No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN Troubleshooting Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Implementation of Portal Redirection

Implementation of Portal Redirection

Principles of Portal Redirection

Portal redirection enables the system to automatically display the authentication page to control STA access to HTTP or HTTPS websites if the authentication fails. To implement this function, the device intercepts HTTP (TCP port 80) or HTTPS (TCP port 443) traffic, establishes a TCP connection with the terminal by pretending to be the destination IP address that the terminal attempts to access, and redirects the terminal to an authentication page. Portal redirection is the first phase of Portal authentication. However, some clients can directly submit the user names and passwords to the Portal server without having to undergo Portal redirection.

In wireless scenarios, Portal redirection is implemented by APs.

Portal redirection can be implemented in either of the following modes:

  • Method 1: HTTP 200 OK

    As shown in the following information, 42.1.1.19 is the IP address of the STA, and 1.1.1.1 is the destination IP address accessed by the STA.

    Figure 9-1 Packet exchange (HTTP 200 OK)
    Figure 9-2 Packet content (HTTP 200 OK)

    After you enter http://1.1.1.1 in the address box of a browser, the device intercepts the packet, and pretends to be the destination address 1.1.1.1 to establish a TCP connection with the terminal. The first to third packets in Figure 9-1 show the packet exchange process. After the TCP connection is established, the terminal sends an HTTP GET packet (the fourth packet in Figure 9-1), and the device replies with an HTTP 200 OK packet (the fifth packet in Figure 9-1). The HTTP 200 OK packet sent by the device carries the IP address of the redirection authentication page (the information in the red box in Figure 9-2). After the STA receives the HTTP 200 OK packet, it accesses the redirection authentication page.

  • Method 2: HTTP 302 Moved Temporarily

    As shown in the following information, 42.1.1.76 is the IP address of the STA, and 1.1.1.1 is the destination IP address accessed by the STA.

    Figure 9-3 Packet exchange (HTTP 302 Moved Temporarily)
    Figure 9-4 Packet content (HTTP 302 Moved Temporarily)

    This mode differs from the HTTP 200 OK mode in that the device replies with an HTTP 302 Moved Temporarily packet that carries the address of the redirected authentication page.

WLANuses HTTP 200 OK redirection by default. If HTTP 302 Moved Temporarily redirection is required (for example, when some customized STAs do not support HTTP 200 OK), you can run the portal redirect-302 enable command to configure this function.

Portal Redirection Process

Process of Automatically Displaying the Portal Authentication Page on a STA

After a STA connects to a wireless network, it first uses an internal tool to send an HTTP sniffing request to a specified server to check whether the wireless network has the network access permission. For a Portal authentication network, the device intercepts the HTTP sniffing request sent by the internal tool of the STA and sends a redirection page to the STA, the internal tool of the STA determines that the response is not the expected one and considers that the wireless network is under control. Then, the tool invokes the default browser of the system to resend an HTTP sniffing request. The device continues to intercept the request and sends a redirection page to the STA. The browser is redirected to the Portal authentication page, that is, the Portal authentication page is automatically displayed after the STA connects to the wireless network.

The following uses an iOS terminal as an example. The process of automatically displaying the Portal authentication page on the iOS terminal is as follows:

  1. An Apple terminal sends an HTTP 1.0 request to http://captive.apple.com. The User-Agent field in the request is CaptiveNetworkSupport.

  2. If the pushed page is not the expected http://www.apple.com/library/test/success.html, the terminal considers a network connection failure and invokes the browser to send an HTTP 1.1 request to http://captive.apple.com. The User-Agent field in the request is Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_3 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G34, which may slightly vary depending on Apple terminals and versions.

  3. In this case, the Portal authentication page is automatically displayed on the terminal, where users can enter the account password to connect to the wireless network.

The preceding describes the implementation of Apple's Captive Network Assistant (CNA) mechanism. Whether the browser can re-send an HTTP request is the key to automatically pushing the Portal authentication page in 2. If the browser is not invoked or is invoked with a long delay, the Portal authentication page will fail to be pushed or will be pushed after a long time.

Translation
简体中文
Download
Updated: 2023-05-08

Document ID: EDOC1000060368

Views: 1644009

Downloads: 5509

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :