Meraki Captive Portal Setup: Complete Guide

Rakesh Mukundan
Founder
, Spotipo
Logo of X, formerly TwitterLogo of Linkedin
Published on
July 6, 2026

Table Of Contents

  1. Text Link
  2. Text Link

TL;DR: You can set up a Meraki captive portal in two ways: the built-in splash pages configured under Wireless > Configure in the Meraki dashboard, or an external captive portal like Spotipo that adds email capture, vouchers, paid WiFi and marketing integrations on top of your Meraki hardware. This guide walks through both, including the walled garden settings that trip up most first-time setups.

Meraki makes some of the most deployment-friendly networking gear on the market. The cloud dashboard, the zero-touch provisioning, the fleet-wide configuration: it's all genuinely good. So it surprises a lot of network admins that the built-in Meraki captive portal, the splash page guests see when they join your WiFi, is one of the more limited parts of the platform.

That's not a knock on Meraki. Splash pages just aren't their core business. For a simple "accept the terms and connect" flow, the built-in options are perfectly serviceable. But the moment you want to capture guest emails, sell WiFi access, run voucher systems, or manage branded portals across client sites, you'll bump into the ceiling.

This guide covers the full picture: how the redirect flow works under the hood, configuring the built-in splash pages, and connecting an external captive portal step by step for everything Meraki doesn't provide natively.

How a Meraki captive portal actually works

Before touching the dashboard, it helps to understand what happens when a guest connects. It makes the configuration options make sense, and it makes troubleshooting far easier later.

The flow looks like this:

  1. A device joins your guest SSID. The Meraki access point associates it but doesn't grant internet access yet.
  2. The device tries to load a web page. The AP intercepts the request.
  3. The guest gets redirected to a splash page. With Meraki-hosted pages, that page lives in Meraki's cloud. With an external portal, the redirect points at a URL you specify, with parameters attached including a grant URL.
  4. The guest completes the login. The portal uses the grant URL to authorize the device, and the guest is online.
The Meraki captive portal flow: associate, intercept, redirect to the splash page, then authorize the device.

Two settings govern what a guest can reach before login:

  • Captive portal strength decides whether unauthenticated devices are blocked entirely or allowed non-HTTP traffic.
  • The walled garden is a list of domains and IP addresses guests can access before authentication.

The walled garden matters enormously for external portals. If the portal's domain isn't in it, guests get redirected to a page they're not allowed to load, and the whole flow breaks. More failed setups trace back to the walled garden than to everything else combined.

One more mechanic worth knowing: authorization is per-device, tracked by MAC address, and it persists based on your splash frequency setting. That's why a device you've already tested with won't see the splash page again. You can revoke a client's splash authorization under Network-wide > Monitor > Clients, which is the correct way to re-test rather than hunting for a fresh device every time.

What you'll need before you start

Licensed Meraki hardware, dashboard admin access and a separate guest SSID cover the prerequisites.

The requirements are refreshingly short compared to some router platforms:

  • Meraki hardware with an active license
  • Dashboard admin access to the network you're configuring
  • A guest SSID, ideally separate from your internal network with client isolation enabled
  • If you're going external: an account with the portal provider (Spotipo offers a 14-day free trial, and its setup wizard pre-builds a branded splash page from your business details)

Which Meraki product line you run matters for the details. Meraki MR access points are the standard case and what this guide assumes. Meraki Go, the small-business line, has its own simplified app-based flow. And Meraki MX security appliances can enforce splash pages on wired and wireless VLANs. Spotipo supports all three, with dedicated guides for Meraki external captive portals on MR access points and Meraki Go captive portals.

One planning note: decide what login experience you want up front. A clickthrough page needs almost no configuration. Email capture, SMS verification, vouchers and paid access all work on Meraki, but only through an external portal, and knowing your target flow saves you from configuring things twice.

Setting up the built-in Meraki splash page

Let's cover the native option first, since it's the fastest path if your needs are simple.

1. Choose the authentication mode. In the Meraki dashboard, go to Wireless > Configure > Access control and select your guest SSID from the drop-down. Under the splash page section, pick your mode. Click-through shows guests a page they must acknowledge, no credentials required. Sign-on requires authentication via Meraki's built-in user database, a RADIUS server, or third-party credentials. For most guest scenarios, click-through is the one you want.

The built-in Meraki splash page comes together under Access control and Splash page in the dashboard.

2. Set the portal strength. Still under access control, set captive portal strength to "Block all access until sign-on is complete" for a genuine captive experience. Save.

3. Customize the page. Go to Wireless > Configure > Splash page, select the same SSID, and customize what guests see. You can add a custom message, upload your logo, set the splash language, and choose where guests land after login. Note that the custom message field is treated as HTML, so formatting needs HTML tags rather than plain spacing.

4. Set the splash frequency. This controls how often a returning guest sees the page again, from every visit to intervals of days or weeks.

That's the built-in portal in full. It works, it's stable, and it looks reasonably professional with your logo on it. What it won't do:

  • Capture guest emails into a marketing list
  • Offer vouchers, SMS verification, or paid access tiers
  • Show GDPR consent flows
  • Sync anything to your CRM or email platform
  • Give you pixel-level design control (customization is bounded by Meraki's allowed HTML tags)

If any of that matters to your business, keep reading.

Setting up an external Meraki captive portal with Spotipo

An external captive portal replaces the Meraki-hosted splash page with one served by a dedicated guest WiFi platform. Your Meraki gear still handles all the networking; the portal handles the login experience, the data capture, and everything downstream.

Step 1: Create and configure your Spotipo site

Sign up at spotipo.com and run through the setup wizard. It detects your business details and pre-builds a branded splash page with your logo and colors. Then configure the experience:

  • Pick your login type: email collection, phone with OTP verification, clickthrough, vouchers, paid access via Stripe, or a combination
  • Layer a GDPR consent screen in front of any login type (data is hosted in the EU)
  • Add custom fields beyond the defaults; Spotipo supports unlimited custom fields

In your Spotipo dashboard, add Meraki as your router type. Spotipo gives you the exact values for the Meraki side: the splash URL to redirect guests to, and the domains to whitelist in the walled garden. Keep this tab open.

Step 2: Configure the SSID in Access control

Copying the portal domains into the Meraki walled garden exactly as specified is the step that breaks most setups.

In the Meraki dashboard, go to Wireless > Configure > Access control and select your guest SSID.

  • Under security, choose open or pre-shared key, depending on whether you want a WiFi password in addition to the portal
  • Under splash page, select Click-through. This may seem counterintuitive since your actual login might be email or paid access, but click-through is the mode that hands the flow to an external URL. The real login logic happens on the Spotipo page
  • Under advanced splash settings, set captive portal strength to "Block all access until sign-on is complete"
  • Set walled garden to enabled and enter the Spotipo domains from your dashboard into the walled garden ranges. Domains can include wildcards with an asterisk, and entries are separated by spaces or new lines

Double-check the walled garden entries match exactly what Spotipo specifies. This is the step that breaks most setups when skipped. Save your changes.

Step 3: Set the custom splash URL

Go to Wireless > Configure > Splash page, select the same SSID, choose the custom URL option, and paste the splash page URL from your Spotipo dashboard. While you're here, set the splash behavior for where users go after login. Save, and give the configuration a minute or two to push to your access points.

That's the entire Meraki side. When a guest connects, the AP redirects them to your Spotipo splash page with the grant parameters attached, the guest completes your login flow, and Spotipo authorizes the device back through Meraki. From the guest's perspective it's one smooth branded flow.

Step 4: Connect your marketing stack

The reason to run an external portal in the first place is what happens after login. In Spotipo, connect your email platform so captured guest data syncs automatically. Native integrations cover Mailchimp, Klaviyo, Hubspot, Brevo, Mailjet, Campaign Monitor and others, with Zapier for anything else. If building a marketing list is your primary goal, our guide on guest WiFi email capture covers how to structure the flow so every login becomes a usable contact.

Testing your Meraki captive portal

Testing on real iOS and Android devices confirms the redirect and login flow before the portal goes live.

Never call a captive portal deployment done without testing on a real device, and ideally on both iOS and Android, since they handle captive portal detection differently.

  1. Connect a phone to the guest SSID. The splash page should appear automatically within a few seconds.
  2. Complete the login flow and confirm you get internet access.
  3. If you're running email capture, confirm the entry appears in your Spotipo dashboard and synced to your email platform.
  4. To re-test, go to Network-wide > Monitor > Clients in the Meraki dashboard, select your test device, and revoke its splash authorization. The device drops back to unauthorized and sees the splash page on its next connection.

That last step beats forgetting MAC randomization exists and wondering why your phone sails straight online.

Common issues and how to fix them

When the splash page never appears, the break is almost always a missing walled garden entry.

The splash page never appears. Nine times out of ten this is the walled garden. Verify the portal domains are entered exactly as specified, and confirm the changes saved and pushed. Also check that the device wasn't already authorized from earlier testing.

The splash page appears but won't load properly. Usually a partial walled garden entry: the main portal domain is whitelisted but a resource domain isn't. Add all the domains your portal provider specifies, not just the first one.

Guests get disconnected and see the portal repeatedly. Check your splash frequency and session timeout values. If disconnections happen mid-session rather than at login, the issue may be at the wireless layer rather than the portal. Our guide to WiFi deauthentication codes explains how to read the disconnect reason codes and trace what's actually kicking clients off.

Devices without browsers can't connect. Game consoles, printers and similar devices can't interact with a splash page at all. Handle these with a separate PSK-protected SSID or client-specific policies rather than forcing them through the portal.

If you run Meraki deployments regularly, it's worth bookmarking a reference resource for this ecosystem; merakihotspot.com maintains a useful hub of Meraki hotspot and captive portal material that complements Meraki's own documentation.

Frequently asked questions

How do I set up a captive portal on Meraki?

Navigate to Wireless > Configure > Access control in the Meraki dashboard, select your guest SSID, and enable a splash page in click-through or sign-on mode. For the built-in portal, customize it under Wireless > Configure > Splash page. For an external portal like Spotipo, set the splash mode to click-through, enable the walled garden with the portal's domains, and enter the portal URL as the custom splash URL.

Does the Meraki captive portal support email capture?

Not natively in a marketing-usable way. The built-in splash pages handle click-through acknowledgment and credential-based sign-on, but capturing guest emails into a marketing list with automatic syncing to platforms like Mailchimp or Klaviyo requires an external captive portal. Spotipo adds email capture, custom fields and marketing integrations on top of standard Meraki hardware.

What is the walled garden in a Meraki captive portal setup?

The walled garden is a list of domains and IP addresses that guests can reach before completing the splash page login. When you use an external captive portal, the portal's domains must be added to the walled garden ranges, otherwise guests get redirected to a page their device is blocked from loading and the portal never appears.

Does a Meraki captive portal slow down guest WiFi?

No. The portal only intervenes at login. Once a device is authorized, traffic flows through your Meraki network normally, and speeds are determined by your internet connection and access points. Any bandwidth limits guests experience are ones you've configured deliberately, either in the Meraki dashboard or in your portal's session settings.

Can I use a captive portal with Meraki Go?

Yes. Meraki Go supports external captive portals through its own simplified configuration flow in the Meraki Go app, and Spotipo supports Meraki Go alongside the standard MR access point line and MX appliances. The setup steps differ from the full Meraki dashboard, so follow the Meraki Go specific guide.

Is guest data collected through a Meraki captive portal GDPR compliant?

The Meraki hardware itself is neutral here; compliance depends on how the portal collects and stores data. Spotipo shows explicit GDPR consent screens before data capture and hosts all guest data in the EU, which keeps deployments compliant for European venues without extra legal gymnastics.

Why isn't my Meraki splash page showing up when I connect?

The most common causes are missing walled garden entries, configuration changes that haven't finished pushing to the access points, or a test device that was already authorized during earlier testing. Revoke the client's splash authorization under Network-wide > Monitor > Clients and try again, and verify the walled garden domains match your portal provider's requirements exactly.

Get your Meraki captive portal running today

Meraki gives you excellent hardware and a dashboard that makes network management genuinely pleasant. Pair it with a capable external portal and your guest WiFi stops being a checkbox and starts being a channel: capturing emails, verifying phone numbers, selling access, and feeding your marketing tools automatically, all on the gear you already own.

Spotipo works with Meraki MR access points, Meraki Go and MX appliances, plus 30+ other router brands if your fleet is mixed. The setup wizard builds your branded splash page in minutes, and the steps in this guide cover the entire Meraki side of the configuration.

Start your free 14-day trial at spotipo.com and you can have a fully branded Meraki captive portal live on your guest network today, well before the trial clock becomes anything you need to think about.

Boost Your Business Revenue with our Guest WiFi Solution

Join the Partner Program