How Does Apple CNA works for Guest Users connecting to Aruba Instant ON APs?
The Apple Captive Network Assistant (CNA) is a feature that appears and prompts users automatically to login to the detected captive portal network without the need to explicitly open a web browser.
This type of login is useful on mobile devices where many of the common applications are not browser-based and these applications would otherwise fail to connect without the successful browser-based authentication.
Example of these Non-browser based applications is email, social networking applications, corporate VPNs, and media streaming.
Apple os detects the presence of a network that has captive portal enabled by attempting to request a web page from the Apple public websites. The common website used by Apple devices to check the status is https://captive.apple.com.
This HTTP GET process retrieves a simple success.html file from the Apple web servers and the operating system uses the successful receipt of this file to assume that it is connected to an open network without the requirement for captive portal authentication.
If the success.html file is not received, the operating system conversely assumes that a captive portal is in place and presents the CNA automatically to prompt the user to perform a web authentication task.
Behind the scenes, The Instant ON device will spoof the initial TCP packets from the client and send the redirect URL (where the splash page is hosted) to the client.
The complete Apple CNA process is explained in the below screenshot