[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] Questions about PvD/API

Per my understanding, the part of the system that returns the PVD information needs to be in sync with the network elements that are responsible for dropping unauthenticated users' packets and redirecting plaintext HTTP requests to the portal login page. If the two are not in sync then it is a configuration error.

To the untrained eye, this does not seem different from saying that the part of the system that handles billing and authentication needs to be in sync with the network elements. For example, it would be bad if the user paid for service and then couldn't use the network.

On Wed, Aug 16, 2017 at 9:19 AM, Erik Kline <[email protected]> wrote:
Randomly selecting Tommy and Eric so this bubbles up in their inbox.

On 2 August 2017 at 10:36, David Bird <[email protected]> wrote:
> Could an author of PvD help me understand the following questions for each
> of the diagrams below I found on the Internet -- which represent some
> typical hotspot configurations out there...
> - Where would the API reside?
> - Who 'owns' the API?
> - How does the API keep in-sync with the NAS? Who's responsible for that
> (possibly multi-vendor, multi-AAA) integration?
> 1) Typical Hotspot service company outsourcing:
> http://cloudessa.com/wp-content/uploads/2013/08/shema-CaptivePortalSolution_beta2b.png
> 2) Same as above, except venue owns portal:
> http://cloudessa.com/wp-content/uploads/2013/07/solutions_hotspots-co-working-cloudessa_2p1.png
> 3) Now consider the above, but the venue has more roaming partners and
> multi-realm RADIUS setup in their Cisco NAS:
> http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_0100111.html
> describes many options -- including separate MAC authentication sources,
> optional portals for 802.1x (RADIUS) authenticated users, and so much
> more...
> "Cisco ISE supports internal and external identity sources. Both sources can
> be used as an authentication source for sponsor-user and guest-user
> authentication."
> Also note this interesting article:  the section Information About Captive
> Bypassing and how it describes how to avoid Apple captive portal
> detection!!! "If no response is received, then the Internet access is
> assumed to be blocked by the captive portal and Apple’s Captive Network
> Assistant (CNA) auto-launches the pseudo-browser to request portal login in
> a controlled window. The CNA may break when redirecting to an ISE captive
> portal. The controller prevents this pseudo-browser from popping up."
> _______________________________________________
> Captive-portals mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/captive-portals

Captive-portals mailing list
[email protected]