When should I bypass CNA feature


This article explains an use case of Apple Bypass CNA feature on the ZoneDirector.


When should I bypass CNA feature

Customer Environment

ZD managed captive portal/guest/hotspot network.

Root Cause

Apple iOS is not a fully functional browser. if it is not serving your deployment scenario fully We suggest you to bypass it so a browser can be used to login to the wireless service.

Troubleshooting Steps

Couple of _intermittent_ issues reported by customers that use the CNA feature:
1. Redirection failures after submitting the login credentials or the guest pass
2. Unnecessary flipping back to 3G/4G network instead of redirecting to the landing page. After a wait of more than one minute the device would flip back to the WiFi network. This is a very bad experience for a user.


Smartphone users prefer to use WiFi on their handhelds because of its speed. When a user connects to guest wireless networks, most of the times they are required to provide either a guest pass or a user id/password.

Here are the typical steps in connecting a guest network:
1. Choose the desired wireless network from a list of wireless networks
2. Open a browser and enter the necessary credentials

Users sometimes ignore the second step above and wonder why their apps and email are not working. To avoid such confusing situations to their users, Apple came up with a feature called Captive Network Assistant. This feature unnecessitates opening a browser and causes the device to automatically prompt the user to provide credentials using a pseudo browser.

As you can see this is a great feature and takes out lot of confusion from user's point of view. But it can create couple of issues mentioned in the Troubleshooting Steps above. Apart from that CNA pop is not a fully functional browser.

If your users are reporting any similar issues, it is better to bypass the CNA and check how the connectivity goes.

This bypass feature can be found under the WLANs configuration page on the ZD. It allows to choose the bypass feature by SSID type - Guest, Captive Portal (Web Authentication), and Hotspot.

If you prefer to use CLI to enable the CNA bypass, use the following commands:
1.To enable the feature:
ruckus# conf
You have all rights in this mode.
ruckus(config)# sys
ruckus(config-sys)# bypasscna <WLAN-TYPE> Enter the WLAN services type (for example, web-auth, guestaccess, wispr). 
2.To disable the feature:
ruckus(config-sys)# no bypasscna


“For more information on this topic—including video tutorials—visit the Ruckus Support How-To Hub at https://support.ruckuswireless.com/how-to-hub.”

Article Number:

August 10, 2020 12:00 AM (almost 4 years ago)

Configuration, Known Issues and Workarounds, ZoneDirector


This article is:
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.