Guest Access Blocked
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2016 04:23 PM
I am trying to deploy a Guest Network using ZoneDirector 9.12.2.0 build 204 and a couple T300 Access Points.
I created a WLAN called FYL and everything works fine on Standard Usage. But I want to set up a captive portal page with Guest Access. It seemed to work once on my iPhone, but now it never gives me a portal page and doesn't give me any internet connectivity. If I switch it back to Standard Usage.. it works again.
I do notice that under Monitor/Wireless Clients, it shows my phone (with a valid IP, the same in fact, as when I am connected with Standard Usage) connected to the correct WLAN, but it says Status of Unauthorized and Auth Method as Web. I am using Open authentication and no encryption at the moment.
I have been through these configs over & over and I can't find my problem. I have read many web setups and mine isn't any different than those recommended. Any tips or directions would be greatly appreciated.
-Steve
I created a WLAN called FYL and everything works fine on Standard Usage. But I want to set up a captive portal page with Guest Access. It seemed to work once on my iPhone, but now it never gives me a portal page and doesn't give me any internet connectivity. If I switch it back to Standard Usage.. it works again.
I do notice that under Monitor/Wireless Clients, it shows my phone (with a valid IP, the same in fact, as when I am connected with Standard Usage) connected to the correct WLAN, but it says Status of Unauthorized and Auth Method as Web. I am using Open authentication and no encryption at the moment.
I have been through these configs over & over and I can't find my problem. I have read many web setups and mine isn't any different than those recommended. Any tips or directions would be greatly appreciated.
-Steve
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2016 11:14 AM
It's the iPhone. When setup for captive portal, meaning you must open a browser to get redirected thru possible T&C page or targeted landing page.
Apple Captive Network Assistant (CNA) is a pre-auth test program trying to see if you have Internet access, and is not letting you use a Browser in order to be re-directed correctly.
See KBA-2368: When should I bypass CNA feature.
Smartphone users prefer to use WiFi on their handhelds because of its speed. When a user connects to guest wireless networks, most of the times they are required to provide either a guest pass or a user id/password.
Here are the typical steps in connecting a guest network:
1. Choose the desired wireless network from a list of wireless networks
2. Open a browser and enter the necessary credentials
Users sometimes ignore the second step above and wonder why their apps and email are not working. To avoid such confusing situations to their users, Apple came up with a feature called Captive Network Assistant. This feature unnecessitates opening a browser and causes the device to automatically prompt the user to provide credentials using a pseudo browser.
As you can see this is a great feature and takes out lot of confusion from user's point of view. But it can create couple of issues mentioned in the Troubleshooting Steps above. Apart from that CNA pop is not a fully functional browser.
If your users are reporting any similar issues, it is better to bypass the CNA and check how the connectivity goes.
This bypass feature can be found under the WLANs configuration page on the ZD. It allows to choose the bypass feature by SSID type - Guest, Captive Portal (Web Authentication), and Hotspot.
If you prefer to use CLI to enable the CNA bypass, use the following commands:
1.To enable the feature:
ruckus# conf
You have all rights in this mode.
ruckus(config)# sys
ruckus(config-sys)# bypasscna Enter the WLAN services type (for example, web-auth, guestaccess, wispr).
2.To disable the feature:
ruckus(config-sys)# no bypasscna
Apple Captive Network Assistant (CNA) is a pre-auth test program trying to see if you have Internet access, and is not letting you use a Browser in order to be re-directed correctly.
See KBA-2368: When should I bypass CNA feature.
Smartphone users prefer to use WiFi on their handhelds because of its speed. When a user connects to guest wireless networks, most of the times they are required to provide either a guest pass or a user id/password.
Here are the typical steps in connecting a guest network:
1. Choose the desired wireless network from a list of wireless networks
2. Open a browser and enter the necessary credentials
Users sometimes ignore the second step above and wonder why their apps and email are not working. To avoid such confusing situations to their users, Apple came up with a feature called Captive Network Assistant. This feature unnecessitates opening a browser and causes the device to automatically prompt the user to provide credentials using a pseudo browser.
As you can see this is a great feature and takes out lot of confusion from user's point of view. But it can create couple of issues mentioned in the Troubleshooting Steps above. Apart from that CNA pop is not a fully functional browser.
If your users are reporting any similar issues, it is better to bypass the CNA and check how the connectivity goes.
This bypass feature can be found under the WLANs configuration page on the ZD. It allows to choose the bypass feature by SSID type - Guest, Captive Portal (Web Authentication), and Hotspot.
If you prefer to use CLI to enable the CNA bypass, use the following commands:
1.To enable the feature:
ruckus# conf
You have all rights in this mode.
ruckus(config)# sys
ruckus(config-sys)# bypasscna
2.To disable the feature:
ruckus(config-sys)# no bypasscna
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2016 01:24 PM
That all makes sense.
I went into the ZD and checked all but Social media. With no change. There is no authentication at this point to enter.
I am also having the same problem on a Windows Surface machine.
I went into the ZD and checked all but Social media. With no change. There is no authentication at this point to enter.
I am also having the same problem on a Windows Surface machine.
OS/Type Host Name User/IP Role WLAN Status Auth Method iOS iPhone x.x.x.13 FYL Unauthorized WEB
Windows 8/10 Surface x.x.x.17 FYL Unauthorized WEB
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2016 01:35 PM
If I forego the Guest Access and use Standard Usage, it works on both devices. But, if I leave it in Standard Usage, and "Enable Captive Portal/Web Authentication" neither device can access the internet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2016 04:14 PM
How about when you open a browser after connecting to the network?

