Motorola RFS7000 Series System Reference Manual page 122

4-36 Network Setup
2. External Web-pages
3. Customized internal Web page (using the Advanced feature in hotspot configuration)
When a user visits a public hotspot and wants to browse a Web page, they can boot up their laptop and
associate with the local Wi-Fi network by entering the correct SSID. They then start a browser. The hotspot
access controller forces this un-authenticated user to a Welcome page from the hotspot Operator that allows
the user to login with a username and password. This form of IP-Redirection requires no special software on
the client but its does require the client's WLAN adapter be set to receive its IP configuration through DHCP.
To configure a hotspot, create a WLAN ESSID and select Hotspot as the authentication scheme from the WLAN
Authentication menu. This is simply another way to authenticate a WLAN user, as it would be impractical to
authenticate visitors using 802.1x authentications. Having enabled a hotspot, you will need to configure it.
There are 2 parts to the hotspot configuration process:
• Setting up the Hotspot Web pages
• Setting up the Radius server.
Switch Hotspot Redirection
The switch uses destination network address translation to redirect user traffic from a default home page to
the login page. Specifically, when the switch receives an HTTP Web page request from the user (when the
client first launches its browser after connecting to the WLAN), a protocol stack on the switch intercepts the
request and sends back an HTTP response after modifying the network and port address in the packet (thereby
acting like a proxy between the User and the Web site they are trying to access).
Refer to the following scenario. An unauthenticated hotspot client associates to the hotspot WLAN. The client
WLAN adapted initiates a DHCP broadcast. The switch detects this as DHCP broadcast traffic from an
unauthenticated hotspot WLAN client. The switch forwards these frames to the DHCP server and does not
redirect them. The DHCP server responds with an IP configuration for the client and the client is now ready to
access the network.
The user then initiates an HTTP session to www.xyz.com. The switch detects this as DNS traffic, and again
does not redirect it. The DNS server resolves this domain name to an IP address like 63.44.56.98 (for
www.xyz.com). The client initiates a TCP session with host 63.44.56.98. This session begins with the client
sending a TCP SYN to target IP 63.44.56.98. The switch intercepts this session and responds with a SNY/ACK
back to the client (while in the process modifying the source IP address and source port of this return packet
to 63.44.56.98:80). The client completes the TCP 3-way handshake with the switch acting as a proxy for the
destination IP 63.44.56.98.
Assuming the TCP session opened, the client now sends an HTTP GET to the destination URL. The HTTP GET
is again intercepted by the switch and redirected to the hotspot Web site https://10.0.1.77:444/wlan1/
login.html. The client is now redirected to the Login.htm Web page of the hotspot instead of landing on their
destination Web site (www.xyz.com). The client enters its identification information and is authenticated with
the Radius server. Once authenticated, the client is presented with a Welcome.htm page. All client traffic is
authenticated and forwarded to the Internet (until the user session expires).
To configure hotspot support:
1. Select Network
2. Select an existing WLAN from those displayed within the
button.
A WLAN screen displays with the WLAN's existing configuration. Refer to the
Encryption columns to assess the WLAN's existing security configuration.
> Wireless LANs from the main menu tree.
Configuration tab and click the
Authentication
Edit
and