Differences Between Meraki & RADIUS Integration
Meraki
- Uses a Captive Portal (this is the same technology used in Coffee Shops and Hotels but much cleaner and less intrusive)
- Ability to publicly post passwords to a network allowing users to access the network, but not the internet.
- User gets a splash page or captive portal on the device, which prompts them to register for new membership or log in to an existing one at a space.
- Proximity system checks to see if membership registered for grants internet access or not. If it does it leverages Meraki's API to provision device for life of user's membership. User will not see splash page again as long as user has paid membership. As soon as user's membership expires their device is reprovisioned and user is kicked off network.
- This also works for drop-in members. They will be presented with the Captive Portal at the beginning of each drop-in prompting them to use a punch. If they activate a punch prior to joining the network and have been at the space before they will not see the Captive Portal because their device will already be provisioned with internet access when the punch is activated.
- For conference room bookings Meraki automatically creates a new SSID for guests for the duration of the reservation. Once the reservation is over Meraki tears down network.
Radius
- Uses WEP Enterprise Encryption (802.1x)
- User selects network and enters username and password (same login credentials to log into Proximity site)
- User can't log into the WiFi network if they don't have a username or password set up within the Proximity Network and have an active membership at the space that grants them internet access.
- It's recommended to have a secondary network just for onboarding new members. (Meraki is great for this!)
- It's recommended to "throttle" this onboarding network and cycle password once a month. Throttling the traffic on this network encourages members to move over to the RADIUS network as soon as they have an active membership.
- In the "New Membership" email the space manager can add copy to ask new members to join the RADIUS network.
- For resource reservation bookings RADIUS creates temporary credentials for guests which are emailed to the owner of the reservation, displayed in the web app to the manager and on the interior Panorama app. Guests log in using temporary username and password. These credentials are only good for the duration of the reservation.
- Once device has logged into network there's not a way to automatically kick that device off. However, the device will attempt to authenticate to the network after it sleeps, has left the space and in some cases when it moves between access points so this is usually not an issue.
Main Differences Between the Two
- RADIUS requires the user already have an active membership with access to the internet at the space. This is required because with an 802.1x authenticated network both a username and password are required, not just a shared password.
- RADIUS is a much more secure network because each user has a unique log in and all traffic is encrypted with the key from that user.
- The Meraki integration will work for both existing members and new users to the space. The shared password can be given to the new user and the Captive Portal will allow them to create a membership and then grant them access to the internet.