This guide shows how to configure a Cisco Meraki device (MR series) with Kiwire™.
Configuring your SSID and Access Controls
The first step is configuring the SSID of the access point.
Please select your organization and group, then select Wireless in the drop-down menu and then click SSIDs under the Configure subsection.
Then select your SSID. If you want to use an inactive SSID, please click on Show all my SSIDs.
Then enable your inactive SSID.
You can rename the SSID to your convenience by clicking on rename.
Then, by clicking edit settings, you can configure access settings for the network.
In the Association requirements section, no encryption should be set, since end-users will perform the authentication against a RADIUS server.
In the Splash page section, you must set how the end-user will access the Internet. Since the purpose is to use the device as an access point, you must enable the RADIUS authentication as shown below.
Then you must set the IP address and the port for the RADIUS server, for both authorization and accounting phases. You can configure the device to support a primary and a secondary RADIUS server.
Please ensure that end-user will not be able to access the network in case RADIUS servers are not available.
You also must set the complete access to the Internet only for authenticated end-users. To do this you must set Captive portal strength to Block all access until sign-on is complete.
Then you must configure the walled garden, that is the list of hosts or IP addresses ranges that can be visited by end-users even without being authenticated.
Then NAT mode or Bridge mode can be chosen according to the network configuration chosen.
If chosen, it is possible to set VLAN tagging, to direct traffic to specific VLANs.
You can set the version of the IEEE 802.11 protocol to use. Then save changes.
Configuring the Splash Page
The network and the authentication policies are now configured, but we need to set the page where unauthenticated end-users are redirected, that is the Kiwire™ Login Page.
- Your RADIUS servers have public IP addresses (i.e., they are reachable on the Internet).
- Your firewall, if any, allows incoming traffic to your RADIUS servers.
- You whitelist IP addresses as clients on your RADIUS server as per the firewall information page.
You can do this by clicking Splash page.
In the next page, please select your SSID.
Please select the Welcome Portal URL under Custom splash URL and put http://kiwire_IP_Address/user
And under Splash behaviour, in the input field called Where should users go after the splash page? Then save your changes.
Login to Kiwire™ Captive Portal; http://Kiwire_IP_Address/admin
Go to Device > NAS and add NAS for Meraki
Device Type: Meraki
NAS ID: MAC Address of Meraki AP (MAC Address is as “AA:BB:CC:DD:EE:FF”)
IP Address: IP address of the Meraki Cloud
Shared Secret Key: Assigned secret key
COA Port: 3799
Go to Device > Zone and create a zone for the Meraki. We can assign the zone based on NAS ID, VLAN, IP address, or SSID.
After that, edit the zone and click Add and add the Meraki AP MAC address in the NAS ID field