Bug - mobile configs in wifi captive portal state

Similar Messages

• Apple TV (2nd gen) Support WiFi Captive Portals?

  I can connect to the WiFi but cannot get to he Internet due to the WiFi captive portal.  My iPhone/iPad connect fine. How can one do this via Apple TV? Btw, the provider doesn't support a MAC ACL. It's browser login or nothing.

  Sorry, AppleTV does not support conncetion via a browser login.

• Wifi captive portal not working 10.10.2

  Just updated to 10.10.2 and cannot use FON or any other captive portal wifi. It does connect to the wifi router and dhcp completes, but I neither get the popup from apple, nor can i navigate to a login page from a browser.
  This is the first time in 6 years that OSX has been unusable for me but it is a disaster!

  After experimenting with the network assistant on my own FON portal I got to the point where it told me to restart my router. After that, I was able to connect. Obviously I cannot restart any other captive portal I come across, but pass this on in the hope that it helps.
  What does network assistant do just ahead of asking user to restart router - does it delete / reset anything specific?

• Bug in wifi/wireless connection with captive portal in UK/London ?

  With my macbook pro (10.6.4) & iphone (iOS 4), I do not manage to have an easy connect on free wifi captive portals in London. They all are new connections (unknown networks before).
  * dhcpd lease seems to be instable. I can get wifi connection (with good wifi signal strength) but most of the time get a "non-allocated" lease like 169.254.57.x/24 without any router/dns. A few rare times, the dhcp server give a me a complete ip connection.
  * in the rare case where IP connection could established, I was not redirected to the captive portal. I had to manually enter its address (in my case <IP>:8000, you need to guess) and even after authentication, I can't browse the Internet. In one of my test, I managed to resolve dns entry but can't browse the web.
  I tried during an hour and I couldn't make it on work on my Macbook. work a small time with the iPhone.
  tested in McDo free wifi and Airbox Public Wifi of EasyHotel (Airbox system). also have problem with "Wifi Zone - The Cloud".
  ok in Starbucks and in St Pancras Free Wifi.
  Found these threads which could be related but no real solutions:
  http://discussions.apple.com/thread.jspa?messageID=11875166&#11875166
  This is probably the router's fault but I can't check this.

  Hmm...pretty interesting. What redirection mode did you use for m0n0wall? (http or dns) Have you tried disabling the NAT on the router as well as unchecking the block anonymous internet requests on the security tab?
  I have a similar setup on a T1----media converter----WRT54G setup. Basically, the router was able to get public wan ip addresses on the status page. So do the computers behind it (wired and wireless) but they aren't online. We pinged the three dns numbers on the router, only 1 replied. Now, the ISP has Cisco all-access installed on the converter (quite similar to captive portal) and it shows up on every computer when we try to go online. We open up the browser, it prompts for the authentication. We fill-in the details but still it doesn't go online. Bottom line was we cloned the mac of the main computer and they didn't need to authenticate...but then again it defeats the purpose of the software.
  Also, the router was set as a DHCP server with NAT enabled. I'm thinking that the router's firewall still blocks your computers even when it's already set as a switch. Try to disable the NAT and see if it works.

• Je n'arrive plus à me connecter au réseau wifi pro depuis la mise à jour IOS 6 'erreur netinary captive portal'

  Depuis la mise à jour IOS6 sur mon iphone4, je ne capte plus le réseau wifi de mon entreprise (page vierge avec le message netinary captive portal). Par-contre je me connecte bien sur ma Livebox.
  J'ai déjà réintialiser les réglages réseaux, passer le proxy en auto, oublier le réseau, bref je ne sais plus quoi faire. Des solutions ?

  Je ne pense pas que vous trouverez un pilote mis à jour pour la carte Cisco comme ils ont été abandonnés. 
  The 2004 driver is probably the lateset one.
  Merci,
  Scott
  Aider les autres en utilisant le système de notation et de marquage répondent aux questions comme "répondu"

• Captive Portal with Wireless Mobility

  Has anyone successfully configured a captive portal/proxy while maintaining their WDS infrastructure?
  We're wanting to make users accept a user agreement before being able to progress to the outside world. We're currently using m0n0wall to accomplish this on our wired network, but with the interesting way that the wireless traffic actually enters the network through the tunnel/loopback int its creating some confusion for me.
  Can it be as simple as changing the tunnel source to a VLAN instead of a loopback? Anyone have any insight?

  The Captive Portal is used to control what happens when an application request, layers 5-7, is redirected to Layer 3-4 (i.e. when the destination IP address or port number of a request from an application is changed, and the application layers in the protocol request still have the previous IP address or domain and port number encode in them). This is analogous to the Network Address Translation (NAT) function performed by a router.
  http://www.cisco.com/en/US/tech/tk722/tk721/technologies_white_paper09186a00801a0c62.shtml

• Anyconnect 3.1 Captive Portal False Alert Stops Users Connecting.

  Hi All,
  I am having problems with a customer's ASA 5505 with Anyconnect 3.1 - it is generating captive portal false-alerts which are stopping users from connecting.
  This issue began when I upgraded from Anyconnect 2.4 to 3.1, and it appears like this: A user downloads and installs the Anyconnect client and is able to connect fine, to begin with. However, once they reboot their computer and try to reconnect, the VPN session will not come up and they receive the error message below.
  "The service provider in your current location is restricting access to the internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser."
  Reading other posts, it seems this message appears when a captive portal is restricting internet access. It must be a false alert in this case as there is nothing of the sort here. Apparently, Anyconnect 3.1 can generate a false alert like so if the name of the firewall's SSL certificate doesn't match the CName listed on the Client Profile. I've set this up to match, to no avail.
  Although users can connect by reauthenticating through the SSL VPN login web page, I am stumped as to how to get rid of this captive portal error that pops up when they try to use the Anyconnect client.
  Any advice would be appreciated, just let me know what extra details to post if needed.
  Many thanks,
  Josh Campbell

  Hi Joshua,
  The below information could be located at
  www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html
  False Captive Portal Detection
  AnyConnect can falsely assume it is in a captive portal in the following situations.
  •If AnyConnect attempts to contact an ASA with a certificate containing an incorrect server name (CN), then the AnyConnect client will think it is in a "captive portal" environment.
  To prevent this, make sure the ASA certificate is properly configured. The CN value in the certificate must match the name of the ASA server in the VPN client profile.
  •If there is another device on the network before the ASA, and that device responds to the client's attempt to contact an ASA by blocking HTTPS access to the ASA, then the AnyConnect client will think it is in a "captive portal" environment. This situation can occur when a user is on an internal network, and connects through a firewall to connect to the ASA.
  If you need to restrict access to the ASA from inside the corporation, configure your firewall such that HTTP and HTTPS traffic  to the ASA's address does not return an HTTP status. HTTP/HTTPS access to the ASA should either be allowed or completely  blocked (also known as black-holed) to ensure that HTTP/HTTPS requests sent
  There is also a bug filed for this. Just for your reference,
  CSCud17825 - Anyconnect captive portal
  Regards,
  Srikanth K S.

• ISE captive portal timeouts and radio policy

  Hello!
  I have two questions.
  First, have some of you guys worked with the captive portal in ISE (guestportal)?
  I have set up a new wireless network for a customer and they want to use the guest portal for som users.
  The problem that I am expering is that on a particular site with many small buildings user complains that they have to reauthenticate using the webportal when moving between the buildnings.
  I have tired extending the idle user timeout on that particular wlan in the cisco 5508, but I still having this problem.
  I would actually like if the user login via the guestportal at the beginning of the work day and after say 4-5 hours they have to reautencitcate.
  And if they loose network connectivity (moving between buildings, iphone/andriod shutting down wifi adapter, etc) they shuld be fine connecting again because they have aldready authecnticated once during the last 4-5 hours.
  Is this possible via the ISE?
  My second question deals with 2.4 and 5 Ghz band.
  I use AP groups on each of my distribution areas. All groups have the same SSID but diffrenet egress interfaces (interfaces groups).
  And in some of these I want to save the 5 GHz band for voice over wlan and in others i would like to use both bands.
  Do I have to create diffrent wlan profiles with diffrent radio policys and same SSID or could I do this in the AP group settings using RF-profiles?
  Hope for some help!
  //Simon

  Your first answer  is there is no such option in ISE till now there you can specify the login time fix for a client. If the client disconnect from the network and reconnect again, it require re-authentication Every time.
  2nd : You can use the AP group settings using RF-profiles to achieve this task.1st: There is no such option in ISE till now there you can specify the login time fix for a client. If the client disconnect from the network and reconnect again, it require re-authentication Every time.
  your seconde answer : You can use the AP group settings using RF-profiles to achieve this task.

• Laptop no longer loads Captive Portal following Windows 8.1 upgrade

  Since upgrading to Win 8.1 from Win 8, I no longer see a captive portal displayed whenever I try to connect to a wireless network that requires additional login information.  Some WiFi networks require you to click their Terms and Conditions box
  or add some additional logon information and they splash up a Captive Portal screen to allow you to enter the information.  Without entering this information I receive an IP address for my wireless adapter ok, but end up with a "Limited Internet"
  connection.  Which means I cannot connect to the Internet at all.  This exact same problem has happened to two colleagues of mine that recently upgraded to Windows 8.1 on their laptops.  Any help will be much appreciated.

  Hello Grantlsmith,
  Do you receive any error message when you connect to a wireless network that requires additional login information?
  Or you just connect to the Wi-Fi with limited Internet, and nothing pop up?
  Please take the following steps for troubleshooting:
  1. Please provide the result of the command ipconfig –all
  2. Ping the IP address of URL and check if we can contact.
  3. Type in the URL that can use in Windows 8 and check if we can open the Captive Portal
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Captive Portal not working correctly

  I've seen issues with our wireless systems on WebOS devices running the latest software. If I try and use the HP Tablets with a captive portal log on. I can put in my creds to login hit submit, but nothing happens. Reviewing a sniff trace of the transaction I see "you have reached this page because you browser does not support standard http redirection commands"
  My concern is most people are probably hitting the same issue based on what I have read thus far.

  I am also having trouble with a captive portal on my school's (UC Berkeley) wifi network.
  I can get to the login page, and enter my credentials, but after hitting "submit," nothing happens.
  The little blue bar loads, and completes, but the page stays the same.
  Any answers to this?

• How can I change the re-direct URL on the WebKit for Captive Portals?

  Hi,
  I have a guest network at the office that is configured with a captive portal for authentication. My MBP detects that it is behind a Captive Portal when the HTTP WISPr request fails and launches the WebKit (ie. the CNA) as designed and displays the login page. When the login is successful, the Captive Portal displays a success and the WebKit then proceeds to re-direct the browser to http://www.apple.com
  Of late, Apple's homepage has become graphic rich and more often than not, loading the page without caching (since the webkit does not cache the webpage loaded) loading Apple's homepage on the guest network takes over 30-90 seconds depending on the traffic on the network. The OS does not allow me to use the network till the page on the webkit has successfully loaded and the "Done" button appears on the webkit and this often becomes irritating.
  Is there a method to change the redirect URL to something less resource hungry like http://www.google.com or a less graphic rich Apple page (like http://www.apple.com/library/test/success.html)?
  I understand that there is a method to disable Captive Portal Handling, ie.
  sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -boolean false
  However, I don't want to disable Captive Portal Handling in the OS as I don't believe Apps that require internet access will handle the lack of the internet well.
  Any hints would be appreciated.
  Cheers!

  Hey again,
  I did have a look at it and the Settings.plist file isn't very helpful for the issue I have.
  The file defines the probes and exceptions. So you have the default probe WISPr URL in there (http://www.apple.com/library/test/success.html) and the exceptions for specific SSIDs, as an example, attwifi is in the exception list and uses an alternate probe WISPr URL (http://attwifi.apple.com/library/test/success.html). The configuration does not have parameters that would be used by the CNA for the redirect to http://www.apple.com after a succesful Captive Portal login.
  Give it a shot on your laptop, get to a random public wifi like ATT Wifi/Starbucks/Guest Wifi's at office spaces/Boingo etc. and after the successful login, your CNA Webkit will re-direct to http://www.apple.com and the "Done" button won't appear till the page has completely loaded and stays as "Cancel" till the page is loaded.

• Allowing Airwatch MDM access to the Captive-Portal guest users in pre-auth role for android and BB?

  Requirement:
  How to allow Airwatch MDM access to the Captive-Portal guest users in pre-authentication role for Android and Blackberry devices?
  What is Airwatch MDM?
  Airwatch MDM is Mobile Device Management. The Airwatch is an enterprise which helps to manage and secure data traveling through the mobile devices like Laptops, Tablets, Android, iPhones, iPads etc.
  Solution:
  Why we need to allow access to Airwatch MDM?
  The network administrator can force the guest users to register to Airwatch MDM before they get authenticated and access the internet. So that the network administrator could manage the guest devices through Airwatch Management tool. This can be achieved by CPPM server. To download the Airwatch MDM app and register with the Airwatch MDM server certain domains should be permitted in the captive portal pre-authentication role. This KB provides the configuration steps to allow the guest users to download the Airwatch MDM app and register with the Airwatch MDM server.
  Configuration:
  Below is the configuration
  Configuration steps:
  1. Create the following netdestinations
  netdestination Airwatch
    name *.awagent.com
    name *.awmdm.com
    name air-watch.com
  netdestination Google-Play
    name android.clients.google.com
    name .ggpht.com
    name gstatic.com
    name accounts.google.com
    name clients1.google.com
    name clients2.google.com
    name clients3.google.com
    name clients4.google.com
    name i.ytimg.com
    name google-analytics.com
    name .1e100.net
    name android.l.google.com
    name mtalk.google.com
    name clients.l.google.com
    name googleapis.com
    name gvt1.com
  netdestination BlackBerry
    name *.blackberry.com
  2. Now define the rules in the session acl and map it to the pre-authentication Role of the captive portal.
  ip access-list session Airwatch_Access
    any   alias Airwatch svc-http  permit
    any   alias Airwatch svc-https  permit
  ip access-list session Google-Play-Store
                 any   alias Google-Play any permit
  ip access-list session BlackBerry-Access
                 any   alias BlackBerry any permit
  3. Now map the session ACLs to captive-portal pre-authentication Role as follows
  user-role Guest-Pre-Auth-Role
   access-list session Airwatch_Access
   access-list session Google-Play-Store
   access-list session BlackBerry-Access
   access-list session logon-control
   access-list session captiveportal
  4. Now whitelist the list of domain names in the Captive Portal profle
  aaa authentication captive-portal Airwatch-Captive-Portal-Profile
  white-list Airwatch
  white-list Google-Play                                                                                ------------>Netdestinations where you defined the Domains.
  white-list BlackBerry
  Verification
  Now the user will be placed under the "Guest-Pre-Auth-Role" before the authentication. The user can now go the Google Play-Store or BlackBerry Appworld to download the Airwatch MDM and register to Airwatch Management Server.

  Thanks so much getting these names listed out. I have been working on this very issue for a few weeks and was basing my firewall rules on IP's. It was not going well. Now access is working and testing can commence!  Thanks,Chris

• IOS 6 Wi-Fi Issue (Campus Captive Portal)

  Hey there,
  I know some of people facing Wi-Fi connection problems after iOS 6 update.
  There are a lot of threads and solutions about this problem. But mine is bit different.
  I have an iPad and after i update to iOS 6 there wasn't any issue about Wi-Fi connection.
  I surfed all day long , upload and download many thing using my home Wi-Fi network.
  Today I couldn't connect to my campus' Wi-Fi network. I turned on my phone's hotspot
  and iPad connected to my phone's cellular based network just fine. I tried to connect directly with my phone to campus' network and my phone also connected just fine. When i searched the web i saw a lot of Wi-Fi issue thread about iOS 6. I have read all of them but my problem is bit different.
  My campus' network is using a Captive Portal thing to get internet access. So you have to enter your user id and password after you connect wirelessly.
  When i was using iOS 5.1.1 iPad was connecting to network automatically and waiting for me to open safari or chrome and enter my id and password.
  But now after i joined to network a window pops up and and wants me to enter id and password (not an apple page, my own university page) and at the same time connection drops and wi-fi icon get lost so my log-in info can't send. I open and wi-fi panel and connect again and same thing occurs. Pop-up window and connection lost. This is a vicious cycle i think and everybody using iOS 6 in my campus facing same problem. iPhone iPad iPod Touch users can not connect because of this problem.
  I have done everything that written about common Wi-Fi issue.
  I am sorry about my broken English BTW.
  Waiting for your help.

  If you experiencing the above subject heading, please read below
  Go to Settings, General, About
  Scroll down till you see Modem Firmware
  Reply Back with your Modem Firmware
  Modem Firmware: 04.12.02
  Wireless Access Point Device: NetGear WG102 which is superceded by NetGear WG103.
  I have Firmware 5.0 for this device
  Also check your IOS Version and (BUILD)
  If your Modem Firmware is LESS than the above, then you have the same problem as myself and many others with Wireless Connectivity issues to WAP's
  It is my understanding, unless im proven wrong by anyone with my above findings, this can only be fixed by APPLE. I have reported this as a BUG
  Please REPLY only to this thread if you're criteria is less than the MODEM FIRMWARE listed
  Im checking to see if i can be proven wrong in my findings.
  I have performed the below
  Backup Phone
  Factory Reset
  Network Reset
  Hard Reset
  Soft Reset
  Apply Store in Australia, Sydney CBD George St have tried the above with meand cant help either.
  Apple support via the phone cant help. This problem has now been logged as a BUG for the time being.

• Auto pop-up for wispr in any captive portal won't work anymore

  Hi all,
  I really like the captive portal function. I am often at Starbucks, and I like the easy way to accept the user agreement.
  But, since some weeks, the auto pop-up to see the captive portal won't show ... neither Starbucks nor somewhere else!
  At Starbucks ....
  1. I tried to delete the btopenzone WiFi (the provider for Starbucks free WiFi) but nothing changed.
  2. I tried to set up another networking zone, won't help either.
  3. I searched the web, but all I could see is, that there is not really a way to disable it (but changing the website in plist somewhere).... 
  4. I  tried to find a way to just disable or enable it... but was not lucky
  Hope anyone can help me, cause I really like the feature.
  Thanks...
  Michael.

  Hi DelBaero,
  So, it sounds like push notifications are working intermittently. Take a look at the article linked below, not only does it give insight into how notifications work, it also provides some troubleshooting tips that should help.
  iOS: Understanding notifications
  http://support.apple.com/kb/ht3576
  Troubleshooting notifications
  Push notifications require an active Wi-Fi or cellular connection.
  Note: Notifications use Wi-Fi only when a cellular connection is unavailable. Firewalls and proxy servers may affect your ability to receive notifications. For more information, see Unable to use Apple Push Notification service (APNs).
  If you're not receiving notifications for a specific app, try these steps:
  Verify that the app supports notifications.
  After installing an app or restoring a backup to a different iOS device, open the app to begin receiving notifications. If the app requires entering or logging in to an account, you will need to do this before receiving notifications.
  Check Settings > Notification Center to ensure that the app is configured for notifications. If notifications do not appear in the Notification Center, verify that the Notification Center setting for the app is enabled.
  -Jason

• Trouble accessing a "Captive Portal"

  Recently I was unable to access a WiFi network at a commercial location. Their tech services were baffled because other users were having no trouble at all. They told me that several other Mac users had been unable to log on as well. After I got home I read up on this and found that they were using a Captive Portal to redirect my log on. Googling these terms I find others with Macs asking for help but getting no response. One poster suggested it was a problem that began with an upgrade to Snow Leopard.
  I'm using 10.6.6 and frustrated with my inability to log in. Can anyone suggest a solution.
  MacTrekker

  I can't say for certain what is going wrong in your case but I can confirm it is possible to do an ARD connection i.e. Screen Sharing to a remote user connected via a VPN. The way we do this is to get the user to connect to the VPN server (a Mac OS X Server), then on the Mac OS X Server in Server Admin see what IP address they have been allocated by the VPN server, then tell ARD Admin to connect to that IP address.
  This works fine for me.
  The IP address will be a 'local'  to the ARD and VPN machines IP address it would not be the remote public or private IP addresses.