mbox(config)# security hotspot <LANIF>

Info: Client gateway is

Info: Client network is

Info: Client netmask is

  • hotspot-cna <on/off> <delaytimer> This enables/disables iPhone Captive Network Assistant feature.

When it's enabled (eg. "hotspot-cna on", default setting), once user iPhone is associated to the network (after getting IP address), iPhone will automatically launch the login page. After login (or accept T&C in the case of ToS), user can start browsing (the status on the iPhone portal page will change from "cancel" to "done"); when it's disabled, iPhone will not launch the splash page and automatically "thinks" user device is already connected (iPhone login page will show "done" status even without login).

CNA is by default enabled. But sometimes it may be desirable to disable it, for example, when we want to ask users to download an apps from the landing page before the user logs in, it will cause problem if CNA is enable. Because if the user is not logged in, while the user is trying to download the apps (navigate away from the splash portal), iPhone will automatically cut off the Wi-Fi connection "thinking" this SSID is unusable.

But do note that when CNA is disabled (eg. "hotspot-cna off"), iPhone will not auto launch the login page, so users will need to initiate a browsing request in order to see the login page. This can be a problem if user is unaware of this and try to use apps or email etc. The <delaytimer> is an optional setting to overcome such situation.

When CNA is disabled with <delaytimer>, iPhone auto launch login portal upon connection to SSID, after <delaytimer> seconds, HSG will "spoof" iPhone to think the SSID is usable even without the need to login (therefore the portal status will turn to "done" status), so that users can continue to launch apps download from login page without Wi-Fi connection being cut off by iPhone.