Captive Portal no longer popping up on end devices

  • 0
  • 2
  • Question
  • Updated 5 months ago
  • Answered
 Android and iOS in the past would pop up the captive portal page for the NAC when they connected to the wireless.  Since upgrading our controllers to 10.11.04.0008 our users are no longer being prompted without opening their browser manually.    We have Client Autologin set to "Redirect detection messages".  Is there another setting for this?
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
I run the same version and I've tried it with my IPad/IPhone and Kindle Fire and get redirected to the NAC portal if "Redirect detection messages" is enabled.

I'm not aware of another setting that could affect the behavior.

Just in case here how my redirect settings looks like....


What was the version that you've used before ?
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb
We were running 10.11.02.0032.
Photo of Nathiya Munuswamy

Nathiya Munuswamy, Employee

  • 1,706 Points 1k badge 2x thumb
Hi,

Does the other devices working fine (other than Andriod & IOS) after code upgrade? Can you provide us the screenshot of redirect settings?


Regards,
Nathiya M
Photo of Rajesh Jeevendran

Rajesh Jeevendran, Employee

  • 354 Points 250 badge 2x thumb
Hi mperry

Besides I read it was working in the old code version.

For ANDROID
On couple of android device try the below and share your findings

1. Settings
2. WiFi (click on word "WiFi", not ON/OFF switch)
3. Press and hold preferred (or active) wireless network until dialog pops up
4. Select "Modify Network"
5. Check "Show advanced options" checkbox at the bottom
6. Switch "IP settings" to "Static"
7. Keep IP address, Gateway and Network prefix length the same (should be set from standard DHCP)
8. Set DNS 1 8.8.8.8 and DNS 2  8.8.4.4. [google DNS servers]
9. "Save"
10. Restart your phone (power cycle).

Regards
Rajesh
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 4,796 Points 4k badge 2x thumb
Hello,

The settings for Client Autologin only work if you're using the redirection method that Mr. Dvorak has shown. 

Client Autologin options do not work unless you're using the "External" method for redirection. If you're using DNS proxy, PBR, or another reauthentication type you'll need to check the NAC allowed domains settings to make sure NAC is not allowing communication out. 



Make sure that !captive.apple.com and !gstatic.com are both in this list if you have PBR. They will tell NAC these are not allowed domains and the traffic will be dropped. 

iOS will attempt to reach out to at least captive.apple,com, and android will try gstatic.com/generate_204. If they can't reach these sites they detect they are in a captive portal and will prompt the user.

Thanks
-Ryan
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb
I just added those to the nac allow list.  I don't think they should be able to get there anyways because of the policy but we shall see.
Photo of Aires Sysadmins

Aires Sysadmins

  • 100 Points 100 badge 2x thumb
Hello All,
I know this thread is old, but I believe what you are looking for is in the VNS global settings of the controller.  Client Autologin, check the "Redirect detection...." bullet and you should be good to go.