| Having to maintain the security of a wireless network | | | | redirected by a particularly sophisticated captive |
| is something that's probably new to most users, and | | | | portal. |
| it can often be frustrating due to all the new | | | | Once you sign in and pay up, the captive portal stops |
| information you have to assimilate. | | | | interfering with your traffic, and reverts to the usual |
| How Wi-Fi hotspots force you to log in. | | | | 'pass through' mode. The next time you try to |
| It's an everyday scenario: you go to a hotel or Wi-Fi | | | | connect, it checks your identity (usually by looking at |
| hotspot and find a wireless or wired connection, but | | | | your machine's relevant MAC address) and silently let |
| instead of getting your homepage when you bring up | | | | you through if you are still in the time-window of |
| your browser, you get a custom page from the | | | | service. Otherwise, it's back to square one. |
| service provider asking you to pay for the service. | | | | So, to summarize, the captive portal provider needs: |
| You've hit a captive portal, and it's how the service | | | | a redirection mechanism for Web traffic, a |
| provider makes sure that they get paid for what | | | | traffic-blocking mechanism of some sort (firewall, |
| they are offering. | | | | 802.1x, etc) to constrain you, a sign-in facility, a |
| The technology is relatively simple because you are, | | | | payments gateway of some sort, and some form of |
| by definition, using their network. They configure | | | | identity repository for keeping track of who is a |
| their systems to accept your initial network traffic (in | | | | paid-up known customer and who is not. |
| this case, your request for Web content from your | | | | None of these components are particularly obscure |
| homepage's server) but instead of passing that | | | | or difficult to find, but if you are looking to build a |
| request along, they redirect you to their sign-in page. | | | | captive portal you probably shouldn't try to reinvent |
| This redirection can be done in a number of ways, | | | | the wheel. You can find complete packaged |
| but the basic functionality is built into the http | | | | hardware-and-software solutions from the usual |
| standard (the status codes in the 300-range describe | | | | suspects (Cisco, Juniper, etc), as well as smaller-scale |
| the various options). Any non-web traffic, such as | | | | software solutions from multiple vendors. If you |
| SMTP for email, or FTP, is typically blocked using a | | | | want to use free and open-source software, you'll |
| firewall of some type, but may be caught and | | | | easily be able to find many solutions on-line. |