Captive Portal Daemon Workflow

When a subscriber (a user's source IP address) is unauthorized, the PFD directs its traffic to the CPD; however, the CPD is also directly accessible by users (both authorized and unauthorized).

When the CPD receives an HTTP GET request connection from the PFD's data interface, it replies with an HTTP MOVED redirect message (response code 301). This redirect URL forces the end user's browser to directly connect to the CPD, bypassing the PFD's NAT, because the PFD allows direct connections to the CPD from everyone. In this way, the application lowers the load on the PFD.

In other words, before the redirect, an unauthorized user thinks they are communicating with the HTTP server (on the internet/network, through the outbound interface) with which they originally requested communication. After receiving the redirect response, the user knows to target the CPD directly.

When the user connects directly to the CPD, the HTTP server presents a page with a button allowing the user to authorize themselves. When the button is clicked, the CPD adds the user's source IP to the list of authorized users and sends an update to the PFD over the internal communication channel.

A user who becomes authorized can make connections through the router and through other outbound interfaces. The user must directly connect to the CPD and click the button to remove their authorization; the PFD does not redirect communications from that user to the CPD.

The following figure shows how this works with an authorized user.

pm-auth-user-g016901.gif

Workflow For an Authorized User



The next figure shows how the CPD operates with an unauthorized user. In this figure:

pm-unauth-user-g016902.gif

Workflow For an Unauthorized User


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:46 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5