Create Custom Meraki Captive Portals in Python.
MCPiP is a basic getting-started repository with the elements needed to create a simple Meraki Captive Portal using Python and Flask.
The intended use case for this software is a learning resource and base code for creating original captive portals for a business. Captive Portals themselves are an important security, marketing and outreach tool for businesses of all sizes.
Features
Customizable Jinja2 template based splashscreen
Redirection to any website upon connection
Requirements
Python >= 3.7
Flask >= 2.0.3
Flask-Session >= 0.4.0
os
On the server where you want to host the Captive Portal:
33 if __name__ == '__main__':
34 app.run(host='0.0.0.0', port=5050)
29 return redirect('https://www.example.com/')
In the Meraki dashboard:
a) Set Captive portal strength to Block all access until sign-on is complete
b) Set Walled garden to Walled garden is enabled
c) Set Walled garden ranges to the address of the server where the Captive Portal application is running
a) Select Or provide a URL where users will be redirected
b) Enter the server address and port where the Captive Portal application is running
In the templates/base.html file:
In the templates/captive_portal.html file:
In the static/images folder:
When users attempt to use the SSID they will be unable to access any sites outside the walled garden specified in the Meraki dashboard until they have clicked the connect button on the captive portal site.
Ideas to deploy and otherwise improve this code:
The easiest way to test the software is to create a new SSID on a Meraki MR device and set up the captive portal to load on that device. Then connect a mobile device to the SSID and attempt to navigate to an HTTP site (http://www.example.com works well). At this point you will be redirected to the captive portal, where you can click connect and be automatically redirected to your original destination. NOTE: if you go to an HTTPS site you will not be redirected (see Known issues).
End-users who attempt to access an HTTPS site before connecting to the Captive Portal will not be redirected. Instead the browser will attempt to authenticate the SSL/TLS certificate for the website and fail if the site is not in the walled garden. The end-user will see a browser timeout message, or their device will likely switch back to using mobile data to access the site.
Meraki can not perform HTTPS inspection outside of the 15.X Beta program. As a result it is not possible to actively redirect HTTPS requests to the captive portal page before they attempt to authenticate.
There is an issue with the CSS and mobile browsers that is preventing proper resizing on some devices. We are currently investigating the cause of this issue.
There are a wealth of resources out there about Captive Portals in Meraki. In particular, the authors recommend Cisco's Captive Portal API documentation on DevNet (https://developer.cisco.com/meraki/captive-portal-api/#!overview/introduction-to-captive-portal-api) though their solution uses Javascript in place of Python.
For Flask issues, please refer to the official Flask documentation at https://flask.palletsprojects.com/en/2.0.x/ . The authors would also recommend Miguel Grinberg's Flask Mega-Tutorial at https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-i-hello-world .
If you find a bug, have a question or a concern about the content of this repository, or would like to reach one of the authors, please create an issue within this repository or reach out to us by email.
This repository was created for mass consumption and we would love to have people get involved and improve the code, add features, or provide sample customizations. Feel free to clone the repository as you wish, but please follow the rules included in the license.
This code is copyright 2022 Procellis Technology, Inc.
It is distributed under the 3-Clause BSD License.
See LICENSE for the full text.
This project was written and is maintained by the following individuals:
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community