then the redirection will fail and the end-user will not be able to see the Welcome Portal.

If these parameters change in the future, we will promptly inform you about new values.

Configuring your Cisco Meraki access point to communicate with Presence Analytics APIs

The entire procedure is described in the article: Enabling Meraki CMX to communicate with Presence APIs.

Have more questions? Submit a request

Comments