Hello everyone,
In this post, I'll share you a case about portal authentication fault caused by the IOS CNA adaptation function disabled.
Problem Description
In wireless network planning, the core switches are configured with native AC6605 to control wireless data services. To connect wireless networks to mobile terminals, Portal authentication is used. In the wireless network, both mobile phones and laptops of the Android system can connect to the wireless network through Portal authentication, when a mobile phone in the iOS system does not display the Portal authentication page during a short connection, the connection is disconnected.
Alarm information
If the web page authentication page is not displayed after a short connection to the wireless network, the connection is disconnected and the user switches to the 4G network.
Handling Procedure
1. Querying the Differences Between iOS and Android Portal Authentication to Learn the Captive Network Assistant (CNA) Function
2. Check the IOS configuration on the AC.
3. Disable the CNA bypass function of the IOS system. The configuration page is modified as follows: undo portal captive-bypass enable
Root Cause
The iOS system provides the Captive Network Assistant (CAN) function. This function enables the iOS device (iPhone, iPad, or iMAC) to automatically detect whether the network is normal after associating with the WLAN. If the network is disconnected, the iOS device automatically displays the user name and password. If the user does not enter the user name and password, the iOS device automatically disconnects from the WLAN. After Portal authentication is enabled, if the CNA function is enabled on an iOS device, the user must enter the user name and password immediately after associating with the WLAN. Otherwise, the device automatically disconnects from the WLAN. As a result, the device cannot provide specific network resources for users before authentication.
Solution
In this case, disable the CNA bypass function of the iOS system so that the WLAN association status is not automatically disconnected before Portal authentication succeeds. Users can access specific authentication-free resources before authentication, the configuration is modified as follows: undo portal captive-bypass enable.
Suggestions and Summary
In Portal authentication, the preceding method can be used to authenticate the page popup using a browser. When a specific application is used for authentication, the same principle is used. The only difference is that the command is changed to undo portal captive-adaptive enable. In addition, when the portal captive-adaptive enable and portal captive-bypass enable commands are executed simultaneously, the commands configured in the two commands take effect. If the Portal authentication page is of the HTTPS type, the terminal can automatically display the Portal authentication page only when the HTTPS website is a domain name and the domain name certificate is valid.
Learn about the terminal devices connected to the wireless network in advance. Have general knowledge of the mechanisms and configuration requirements for portal authentication on the access network of each terminal device. Check related FAQs to find out problems in advance and understand possible problems, in this way, the efficiency can be improved in advance.
That's all for this case, if you have any problems, please comment below, we'll help you to resolve that.
Thanks.
