Overview 1-9

destination IP address and/or TCP/UDP port number. Rate limiting allows the definition of two rates: a guaranteed minimum bandwidth and a second burst size. Rate limiting is performed as part of the flow control process (WISP protocol) between access ports and the switch.

1.2.2.3Proxy-ARP

Proxy ARP is provided for MU's in PSP mode whose IP address is known. The WLAN generates an ARP reply on behalf of a MU, if the MU's IP address is known. The ARP reply contains the MAC address of the MU (not the MAC address of switch). Thus, the MU is not woken to send ARP replies (increasing battery life and conserving wireless bandwidth).

If an MU goes into PSP mode without transmitting at least one packet, its Proxy ARP will not work for such an MU.

1.2.2.4HotSpot / IP Redirect

A hotspot is a Web page that users are forced to visit before they are granted access to the Internet. With the advent of Wi-Fi enabled client devices (such as laptops and PDAs) commercial hotspots are common and can be found at many airports, hotels and coffee shops.The Hotspot / IP Redirect feature allows the switch to function as a single on-site switch supporting WLAN hotspots. The Hotspot feature re-directs user traffic (for a hotspot enabled WLAN) to a Web page that requires them to authenticate before granting access to the WLAN. The IP-Redirection requires no special software on the client but its does require the client be set to receive its IP configuration through DHCP. The following is a typical sequence of events for hotspot access:

1.A visitor with a laptop requires hotspot access at a site.

2.A user ID/ Password and the hotspot ESSID are issued by the site receptionist or IT staff.

3.The user connects their laptop to this ESSID

4.The laptop receives its IP configuration via DHCP. The DHCP service can be provided by an external DHCP server or provided by the internal DHCP server located on the switch.

5.The user opens a Web browser and connects to their home page.

6.The switch re-directs them to the hotspot Web page for authentication.

7.The user enters their User ID/ Password.

8.A Radius server authenticates the user.

9.Upon successful authentication, the user is directed to a Welcome Page that lists among other things an Acceptable Use Policy, connection time remaining and an I Agree button.

10.The user accepts by clicking the I Agree button and is granted access to the Internet. (or other network services).

To redirect user traffic from a default home page to a login page, the switch uses destination network address translation (destination NAT is similar to the source NAT/ PAT but the destination IP address and port get modified instead of the source as in traditional NAT). More specifically, when the switch receives an HTTP Web page request from the user (when the client first launches its browser after connecting to the WLAN), a protocol stack on the switch intercepts the request and sends back an HTTP response after modifying the network and port address in the packet. Therefore, acting like a proxy between the user and the Web site they are trying to access.

To setup a hotspot, create a WLAN ESSID and select Hotspot authentication from the Authentication menu. This is simply another way to authenticate a WLAN user for it would be impractical to authenticate visitors using 802.1x authentications. Motorola also recommends reviewing the WS5100 Migration Guide (available

Page 19
Image 19
Motorola WS5100 manual Proxy-ARP, HotSpot / IP Redirect