WiFi Secure for Meraki WAPs | essensys Help Center

Set up your essensys SSID at a single site to ensure your Occupier's receive the best possible Digital experience and get the most out of your essensys Intelligence. Follow this process at more than 1 site & you will enhance your Intelligence & create your network of connected spaces.

Please note the process below is for Meraki WAPs only.

Configure the correct SSID on your Access Points

Log into your Meraki Dashboard (Meraki cloud portal)
Navigate to 'Wireless', go to the 'Configure' column & select 'SSIDs'.
A new SSID should be created to be configured to essensys specifications & creating this separately will allow for testing. This maybe all or some of your WAPs within a building, ensure the correct WAPs have been selected where you want to broadast essensys services.
SSID name: "Wi-Fi Secure" (no quotes)
1. The specific naming of this SSID is important to allow your customers to roam between buildings. Without consistent SSID naming, a user will need to re-login to WiFi every time they visit a new site.
When the SSID is built, click 'edit settings' next to Access Control row.
Configure the SSID with the following Access Control:
1. SSID status - Enabled
2. Security - Enterprise with my RADIUS server
3. WiFi personal network (WPN) - Disabled
4. WPA encryption - WPA2 only
5. 802.11r - Disabled
6. 802.11w - Disabled
7. Mandatory DHCP - Disabled
8. Splash page - None (direct access)
9. Add a RADIUS server;
  1. Host IP - [To be shared by essensys]
  2. Auth Port - [To be shared by essensys]
  3. Secret - [To be shared by essensys]
  4. RADSec - [To be shared by essensys]
10. Add a RADIUS accounting server;
  1. Host IP - [To be shared by essensys]
  2. Acct Port - [To be shared by essensys]
  3. Secret - [To be shared by essensys]
  4. RadSec - [To be shared by essensys]
11. Radius testing - Disabled
12. RADIUS CoA support - Disabled
13. Dashboard RADIUS proxy - Disabled
14. RADIUS attribute specifying group policy name - Reply-Message
15. Advanced RADIUS settings:
  1. NAS ID - Custom (from excel sheet) *
  2. keep the rest of the settings as default
16. Client IP and VLAN - External DHCP server assigned - Bridged
17. Layer 3 roaming - Disabled
18. RADIUS override - Ignore VLAN attribute
19. RADIUS guest VLAN - Disabled
20. Bonjour forwarding - Disabled
21. VLAN tagging - VLAN ID (Default - use own internal VLAN ID)
22. Assign group policies by device type - Disabled
Configure Location Analytics for new SSID
1. Go to 'Network-wide', 'General' and scroll down to Location & scanning
2. Double check you have Wi-Fi Secure selected as the network on the left hand side.
  1. Analytics - Analytics enabled
  2. Scanning API - Scanning API enabled
  3. Validator: (this will be automatically generated, please share with essensys)
  4. Add a Post URL;
    Post URL - [To be shared by essensys]
    Secret - [To be shared by essensys]
    API Version - V3
    Radio Type - WiFi
    Click "Validate" to ensure changes are saved.
Tag your WiFi Access points for your new SSID;
1. Go to 'Wireless', 'Access points' and ensure you are on the 'List View'
2. Double check you have Wi-Fi Secure selected as the network.
3. You should be presented with a list of WiFi access points which are now broadcasting this new SSID
4. Select all via the check box
5. A 'tag' option will become available
6. Create a new tag 'EXTERNAL' & Save
Lastly,
1. Go to 'Wireless', 'Firewall & traffic shaping' and ensure you are on the 'List View'
2. Double check you have Wi-Fi Secure selected as the network
3. Set 'Layer 2 LAN isolation' - Enabled.
4. Save

To ensure the configuration is correct, we advise a test is carried out. The process for this can be found here.

essensys Platform - Network management - Wi-Fi Overview

essensys Platform - Network management - Add and Connect Wi-Fi devices

essensys Platform - Get started - Connect to Wi-Fi Secure

essensys Platform - Advanced Networking - WiFi Troubleshooting

Test SSID configuration