Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 122
108
Brocade Mobility RFS7000-GR Controller System Reference Guide
53-1001944-01
Viewing and configuring switch WLANs
4
The switch enables hotspot operators to provide user authentication and accounting without a
special client application. The switch uses a traditional Internet browser as a secure authentication
device. Rather than rely on built-in 802.11security features to control association privileges,
configure a WLAN with no WEP (an open network). The switch issues an IP address using a DHCP
server, authenticates the user and grants the user access the Internet.
The hotspot feature supports both internal and external RADIUS servers. It also supports the
following three HTTP redirection options to satisfy various customer configurations:
1. Simple internal pre-built web-pages.
2. External Web-pages
3. Customized internal Web page (using the Advanced feature in hotspot configuration)
When a user visits a public hotspot and wants to browse a Web page, they can boot up their laptop
and associate with the local Wi-Fi network by entering the correct SSID. They then start a browser.
The hotspot access controller forces this un-authenticated user to a Welcome page from the
hotspot Operator that allows the user to login with a username and password. This form of
IP-Redirection requires no special software on the client.
To configure a hotspot, create a WLAN ESSID and select Hotspot as the authentication scheme
from the WLAN Authentication menu. This is simply another way to authenticate a WLAN user, as it
would be impractical to authenticate visitors using 802.1x authentications. Having enabled a
hotspot, you will need to configure it. There are 2 parts to the hotspot configuration process:
•
Setting up the Hotspot Web pages
•
Setting up the RADIUS server.
Switch hotspot redirection
The switch uses destination network address translation to redirect user traffic from a default
home page to the login page. Specifically, when the switch receives an HTTP Web page request
from the user (when the client first launches its browser after connecting to the WLAN), a protocol
stack on the switch intercepts the request and sends back an HTTP response after modifying the
network and port address in the packet (thereby acting like a proxy between the User and the Web
site they are trying to access).
To configure hotspot support:
1. Select Network > Wireless LANs from the main menu tree.
2. Select an existing WLAN from those displayed within the Configuration tab and click the Edit
button.
A WLAN screen displays with the WLAN’s existing configuration. Refer to the Authentication
and Encryption columns to assess the WLAN’s existing security configuration.
3. Select the Hotspot button from within the Authentication field. The RADIUS Config... button on
the bottom of the screen becomes enabled. Ensure a primary and optional secondary RADIUS
Server have been configured to authenticate users requesting access to the hotspot
supported WLAN. For more information, see
“Configuring external RADIUS Server support”
4. Click the Config button to the right of the Hotspot checkbox.
A Hotspot screen displays, allowing the user to define one of three available hotspot types.
5. Use the drop-down menu at the top of the screen to define whether this WLAN’s Web pages
are: