Motorola WS5100 Series Reference Manual page 115

1. Simple internal pre-built web-pages.
2. External Web-pages
3. Customized internal Web page (using the Advanced feature in hotspot configuration)
When a user visits a public hotspot and wants to browse a Web page, they can boot up their laptop and
associate with the local Wi-Fi network by entering the correct SSID. They then start a browser. The hotspot
access controller forces this un-authenticated user to a Welcome page from the hotspot Operator that allows
the user to login with a username and password. This form of IP-Redirection requires no special software on
the client but its does require the client's WLAN adapter be set to receive its IP configuration through DHCP.
To configure a hotspot, create a WLAN ESSID and select Hotspot as the authentication scheme from the
WLAN Authentication menu. This is simply another way to authenticate a WLAN user, as it would be
impractical to authenticate visitors using 802.1x authentications. Having enabled a hotspot, you will need to
configure it. There are 2 parts to the hotspot configuration process:
• Setting up the Hotspot Web pages
• Setting up the Radius server.
Switch Hotspot Redirection
The switch uses destination network address translation to redirect user traffic from a default home page to
the login page. Specifically, when the switch receives an HTTP Web page request from the user (when the
client first launches its browser after connecting to the WLAN), a protocol stack on the switch intercepts the
request and sends back an HTTP response after modifying the network and port address in the packet
(thereby acting like a proxy between the User and the Web site they are trying to access).
Refer to the following scenario. An unauthenticated hotspot client associates to the hotspot WLAN. The
client WLAN adapted initiates a DHCP broadcast. The switch detects this as DHCP broadcast traffic from an
unauthenticated hotspot WLAN client. The switch forwards these frames to the DHCP server and does not
redirect them. The DHCP server responds with an IP configuration for the client and the client is now ready
to access the network.
The user then initiates an HTTP session to www.xyz.com. The switch detects this as DNS traffic, and again
does not redirect it. The DNS server resolves this domain name to an IP address like 63.44.56.98 (for
www.xyz.com). The client initiates a TCP session with host 63.44.56.98. This session begins with the client
sending a TCP SYN to target IP 63.44.56.98. The switch intercepts this session and responds with a SNY/
ACK back to the client (while in the process modifying the source IP address and source port of this return
packet to 63.44.56.98:80). The client completes the TCP 3-way handshake with the switch acting as a proxy
for the destination IP 63.44.56.98.
Assuming the TCP session opened, the client now sends an HTTP GET to the destination URL. The HTTP GET
is again intercepted by the switch and redirected to the hotspot Web site https://10.0.1.77:444/wlan1/
login.html. The client is now redirected to the Login.htm Web page of the hotspot instead of landing on their
destination Web site (www.xyz.com). The client enters its identification information and is authenticated
with the Radius server. Once authenticated, the client is presented with a Welcome.htm page. All client
traffic is authenticated and forwarded to the Internet (until the user session expires).
To configure hotspot support:
1. Select Network > Wireless LANs
2. Select an existing WLAN from those displayed within the
A WLAN screen displays with the WLAN's existing configuration. Refer to the
Encryption columns to assess the WLAN's existing security configuration.
from the main menu tree.
Configuration
4-33
Network Setup
tab and click the Edit button.
Authentication and