is the WLC command 'config network web-auth captive-bypass enable' specific to only apple devices?

Unanswered Question
Jan 4th, 2013

if it is, is there a command to enable captive-bypass for Android operating system devices (smartphones, tablets, etc)?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Fri, 01/04/2013 - 07:57

yes... the reason is because the iDevices try to reach a site to know if it has connectivity or not... if the device can't reach that site, it opens the portal page.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

gregsawyer Fri, 01/04/2013 - 08:08

i understand, but we have a need for Android devices too.  they want to access google or the google playstore.  is there a command to enable captive-bypass for Android operating system devices (smartphones, tablets, etc)?

Scott Fella Fri, 01/04/2013 - 08:13

No... There is no need. It's an option for apple devices to not present the splash page automatically. It forces the user to open up a browser.

Sent from Cisco Technical Support iPhone App

Chris Illsley Fri, 01/04/2013 - 08:15

You could use a pre-auth ACL to allow some traffic through without authentication to get around this?

Thanks

Chris

Stephen Rodriguez Fri, 01/04/2013 - 08:29

what are you trying to accomplish?

as Scott said, that command stops the iDevice from automagically popping the spalsh page.  If you don't want the user to have to authenticate, or accept AUP, turn off web-auth on the WLAN.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

gregsawyer Fri, 01/04/2013 - 08:36

no, we do want them to authenticate.  we don't have a problem with the iDevices.  we are all good there.  they are working the way they should with the captive-bypass enabled.

i'm asking about Android devices.  it appears Android attempts to do the same thing.

is the captive-bypass command specific for iDevices, or does it cover all devices that attempt to do the same thing the iDevices do?

Stephen Rodriguez Fri, 01/04/2013 - 08:47

so far as I'm aware it's supposed to suppress any whisper client that is trying to reach out to the interwebs.  Not just the url that iDevices use.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Scott Fella Fri, 01/04/2013 - 08:55

This will explian what the command was designed for... again... has nothing to do with Android. 

To detect this behavior, the Apple device sends a request to http://www.apple.com/library/test/success.html to see if it gets a response To detect this behavior, the Apple device sends a request to http://www.apple.com/library/test/success.html to see if it gets a response

http://tswireless.wordpress.com/2012/07/17/ise-webauth-with-ios-devices/

If you think your Android device is trying to reach something to verify connection, then figure out what its trying to reach (use a sniffer) and then like Chris mentioned, use a pre-auth acl and see if that helps.  Other than that, don't worry about that command as its specific to Apple.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

gregsawyer Fri, 01/04/2013 - 08:59

ok.  my understanding is that the Android devices try to reach something at google but that list of URLs is long and ever changing.  that's the problem with using the pre-auth ACL.

Scott Fella Fri, 01/04/2013 - 09:02

Well there is nothing that is going to support that.  I have a couple Android device that connects fine to any WebAuth, I just have to manually open a browser and login.  The command you specified is strictly for Apple.

http://www.apple.com/library/test/success.html

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Stephen Rodriguez Fri, 01/04/2013 - 09:07

The command stops a whisper client from popping up and forcing you to open a browser.

But it doesn't stop any app that is trying to access the internet.  So it's not 'specific' to apple but to my knowledge, iDevices are currently the only devices doing this.

If someone decided to rewrite a rom for android and add this functionality in, it would block them as well.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

gregsawyer Fri, 01/04/2013 - 10:11

thank you all.  this is some very good information.

i posed the question to rule it out as to why we are having issues with android devices connecting.  we installed and are testing an Aruba ClearPass and the Android devices are giving us a problem.  i believe the issue is with the Aruba ClearPass box but at least this re-affirms my suspesion as to it being the Aruba ClearPass

gregsawyer Fri, 01/04/2013 - 10:30

apparently there was a bug in the Aruba ClearPass QuickConnect app.

Actions

Login or Register to take actions

This Discussion

Posted January 4, 2013 at 7:54 AM
Stats:
Replies:13 Overall Rating:
Views:1930 Votes:0
Shares:0
Tags: No tags.
 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode