beautypg.com

12 hotspot how-to's, Description – Allied Telesis AT-WR4500 User Manual

Page 243

background image

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

243

RouterOS v3 Configuration and User Guide

RADIUS client non-fatal errors:

invalid username or password - RADIUS server has rejected the username and password sent to
it without specifying a reason. Cause: either wrong username and/or password, or other error.
Solution: should be clarified in RADIUS server's log files

- this may be any message (any text string) sent back
by RADIUS server. Consult with your RADIUS server's documentation for further information

RADIUS client fatal errors:

RADIUS server is not responding - user is being authenticated by RADIUS server, but no
response is received from it. Solution: check whether the RADIUS server is running and is reachable
from the HotSpot router

10.3.12

HotSpot How-to's

Description

This section will focus on some simple examples of how to use your HotSpot system, as well as give
some useful ideas.

Setting up https authorization

At first certificate must be present with decrypted private key:

[admin@AT-WR4562] > /certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name="hotspot.example.net"
subject=C=LV,L=Riga,O=MT,OU=dev,CN=hotspot.example.net,
[email protected]
issuer=C=LV,L=Riga,O=MT,OU=dev,CN=hotsot.example.net,
[email protected]
serial-number="0" [email protected]
invalid-before=oct/27/2004 11:43:22 invalid-after=oct/27/2005 11:43:22
ca=yes


Then we can use that certificate for hotspot:

ip hotspot profile set default login-by=cookie,http-chap,https \
ssl-certificate=hotsot.example.net


After that we can see, that HTTPS is running on hotspot interface:

[admin@AT-WR4562] > /ip hotspot print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 S hs-local local default 00:05:00

Bypass hotspot for some devices in hotspot network

All IP binding entries with type property set to bypassed, will not be asked to authorize - it means that
they will have login-free access:

[admin@AT-WR4562] ip hotspot ip-binding> print
Flags: X - disabled, P - bypassed, B - blocked
# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER
0 P 10.11.12.3

This manual is related to the following products:
See also other documents in the category Allied Telesis Hardware: