Business Community > Controllers > Unsecure network on iphones with portal > hotel voucher - OC200
< Controllers

Unsecure network on iphones with portal > hotel voucher - OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Unsecure network on iphones with portal > hotel voucher - OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Unsecure network on iphones with portal > hotel voucher - OC200
Unsecure network on iphones with portal > hotel voucher - OC200
2021-06-26 10:14:51 - last edited 2021-06-26 17:30:41
Model: OC200  
Hardware Version: V1
Firmware Version: 4.3.5

I have setup a hotspot voucher for our hotel , i get complaints from our  guests 2 times with iphones that they see "unsecure network". In both cases the guest logged without issues and this showed up a few days later.  I am attaching settings and iphone screen of our guests. I have tried https redirection it shows the same "unsecure network" with no difference

 

Any help appreciated

Thanks,

Nick

 

 

 

 

 

 

 

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Unsecure network on iphones with portal > hotel voucher - OC200 -Solution
2021-06-26 11:47:42 - last edited 2021-06-26 17:30:41

@Nek 

 

Hey

 

Yes, this will appear on devices as an un-secure network, that is to be expected.

 

As you have no WPA encryption on the original connection it is, therefore, OPEN and will read as insecure on Apple Devices, other devices will also read it but its primarily Apple nag about this.

 

How this works is anyone can connect to the WiFi, it is therefore OPEN to anyone (apple class this as insecure), when on that WiFi you don't have encryption in place.  Once connected the ability to use the internet is controlled by MAC address, when connected to the OPEN network it will ask for a voucher, if the voucher is accepted it will allow that MAC address for that one device to access for 8 hours.  Any other traffic not from that MAC address is rejected by the firewall and sent to the portal to authenticate.    That's how this works in basic terms.

 

The only way to get Apple Devices reading this as SECURE is to put a passcode/password on the SSID and enabled WPA2 or higher encryption, basically turn off OPEN.   However that means your users then need

1. A password to connect to the WiFi

2. A voucher code to get internet

 

Its not as elegant or user friendly, but will work..  however this is up to you to decide how and if you think this extra level is acceptable, easy and less secure or harder and more secure.

 

Personally my feeling on it, i have my guest network OPEN with portal.  Far as I'm concerned its free, you dont like it dont use it.. or connect a VPN when online

 

However i would 100% recommend you have your guest network on a separate and isolated VLAN from the rest of your devices, guests should literally be VLAN to the router for internet only.

 

 

Recommended Solution
  1  
  1  
#2
Options
4 Reply
Re:Unsecure network on iphones with portal > hotel voucher - OC200 -Solution
2021-06-26 11:47:42 - last edited 2021-06-26 17:30:41

@Nek 

 

Hey

 

Yes, this will appear on devices as an un-secure network, that is to be expected.

 

As you have no WPA encryption on the original connection it is, therefore, OPEN and will read as insecure on Apple Devices, other devices will also read it but its primarily Apple nag about this.

 

How this works is anyone can connect to the WiFi, it is therefore OPEN to anyone (apple class this as insecure), when on that WiFi you don't have encryption in place.  Once connected the ability to use the internet is controlled by MAC address, when connected to the OPEN network it will ask for a voucher, if the voucher is accepted it will allow that MAC address for that one device to access for 8 hours.  Any other traffic not from that MAC address is rejected by the firewall and sent to the portal to authenticate.    That's how this works in basic terms.

 

The only way to get Apple Devices reading this as SECURE is to put a passcode/password on the SSID and enabled WPA2 or higher encryption, basically turn off OPEN.   However that means your users then need

1. A password to connect to the WiFi

2. A voucher code to get internet

 

Its not as elegant or user friendly, but will work..  however this is up to you to decide how and if you think this extra level is acceptable, easy and less secure or harder and more secure.

 

Personally my feeling on it, i have my guest network OPEN with portal.  Far as I'm concerned its free, you dont like it dont use it.. or connect a VPN when online

 

However i would 100% recommend you have your guest network on a separate and isolated VLAN from the rest of your devices, guests should literally be VLAN to the router for internet only.

 

 

Recommended Solution
  1  
  1  
#2
Options
Re:Unsecure network on iphones with portal > hotel voucher - OC200
2021-06-26 13:10:31 - last edited 2021-06-26 13:12:04

yes@Philbert 

 

Yes indeed it would not be friendly having to use 2 different login pwd's to enter the network so it can be seen as secure with padlock........i will have to think about it....i might leave it as is or just create a pwd with lots of special characters LOL and forget about the voucher and entry page but i do like the entry page and the professional look it gives our guests...anyway will have to do some thinking and see, thanks for the enlightening yes    

 

I have created a VLAN as suggested is this right? I had already the guest network activated doesn't this give a similar protection even without vlan?

 

 

 

 

   

 

 

  0  
  0  
#3
Options
Re:Unsecure network on iphones with portal > hotel voucher - OC200
2021-06-26 14:37:00

@Nek 

 

Hey

 

Totally agree the portal looks the part, its really how this is designed to be setup.  Sadly however Apple are naggy about the level of WPA encryption and will complain about this.  The 2 different passwords might work if the main one is simple, something like hotel123  or summer2021    -  Personally every time i have setup the portal for a cafe or BB etc its been set as OPEN 

 

Yes ticking the Guest Network setting will have similar effect to VLAN, namely it will stop anyone on the guest network having access to each other.   Its definitely a good idea

 

The VLAN you have added in the screen shot (VLAN 1) is the default one that everyone uses, its better to move the guests to a different VLAN (say 2).  However.. VLAN requires both a Switch and Router managed by the Controller, if you don't have these then the ticking of the GUEST NETWORK box is you best option.

 

Dont be setting up VLANs unless you have a Router and Switch

 

Hope that helps! :)

 

 

  0  
  0  
#4
Options
Re:Unsecure network on iphones with portal > hotel voucher - OC200
2021-06-26 14:53:41 - last edited 2021-06-26 16:47:15

@Philbert 

 

Thanks man, i do have tplink easy manage switches TL-SG1016DE and TL-SG1024DE  and my isp router which allows vlans but im not going to dig in my knowledge is limited LOL so i'll keep it with guest network only. 

 

We also have LAN ports in each of our rooms , each room has 1 lan port for smart tv and 1 for working desk these are configured by 802.1q VLAN and PVID.

 

 

  2  
  2  
#5
Options

Information

Helpful: 0

Views: 1081

Replies: 4

Related Articles
Omada Captive Portal Not working with iPhones
566 0
iphones kicked out of guest network before voucher expires
451 0
Captive portal
1071 0
Do I need to replace the devices for my hotel network
628 0
Network 's configuration for a Hotel
1142 0
Printout of the portal vouchers
1110 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.