WiFi4EU Deployment with Meraki Captive Portal
WiFi4EU is an initiative that is targeted to provide free WiFi in public spaces such as parks, gardens, libraries, etc. for public usage. The devices used to provide this free WiFi are purchased and owned by municipalities.
Integrating WiFi4EU with Cisco Meraki
WiFi4EU program requires the use of a captive portal that sends metrics back to the WiFi4EU services in the backend for tracking purposes. This is achieved by running a script on the captive portal when users connect to the WiFi network. Since this script is owned by EU there are some security concerns in running this script on the Meraki cloud. In order to fulfill this requirement Cisco Meraki Splash page option can be used to redirect users to a 3rd party service where the script can be hosted to provide free WiFi to users. There are a few services such as GitHub and Heroku that offer free hosting of websites or you can use your own server for this as well. Do keep in mind that these services will vary depending on regions and you can check these locally before making a decision.
Configure Access Control
-
In the dashboard, navigate to Wireless > Configure > Access control.
-
Select the SSID you want to configure from the SSID drop-down.
-
Under Security, choose Open.
-
Under Splash Page, choose Click-through splash page.
-
Select "Save Changes."
Note: If your browser enters a redirect loop, check your walled garden settings and ensure your web server's IP or domain name (if the server is hosted publicly) has been added to the walled garden.
The below link provides a sample integration that can help understand the flow of hosting this service on a 3rd party server.
https://github.com/mpapazog/meraki-wifi4eu-portal
Please make sure that you check the script URL as this is hosted by the European Commission and may get updated in the future. Please note this is only for reference and will need modification for viewing this in different languages and showing different content on the splash page.
Forcing a User Back to the Splash Page
If a device should be forced back through the splash, simply clear that device's splash authorization. The AP will then send the client through the splash page the next time it initiates an HTTP flow.