Guest access and Captive portal

Recently I consulted for a wireless case at a popular hospital at Chennai. Had a long discussion with customer about their existing network and budding requirement for wireless. We spoke about how good for a hospital to use wireless. We spoke about how patients who suffered to be in hospital premises drastically will feel better to have some outside connection via Internet. But limited, accounted and secure internet connection should be provided under his doctor’s permission. Guest access and Captive portal are the way to provide these functionality to their gonna-implement wireless infrastructure. Below are summarized points that I have documented from our discussion.

What is Guest access and Captive Portal?

Have you ever been at a free Wi-Fi zone? Have you ever tried to access Wi-Fi service provided in Hotels like Raintree, Lemontree, Hilton, Hyatt?

If you have, then you must have seen a login page like this.


Only after you through this login process you will be allowed to browse the internet.

Guest Access

Guest access is the way to facilitate data connection (usually Internet connection) to contractors, customer, partners etc. This data connection is supposed to be productive to the users and also to the company providing. Guest access will provide separate web

Separate traffic – Separating traffic of guest will provide security and keep un-trusted users away from confidential resources by access control policies. Guest Users will have differenct ACLs based on company’s security policies which will control them to have limited access inside the corporate network.

Reporting – Provide Data Accounting based on time, date and user. This is a standard feature in guest access. Future access to logs will facilitate administrators to find out certain users and their actions in corporate network.

Captive Portal

A captive portal is a Web page that the user of a public-access network is obliged to view and interact with before access is granted. A captive portal can be designed in many ways. As a login system with pre-assigned user ID and password (suitable for free Wi-Fi zones or any other business) or free 30 minutes internet by input room number (suitable for hospitals, hotels etc.) A captive portal usually shows an Acceptable Usage Policy (AUP) and force user to accept it before browse the web.

Why Captive portal is important?

1. A Landing page to identify your business

1.1. Give a warning to hackers by your proper banner

Even a good person will become a thief over an unprotected wealth. Making your Wi-Fi network secure less will welcome hackers and start misusing it. Post a security gate to the Wi-Fi users to warn the hackers. This is will give sense to hackers that Wi-Fi network is protected, accounted and any misuse will have consequences.

1.2. Have your users connect to Right Wi-Fi network

Posing like a legitimate Wi-Fi network is another way to steal the data. Hackers may try to create their own Wi-Fi network and steal user’s data. A Wi-Fi network should be properly identified with its business to secure guest users.

1.3. Market your business through Wi-Fi

Over the captive portal, apart from terms and conditions, customer can show their new service or product launched or make them informed about the new changes in the procedures etc.,

2. Security of your wireless Network

2.1. Bandwidth protection

Captive portal along with Bandwidth protection Protect your pricey internet bandwidth from heavily used by a single user. This will limit the user from heavy usage. After all we are providing free internet usage for essential works only. Not for downloading High Definition videos from YouTube.

2.2. Secure content

Don’t want the users to go to illegitimate sites and download viruses. Have your captive portal to show the guests “Accepted Usage Policy”. Content filtering can be enabled to protect users and also Network from internet threats.

3. Protect your business from being sued

3.1. You are not providing secure network services

Providing free internet services doesn’t mean that you are providing secure internet service that can be used for any credit card / money transaction confidentially. Clearly mentioning in “Accepted Usage Policy” and making guests accept that you are not liable to any damages happen due to the foolishness of guest users, business will be protected from being sued unwantedly.

3.2. Protect your business from unwanted activities of your guest users

If someone is sending illegitimate mail or threat mail to a president or prime minister, the source IP address shown will be your address. Have your captive portal database to look for the person who browsed internet at that particular time to get the culprit.

Industry Solutions


Aruba is one of the leading wireless provider. Their focus is only on wireless with many acquisition related to wifi like Airwave, Network Chemistry. Aruba provides good guest access solution with inbuilt Policy Enforcement firewall and Captive portal.


Cisco is well known for Complete Networking solution. Cisco’s Unified Wireless Network Solution supports guest access and provides security via Cisco TrustSec solution. Captive portal is used in the name of Web-authentication. Captive portal can be on-the-box or a separate web-server. Cisco is also providing web templates for captive portal.


Motorola WiNG (Wireless Next Generation) Operating System across all hardwares provides Captive Portal/Hotspot


Ruckus ZoneDirector Controller based solution provides Guest access and captive portal in name of Guest Pass portal. It is simple, customizable and flexible.


Dell’s PowerConnect-W is actually a product of Aruba. They have a OEM agreement between them. So same as Aruba.

Apart from these vendors, there are some open source projects are also available for Captive portal


CoovaChilli, is a Opensource software based on dead ChilliSpot project. Its a Software based access controller, which features captive portal/Hotspot, AAA based on either RADIUS or HTTP. CoovaAPs are the firmware version based on openWRT, engineered by same software group for Linksys APs.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s