4-36WS5100 Series Switch System Reference Guide

g. Once the location and settings for the advanced hotspot configuration have been defined, click the Install button to use the hotspot configuration with the switch.

6.Refer to the Allow List field, and enter any IP address (for internal or external Web sites) that may be accessed by the Hotspot user without authentication.

NOTE: In certain instances, an associated MU may not be able to ping the host within the hotspot. For instance, a hotspot supported WLAN is enabled. Within the Allowed List, a network (157.235.95.0) is added. An MU is associated, and an IP address is obtained for the MU. The MU is then unsuccessful in pinging the host IP address (157.235.95.54) from within the hotspot. Consequently, the Allowed List should be used for host IPs only.

7.Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.

8.Click OK to use the changes to the running configuration and close the dialog.

9.Click Cancel to close the dialog without committing updates to the running configuration.

Configuring Dynamic MAC ACL

The Dynamic MAC ACL option allows the user to configure a Radius server for user authentication with the range of MAC addressees defined as allowed or denied access to the switch managed network.

NOTE: As part of the Dynamic MAC ACL configuration process, ensure a primary and optional secondary Radius Server have been properly configured to authenticate the users requesting access to the ACL supported WLAN. For more information on configuring Radius Server support for the Dynamic MAC ACL supported WLAN, see Configuring External Radius Server Support on page 4-36.

Configuring External Radius Server Support

If either the EAP 802.1x, Hotspot or Dynamic MAC ACL options have been selected as an authentication scheme for a WLAN, the Radius Config... button at the bottom of the Network > Wireless LANs > Edit becomes enabled. The Radius Configuration screen provides users the option of defining an external primary and secondary Radius Server if you elect not use the switch’s resident Radius Server.

NOTE: If you elect to use the switch’s local Radius Server for user authentication instead of an external primary or secondary Radius Server, see Configuring the Radius Server on page 6-62. The switch’s local Radius Server provides an easy setup option and offers a high degree of security and accountability.

The switch ships with a default configuration defining the local Radius Server as the primary authentication source (default users are admin with superuser privileges and operator with monitor privileges). No secondary authentication source is specified. However, Motorola recommends using an external Radius Server as the primary user authentication source and the local switch Radius Server as the secondary user authentication source. To use an external Radius Server as either a primary or secondary authentication source, it must be specified following the instructions in this section.

To configure an external Radius Server for EAP 802.1x, Hotspot or Dynamic MAC ACL WLAN support:

NOTE: To optimally use an external Radius Server with the switch, Motorola recommends

!defining specific external Server attributes to best utilize user privilege values for specific switch permissions. For information on defining the external Radius Server configuration, see Configuring an External Radius Server for Optimal Switch Support on page 4-38.

1.Select Network > Wireless LANs from the main menu tree.

2.Select an existing WLAN from those displayed within the Configuration tab.

Page 110
Image 110
Motorola WS5100 manual Configuring Dynamic MAC ACL, Configuring External Radius Server Support