45
AP-2500 Authentication Methods
NOTE
If you want to provide the user with the ability to log in or out of the connection, you need to use a RADIUS
server. See Internal Authentication with RADIUS for details.
End User Experience
The following procedure details the experience of the typical customer if you configure the AP-2500 to use internal
authentication:
1. Customer enters the hotspot and turns on his laptop that has a wireless card installed.
• If the customer is renting a card or you are manually entering customers in the Authorized Subscribers Table,
the customer will need to sign up for service at the counter before turning on the laptop.
2. The wireless card associates with the AP. If the card is configured as a DHCP client, the AP automatically assigns
the card a dynamic IP address.
• The AP adds the client to its Current Subscribers Table with State set to “Pending”.
3. The customer launches his Web browser. Typically, the Web browser will attempt to access its default home page.
4. The customer is automatically redirected to the AP’s internal login page or to a Portal Page.
• The AP redirects the customer when it receives an HTTP request from the customer’s browser.
• If the browser’s default home page is loaded in the browser’s cache, the customer may not be redirected to
the login screen. But the customer will be redirected the first time he tries to access a new Web site.
• The customer must try to access a valid Web site to call up the login screen. Entering an unreachable URL or
invalid Web address will not bring up the login screen.
• Customers who try to access e-mail first will not have a connection. Customers need to login via a Web
browser first.
5. If an existing customer (that is, the customer is already in the AP’s Authorized Subscribers Table), the customer
enters his user name and password (if enabled). If authenticating based on MAC address, the customer only clicks
a Login button. If a new subscriber using a credit card:
• The customer clicks the New User button.
• The customer selects one of the available billing plans and the amount of time he wants to purchase.
• The customer confirms his purchase and then enters his credit card information to pay for the access time.
• The AP adds the customer to the Authorized Subscribers Table after a successful credit card transaction.
6. The AP authenticates the user based on the User Name/Password or MAC address. The AP updates the client’s
State to “Valid” in the Current Subscribers Table.
7. Following successful authentication, the customer is automatically redirected to the URL of your choice (if Home
Page Redirection is enabled) or to the page that the customer originally requested (which started the login
process).
8. If the Information and Control Console is enabled, a Java window will appear on the subscriber’s screen that
contains information about the connection (such as time remaining) and advertising banners.
Configuration Instructions
Follow these steps to configure an AP-2500 to perform internal authentication:
1. Configure the AP-2500’s basic settings. This includes the AP’s IP address, System parameters, and management
passwords. See Basic Configuration for details.
2. If not already open, access the AP’s Web browser interface. (See Logging into the Web Interface for instructions.)
3. Click Configure > Network > DHCP Server to configure the AP’s DHCP Server settings. The default setting
should be suitable for most networks.
• By default, the AP is configured to provide IP addresses to subscribers in the range of 10.0.0.12 to 10.0.0.36
with a 255.255.255.0 subnet mask. This is a private IP range. In most configurations, you should have
assigned the AP a public IP address (that is, an address valid on the Internet). Using the default settings, the
AP performs Network Address Translation (NAT) to provide Internet access to its clients. See Dynamic
Address Translation (DAT) for more information on NAT.
• You should change the default address range if it conflicts with the settings of another DHCP server on your
network. Also, before modifying the AP’s address pool, confirm that there is not another DHCP server on the
network already serving addresses from this particular address range.