| Having to maintain the security of a wireless | | | | sophisticated captive portal. |
| network is something that's probably new to | | | | |
| most users, and it can often be frustrating | | | | Once you sign in and pay up, the captive |
| due to all the new information you have to | | | | portal stops interfering with your traffic, |
| assimilate. | | | | and reverts to the usual 'pass through' mode. |
| | | | The next time you try to connect, it checks |
| How Wi-Fi hotspots force you to log in. | | | | your identity (usually by looking at your |
| | | | machine's relevant MAC address) and silently |
| It's an everyday scenario: you go to a hotel | | | | let you through if you are still in the |
| or Wi-Fi hotspot and find a wireless or wired | | | | time-window of service. Otherwise, it's back |
| connection, but instead of getting your | | | | to square one. |
| homepage when you bring up your browser, you | | | | |
| get a custom page from the service provider | | | | So, to summarize, the captive portal provider |
| asking you to pay for the service. You've hit | | | | needs: a redirection mechanism for Web |
| a captive portal, and it's how the service | | | | traffic, a traffic-blocking mechanism of some |
| provider makes sure that they get paid for | | | | sort (firewall, 802.1x, etc) to constrain |
| what they are offering. | | | | you, a sign-in facility, a payments gateway |
| | | | of some sort, and some form of identity |
| The technology is relatively simple because | | | | repository for keeping track of who is a |
| you are, by definition, using their network. | | | | paid-up known customer and who is not. |
| They configure their systems to accept your | | | | |
| initial network traffic (in this case, your | | | | None of these components are particularly |
| request for Web content from your homepage's | | | | obscure or difficult to find, but if you are |
| server) but instead of passing that request | | | | looking to build a captive portal you |
| along, they redirect you to their sign-in | | | | probably shouldn't try to reinvent the wheel. |
| page. This redirection can be done in a | | | | You can find complete packaged |
| number of ways, but the basic functionality | | | | hardware-and-software solutions from the |
| is built into the http standard (the status | | | | usual suspects (Cisco, Juniper, etc), as well |
| codes in the 300-range describe the various | | | | as smaller-scale software solutions from |
| options). Any non-web traffic, such as SMTP | | | | multiple vendors. If you want to use free and |
| for email, or FTP, is typically blocked using | | | | open-source software, you'll easily be able |
| a firewall of some type, but may be caught | | | | to find many solutions on-line. |
| and redirected by a particularly | | | | |