Unsecure network on iphones with portal > hotel voucher - OC200
I have setup a hotspot voucher for our hotel , i get complaints from our guests 2 times with iphones that they see "unsecure network". In both cases the guest logged without issues and this showed up a few days later. I am attaching settings and iphone screen of our guests. I have tried https redirection it shows the same "unsecure network" with no difference
Any help appreciated
Thanks,
Nick
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hey
Yes, this will appear on devices as an un-secure network, that is to be expected.
As you have no WPA encryption on the original connection it is, therefore, OPEN and will read as insecure on Apple Devices, other devices will also read it but its primarily Apple nag about this.
How this works is anyone can connect to the WiFi, it is therefore OPEN to anyone (apple class this as insecure), when on that WiFi you don't have encryption in place. Once connected the ability to use the internet is controlled by MAC address, when connected to the OPEN network it will ask for a voucher, if the voucher is accepted it will allow that MAC address for that one device to access for 8 hours. Any other traffic not from that MAC address is rejected by the firewall and sent to the portal to authenticate. That's how this works in basic terms.
The only way to get Apple Devices reading this as SECURE is to put a passcode/password on the SSID and enabled WPA2 or higher encryption, basically turn off OPEN. However that means your users then need
1. A password to connect to the WiFi
2. A voucher code to get internet
Its not as elegant or user friendly, but will work.. however this is up to you to decide how and if you think this extra level is acceptable, easy and less secure or harder and more secure.
Personally my feeling on it, i have my guest network OPEN with portal. Far as I'm concerned its free, you dont like it dont use it.. or connect a VPN when online
However i would 100% recommend you have your guest network on a separate and isolated VLAN from the rest of your devices, guests should literally be VLAN to the router for internet only.
- Copy Link
- Report Inappropriate Content
Hey
Yes, this will appear on devices as an un-secure network, that is to be expected.
As you have no WPA encryption on the original connection it is, therefore, OPEN and will read as insecure on Apple Devices, other devices will also read it but its primarily Apple nag about this.
How this works is anyone can connect to the WiFi, it is therefore OPEN to anyone (apple class this as insecure), when on that WiFi you don't have encryption in place. Once connected the ability to use the internet is controlled by MAC address, when connected to the OPEN network it will ask for a voucher, if the voucher is accepted it will allow that MAC address for that one device to access for 8 hours. Any other traffic not from that MAC address is rejected by the firewall and sent to the portal to authenticate. That's how this works in basic terms.
The only way to get Apple Devices reading this as SECURE is to put a passcode/password on the SSID and enabled WPA2 or higher encryption, basically turn off OPEN. However that means your users then need
1. A password to connect to the WiFi
2. A voucher code to get internet
Its not as elegant or user friendly, but will work.. however this is up to you to decide how and if you think this extra level is acceptable, easy and less secure or harder and more secure.
Personally my feeling on it, i have my guest network OPEN with portal. Far as I'm concerned its free, you dont like it dont use it.. or connect a VPN when online
However i would 100% recommend you have your guest network on a separate and isolated VLAN from the rest of your devices, guests should literally be VLAN to the router for internet only.
- Copy Link
- Report Inappropriate Content
Yes indeed it would not be friendly having to use 2 different login pwd's to enter the network so it can be seen as secure with padlock........i will have to think about it....i might leave it as is or just create a pwd with lots of special characters LOL and forget about the voucher and entry page but i do like the entry page and the professional look it gives our guests...anyway will have to do some thinking and see, thanks for the enlightening
I have created a VLAN as suggested is this right? I had already the guest network activated doesn't this give a similar protection even without vlan?
- Copy Link
- Report Inappropriate Content
Hey
Totally agree the portal looks the part, its really how this is designed to be setup. Sadly however Apple are naggy about the level of WPA encryption and will complain about this. The 2 different passwords might work if the main one is simple, something like hotel123 or summer2021 - Personally every time i have setup the portal for a cafe or BB etc its been set as OPEN
Yes ticking the Guest Network setting will have similar effect to VLAN, namely it will stop anyone on the guest network having access to each other. Its definitely a good idea
The VLAN you have added in the screen shot (VLAN 1) is the default one that everyone uses, its better to move the guests to a different VLAN (say 2). However.. VLAN requires both a Switch and Router managed by the Controller, if you don't have these then the ticking of the GUEST NETWORK box is you best option.
Dont be setting up VLANs unless you have a Router and Switch
Hope that helps! :)
- Copy Link
- Report Inappropriate Content
Thanks man, i do have tplink easy manage switches TL-SG1016DE and TL-SG1024DE and my isp router which allows vlans but im not going to dig in my knowledge is limited LOL so i'll keep it with guest network only.
We also have LAN ports in each of our rooms , each room has 1 lan port for smart tv and 1 for working desk these are configured by 802.1q VLAN and PVID.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1381
Replies: 4
Voters 0
No one has voted for it yet.