Home > Wireless LAN > Splash Page > Using a Sign-on Splash Page to Restrict Wireless Access by MAC address

Using a Sign-on Splash Page to Restrict Wireless Access by MAC address

MAC-based authentication restricts wireless access to specific client devices but traditionally requires a RADIUS server. For smaller deployments, it is easier to configure MAC-based authentication using a Sign-on Splash Page

Configure a Sign-on Splash page

On Configure > Access Control, select a sign-on splash page with Meraki Authentication as shown below. This requires users to enter a user name and password managed from Configure > Users to access the network.

 

Note: This cannot be used in conjunction with WPA2-Enterprise encryption, and an error will be presented if attempted.

Ensure the Captive Portal Blocks All Traffic

By default the splash page allows unauthenticated users to pass non-HTTP traffic. To prevent this, change the Captive portal strength setting to Block all access until sign-on is complete on Configure > Access control.

Add Known Machines to the Whitelist 

Adding machines to the whitelist allows them to bypass the splash page requirement. To add an existing device to the whitelist, find that machine on the Monitor > Clients page. Check the box to the left of their device name, and use the Apply policy dropdown to whitelist that machine. Click here for more information about whitelisting and blocking clients. 


 

Note: Applying custom group policies to specific client devices is an alternative method of bypassing the splash page. 

Add Unknown Machines to the Whitelist

If a specific device should be whitelisted but has not connected to the SSID, add the device to the Monitor > Clients page. Select Add devices on the right to add to the clients list by MAC address and whitelist the client. 

For more detailed instructions, see Pre-Configure Network Policy for Client Devices. See Finding the MAC address of a Windows or Mac computer for instructions on locating a machine's MAC address.


 

With this configuration, whitelisted users will bypass the splash page entirely. All other users will be blocked by a splash page they do not have credentials for.

You must to post a comment.
Last modified
15:15, 18 Feb 2016

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2196

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case