A splash page (also known as a 'captive portal') can provide a customized branding experience to wireless users in addition to prompting for username/password credentials. For example, the splash page can display a corporate logo and color scheme. The splash page can also show the terms of service, which might include an acceptable use agreement or a privacy statement.
Administrators can set up a separate splash page for each SSID. Splash pages can be hosted by Meraki or by an external host.
Click-Through Splash Page
When configured, a click-through splash page displays a fully customizable HTML page to the wireless client the first time the client opens a web browser and makes an HTTP request. An administrator can use this splash page to display an acceptable use policy or network announcements. The client is only granted network access after clicking the “Continue” button on the splash page.
The click-through splash page is hosted by the Meraki cloud. As such, the network must have connectivity to the Meraki cloud in order to display the splash page. If the Meraki cloud is unreachable for some reason, the administrator can configure whether new wireless users should be admitted to the wireless network without seeing the splash page. This setting is under the Configure tab on the Access Control page in the “Disconnection behavior” section.
While the click-through splash page requires no client-side configuration, it should only be enabled on an SSID whose clients are all capable of displaying the splash page. When there are clients that are not browser-capable (e.g., gaming consoles, wireless barcode scanners), the splash page should be disabled on the SSID. An administrator can configure whether new wireless clients are able to obtain network access when the click-through splash page cannot be displayed (e.g., if the Internet link goes down and the connection to the Meraki cloud becomes temporarily unavailable).
Sign-On Splash Page
A sign-on splash page provides the functionality of the click-through splash page, but adds the ability to prompt the wireless client for a username and password. The client is only granted network access after he enters a username and password that are validated against a backend authentication server (either a Meraki-hosted authentication server or a customer-hosted RADIUS, Active Directory or LDAP server).
The sign-on splash page may be hosted by the Meraki cloud or on an external web server. An administrator can configure whether new wireless clients are able to obtain network access when the sign-on splash page cannot be displayed or when the username/password credentials cannot be validated (i.e., the authentication server is unreachable). This setting is under the Configure tab on the Access Control page in the “Disconnection behavior” section.
The sign-on splash page can be configured to allow or disallow multiple simultaneous logins for a single set of user credentials.
Sign-on splash page is an authentication option that requires no client-side configuration. In addition, it is secured by SSL (HTTPS), so that usernames and passwords are sent to the Meraki cloud confidentially. However, when enabled, it requires clients to remember usernames and passwords, which they will need to enter periodically. As with the click-through splash page, clients that are incapable of displaying the splash page need to be considered.
Hosting Your Own Splash Pages
Meraki also supports the ability for you to host splash pages on your own web server. This capability is referred to as “EXCAP” (short for external captive portal) for externally hosted captive portals. Using EXCAP, it is possible to deliver a highly customized user sign-on experience, such as video advertising and credit card billing. For additional information, please see Meraki's Captive Portal Solution Guide.