New Cisco Meraki External Captive Portal Configuration with Captive WiFi

  1. Overview
  2. WiFi Hardware
  3. New Cisco Meraki External Captive Portal Configuration with Captive WiFi

Complete Configuration Guide for IT Engineers

Important: This guide is NOT for Meraki Go devices. Meraki Go uses a different configuration interface.

1. Overview

This guide provides step-by-step instructions for configuring a Cisco Meraki wireless network to work with an external captive portal for guest WiFi authentication. The configuration creates a guest network that redirects users to a cloud-based splash page for authentication before granting internet access.

What This Guide Covers

  • Configuring SSID access control settings

  • Setting up the walled garden for pre-authentication access

  • Configuring the external splash page redirect

  • Setting splash page frequency and behaviour

  • Testing and troubleshooting the configuration

2. Prerequisites

Before You Begin

  1. Administrative access to the Meraki Dashboard

  2. All Access Points intended for the Captive WiFi network are recognised and onboarded in the dashboard

  3. Your Site ID from the Captive WiFi portal (found in WiFi Hardware section)

  4. Your Unique ID from the Captive WiFi portal (found under Manage Venue)

Required Addresses for Walled Garden

You will need the following addresses during configuration:

Service

Address

Portal Domain

getonline.captivewifi.io

Portal Server IP

138.68.152.191

Digital Ocean Storage

captivewifi.fra1.digitaloceanspaces.com

Images Server IP

5.101.109.44

Required URLs

Purpose

URL Format

Splash Page URL

https://getonline.captivewifi.io/guest/<YOUR_SITE_ID>

Post-Auth Redirect

https://getonline.captivewifi.io/connected/<YOUR_UNIQUE_ID>

Note: The Site ID is found under WiFi Hardware in the Captive WiFi Dashboard. The Unique ID is found under Manage Venue in the Captive WiFi Dashboard.

3. Configure Access Control

Set up the SSID security and authentication method.

3.1 Navigate to Access Control

  1. Log in to the Meraki Dashboard

  2. Navigate to Wireless > Access Control

  3. Select the SSID you want to configure for guest access (or create a new one)

3.2 Configure Security Settings

Under Security, select the following:

Setting

Value

Security

Open (no encryption)

Note: Open security is required because authentication is handled by the external captive portal, not WPA2/WPA3.

3.3 Configure Splash Page Type

Under Splash page, select:

Setting

Value

Splash page

Click-through

This tells Meraki to redirect users to a splash page before granting network access.

3.4 Save Changes

Click Save Changes at the bottom of the page.

4. Configure Walled Garden

The walled garden allows guests to access specific destinations before completing splash page authentication. This is essential for the captive portal to load properly.

4.1 Enable Walled Garden

  1. On the Access Control page, scroll down to Walled garden

  2. Toggle the walled garden to Enabled

4.2 Add Required Entries

Add the following entries to the walled garden:

Entry

Purpose

getonline.captivewifi.io

Main portal domain

138.68.152.191

Portal server IP

captivewifi.fra1.digitaloceanspaces.com

Asset storage (images, CSS, JS)

5.101.109.44

Images server IP

Enter each address on a separate line in the walled garden field.

Important: All four entries are required for the splash page to load correctly with all images and styling.

4.3 Save Changes

Click Save Changes at the bottom of the page.

5. Configure Splash Page

Set up the external splash page URL and redirect behaviour.

5.1 Navigate to Splash Page Settings

  1. Navigate to Wireless > Splash page

  2. Select the same SSID you configured in the previous steps

5.2 Configure Custom Splash URL

Under Custom splash URL, select:

Setting

Value

Splash page

Custom splash URL

Custom splash URL

https://getonline.captivewifi.io/guest/<YOUR_SITE_ID>

Important: Replace <YOUR_SITE_ID> with your actual Site ID from the Captive WiFi Dashboard under WiFi Hardware.

5.3 Configure Splash Frequency

Under Splash frequency, configure how often users must re-authenticate:

Venue Type

Recommended Setting

Hotels

Every few days (e.g., 3-7 days)

Restaurants / Cafes

Every few hours (e.g., 3 hours)

Retail

Every day

Events

Every week

Choose the frequency that best matches your venue's guest patterns.

5.4 Configure Splash Behaviour (Post-Authentication Redirect)

Under Splash behaviour, configure where users are redirected after authentication:

Setting

Value

Where should users go after the splash page?

A different URL

Redirect URL

https://getonline.captivewifi.io/connected/<YOUR_UNIQUE_ID>

Note: The Unique ID can be found in the Captive WiFi Dashboard under Manage Venue. Alternatively, find the Connected Page link under Splash Design in the Captive WiFi Dashboard.

5.5 Save Changes

Click Save Changes at the bottom of the page.

6. Optional: Configure Additional Settings

6.1 Client Isolation (Recommended)

To prevent guests from communicating with each other on the network:

  1. Navigate to Wireless > Firewall & traffic shaping

  2. Select your guest SSID

  3. Under Wireless client isolation, select Isolate clients

  4. Click Save Changes

6.2 Bandwidth Limits (Optional)

To set bandwidth limits for guest users:

  1. Navigate to Wireless > Firewall & traffic shaping

  2. Select your guest SSID

  3. Under Bandwidth limits, configure:

    • Per-client bandwidth limit (e.g., 5 Mbps down, 2 Mbps up)

  4. Click Save Changes

6.3 VLAN Tagging (If Required)

If you need to place guest traffic on a specific VLAN:

  1. Navigate to Wireless > Addressing and traffic

  2. Select your guest SSID

  3. Under Client IP assignment, select Bridge mode or configure VLAN tagging as required

  4. Click Save Changes

7. Testing the Configuration

7.1 Pre-Flight Checks

Before testing with a device, verify in the Meraki Dashboard:

  1. The SSID is enabled and broadcasting

  2. Security is set to Open

  3. Splash page is set to Click-through

  4. Custom splash URL is correctly entered with your Site ID

  5. Walled garden contains all four required entries

  6. Splash behaviour redirect URL contains your Unique ID

7.2 End-to-End Test

  1. Connect a test device to the guest WiFi network

  2. Verify the device receives a DHCP address

  3. Open a web browser and navigate to any HTTP website (e.g., http://example.com)

  4. Confirm you are redirected to the captive portal splash page

  5. Verify the splash page loads correctly with all images and styling

  6. Complete the authentication process

  7. Verify you are redirected to the connected page

  8. Verify internet access is granted after authentication

7.3 Common Test Points

Test

Expected Result

DHCP Lease

Device receives IP address

Splash Redirect

Automatic redirect to getonline.captivewifi.io

Page Appearance

Splash page loads with all images and branding

Authentication

User can complete sign-in process

Post-Auth Redirect

Redirected to connected page

Internet Access

Full internet access after authentication

8. Troubleshooting

Splash Page Not Loading

  • Verify all walled garden entries are correct

  • Check that the walled garden is enabled

  • Ensure DNS is resolving correctly for the device

  • Test connectivity to 138.68.152.191 and 5.101.109.44

  • Wait a few minutes after saving changes for them to propagate to APs

Splash Page Missing Images or Styling

  • Verify captivewifi.fra1.digitaloceanspaces.com is in the walled garden

  • Verify 5.101.109.44 is in the walled garden

  • Check browser developer tools for blocked resources

Users Not Redirected to Splash Page

  • Confirm splash page is set to Click-through

  • Verify the custom splash URL is entered correctly

  • Check that the SSID security is set to Open

  • Try accessing an HTTP site (not HTTPS) for initial redirect

  • Clear device WiFi settings and reconnect

Redirect Not Working After Authentication

  • Verify the splash behaviour is set to A different URL

  • Check the redirect URL contains the correct Unique ID

  • Ensure the URL format is exactly https://getonline.captivewifi.io/connected/<UNIQUE_ID>

Users Prompted to Authenticate Too Frequently

  • Check the splash frequency setting

  • Increase the duration if guests are being prompted too often

  • Note that clearing browser cookies or "forgetting" the network will require re-authentication

Changes Not Taking Effect

  • Meraki changes can take a few minutes to propagate to Access Points

  • Verify the APs are online in the dashboard

  • Check the AP status shows recent configuration sync

  • Try rebooting a test AP if changes are not appearing

Intermittent Connectivity Issues

  • Check AP health in the Meraki Dashboard

  • Verify channel utilisation is not excessive

  • Check for interference from neighbouring networks

  • Review client event logs for the affected device

9. Quick Reference

Configuration Summary

Component

Setting

Value

Security

Type

Open

Splash Page

Type

Click-through

Splash Page

Custom URL

https://getonline.captivewifi.io/guest/<SITE_ID>

Splash Behaviour

Redirect

A different URL

Splash Behaviour

Redirect URL

https://getonline.captivewifi.io/connected/<UNIQUE_ID>

Walled Garden

Entry 1

getonline.captivewifi.io

Walled Garden

Entry 2

138.68.152.191

Walled Garden

Entry 3

captivewifi.fra1.digitaloceanspaces.com

Walled Garden

Entry 4

5.101.109.44

Splash Frequency Recommendations

Venue Type

Recommended Frequency

Hotels

3-7 days

Restaurants / Cafes

3 hours

Retail

1 day

Events / Conferences

1 week

Where to Find Your IDs

ID

Location in Captive WiFi Dashboard

Site ID

WiFi Hardware section

Unique ID

Manage Venue section

Connected Page URL

Splash Design section

Support Contacts

  • General Support: Live chat or support@captivewifi.io

  • Site ID / Unique ID Help: Check Captive WiFi Dashboard or contact support

Appendix A: Meraki Dashboard Navigation Reference

Access Control Settings

Path: Wireless > Access Control > [Select SSID]

  • Security settings

  • Splash page type selection

  • Walled garden configuration

Splash Page Settings

Path: Wireless > Splash page > [Select SSID]

  • Custom splash URL

  • Splash frequency

  • Splash behaviour (redirect URL)

Firewall & Traffic Shaping

Path: Wireless > Firewall & traffic shaping > [Select SSID]

  • Client isolation

  • Bandwidth limits

  • Layer 3 and Layer 7 firewall rules

Addressing and Traffic

Path: Wireless > Addressing and traffic > [Select SSID]

  • Client IP assignment

  • VLAN tagging

  • NAT mode settings

Appendix B: Meraki API Reference (Advanced)

For automated deployments, you can configure splash page settings via the Meraki Dashboard API.

Update Splash Page Settings

PUT /networks/{networkId}/wireless/ssids/{number}/splash/settings

Example payload:

{
  "splashUrl": "https://getonline.captivewifi.io/guest/YOUR_SITE_ID",
  "useCustomUrl": true,
  "redirectUrl": "https://getonline.captivewifi.io/connected/YOUR_UNIQUE_ID",
  "useSplashUrl": true
}

Update SSID Settings

PUT /networks/{networkId}/wireless/ssids/{number}

Example payload:

{
  "name": "Guest WiFi",
  "enabled": true,
  "authMode": "open",
  "splashPage": "Click-through splash page",
  "walledGardenEnabled": true,
  "walledGardenRanges": [
    "getonline.captivewifi.io",
    "138.68.152.191",
    "captivewifi.fra1.digitaloceanspaces.com",
    "5.101.109.44"
  ]
}

Note: Refer to the Meraki Dashboard API documentation at https://developer.cisco.com/meraki/api/ for full details and authentication requirements.

Document Version: 1.0
Last Updated: December 2024

Was this article helpful?