MAC-based authentication restricts wireless access to specific client devices but traditionally requires a RADIUS server. For smaller deployments, it is easier to configure MAC-based authentication using a Sign-on Splash Page.
On Configure > Access Control, select a sign-on splash page with Meraki Authentication as shown below. This requires users to enter a user name and password managed from Configure > Users to access the network.
Note: This cannot be used in conjunction with WPA2-Enterprise encryption, and an error will be presented if attempted.
By default the splash page allows unauthenticated users to pass non-HTTP traffic. To prevent this, change the Captive portal strength setting to Block all access until sign-on is complete on Configure > Access control.
Adding machines to the whitelist allows them to bypass the splash page requirement. To add an existing device to the whitelist, find that machine on the Monitor > Clients page. Check the box to the left of their device name, and use the Apply policy dropdown to whitelist that machine. Click here for more information about whitelisting and blocking clients.
Note: Applying custom group policies to specific client devices is an alternative method of bypassing the splash page.
If a specific device should be whitelisted but has not connected to the SSID, add the device to the Monitor > Clients page. Select Add devices on the right to add to the clients list by MAC address and whitelist the client.
For more detailed instructions, see Pre-Configure Network Policy for Client Devices. See Finding the MAC address of a Windows or Mac computer for instructions on locating a machine's MAC address.
With this configuration, whitelisted users will bypass the splash page entirely. All other users will be blocked by a splash page they do not have credentials for.