When an SSID is configured with Sign-On Splash page enabled, which two settings must be configured for unauthenticated clients to have full network access and not be allow listed? (Choose two.)

When an SSID is configured with Sign-On Splash page enabled, which two settings must be configured for unauthenticated clients to have full network access and not be allow listed? (Choose two.)
A . Controller disconnection behavior
B . Captive Portal strength
C . Simultaneous logins
D . Firewall & traffic shaping
E . RADIUS for splash page settings

View Answer

Answer: AD

Explanation:

When configuring an SSID with a Sign-On Splash page, to ensure that unauthenticated clients do not have full network access and are not added to the allow list (also known as a whitelist), you would need to adjust settings that relate to client access and network security post-authentication. The two settings that are relevant in this context are:

Controller disconnection behavior

This setting determines what happens if the connection between the access point and the controller (in this case, the Meraki cloud) is lost. If set to restrict access, unauthenticated clients would not be able to access the network if the AP cannot verify their status with the controller.

Firewall & traffic shaping

By configuring firewall and traffic shaping rules, you can restrict network access for unauthenticated clients. Even if they bypass the splash page, they wouldn’t be able to access the network fully without proper authentication if the rules are set to block or limit traffic.