+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, Netgear WFS709TP smart wireless controller setup with captive portal and IAS in Technical; Do any of you have the Netgear WFS709TP smart wireless controller setup with the captive portal in the following way ...
  1. #1

    Join Date
    Jun 2009
    Location
    North
    Posts
    114
    Thank Post
    28
    Thanked 17 Times in 17 Posts
    Rep Power
    15

    Netgear WFS709TP smart wireless controller setup with captive portal and IAS

    Do any of you have the Netgear WFS709TP smart wireless controller setup with the captive portal in the following way

    The user connects to the wireless, when they open up their web browser a webpage portal log is displayed. You then login with your domain login and this is queried against the Policy of IAS (Internet Authenication Service)

    All I am getting is an Authentication Failed error(1)

    I’ve read through a tone of setup guides including the informative post from the ashby school but I am now stuck has anyone got a setup of this that is working that I could beg borrow or steal the setups

    Thanks

  2. #2

    Join Date
    Jun 2009
    Location
    North
    Posts
    114
    Thank Post
    28
    Thanked 17 Times in 17 Posts
    Rep Power
    15
    Okay sused the little blighter, The WFS709TP only supports PAP, so your access rule has to be that only. Sometimes the windows Event log is actually useful !!!

  3. Thanks to ict_support from:

    Cools (24th November 2010)

  4. #3

    Join Date
    Oct 2008
    Location
    Leeds
    Posts
    217
    Thank Post
    21
    Thanked 17 Times in 17 Posts
    Rep Power
    14
    Hi ict_Support,

    I'd be very interested to hear how you set your WFS709TP for open access WiFi (authentication via a portal). Was it very complicated?

    Thanks,

    Bruce.

  5. #4

    Join Date
    Jun 2009
    Location
    North
    Posts
    114
    Thank Post
    28
    Thanked 17 Times in 17 Posts
    Rep Power
    15
    captive portal.pdfThis document should hopefuly help



    It's a case study done by Netgear about setting up a captive portal
    Last edited by ict_support; 20th December 2010 at 08:35 AM.

  6. Thanks to ict_support from:

    Bruce123 (20th December 2010)

  7. #5

    Join Date
    Oct 2008
    Location
    Leeds
    Posts
    217
    Thank Post
    21
    Thanked 17 Times in 17 Posts
    Rep Power
    14
    Thank you,

    I tried following the instructions inside this case study. We already have a functioning WiFi network across 3 sites, so I just focused on the Captive Portal section.

    I managed to setup the Captive Portal linked to AD usernames/passwords.

    The problems I came up against was;

    • When/how to push the proxy address out to the browser? If I set it manually before the portal then it won't connect to the portal as it is trying to connect to a proxy server, which is cannot see until after authentication.

    • If I leave the proxy info blank (no proxy) I can get authenticated against the portal and gain access to the network, but to access the Internet I then have to enter the proxy info (server : port) into the browser. If I do this I can gain access to the Internet, but only have entering by logon details again (to authenticate myself to the proxy server).

    • If I did push out the proxy info via DHCP WDAP (which is what was planning), then it would presumably not allow access to the portal. Catch 22?

    • Also, in the doc it says that network account must have "allow reversable encryption" ticked, which sounds a less secure than now allowing it. By default none of ours have it ticked. So would I have to run a script to change them all? And modify network accounts generation program.

    • The other problem is setting up ISA 2006 for this, as the moment we have the IP range(s) used by the guest wifi added as a seperate "network" in ISA config and also have a proxy rule which applies to the network, to allow web access, but I am unsure what type of authentication should be used. Basic, Integrated, forms...?

    • The final problem is how to restrict client laptops to connect only to the proxy server address and not allow connections to anything else on the network (presumably this can be done on the routers using a rule)?


    I have come to the conclusion that setting up a Open Access WiFi network is far from simple because it involves knowledge of so many different network technologies (ADS, VLANs, ISA 2006, Authentication, RADIUS, DHCP, WPAD, IOS... the list goes on and on...)

    If any has any experince of this I would be pleased to hear from you.

    Many Thanks,

    Bruce.
    Last edited by Bruce123; 24th January 2011 at 09:54 PM.

  8. #6
    DaveCoop's Avatar
    Join Date
    Feb 2009
    Posts
    85
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    11
    HI Bruce, we are in the same position with the catch 22 we get the captive portal then it sends us back to the adress of the wfs709tp we have used a WPAD for the proxy but how do we get it to go to the internet ?? beats me and we are on a very behind tight schedule so if anybody is reading this ost with ideas please come back

  9. #7

    Join Date
    Oct 2008
    Location
    Leeds
    Posts
    217
    Thank Post
    21
    Thanked 17 Times in 17 Posts
    Rep Power
    14
    Quote Originally Posted by DaveCoop View Post
    HI Bruce, we are in the same position with the catch 22 we get the captive portal then it sends us back to the adress of the wfs709tp we have used a WPAD for the proxy but how do we get it to go to the internet ?? beats me and we are on a very behind tight schedule so if anybody is reading this ost with ideas please come back
    We are also behind schedule. Apparently, some controllers (but not WFS709TP) will also identify attempts to access a website via a proxy addresses and redirect you to it's own portal (and presumably allow you to connect its web portal via it's own built-in proxy).

    But other problems exist; WPAD via DHCP is apparrently not supported by Chrome and Firefox (due to legitimate security concerns). But DNS is OK, maybe the answer is to do it via DNS and place the DNS being behind the portal, so your webbrowser only sees it once you're authenticated. If you're worried about security (i.e. wireless clients seeing your internal DNS records) you could setup a dedicated DNS server which is just used by these wireless clients, and the IP of this DNS server could be handed to it via DHCP for the VLAN used by these devices. The DNS server would just provide the WPAD info and be set with forwarders for external address resolution.

    Another option entirely is to forget about trying to push out the proxy address and just give the wireless clients full layer 3 (NAT) routing out to the Internet. But, would your web filtering continue to work via layer 3? I've not tried this with our ISA/Third party plugin and how is ISA's user authentication handled at this level?

    Finally, forget about using Netgear's own Captive Portal and use something else.

    More questions than solutions.

    Bruce.
    Last edited by Bruce123; 4th March 2011 at 08:57 PM.

  10. #8
    DaveCoop's Avatar
    Join Date
    Feb 2009
    Posts
    85
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    11
    Hi Bruce were still working on this problem and decided to speak directly to Netgear they sent me this file which is not the route i wanted to take but it might help
    Attached Files Attached Files

  11. #9
    DaveCoop's Avatar
    Join Date
    Feb 2009
    Posts
    85
    Thank Post
    6
    Thanked 2 Times in 2 Posts
    Rep Power
    11
    Hi Bruce, we have managed to find a solution to this problem! its not very complicated when looking back but was a struggle getting there!

    It seems the wfs709tp doesn’t do what it should do and we didnt want to start playing with the switches on a live network, so after some reading we decided to use ipcop. We had an old PC installed 2 network cards and used IPcop with advanced proxy to pass the http port 80 requests to the proxy its relatively straightforward but needs tweaking to get it to work, but essentially if you this in transparent mode it automatically redirects http :80 requests to the proxy you have configured. The wfs709 we set up as the dhcp server as IPcop started to issue ip addy's out to the main network which caused no end of problem, we then configured port 7 (WFS709tp) to go directly to Ipcop PC on the green channel the second nic (red network) to the main network. we thought we would then be able to enable the captive portal but this still redirects to itself which we can have a look at now the pressure is off! i can send the config files if you want to go down this route.
    No doubt people will say you should have done this and that this is not correct but this solution works! We can now look at ipcop in more detail and sort out the captive portal then everyone is happy.

SHARE:
+ Post New Thread

Similar Threads

  1. Calling all Netgear WFS709TP wireless controller users!!
    By MicrodigitUK in forum Wireless Networks
    Replies: 15
    Last Post: 14th January 2011, 09:15 PM
  2. NETGEAR WFS709TP ProSafe Managed Wireless
    By Mr.Ben in forum Wireless Networks
    Replies: 31
    Last Post: 26th November 2010, 11:37 AM
  3. Netgear SmartSwitch WFS709TP
    By mtdmitchell in forum Wireless Networks
    Replies: 13
    Last Post: 13th August 2009, 01:14 PM
  4. Captive Portal
    By azrael78 in forum Internet Related/Filtering/Firewall
    Replies: 7
    Last Post: 1st June 2009, 03:34 PM
  5. Replies: 6
    Last Post: 11th March 2009, 03:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •