Home > Wireless LAN > Splash Page > Interim Updates for Splash Sign-on

Interim Updates for Splash Sign-on

This document describes Meraki’s support for interim accounting messages when using a Sign-on Splash page and a RADIUS accounting server. Meraki’s implementation follows the IETF’s RFC 2869  standard.

Use Cases

External Captive Portal

Customers may use a Custom Splash Page with a Sign-on to validate their network users using RADIUS. The access point will redirect the client to the captive portal hosted on the customer’s server. Using the external captive portal API (EXCAP), the splash page will return the user’s credentials to the Meraki Cloud, and the Meraki Cloud will authenticate with the customer’s RADIUS server. After the initial login, the Meraki Cloud will send interim updates to a RADIUS accounting server. These messages allow the accounting server to accurately keep track of a user’s data usage and time connected.

Meraki Cloud-hosted Sign-on Splash

Customers may choose to use the Meraki Splash page Sign-on with their RADIUS. Using Splash authentication, the access point will redirect the client to the splash page hosted on the Meraki Cloud. After the client enters their login credentials, the Meraki Cloud will authenticate to the customer’s RADIUS server. After the initial login, the Meraki Cloud will send interim updates to a RADIUS accounting server. These messages allow the accounting server to accurately keep track of a user’s data usage and time connected.

 

Enable Interim Updates

RADIUS Server Configuration

To enable RADIUS interim updates for a Splash user, the RADIUS accounting server should include the Acct-Interim-Interval attribute in the Access-Accept response to the Access-Request. If the Acct-Interim-Interval attribute is absent, no interim updates will be sent.

Update Interval

The approximate update interval, in seconds, will equal the value of the Acct-Interim-Interval attribute if set. The minimum interval is 300 seconds (5 minutes), and a lower value will be coerced to the minimum.

Message data

The interim update message will contain the same data sent in an accounting stop message except the Acct-Terminate-Cause attribute will not be included. The data-usage accounting values may be up to 2 minutes delayed when compared to the message’s event timestamp.

Dashboard Configuration

In order to support interim updates for Sign-on Splash, RADIUS accounting must be enabled on the SSID’s Access Control page.  The Meraki Cloud will automatically be configured to send interim accounting messages. For more information please refer to the article, Configuring RADIUS Authentication with a Sign-on Splash Page.

The following instructions outline how to enable RADIUS accounting for a sign-on Splash Page:

  1. In Dashboard, navigate to Wireless > Configure > Access Control.
  2. Select the SSID currently configured to use RADIUS with a sign-on Splash Page.
  3. Further down the page, set RADIUS accounting to RADIUS accounting is enabled.
    Note: If this option is not available, please contact Cisco Meraki Support to have accounting enabled.
  4. In the RADIUS accounting servers section, click Add a server and provide the following details:
    • Host - Public IP address of the RADIUS accounting server.
    • Port - UDP port that the RADIUS server listens on for accounting messages, typically 1813.
    • Secret - RADIUS client shared secret.
      Note: RADIUS accounting messages for a Splash Page will be sourced from Dashboard, not from the local Meraki devices. As such, the RADIUS server's private LAN IP address cannot be specified here.

 

You must to post a comment.
Last modified
14:39, 20 May 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 4608

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case