Motorola WiNG 4.4 Reference Manual page 140

4 - 36 WiNG 4.4 Switch System Reference Guide
6. Specify a case-sensitive
The realm name is the name domain/realm name of the KDC Server. A realm name functions similarly to a DNS domain
name. In theory, the realm name is arbitrary. However, in practice a Kerberos realm is named by uppercasing the DNS
domain name associated with hosts in the realm.
7. Provide the password required to effectively update Kerberos authentication credentials.
8. Enter a Server IP Addr
Specify a numerical (non-DNS) IP address for the Primary Key Distribution Center (KDC). The KDC implements an
Authentication Service and a Ticket Granting Service, whereby an authorized user is granted a ticket encrypted with
the user's password. The KDC has a copy of every user password provided. Optionally, specify a numerical (non-DNS)
IP address for a backup KDC. Backup KDCs are often referred to as slave servers.
9. Specify the Ports
The default port number for Kerberos Key Distribution Centers is port 88.
10.Refer to the Status
something goes wrong in the transaction between the applet and the switch.
11.Click OK to use the changes to the running configuration and close the dialog.
12.Click Cancel
Configuring Hotspots
A hotspot is essentially a Web page granting user access to the Internet (in this case within a switch managed WLAN).
With the influx of Wi-Fi enabled mobile devices (laptops, PDAs, etc.), hotspots are common and can be found at many
airports, hotels, and college campuses.
The switch enables hotspot operators to provide user authentication and accounting without a special client application.
The switch uses a traditional Internet browser as a secure authentication device. Rather than rely on built-in
802.11security features to control association privileges, configure a WLAN with no WEP (an open network). The switch
issues an IP address using a DHCP server, authenticates the user, and grants the user access to the Internet.
The hotspot feature supports both internal and external radius servers. It also supports the following three HTTP
redirection options to satisfy various customer configurations:
1. Simple internal pre-built Web-pages.
2. External Web-pages
3. Customized internal Web page (using the Advanced feature in hotspot configuration)
When a user visits a public hotspot and wants to browse a Web page, they can boot up their laptop and associate with
the local Wi-Fi network by entering the correct SSID. They then start a browser. The hotspot access controller forces this
un-authenticated user to a Welcome page from the hotspot Operator that allows the user to log in with a username and
password. This form of IP-Redirection requires no special software on the client.
To configure a hotspot, create a WLAN ESSID and select Hotspot as the authentication scheme from the WLAN
Authentication menu. This is simply another way to authenticate a WLAN user, as it would be impractical to authenticate
visitors using 802.1x authentications. Having enabled a hotspot, you will need to configure it. There are 2 parts to the
hotspot configuration process:
• Setting up the Hotspot Web pages
• Setting up the Radius server.
Switch Hotspot Redirection
The switch uses destination network address translation to redirect user traffic from a default home page to the login
page. Specifically, when the switch receives an HTTP Web page request from the user (when the client first launches its
Realm Name.
(IP address) for the Primary and (if necessary) Backup KDC.
on which the Primary and Backup KDCs reside.
field for the current state of requests made from applet. This field displays error messages if
to close the dialog without committing updates to the running configuration.