Meraki without external RADIUS authentication

Owned by Support (Unlicensed)
Last updated: May 20, 2016 by Support
2 min read

SOCIFI is proud to be Cisco Meraki Technology Partner

Use this setting only if RADIUS packets are blocked on your network. This configuration doesn't support Bandwidth and Session time management thru SOCIFI. If you are interested in the full compatibility and in all features we offer please follow set up guides with RADIUS authentication:

This article applies to the following models:

Wireless: 
MR12, MR16, MR18, MR26, MR34, MR62, MR66, MR72

Security Appliances: 
MX60, MX60W, MX64, MX64W, MX80, MX100, MX400, MX600
Z1

 1. Log into Meraki Dashboard

And connect your device to the Internet.

https://meraki.cisco.com


2. Set-up Access control

Enter Click Through and Walled Garden Domain Names.

Enter following Walled garden ranges:

If you are a customer with the White Label solution, please add your custom domain (for example *.mycustomdomain.com) to the Walled Garden list.

*.socifi.com
*.facebook.com
*.akamaihd.net
*.akamai.net
*.edgecastcdn.net
twitter.com
*.twitter.com
*.twimg.com
*.fastly.net
*.li-cdn.net
*.cloudfront.net
facebook.com
*.fbcdn.net
*.instagram.com
*.cdninstagram.com
instagram.com
*.linkedin.com
*.licdn.com
linkedin.com

facebook.com and twitter.com (Yes, twice. Once with and once without the asterisk)

 If you are you using Ruckus equipment, don't forget to set CDN IP ranges to the Walled Garden List.

 

Due to Ruckus firmware behavior end-user devices might not be able to reach some (mainly CDN and cloud) domains from walled garden list. This can cause wrong rendering of the captive portal.

The new IP ranges (indented in the list below) were added on April 2018.
Actual list of Amazon CloudFront (CDN) IPs is here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html (direct link to IPs list in JSON format: https://ip-ranges.amazonaws.com/ip-ranges.json) 

As a workaround you have to add static IP's shown bellow to adjust firmware behavior and to be able to start monetizing your network immediately.

Work-around solution is to add the following IP ranges to the Walled Garden List:

13.32.0.0/15
13.35.0.0/16
13.54.63.128/26
13.59.250.0/26
34.195.252.0/24
35.162.63.192/26
52.15.127.128/26
52.46.0.0/18
52.52.191.128/26
52.57.254.0/24
52.66.194.128/26
52.78.247.128/26
52.84.0.0/15
52.199.127.192/26
52.212.248.0/26
52.220.191.0/26
52.222.128.0/17
54.182.0.0/16
54.192.0.0/16
54.230.0.0/16
54.233.255.128/26
54.239.128.0/18
54.239.192.0/19
54.240.128.0/18
70.132.0.0/18
71.152.0.0/17
99.84.0.0/16
143.204.0.0/16
204.246.164.0/22
204.246.168.0/22
204.246.174.0/23
204.246.176.0/20
205.251.192.0/19
205.251.249.0/24
205.251.250.0/23
205.251.252.0/23
205.251.254.0/24
216.137.32.0/19

 Want to Allow Google+ login?

The new Allow login through social networks does not include the Google login. The reason is that some Android based devices are not redirected to the Captive Portal when the user gets connected to WiFi network. In case you'd like to add it you need to do following:

  1. Check if your hotspot allows DNS names in the Walled garden. Some hotspots can use IP addresses only. See: Why DNS-based Walled Garden (and not IP-based)
  2. Allow Google+ login: Settings > Brand > Authentication > Allow login through social networks > Set on Allow Google login
  3. Add these walled garden domain into existing list:

Google+ Login DNS's

Please adopt same format your Walled garden is already using e.g. with or without the asterisk, separated by comma or space etc.

 For Cisco Meraki, Ruckus, Xirrus
*.googleapis.com
*.googleusercontent.com
*.gstatic.com
*.accounts.youtube.com
*.apis.google.com
*.accounts.google.com
*.l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For Open Mesh
googleapis.com,googleusercontent.com,gstatic.com,accounts.youtube.com,apis.google.com,accounts.google.com,l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For Mikrotik
/ip hotspot walled-garden
add dst-host=*.googleapis.com
add dst-host=*.googleusercontent.com
add dst-host=*.gstatic.com
add dst-host=*.accounts.youtube.com
add dst-host=*.apis.google.com
add dst-host=*.accounts.google.com
add dst-host=*.l.google.com
add dst-host=accounts.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For DD-WRT
googleapis.com googleusercontent.com gstatic.com accounts.youtube.com apis.google.com accounts.google.com l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

Related pages:

The Splash Page is not triggered when Android devices connect to WiFi


Pages related to Walled Garden issues

Don't you see the options to set "Splash page", "Access control" and/or DNS-Based Walled Garden Support under "Configure" tab? Just ask Meraki via technical support for firmware upgrade: 


Feel free to use this template

Dear Meraki support,

I'd like you to get the access to the features described below:

https://docs.meraki.com/display/MX/Splash+page
https://docs.meraki.com/display/MX/Access+Control
https://kb.meraki.com/knowledge_base/adding-domains-to-the-walled-garden

I'm seting up my Meraki Dashboard to be used with SOCIFI.com service (https://marketplace.cisco.com/catalog/companies/socifi/products/socifi) and these features are required.
 
Please update the device's firmware at your earliest convenience.
 
Thank you in advance.


Change settings: follow the picture below

 3. Set-up Splash Page

Create Custom Splash page and enter your SplashAccess Details.

Go to Configure Splash page > enter Custom splash URL

http://connect.socifi.com/


Change settings: follow the picture below 

4. RADIUS server

there is no need to set an external RADIUS server at the moment.

5. Add a new hotspot to SOCIFI Dashboard

Step 1: Login to SOCIFI Dashboard

Step 2: Click on the "Hotspots" tab on the left sidebar

Step 3: Click on the “Add a new hotspot” button located on the top right corner on the screen (pictured below)

Note: A pop-up window will appear (below)

Step 4: Select the Wi-Fi hardware manufacturer from the drop down menu

Step 5: Enter the serial number or MAC address (depending on the specific equipment manual) of your equipment. You can add multiple hotspots at once.

Step 6: Set your Network location (this step is essential for correct ad targeting)

Step 7: In the pop-up window type your location or just move the marker on the map and click on the save button to confirm the selection. This address is used for ad GEO targeting.

Step 7: Click Save

Note: Newly added hotspot are marked as  (Hotspot pending). After the first user connects to the hotspot via SOCIFI, the status will automatically change and appear as  (Active) within an hour. Get your first connections to test if it works properly.