Wireless Community - Captive Portals

There are different configurations for setting up a wireless network that your neighbors can use in the infrastructure mode. Infrastructure mode means that users are going to connect wirelessly through an access point or router on your network, or through a repeater.

If that access point is inside your network, you need to take appropriate precautions, so most neighborhood networks tend to place their wireless access devices outside of their firewall.

The key factor that separates one type of infrastructure method from another is the amount of management that you do for each user. A managed wireless neighborhood network would identify your users and manage their traffic in some way, but not necessarily through a formal account—perhaps by password only.

Management might include reconnect time or bandwidth restrictions, and restrictions on what can be transferred. Most certainly management includes restrictions on what resources can be accessed from outside; something that would be true regardless of the type of network you establish.

If you are supplying a WLAN that authenticates users individually and manages them with the specific goal of providing an Internet connection, you are creating a “captive portal.”

In less complex Internet times, the word portal was meant to imply a window on the Internet, a place where you could look out and see the part of the universe that that window allowed.

AOL was considered to be a portal; so too was MSN. Yahoo, on the other hand, quickly got differentiated to the class of “directory service,” although it too would probably be considered a portal now.

A portal implies controlled access to and restriction to specific content. The captive moniker is given to this class of access because you are restricted in what content you can see.

Anyone that has logged onto Boingo at an airport has an understanding of what captive means; no matter what you do, you are directed back to the Boingo site.

Similarly, when working at Kinko’s, the national copy and print chain now owned by Federal Express, you may find yourself logged in to a restricted browser that permits you no access to the computer and a limited range of services. That’s a captive portal as well.

It was all the rage three or four years ago to build software that allowed you to create specialized portals such as custom home pages in Netscape or consoles in Lotus Notes.

So you’re likely to find that your bank, telephone company, ISP (certainly), and many other intuitions have portals. Any site that lets you customize content in some way is trying to be your portal.

However, as technology marches on, simple access by itself isn’t enough to bestow “full portalship” status on your WLAN. These days you would have to limit Internet or network resource access to content in some meaningful way to get that moniker.

It’s probably semantics to differentiate between a WLAN behaving as a portal or one that is classified as a hotspot, as both can be managed solutions. Suffice it to say that if you are providing access to content and restricting access, then you have probably created a wireless portal.

If you have an interest in creating a captive portal and want to start with a device designed for this type of thing you might want to investigate the $800 Reliawave Internet Plug and Play Server Gateway from Demarctech.

This device authenticates users using a RADIUS database system (the same standard used in remote access servers) and redirects their browsers to a special proprietary Web page. Among its software functions are:

  • NAT
  • E-mail and browser redirection
  • DHCP services
  • Challenge and response password/ID account management.

These are features that you need to implement in any captive portal solution. The Reliawave is meant to service a large number of users and requires the use of a standalone RADIUS server.

As you wander about with your trusty mobile device through airports, in hotels, restaurants, and elsewhere, you will encounter commercial wireless ventures such as Wayport.com, Boingo, or T-Mobile.

Each is a subscription-based service that lets you log onto the Internet with an account, and each is more properly described as a network of hotspots.