Cisco Meraki (MR series) – Help Center

Purpose

This guide shows how to configure a Cisco Meraki device (MR series) for Cloud4Wi.

Please note that the images contained in this article may contain outdated configuration data. Therefore, please check the data in the paragraph "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.

Supported devices

This article applies to all devices belonging to the MR series

Prerequisites

Don't you see the options to set Splash page, Access control, RADIUS Accounting or DNS-Based Walled Garden Support under Configure tab? Just ask Meraki via technical support for firmware upgrade:

Dear Meraki support,
I'd like you to get the access to the features described below:
Splash Page: https://documentation.meraki.com/MX-Z/Access_Control_and_Splash_Page/Splash_Page
Access Control: https://documentation.meraki.com/MX-Z/Access_Control_and_Splash_Page/Access_Control
Walled Garden: https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Walled_Garden
Radius Accounting: https://documentation.meraki.com/MR/Splash_Page/Configuring_RADIUS_Authentication_with_a_Sign-on_Splash_Page

I'm setting up my Meraki Dashboard to be used with Cloud4Wi service (https://marketplace.cisco.com/catalog/solution/154406?pid=157939) and these features are required.
Please update the device's firmware at your earliest convenience.

Thank you in advance.

Please check that the router is connected to the Internet.

It is recommended to update your device firmware to the last available version.
You may choose to configure the device to receive and install last firmware updates automatically.

Setting your SSID and access controls

The first step is configuring the SSID of the access point.
Please choose your organization and group, then select Wireless in the drop-down menu and then click SSIDs under the Configure subsection.

Then select your SSID. If you want to use an inactive SSID, please click on Show all my SSIDs.

Then enable your inactive SSID.

If your network is disabled, please enable it.

You can rename the SSID at your convenience by clicking rename.

Then, by clicking edit settings, you can configure access settings for the network.

You should set no encryption in the Association requirements section since end-users will perform the authentication against a RADIUS server.

In the Splash page section, you must set how the end-user will access the Internet. Since the purpose is to use the device as an access point, you must enable the RADIUS authentication as shown below.

Then you must set the IP address and the port for the RADIUS server, for both authorization and accounting phases. You can configure the device to support a primary and a secondary RADIUS server.
Please ensure that end-user will not be able to access the network in case RADIUS servers are not available.

For better user experience, we recommend disabling data-carrier-detect (this will limit the disconnection of users in case the access point does not detect the device for a while).

You also must set the complete access to the Internet only for authenticated end-users. To do this, you must set Captive portal strength to Block all access until sign-on is complete.

Then you have to configure the walled garden, that is the list of hosts or IP addresses ranges that can be visited by end-users even without being authenticated.
To use this feature most effectively, we recommend making a request to Cisco Meraki asking for the activation of the "walled garden" feature. Doing this, you will be able to enter not only hostnames but even IP address ranges (by using CIDR notation) and subdomains (by using domain wildcards).

After the activation of this feature, a tip below the Walled garden input will indicate the right syntax to enter new domains.

To configure the walled garden, please check the following articles:

Please note that it is necessary to add the Splash Page URL into this list to avoid redirection problems when using the Splash Page. You can find this URL in the Parameters for the solution paragraph, as Custom splash URL field.

For Simultaneous logins, you have to set "Allow simultaneous devices per user".

You can choose the NAT mode or Bridge mode according to your favorite network configuration.

If required, it is possible to set VLAN tagging, to direct traffic to specific VLANs.

You can set the version of the IEEE 802.11 protocol to use.

Then save your changes.

Configuring the Splash page

Finally, we need to set the Splash Page.
To get the correct Splash Page URL, please check the paragraph "Parameters for the Solution" at the bottom of the page, since it is updated.

You can do this by clicking Splash page.

In the next page, please select your SSID.

Please select the Splash Page URL under Custom splash URL.

And under Splash behavior, in the input field called Where should users go after the splash page?

Then save your changes.

Allowing free access to the CDN

Explained in the article Enabling the CDN, you must add some IP addresses to the walled garden to take advantage of the benefits of the CDN.
The domains to add for this purpose are:

c4wstatic.cloud4wi.com
c4wstaticjs.cloud4wi.com

Entering the device details into the Cloud4Wi Dashboard

For Cisco Meraki devices, the Cloud4Wi Dashboard requires only the MAC address, and the Identifier field is not required.

If you need help in finding the MAC address of your device, please check the following article from Cisco Meraki documentation: Locating the MAC address of Cisco Meraki devices.

To add a new access point to the system, please see How to add an access point.

Configuring your Cisco Meraki access point to communicate with Presence Analytics APIs

Find the entire procedure in the article: Enabling Meraki CMX to communicate with Presence APIs.

Parameters for the Solution

The parameters indicated above for the Mode Settings section are mandatory for the proper functioning:

RADIUS for splash page (primary)
Host: 54.247.117.188
Port: 1812
Secret: (Cloud4Wi will communicate it)

RADIUS for splash page (secondary)
Host: 79.125.111.180
Port: 1812
Secret: (Cloud4Wi will communicate it)

RADIUS accounting servers (primary)
Host: 54.247.117.188
Port: 1813
Secret: (Cloud4Wi will communicate it)

RADIUS accounting servers (secondary)
Host: 79.125.111.180
Port: 1813
Secret: (Cloud4Wi will communicate it)

Custom splash URL
URL: https://splashportal.cloud4wi.com/

Splash behavior
URL: https://splashportal.cloud4wi.com/

Please copy and paste the Splash Page URL above.
If you enter the Splash Page URL in different formats (e.g., https://splashportal.cloud4wi.com/c4wportal/mysplashportal), then the redirection will fail, and the end-user will not be able to see the Splash Page.

If these parameters change in the future, we will promptly inform you about new values.