Wireless Networks Thread, Netgear WFS709TP smart wireless controller setup with captive portal and IAS in Technical; Do any of you have the Netgear WFS709TP smart wireless controller setup with the captive portal in the following way
19th January 2010, 11:14 AM #1
Netgear WFS709TP smart wireless controller setup with captive portal and IAS
Do any of you have the Netgear WFS709TP smart wireless controller setup with the captive portal in the following way
The user connects to the wireless, when they open up their web browser a webpage portal log is displayed. You then login with your domain login and this is queried against the Policy of IAS (Internet Authenication Service)
All I am getting is an Authentication Failed error(1)
I’ve read through a tone of setup guides including the informative post from the ashby school but I am now stuck has anyone got a setup of this that is working that I could beg borrow or steal the setups
IDG Tech News
19th January 2010, 01:08 PM #2
Okay sused the little blighter, The WFS709TP only supports PAP, so your access rule has to be that only. Sometimes the windows Event log is actually useful !!!
Thanks to ict_support from:
Cools (24th November 2010)
19th December 2010, 02:10 PM #3
- Rep Power
I'd be very interested to hear how you set your WFS709TP for open access WiFi (authentication via a portal). Was it very complicated?
20th December 2010, 09:33 AM #4
captive portal.pdfThis document should hopefuly help
It's a case study done by Netgear about setting up a captive portal
Last edited by ict_support; 20th December 2010 at 09:35 AM.
Thanks to ict_support from:
Bruce123 (20th December 2010)
24th January 2011, 10:41 PM #5
- Rep Power
I tried following the instructions inside this case study. We already have a functioning WiFi network across 3 sites, so I just focused on the Captive Portal section.
I managed to setup the Captive Portal linked to AD usernames/passwords.
The problems I came up against was;
- When/how to push the proxy address out to the browser? If I set it manually before the portal then it won't connect to the portal as it is trying to connect to a proxy server, which is cannot see until after authentication.
- If I leave the proxy info blank (no proxy) I can get authenticated against the portal and gain access to the network, but to access the Internet I then have to enter the proxy info (server : port) into the browser. If I do this I can gain access to the Internet, but only have entering by logon details again (to authenticate myself to the proxy server).
- If I did push out the proxy info via DHCP WDAP (which is what was planning), then it would presumably not allow access to the portal. Catch 22?
- Also, in the doc it says that network account must have "allow reversable encryption" ticked, which sounds a less secure than now allowing it. By default none of ours have it ticked. So would I have to run a script to change them all? And modify network accounts generation program.
- The other problem is setting up ISA 2006 for this, as the moment we have the IP range(s) used by the guest wifi added as a seperate "network" in ISA config and also have a proxy rule which applies to the network, to allow web access, but I am unsure what type of authentication should be used. Basic, Integrated, forms...?
- The final problem is how to restrict client laptops to connect only to the proxy server address and not allow connections to anything else on the network (presumably this can be done on the routers using a rule)?
I have come to the conclusion that setting up a Open Access WiFi network is far from simple because it involves knowledge of so many different network technologies (ADS, VLANs, ISA 2006, Authentication, RADIUS, DHCP, WPAD, IOS... the list goes on and on...)
If any has any experince of this I would be pleased to hear from you.
Last edited by Bruce123; 24th January 2011 at 10:54 PM.
3rd March 2011, 04:04 PM #6
HI Bruce, we are in the same position with the catch 22 we get the captive portal then it sends us back to the adress of the wfs709tp we have used a WPAD for the proxy but how do we get it to go to the internet ?? beats me and we are on a very behind tight schedule so if anybody is reading this ost with ideas please come back
4th March 2011, 09:47 PM #7
- Rep Power
We are also behind schedule. Apparently, some controllers (but not WFS709TP) will also identify attempts to access a website via a proxy addresses and redirect you to it's own portal (and presumably allow you to connect its web portal via it's own built-in proxy).
Originally Posted by DaveCoop
But other problems exist; WPAD via DHCP is apparrently not supported by Chrome and Firefox (due to legitimate security concerns). But DNS is OK, maybe the answer is to do it via DNS and place the DNS being behind the portal, so your webbrowser only sees it once you're authenticated. If you're worried about security (i.e. wireless clients seeing your internal DNS records) you could setup a dedicated DNS server which is just used by these wireless clients, and the IP of this DNS server could be handed to it via DHCP for the VLAN used by these devices. The DNS server would just provide the WPAD info and be set with forwarders for external address resolution.
Another option entirely is to forget about trying to push out the proxy address and just give the wireless clients full layer 3 (NAT) routing out to the Internet. But, would your web filtering continue to work via layer 3? I've not tried this with our ISA/Third party plugin and how is ISA's user authentication handled at this level?
Finally, forget about using Netgear's own Captive Portal and use something else.
More questions than solutions.
Last edited by Bruce123; 4th March 2011 at 09:57 PM.
7th March 2011, 12:36 PM #8
Hi Bruce were still working on this problem and decided to speak directly to Netgear they sent me this file which is not the route i wanted to take but it might help
7th March 2011, 05:06 PM #9
Hi Bruce, we have managed to find a solution to this problem! its not very complicated when looking back but was a struggle getting there!
It seems the wfs709tp doesn’t do what it should do and we didnt want to start playing with the switches on a live network, so after some reading we decided to use ipcop. We had an old PC installed 2 network cards and used IPcop with advanced proxy to pass the http port 80 requests to the proxy its relatively straightforward but needs tweaking to get it to work, but essentially if you this in transparent mode it automatically redirects http :80 requests to the proxy you have configured. The wfs709 we set up as the dhcp server as IPcop started to issue ip addy's out to the main network which caused no end of problem, we then configured port 7 (WFS709tp) to go directly to Ipcop PC on the green channel the second nic (red network) to the main network. we thought we would then be able to enable the captive portal but this still redirects to itself which we can have a look at now the pressure is off! i can send the config files if you want to go down this route.
No doubt people will say you should have done this and that this is not correct but this solution works! We can now look at ipcop in more detail and sort out the captive portal then everyone is happy.
By MicrodigitUK in forum Wireless Networks
Last Post: 14th January 2011, 10:15 PM
By Mr.Ben in forum Wireless Networks
Last Post: 26th November 2010, 12:37 PM
By mtdmitchell in forum Wireless Networks
Last Post: 13th August 2009, 02:14 PM
By azrael78 in forum Internet Related/Filtering/Firewall
Last Post: 1st June 2009, 04:34 PM
By WStore_Dan in forum Our Advertisers
Last Post: 11th March 2009, 04:06 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)