Aironet, Access Points, Client Adapters and software, Mobile and Outdoor Wireless, Antennas.
User avatar
dieselboy
Post Whore
Posts:
2670
Joined:
Tue Aug 05, 2008 6:36 am
Certs:
CCNP, CCNA Voice, SMB Select, Linux+

WiFi devices know they have restricted access

Thu Jun 14, 2012 3:33 am

How do Windows and Apple devices know that they "need to open a web page to complete authentication" when connecting to wireless networks?

For example, I connect to an unsecured, open network and Windows pops up a balloon notification telling me to open a browser.
When an Iphone connects, they open a separate Safari window which then closes once you have gained full network access.

I'm running a capture but have no Apple device to test with. Is this documented anywhere?
Sometimes, I sit with my headphones on without playing music.

User avatar
Teebor
Ultimate Member
Posts:
581
Joined:
Thu Jun 23, 2011 3:17 pm
Certs:
CCNA, CCNA Security

Re: WiFi devices know they have restricted access

Thu Jun 14, 2012 5:28 am

I've set up a few hot spots with web authentication but not seen that happen before. I'm guessing it is probably cause the hot spot redirects traffic to itself to authenticate you and windows picks up on that fact when it tests for connectivity
Networking is much like making love to a beautiful woman
Slide your equipment in to the rack, Stick your plug in the socket, and if you have done it right at the end everyone is happy

User avatar
dieselboy
Post Whore
Posts:
2670
Joined:
Tue Aug 05, 2008 6:36 am
Certs:
CCNP, CCNA Voice, SMB Select, Linux+

Re: WiFi devices know they have restricted access

Thu Jun 14, 2012 6:09 am

Teebor wrote:I've set up a few hot spots with web authentication but not seen that happen before. I'm guessing it is probably cause the hot spot redirects traffic to itself to authenticate you and windows picks up on that fact when it tests for connectivity


Exactly right mate. The iPhone connects back to apple.com and looks for a http web page. My controller redirects that http request so it ruins my design. Reason being is that the iphone then uses a separate web page for authentication which it then closes once access is granted. I have designed it to redirect the web page to a intranet page once authenticated and so this never happens.

I've configured a pre-auth URL to allow requests to Apple.com to try and fool the iPhone. Apparently it didn't work, but I'll test myself at some point.

A bit gay really.
Sometimes, I sit with my headphones on without playing music.

User avatar
S0lo
New Member
Posts:
46
Joined:
Mon Oct 27, 2008 9:39 am

Re: WiFi devices know they have restricted access

Tue Jul 03, 2012 4:51 am

dieselboy wrote:I've configured a pre-auth URL to allow requests to Apple.com to try and fool the iPhone. Apparently it didn't work, but I'll test myself at some point.


Google for "Captive portal". If you haven't seen it yet, this might help: http://www.cloudpath.net/workaround_iphone.php

I think I've seen that iphone popup but never saw a Windows popup. I think that the redirection detection is dependent on a DNS query that resolves to a wrong address (The web auth address). Once that happens, the iphone queries a cetain page in apple.com and if that returns an error, it displays that popup mini browser.

Reggle
Post Whore
Posts:
1733
Joined:
Sun May 15, 2011 4:16 pm
Certs:
CCNA Security, CCDA, CCNP

Re: WiFi devices know they have restricted access

Tue Jul 03, 2012 6:18 am

It's port 80 related alright. If you firewall a Windows 7 on port 80 it will complain about limited connectivity, even if everything else works. Same for that Captive Portal.
http://reggle.wordpress.com

User avatar
S0lo
New Member
Posts:
46
Joined:
Mon Oct 27, 2008 9:39 am

Re: WiFi devices know they have restricted access

Wed Jul 04, 2012 5:05 am

Reggle wrote:It's port 80 related alright. If you firewall a Windows 7 on port 80 it will complain about limited connectivity, even if everything else works. Same for that Captive Portal.


Does this mean that on a captive portal, if some one tries to connect to some thing other than port 80, say FTP or a website on port say 8080, it would work WITHOUT AUTHENTICATING. Or am I totally not following you? :?

Reggle
Post Whore
Posts:
1733
Joined:
Sun May 15, 2011 4:16 pm
Certs:
CCNA Security, CCDA, CCNP

Re: WiFi devices know they have restricted access

Wed Jul 04, 2012 8:22 am

No, it will not work at all. If you open FTP or an e-mail client on a wireless with captive portal, and you haven't logged in yet, no connections will form. In fact, until you authenticate, usually all ports except for 80 (perhaps 443 with again the redirect) are blocked.
http://reggle.wordpress.com

User avatar
S0lo
New Member
Posts:
46
Joined:
Mon Oct 27, 2008 9:39 am

Re: WiFi devices know they have restricted access

Wed Jul 04, 2012 10:41 am

Reggle wrote:No, it will not work at all. If you open FTP or an e-mail client on a wireless with captive portal, and you haven't logged in yet, no connections will form. In fact, until you authenticate, usually all ports except for 80 (perhaps 443 with again the redirect) are blocked.


Then I assume you meant that the Iphone would display the mini log-in if it wasn't able to reach a certain webpage (via port 80 offcourse). But again that could happen because of a different cause than NOT being authenticated. I mean there has to be a DNS redirection first (i.e apple.com resolves to the Auth IP), or am I wrong?

'

Return to Cisco Wireless

Who is online

Users browsing this forum: Yahoo [Bot] and 4 guests