Device & Controller Setup Guide - Cisco Meraki Cloud Configuration for Kiwire

A. Cisco Meraki Cloud Configuration Step 1 – Configure the SSID of the access point.

• Please select your organization and group, then select Wireless in the drop-down menu and then click SSIDs under the Configure subsection.

Please select your organization and group, then select Wireless in the drop-down menu and then click SSIDs under the Configure subsection.

Then enable your inactive SSID.

You can rename the SSID to your convenience by clicking on rename.

Then, by clicking edit settings, you can configure access settings for the network.

In the Association requirements section, no encryption should be set, since end-users will perform the authentication against a RADIUS server.

In the Splash page section, you must set how the end-user will access the Internet. Since the purpose is to use the device as an access point, you must enable the RADIUS authentication as shown below.

Then you must set the IP address and the port for the RADIUS server, for both authorization and accounting phases. You can configure the device to support a primary and a secondary RADIUS server.

Please ensure that end-user will not be able to access the network in case RADIUS servers are not available.

You also must set the complete access to the Internet only for authenticated end-users. To do this you must set Captive portal strength to Block all access until sign-on is complete.

Then you must configure the walled garden, that is the list of hosts or IP addresses ranges that can be visited by end-users even without being authenticated.

Then NAT mode or Bridge mode can be chosen according to the network configuration chosen.

If chosen, it is possible to set VLAN tagging, to direct traffic to specific VLANs.

You can set the version of the IEEE 802.11 protocol to use. Then save changes.

B. Splash Page ConfigurationStep 1 – The network and the authentication policies are now configured, but we need to set the page where unauthenticated end-users are redirected, that is the Kiwire Login Page.Note: The Meraki cloud must be able to communicate with your RADIUS servers via the Internet. Please make sure that:

1. Your RADIUS servers have public IP addresses (i.e., they are reachable on the Internet).

2. Your firewall, if any, allows incoming traffic to your RADIUS servers.

3. You whitelist IP addresses as clients on your RADIUS server as per the firewall information page.

Step 2 – Select your SSID.

Please select the Welcome Portal URL under Custom splash URL and put:

Set the Splash behaviour in the input field called “Where should users go after the splash page?”, then save your changes.

C. Kiwire Configuration

Step 1 – Login to Kiwire Captive Portal: http://Kiwire_IP_Address/admin

Step 2 – Go to Device > NAS and add NAS for Meraki.

• Device Type: Meraki

• NAS ID: MAC Address of Meraki AP (MAC Address is as “AA:BB:CC:DD:EE:FF”)

• IP Address: IP address of the Meraki Cloud

• Shared Secret Key: Assigned secret key

• COA Port: 3799
  

Step 3 – Go to Device > Zone and create a zone for the Meraki.

• Assign the zone based on NAS ID, VLAN, IP address, or SSID.
  

Step 4 – Edit the zone and click Add and add the Meraki AP MAC address in the NAS ID field.Step 5 – Configuration is now complete.