Hotspot - Client Zero Config Proxy settings

mtkfan · June 12, 2011, 4:07am

Hi,

I am having an issue where some clients are unable to access the web based login page of the hotspot function.

From what I can tell their IP configuration appears okay, and is working with both DHCP and One-to-One NAT for clients with a static IP. However some users are still having difficulty I can’t check the users settings to try and isolate the problem as it is a public network. However I suspect the problem is that the client PC is using non-standard proxy prt settings (e.g not 3128, 8080 or 443) so traffic is not being captured. I tested this myself by setting browser proxy port to 6000 and trying to connect to the network and I too was unable to connect. If however I connect normaly then change my proxy port setting to 6000 once authenticated I can still browse as normal.

Is it un-usual for clients to use non-standard proxy port numbers?

If not is there some rules I can add to catch this type of client and re-direct to the login page. I did consider trying to change the proxy re-direct firewall rule to cover all other ports. But I thought if it was that simple then it would probably be set like that as the default?

Any other suggestions as to how this should be handled?

Thanks in advance for any advice.

fewi · June 13, 2011, 3:38pm

There is no clean solution to this. It is unusual to have non-standard proxy ports on clients. If you redirect all kinds of ports then you break other protocols - maybe they have a custom app that uses tcp/6000 and doesn’t use HTTP, if you now redirect tcp/6000 to the Hotspot then you’re breaking their custom app.

mtkfan · July 5, 2011, 10:39pm

Thanks for the reply.

I understand what you are saying about potentially breaking other app protocols the client may have, if I was to try redirecting more ports to the login portal. However do you think this would really be a problem if it was only applied to the hs-unauth chain, as their custom app isn’t going to work anyway as they currently do not have internet access, until they have been authenticated.

Any further thoughts / suggestions???

fewi · July 5, 2011, 11:15pm

Then the issue becomes that you may be overloading the Hotspot servlet with traffic. If you happen to redirect something that causes a lot of traffic you could be eating up CPU resources on the router trying to deal with it all.

Personally I wouldn’t redirect any additional ports. Others may have more insight, or different opinions.