Set up your essensys SSID at your sites to ensure your Guests receive the best possible Digital experience and get the most out of your essensys Intelligence.
Please note the process below is for Meraki WAPs only.
Configure the correct SSID on your Access Points
Log into your Meraki Dashboard (Meraki cloud portal)
Navigate to 'Wireless', go to the 'Configure' column & select 'SSIDs'.
A new SSID should be created & configured as per the below steps. Optionally, you could convert an existing SSID but creating this separately will allow for testing. This SSID may be wanted on all or some of your WAPs within a building, so ensure the correct WAPs have been selected where you want to broadast essensys services.
SSID name: "Wi-Fi Guest" (no quotes)
When the SSID is built, click 'edit settings' next to the Access Control row.
Configure the SSID with the following Access Control:
SSID status - Enabled
Security - Open
802.11r - Disabled
802.11w - Disabled
Mandatory DHCP - Disabled
Splash page - Sign on with 'my RADIUS server'
Advanced splash settings;
Captive portal strength - Block all access until sign-on is complete
Walled Garden - enabled
Walled Garden ranges - [To be shared by essensys]
Simultaneous Logins - Allow simultaneous devices per user
Controller disconnection behavior - Restricted
Splash page settings - Opens a new tab, please follow the below steps, ensuring you 'Save Changes'
Splash page; Custom splash URL;
If your site is in the EU, please copy:
If your site is in the US, please copy:
Customize your page; please leave blank.
Splash behavior; once a day
Where should users go after the splash page; The URL they were trying to fetch
Save changes & return to initial page.
Add a RADIUS server;
Host IP - [To be shared by essensys]
Auth Port - [To be shared by essensys]
Secret - [To be shared by essensys]
Add a RADIUS accounting server;
Host IP - [To be shared by essensys]
Acct Port - [To be shared by essensys]
Secret - [To be shared by essensys]
Radius testing - Disabled
Data-carrier detect - Disable
Failover policy - Deny access
Load balancing policy - Strict priority order
Client IP and VLAN - External DHCP server assigned - Bridged
Layer 3 roaming - Disabled
RADIUS override - Ignore
RADIUS guest VLAN - Disabled
Bonjour forwarding - Disabled
VLAN tagging - VLAN ID (Default - use own internal VLAN ID)
Assign group policies by device type - Disabled
Save
Additionally, the below steps need to be configured. The below steps are also applicable when setting up WiFi secure, so if they have already been followed, then you will not need to set them up twice.
Configure Location Analytics for new SSID
Go to 'Network-wide', 'General' and scroll down to Location & scanning
Double check you have Wi-Fi Secure selected as the network on the left hand side.
Analytics - Analytics enabled
Scanning API - Scanning API enabled
Validator: (this will be automatically generated, please share with essensys)
Add a Post URL;
Post URL - [To be shared by essensys]
Secret - [To be shared by essensys]
API Version - V3
Radio Type - WiFi
Click "Validate" to ensure changes are saved.
Tag your WiFi Access points for your new SSID;
Go to 'Wireless', 'Access points' and ensure you are on the 'List View'
Double check you have Wi-Fi Secure selected as the network.
You should be presented with a list of WiFi access points which are now broadcasting this new SSID
Select all via the check box
A 'tag' option will become available
Create a new tag 'EXTERNAL' & Save
Lastly,
Go to 'Wireless', 'Firewall & traffic shaping' and ensure you are on the 'List View'
Double check you have Wi-Fi Secure selected as the network
Set 'Layer 2 LAN isolation' - Enabled.
Save
Finally, you may want to personalise your guest wifi experience. This can be done via your essensys account following the article here.