[AusNOG] Captive Portal + Daily Usage

John Edwards jaedwards at gmail.com
Thu Jun 14 11:51:48 EST 2018 

Captive portals reduce engagement with WiFi networks by an order of
magnitude.

Captive portals that require a login, even if its free, reduce engagement
by a further order of magnitude.

If the goal is for the public to benefit from the free WiFi then this is a
contrary requirement.

Sydney Airport, for example, tried to force users to login via LinkedIn to
use the free WiFi. This was quickly removed as most potential users avoided
it.

If your customer is talking to other councils, they will quickly find
examples where the login requirement has been withdrawn after deployment.

The municipal association of Victoria have released some recommendations
for council WiFi captive portals in document found here:
http://www.mav.asn.au/news-resources/news/2015/may/mav-technology-public-wi-fi-report-14may15

If there is legal advice that the end user must accept terms and conditions
for use, then this is best achieved by presenting it once and then using
some kind of NAC to not show it again to a device where it has already been
accepted.

Usage limits are problematic in 2018. The majority of network usage will be
via apps or HTTPS connections to web servers, neither of which will honour
your port 80 redirects. Once a mobile device has presented a captive portal
to its user, it has no mechanism to detect it and show it again. So the end
user will not see a logout page or quota warning unless they happen to be
visiting a HTTP site, which is now the exception. This results in poor user
experience where the limit is reached.

Some networks fix this by forcing the user to accept a dodgy SSL
certificate that allows them to intercept all data. This is a bad idea.

Limits are better enforced through DPI and arbitrarily high thresholds to
counter extreme cases of abuse.

With some luck, the hype around 5G networks will make Passport or Hotspot
2.0 a more acceptable solution for WiFi authentication, so look to deploy a
system that will support these features in the long term if not today.

John




On 14 June 2018 at 08:25, Cameron Murray <cameron.murray at gmail.com> wrote:

> Guys,
>
> In a bind and needing some recommendations for products/solutions urgently
> to support a Public Wireless network (local council) allowing guests to
> Self-Register and be assigned a account with no expiry however limitations
> imposed on throughput up/down and a daily transfer limit.
>
> I've looked at the following products and their captive portal offerings
> and none appear to do exactly what the requirements call for;
>
>
>    - UBNT Unifi
>    - Open-Mesh
>    - Mikrotik User Manager
>    - Ruckus
>    - Xirrus
>    - Aerohive
>    - MyWiFi Networks
>    - IronWifi
>
> The difficult part appears to be the daily usage limits.
>
> Thanks in advance
>
> Cameron
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180614/0ca8742d/attachment.html>

More information about the AusNOG mailing list