WS 2000 Wireless Switch System Reference Guide WS 2000 Wireless Switch System Reference Guide This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use during the initial setup and configuration of the system.
System Overview The WS 2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS 2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks.
The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.)
The switch has a large blue LED on the right front that indicates that the switch is powered on. Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs.
WS 2000 Wireless Switch System Reference Guide Software Overview The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components: Operating System (OS) Services...
Page 21
Getting Started with the WS 2000 Wireless Switch........
Getting Started with the WS 2000 Wireless Switch This section provides just enough instruction to set up the WS 2000 Wireless Switch, connect an Access Port, and test communications with a single mobile unit (MU) and the wide area network (WAN). The configuration suggestions made here are just the minimum needed to test the hardware.
Page 23
4. Log in using “admin” as the User ID 5. If the login is successful, the following dialog window is displayed. Enter a new admin password in both fields, and click the has been updated, the System Settings screen is displayed. and “symbol”...
Apply to save changes. Unapplied changes are lost if the administrator navigates to a different screen. The WS 2000 switch is shipped with an open default SNMP configuration: Community: public, OID: 1.3.6.1, Access: Read-only Community: private, OID: 1.3.6.1, Access: Read-write If your switch has these settings, it is important to change them immediately;...
Step 4: Configure the LAN Interface The first step of network configuration process is to figure out the topology of the LAN. The WS 2000 Wireless Switch allows the administrator to enable and configure four different subnets. The administrator can assign an IP address, port associations, and DHCP settings for each subnet.
Step 5: Configure Subnet1 The WS 2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of four subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch- managed local area network (LAN).
The WS 2000 Wireless Switch includes one WAN port. In order to set up communications with the outside world, select Network Configuration --> Communicating with the Outside World 1. Click the Enable WAN Interface outside world through the WAN port.
Step 7: Enable Wireless LANs (WLANs) The WS 2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable up to four wireless LANs (WLANs).
Wireless Summary Area The top portion of the window displays a summary of the WLANs that are currently defined. This is the screen in which the administrator can enable or disable a WLAN. At first, four WLANs are listed WLAN1, WLAN2, WLAN3, and WLAN4; however, only WLAN1 is enabled.
The authentication method sets a challenge-response procedure for validating user credentials such as username, password, and sometimes secret-key information. The WS 2000 Wireless Switch provides two methods for authenticating users: 802.1x EAP and Kerberos. The administrator can select between these two methods. For testing connectivity, WLAN security is not an issue, so there is not reason to enable authentication—the default setting...
3. Open a Web browser and type the IP address: 192.168.0.1. The WS 2000 Switch Management screen should appear. If not, go back to the wired system used to configure the switch and see if the mobile device appears in the MU Stats screen appear on the MU Stats screen, recheck the network and WEP settings on the mobile device.
2-12 WS 2000 Wireless Switch System Reference Guide Where to Go from Here? When full connectivity has been verified, the switch can be fully configured to meet the needs of the organization. Refer to the two case studies provided with this reference for specific installation examples. These case studies describe the environment, the desired features, and the configuration selections that were made in two different scenarios.
Page 33
LAN/Subnet Configuration Enabling Subnets for the LAN Interface ............3-2 Defining Subnets .
Enabling Subnets for the LAN Interface The WS 2000 Wireless Switch allows the administrator to enable and configure four different subnets. The administrator can assign a IP address, port associations, DHCP settings, and security settings for each subnet. This System Reference provides two case studies that demonstrate how requirements for network access and capabilities drive the decisions of how to configure the subnets.
To change features of a subnet select Configuring Subnets The WS 2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of three subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch- managed Local Area Network (LAN).
WS 2000 Wireless Switch System Reference Guide 2. Set an IP address to be used for the subnet. This is how the switch will refer specifically to this subnet. This could be a WAN address; but more likely it will be a non-routable address. An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1.
Configuring Subnet Access The WS 2000 Network Management System allows the administrator to set up access rules for subnet-to-subnet and subnet-to-WAN communication. These access rules control communication between subnets and the outside world (the WAN).
WS 2000 Wireless Switch System Reference Guide The Access Overview Table In the overview table, each of the rectangles represents a subnet association. The three possible colors indicate the current access level, as defined, for each subnet association. Color Access Type...
Page 39
1. Click in a cell of the table that represents the subnet-to-subnet (or subnet-to-WAN) relationship to define. All access rules (if any are defined) appear in the table in the lower-half of the screen. 2. Use the pull-down menu above the list to allow some protocols (or ports) and deny others.
WS 2000 Wireless Switch System Reference Guide Transport Description User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet. Like TCP, UDP runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides very few error recovery services and methods.
Page 41
1. To enable the advanced access settings, check the screen will become active. When this box is not checked, the settings in both the Subnet Access screen (under Firewall) and the NAT screen (under WAN) are disabled; the switch will use the settings found on this screen instead. 2.
Page 42
3-10 WS 2000 Wireless Switch System Reference Guide • Destination IP—The Destination IP range determines the target address(es) for the firewall rule. To configure the Destination IP range, click the field and a new window will pop up to enter the IP address and range. An IP address of 0.0.0.0 indicates all IP addresses.
LAN, and enable changes to be made to the network infrastructure without physically disconnecting network equipment. The WS 2000 Wireless Switch supports assigning one VLAN ID to each of the configured subnets. To configure one or more VLAN, select Configuration screen will appear.
Page 44
4. Enter the VLAN ID value for each subnet. The value must be between 1 and 31. The WS 2000 Wireless Switch only supports VLANs numbered between 1 and 31 in user-based VLANs. If your network uses a VLAN number higher than 31, you will not be able to use VLAN trunking with this switch.
This interface is DHCP Client required when: • The host router or switch on the WAN is communicating with the WS 2000 Wireless Switch using DHCP. • The switch is interfacing with an Internet Service Provider (ISP) that uses DHCP addressing.
IP addresses of the form xxx.xxx.xxx.xxx. • The IP Address refers to the IP address that the outside world will use to address the WS 2000 Wireless Switch. • Click the More IP Addresses addresses are required when users within the LAN need dedicated IP addresses, or when servers in the LAN need to be accessed (addressed) by the outside world.
WS 2000 Wireless Switch System Reference Guide Configuring the WS 2000 Firewall The WS 2000 Wireless Switch provides a secure firewall/Network Address Translation (NAT) solution for the WAN uplink. The firewall includes a proprietary CyberDefense Engine to protect internal networks from known Internet attacks. It also provides additional protection by performing source routing, IP unaligned timestamp, and sequence number prediction.
Page 49
• Blocking these types of attacks would also block legitimate traffic on their network (although this scenario is highly unlikely. SYN Flood Attack Check Source Routing Check Winnuke Attack Check FTP Bounce Attack Check IP Unaligned Timestamp Check Sequence Number Prediction Check Mime Flood Attack Check Click the...
Content filtering allows system administrators to block specific commands and URL extensions from going out through the WS 2000 switch’s WAN port. This feature allows blocking up to 10 files or URL extensions and allows blocking of specific outbound HTTP, SMTP, and FTP requests.
QUIT (Quit) This command tells the receiver to respond with an OK reply and then terminate communica- tion with the sender. SEND (Send) This command initiates a mail transaction where mail is sent to one or more remote termi- nals. SAML (Send and Mail) This command initiates a mail transaction where mail data is sent to one or more local mailboxes and remote terminals.
Page 52
WS 2000 Wireless Switch System Reference Guide This screen displays the IP addresses specified in the WAN screen menu). Up to eight WAN addresses can be associated with the switch. The NAT screen enables the administrator to set of the type of translation and port forwarding required.
Page 53
5. Click the Port Forwarding button to display a sub-screen of port forwarding parameters for inbound traffic from the associated WAN IP address. When finished, click the 6. Click to add a new port forwarding entry and fill in the following fields. Name Enter a name for the service that is being forwarded.
4-10 WS 2000 Wireless Switch System Reference Guide Configuring Static Routes A router uses routing tables and protocols to forward data packets from one network to another. The switch’s router manages traffic within the switch’s network, and directs traffic from the WAN to destinations on the switch-managed LAN. The WS 2000 Network Management System provides the Router screen to view and set the router’s connected routes.
5. Click the Apply button to save changes. Setting the RIP Configuration Routing Information Protocol (RIP) is an interior gateway protocol that specifies how routers exchange routing-table information. The Routing screen also allows the administrator to select the type of RIP and the type of RIP authentication used by the switch.
• Authentication (with password authentication or digital signatures) ensures the identity of all communicating parties. A diagram of a typical VPN situation is shown below, where there is a VPN tunnel created between two WS 2000 switches across the WAN. The diagram shows the settings for both switches.
Page 57
WAN Configuration 4-13 The WS 2000 Network Switch provides VPN technology with a variety of security and setup options. Select Network Configuration --> --> from the left menu to create a VPN tunnel.
5. Specify the IP address for the 6. Specify the IP address for the Setting Up VPN Security The WS 2000 Wireless Switch provides several different options for VPN security, all based upon encryption key exchange: Manual Key Exchange access.
Internet Key Exchange (IKE) remote host or network access. IKE provides an automatic means of negotiation and authentication for communication between two or more parties. IKE manages IPSec keys automatically for the parties. Each of these options requires some configuration, as described below. Configuring Manual Key Exchange 1.
Page 60
4-16 WS 2000 Wireless Switch System Reference Guide 6. Select the ESP Type from the menu. None Disables ESP and the rest of the fields in this area will not be active. Enables Encapsulating Security Payload encryption for this tunnel.
Setting Up Automatic Key Exchange 1. Select the Auto (IKE) Key Exchange 2. Click the Automatic Key Exchange scheme and the following screen appears. 3. Forward secrecy is a key-establishment protocol that guarantees that the discovery of a session key or a long-term private key will not compromise the keys of any other sessions.
4-18 WS 2000 Wireless Switch System Reference Guide 8. If ESP with Authentication the ESP Authentication Algorithm menu. Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal) authenti- cation keys. SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal) keys.
Page 63
4. Select the type of ID to be used for the WS 2000 end of the tunnel from the Select this option if the local ID type is the IP address specified as part of the tunnel. FQDN Select this item if the local ID type is a fully qualified domain name (such as sj.symbol.com). The set- ting for this field does not have to be fully qualified, it just must match the setting of the field for the Certificate Authority.
4-20 WS 2000 Wireless Switch System Reference Guide 12. Select the Diffie-Hellman Group secret key over an insecure medium without any prior secrets. Two algorithms exist, one 768-bit and one 1024-bit algorithm. Group 1 - 768 bit Group 2 - 1024 bit 13.
Page 65
Clients, however, might need extra routing information to tell them to use the WS 2000 switch as the gateway to reach the remote subnet. This is only required if the clients are not using the WS 2000 switch as their default gateway.
Page 66
As a workaround, you can point the WS 2000 switch’s WAN default gateway to be the other VPN gateway, and vice- versa.
Page 67
WAN Configuration 4-23 2. Pinging the internal gateway address of the remote subnet should run the ping through the tunnel as well. Allowing you to test even if there are no clients on the remote end. 3. Verify that your WAN IP address is not DHCP. VPN requires a static WAN IP address to work.
Page 68
4-24 WS 2000 Wireless Switch System Reference Guide...
Page 70
WS 2000 Wireless Switch System Reference Guide Setting Up Port Authentication for AP 300 Access Ports......... .5-24 Rogue Access Port Detection .
Enabling Wireless LANs (WLANs) The WS 2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable one, two, or three wireless LANs (WLANs).
WS 2000 Wireless Switch System Reference Guide The current settings for the associated Subnet and adopted Access Ports are also displayed on this screen; however, the screen associated with each WLAN (under adopting Access Ports can be modified. Access Port Adoption Use this list to adopt detected Access Ports and to assign them to a particular WLAN.
Rename the WLAN in this field, if desired. Character spaces are allowed. This change affects several other screens and the interface will also change the name in the left menu tree. Symbol Technologies recommends the use of descriptive names for WLANs.
Configuring Wireless LAN Security The WS 2000 Wireless Switch allows the administrator to set the type and level of security for each WLAN. These security measures do not control communications from the WAN; instead, they control communication from the clients within the WLAN.
Configuring 802.1x EAP Authentication The IEEE 802.1x is an authentication standard that ties EAP to both wired and wireless LAN applications. EAP provides effective authentication with or without IEEE 802.1x Wired Equivalent Privacy (WEP) encryption, or with no encryption at all. EAP supports multiple authentication measures.
WS 2000 Wireless Switch System Reference Guide 7. In the Period field, set the EAP reauthentication period to match the appropriate level of security. A shorter time interval (~30 seconds or longer) provides tighter security on this WLAN’s wireless connections. A longer interval (5000-9999 seconds) relaxes security on wireless connections.
Sender and receiver employ the same encryption/decryption method. The WS 2000 Wireless Switch provides four methods for data encryption: WEP, KeyGuard, WPA-TKIP, and WPA2-CCMP (802.11i). The WPA-TKIP and KeyGuard methods use WEP 104-bit key encryption. WPA-TKIP offers the highest level of security among the encryption methods available with the switch.
5-10 WS 2000 Wireless Switch System Reference Guide The WEP 128 encryption mode allows devices using 104-bit key and devices using 40-bit keys to talk to each other using 40-bit keys, if the 104-bit devices permit this option. 1. Choose between the WEP 64 (40-bit key) 2.
4. Specify a time period in seconds for broadcasting encryption-key changes to mobile units. Set key broadcasts to a shorter time interval (at least 300 seconds) for tighter security on this WLAN’s wireless connections. Set key broadcasts to a longer time interval (at most, 80,000 seconds) to relax security on wireless connections. A Pre-Shared Key (PSK) is an Internet Protocol security (IPSec) technology that uses a shared, secret key for authentication in IPSec policy.
Enabling Access Port to carry out an 802.1x authentication with another Access Port before it roams over to it. The WS 2000 switch will cache the keying information of the client until it roams to the new Access Port. This enables the roaming the client to start sending and receiving data sooner by not having to do 802.1x authentication after it roams.
Configuring Access Ports The WS 2000 Wireless Switch automatically detects Access Ports when they are attached to one of the switch’s LAN ports. When the switch starts communication with an Access Port that can be adopted by the switch, it uploads the firmware appropriate for the Access Port.
Page 82
System Settings screen and upon settings in the Access Port Default Settings screen for the radio type. The WS 2000 Wireless Switch GUI also allows the administrator to refine the basic Access Port configuration that is set at the point of detection. To examine or change that information: 1.
Page 83
The following screen is displayed with the settings for the selected Access Port. 3. From this screen, the administrator can change several pieces of information about each Access Port. Name Administrators can change the names of the Access Ports from Access Port# to something much more descriptive, so that they can easily identify which Access Port is being referenced in the various screens and in the left menu.
Setting Default Access Port Settings The WS 2000 Network Switch can support up to six Access Port. These Access Ports can be either a 802.11a or 802.11b radio type. When an Access Port associates with the wireless switch, the initial settings for that Access Port are taken from the Default Access Port Setting for the appropriate radio type.
Page 85
Power Level Select a power level from the communications between the Access Port and the MUs. Set a higher power level to ensure RF coverage in WLAN environments that have more electromagnetic interference or greater distances between the Access Port and mobile units (MUs). Decrease the power level according to the proximity of other Access Ports.
Page 86
5-18 WS 2000 Wireless Switch System Reference Guide Set Rates Click the the default 802.11b/g Access Ports can be set. A list of available Basic and Supported rates for the radio are listed in two columns with checkboxes next to each rate. Selecting a rate as a Basic Rate...
Click the Apply button to save changes. Advanced Access Port Settings The WS 2000 Wireless Switch GUI allows the administrator to configure the Access Port settings. To examine or change that information: 1. Select Network Configuration the menu item. The detected Access Ports will be listed under the menu item.
5-20 WS 2000 Wireless Switch System Reference Guide 2. Select the Access Port to examine or modify. When the Access Port Name menu item is selected, the following screen will appear: The advanced Access Port settings are found at the bottom and right of the screen. For most installations, the default settings for the advanced settings are appropriate.
Antenna Settings Internal/External Specify whether the Access Port has internal antenna or external antenna. Depending on the Antenna antenna type selected certain options in the Antenna Diversity Use the drop-down menu to configure the Antenna Diversity settings for Access Ports that use external antennas.
Setting the Bandwidth Share Mode First, specify how the networking resources will be shared. The Bandwidth Share Mode provides three allocation options: Packets are served on a first-come-first-served basis. If this option is selected, the information in the Round Robin Bandwidth is equally shared among all active WLANs.
Setting Up Port Authentication for AP 300 Access Ports 802.1x port authentication is used to provide security and authentication for all wired clients on a WLAN. The WS 2000 Wireless Switch supports 802.1x port authentication for the AP 300 Access Ports connected to it. It uses a username and password for all ports that can be configured from the wireless switch.
To set up Port Authentication for all adopted AP 300 Access Ports: 1. In the Username field, specify a 802.1x username for all AP 300 Access Ports adopted by the switch. To use the default username click the <- Default 2.
Setting Up the Detection Method The WS 2000 Wireless Switch provides three methods for detecting rogue Access Points (APs). Use the top part of the Rogue AP Detection screen to set the method or methods that the switch will use to detect rogue APs.
Defining and Maintaining Approved AP List Rules The lower half of the Rogue AP Detection screen specifies rules that determine whether a detected AP can be approved or not. Each entry in the table works as an AP evaluation rule. You can specify a particular MAC address or a particular ESSID, or you can indicate that any MAC address or ESSID will work.
Page 96
5-28 WS 2000 Wireless Switch System Reference Guide The Approved AP List Each row of this table represents an approved AP that the switch has found. For each AP, both the MAC and the ESSID for the AP are listed. Use this portion of the screen to change the age out time or to add a rule to the rule list for a particular AP: 1.
Page 97
1. Enter a number in the Rogue Entries Age Out Time be removed from the rogue list and reevaluated. A zero (0) in this field indicates that an AP can stay on the list permanently. 2. Click the Add to Approved AP Rule List Rogue AP Detection screen.
5-30 WS 2000 Wireless Switch System Reference Guide The WS 2000 Wireless Switch only reports rogue APs. It is up to the administrator to change security settings or disrupt the rogue AP’s connection. Setting SNMP Traps for Rogue APs It is also possible to set a trap for a rogue AP.
Page 99
Administrator and User Access Configuring Administrator Access ............6-2 Selecting the Type of Admin Access .
Selecting the Type of Admin Access The WS 2000 Network Management System runs from a standard Web browser. Any individual on an enabled subnet or over the WAN can access the log screen by specifying one of the IP addresses associated with the user interface. The WS 2000 Access screen allows the administrator to restrict access from different locations.
If all the checkboxes in this section are disabled, the administrator will not be able to access the switch through the WS 2000 Management System user interface. The only access available is through a direct serial cable connection from a PC. All commands are given using the command line interface.
Configuring User Authentication The WS 2000 Wireless Switch provides an integrated RADIUS server as well as the ability to work with external RADIUS and LDAP servers to provide user database information and user authentication. Several screens are available to configure the how the RADIUS server authentication works as well as set up the local user database and access policies.
Configuring the RADIUS Server The WS 2000 Wireless Switch provides an integrated RADIUS server as well as the ability to work with external RADIUS and LDAP servers to provide user database information and authentication. The RADIUS Server page allows the admin to set up data sources, as well as specify authentication information for the built-in RADIUS server.
WS 2000 Wireless Switch System Reference Guide 4. If you have a server certificate from a CA and wish to use it on the RADIUS server, select it from this pull-down menu. Only certificates imported to the switch will be available in the menu. To create a server certificate, select the...
Setting Up a Proxy RADIUS Server The WS 2000 Wireless Switch provides the capability to proxy authentication requests to a remote RADIUS server based upon the suffix of the user ID (such as myisp.com or company.com). Select Proxy to go to the RADIUS Proxy Configuration screen is where the definitions of proxies are made.
Page 106
WS 2000 Wireless Switch System Reference Guide Up to 10 proxy servers are supported. 1. Enter a value between 3 and 6 in the proxy server before giving up. 2. Enter a value between 5 and 10 in the switch to time out on a request to a proxy server.
Managing the Local User Database The User Database screen is used to create users and groups for the local RADIUS server. This database is used when is selected as the Data Source is used for user authentication. Select Each user that is created is assigned their own password and is associated with one or more groups. Each group can be configured for its own access policy on the Access Policy configuration screen under the RADIUS Server menu.
6-10 WS 2000 Wireless Switch System Reference Guide 3. Click the Password cell. A small window will appear. Enter a password for the user and then click User Database screen. 4. Click the List of Groups belong to at least one group for the user to have access to the switch.
The WS 2000 Management System provides the means to import and maintain a set of CA certificates to be used as an authentication option for VPN access. To use the certificate for a VPN tunnel, define a tunnel and select the IKE settings to use either RSA or DES certificates.
6-12 WS 2000 Wireless Switch System Reference Guide 2. Copy the content of the CA Certificate message and then click will appear in the Import Root CA Certificate 3. Click the Import Root CA Certificate 4. Once in the list, select the certificate ID from the the issuer name, subject, serial number, and data that the certificate expires.
Page 111
1. To create the certificate request, click the Request screen appears. 2. Fill out the request form with the pertinent information. Only 4 fields are required: Key ID Enter a name for the certificate to help distinguish between certificates. The name can be up to 7 characters in length.
Page 112
Enter the domain name to associate with the certificate. This field is often required by the CA. IP Address Enter the WAN IP of the WS 2000 Wireless Switch. Check with your CA to determine whether this information is necessary. Often it can be omitted if either the email or domain name information is provided.
Page 113
Changing the Location and Country Settings of the WS 2000 .......
Page 114
WS 2000 Wireless Switch System Reference Guide Setting Up and Viewing the System Log ............7-28 Viewing the Log on the Switch .
Overview of Administration Support The WS 2000 Network Management System provides several screens for administering the switch and monitoring activity on the switch. From the interface the administrator can: • Change the general system settings, such as the name of the switch and the location of the switch •...
Changing the Name of the Switch When the administrator first logs into the WS 2000 Network Management System, the System Settings screen appears. One of the fields in this screen is the System Name field. In this field, the administrator can specify the name of the switch.
Page 117
Switch Administration 7-5 1. Select System Configuration --> System Settings from the left menu. 2. Type in a description of the physical location of the switch within your facility into the Location field. 3. Find the Country field and use the drop down menu to select the correct country from the list. 4.
The WS 2000 Wireless Switch supports redundancy between two WS 2000 Wireless Switches, allowing a standby switch to take over if the primary switch stop responding. Use the WS 2000 Redundancy Settings to configure the Operational State and Redundancy Mode for the switch.
To see the Operational Mode status for switch redundancy, look at the bottom of the Redundancy screen. Updating the WS 2000 Wireless Switch’s Firmware From time to time, Symbol will release updates to the WS 2000 Wireless Switch’s firmware. These updates will include: • Information about how to communicate with newly released Access Ports •...
3. Go to the web site http://www.symbol.com/services/downloads/ and select the link to the WS 2000 Wireless Switch. 4. Compare the WS 2000 Version with the most recent version listed on the site. All updates will be listed along with a description of what the update contains.
Exporting and Importing Wireless Switch Settings All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file and then either imported back into the same switch or transferred to another switch. This file-based configuration saving feature provides several benefits: •...
7-10 WS 2000 Wireless Switch System Reference Guide Select System Configuration settings. To Import or Export Settings to an FTP or TFTP Site Use the following procedure for exporting the switch’s configuration settings. 1. Specify the name of the log 2.
Sample Configuration File All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file and then either imported back into the same switch or transferred to another switch. Below is a sample configuration file that has been annotated using comment lines. All comment lines begin with // and are blue in color.
Page 124
7-12 WS 2000 Wireless Switch System Reference Guide set fw file mf.bin set fw path \0 system logs // Logs menu set mode disable set level L6 set ipadr 0.0.0.0 system // NTP menu set mode disable set server 1 0.0.0.0 set server 2 0.0.0.0...
Page 125
Switch Administration 7-13 // SNMP v1/v2c trap configuration delete v1v2c all // SNMP v3 trap configuration delete v3 all network wlan // WLAN 1 configuration set mode 1 enable set ess 1 101 set enc 1 none set auth 1 none set wep-mcm index 1 1 set wep-mcm enc-key 1 1 c2767fe55c0a564f90f50a3989 set wep-mcm enc-key 1 2 f2464fd56c3a667fa0c53a09b9...
Page 126
7-14 WS 2000 Wireless Switch System Reference Guide // WLAN 2 configuration set mode 2 disable set ess 2 102 set enc 2 none set auth 2 none set wep-mcm index 2 1 set wep-mcm enc-key 2 1 c2767fe55c0a564f90f50a3989 set wep-mcm enc-key 2 2 f2464fd56c3a667fa0c53a09b9...
Page 127
Switch Administration 7-15 set kerb enc-passwd 3 8e57 set kerb realm 3 \0 set kerb server 3 1 0.0.0.0 set kerb server 3 2 0.0.0.0 set kerb server 3 3 0.0.0.0 set kerb port 3 1 88 set kerb port 3 2 88 set kerb port 3 3 88 set eap server 3 1 0.0.0.0 set eap server 3 2 0.0.0.0...
Page 128
7-16 WS 2000 Wireless Switch System Reference Guide set rts B 2341 set dtim B 10 set short-pre B enable // Access Port configuration network delete 1 all delete 2 all delete 3 all network // LAN configuration set mode 1 enable set name 1 Subnet1 set ipadr 1 192.168.0.1...
Page 129
Switch Administration 7-17 set lease 2 86400 set range 2 192.168.1.100 192.168.1.254 set mode 3 server set dgw 3 192.168.2.1 set dns 3 1 192.168.2.1 set dns 3 2 192.168.2.1 set lease 3 86400 set range 3 192.168.2.100 192.168.2.254 delete 1 all delete 2 all delete 3 all network...
Page 130
7-18 WS 2000 Wireless Switch System Reference Guide network // NAT configuration set type 1 1-to-many set outb ip 1 0.0.0.0 set inb mode 1 disable set inb ip 1 0.0.0.0 set type 2 none set outb ip 2 0.0.0.0 set inb mode 2 disable set inb ip 2 0.0.0.0...
SNMP allows an administrator to manage network performance, find and solve network problems, and plan for network growth. The WS 2000 Wireless Switch includes SNMP management functions for gathering information from its network components, and communicating that information to specific users. For more background about SNMP, see SNMP Management Support.
7-20 WS 2000 Wireless Switch System Reference Guide Select System Configuration Setting the SNMP Version Configuration The SNMP Access screen allows the administrator to define SNMP v1/v2c community definitions and SNMP v3 user definitions. SNMP v1 and v2c provide a strong network management system, but their security is relatively weak. SNMP v3 provides greatly enhanced security protocols.
5. Follow the directions for Setting up the Access Control List (below). Setting Up SNMP v3 Community Definitions Setting up the v3 user definition is very similar to the v1/v2c community definitions. The difference is the addition of a user security level and a user password.
7-22 WS 2000 Wireless Switch System Reference Guide 1. Click the button to create a new entry in the Access Control table. 2. Specify the IP address for the user(s) that have access. Enter an IP address only in the column to specify an address for a single SNMP user.
5. Select the appropriate SNMP Version (v1 or v2) 6. Click the Apply button to save the entries. Setting the Trap Configuration for SNMP V3 To set the trap notification destination for the SNMP v3 servers, add one or more entries to SNMP v3 Trap Configuration table.
Page 136
The Compact Flash card in the system falls below the amount specified. The status changes for one of the ports on the front of the WS 2000, such as if a device is plugged into or unplugged from the switch, or if the link is lost between the switch and the connected device.
Page 137
Trap Trap Name Category MU unassociated MU denied association MU denied authentication AP Traps AP adopted AP unadopted AP denied adoption AP detected radar (802.11a only) Rogue AP 3. Click the Apply button to save the trap settings. 4. It is necessary to tell the switch where to send the notifications. Make sure to set the trap configuration to indicate where to send the notifications.
7-26 WS 2000 Wireless Switch System Reference Guide Setting Rate Traps A screen is also available to specify traps caused when certain rates of activities either exceed or drop below a specified threshold. To set rate traps, select 1. Select the threshold type for which you want a rate trap, such as Pkts/sec.
2. To enable time service on the switch, check the steps below. NTP Servers from the left menu to enable NTP. The NTP Server screen appars. Enable NTP on WS 2000 Switch Administration 7-27 Refresh checkbox and continue with the rest of the...
Setting Up and Viewing the System Log The WS 2000 Network Management System keeps a log of the events that happen on the switch. The switch has a modest of amount of memory to store events. If the administrator wishes to keep a more complete event history, the administrator needs to enable a log server.
Setting Up a Log Server To keep a complete history of the events that are logged by the switch, the administrator needs to set up an external system log on a server. The server listens for incoming switch-generated syslog messages on a UDP port (514 by default), and then decodes the messages into a log file appropriate for viewing and printing.
Page 142
7-30 WS 2000 Wireless Switch System Reference Guide...
Page 143
WAN Statistics................8-2 Subnet Statistics .
WS 2000 Wireless Switch System Reference Guide WAN Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for the Wide Area Network (WAN) port.
The total number of TCP/IP data carrier errors received Subnet Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for each of the subnets. Selecting Status &...
Page 146
WS 2000 Wireless Switch System Reference Guide Information portion of the Subnet Stats screen displays general information about the subnet. • The HW address is the Media Access Control (MAC) address of the switch’s WAN port, which is set at the factory.
Transmitted Field Description TX Errors The total number of errors including dropped data packets, buffer overruns, and carrier errors that fail on outbound traffic TX Dropped The number of data packets that fail to get sent from the subnet TX Overruns The total number of buffer overruns (when packets are sent faster than the subnet can handle them) The total number of TCP/IP data carrier errors received TX Carrier...
WS 2000 Wireless Switch System Reference Guide Wireless LAN Statistics The WS 2000 Network Management System provides screens that display information about all of the switch’s wireless operations as well as information for each enabled wireless LAN (WLAN). Both screens are described in this section.
In the lower section of the screen, the Total pkts per second Displays the average number of RF packets sent per second across all active WLANs on the wireless switch. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
WS 2000 Wireless Switch System Reference Guide General WLAN Information Information Section ESSID Displays the Extended Service Set Identification name that users will see when accessing the WLAN. Subnet Displays the name of the subnet to which this WLAN is associated.
Access Port Statistics The WS 2000 Network Management System provides two screens, one that displays summary information for all associated assess ports, and one that displays real-time statistics about the activity for each Access Port and its associated units.
8-10 WS 2000 Wireless Switch System Reference Guide Each Access Port associated with the switch is listed in the AP Summary area. For each AP, the following information is provided. Field Description Displays the IP address of the Access Port.
General Access Port Information Information Section HW Address The Media Access Control (MAC) address of the Access Port. This value is typically set at the factory and can be found on the bottom of the Access Port. Placement Lists whether the Access Port is placed indoors or outdoors. This is determined by the place- ment setting in the Access Port configuration screen in the Network Configuration section.
Page 154
8-12 WS 2000 Wireless Switch System Reference Guide RF Status Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected Access Port. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
Mobile Unit (MU) Statistics Each Access Port can have up to 32 associated mobile units. These units are listed in the Mobile Unit Access Control List of the WLAN Security screen (Network Configuration To see a summary of the associated mobile units and general information about each unit, select Stats.
However, administrators often want to see the trends of the activity on the LAN. To aid with that project, the WS 2000 Wireless Switch enables the administrator to view the statics in a graphical format that is constantly updated.
Page 157
Throughput If selected, the switch will monitor the switches throughput. Select one or more of the different throughput values to monitor: total throughput, transmission received, transmitted throughput or the average bit speed. If selected, information about packets per second will be graphed for the selected member. Select one or more of the three values to monitor: total packets per second, received packets, and transmitted packets.
Page 158
8-16 WS 2000 Wireless Switch System Reference Guide...
Page 159
Testing Connections..............9-32 WS 2000 Use Cases...
Page 160
WS 2000 Wireless Switch System Reference Guide Field Office Use Case ..............9-33 A Field Office Example .
But management wants to be absolutely certain that users of the cafe net cannot get access to the store computers or POS terminals. The WS 2000 allows the administrator to restrict access from one subnet to another, so Clarisa will create a subnet that is just for WLAN #3, and then restrict access from that subnet to the other subnets.
There are also some conventional, 100baseT wired devices to consider. There is the store server and two wired POS terminals. Clarisa will put all of these on the 100baseT ports on the WS 2000. To keep things simple, Clarisa decides to define one subnet for each WLAN and assign one Access Port to each WLAN. The wired devices will be part of the POS subnet.
192.168.0.1, the WS 2000’s IP address. Clarisa starts her web browser and enters “http://192.168.0.1/” as the URL. The WS 2000 sends a login page to her browser. She logs in using “admin” for the username and “symbol“ as the password. The system immediately asks her to change the password to something else.
Setting Access Control In the WS 2000 Access screen, Clarisa controls which network interfaces can be used to reconfigure the WS 2000 switch. She is currently using HTTP access on port 80 over the LAN, so she leaves that on. She may also want to make changes using the Command Line Interface (CLI), so she leaves on local CLI access.
For the devices, she plans to use IP numbers from the range 192.168.*.*, because IP addresses in that range are designated for internal use only. She will assign them as follows: Subnet IP Address Range 192.168.0.*** POS subnet 192.168.1.*** Printer subnet 192.168.2.*** Cafe subnet WS 2000 Use Cases 9-7 Network...
WS 2000 Wireless Switch System Reference Guide And for each subnet: 192.168.**.1 192.168.**.2 to 192.168.**.10 192.168.**.11 to 192.168.**.254 WIth this plan, she can begin to configure the individual subnets Configuring POS Subnet Clarisa selects the first subnet from the LAN menu items in the left menu.
WS 2000 Use Cases 9-9 Default Gateway is already set to the subnet address. This is the IP address to which the DHCP clients on this subnet will forward their outbound traffic. Clarisa fills in the DNS Server addresses, which corporate has specified. This will also be supplied to the DHCP clients.
Page 168
9-10 WS 2000 Wireless Switch System Reference Guide After the Address Assignment Range is entered, Clarisa clicks Advanced DHCP Server.
WS 2000 Use Cases 9-11 Clarisa enters the DNS server IP addresses and leaves the Default Gateway DHCP Lease Time at their defaults. She clicks in the Advanced DHCP Server window and then Apply in the Subnet window to save her changes.
Page 170
9-12 WS 2000 Wireless Switch System Reference Guide Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects the cafe patrons to come and go frequently, so she reduces the...
WS 2000 Use Cases 9-13 Clarisa clicks the button in the Advanced DHCP Server window, then on the Apply button in the subnet screen to save her choices. The subnets are now configured. Next Clarisa configures the WAN interface. Configuring the WAN Interface Now Clarisa selects the WAN node in the left menu.
9-14 WS 2000 Wireless Switch System Reference Guide If corporate had not paid their ISP for a static IP address for each store, she would have selected the DHCP Client option and the WAN configuration information would have been assigned by the ISP each time they connected to the Internet.
Page 173
WS 2000 Use Cases 9-15 After she makes this selection a new button appears, labelled “1 to Many Mappings”. She selects the “1 to Many Mappings“ button. If Clarisa had more than one static IP address, she would have been able to assign several to the WAN interface. This screen would be used to choose how the internal IP addresses on each subnet translated into the selection of external IP addresses.
Configuring the Access Ports So far, Clarisa has been operating with the WS 2000 connected only to her laptop. To configure the Access Ports, she will need to connect them to the switch. She plans to use switch ports as follows:...
WS 2000 Use Cases 9-17 Setting Access Port Defaults The WS 2000 allows the user to specify the default settings for Access Ports. Clarisa expands the Access Ports node in the left menu and selects the 802.11b Defaults node. Clarisa has only 802.11b Access Ports.
9-18 WS 2000 Wireless Switch System Reference Guide Naming the POS Access Port Having specified the general Access Port defaults, Clarisa goes on to name and configure the Access Port for the POS WLAN. She selects the first Access Port in the left menu.
WS 2000 Use Cases 9-19 Configuring the Printer Access Port Clarisa configures the Printer Access Port in a similar way. She give it the name “Printer AP“ and a location description. She assigns channel 6 to this Access Port, avoiding contention with the POS AP and the Cafe AP.
9-20 WS 2000 Wireless Switch System Reference Guide Configuring the Cafe Access Port Finally, she names the third Access Port Preamble is not selected. There are two preambles in use in the wireless world, an older, longer one and a newer, shorter one.
WS 2000 Use Cases 9-21 Associating the Access Ports to the WLANs Now Clarisa selects the Wireless item in the left menu. This screen indicates which Access Ports are associated with which WLANs. First Clarisa looks in the Summary section of the screen to determine that all three WLANs are enabled.
She selects the third WLAN. This is the WLAN which she plans to use for the cafe WLAN. The WLAN name is used with in the WS 2000 configuration screens to make the interface easier to navigate. She names this WLAN from “WLAN3” to “Cafe”. She also gives it an ESSID of “CCC-Cafe”. The ESSID is broadcast to the users and will be what the cafe users see when they select a wireless network on their laptops.
Page 181
WS 2000 Use Cases 9-23 Clarisa goes to the left menu and clicks the button to the left of the Cafe WLAN node. A menu item labeled “Cafe Security” is displayed and Clarisa selects it. She confirms that the Cafe Security screen shows that no authentication and no encryption methods.
9-24 WS 2000 Wireless Switch System Reference Guide Configuring the Printer WLAN For the printer WLAN, Clarisa makes the following selections: Name ESSID Subnet Disallow MU to MU Communication Use Voice Prioritization Answer Broadcast ESS The wireless printers will never need to communicate with each other directly. MU-to-MU communications can be safely disallowed.
Page 183
WS 2000 Use Cases 9-25 Clarisa clicks the to the left of the Printer WLAN menu item and selects the Printer Security item. In the screen that displays, Clarisa selects no authentication. She enters the MAC numbers of the wireless printers in the Mobile Access Control section.
9-26 WS 2000 Wireless Switch System Reference Guide She clicks the button to confirm the WEP key selections, then the Configuring the POS WLAN For the POS WLAN, she makes the following choices: Name ESSID Subnet Disallow MU to MU Communication...
Page 185
WS 2000 Use Cases 9-27 Clarisa then clicks the “+” to the left of the POS WLAN in the left menu and selects Security. In that screen, she selects 802.1x EAP for authentication. This will allow her to use the corporate RADIUS server for user authentication.
Page 186
9-28 WS 2000 Wireless Switch System Reference Guide She clicks the button in the 802.1x-EAP configuration window. She then clicks the WPA-TKIP Settings button in the security screen. TKIP encryption protocol calls for keys between two specific nodes to change with every packet. However, there is no standard with respect to how often one should change keys for broadcast packets.
WS 2000 Use Cases 9-29 With this, Clarisa has finished configuring the basic WLAN configuration and the WLAN security. She clicks the button in the WPA-TKIP window and then the Apply button in the WLAN security screen. Configuring Subnet Access Clarisa wants the two internal subnets to have complete access to one another, but she wants the Cafe subnet to have access only to the WAN.
Page 188
9-30 WS 2000 Wireless Switch System Reference Guide To set the subnet access for a pair of subnets, she clicks the square for traffic from one subnet to another and then uses the detail section, which appears below, to determine the rules for traffic between those two subnets.
The remaining tasks are to test the network and to put the Access Ports in their permanent locations. Apply button to save her changes. Subnet Mask Gateway 255.255.255.0 192.168.0.1 255.255.255.0 192.168.0.1 255.255.255.0 192.168.0.1 Wireless channel Authentication 802.1x EAP 802.1x EAP None WS 2000 Use Cases 9-31 WS 2000 Port Encryption WPA-TKIP WPA-TKIP...
After she is confident that everything is working, she moves the Access Ports to their permanent locations. She connects the WS 2000 to the DSL modem. Finally, she tests the connection from each subnet to the WAN. The store network is now complete.
Leo needs to establish secure communication with from the engineering subnet to this expansion office. The other office will also have a WS 2000, so Leo will establish a direct VPN link to that WS 2000 and use the VPN as the secure communication link.
9-34 WS 2000 Wireless Switch System Reference Guide To keep things simple, he will define one subnet for the administration users, one subnet for the sales and marketing users, and one subnet for the engineers. Each subnet will have one WLAN associated with it and one Access Port. The only exception is the engineering subnet, which will have one WLAN and two Access Ports.
Page 193
WS 2000 Use Cases 9-35 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address. Leo launches his web browser and enters “http://192.168.0.1/” as the URL. He logs in using admin for the username and...
Page 194
9-36 WS 2000 Wireless Switch System Reference Guide As soon as he logs in, the WS 2000 asks him to set the password. He sets the administration password to something relatively secure. He presses Update Password Now to record his selection.
Leo sets the location to United States - The system name is used to distinguish between WS 2000 switches for remote configuration. Leo gives the switch a descriptive name, Atlanta1.
CompactFlash card slot. So, he turns Leo clicks on the Apply button in the WS 2000 Access screen to save his changes. node in the left menu. This controls which subnet can be used to reconfigure the WS AirBEAM Access...
WS 2000 Use Cases 9-39 Configuring the LAN Leo clicks the toggle to the left of Network Configuration in the left menu. The tree expands and he selects the item. This screen shows the subnets, their IP addresses, and the network interfaces (the 10/100BaseT ports and the WLANs) that are currently associated with each subnet.
Subnet1 from the choices under the LAN heading. He enters a new name for the subnet, Eng-SN, to make it easier to recognize this subnet throughout the WS 2000 interface. He also selects the option This interface is a DHCP IP addresses from the Address Assignment Range and assign them to network clients on this subnet, as needed.
Page 199
WS 2000 Use Cases 9-41 WINS Server field is designed to supply the Windows Network Server IP address to any DHCP clients that request it. Leo supplies the IP number for the local WINS server. Domain Name field will be supplied to any DHCP clients that request it. Leo enters his company’s domain name.
9-42 WS 2000 Wireless Switch System Reference Guide Configuring the Sales Subnet The sales and marketing subnet is configured exactly the same way as the engineering subnet, though with a different name and a different IP address range. Leo selects the Advanced DHCP Server button and follows the same procedures as he did for the engineering subnet. Leo...
The next step is to configure the WAN interface. Configuring the WAN Interface Next Leo configures the WS 2000 WAN interface. This interface connects the WS 2000 switch to the VPN appliance and, through that appliance, to the Internet. Leo enables the WAN interface, but leaves the DHCP Client option disabled. Instead of using DHCP to get address information for the switch, he enters the permanent information which he previously obtained from the corporate network administrator.
Page 202
9-44 WS 2000 Wireless Switch System Reference Guide Leo has three addresses for this switch. He plans to use one address for the traffic from each of the subnets. He clicks the More IP Addresses button and enters the other two IP addresses:...
IP addresses. Leo chooses of each IP number. As he does so, a Outbound Mappings column. item. The WS 2000 displays the three IP addresses he entered when configuring the 1 to Many 1 to Many Mappings...
Page 204
9-46 WS 2000 Wireless Switch System Reference Guide Leo clicks any of the NAT Ranges button to the right of the IP addresses. The 1 to Many Outbound Mappings window displays. Leo uses the pull-down menu to set the outbound IP address for each subnet. These are the same as the inbound IP addresses that he specified in the WAN configuration screen.
Sales and marketing area 00:A0:F8:BB:FC:97 Administration area He marks each Access Port with its intended location and WLAN, so he will not get confused later. Firewall under WAN in the left menu. The WS 2000 displays a series of WLAN Engineering Engineering Marketing Admin.
Page 206
9-48 WS 2000 Wireless Switch System Reference Guide Leo selects the Wireless item in the left menu. He sees that only the first wireless LAN is enabled. None of the WLANs have the names he would like them to have. He clicks on the checkboxes to the left of...
EngWLAN so that subsequent screens in the WS 2000 interface will be a little easier to read. The ESSID is the identification string that his users will see, so he uses a name that will be easy for them to recognize, the string Engineering.
Page 208
9-50 WS 2000 Wireless Switch System Reference Guide In the Advanced section of the screen, the Disallow MU to MU Communications setting would keep mobile units from communicating directly with each other. Leo believes that people sometimes share files directly, laptop to laptop, instead of using the file server.
WS 2000 Use Cases 9-51 Security The next step to set security for the engineering WLAN. He selects the toggle to the left of EngWLAN in the left menu to display the EngWLAN Security item. Leo selects that item and the security screen is displayed. Leo selects 802.1x EAP...
Page 210
Settings section is grayed out for Leo. Leo does need to set the frequency with which the key for broadcast communication is changed. By default, the WS 2000 changes the broadcast every 84,600 seconds, i.e., every twenty-four hours. Breaking WEP encryption requires several hours...
Page 211
Access Port for network traffic. Under wireless client which has agreed upon a given Pairwise Master Key (PMK) with one Access Port on a given WS 2000 is allowed to use that same PMK with other Access Ports connected to the same WS 2000. Both options increase the speed of roaming under 802.1x security and Leo enables both of them.
9-54 WS 2000 Wireless Switch System Reference Guide Configuring the Access Ports The WS 2000 allows the user to specify default settings for Access Ports. Leo expands the Access Ports node in the left menu and selects the 802.11b/g Defaults in this section.
Page 213
Administration He clicks the toggle to the left of Access Ports in the left menu and selects the menu item labeled AP1. The WS 2000 has found and queried the Access Port for its MAC address. Leo enters a new name for the Access Port, Eng-AP1, and its location, Eng.
Page 214
9-56 WS 2000 Wireless Switch System Reference Guide Leo clicks the Apply button to save the configuration for this Access Port. Leo then selects the third Access Port in the left menu. This will be the sales and marketing Access Port. Leo configures it...
Page 215
WS 2000 Use Cases 9-57 Leo clicks Apply to save his changes. To avoid interference with the sales and marketing AP, Leo chooses channel 10 for the administration Access Port. He then enters the Access Port Name and Location.
Page 216
9-58 WS 2000 Wireless Switch System Reference Guide Leo clicks the Apply button to save the changes for the administration Access Port. The Access Ports are now configured. The next step is to specify access levels between the subnets.
WS 2000 Use Cases 9-59 Configuring Subnet Access Leo selects the Subnet Access item in the left menu. This screen determines what subnet-to-subnet traffic can occur. The subnet access defaults every subnet having access to every other subnet and full access to the WAN. Leo wants to restrict subnet access to that marketing has no access to the engineering subnet and no access to the administration subnet.
Page 218
9-60 WS 2000 Wireless Switch System Reference Guide Similarly, Leo restricts access from the marketing subnet to the administration subnet. Leo would also like to restrict traffic from all subnets to the WAN to just HTTP, SMTP, and POP protocols. He selects the cell...
Page 219
WS 2000 Use Cases 9-61 Similarly, he restricts the marketing and administration subnets in their access to the WAN. Leo clicks the Apply button to record his changes. The subnet access is configured. Now Leo needs to set up VPN access to the Engineering Annex and test the installation.
9-62 WS 2000 Wireless Switch System Reference Guide Configuring the VPN To configure a VPN link between WS 2000s, the following must be specified: • The subnets on each end of the VPN link (tunnel) • The authentication method for allowing a connection •...
Page 221
VPN, in this case, the Engineering subnet. The is the IP address for the interface that this WS 2000 will show to the WS 2000 on the other side of the VPN. Leo enters an unused, internal IP address, 192.168.24.198.
Page 222
9-64 WS 2000 Wireless Switch System Reference Guide Remote Subnet specifies the subnet, on the other WS 2000, to which the engineering subnet will be connected. The Remote Gateway and the Remote Subnet Mask describe the network interface on the other WS 2000 switch. After Leo...
AH Authentication protocol The AH authentication method must match on both switches and the inbound key on one WS 2000 must match the outbound key on the other. Leo selects Secure Hash Algorithm 1 character authentication keys. inbound Security Parameter Index (SPI) vice versa.
Page 224
9-66 WS 2000 Wireless Switch System Reference Guide second to connect to the sales and marketing WLAN, and the third laptop to connect to the administration WLAN. He makes sure that laptops on each WLAN can connect to the WAN and to each other.
Page 225
Command Line Interface Reference Admin and Common Commands ............10-3 Network Commands.
Page 226
10-2 WS 2000 Wireless Switch System Reference Guide Network WLAN Rogue AP Approved AP List Commands ........10-138 Network WLAN Rogue AP List Commands .
10.1 Admin and Common Commands WS2000>admin> admin Description: Displays admin configuration options. The items available under this command are shown below. Syntax: help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu stats Goes to the stats submenu.
10-4 WS 2000 Wireless Switch System Reference Guide WS2000>admin> help Description: Displays general CLI user interface help. Syntax: help Displays command line help. Example: admin>help : display command help - Eg. ?, show ?, s? <ctrl-q> : go backwards in command history <ctrl-p>...
WS2000>admin> passwd Description: Changes the password for the admin login. Syntax: passwd Changes the admin password. This requires typing the old admin password. Passwords can be up to 11 characters. Example: admin>passwd Old Admin Password:****** New Admin Password:****** Verify Admin Password:****** Command Line Interface Reference 10-5...
10-6 WS 2000 Wireless Switch System Reference Guide WS2000>admin> quit Description: Quits the command line interface. This command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI.
WS2000>admin> save Description: Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. Syntax: save Saves configuration settings. This command works at all levels of the CLI. The save command must be issued before leaving the UI for the settings to be retained.
10-8 WS 2000 Wireless Switch System Reference Guide WS2000>admin> summary Description: Displays the system summary. Syntax: summary Displays a summary of high-level characteristics and settings for the WAN, subnet, and WLAN. Example: admin>summary System Information WS2000 firmware version country code...
Page 233
enc type auth type Subnet 1 Information subnet interface ip address network mask dhcp mode default gateway ports wlans Subnet 2 Information subnet interface ip address network mask dhcp mode default gateway ports wlans Subnet 3 Information subnet interface ip address network mask dhcp mode default gateway...
Page 234
10-10 WS 2000 Wireless Switch System Reference Guide Primary WAN Information wan interface ip address network mask default gateway dhcp mode admin> : enable : 192.168.24.198 : 255.255.255.0 : 192.168.24.1 : enable...
WS2000>admin> .. Description: Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Example: admin(network.ap)>.. admin(network)>...
10-12 WS 2000 Wireless Switch System Reference Guide WS2000>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.
10.2 Network Commands WS2000>admin> network Description: Displays the network submenu. The items available under this command are shown below. Goes to the Access Port submenu. Goes to the LAN submenu. router Goes to the router submenu. vlan Goes to the VLAN submenu. Goes to the WAN submenu.
10-14 WS 2000 Wireless Switch System Reference Guide 10.3 Network AP Commands WS2000>admin(network)> ap Description: Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface. The items available under this command are shown below.
WS2000>admin(network.ap)> add Description: Adds entries to the Access Port adoption list. Performs functionality available in the Access Port Adoption List area of the Wireless screen. Syntax: Allows adoption of Access Ports with MAC addresses in the range of <mac1> to <mac2> <idx>...
10-16 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> copydefaults Description: Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).
WS2000>admin(network.ap)> delete Description: Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area. Syntax: delete Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number <idx>...
10-18 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> list Description: Displays entries in the Access Port adoption list for a specified wireless LAN. Syntax: list <idx> Lists the Access Port adoption entries for WLAN <idx> (1–4). Example: The following example shows the access port adoption list for WLAN 1.
WS2000>admin(network.ap)> reset Description: Resets an Access Port. Syntax: reset <idx> Resets the Access Port associated with index <idx>. Example: admin(network.ap)>reset ap 2 admin(network.ap)>? Command Line Interface Reference 10-19...
10-20 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> set Description: Sets Access Port parameters. Syntax: set beacon mode enable/ disable intvl <idx> ch_mode <idx> fixed/ random <idx> <mode> dtim <idx> <period> <idx> <loc> name <idx> <name> primary <idx> <widx>...
Page 245
802.1x <username> <password> detectorap <idx> enable/ disable <idx> <mac> Example: admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use...
10-22 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> show Description: Shows Access Port parameters. Syntax: show <idx> status Example: admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use...
Page 247
ap index ap status ap index ap status ap index ap status ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status admin(network.ap)>...
10-24 WS 2000 Wireless Switch System Reference Guide 10.4 Network AP Default Commands WS2000>admin(network.ap)> default Description: Displays the default Access Port (AP) submenu. The items available under this command are shown below. Sets default Access Port parameters. show Shows default Access Port parameters.
WS2000>admin(network.ap.default)> set Description: Sets the default Access Port parameters. Syntax: set beacon mode <type> intvl <type> ch-mode <type> fixed/ random <type> <mode> dtim <type> <period> primary <type> <wdix> rate <type> <basic> <type> <indoor> <type> <bytes> short-pre <type> enable/ disable enable/ Sets the default for secure beacons of specified type <type>...
Page 250
10-26 WS 2000 Wireless Switch System Reference Guide Example: admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap indoor use ap channel ap channel mode ap radio power power to antenna ap diversity...
WS2000>admin(network.ap.default)> show Description: Shows the default Access Port parameters for a particular radio type. Syntax: show default Shows the default Access Port parameters. Example: admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap indoor use ap channel ap channel mode ap radio power...
10-28 WS 2000 Wireless Switch System Reference Guide 10.5 Network AP Test Commands WS2000>admin(network.ap)> test Description: Displays the test submenu. The items available under this command are shown below. Switches the Access Port to a new channel. quit Quits the CLI.
WS2000>admin(network.ap.test)> new Description: Switches the specified Access Port to a new channel. Syntax: <idx> <ch> Switches the Access Port indexed with <idx> (1–12) to channel <ch> (which must be a valid channel for the specified Access Port. Example: admin(network.ap.test)>new 2 15 admin(network.ap.test)>...
10-30 WS 2000 Wireless Switch System Reference Guide 10.6 Network DCHP Commands WS2000>admin(network)> dhcp Description: Displays the DHCP submenu. The items available under this command are shown below. Sets system updated flags. show Shows system updated flags. save Saves the configuration to system flash.
WS2000>admin(network.dhcp)> set Description: Sets parameters for automated firmware and configuration upgrades. Syntax: firmwareupgrade configupgrade interface <int> Example: admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface admin(network.dhcp)>set firmwareupgrade 1 admin(network.dhcp)>set con 1 admin(network.dhcp)>set inter s1 admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands:...
10-32 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.dhcp)> show Description: Displays system updated flags. Syntax: show Displays all of the DHCP-related system update parameters. Example: admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands: Sets the DHCP-related parameters for updating system firmware and configuration.
10.7 Network Firewall Commands WS2000>admin(network)> fw Description: Displays the firewall submenu. The items available under this command are shown below. Sets firewall parameters. show Shows firewall parameters. submap Goes to the subnet mapping submenu. policy Goes to the advanced subnet mapping submenu. save Saves the configuration to system flash.
10-34 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw)> set Description: Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen. Syntax: mode enable/disable override enable/disable enable/disable enable/disable mime filter enable/disable enable/disable enable/disable timeout <time>...
Page 259
ip spoofing attack filter land attack filter ping of death attack filter reassembly attack filter admin(network.fw)> Related Commands: show Shows the current firewall settings. : enable : enable : enable : enable Command Line Interface Reference 10-35...
10-36 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw)> show Description: Displays the firewall parameters. Syntax: show Shows all firewall settings. Example: admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters ftp bounce attack filter syn flood attack filter...
10.8 Network Firewall Policy Commands WS2000>admin(network.fw)> policy Description: Displays the firewall policy submenu. The items available under this command are shown below. inbound Goes to the inbound policy submenu. outbound Goes to the outbound policy submenu. import Imports subnet access rules. save Saves the configuration to system flash.
10-38 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy)> import Description: Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted.
10.9 Network Firewall Policy Inbound Commands WS2000>admin(network.fw.policy)> inb Description: Displays the inbound policy submenu. The items available under this command are shown below. Adds a firewall policy. Sets firewall policy parameters. delete Deletes a firewall policy. list Lists firewall policies. move Moves a firewall policy to a different position in the list.
10-44 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> move Description: Moves a firewall policy to a different position in the list and renumbers all affected items in the list. Syntax: move <idx> Moves policy <idx> up one (to a lower number) in the policy list.
10-46 WS 2000 Wireless Switch System Reference Guide 10.10 Network Firewall Policy Outbound Commands WS2000>admin(network.fw.policy)> outb Description: Displays the outbound policy submenu. The items available under this command are shown below. Adds a firewall policy. Sets firewall policy parameters. delete Deletes a firewall policy.
WS2000>admin(network.fw.policy.outb)> add Description: Adds an outbound firewall policy. Syntax: <sip> <snetmask> <dip> <dnetmask> Example: admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Outbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask ----------------------------------------------------------------------------- 192.168.24.0- 255.255.255.0 Related Commands: delete Deletes firewall policies from the outbound list. move Moves policies either up or down in the list of policies.
WS2000>admin(network.fw.policy.outb)> move Description: Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move. Syntax: move <idx> Moves a policy <idx> up one (to a lower number) in the outbound policy list. down <idx>...
WS2000>admin(network.fw.submap)> set Description: Sets a default subnet access rule to allow or deny communication. Syntax: set default <from> <to> deny/allow Example: admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>show default s1 ----------------------------------------------------------------------------- subnet1 ----------------------------------------------------------------------------- allow allow admin(network.fw.submap)> Creates a default subnet access rule to deny or allow communication <from> one of the subnets (one of = subnet1, = subnet2,...
10.12 Network LAN Commands WS2000>admin(network)> lan Description: Displays the LAN submenu. The items available under this command are shown below. dhcp Goes to the DHCP submenu. Sets LAN parameters. show Shows LAN parameters. save Saves the configuration to system flash. quit Quits the CLI.
10-60 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.lan)> set Description: Sets the LAN parameters for the four subnets. Syntax: ipadr <idx> <IPaddr> mask <idx> <IPmask> mode <idx> enable/disable name <idx> <name> port <port#> <subnet> wlan <wlan#> <subnet> Example: admin(network.lan)>show lan 1...
WS2000>admin(network.lan)> show Description: Shows the LAN parameters. Syntax: show <idx> Shows the settings for the subnet <idx> (1–4). Example: admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans admin(network.lan)>set name 1 NewName admin(network.lan)>set port 4 none admin(network.lan)>set wlan 2 s1 admin(network.lan)>show lan 1 subnet name...
10-62 WS 2000 Wireless Switch System Reference Guide 10.13 Network LAN DHCP Commands WS2000>admin(network.lan)> dhcp Description: Displays the DHCP submenu. The items available under this command are shown below. Adds static DHCP address assignments. delete Deletes static DHCP address assignments.
WS2000>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: <idx> <mac> <ip> Adds a static DHCP address assignment for subnet <idx> where the device with the MAC address <mac> (00A0F8F01234) assigned to the IP address <ip>. Example: admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6 admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>list 1 -----------------------------------------------------------------------------...
WS2000>admin(network.lan.dhcp)> show Description: Shows DHCP parameter settings for specified subnets. Syntax: show dhcp <idx> Show the DHCP parameter settings for subnet <idx> (1–4). These parameters are set with the set command. Example: admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218 admin(network.lan.dhcp)>show dhcp 1 dhcp mode default gateway...
10-68 WS 2000 Wireless Switch System Reference Guide 10.14 Network QoS Commands WS2000>admin(network)> qos Description: Displays the quality of service (QoS) submenu. The items available under this command are shown below. Sets QoS parameters. show Shows QoS parameters. clear Clears QoS parameters.
WS2000>admin(network.qos)> clear Description: Clears QoS radio statistics. Syntax: clear queuing Clears the radio QoS queuing statistics. Example: admin(network.qos)>clear queue Related Commands: Sets the QoS parameters. show Shows the QoS parameters and the QoS queuing statistics. Command Line Interface Reference 10-69...
10-78 WS 2000 Wireless Switch System Reference Guide 10.16 Network VLAN Commands WS2000>admin(network)> vlan Description: Displays the VLAN submenu. The items available under this command are shown below. trunk Goes to the trunk submenu. Sets VLAN parameters. show Shows VLAN parameters.
WS2000>admin(network.vlan)> set Description: Sets VLAN parameters. Syntax: assign-mode user port default <vlan-id> vlan-id Example: admin(network.vlan)>set assign-mode user admin(network.vlan)>set default 3 admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID Related Commands: show Displays the VLAN settings. Assigns the VLAN assignment mode to one of Assigns the default VLAN ID to <vlan-id>, which is a number between <vlan-id>...
10.17 Network VLAN Trunk Commands WS2000>admin(network.vlan)> trunk Description: Displays the trunk submenu. The items available under this command are shown below. Sets trunk parameters. show Shows trunk parameters. clear Clears options. Goes to the parent menu. Goes to the root menu. Command Line Interface Reference 10-81...
10-82 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.vlan.trunk)> clear Description: Clears VLANs that are trunked. Syntax: clear trunked Clears all the VLANs that are being trunked. Example: admin(network.vlan.trunk)>clear trunked Related Commands: Sets the VLAN trunking parameters. show Displays the VLAN trunking settings.
WS2000>admin(network.vlan.trunk)> set Description: Sets trunk parameters. Syntax: trunk-port <port idx> enable disable trunked <vlan list> Example: admin(network.vlan.trunk)>set trunked add 3,4 admin(network.vlan.trunk)> Enables disables the trunk port for the VLAN to be <port id> (1–6) as numbered on the switch. Adds the VLANs in <vlan list> to be trunked. Specify a VLAN by number (1– 31), separated by commas.
10.18 Network WAN Commands WS2000>admin(network)> wan Description: Displays the WAN submenu. The items available under this command are shown below. Goes to the VPN submenu. Goes to the NAT submenu. Goes to the outbound content filtering submenu. renew Renews the IP address. Sets WAN parameters.
10-86 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> renew Description: Renews the IP address. Syntax: renew Renews the switch’s DHCP lease of the IP address if it is a DHCP client. Example: admin(network.wan)>renew admin(network.wan)>...
WS2000>admin(network.wan)> set Description: Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen. Syntax: set dhcp enable disable <a.b.c.d> <idx> <a.b.c.d> ipadr <idx> <a.b.c.d> mask <a.b.c.d> mode <idx> enable pppoe mode enable idle <val> enable disable passwd...
10-88 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> show Description: Shows the WAN parameters. Syntax: show <idx> Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 1–8).
10.19 Network WAN App Commands WS2000>admin(network.wan)> app Description: Displays the outbound content filtering submenu. The items available under this command are shown below. addcmd Adds app control commands to the deny list. delcmd Deletes app control commands from the deny list. list Lists app control records.
10-94 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.app)> list Description: Lists the app control records. Syntax: list Lists Web/HTTP app control settings. Lists FTP app control settings. smtp Lists SMTP app control record. Example: admin(network.wan.app)>list web HTTP Files/Commands Web Proxy...
10.20 Network WAN NAT Commands WS2000>admin(network.wan)> nat Description: Displays the nat submenu. The items available under this command are shown below. Adds NAT records. delete Deletes NAT records. list Lists NAT records. Sets NAT parameters. show Shows NAT parameters. save Saves the configuration to system flash.
10-96 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> add Description: Adds NAT records. Syntax: <idx> <name> Sets an inbound network address translation (NAT) for WAN address <idx>, where <name> is the name of the entry (1 to 7 characters), <tran> is the transport protocol (one of tcp, udp, icmp, ah, esp, gre, or all), <port1> is the starting port number in a port range, <port2>...
WS2000>admin(network.wan.nat)> delete Description: Deletes NAT records. Syntax: delete <idx> <entry> Deletes a NAT entry <entry> (1–20) that is associated with WAN <idx> (1–8). <idx> Deletes all NAT entries associated with WAN <idx> (1–8). Example: admin(network.wan.nat)>list inb 2 ----------------------------------------------------------------------------- index name prot ----------------------------------------------------------------------------- special tcp...
10-98 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> list Description: Lists NAT records. Syntax: list <idx> Lists the inbound NAT entries associated with WAN port <idx> (1–8). Example: admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2...
WS2000>admin(network.wan.nat)> set Description: Sets NAT inbound and outbound parameters. Syntax: set inb mode <idx> enable/ disable <idx> <ip> outb <idx> <ip> <from> <to> type <idx> none 1-to-1 1-to-many Example: admin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address...
10-100 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> show Description: Shows NAT parameters. Syntax: show <idx> Example: admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping Shows NAT settings for WAN <idx>...
10.21 Network WAN VPN Commands WS2000>admin(network.wan)> vpn Description: Displays the VPN submenu. The items available under this command are shown below. cmgr Goes to the cmgr (Certificate Manager) submenu. Adds an security policy database (SPD) entry. Sets SPD parameters. list Lists SPD entries.
10-102 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> add Description: Adds an security policy database (SPD) entry. Syntax: <name> <LSubnet> Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4), through local WAN IP <LWanIP>...
WS2000>admin(network.wan.vpn)> delete Description: Deletes security policy database (SPD) entries. Syntax: delete Deletes all SPD entries. <name> Deletes SPD entries named <name>. Example: admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type -------------------------------------------------------------------------- Eng2EngAnnex Manual Manual admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type -------------------------------------------------------------------------- Eng2EngAnnex Manual admin(network.wan.vpn)>...
10-104 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax: ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is con- nected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.
WS2000>admin(network.wan.vpn)> list Description: Lists security policy database (SPD) entries. Syntax: list Lists all tunnel entries. <name> Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name in the SPD entry. “Bob” is not equal to “bob”, as shown in the example below. Example: admin(network.wan.vpn)>list --------------------------------------------------------------------------...
WS2000>admin(network.wan.vpn)> set Description: Sets security policy database (SPD) entry parameters. Syntax: set ike myidtype <name> remidtype <name> myiddata <name> remiddata <name> opmode <name> authtype <name> authalgo <name> <name> encalgo <name> lifetime <name> group <name> type <name> Auto/ Manual <name> <sub> remip <name>...
Page 332
10-108 WS 2000 Wireless Switch System Reference Guide authkey <name> enctype <name> encalgo <name> espauthalgo <name> enckey <name> espauthkey <name> <name> localgw <name> <name> usepfs salife <name> Example: admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name Local Subnet...
Page 333
ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100 admin(network.wan.vpn)>set usepfs Bob enable admin(network.wan.vpn)>set spi Bob ESP IN abcde admin(network.wan.vpn)>set spi Bob ESP OUT cdef23 admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name : Bob Local Subnet Tunnel Type : Manual Remote IP...
Page 334
10-110 WS 2000 Wireless Switch System Reference Guide admin(network.wan.vpn)>set authkey Bob IN 12345678901234567890123456789012 admin(network.wan.vpn)>set authkey Bob OUT 11111111112222222222333333333344 admin(network.wan.vpn)>set spi Bob AUTH IN 2233445 admin(network.wan.vpn)>set spi Bob AUTH OUT 33344 admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name...
WS2000>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: stats Display statistics for all active VPN tunnels. Example: admin(network.wan.vpn)>stats ----------------------------------------------------------------------------- Tunnel Name Status ----------------------------------------------------------------------------- Eng2EngAnnex Not Active Not Active SPI(OUT/IN) Life Time Command Line Interface Reference 10-111 Bytes(Tx/Rx)
10-112 WS 2000 Wireless Switch System Reference Guide 10.22 Network WAN VPN Cmgr Commands WS2000>admin(network.wan.vpn)> cmgr Description: Displays to the Certificate Manager submenu. The items available under this command are shown below. genreq Generates a Certificate Request. loadca Loads a trusted certificate from CA.
10-116 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> expcert Description: Exports the certificate file. Syntax: expcert tftp <file name> Example: admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>expcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands: impcert Imports a certificate. Exports the certificate with specified filename <file name> by either or ftp options for this file transfer will use the settings for the configuration file settings.
WS2000>admin(network.wan.vpn.cmgr)> genreq Description: Generates a Certificate Request. Syntax: genreq <IDname> <Subject> ...optional arguments... [-ou [-on [-cn [-st [-cc [-sa Note: The parameters in [square brackets] are optional. Check with the CA to determine what fields are necessary. For example, most CAs require an email address and an IP address, but not the address of the organization.
10-118 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> impcert Description: Imports the certificate file. Syntax: impcert tftp <file name> Example: admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>impcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands: expcert Exports a certificate. Imports the certificate with specified filename <file name> by either ftp options for this file transfer will use the settings for the configuration file settings.
10-122 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> loadca Description: Loads a trusted certificate from the Certificate Authority. Syntax: loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. Example: admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded...
WS2000>admin(network.wan.vpn.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority. Syntax: loadself <IDname> Loads the self certificate signed by the CA with name <IDname>. Example: admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate: Command Line Interface Reference 10-123...
10-124 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: showreq <IDname> Displays a certificate request named <IDname> generated from the genreq command.
10.23 Network WLAN Commands WS2000>admin(network)> wlan Description: Displays the WLAN submenu. The items available under this command are shown below. Adds MU access control list entries. delete Deletes MU access control list entries. list Lists MU access control list entries. rogueap Goes to the rogue AP submenu.
10-126 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> add Description: Adds entries to the mobile unit (MU) access control list. Syntax: <idx> <mac1> <mac2> Example: admin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 ----------------------------------------------------------------------------- index start mac ----------------------------------------------------------------------------- 000000000000 admin(network.wlan)> Related Commands: delete Deletes entries from the MU access control list.
WS2000>admin(network.wlan)> delete Description: Deletes specified entry or entries from mobile unit (MU) access control list. Syntax: delete <idx> <entry> Deletes MU access control list entry <entry> (1–30) for WLAN <idx> (1–4). <idx> Deletes all access control list entries for the WLAN specified by <idx>. Example: admin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1...
10-128 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> list Description: Lists the entries in the mobile unit (MU) access control list. Syntax: list <idx> Displays the entries in the MU access control list for WLAN <idx> (1–4). Example: admin(network.wlan)>list 1...
WS2000>admin(network.wlan)> set Description: Sets WLAN parameters. Syntax: set acl <idx> allow/ deny adopt <idx> allow/ deny auth <idx> <type> bcast <idx> enable/ disable mu-quiet mu-tx mu-timeout mu-retry server- timeout server-retry server <idx> port <idx> rad-acct mode retry-count timeout reauth mode period retry Sets the default MU access control mode to allow or deny...
Page 354
10-130 WS 2000 Wireless Switch System Reference Guide secret syslog <idx> <idx> kerb passwd port realm server user mcast <idx> mode <idx> name <idx> no-mu-mu <idx> <idx> tkip type phrase rotate-mode interval ccmp <idx> <rsidx> <secret> <idx> <ip> mode <idx>...
Page 355
type <idx> phrase <idx> rotate-mode <idx> interval <idx> mixed-mode <idx> preauth <idx> opp-pmk <idx> wep-mcm index <idx> <idx> Example: admin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104.
10.24 Network WLAN Rogue AP Commands WS2000>admin(network.wlan)> rogueap Description: Displays the rogue AP submenu. The items available under this command are shown below. show Shows current rogue AP configuration. Sets rogue AP parameters. rulelist Goes to the rule list submenu. approvedlist Goes to the approved AP list submenu.
WS2000>admin(network.wlan.rogueap)> show Description: Shows the current rogue AP configuration. Syntax: show Displays the rogue AP scanning settings. Example: admin(network.wlan.rogueap)>show mu scan mu scan interval ap scan ap scan interval detector ap scan detector ap scan interval : 60 minutes Related Commands: Sets the rogue AP scanning parameters.
10-138 WS 2000 Wireless Switch System Reference Guide 10.25 Network WLAN Rogue AP Approved AP List Commands WS2000>admin(network.wlan.rogueap)> approvedlist Description: Displays the approved AP list submenu. The items available under this command are shown below. show Shows the approved AP list.
WS2000>admin(network.wlan.rogueap.approvedlist)> ageout Description: Displays ageout time for an approved list entry. Syntax: ageout <interval> Sets the number of minutes, <interval> (0–1000) before an entry in the approved list is automatically removed. Example: admin(network.wlan.rogueap.approvedlist)>ageout 30 admin(network.wlan.rogueap.approvedlist)> Related Commands: erase Erases the approved AP list. Command Line Interface Reference 10-139...
10-140 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.approvedlist)> approve Description: Approves an AP. Syntax: approve <idx> Approves an access point from the list. Approves all access points in the list. Example: admin(network.wlan.rogueap.approvedlist)>approve 1 admin(network.wlan.rogueap.approvedlist)>approve all admin(network.wlan.rogueap.approvedlist)> Related Commands: erase...
WS2000>admin(network.wlan.rogueap.approvedlist)> erase Description: Erases the approved AP list. Syntax: erase Erases all entries in the approved list. Example: admin(network.wlan.rogueap.approvedlist)>erase all admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----- Related Commands: approve Adds an Access Port to the approved list. show Displays the approved list.
10-142 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.approvedlist)> show Description: Shows the approved AP list. Syntax: show Displays the list of approved APs. Example: admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----- Related Commands: approve Adds an AP to the approved list.
10.26 Network WLAN Rogue AP List Commands WS2000>admin(network.wlan.rogueap)> roguelist Description: Displays the rogue AP list submenu. The items available under this command are shown below. show Displays the rogue list entries. locate Goes to the submenu for locating a rogue AP. muscan Goes to the submenu for on-demand MU polling.
10-144 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> ageout Description: Displays the ageout time for a rogue list entry. Syntax: ageout <time> Sets the ageout time for the entry associated to <time> (1–1000) minutes. Example: admin(network.wlan.rogueap.roguelist)>ageout 50 Related Commands: locate Locates a rogue AP.
WS2000>admin(network.wlan.rogueap.roguelist)> approve Description: Moves a rogue AP into the approved AP list. Syntax: approve <idx> Puts the rogue AP <idx> into the approved AP list. Puts all the entries of the rogue list into the approved AP list. Example: admin(network.wlan.rogueap.approvedlist)>approve all Related Commands: show Shows the rogue list entries.
10-146 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> erase Description: Erases the rogue AP list. Syntax: erase Deletes all entries from the rogue AP list. Example: admin(network.wlan.rogueap.roguelist)>erase all Related Commands: show Lists all entries in the rogue AP list.
WS2000>admin(network.wlan.rogueap.roguelist)> show Description: Displays the rogue list entries. Syntax: show Displays the list of rogue APs. <idx> Displays detailed information for the rogue AP with index number <idx>. Example: admin(network.wlan.rogueap.roguelist)>show all rogue ap list ++++++++++++++++++++ rogue list ageout ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Related Commands: locate Locates a rogue AP.
10-148 WS 2000 Wireless Switch System Reference Guide 10.27 Network WLAN Rogue AP Locate Commands WS2000>admin(network.wlan.rogueap.roguelist)> locate Description: Displays the locate submenu. The items available under this command are shown below. start Starts locating a rogue AP. list Lists results of the locate rogue AP scan.
WS2000>admin(network.wlan.rogueap.roguelist.locate)> list Description: Lists the results of the locate rogue AP scan. Syntax: list Lists the results of the locate rogue AP scan. Example: admin(network.wlan.rogueap.roguelist.locate)>list Related Commands: start Starts the rogue AP location process. Command Line Interface Reference 10-149...
10-150 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist.locate)> start Description: Locates a rogue AP. Syntax: start <mac> <essid> Example: admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg Related Commands: list Lists information for the rogue AP found during the scan. Starts locating a rogue AP where <mac> is the MAC address (or BSSID) of the rogue AP, and...
10.28 Network WLAN Rogue AP MU Scan Commands WS2000>admin(network.wlan.rogueap.roguelist)> muscan Description: Displays the MU scan submenu. The items available under this command are shown below. start Starts a rogue AP scan using on-demand MU polling. list Lists the rogue APs found during the scan. save Saves the configuration to system flash.
10-152 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist.muscan)> list Description: Lists the results of the locate rogue AP scan. Syntax: list Lists the results of the locate rogue AP scan. Example: admin(network.wlan.rogueap.roguelist.muscan)>list Related Commands: start Starts the MU scan process.
WS2000>admin(network.wlan.rogueap.roguelist.muscan)> start Description: Starts an on-demand MU polling for rogue APs. Syntax: start <mac> Starts locating a rogue AP where <mac> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP. Example: admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344 Related Commands:...
10-154 WS 2000 Wireless Switch System Reference Guide 10.29 Network WLAN Rogue AP Rule List Commands WS2000>admin(network.wlan.rogueap)> rulelist Description: Displays the rule list submenu. The items available under this command are shown below. show Displays the rule list. Adds an entry to the rule list.
WS2000>admin(network.wlan.rogueap.rulelist)> add Description: Adds an entry to the rule list. Syntax: <mac> <essid> Adds an entry into the rule list to allow an AP with the mac address <mac> and the ESSID <essid>. Example: admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index...
10-156 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.rulelist)> authsymbolap Description: Authorizes all Symbol APs. Syntax: authsymbolap enable disable Example: admin(network.wlan.rogueap.rulelist)>auth enable admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----- 00:a0:f8:f3:12:12 Related Commands: show Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.
WS2000>admin(network.wlan.rogueap.rulelist)> delete Description: Deletes an entry from the rule list. Syntax: delete Deletes all entries in the rule list. <idx> Deletes the <idx> entry in the rule list. Example: admin(network.wlan.rogueap.rulelist)>delete all admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----- Related Commands: show Displays the entries in the rule list.
10-158 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.rulelist)> show Description: Displays the rule list. Syntax: show Displays all entries in the rule list. Example: admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----- 00:a0:f8:f3:12:12 Related Commands: delete Deletes entries from the rule list.
10.30 Statistics Commands WS2000>admin)> stats Description: Displays statistics and status for different switch entities. The items available under this command are shown below. show Shows system status and statistics. Goes to the RF statistics submenu. save Saves the configuration to system flash. quit Quits the CLI.
10-160 WS 2000 Wireless Switch System Reference Guide WS2000>admin(stats)> show Description: Displays the system status and statistics for either the specified subnet or the WAN. Syntax: show leases subnet <idx> Example: show subnet example admin(stats)>show subnet 1 LAN Interface Information subnet interface 1 : enable ip address 1 : 192.168.0.1...
Page 385
Command Line Interface Reference 10-161 show wan example admin(stats)>show wan WAN Interface Information wan interface 1 : enable ip address 1 : 192.168.24.198 wan interface 2 : disable ip address 2 : 192.168.24.198 wan interface 3 : disable ip address 3 : 192.168.24.198 wan interface 4 : disable ip address 4 : 192.168.24.198 wan interface 5 : disable...
10-162 WS 2000 Wireless Switch System Reference Guide 10.31 Statistics RF Commands WS2000>admin(stats)> rf Description: Displays the RF statistics submenu. The items available under this command are shown below. show Shows RF statistics. reset Resets/clears all RF statistics. save Saves the configuration to system flash.
10-164 WS 2000 Wireless Switch System Reference Guide WS2000>admin(stats.rf)> show Description: Shows radio frequency (RF) statistics. Syntax: show wlan wlan <idx> <idx> <mu> total Example: admin(stats.rf)>show all wlan example Index Name Status Index Name Status Index Name Status Index Name Status admin(stats.rf)>show wlan 1 example...
Page 389
Non-Unicast Packets Signal Noise Signal-to-Noise Average Number of Retries Dropped Packets Undecryptable Packets admin(stats.rf)>show all ap example ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index...
Page 390
10-166 WS 2000 Wireless Switch System Reference Guide ap status ap index ap status admin(stats.rf)>show ap 2 example Name Location Radio Type Current Channel Adopted By Number of Associated Mus Packets per second Throughput Average Bit Speed Approximate Utilization Non-Unicast Packets...
10.32 System Commands WS2000>admin)> system Description: Displays the system submenu. The items available under this command are shown below. lastpw Displays the last debug password. config Goes to the config submenu. logs Goes to the logs submenu. Goes to the NTP submenu. snmp Goes to the SNMP submenu.
10-168 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system)> lastpw Description: This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid.
10.33 System Authentication Commands WS2000>admin(system)> authentication Description: Displays the authentication submenu. The items available under this command are shown below. radius Goes to the RADIUS submenu. Sets the mode. save Saves the configuration to system flash. show Shows the authentication parameters. Goes to the parent menu.
10-170 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication)> set Description: Sets the parameter that specifies how user authentication is taking place. Syntax: mode local radius Example: admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode admin(system.authentication)> Related Commands: radius--> set Sets the parameters to specify that the external RADIUS server is used for user authentication.
WS2000>admin(system.authentication)> show Description: Shows the main user authentication parameters. Syntax: show Displays the user authentication settings. Example: admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode admin(system.authentication)> Related Commands: Sets the authentication parameters. : local Command Line Interface Reference 10-171...
10-172 WS 2000 Wireless Switch System Reference Guide 10.34 System Authentication RADIUS Commands WS2000>admin(system.authentication)> radius Description: Displays the RADIUS submenu. The items available under this command are shown below. Sets the RADIUS authentication parameters. show Shows the RADIUS authentication parameters.
WS2000>admin(system.authentication.radius)> set Description: Sets the RADIUS proxy server authentication parameters. Syntax: auth-server-ip <IP> auth-server-port <port> shared-secret <password> Example: admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)> admin(system.authentication.radius)>show all radius server ip radius server port radius server shared secret Sets the IP address for the RADIUS authentication proxy server.
10-174 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication.radius)> show Description: Shows the RADIUS authentication parameters. Syntax: show Displays the RADIUS proxy server parameters. Example: admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)>show all radius server ip radius server port...
10-176 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> default Description: Restores the factory default configuration. Syntax: default Restores the switch to the original (factory default) configuration. Example: admin(system.config)>default ****************************************************************************** System will now restore default configuration. You will need to set the country code for correct operation.
WS2000>admin(system.config)> export Description: Exports the configuration from the system. Syntax: export Exports the configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. tftp Exports the configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command.
Page 402
10-178 WS 2000 Wireless Switch System Reference Guide ws2000 // WS2000 menu set name WS2000 set loc Extra\20office set email fred@symbol.com set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable...
WS2000>admin(system.config)> import Description: Imports the configuration to the system. Syntax: import ftp Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. tftp Imports the configuration from the TFTP server. Use the set command to set the server and file. Example: Import FTP Example admin(system.config)>set server 192.168.22.12...
The following settings will remain intact when using Restore Partial Default Configuration: • All settings on the WAN page • SNMP access to the WS 2000 on the WS 2000 Access page • All settings on the SNMP Access page Before using this feature, consider exporting the current configuration for safekeeping.
WS2000>admin(system.config)> set Description: Sets the import/export parameters. Syntax: server <ipaddress> user <username> passwd <pswd> file <filename> file <filename> path <pathname> Example: FTP Set Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation Building configuration file File transfer File transfer Export operation Firmware Example...
10-182 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> show Description: Shows the import/export parameters. Syntax: show Shows all import/export parameters. Example: admin(system.config)>show all ftp/tftp server ip address ftp user name ftp password cfg filename firmware filepath firmware filename : 192.168.0.101...
WS2000>admin(system.config)> update Description: Performs a firmware update. Syntax: update tftp/ <iface> Sets how firmware updates will occur. Select between <iface> specifies the interface (location), as follows: s1 = subnet1 s2 = subnet2 s3 = subnet3 s4 = subnet4 w = wan Note: Before using this command, use set server to set the IP address for the FTP/ TFTP server.
10-186 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> send Description: Sends log and core files. Syntax: send Sends the system log file via FTP to a location specified with the set command. Use the set command to set the FTP login and site information.
WS2000>admin(system.logs)> set Description: Sets log options and parameters. Syntax: ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d). level <level> Sets the level of the events that will be logged. All event with a level at or above <level> (L0–L7) will be saved in the system log.
10-188 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> show Description: Shows logging options. Syntax: show Displays all of the logging options. Example: admin(system.logs)>set user fred admin(system.logs)>set password mygoodness unknown input before marker set password mygoodness admin(system.logs)>set passwd mygoodness admin(system.logs)>show all...
10-190 WS 2000 Wireless Switch System Reference Guide 10.37 System NTP Commands WS2000>admin(system)> ntp Description: Displays the NTP submenu. Syntax: show Shows NTP parameters settings. Sets NTP parameters. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu.
WS2000>admin(system.ntp)> set Description: Sets NTP parameters. Syntax: set mode enable/disable intrvl <time> server <idx> <ip> port <idx> <port> Example: admin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2...
10-192 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ntp)> show Description: Shows NTP parameters. Syntax: show Shows all NTP server settings. Example: admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2...
10.38 System RADIUS Commands WS2000>admin(system)> radius Description: Displays the RADIUS submenu. The items available under this command are shown below. Goes to the EAP submenu. policy Goes to the access policy submenu. ldap Goes to the LDAP submenu. proxy Goes to the proxy submenu. client Goes to the client submenu.
10-194 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius)> set Description: Sets the RADIUS database. Syntax: database local ldap Example: admin(system.radius)>set database ldap admin(system.radius)>show all Database Related Commands: show all Shows the top-level RADIUS parameters. Sets the RADIUS server to either the local database or an LDAP server.
WS2000>admin(system.radius)> show Description: Shows the RADIUS parameters. Syntax: show Displays the RADIUS database setting. Example: admin(system.radius)>set database ldap admin(system.radius)>show all Database Related Commands: Sets the RADIUS database source. : ldap Command Line Interface Reference 10-195...
10-196 WS 2000 Wireless Switch System Reference Guide 10.39 System RADIUS Client Commands WS2000>admin(system.radius)> client Description: Displays the client submenu. The items available under this command are shown below. Adds a RADIUS client. Deletes a RADIUS client. show Displays a list of configured clients.
WS2000>admin(system.radius.client)> add Description: Adds a RADIUS client. Syntax: <ip> <mask> <secret> Example: admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)>show List of Radius Clients ------------------------------------------------------------------------------- Subnet/Host ------------------------------------------------------------------------------- 192.168.46.4 admin(system.radius.client)> Related Commands: Deletes a RADIUS client. show Shows a list of RADIUS clients. Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>.
10-198 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.client)> del Description: Deletes a RADIUS client. Syntax: <ip> Deletes the RADIUS client with IP address <ip>. Example: admin(system.radius.client)>show List of Radius Clients ------------------------------------------------------------------------------- Subnet/Host ------------------------------------------------------------------------------- 192.168.46.4 192.168.101.43 admin(system.radius.client)>del 192.168.46.4 admin(system.radius.client)>show List of Radius Clients...
WS2000>admin(system.radius.client)> show Description: Displays a list of configured clients. Syntax: show Displays the list of RADIUS clients. Example: admin(system.radius.client)>show List of Radius Clients ------------------------------------------------------------------------------- Subnet/Host ------------------------------------------------------------------------------- 192.168.46.4 192.168.101.43 admin(system.radius.client)> Related Commands: Adds a RADIUS client to the list. Deletes a RADIUS client from the list. Netmask SharedSecret 225.225.225.0...
10-200 WS 2000 Wireless Switch System Reference Guide 10.40 System RADIUS EAP Commands WS2000>admin(system.radius)> eap Description: Displays the EAP submenu. The items available under this command are shown below. peap Goes to the PEAP submenu. ttls Goes to the TTLS submenu.
WS2000>admin(system.radius.eap)> import Description: Imports the EAP certificates. Syntax: import server <cert id> cacert <cert id> Example: admin(system.radius.eap)>import server mycert admin(system.radius.eap)>import cacert NETE3443 Related Commands: show cert Show the list of certificates. Imports a server certificate with the certificate ID <cert id>. Imports a Trusted Certificate with certificate ID <cert id>.
10-202 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap)> set Description: Sets the EAP parameters. Syntax: auth peap ttls Example: admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type Related Commands: show all Shows the EAP settings. Sets the default authorization type to one of associated with the selection to finish the setup.
WS2000>admin(system.radius.eap)> show Description: Shows the EAP parameters. Syntax: show Displays the default EAP authentication settings. cert Displays a list of certificates. Example: admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type Related Commands: Sets the EAP parameters. : peap Command Line Interface Reference 10-203...
10-204 WS 2000 Wireless Switch System Reference Guide 10.41 System RADIUS EAP PEAP Commands WS2000>admin(system.radius.eap)> peap Description: Displays the PEAP submenu. The items available under this command are shown below. Sets the PEAP authentication type. show Shows the PEAP authentication type.
WS2000>admin(system.radius.eap.peap)> set Description: Sets the PEAP authentication type. Syntax: auth mschapv2 Example: admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type Related Commands: show Displays the PEAP authentication type. Sets the authentication type for PEAP to one of : gtc Command Line Interface Reference 10-205 or MTCHAPv2.
10-206 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap.peap)> show Description: Shows the PEAP authentication type. Syntax: show Displays the PEAP authentication type. Example: admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type Related Commands: Sets the PEAP authentication type. : gtc...
10.42 System RADIUS EAP TTLS Commands WS2000>admin(system.radius.eap)> ttls Description: Displays the TTLS submenu. The items available under this command are shown below. Sets the TTLS authentication type. show Shows the TTLS authentication type. save Saves the configuration to system flash. quit Quits the CLI.
10-208 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap.ttls)> set Description: Sets the TTLS authentication type. Syntax: auth mschapv2 Example: admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type Related Commands: show Show the TTLS authentication type. Sets the authentication type for TTLS to one of PAP, MD5, or MSCHAPv2.
WS2000>admin(system.radius.eap.ttls)> show Description: Shows the TTLS authentication type. Syntax: show Displays the TTLS authentication type. Example: admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type Related Commands: Sets the TTLS authentication type. : md5 Command Line Interface Reference 10-209...
10-210 WS 2000 Wireless Switch System Reference Guide 10.43 System RADIUS LDAP Commands WS2000>admin(system.radius)> ldap Description: Displays the LDAP submenu. The items available under this command are shown below. Sets the LDAP parameters. show Shows the LDAP parameters. save Saves the configuration to system flash.
WS2000>admin(system.radius.ldap)> set Description: Sets the LDAP parameters. Syntax: ipadr <ip> port <port> binddn <binddn> basedn <basedn> passwd <password> login <logattr> pass_attr <passattr> groupname <gname attr> filter membership <groupattr> Example: admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP LDAP Server Port LDAP Bind DN LDAP Base DN...
10-212 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.ldap)> show Description: Shows the LDAP parameters. Syntax: show Displays the list of LDAP parameters. Example: admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP LDAP Server Port LDAP Bind DN...
10.44 System RADIUS Policy Commands WS2000>admin(system.radius)> policy Description: Displays the policy submenu. The items available under this command are shown below. Sets the group’s access policy. show Shows the group’s access policy. save Saves the configuration to system flash. quit Quits the CLI.
10-214 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.policy)> set Description: Sets the group’s access to WLANs. Syntax: <group> <idx list> Example: admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies Related Commands: show Displays the group’s access policies.
WS2000>admin(system.radius.policy)> show Description: Shows the group’s access policy. Syntax: show Displays the group access settings. Example: admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies Related Commands: Sets the group WLAN access settings. : 2 3 4 : No Wlans Command Line Interface Reference 10-215...
10-216 WS 2000 Wireless Switch System Reference Guide 10.45 System RADIUS Proxy Commands WS2000>admin(system.radius)> proxy Description: Displays the proxy submenu. The items available under this command are shown below. Adds a proxy realm. Deletes a proxy realm. Sets the proxy server parameters.
WS2000>admin(system.radius.proxy)> add Description: Adds a proxy realm. Syntax: <realm> <ip> <port> Example: admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms ------------------------------------------------------------------------------- Suffix ------------------------------------------------------------------------------- realm1 Related Commands: show realm Displays this list of defined proxy servers. Deletes a proxy server from the list. <secret>...
WS2000>admin(system.radius.proxy)> set Description: Sets the proxy server parameters. Syntax: delay <delay> Sets the retry delay of the proxy server to <delay> minute (5–10). count <count> Sets the retry count of the proxy server to <count> (3–6). Example: admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count...
10-220 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.proxy)> show Description: Shows the proxy server parameters. Syntax: show proxy Displays the proxy server parameters. realms Displays proxy server realm information. Example: admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms...
10.46 System Redundancy Commands WS2000>admin(system)> redundancy Description: Displays the redundancy submenu. The items available under this command are shown below. Sets redundancy parameters. show Shows redundancy settings. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu.
Sets the redundancy operation state of the switch to one of: • standalone—The switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network. This is the default setting. • redundancy—Two WS 2000 switches are connected, with one set as a primary and the other as a standby.
10-224 WS 2000 Wireless Switch System Reference Guide 10.47 System SNMP Commands WS2000>admin(system)> snmp Description: Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu.
10.48 System SNMP Access Commands WS2000>admin(system.snmp)> access Description: Displays the SNMP access menu. The items available under this command are shown below. Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries. show Shows SNMP v3 engine ID. save Saves the configuration to system flash.
Page 454
10-230 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.access)> list Description: Lists SNMP access entries. Syntax: list Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration. <idx> Lists SNMP v3 user definition with index <idx>. Lists all SNMP v3 user definitions.
Page 455
WS2000>admin(system.snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: show Shows the SNMP v3 Engine ID. Example: admin(system.snmp.access)>show eid WS2000 snmp v3 engine id admin(system.snmp.access)> : 0000018457D71CDFF86FD8FC Command Line Interface Reference 10-231...
10-232 WS 2000 Wireless Switch System Reference Guide 10.49 System SNMP Traps Commands WS2000>admin(system.snmp)> traps Description: Displays the SNMP traps submenu. The items available under this command are shown below. Adds SNMP trap entries. delete Deletes SNMP trap entries. list Lists SNMP trap entries.
Page 457
WS2000>admin(system.snmp.traps)> add Description: Adds SNMP trap entries. Syntax: add v1v2 <ip> <port> <comm> Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to <port>, the community string set to <comm> (1 to 31 characters), and the SNMP version set to <ip>...
Page 459
WS2000>admin(system.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: delete v1v2c <idx> Deletes entry <idx> from the v1v2c access control list. Deletes all entries from the v1v2c access control list. <idx> Deletes entry <idx> from the v3 access control list. Deletes all entries from the v3 access control list. Example: admin(system.snmp.traps)>list v3 all index...
Page 460
10-236 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.traps)> list Description: Lists SNMP trap entries. Syntax: list v1v2c <idx> Example: admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip ---------------------------------------------------------------------- 203.223.24.2 admin(system.snmp.traps)>add v3 201.232.24.33 555 BigBoss none md5 admin(system.snmp.traps)>list v3 all...
Page 465
compact flash memory threshold min packets required for rate trap: 1000 denial of service trap rate limit : 10 admin(system.snmp.traps)>show rate-trap SNMP Switch Rate Traps pkts/s greater than throughput(Mbps) greater than num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than...
Page 466
10-242 WS 2000 Wireless Switch System Reference Guide -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than admin(system.snmp.traps)> : disable : disable : disable : disable...
10.50 System SSH Commands WS2000>admin(system)> ssh Description: Displays the secure shell (SSH) submenu. The items available under this command are shown below. Sets SSH parameters show Shows SSH parameters. save Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
10-246 WS 2000 Wireless Switch System Reference Guide 10.51 System User Database Commands WS2000>admin(system)> userdb Description: Displays the userdb submenu. The items available under this command are shown below. user Goes to the user submenu. group Goes to the group submenu.
10.52 System User Database Group Commands WS2000>admin(system.userdb)> group Description: Displays the group submenu. The items available under this command are shown below. create Creates a new group. delete Deletes a group. Adds a user to a group. remove Removes a user from a group. show Shows the existing groups.
10-248 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> add Description: Adds a user to a group. Syntax: <userID> <groupID> Example: admin(system.userdb.group)>add fred g1 admin(system.userdb.group)>add joe g1 admin(system.userdb.group)>add joe g2 admin(system.userdb.group)>show user g1 List of Users of Group admin(system.userdb.group)>show user g2...
WS2000>admin(system.userdb.group)> create Description: Creates a new group. Syntax: create <groupID> Creates a new group with the ID <groupID>. The <groupID> can be an alphanumeric string. Example: admin(system.userdb.group)>create g1 admin(system.userdb.group)>create g2 admin(system.userdb.group)>create g3 admin(system.userdb.group)>show groups List of Group Names admin(system.userdb.group)> Related Commands: delete Deletes a group.
10-250 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> delete Description: Deletes a group from the database. Syntax: delete <groupID> Deletes the group named <groupID> from the database. A warning will occur if there are still users assigned to that group.
WS2000>admin(system.userdb.group)> remove Description: Removes a user from a group. Syntax: remove <userID> <groupID> Example: admin(system.userdb.group)>remove joe g1 admin(system.userdb.group)>show users g1 List of Users of Group admin(system.userdb.group)> Related Commands: Adds a user to a group. show users Shows a list of users in a group. Removes user <userID>...
10-252 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> show Description: Shows the existing groups. Syntax: show groups users <groupID> Example: admin(system.userdb.group)>create g1 admin(system.userdb.group)>create g2 admin(system.userdb.group)>create g3 admin(system.userdb.group)>show groups List of Group Names admin(system.userdb.group)>show users g1 List of Users of Group...
10.53 System User Database User Commands WS2000>admin(system.userdb)> user Description: Displays the user submenu. The items available under this command are shown below. Adds a new user to the database. Deletes a user from the database. Sets the password for a user. show Shows a list of users and group information about a user.
10-254 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user)> add Description: Adds a new user to the database. Syntax: <userID> <password> Example: admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)> List of User Ids Related Commands: show users Show a list of the users in the database.
WS2000>admin(system.userdb.user)> del Description: Deletes a user from the database. Syntax: <userID> Deletes the user with the ID <userID> from the database. Example: admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)>show users List of User Ids admin(system.userdb.user)>del sally admin(system.userdb.user)>show users List of User Ids admin(system.userdb.user)>...
10-256 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user)> set Description: Sets the password for a user. Syntax: <userID> <newpassword> Example: admin(system.userdb.user)>set fred frednew Related Commands: Adds a new user. Resets the password for user with <userID> to <newpassword>.
WS2000>admin(system.userdb.user)> show Description: Shows a list of users and group membership for a particular user. Syntax: show groups <userID> Displays the list of groups that a user with <userID> belongs to. users Displays a list of all defined users in the database. Example: admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass...
WS 2000 Wireless Switch System Reference Guide 10.54 System WS2000 Commands WS2000>admin(system)> ws2000) Description: Displays the WS 2000 submenu. The items available under this command are shown below. restart Restarts the WS 2000 Wireless Switch. Sets WS 2000 system parameters.
Restarts the switch from the firmware. Example: admin(system.ws2000)>restart Restarting system. WS 2000 Boot Firmware Version 1.5.0.0-160b Copyright(c) Symbol Technologies Inc. 2003. All rights reserved. Press escape key to run boot firmware ... Power On Self Test testing ram testing nor flash...
10-260 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> set Description: Sets WS 2000 system parameters. Syntax: airbeam mode passwd applet slan swan <cc> email <email> <loc> name <name> snmp <time> timeout Example: admin(system.ws2000)>show all system name system location admin email address...
Page 485
airbeam access password admin(system.ws2000)>set name BldgC admin(system.ws2000)>set email johndoe@mycompany.com admin(system.ws2000)>set applet lan enable admin(system.ws2000)>set airbeam mode enable admin(system.ws2000)>set airbeam passwd changeme admin(system.ws2000)>show all system name system location admin email address system uptime WS2000 firmware version country code applet http access from lan applet http access from wan applet https access from lan applet https access from wan...
10-262 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> show Description: Shows WS 2000 system information. Syntax: show Shows all of the WS 2000 system information. Example: admin(system.ws2000)>show all system name system location admin email address system uptime WS2000 firmware version...
Page 487
Numerics 1 to 1 NAT ....... . .4-8 1 to Many NAT ......4-8 802.11 b/g mode .
Page 488
Index-2 PPT 8800 with Windows Mobile 2003 Software for Pocket PCs Product Reference Guide RADIUS setup ......6-3 settings .