topic is the WLC command 'config network web-auth captive-bypass enabl in Wireless

is the WLC command 'config network web-auth captive-bypass enable' specific to only apple devices?

gregsawyer — Sun, 04 Jul 2021 06:17:49 GMT

if it is, is there a command to enable captive-bypass for Android operating system devices (smartphones, tablets, etc)?

is the WLC command 'config network web-auth captive-bypass enabl

Scott Fella — Fri, 04 Jan 2013 15:57:28 GMT

yes... the reason is because the iDevices try to reach a site to know if it has connectivity or not... if the device can't reach that site, it opens the portal page.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

is the WLC command 'config network web-auth captive-bypass enabl

gregsawyer — Fri, 04 Jan 2013 16:08:15 GMT

i understand, but we have a need for Android devices too. they want to access google or the google playstore. is there a command to enable captive-bypass for Android operating system devices (smartphones, tablets, etc)?

Re: is the WLC command 'config network web-auth captive-bypass e

Scott Fella — Fri, 04 Jan 2013 16:13:25 GMT

No... There is no need. It's an option for apple devices to not present the splash page automatically. It forces the user to open up a browser.

Sent from Cisco Technical Support iPhone App

is the WLC command 'config network web-auth captive-bypass enabl

Chris Illsley — Fri, 04 Jan 2013 16:15:29 GMT

You could use a pre-auth ACL to allow some traffic through without authentication to get around this?

Thanks

Chris

is the WLC command 'config network web-auth captive-bypass enabl

Stephen Rodriguez — Fri, 04 Jan 2013 16:29:54 GMT

what are you trying to accomplish?

as Scott said, that command stops the iDevice from automagically popping the spalsh page. If you don't want the user to have to authenticate, or accept AUP, turn off web-auth on the WLAN.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

is the WLC command 'config network web-auth captive-bypass enabl

gregsawyer — Fri, 04 Jan 2013 16:36:01 GMT

no, we do want them to authenticate. we don't have a problem with the iDevices. we are all good there. they are working the way they should with the captive-bypass enabled.

i'm asking about Android devices. it appears Android attempts to do the same thing.

is the captive-bypass command specific for iDevices, or does it cover all devices that attempt to do the same thing the iDevices do?

is the WLC command 'config network web-auth captive-bypass enabl

Stephen Rodriguez — Fri, 04 Jan 2013 16:47:18 GMT

so far as I'm aware it's supposed to suppress any whisper client that is trying to reach out to the interwebs. Not just the url that iDevices use.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

is the WLC command 'config network web-auth captive-bypass enabl

Scott Fella — Fri, 04 Jan 2013 16:55:01 GMT

This will explian what the command was designed for... again... has nothing to do with Android.

To detect this behavior, the Apple device sends a request to http://www.apple.com/library/test/success.html to see if it gets a response To detect this behavior, the Apple device sends a request to http://www.apple.com/library/test/success.html to see if it gets a response

http://tswireless.wordpress.com/2012/07/17/ise-webauth-with-ios-devices/

If you think your Android device is trying to reach something to verify connection, then figure out what its trying to reach (use a sniffer) and then like Chris mentioned, use a pre-auth acl and see if that helps. Other than that, don't worry about that command as its specific to Apple.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

is the WLC command 'config network web-auth captive-bypass enabl

gregsawyer — Fri, 04 Jan 2013 16:59:05 GMT

ok. my understanding is that the Android devices try to reach something at google but that list of URLs is long and ever changing. that's the problem with using the pre-auth ACL.

is the WLC command 'config network web-auth captive-bypass enabl

Scott Fella — Fri, 04 Jan 2013 17:02:15 GMT

Well there is nothing that is going to support that. I have a couple Android device that connects fine to any WebAuth, I just have to manually open a browser and login. The command you specified is strictly for Apple.

http://www.apple.com/library/test/success.html

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

is the WLC command 'config network web-auth captive-bypass enabl

Stephen Rodriguez — Fri, 04 Jan 2013 17:07:58 GMT

The command stops a whisper client from popping up and forcing you to open a browser.

But it doesn't stop any app that is trying to access the internet. So it's not 'specific' to apple but to my knowledge, iDevices are currently the only devices doing this.

If someone decided to rewrite a rom for android and add this functionality in, it would block them as well.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

is the WLC command 'config network web-auth captive-bypass enabl

gregsawyer — Fri, 04 Jan 2013 18:11:16 GMT

thank you all. this is some very good information.

i posed the question to rule it out as to why we are having issues with android devices connecting. we installed and are testing an Aruba ClearPass and the Android devices are giving us a problem. i believe the issue is with the Aruba ClearPass box but at least this re-affirms my suspesion as to it being the Aruba ClearPass

is the WLC command 'config network web-auth captive-bypass enabl

gregsawyer — Fri, 04 Jan 2013 18:30:43 GMT

apparently there was a bug in the Aruba ClearPass QuickConnect app.