Configuring hotspots – Motorola Series Switch WS5100 User Manual
Page 103
Network Setup
4-29
9. Refer to the
Status
field for the current state of the requests made from applet. This field displays error
messages if something goes wrong in the transaction between the applet and the switch.
10.Click
OK
to use the changes to the running configuration and close the dialog.
11.Click
Cancel
to close the dialog without committing updates to the running configuration.
Configuring Hotspots
A hotspot is essentially a Web page granting user access to the Internet (in this case within a switch
managed WLAN). With the inlflux of Wi-Fi enabled mobile devices (laptops, PDAs etc.) hotspots are common
and can be found at many airports, hotels and college campuses.
The switch enables hotspot operators to provide user authentication and accounting without a special client
application. The switch uses a traditional Internet browser as a secure authentication device. Rather than
rely on built-in 802.11security features to control association privileges, configure a WLAN with no WEP (an
open network). The switch issues an IP address using a DHCP server, authenticates the user and grants the
user access the Internet.
When a user visits a public hotspot and wants to browse to a Web page, they boot up their laptop and
associate with the local Wi-Fi network by entering the correct SSID. They then start a browser. The hotspot
access controller forces this un-authenticated user to a Welcome page from the hotspot Operator that allows
the user to login with a username and password. This form of IP-Redirection requires no special software on
the client but its does require the client’s WLAN adapter be set to receive its IP configuration through DHCP.
To setup a hotspot on a switch, create a WLAN ESSID and select Hotspot as the authentication scheme from
the WLAN Authentication menu. This is simply another way to authenticate a WLAN user, as it would be
impractical to authenticate visitors using 802.1x authentications. Having enabled a hotspot, you will need to
configure it. There are 2 parts to the hotspot configuration:
• Setting up the Hotspot Web pages
• Setting up the Radius server.
Switch Hotspot Redirection
To redirect user traffic from a default home page to the login page, the switch uses destination network
address translation. Specifically, when the switch receives an HTTP Web page request from the user (when
the client first launches its browser after connecting to the WLAN), a protocol stack on the switch intercepts
the request and sends back an HTTP response after modifying the network and port address in the packet
(thereby acting like a proxy between the User and the Web site they are trying to access).
Refer to the following scenario. An unauthenticated hotspot client associates to the hotspot WLAN. The
client WLAN adapted initiates a DHCP broadcast. The switch detects this as DHCP broadcast traffic from an
unauthenticated hotspot WLAN client. The switch forwards these frames to the DHCP server and does not
redirect them. The DHCP server responds with an IP configuration for the client and the client is now ready
to access the network.
The user then initiates an HTTP session to www.xyz.com. The switch detects this as DNS traffic, and again
does not redirect it. The DNS server resolves this domain name to an ip address like 63.44.56.98 (for
www.xyz.com). The client initiates a TCP session with host 63.44.56.98. This session begins with the client
sending a TCP SYN to target IP 63.44.56.98. The switch intercepts this session and responds with a SNY/
ACK back to the client (while in the process modifying the source IP address and source port of this return
packet to 63.44.56.98:80). The client completes the TCP 3-way handshake with the switch acting as a proxy
for the destination IP 63.44.56.98.
Assuming the TCP session opened, the client now sends an HTTP GET to the destination URL. This HTTP GET
is again intercepted by the switch and redirected to the hotspot Web site