Overview

The Captive Portal API extends the power of the built-in Meraki splash page functionality by providing complete control of the content and authentication process. This document will explain the process for configuring a Meraki network to support a custom hosted splash page. It will then explain the HTTP redirect logic for on-boarding a client.

There are two primary methods for working with the Captive Portal API: Click-through & Sign-on. This document will explain the benefits of each and their unique HTTP redirect processes

 

Click-through

  • Simple
  • Branding
  • Terms of Service
  • Less Secure

Sign-on

  • Advanced
  • Authentication
  • Accounting
  • More Secure

Meraki Dashboard Configuration

SSID

Configure the SSID to support a splash page. Select either Click-through or Sign-on based on your requirements.

  1. Wireless –> Configure –> Access Control: SSID name
  2. Set the Splash page option to either Click-through or Sign-on

 

 

Walled Garden

The walled garden will determine what network access the client has before authorization. This is critical for redirecting the client to your web server and its dependencies.

  1. Set the Captive portal strength to “Block all access until sign-on is complete.”
  2. Enable the Walled garden
  3. Enter the IP address ranges and domains required for the splash server

Note: To use domain names, open a ticket with Meraki support and ask for “Walled garden domain names.”

Splash page

Now we need to redirect the client to your web server.

  1. Wireless –> Configure –> Splash page: SSID name
  2. Enter the full path to your web server in the Custom splash URL

Click-through API 

Logic Flow 

  1. Client connects to AP
  2. AP redirects client to splash server
  3. Splash page displays content and includes additional parameters in the URL
  4. Client interacts with the site (form, oAuth, SMS, etc.)
  5. Form submission redirects client to the base_grant_url
  6. Meraki grants the login and redirects the client to the continue_url
  7. Client is logged in and lands on their intended (or modified) site

HTTP Logic

Splash Page URL

This is the initial URL the client will be redirected to once associated to the network, which was set in the Custom Splash URL section in the Meraki Dashboard.

Sample URL

[GET]
https://splashserver/splash

Meraki will automatically append additional parameters to be parsed by the client.

https://splashserver/splash?base_grant_url=https%3A%2F%2Fn143.network-auth.com%2Fsplash%2Fgrant&user_continue_url=http%3A%2F%2Fmeraki.com%2F&node_id=1301936&node_mac=00:18:0a:13:dd:b0&gateway_id=1301936&client_ip=10.162.50.40&client_mac=ff:ff:96:d5:d5

Parameters
Name Sample Data Comments
base_grant_url https://n143.network-auth.com The URL a client will use to authenticate
user_continue_url http://meraki.com The URL the client intended on visiting
node_id 1301936 not used
node_mac 00:18:0a:13:dd:b0 Access Point’s physical network address
gateway_id 1301936 not used
client_ip 10.162.50.40 Client’s logical network address
client_mac ff:ff:96:d5:d5 Client’s physical network address

Login URL

The login simply requires you to redirect the client browser via a [GET] request to the base_grant_url. You can optionally add a continue_url and a duration query to tailor the login process. To send the client onto their intended site, copy the user_continue_url value into the continue_url parameter.

The simplest implementation is to assign a button or hyperlink which directs the browser to the base_grant_url.

Sample URL

[GET]

https://n143.network-auth.com/splash/grant/?continue_url=http://ask.co.uk/&duration=3600

Parameters 

Optional parameters that can be sent with the [GET] request to set the duration and final landing page.

These parameters must be sent in the URL query string (i.e ?continue_url=http://meraki.com/&duration=3600)

Name Sample Data Comments
continue_url http://meraki.com The URL a client will be redirected to after login.
duration 3600 Sets the number of seconds for authorization.
Max = 2592000

Sample Code

Click-through Example

Sign-on API

Logic Flow

  1. Client connects to AP
  2. AP redirects client to splash server
  3. Splash page displays content and includes additional parameters in the URL
  4. Client interacts with the site (form, oAuth, SMS, etc.)
  5. Form submission sends user name and password to Meraki in post body
  6. Meraki sends the user credentials to the configured RADIUS or Meraki Authentication server in post body
  7. Meraki grants the login and redirects the client to the success_url
  8. The success_url is a route on the splash server that will store the logout_url paramater
  9. The client is logged in and will see a final splash page which optionally present a logout button using the supplied logout_url parameter
  10. The user can optionally press a logout button using the logout_url to end their session. If a continue_url is provided in the query, it will send the client to this page.

HTTP Flow 

 

Splash Page URL

This is the initial URL the client will be redirected to once associated to the network, which was set in the Custom Splash URL section in the Meraki Dashboard.

Sample URL

[GET]

https://splashserver/splash


Meraki will automatically append additional parameters to be parsed by the client.

https://splashserver/splash?login_url=https%3A%2F%2Fn143.network-auth.com%2Fsplash%2Flogin%3Fmauth%3DMM1SZQlKjZsbExZ8sXIegKpUGaShrHlYgSYDAUdgiuxDuS4j46GE2lgPsWNdf6irbns5oO6HUIahXvgUtKoW7fAr4OuNypBHRjnJlRi2dEeqnE9s-YsURZog8i0pdzcApFaF0v3g6jTTOIrJMNSNiIFLOv67WLHXX4s3slfyo2ulZrhjqNQek2BJQgr17bTUXA4I3Rgfo6AEw%26continue_url%3Dhttp%253A%252F%252Fwww.ask.com%252F&continue_url=http%3A%2F%2Fwww.ask.com%2F&ap_mac=88%3A15%3A44%3A60%3A1c%3A1a&ap_name=mr53-ca&ap_tags=MR53+BLE+LivingRoom&client_mac=f4%3A5c%3A89%3A9b%3A17%3A67&client_ip=192.168.0.13

Parameters 
Name Sample Data Comments
login_url https://n143.network-auth.com/splash…in?mauth=MMLPT…    The URL a client will use to authenticate which includes an mauth token
continue_url http://meraki.com The URL a client will be redirected to post login
ap_name AP01 The Access Point’s name
ap_mac 00:18:0a:13:dd:b0 Access Point’s physical network address
ap_tags MR53+BLE+LivingRoom The Access Point’s tags
client_ip 10.162.50.40 Client’s logical network address
client_mac ff:ff:96:d5:d5 Client’s physical network address

Login URL

The login_url will contain the path where the login form must be posted to. At a minimum, a username and password must be included in the [post] body. In addition a continue_url can be included to redirect the client to their intended site by copying the user_continue_url value. Alternatively, the continue_url can be a callback to the splash server to continue interacting with the client.

Sample URL 

[POST]
https://n143.network-auth.com/splash/login?mauth=<dynamicTokenbyMeraki>

Parameters
Name Sample Data Comments
username testuser User provided username
password s0me$ecret! User provided password
continue_url https://splashserver/excapSuccess The URL the client will be redirected to upon successful login. This can be a new page that takes advantage of the logout URL and also provide additional advertising or customer interactions.

Success URL

Once authenticated, the client will be redirected to the continue_url as configured in the previous step. You have the opportunity to use the provided logout_url to create a logout button. In addition, you can append a logout_url query to specify the final page the user will be redirected to.

Sample URL 

[GET]
https://splashserver/excapSuccess?logout_url=https%3A%2F%2Fn143.network-auth.com%2Fsplash%2Flogout%3Fkey%3DMMObdckbTbsqH-kZh58wC1rh66VdYkao1N17ZViB0vFZux8uMlO3E1nskAgZ-LbT3x5ef1pb6YKL8

Parameters
Name Sample Data Comments
logout_url https://n143.network-auth.com/splash/logout?key=DMMO  The URL a client will be redirected to for the logout operation which includes a key token

Logout URL

The client can use the logout_url to send a [GET] request to Meraki. The URL can include a query parameter with the continue_url to direct the client to a logged out page.

Sample URL 

[GET]
https://n143.network-auth.com/splash/logout?key=DMMO...&continue_url=https%3A%2F%2Fsplashserver.com%2Floggedout

Parameters 

The variables that can be sent with the logout_url

Name Sample Data Comments
continue_url https://www.splashserver.com/loggedout The URL a client will be redirected to once logged out

Code Samples 

Here is a collection of sample code for various environments. This is a great starting point to begin working with the APIs. In most cases, you can clone the software to your development machine and be up in running in a short amount of time.

Note: The following samples are for reference only and should be implemented with professional oversight. User security and privacy is critical to Cisco Meraki. Please ensure that any installation is encrypted and manages user security as a core consideration.

HTML & JavaScript

NodeJS

Firebase

Node-RED

PHP