Wireless Access

Hi guys, is there a way or a setting to open the captive portal automatically without the need of the end user to browse to a http website? I have seen different behaviors in different networks but i am not sure what is people doing to either force the browser to open automatically after the user connects to the ssid with a captive portal or open a new tab automatically with the captive portal webiste.

 

 

It should happen automatically.  Apple and android try to get a http page from a specific website and when they cannot reach it, the captive portal is opened.  When was your captive portal page created?

Behavior varies greatly by device type, OS version, captive portal services, etc.

Please provide more details about your environment.

My captive portal is running in clearpass (self registration or weblogin form i have tried both), Windows 8 my OS i have tried with Firefox, Chrome and Internet explorer. It is my lab environment so i am not sure if these browsers are trying to reach a specific webiste in order to automatically open the captive portal. I will run a packet capture to check what is doing in the background each browser

Windows 10 added an auto browser launch feature when in a captive portal
state. Prior to 10, it's hit or miss unfortunately.

I tested on my lab and i got it working, here is why it was not working before (my dns was not responding to that query because it had no internet access) and why it is working now

 

172.16.1.42 Client

192.168.250.50 DNS server

 

 

 1. Client send a query to dns server asking for www.msftncsi.com

 

2. DNS server replies the query

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access it fails

*** attaching this image to show what the txt file looks like***

 

5. Computer now tries to go to www.msftncsi.com/redirect

6. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

7. Guest now knows that it need to go to the captive portal.

Hi, it is working now, i tested it on my lab, the reason it was failing before was i didn't have internet in my lab so the queries where not replied by my dns server

 

172.16.1.42 Client
192.168.250.50 DNS server

 

1. Client send a query to dns server asking for www.msftncsi.com

 

2. DNS server replies the query

 

 

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails

 

****attaching this just to show what the txt looks like***

 

4. Computer now tries to go to www.msftncsi.com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

 

6. Guest now knows that it need to go to the captive portal.

It is working now, attached a word document with the packet capture... they reason it was not working before was that i didn't have internet and my dns server didn't know how to response the queries.

 

172.16.1.42 Client
192.168.250.50 DNS server

 

1. Client send a query to dns server asking for www.msftncsi.com

2. DNS server replies the query

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails

4. Computer now tries to go to www.msftncsi.com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

6. Guest now knows that it need to go to the captive portal.

 

 

ricardoraul, I'm dealing with this right now with Apple devices. Not sure if you have any Apple devices on your network, but ever since 6.4.4.10, you need a publicly signed certificate installed on your controller for the Apple Captive Portal Assistant to pop up automatically. 

 

I have one installed, and am getting the pop up, but logging-in is now a problem. Ive finally got an appt with TAC at 12:30 today. I'll provide updates.

It is working now, it was not working before because i had no internet access and my dns didn't have forwarders so it didn't know how to reply to the queries

 

172.16.1.42 Client
192.168.250.50 DNS server

 

1. Client send a query to dns server asking for www.msftncsi.com

 

2. DNS server replies the query

 

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails

 

***attaching this to show how the txt file looks like***

 

4. Computer now tries to go to www.msftncsi.com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

 

6. Guest now knows that it need to go to the captive portal.

I am trying to post the solution and the packet capture but not sure why it is dissapearing, probably i need to read the forum rules... but i have the answer, will try to post it again

How can i post the packet capture (.doc file or pdf)

 

1. Client send a query to dns server asking for www .msftncsi. com

2. DNS server replies the query

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails
*** attaching this image to show what the txt file looks like***

4. Computer now tries to go to www. msftncsi. com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

6. Guest now knows that it need to go to the captive portal.

It is working now, the reason it was not working was i didn't have internet and my lab dns server didn't know how to reply the dns queries

 

172.16.1.42 Client
192.168.250.50 DNS server

 

1. Client send a query to dns server asking for www.msftncsi.com

 

2. DNS server replies the query

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails

***attaching this images to show how the txt file looks like***

4. Computer now tries to go to www.msftncsi.com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

 

6. Guest now knows that it need to go to the captive portal.

I am trying to attach my post with the packet capture images and it is not working, also tried the .doc and it is not working either, but here is a step by step of what happens in the background

 

It was not working before because i didn't have internet access or forwarders configured on my DNS server so it didn't know how to reply to the queries

 

1. Client send a query to dns server asking for www.msftncsi.com

2. DNS server replies the query

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails

4. Computer now tries to go to www.msftncsi.com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

6. Guest now knows that it need to go to the captive portal.

1. Client send a query to dns server asking for www .msftncsi. com

2. DNS server replies the query

3. Computer tries to download ncsi.txt (it is expecting to see Microsoft NCSI inside that txt) from that address but since it has no internet access yet it fails
*** attaching this image to show what the txt file looks like***

4. Computer now tries to go to www. msftncsi. com/redirect
5. WLC spoofs the destination IP address and send a http 302 “temporarily moved”

6. Guest now knows that it need to go to the captive portal.