Motorola WS5100 Configuring Hotspots, Switch Hotspot Redirection, •Setting up the Radius server

Network Setup 4-29

9.Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.

10.Click OK to use the changes to the running configuration and close the dialog.

11.Click Cancel to close the dialog without committing updates to the running configuration.

Configuring Hotspots

A hotspot is essentially a Web page granting user access to the Internet (in this case within a switch managed WLAN). With the inlflux of Wi-Fi enabled mobile devices (laptops, PDAs etc.) hotspots are common and can be found at many airports, hotels and college campuses.

The switch enables hotspot operators to provide user authentication and accounting without a special client application. The switch uses a traditional Internet browser as a secure authentication device. Rather than rely on built-in 802.11security features to control association privileges, configure a WLAN with no WEP (an open network). The switch issues an IP address using a DHCP server, authenticates the user and grants the user access the Internet.

When a user visits a public hotspot and wants to browse to a Web page, they boot up their laptop and associate with the local Wi-Fi network by entering the correct SSID. They then start a browser. The hotspot access controller forces this un-authenticated user to a Welcome page from the hotspot Operator that allows the user to login with a username and password. This form of IP-Redirection requires no special software on the client but its does require the client’s WLAN adapter be set to receive its IP configuration through DHCP.

To setup a hotspot on a switch, create a WLAN ESSID and select Hotspot as the authentication scheme from the WLAN Authentication menu. This is simply another way to authenticate a WLAN user, as it would be impractical to authenticate visitors using 802.1x authentications. Having enabled a hotspot, you will need to configure it. There are 2 parts to the hotspot configuration:

•Setting up the Hotspot Web pages

•Setting up the Radius server.

Switch Hotspot Redirection

To redirect user traffic from a default home page to the login page, the switch uses destination network address translation. Specifically, when the switch receives an HTTP Web page request from the user (when the client first launches its browser after connecting to the WLAN), a protocol stack on the switch intercepts the request and sends back an HTTP response after modifying the network and port address in the packet (thereby acting like a proxy between the User and the Web site they are trying to access).

Refer to the following scenario. An unauthenticated hotspot client associates to the hotspot WLAN. The client WLAN adapted initiates a DHCP broadcast. The switch detects this as DHCP broadcast traffic from an unauthenticated hotspot WLAN client. The switch forwards these frames to the DHCP server and does not redirect them. The DHCP server responds with an IP configuration for the client and the client is now ready to access the network.

The user then initiates an HTTP session to www.xyz.com. The switch detects this as DNS traffic, and again does not redirect it. The DNS server resolves this domain name to an ip address like 63.44.56.98 (for www.xyz.com). The client initiates a TCP session with host 63.44.56.98. This session begins with the client sending a TCP SYN to target IP 63.44.56.98. The switch intercepts this session and responds with a SNY/ ACK back to the client (while in the process modifying the source IP address and source port of this return packet to 63.44.56.98:80). The client completes the TCP 3-way handshake with the switch acting as a proxy for the destination IP 63.44.56.98.

Assuming the TCP session opened, the client now sends an HTTP GET to the destination URL. This HTTP GET is again intercepted by the switch and redirected to the hotspot Web site https://10.0.1.77:444/wlan1/