[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Captive-portals] Questions about PvD/API

Could an author of PvD help me understand the following questions for each of the diagrams below I found on the Internet -- which represent some typical hotspot configurations out there...

- Where would the API reside?

- Who 'owns' the API?

- How does the API keep in-sync with the NAS? Who's responsible for that (possibly multi-vendor, multi-AAA) integration?

1) Typical Hotspot service company outsourcing: http://cloudessa.com/wp-content/uploads/2013/08/shema-CaptivePortalSolution_beta2b.png

2) Same as above, except venue owns portal: http://cloudessa.com/wp-content/uploads/2013/07/solutions_hotspots-co-working-cloudessa_2p1.png 

3) Now consider the above, but the venue has more roaming partners and multi-realm RADIUS setup in their Cisco NAS: http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_0100111.html describes many options -- including separate MAC authentication sources, optional portals for 802.1x (RADIUS) authenticated users, and so much more... 

"Cisco ISE supports internal and external identity sources. Both sources can be used as an authentication source for sponsor-user and guest-user authentication."

Also note this interesting article:  the section Information About Captive Bypassing and how it describes how to avoid Apple captive portal detection!!! "If no response is received, then the Internet access is assumed to be blocked by the captive portal and Apple’s Captive Network Assistant (CNA) auto-launches the pseudo-browser to request portal login in a controlled window. The CNA may break when redirecting to an ISE captive portal. The controller prevents this pseudo-browser from popping up."