Configuring, Configuring dynamic mac acl, Configuring external radius – Motorola Series Switch WS5100 User Manual
Page 110
4-36 WS5100 Series Switch System Reference Guide
g. Once the location and settings for the advanced hotspot configuration have been defined, click the
Install
button to use the hotspot configuration with the switch.
6. Refer to the
Allow List
field, and enter any IP address (for internal or external Web sites) that may be
accessed by the Hotspot user without authentication.
7. Refer to the
Status
field for the current state of the requests made from applet. This field displays error
messages if something goes wrong in the transaction between the applet and the switch.
8. Click
OK
to use the changes to the running configuration and close the dialog.
9. Click
Cancel
to close the dialog without committing updates to the running configuration.
Configuring Dynamic MAC ACL
The Dynamic MAC ACL option allows the user to configure a Radius server for user authentication with the
range of MAC addressees defined as allowed or denied access to the switch managed network.
Configuring External Radius Server Support
If either the EAP 802.1x, Hotspot or Dynamic MAC ACL options have been selected as an authentication
scheme for a WLAN, the
Radius Config...
button at the bottom of the Network > Wireless LANs > Edit
becomes enabled. The Radius Configuration screen provides users the option of defining an external primary
and secondary Radius Server if you elect not use the switch’s resident Radius Server.
The switch ships with a default configuration defining the local Radius Server as the primary authentication
source (default users are admin with superuser privileges and operator with monitor privileges). No
secondary authentication source is specified. However, Motorola recommends using an external Radius
Server as the primary user authentication source and the local switch Radius Server as the secondary user
authentication source. To use an external Radius Server as either a primary or secondary authentication
source, it must be specified following the instructions in this section.
To configure an external Radius Server for EAP 802.1x, Hotspot or Dynamic MAC ACL WLAN support:
1. Select
Network
>
Wireless LANs
from the main menu tree.
2. Select an existing WLAN from those displayed within the
Configuration
tab.
NOTE: In certain instances, an associated MU may not be able to ping the host within the
hotspot. For instance, a hotspot supported WLAN is enabled. Within the Allowed List, a
network (157.235.95.0) is added. An MU is associated, and an IP address is obtained for
the MU. The MU is then unsuccessful in pinging the host IP address (157.235.95.54) from
within the hotspot. Consequently, the Allowed List should be used for host IPs only.
NOTE: As part of the Dynamic MAC ACL configuration process, ensure a primary and
optional secondary Radius Server have been properly configured to authenticate the users
requesting access to the ACL supported WLAN. For more information on configuring
Radius Server support for the Dynamic MAC ACL supported WLAN, see
External Radius Server Support on page 4-36
NOTE: If you elect to use the switch’s local Radius Server for user authentication instead
of an external primary or secondary Radius Server, see
Configuring the Radius Server on
. The switch’s local Radius Server provides an easy setup option and offers a
high degree of security and accountability.
NOTE: To optimally use an external Radius Server with the switch, Motorola recommends
defining specific external Server attributes to best utilize user privilege values for specific
switch permissions. For information on defining the external Radius Server configuration,
see
Configuring an External Radius Server for Optimal Switch Support on page 4-38
.
!