Cisco Meraki

This page explains the configuration of Cisco Meraki wireless access points for external Captive Portal and RADIUS server authentication.

to the Meraki cloud portal.


Navigate to Wireless -> Configure -> SSIDs and define a network that we will protect with a Captive Portal with RADIUS authentication - Students in this example.


Association requirements: Open (no encryption)

Splash page: Sign-on with my RADIUS server

RADIUS for splash page: add both servers from the IronWifi console, IP address, Port number and Secret

Walled garden ranges: add all Walled garden IP addresses from the IronWifi console

Tip: If you need accounting data and don't see RADIUS Accounting servers, contact Meraki support to enable this feature in your account.


Navigate to Wireless -> Configure -> Splash page and add Custom splash URL from the IronWifi console


For accurate accounting, please enable the Data-Carrier Detect feature under the Access Control Page.

If data-carrier detect is enabled, sessions will be revoked and accounted for whenever a client disassociates from a network. To allow clients to reassociate to the network without re-authorization, do not enable data-carrier detect.

If you have devices that don't have support for two way authentication like printers, Smart TV, etc., you can white-list these devices directly in the Meraki Console - (

Identity PSK with RADIUS

RADIUS server is queried at association time to obtain a passphrase for a device based on its MAC address

Meraki Documentation - (


Create a user and set the username and password to be the cliend device MAC address.

Add a Tunnel-Password reply attribute.


If you have a question that needs an answer, please contact support. Otherwise, please open an issue in our GitHub! Thanks for helping us improve our docs! See a mistake? Edit this page