Profile Services Configuration And Deployment Considerations - Motorola AP-6511 Reference Manual

to the wireless network. Once logged into the hotspot, additional Agreement, Welcome and Fail pages
provide the administrator with a number of options on the hotspot's screen flow and user appearance.
Either select an existing captive portal policy, use the default captive portal policy or select the
link to create a new captive portal configuration that can be applied to this profile. For more information,
see Configuring Captive Portal Policies on page
6. Use the DHCP Server Policy
policy does not meet the profile's requirements, select the
configuration that can be applied to this profile.
Dynamic Host Configuration Protocol (DHCP) allows hosts on an IP network to request and be assigned
IP addresses as well as discover information about the network where they reside. Each subnet can be
configured with its own address pool. Whenever a DHCP client requests an IP address, the DHCP server
assigns an IP address from that subnet's address pool. When the DHCP server allocates an address for a
DHCP client, the client is assigned a lease, which expires after an pre-determined interval. Before a lease
expires, wireless clients (to which leases are assigned) are expected to renew them to continue to use
the addresses. Once the lease expires, the client is no longer permitted to use the leased IP address. The
profile's DHCP server policy ensures all IP addresses are unique, and no IP address is assigned to a
second client while the first client's assignment is valid (its lease has not expired).
Either select an existing captive portal policy or select the
configuration that can be applied to this profile. Existing policies can be modified by selecting the
icon. For more information, see
7. Select OK to save the changes made to the profile's services configuration. Select
last saved configuration.

7.5.1 Profile Services Configuration and Deployment Considerations


Profile Services Configuration
Before defining a profile's captive portal and DHCP configuration, refer to the following deployment
guidelines to ensure the profile configuration is optimally effective:
• A profile plan should consider the number of wireless clients allowed on the profile's guest (captive
portal) network and the services provided, or if the profile should support guest access at all.
• Profile configurations supporting a captive portal should include firewall policies to ensure logical
separation is provided between guest and internal networks so internal networks and hosts are not
reachable from guest devices.
• DHCP's lack of an authentication mechanism means a DHCP server supported profile cannot check if a
client or user is authorized to use a given user class. This introduces a vulnerability when using user class
options. Ensure a profile using DHCP resources is also provisioned with a strong user authorization and
validation configuration.
9-2.
drop-down menu assign this profile a DHCP policy. If an existing DHCP
Setting the DHCP Server Configuration on page
Create button to create a new policy
Create button to create a new captive portal
9-14.
Reset
Profile Configuration
Create
Edit
to revert to the
7-49