Installation guide
Network Setup
4-43
f. Specify the appropriate Path to the hotspot configuration on the local system disk or server.
g. Once the location and settings for the advanced hotspot configuration have been defined, click
the Install button to use that hotspot configuration with the switch.
6. Refer to the
Allow List field, and enter any IP address (for internal or external Web sites) that can be
accessed by the Hotspot user without authentication.
7. Refer to the Status field for the current state of the requests made from applet. This field displays
error messages if something goes wrong in the transaction between the applet and the switch.
8. Click OK to use the changes to the running configuration and close the dialog.
9. Click Cancel to close the dialog without committing updates to the running configuration.
Configuring MAC Authentication
The Dynamic MAC ACL option allows the user to configure a Radius server for user authentication with the
range of MAC addressees defined as allowed or denied access to the switch managed network.
Configuring External Radius Server Support
If either the EAP 802.1x, Hotspot or Dynamic MAC ACL options have been selected as an authentication
scheme for a WLAN, the Radius Config... button at the bottom of the Network > Wireless LANs > Edit
becomes enabled. The Radius Configuration screen provides users the option of defining an external primary
and secondary Radius Server as well as a NAC Server if you elect not use the switch’s resident resources.
The switch ships with a default configuration defining the local Radius Server as the primary authentication
source (default users are admin with superuser privileges and operator with monitor privileges). No secondary
authentication source is specified. However, Motorola recommends using an external Radius Server as the
primary user authentication source and the local switch Radius Server as the secondary user authentication
source. To use an external Radius Server as either a primary or secondary authentication source, it must be
specified appropriately.
NOTE In certain instances, an associated MU may not be able to ping the host within the
hotspot. For instance, a hotspot supported WLAN is enabled. Within the Allowed
List, a network (157.235.95.0) is added, an MU is associated, and an IP address is
obtained for the MU. The MU is then unsuccessful in pinging the host IP address
(157.235.95.54) from within the hotspot. Consequently, the Allowed List should be
used for host IPs only.
NOTE As part of the Dynamic MAC ACL configuration process, ensure a primary and
optional secondary Radius Server have been properly configured to authenticate
users requesting access to the ACL supported WLAN. For more information on
configuring Radius Server support for the Dynamic MAC ACL supported WLAN, see
Configuring External Radius Server Support on page 4-43.
NOTE If using the switch’s local Radius Server for user authentication instead of an
external primary or secondary Radius Server, see Configuring the Radius Server on
page 6-71. To review the benefits and risks associated with selecting an external or
local Radius Server as the primary user authentication scheme, see Using the
Switch’s Radius Server Versus an External Radius Server on page 6-73.