Introduction
This guide covers the configuration of Cisco Meraki Cloud to interface with Encapto.
The integration will enable use of Meraki Cloud to manage a WLAN and the application of Encapto smart features. The guide focuses on the configuration of Captive Portals and RADIUS authentication onto the Meraki Cloud and assumes the reader is familiar with the configuration of a Meraki Wireless network, which is outside the scope of this document.
More detailed information on setting up a Meraki Wireless network can be accessed through Meraki support.
Create Configuration template in Meraki Cloud
This section covers the creation of a configuration template in the Meraki Cloud with Encapto AAA and Walled Garden settings (required to enable Encapto Captive Portal and Authentication methods). The template is used to create any number of Meraki networks with similar settings.
This guide assumes the reader is familiar with Meraki Cloud WLAN configuration and that at least one Meraki AP has been configured to complete the steps in this guide.
Find “Your RADIUS IP” and “Your Domain” in Encapto
“Your RADIUS IP” and “Your Domain” can be found using Encapto’s Cloud Deck Meraki integration wizard (shown below). To find them:
-
Logon to your Encapto WiFi Cloud Deck account.
-
Click on Sites.
-
Click the +New button.
-
Select Cisco Meraki from the drop down menu.
-
Use Copy button to copy “Your RADIUS IP” and “Your Domain” to clipboard.
Create Configuration templates in Meraki Cloud.
Encapto recommends that Configuration templates are used for management of Meraki Networks. This section covers the creation/configuration of a Meraki Configuration template. In case you cannot assign a template to a network, you can work directly with the network by configuring the Access Control (AAA, Walled garden) and Splash page as below.
Login to your Meraki Cloud.
-
Click Organisation > Configuration templates control under Configure.
-
Click Create a new template.
-
Select Create new from drop down menu.
-
Enter a name for template.
-
Click Add.
-
On the next pop up window, select the target network(s) from the list.
TIP: Group policies and other client-specific policies and authorisations on the target network(s) will be permanently removed upon binding.
-
Click Bind.
-
Once the pop up window has closed, click Save changes.
Configure Encapto’s AAA server in Meraki Configuration template
To edit the newly created Configuration template:
-
Select the newly created Configuration template under the Network tab.
Tip: If you are working on Network instead of a Template, please select the relevant network instead of the template (as described in Figure 2 above).
-
Click Wireless.
-
Click Access control under Configure.
-
Select the relevant SSID.
-
Scroll down to Splash Page section, select Sign-on with my RADIUS server.
-
Scroll down to the RADIUS section and enter or paste the Encapto RADIUS IP (as located at Section 2.1) in the Host field for both RADIUS for splash page and RADIUS accounting servers.
-
Enter a secure 8-10 digit password in the Secret fields and copy it for use in later sections.
-
Enter 1812 in the Port field in RADIUS for splash page.
-
Enter 1813 in the Port field in RADIUS accounting server.
-
Select DCD disabled (this will allow clients to re-associate with the network without re-authorisation).
-
Select Deny access in Fail-over policy.
You have now configured the Encapto Authentication and Accounting RADIUS settings that will be inherited by the WLAN.
Tip: If RADIUS accounting is not enabled or not configured properly, you will not be able see any data in cloud deck reporting even after logins.
Tip: If RADIUS accounting is not visible in the settings page (as shown above) you will need to contact Meraki support via email (or you can open a case) and request to ENABLE RADIUS ACCOUNTING for your Meraki account.
-
Scroll down to Captive portal strength and select Block all access until sign-on is complete.
-
Set Walled garden to Enable walled garden.
-
Enter *.encapto.com and any other URLs required for Social and Payment Gateway authentication to the Walled Garden.
Tip: The above action will add URLs to a “Walled Garden” – a set of resources available to the end user before authentication. These are required to enable access to Encapto itself and, where social media and payment gateway authentication methods are used, to relevant third-party resources. See Section 5 for a list of Walled Garden URLs required for Social Media and Payment Gateway authentication methods.
-
Select Default for Controller disconnection behaviour.
-
Click Save Changes.
Tip: If you can’t add URLs (Domain names) in Walled garden as above in your Meraki Cloud, please contact Meraki support via email (or you can open a case) and request to Enable Walled garden by Domain Name for your Meraki account.
Access control settings in Meraki are now complete, enabling Encapto RADIUS Authentication and Accounting and access to Walled Garden entries to enable third party Authentication methods to function (e.g. Facebook and PayPal checkout).
Create the Splash page (Hotspot) in Meraki
Encapto and Meraki can be configured to provide unique Hotspots to both individual and groups of APs managed by the Meraki Cloud.
This allows you to apply individual Hotspot settings - branded portals, campaigns, authentication methods, and other Encapto user engagement features - on a per SSID basis to one, or many APs. Hotspot functionality is created and managed in Encapto and configured into Meraki Cloud by specifying a custom Splash URL (Captive Portal) for selected WLANs (SSIDs).
In the Meraki Cloud:
-
Click Wireless.
-
Click Splash page under CONFIGURE.
-
Select the relevant SSID.
-
Enter the Splash page URL as below. In the table below replace <Your Domain> with the domain which you’ve noted from the Encapto Meraki wizard in Section 2.1, then paste the whole URL in the relevant SSID number as below table.
i.e. If <Your Domain> is e1.encapto.com and your Public SSID number is SSID 1, the portal URL will be https://e1.encapto.com/portal/meraki/0
SSID 1 | https://<Your Domain>/portal/meraki/0 |
SSID 2 | https://<Your Domain>/portal/meraki/1 |
SSID 3 | https://<Your Domain>/portal/meraki/2 |
SSID 4 | https://<Your Domain>/portal/meraki/3 |
SSID 5 | https://<Your Domain>/portal/meraki/4 |
SSID 6 | https://<Your Domain>/portal/meraki/5 |
SSID 7 | https://<Your Domain>/portal/meraki/6 |
SSID 8 | https://<Your Domain>/portal/meraki/7 |
SSID 9 | https://<Your Domain>/portal/meraki/8 |
SSID 10 | https://<Your Domain>/portal/meraki/9 |
SSID 11 | https://<Your Domain>/portal/meraki/10 |
SSID 12 | https://<Your Domain>/portal/meraki/11 |
SSID 13 | https://<Your Domain>/portal/meraki/12 |
SSID 14 | https://<Your Domain>/portal/meraki/13 |
SSID 15 | https://<Your Domain>/portal/meraki/14 |
-
Select The URL they were trying to fetch under Splash behaviour.
-
Then click Save changes.
Integrate Meraki with Encapto
This section covers the enablement of communications between Encapto and your Meraki Cloud instance via the Meraki API. These communications will enable control over key elements of the Meraki network from Encapto including the updating of SSID names. Some of the configuration settings discussed in this section are covered in previous sections of this guide.
Locate the Meraki API Key
The Meraki Cloud API Key is required to enable secure communications between Meraki and Encapto. To locate your Meraki Cloud API Key
-
Logon to your Meraki cloud.
-
Click on Your Username (top right hand side).
-
Click My profile.
-
Scroll down to the API access section.
-
Copy or make note of your API key.
Create a new Meraki Site in Encapto
Encapto uses the Sites Module as a container for your Meraki Cloud configuration settings. To configure a Meraki network as a Site in Encapto:
-
Logon to your Encapto WiFi Cloud Deck account.
-
Click Sites.
-
Click the +New button.
-
Select Cisco Meraki from the drop down menu.
Meraki integration wizard
-
On the first page you’ll see “Your RADIUS IP” and “Your Domain” (not shown).
-
Click Continue (not shown)
-
Select Create a new key (You can select Use an existing key if you have already configured one).
-
Enter a name for the Meraki API key (for your reference only).
-
Enter or paste your Meraki API key.
-
Click Continue.
You will now be presented with a list of all organisations that have been configured in the Meraki Cloud instance. For information on setting up Organisations in Meraki, please refer to Meraki Support documentation.
-
Click the Select button next to the Meraki Organisation that you would like to integrate with Encapto.
You will now see a list of all Networks configured in your Meraki cloud instance for the selected organisation. For information on setting up Networks in Meraki, please refer to Meraki Support documentation.
-
Select the Meraki Network (hotspot) that you would like to integrate with Encapto. This must be a network to which you have applied the template configured with Encapto Splash page URL and AAA details as described in Section 0, Step 6.
-
Enter a name for your Meraki Integration.
-
Enter the AAA secret used in Section 2.3, Step 7.
-
Check your API/Organisation/Network details.
-
Save.
Configure Site Details
The Details tab of an Encapto Site allows you to set parameters which will enable you to locate the Site later on. To configure details for a Meraki Site:
-
Click Edit details.
-
Give it a name.
-
Search and select an existing tag or press enter to create a new tag for the Site to help search for and group the Site in the future.
-
Enter Notes, if required.
-
Save.
-
-
Click Edit in the SITE INFORMATION section.
-
Enter Site information including Location, Contact name, and Contact details (not shown).
-
Save.
-
Tip: Tags, Notes and Site Information are not required, but can be used for admin purposes and will help identify the Site in the future.
View and Edit API Configuration
From time to time it may be necessary to view or edit API settings for a Meraki integration. To achieve this:
-
Click the API Settings tab on a Meraki site.
-
Click the Change button next to KEY to change the Meraki API Key.
-
Edit the AAA secret (this must always match the AAA secret used in the Meraki Cloud).
-
Click Copy button to copy the AAA secret.
-
Click Copy button to copy the AAA IP address.
It is also possible to review Organisation and Network settings from the Meraki cloud.
View APs
APs that have been configured as part of a Meraki network are viewable from within Encapto’s Cloud Deck interface. To view the MAC address and Serial Number for these APs,
-
Click the APs tab.
-
Search an AP by its name.
Tip: it is not currently possible to add or edit AP details in this view. APs must be added to a network and organisation from the Meraki Cloud.
View and Edit SSIDs
The SSIDs tab of a Meraki site enables the viewing and editing of SSIDs that have been deployed on a Meraki network. Changes made here will be communicated via API to the Meraki Cloud. To view and edit SSIDs:
-
Click the SSIDs tab.
-
Click Enabled SSIDs to see all currently deployed SSIDs on the network.
-
Click on the SSID to be viewed or edited (this must be one that you have configured using the template created in Section 2.
You will now see the Hotspot details for the chosen SSID.Hotspot details include various user on-boarding, engagement and login settings. Configuration of these settings is covered in the Configuring Hotspots User Guide.
To change the SSID:
-
Click on the Hotspot details tab.
-
Click Edit as shown below.
-
Enter the new SSID.
-
Save.
Meraki API Key store in Encapto Cloud Deck
API Keys store in Encapto Cloud Deck is the place that all Meraki API keys stores. You will be able to reuse, edit, delete or create new API Keys in the store.
-
Click + on the Sites to expand the Sites.
-
Click on Cisco Meraki from the sub menu.
-
Click API Keys.
-
Click +New button to start creating a new API key.
-
Search API Keys by Name or Tags.
-
Select an existing API key using the checkbox and;
-
Delete the API Key; or
-
Edit tags for the API Key; or
-
Rename a API Key.
-