Home > Wireless LAN > Splash Page > Authentication method used by the Sign-on Splash page with Customer hosted RADIUS server

Authentication method used by the Sign-on Splash page with Customer hosted RADIUS server

Table of contents
No headers

The wireless connection policy configured on your RADIUS server must be configured to use PAP as the authentication method when you are using the Sign-on Splash page feature with a customer hosted RADIUS server. 

With PAP, user credentials are sent in plain text. However, in a Meraki network, user credentials are encrypted in an SSL tunnel when sent from the clients web browser to the Meraki Cloud. The Meraki Cloud acting as the RADIUS client sends the username and password along with other connection specific data in a RADIUS Access-request to the RADIUS server you specified in Dashboard. For security, the Meraki Cloud encrypts the password using the RADIUS shared secret and an XOR function. This ensures the users password is never transmitted in plain text.    

To enable PAP as an accepted authentication method in the Microsoft Network Policy Server, please take the steps below.


  1. Open the Network Policy Server management snap-in.
  2. Navigate to Policies> Network Policies.
  3. Right-click your wireless policy and select Properties.
  4. In the Properties of your wireless policy, click on the Constraints tab.
  5. Select Authentication Methods from the Constraints section. 
  6. Under the section Less secure authentication methods: make sure the box unencrypted authentication (PAP, SPAP) is checked.
  7. Click OK.
  8. Click No when the Connection Request Policy window appears.
You must to post a comment.
Last modified
13:34, 31 Oct 2016


This page has no custom tags.


This page has no classifications.

Article ID

ID: 2018

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case