Public Spot Captive Portal API

As of LCOS 10.90 the Public Spot supports the new Captive Portal API standard according to RFC 8908. The standard allows Wi-Fi clients in a hotspot to automatically find a captive portal or login page.

The client receives the URL of the portal page via DHCP and uses an API request to the hotspot to check whether a login is required or whether access is already permitted for the client. This significantly speeds up the user experience in a hotspot and, by defining a standard, now provides better manufacturer interoperability between hotspots and clients.

The following steps are required:
  1. The use of TLS certificates in the Public Spot is mandatory. Without an HTTPS login, the client does not send a request to the portal.
  2. The DHCP server must provide the Captive Portal DHCP option to the client.

The configuration in LANconfig is located under Public-Spot > Server > Captive Portal API (RFC 8908).





Captive portal API enabled
Enables or disables the Captive Portal API function in the Public Spot.
User portal URL
(Optional) By default, the Captive Portal API supports TLS only. For this reason the device must have a trusted certificate and a DNS name. By default, the parameter can be left empty and it will be inserted automatically by the system. To do this, the device name must be configured in the Public Spot operating settings and agree with the TLS certificate. If an external hotspot server is used, a URL of this server can be entered here. Another requirement is that the clients in the hotspot must find the captive portal via DHCP option. For this purpose, the corresponding DHCP option according to RFC 8910 must be configured for the hotspot network.
Venue URL
(Optional) URL (TLS) through which the operator can provide the user with additional information about the location of the hotspot, e.g. the website of the hotel with the hotspot.

Configure DHCPv4 option (according to RFC 8910)

In LANconfig, create a new table entry under IPv4 > DHCPv4 > DHCP options.

Option number
Number of the option that should be sent to the DHCP client. In this case 114.
Network name
Name of the Public Spot network (see IPv4 networks)
Type
Entry type. In this case String.
Value
HTTPs URL of LANCOM router in the hotspot, e.g. "https://hotspot.org/captive-portal-api". The DNS name, e.g. "hotspot.org", is the device name of the router in the TLS certificate supplemented by the internal path of the Public Spot login page "captive-portal-api". The hotspot client must be able to resolve the DNS name. Also, the device name must be configured in the Public Spot operating settings and agree with the TLS certificate.




Configure DHCPv6 option (according to RFC8910)

In LANconfig, create a new table entry under IPv6 > DHCPv6 > DHCPv6 server > Additional options.

Interface name/Relay IP
Name of the Public Spot network (see IPv6 networks)
Option code
103
Option type
String
Option value
HTTPs URL of LANCOM router in the hotspot, e.g. "https://hotspot.org/captive-portal-api". The DNS name, e.g. "hotspot.org", is the device name of the router in the TLS certificate supplemented by the internal path of the Public Spot login page "captive-portal-api". The hotspot client must be able to resolve the DNS name. Also, the device name must be configured in the Public Spot operating settings and agree with the TLS certificate.




www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo