Handling Log-In And Redirection; Authentication (Radius); Accounting (Radius) - Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual

8-8 WS2000 Wireless Switch System Reference Guide
When the mobile unit requests the RADIUS server to log out, the RADIUS server again sends a trigger to the
wireless switch to change the state of the mobile unit to REDIRECT.

8.2.5 Handling log-in and redirection

When a client requests a URL from a web server, the login handler returns an HTTP redirection status code
in the range 300-399 (for example, 301 Moved Permanently), which indicates to the browser that it should
look for the page at another URL.
This other URL can be a local or remote login page (based on the hotspot configuration). The login page URL
is specified in the location HTTP header.
After the response with status code 301 Moved Permanently, the client's browser issues a request for the
URL specified in the response header. The client's browser, then displays the WS2000 login page.
To host a login page on the external web server, the IP address of that web server should be in the White list
(list of IP addresses that are allowed to access the server) configuration. Ensure that the login page is
designed so that the submit action always posts the login data on the WS2000 Wireless Switch.
When the login information is submitted to the WS2000 Wireless Switch, the login handler runs a CGI script
that uses this data as input and sends the user the response from the CGI script.

8.2.6 Authentication (RADIUS)

The CGI script has a RADIUS client built in it, which receives the posted login data and initiates RADIUS
authentication.
If the RADIUS authentication for that user is successful, the CGI script does the following:
1. Sends a command to wireless switch to change the MU state from REDIRECT to RADIUS-
AUTHENTICATED.
2. Replies back to the login handler to generate an HTTP redirection response for Welcome page.
3. Starts the RADIUS accounting for the user.
The Welcome page will contain
system. Again the Remote Welcome page needs to be setup such that the logout request should be sent
to WS2000.
If the RADIUS authentication for that user is failed the CGI script will reply back to the Login Handler to
generate an HTTP redirection response for Fail page.
4. Click the Logout
Upon logout another CGI script is executed. The CGI script will use REMOTE_ADDR environment variable
to get the IP address of the requester and verify its MAC address from ARP table. Then CGI script will
stop the RADIUS accounting for that client and sends a command to wireless switch to change the MU
state back to REDIRECT.
To create new guest hotspot users see

8.2.7 Accounting (RADIUS)

Upon successful login a CGI script will generate an Accounting Start packet describing the type of service
being delivered and the client. The script will then send that information to the RADIUS Accounting server,
which will reply with an acknowledgement that the packet has been received.
Logout button, which user can click at any point to logout from the
button on the Welcome page to log out of the switch at any point.
Chapter 6, Adding New Guest Users Quickly.