Network Topology
V9 AC (Access Controller) - Integrated Placement Access Point - Core Switch - iMC Server, with local forwarding.
Problem Description
When connecting to the SSID, both Apple and Android mobile devices, as well as MacBooks, automatically pop up the portal authentication page. However, when connecting to the SSID with a PC running Windows 10, the browser does not automatically open and the authentication page does not pop up. The browser needs to be manually opened before being redirected to the portal authentication page.
Process Analysis
After connecting to the SSID, Android and iOS devices send out HTTP probing packets to detect the network"s accessibility. After receiving the HTTP packet, the AC impersonates the address of the terminal probe and pushes the portal authentication page to the wireless terminal to achieve the redirection function. Therefore, to implement redirection for Windows PC terminals, it is necessary to redirect the probing packets sent from the Windows PC.
The Windows operating system also has automatic probing capabilities. The default probing packets for commonly used Windows terminal systems from Windows 7 to Windows 11 are described as follows:
Window 11:
http://www.msftconnecttest.com/connecttest.txt
Windows 10.0.15063 (1703) to 10.0.07134 (1803) :
http://www.msftconnecttest.com/redirect
Windows 10.0.14393 (1607):
http://www.msftconnecttest.com/connecttest.txt
Windows 8/8.1 to 10.0.15063 (1511):
http://www.msftncsi.com/ncsi.txt
Windows 7 :
http://www.msftncsi.com/ncsi.txt
The automatic probing function in the Windows system can be turned on or off and the probed address can be modified through the registry.
For Windows 7 systems, the registry key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet.
Therefore, it is necessary to add a redirect command for the above Windows probing URLs in the portal web-server to redirect to the portal authentication page.
Solution
Add the following configuration in the portal web-server:
|
# portal web-server imc if-match original-url http://www.msftconnecttest.com/redirect redirect-url http://10.xxx.xxx.xxx:8080/portal if-match original-url http://www.msftconnecttest.com/connecttest.txt redirect-url http://10.xxx.xxx.xxx:8080/portal if-match original-url http://www.msftncsi.com/ncsi.txt redirect-url http://10.xxx.xxx.xx:8080/portal # |
After testing, it was found that upon connecting to the SSID, the Windows PC automatically launched the browser and displayed the portal authentication page.
Additional note: If portal safe-redirect enable is configured, the three redirect commands must be added in the portal web-server.
If portal safe-redirect enable is not configured, there is no need to add the three redirect commands in the portal web-server and the Windows PC can directly display the authentication page upon connecting to the Wi-Fi network.