Home > Wireless LAN > MR Splash Page > Using a Sign-on Splash Page to Restrict Wireless Access by MAC address

Using a Sign-on Splash Page to Restrict Wireless Access by MAC address

MAC-based authentication restricts wireless access to specific client devices but traditionally requires a RADIUS server. For smaller deployments, it is easier to configure MAC-based authentication using a Sign-on Splash Page

Configure a Sign-on Splash page

On Wireless > Access Control, select a sign-on splash page with Meraki Authentication as shown below. This requires users to enter a user name and password managed from Network-Wide > Users to access the network.


Note: This cannot be used in conjunction with WPA2-Enterprise encryption, and an error will be presented if attempted.

Ensure the Captive Portal Blocks All Traffic

By default the splash page allows unauthenticated users to pass non-HTTP traffic. To prevent this, change the Captive portal strength setting to Block all access until sign-on is complete on Wireless > Access control.

Add Known Machines to the Whitelist 

Adding machines to the whitelist allows them to bypass the splash page requirement. To add an existing device to the whitelist, find that machine on the Network-Wide > Clients page. Check the box to the left of their device name, and use the Apply policy dropdown to whitelist that machine. Click here for more information about whitelisting and blocking clients. 


Note: Applying custom group policies to specific client devices is an alternative method of bypassing the splash page. 

Add Unknown Machines to the Whitelist

If a specific device should be whitelisted but has not connected to the SSID, add the device to the Network-Wide > Clients page. Select Add clients on the right to add to the clients list by MAC address and whitelist the client. 

For more detailed instructions, see Pre-Configure Network Policy for Client Devices. See Finding the MAC address of a Windows or Mac computer for instructions on locating a machine's MAC address.


With this configuration, whitelisted users will bypass the splash page entirely. All other users will be blocked by a splash page they do not have credentials for.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 2196

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community