Page 1 WS 2000 Wireless Switch System Reference...
Page 3: Table Of Contents
WS 2000 Wireless Switch System Reference Guide ........
Page 4 Configuring the WS 2000 Firewall ........
Page 5 Changing the Location and Country Settings of the WS 2000 .......
Page 6 TOC-4 WS 2000 Wireless Switch System Reference Guide Performing the Firmware Update ............7-8 Setting Up DHCP Options for Firmware Upload.
Page 7 Inspecting the Firewall ..............9-16 Configuring the Access Ports .
Page 8 TOC-6 WS 2000 Wireless Switch System Reference Guide Network AP Commands ..............10-14 WS2000>admin(network)>...
Page 9 WS2000>admin(network.fw.submap)> set ..........10-57 WS2000>admin(network.fw.submap)>...
Page 10 TOC-8 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> list ..........10-98 WS2000>admin(network.wan.nat)>...
Page 11 WS2000>admin(network.wlan.rogueap.roguelist)> show ........10-147 Network WLAN Rogue AP Locate Commands ..........10-148 WS2000>admin(network.wlan.rogueap.roguelist)>...
Page 12 TOC-10 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> show ..........10-188 WS2000>admin(system.logs)>...
Page 13 WS2000>admin(system)> ssh ............10-224 WS2000>admin(system.ssh)>...
Page 14 TOC-12 WS 2000 Wireless Switch System Reference Guide...
Page 15 WS 2000 Wireless Switch System Reference Guide ........
Page 16: Ws 2000 Wireless Switch System Reference Guide
WS 2000 Wireless Switch System Reference Guide WS 2000 Wireless Switch System Reference Guide This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use during the initial setup and configuration of the system.
Page 17: System Overview
System Overview The WS 2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS 2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks.
Page 18: Hardware Overview
The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.)
Page 19: Ws 2000 Wireless Switch Led Functions
The switch has a large blue LED on the right front that indicates that the switch is powered on. Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs.
Page 20: Software Overview
WS 2000 Wireless Switch System Reference Guide Software Overview The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components: Operating System (OS) Services...
Page 21 Getting Started with the WS 2000 Wireless Switch........
Page 22: Getting Started With The Ws 2000 Wireless Switch
Getting Started with the WS 2000 Wireless Switch This section provides just enough instruction to set up the WS 2000 Wireless Switch, connect an Access Port, and test communications with a single mobile unit (MU) and the wide area network (WAN). The configuration suggestions made here are just the minimum needed to test the hardware.
Page 23 4. Log in using “admin” as the User ID 5. If the login is successful, the following dialog window is displayed. Enter a new admin password in both fields, and click the has been updated, the System Settings screen is displayed. and “symbol”...
Page 24: Step 3: Set The Basic Switch Setting
Apply to save changes. Unapplied changes are lost if the administrator navigates to a different screen. The WS 2000 switch is shipped with an open default SNMP configuration: Community: public, OID: 1.3.6.1, Access: Read-only Community: private, OID: 1.3.6.1, Access: Read-write If your switch has these settings, it is important to change them immediately;...
Page 25: Enable Subnet1
Step 4: Configure the LAN Interface The first step of network configuration process is to figure out the topology of the LAN. The WS 2000 Wireless Switch allows the administrator to enable and configure four different subnets. The administrator can assign an IP address, port associations, and DHCP settings for each subnet.
Page 26: Step 5: Configure Subnet1
Step 5: Configure Subnet1 The WS 2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of four subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch- managed local area network (LAN).
Page 27: Communicating With The Outside World
The WS 2000 Wireless Switch includes one WAN port. In order to set up communications with the outside world, select Network Configuration --> Communicating with the Outside World 1. Click the Enable WAN Interface outside world through the WAN port.
Page 28: Setting Up Point-To-Point Over Ethernet (Pppoe) Communication
Step 7: Enable Wireless LANs (WLANs) The WS 2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable up to four wireless LANs (WLANs).
Page 29: Wireless Summary Area
Wireless Summary Area The top portion of the window displays a summary of the WLANs that are currently defined. This is the screen in which the administrator can enable or disable a WLAN. At first, four WLANs are listed WLAN1, WLAN2, WLAN3, and WLAN4; however, only WLAN1 is enabled.
Page 30: Setting The Authentication Method
The authentication method sets a challenge-response procedure for validating user credentials such as username, password, and sometimes secret-key information. The WS 2000 Wireless Switch provides two methods for authenticating users: 802.1x EAP and Kerberos. The administrator can select between these two methods. For testing connectivity, WLAN security is not an issue, so there is not reason to enable authentication—the default setting...
Page 31: Mobile Unit Access Control List (Acl)
3. Open a Web browser and type the IP address: 192.168.0.1. The WS 2000 Switch Management screen should appear. If not, go back to the wired system used to configure the switch and see if the mobile device appears in the MU Stats screen appear on the MU Stats screen, recheck the network and WEP settings on the mobile device.
Page 32: Where To Go From Here
2-12 WS 2000 Wireless Switch System Reference Guide Where to Go from Here? When full connectivity has been verified, the switch can be fully configured to meet the needs of the organization. Refer to the two case studies provided with this reference for specific installation examples. These case studies describe the environment, the desired features, and the configuration selections that were made in two different scenarios.
Page 33 LAN/Subnet Configuration Enabling Subnets for the LAN Interface ............3-2 Defining Subnets .
Page 34: Enabling Subnets For The Lan Interface
Enabling Subnets for the LAN Interface The WS 2000 Wireless Switch allows the administrator to enable and configure four different subnets. The administrator can assign a IP address, port associations, DHCP settings, and security settings for each subnet. This System Reference provides two case studies that demonstrate how requirements for network access and capabilities drive the decisions of how to configure the subnets.
Page 35: Configuring Subnets
To change features of a subnet select Configuring Subnets The WS 2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of three subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch- managed Local Area Network (LAN).
Page 36: The Dhcp Configuration
WS 2000 Wireless Switch System Reference Guide 2. Set an IP address to be used for the subnet. This is how the switch will refer specifically to this subnet. This could be a WAN address; but more likely it will be a non-routable address. An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1.
Page 37: Advanced Dhcp Settings
Configuring Subnet Access The WS 2000 Network Management System allows the administrator to set up access rules for subnet-to-subnet and subnet-to-WAN communication. These access rules control communication between subnets and the outside world (the WAN).
Page 38: The Access Overview Table
WS 2000 Wireless Switch System Reference Guide The Access Overview Table In the overview table, each of the rectangles represents a subnet association. The three possible colors indicate the current access level, as defined, for each subnet association. Color Access Type...
Page 39 1. Click in a cell of the table that represents the subnet-to-subnet (or subnet-to-WAN) relationship to define. All access rules (if any are defined) appear in the table in the lower-half of the screen. 2. Use the pull-down menu above the list to allow some protocols (or ports) and deny others.
Page 40: Advanced Subnet Access Settings
WS 2000 Wireless Switch System Reference Guide Transport Description User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet. Like TCP, UDP runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides very few error recovery services and methods.
Page 41 1. To enable the advanced access settings, check the screen will become active. When this box is not checked, the settings in both the Subnet Access screen (under Firewall) and the NAT screen (under WAN) are disabled; the switch will use the settings found on this screen instead. 2.
Page 42 3-10 WS 2000 Wireless Switch System Reference Guide • Destination IP—The Destination IP range determines the target address(es) for the firewall rule. To configure the Destination IP range, click the field and a new window will pop up to enter the IP address and range. An IP address of 0.0.0.0 indicates all IP addresses.
Page 43: Virtual Lan (Vlan) Configuration
LAN, and enable changes to be made to the network infrastructure without physically disconnecting network equipment. The WS 2000 Wireless Switch supports assigning one VLAN ID to each of the configured subnets. To configure one or more VLAN, select Configuration screen will appear.
Page 44 4. Enter the VLAN ID value for each subnet. The value must be between 1 and 31. The WS 2000 Wireless Switch only supports VLANs numbered between 1 and 31 in user-based VLANs. If your network uses a VLAN number higher than 31, you will not be able to use VLAN trunking with this switch.
Page 45 Configuring the WS 2000 Firewall........
Page 46: Configuring The Wan Interface
This interface is DHCP Client required when: • The host router or switch on the WAN is communicating with the WS 2000 Wireless Switch using DHCP. • The switch is interfacing with an Internet Service Provider (ISP) that uses DHCP addressing.
Page 47: Setting Up Point-To-Point Over Ethernet (Pppoe) Communication
IP addresses of the form xxx.xxx.xxx.xxx. • The IP Address refers to the IP address that the outside world will use to address the WS 2000 Wireless Switch. • Click the More IP Addresses addresses are required when users within the LAN need dedicated IP addresses, or when servers in the LAN need to be accessed (addressed) by the outside world.
Page 48: Configuring The Ws 2000 Firewall
WS 2000 Wireless Switch System Reference Guide Configuring the WS 2000 Firewall The WS 2000 Wireless Switch provides a secure firewall/Network Address Translation (NAT) solution for the WAN uplink. The firewall includes a proprietary CyberDefense Engine to protect internal networks from known Internet attacks. It also provides additional protection by performing source routing, IP unaligned timestamp, and sequence number prediction.
Page 49 • Blocking these types of attacks would also block legitimate traffic on their network (although this scenario is highly unlikely. SYN Flood Attack Check Source Routing Check Winnuke Attack Check FTP Bounce Attack Check IP Unaligned Timestamp Check Sequence Number Prediction Check Mime Flood Attack Check Click the...
Page 50: Configuring Content Filtering
Content filtering allows system administrators to block specific commands and URL extensions from going out through the WS 2000 switch’s WAN port. This feature allows blocking up to 10 files or URL extensions and allows blocking of specific outbound HTTP, SMTP, and FTP requests.
Page 51: Configuring Network Address Translation (Nat)
QUIT (Quit) This command tells the receiver to respond with an OK reply and then terminate communica- tion with the sender. SEND (Send) This command initiates a mail transaction where mail is sent to one or more remote termi- nals. SAML (Send and Mail) This command initiates a mail transaction where mail data is sent to one or more local mailboxes and remote terminals.
Page 52 WS 2000 Wireless Switch System Reference Guide This screen displays the IP addresses specified in the WAN screen menu). Up to eight WAN addresses can be associated with the switch. The NAT screen enables the administrator to set of the type of translation and port forwarding required.
Page 53 5. Click the Port Forwarding button to display a sub-screen of port forwarding parameters for inbound traffic from the associated WAN IP address. When finished, click the 6. Click to add a new port forwarding entry and fill in the following fields. Name Enter a name for the service that is being forwarded.
Page 54: Configuring Static Routes
4-10 WS 2000 Wireless Switch System Reference Guide Configuring Static Routes A router uses routing tables and protocols to forward data packets from one network to another. The switch’s router manages traffic within the switch’s network, and directs traffic from the WAN to destinations on the switch-managed LAN. The WS 2000 Network Management System provides the Router screen to view and set the router’s connected routes.
Page 55: Setting The Rip Configuration
5. Click the Apply button to save changes. Setting the RIP Configuration Routing Information Protocol (RIP) is an interior gateway protocol that specifies how routers exchange routing-table information. The Routing screen also allows the administrator to select the type of RIP and the type of RIP authentication used by the switch.
Page 56: Configuring A Virtual Private Network (Vpn)
• Authentication (with password authentication or digital signatures) ensures the identity of all communicating parties. A diagram of a typical VPN situation is shown below, where there is a VPN tunnel created between two WS 2000 switches across the WAN. The diagram shows the settings for both switches.
Page 57 WAN Configuration 4-13 The WS 2000 Network Switch provides VPN technology with a variety of security and setup options. Select Network Configuration --> --> from the left menu to create a VPN tunnel.
Page 58: Creating A Vpn Tunnel
5. Specify the IP address for the 6. Specify the IP address for the Setting Up VPN Security The WS 2000 Wireless Switch provides several different options for VPN security, all based upon encryption key exchange: Manual Key Exchange access.
Page 59: Configuring Manual Key Exchange
Internet Key Exchange (IKE) remote host or network access. IKE provides an automatic means of negotiation and authentication for communication between two or more parties. IKE manages IPSec keys automatically for the parties. Each of these options requires some configuration, as described below. Configuring Manual Key Exchange 1.
Page 60 4-16 WS 2000 Wireless Switch System Reference Guide 6. Select the ESP Type from the menu. None Disables ESP and the rest of the fields in this area will not be active. Enables Encapsulating Security Payload encryption for this tunnel.
Page 61: Setting Up Automatic Key Exchange
Setting Up Automatic Key Exchange 1. Select the Auto (IKE) Key Exchange 2. Click the Automatic Key Exchange scheme and the following screen appears. 3. Forward secrecy is a key-establishment protocol that guarantees that the discovery of a session key or a long-term private key will not compromise the keys of any other sessions.
Page 62: Setting Up Internet Key Exchange (Ike)
4-18 WS 2000 Wireless Switch System Reference Guide 8. If ESP with Authentication the ESP Authentication Algorithm menu. Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal) authenti- cation keys. SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal) keys.
Page 63 4. Select the type of ID to be used for the WS 2000 end of the tunnel from the Select this option if the local ID type is the IP address specified as part of the tunnel. FQDN Select this item if the local ID type is a fully qualified domain name (such as sj.symbol.com). The set- ting for this field does not have to be fully qualified, it just must match the setting of the field for the Certificate Authority.
Page 64: Vpn: Frequently Asked Questions
4-20 WS 2000 Wireless Switch System Reference Guide 12. Select the Diffie-Hellman Group secret key over an insecure medium without any prior secrets. Two algorithms exist, one 768-bit and one 1024-bit algorithm. Group 1 - 768 bit Group 2 - 1024 bit 13.
Page 65 Clients, however, might need extra routing information to tell them to use the WS 2000 switch as the gateway to reach the remote subnet. This is only required if the clients are not using the WS 2000 switch as their default gateway.
Page 66 As a workaround, you can point the WS 2000 switch’s WAN default gateway to be the other VPN gateway, and vice- versa.
Page 67 WAN Configuration 4-23 2. Pinging the internal gateway address of the remote subnet should run the ping through the tunnel as well. Allowing you to test even if there are no clients on the remote end. 3. Verify that your WAN IP address is not DHCP. VPN requires a static WAN IP address to work.
Page 68 4-24 WS 2000 Wireless Switch System Reference Guide...
Page 69 Enabling Wireless LANs (WLANs) ............5-3 Wireless Summary Area .
Page 70 WS 2000 Wireless Switch System Reference Guide Setting Up Port Authentication for AP 300 Access Ports......... .5-24 Rogue Access Port Detection .
Page 71: Chapter 5. Wireless Configuration
Enabling Wireless LANs (WLANs) The WS 2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable one, two, or three wireless LANs (WLANs).
Page 72: Access Port Adoption
WS 2000 Wireless Switch System Reference Guide The current settings for the associated Subnet and adopted Access Ports are also displayed on this screen; however, the screen associated with each WLAN (under adopting Access Ports can be modified. Access Port Adoption Use this list to adopt detected Access Ports and to assign them to a particular WLAN.
Page 73: Configuring Wireless Lans
Rename the WLAN in this field, if desired. Character spaces are allowed. This change affects several other screens and the interface will also change the name in the left menu tree. Symbol Technologies recommends the use of descriptive names for WLANs.
Page 74: Configuring Wireless Lan Security
Configuring Wireless LAN Security The WS 2000 Wireless Switch allows the administrator to set the type and level of security for each WLAN. These security measures do not control communications from the WAN; instead, they control communication from the clients within the WLAN.
Page 75: Configuring 802.1X Eap Authentication
Configuring 802.1x EAP Authentication The IEEE 802.1x is an authentication standard that ties EAP to both wired and wireless LAN applications. EAP provides effective authentication with or without IEEE 802.1x Wired Equivalent Privacy (WEP) encryption, or with no encryption at all. EAP supports multiple authentication measures.
Page 76: Configuring Kerberos Authentication
WS 2000 Wireless Switch System Reference Guide 7. In the Period field, set the EAP reauthentication period to match the appropriate level of security. A shorter time interval (~30 seconds or longer) provides tighter security on this WLAN’s wireless connections. A longer interval (5000-9999 seconds) relaxes security on wireless connections.
Page 77: Setting The Encryption Method
Sender and receiver employ the same encryption/decryption method. The WS 2000 Wireless Switch provides four methods for data encryption: WEP, KeyGuard, WPA-TKIP, and WPA2-CCMP (802.11i). The WPA-TKIP and KeyGuard methods use WEP 104-bit key encryption. WPA-TKIP offers the highest level of security among the encryption methods available with the switch.
Page 78: Configuring Wpa-Tkip Encryption
5-10 WS 2000 Wireless Switch System Reference Guide The WEP 128 encryption mode allows devices using 104-bit key and devices using 40-bit keys to talk to each other using 40-bit keys, if the 104-bit devices permit this option. 1. Choose between the WEP 64 (40-bit key) 2.
Page 79: Configuring Wpa2-Ccmp (802.11I) Encryption
4. Specify a time period in seconds for broadcasting encryption-key changes to mobile units. Set key broadcasts to a shorter time interval (at least 300 seconds) for tighter security on this WLAN’s wireless connections. Set key broadcasts to a longer time interval (at most, 80,000 seconds) to relax security on wireless connections. A Pre-Shared Key (PSK) is an Internet Protocol security (IPSec) technology that uses a shared, secret key for authentication in IPSec policy.
Page 80: Keyguard
Enabling Access Port to carry out an 802.1x authentication with another Access Port before it roams over to it. The WS 2000 switch will cache the keying information of the client until it roams to the new Access Port. This enables the roaming the client to start sending and receiving data sooner by not having to do 802.1x authentication after it roams.
Page 81: Mobile Unit Access Control List (Acl)
Configuring Access Ports The WS 2000 Wireless Switch automatically detects Access Ports when they are attached to one of the switch’s LAN ports. When the switch starts communication with an Access Port that can be adopted by the switch, it uploads the firmware appropriate for the Access Port.
Page 82 System Settings screen and upon settings in the Access Port Default Settings screen for the radio type. The WS 2000 Wireless Switch GUI also allows the administrator to refine the basic Access Port configuration that is set at the point of detection. To examine or change that information: 1.
Page 83 The following screen is displayed with the settings for the selected Access Port. 3. From this screen, the administrator can change several pieces of information about each Access Port. Name Administrators can change the names of the Access Ports from Access Port# to something much more descriptive, so that they can easily identify which Access Port is being referenced in the various screens and in the left menu.
Page 84: Setting Default Access Port Settings
Setting Default Access Port Settings The WS 2000 Network Switch can support up to six Access Port. These Access Ports can be either a 802.11a or 802.11b radio type. When an Access Port associates with the wireless switch, the initial settings for that Access Port are taken from the Default Access Port Setting for the appropriate radio type.
Page 85 Power Level Select a power level from the communications between the Access Port and the MUs. Set a higher power level to ensure RF coverage in WLAN environments that have more electromagnetic interference or greater distances between the Access Port and mobile units (MUs). Decrease the power level according to the proximity of other Access Ports.
Page 86 5-18 WS 2000 Wireless Switch System Reference Guide Set Rates Click the the default 802.11b/g Access Ports can be set. A list of available Basic and Supported rates for the radio are listed in two columns with checkboxes next to each rate. Selecting a rate as a Basic Rate...
Page 87: Radio-Specific Settings
Click the Apply button to save changes. Advanced Access Port Settings The WS 2000 Wireless Switch GUI allows the administrator to configure the Access Port settings. To examine or change that information: 1. Select Network Configuration the menu item. The detected Access Ports will be listed under the menu item.
Page 88: Radio Settings
5-20 WS 2000 Wireless Switch System Reference Guide 2. Select the Access Port to examine or modify. When the Access Port Name menu item is selected, the following screen will appear: The advanced Access Port settings are found at the bottom and right of the screen. For most installations, the default settings for the advanced settings are appropriate.
Page 89: Antenna Settings
Antenna Settings Internal/External Specify whether the Access Port has internal antenna or external antenna. Depending on the Antenna antenna type selected certain options in the Antenna Diversity Use the drop-down menu to configure the Antenna Diversity settings for Access Ports that use external antennas.
Page 90: Quality Of Service Configuration
The WS 2000 Wireless Switch allows an administrator to adjust several parameters that can improve the quality of service (QoS) to wireless users.
Page 91: Setting The Bandwidth Share Mode
Setting the Bandwidth Share Mode First, specify how the networking resources will be shared. The Bandwidth Share Mode provides three allocation options: Packets are served on a first-come-first-served basis. If this option is selected, the information in the Round Robin Bandwidth is equally shared among all active WLANs.
Page 92: Configuring Voice Prioritization And Multicast Address Settings
Setting Up Port Authentication for AP 300 Access Ports 802.1x port authentication is used to provide security and authentication for all wired clients on a WLAN. The WS 2000 Wireless Switch supports 802.1x port authentication for the AP 300 Access Ports connected to it. It uses a username and password for all ports that can be configured from the wireless switch.
Page 93: Rogue Access Point (Port) Detection
To set up Port Authentication for all adopted AP 300 Access Ports: 1. In the Username field, specify a 802.1x username for all AP 300 Access Ports adopted by the switch. To use the default username click the <- Default 2.
Page 94: Setting Up The Detection Method
Setting Up the Detection Method The WS 2000 Wireless Switch provides three methods for detecting rogue Access Points (APs). Use the top part of the Rogue AP Detection screen to set the method or methods that the switch will use to detect rogue APs.
Page 95: Defining And Maintaining Approved Ap List Rules
Defining and Maintaining Approved AP List Rules The lower half of the Rogue AP Detection screen specifies rules that determine whether a detected AP can be approved or not. Each entry in the table works as an AP evaluation rule. You can specify a particular MAC address or a particular ESSID, or you can indicate that any MAC address or ESSID will work.
Page 96 5-28 WS 2000 Wireless Switch System Reference Guide The Approved AP List Each row of this table represents an approved AP that the switch has found. For each AP, both the MAC and the ESSID for the AP are listed. Use this portion of the screen to change the age out time or to add a rule to the rule list for a particular AP: 1.
Page 97 1. Enter a number in the Rogue Entries Age Out Time be removed from the rogue list and reevaluated. A zero (0) in this field indicates that an AP can stay on the list permanently. 2. Click the Add to Approved AP Rule List Rogue AP Detection screen.
Page 98: Setting Snmp Traps For Rogue Aps
5-30 WS 2000 Wireless Switch System Reference Guide The WS 2000 Wireless Switch only reports rogue APs. It is up to the administrator to change security settings or disrupt the rogue AP’s connection. Setting SNMP Traps for Rogue APs It is also possible to set a trap for a rogue AP.
Page 99 Administrator and User Access Configuring Administrator Access ............6-2 Selecting the Type of Admin Access .
Page 100: Configuring Administrator Access
Selecting the Type of Admin Access The WS 2000 Network Management System runs from a standard Web browser. Any individual on an enabled subnet or over the WAN can access the log screen by specifying one of the IP addresses associated with the user interface. The WS 2000 Access screen allows the administrator to restrict access from different locations.
Page 101: Configuring Secure Shell Connection Parameters
If all the checkboxes in this section are disabled, the administrator will not be able to access the switch through the WS 2000 Management System user interface. The only access available is through a direct serial cable connection from a PC. All commands are given using the command line interface.
Page 102: Applet Timeout Specification
Configuring User Authentication The WS 2000 Wireless Switch provides an integrated RADIUS server as well as the ability to work with external RADIUS and LDAP servers to provide user database information and user authentication. Several screens are available to configure the how the RADIUS server authentication works as well as set up the local user database and access policies.
Page 103: Configuring The Radius Server
Configuring the RADIUS Server The WS 2000 Wireless Switch provides an integrated RADIUS server as well as the ability to work with external RADIUS and LDAP servers to provide user database information and authentication. The RADIUS Server page allows the admin to set up data sources, as well as specify authentication information for the built-in RADIUS server.
Page 104: Configuring Lightweight Directory Access Protocol (Ldap) Authentication
WS 2000 Wireless Switch System Reference Guide 4. If you have a server certificate from a CA and wish to use it on the RADIUS server, select it from this pull-down menu. Only certificates imported to the switch will be available in the menu. To create a server certificate, select the...
Page 105: Setting Up A Proxy Radius Server
Setting Up a Proxy RADIUS Server The WS 2000 Wireless Switch provides the capability to proxy authentication requests to a remote RADIUS server based upon the suffix of the user ID (such as myisp.com or company.com). Select Proxy to go to the RADIUS Proxy Configuration screen is where the definitions of proxies are made.
Page 106 WS 2000 Wireless Switch System Reference Guide Up to 10 proxy servers are supported. 1. Enter a value between 3 and 6 in the proxy server before giving up. 2. Enter a value between 5 and 10 in the switch to time out on a request to a proxy server.
Page 107: Managing The Local User Database
Managing the Local User Database The User Database screen is used to create users and groups for the local RADIUS server. This database is used when is selected as the Data Source is used for user authentication. Select Each user that is created is assigned their own password and is associated with one or more groups. Each group can be configured for its own access policy on the Access Policy configuration screen under the RADIUS Server menu.
Page 108: Setting The User Access Policy
6-10 WS 2000 Wireless Switch System Reference Guide 3. Click the Password cell. A small window will appear. Enter a password for the user and then click User Database screen. 4. Click the List of Groups belong to at least one group for the user to have access to the switch.
Page 109: Managing Digital Certificates
The WS 2000 Management System provides the means to import and maintain a set of CA certificates to be used as an authentication option for VPN access. To use the certificate for a VPN tunnel, define a tunnel and select the IKE settings to use either RSA or DES certificates.
Page 110: Creating Self Certificates
6-12 WS 2000 Wireless Switch System Reference Guide 2. Copy the content of the CA Certificate message and then click will appear in the Import Root CA Certificate 3. Click the Import Root CA Certificate 4. Once in the list, select the certificate ID from the the issuer name, subject, serial number, and data that the certificate expires.
Page 111 1. To create the certificate request, click the Request screen appears. 2. Fill out the request form with the pertinent information. Only 4 fields are required: Key ID Enter a name for the certificate to help distinguish between certificates. The name can be up to 7 characters in length.
Page 112 Enter the domain name to associate with the certificate. This field is often required by the CA. IP Address Enter the WAN IP of the WS 2000 Wireless Switch. Check with your CA to determine whether this information is necessary. Often it can be omitted if either the email or domain name information is provided.
Page 113 Changing the Location and Country Settings of the WS 2000 .......
Page 114 WS 2000 Wireless Switch System Reference Guide Setting Up and Viewing the System Log ............7-28 Viewing the Log on the Switch .
Page 115: Chapter 7. Switch Administration
Overview of Administration Support The WS 2000 Network Management System provides several screens for administering the switch and monitoring activity on the switch. From the interface the administrator can: • Change the general system settings, such as the name of the switch and the location of the switch •...
Page 116: Changing The Name Of The Switch
Changing the Name of the Switch When the administrator first logs into the WS 2000 Network Management System, the System Settings screen appears. One of the fields in this screen is the System Name field. In this field, the administrator can specify the name of the switch.
Page 117 Switch Administration 7-5 1. Select System Configuration --> System Settings from the left menu. 2. Type in a description of the physical location of the switch within your facility into the Location field. 3. Find the Country field and use the drop down menu to select the correct country from the list. 4.
Page 118: Configuring Switch Redundancy
The WS 2000 Wireless Switch supports redundancy between two WS 2000 Wireless Switches, allowing a standby switch to take over if the primary switch stop responding. Use the WS 2000 Redundancy Settings to configure the Operational State and Redundancy Mode for the switch.
Page 119: Redundancy Operations Status
To see the Operational Mode status for switch redundancy, look at the bottom of the Redundancy screen. Updating the WS 2000 Wireless Switch’s Firmware From time to time, Symbol will release updates to the WS 2000 Wireless Switch’s firmware. These updates will include: • Information about how to communicate with newly released Access Ports •...
Page 120: Performing The Firmware Update
3. Go to the web site http://www.symbol.com/services/downloads/ and select the link to the WS 2000 Wireless Switch. 4. Compare the WS 2000 Version with the most recent version listed on the site. All updates will be listed along with a description of what the update contains.
Page 121: Exporting And Importing Wireless Switch Settings
Exporting and Importing Wireless Switch Settings All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file and then either imported back into the same switch or transferred to another switch. This file-based configuration saving feature provides several benefits: •...
Page 122: To Import Or Export Settings To An Ftp Or Tftp Site
7-10 WS 2000 Wireless Switch System Reference Guide Select System Configuration settings. To Import or Export Settings to an FTP or TFTP Site Use the following procedure for exporting the switch’s configuration settings. 1. Specify the name of the log 2.
Page 123: To Import Settings To A Local File
Sample Configuration File All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file and then either imported back into the same switch or transferred to another switch. Below is a sample configuration file that has been annotated using comment lines. All comment lines begin with // and are blue in color.
Page 124 7-12 WS 2000 Wireless Switch System Reference Guide set fw file mf.bin set fw path \0 system logs // Logs menu set mode disable set level L6 set ipadr 0.0.0.0 system // NTP menu set mode disable set server 1 0.0.0.0 set server 2 0.0.0.0...
Page 125 Switch Administration 7-13 // SNMP v1/v2c trap configuration delete v1v2c all // SNMP v3 trap configuration delete v3 all network wlan // WLAN 1 configuration set mode 1 enable set ess 1 101 set enc 1 none set auth 1 none set wep-mcm index 1 1 set wep-mcm enc-key 1 1 c2767fe55c0a564f90f50a3989 set wep-mcm enc-key 1 2 f2464fd56c3a667fa0c53a09b9...
Page 126 7-14 WS 2000 Wireless Switch System Reference Guide // WLAN 2 configuration set mode 2 disable set ess 2 102 set enc 2 none set auth 2 none set wep-mcm index 2 1 set wep-mcm enc-key 2 1 c2767fe55c0a564f90f50a3989 set wep-mcm enc-key 2 2 f2464fd56c3a667fa0c53a09b9...
Page 127 Switch Administration 7-15 set kerb enc-passwd 3 8e57 set kerb realm 3 \0 set kerb server 3 1 0.0.0.0 set kerb server 3 2 0.0.0.0 set kerb server 3 3 0.0.0.0 set kerb port 3 1 88 set kerb port 3 2 88 set kerb port 3 3 88 set eap server 3 1 0.0.0.0 set eap server 3 2 0.0.0.0...
Page 128 7-16 WS 2000 Wireless Switch System Reference Guide set rts B 2341 set dtim B 10 set short-pre B enable // Access Port configuration network delete 1 all delete 2 all delete 3 all network // LAN configuration set mode 1 enable set name 1 Subnet1 set ipadr 1 192.168.0.1...
Page 129 Switch Administration 7-17 set lease 2 86400 set range 2 192.168.1.100 192.168.1.254 set mode 3 server set dgw 3 192.168.2.1 set dns 3 1 192.168.2.1 set dns 3 2 192.168.2.1 set lease 3 86400 set range 3 192.168.2.100 192.168.2.254 delete 1 all delete 2 all delete 3 all network...
Page 130 7-18 WS 2000 Wireless Switch System Reference Guide network // NAT configuration set type 1 1-to-many set outb ip 1 0.0.0.0 set inb mode 1 disable set inb ip 1 0.0.0.0 set type 2 none set outb ip 2 0.0.0.0 set inb mode 2 disable set inb ip 2 0.0.0.0...
Page 131: Configuring Snmp
SNMP allows an administrator to manage network performance, find and solve network problems, and plan for network growth. The WS 2000 Wireless Switch includes SNMP management functions for gathering information from its network components, and communicating that information to specific users. For more background about SNMP, see SNMP Management Support.
Page 132: Setting The Snmp Version Configuration
7-20 WS 2000 Wireless Switch System Reference Guide Select System Configuration Setting the SNMP Version Configuration The SNMP Access screen allows the administrator to define SNMP v1/v2c community definitions and SNMP v3 user definitions. SNMP v1 and v2c provide a strong network management system, but their security is relatively weak. SNMP v3 provides greatly enhanced security protocols.
Page 133: Setting Up The Access Control List
5. Follow the directions for Setting up the Access Control List (below). Setting Up SNMP v3 Community Definitions Setting up the v3 user definition is very similar to the v1/v2c community definitions. The difference is the addition of a user security level and a user password.
Page 134: Setting The Trap Configuration
7-22 WS 2000 Wireless Switch System Reference Guide 1. Click the button to create a new entry in the Access Control table. 2. Specify the IP address for the user(s) that have access. Enter an IP address only in the column to specify an address for a single SNMP user.
Page 135: Setting The Trap Configuration For Snmp V3
5. Select the appropriate SNMP Version (v1 or v2) 6. Click the Apply button to save the entries. Setting the Trap Configuration for SNMP V3 To set the trap notification destination for the SNMP v3 servers, add one or more entries to SNMP v3 Trap Configuration table.
Page 136 The Compact Flash card in the system falls below the amount specified. The status changes for one of the ports on the front of the WS 2000, such as if a device is plugged into or unplugged from the switch, or if the link is lost between the switch and the connected device.
Page 137 Trap Trap Name Category MU unassociated MU denied association MU denied authentication AP Traps AP adopted AP unadopted AP denied adoption AP detected radar (802.11a only) Rogue AP 3. Click the Apply button to save the trap settings. 4. It is necessary to tell the switch where to send the notifications. Make sure to set the trap configuration to indicate where to send the notifications.
Page 138: Setting Rate Traps
7-26 WS 2000 Wireless Switch System Reference Guide Setting Rate Traps A screen is also available to specify traps caused when certain rates of activities either exceed or drop below a specified threshold. To set rate traps, select 1. Select the threshold type for which you want a rate trap, such as Pkts/sec.
Page 139: Specifying A Network Time Protocol (Ntp) Server
2. To enable time service on the switch, check the steps below. NTP Servers from the left menu to enable NTP. The NTP Server screen appars. Enable NTP on WS 2000 Switch Administration 7-27 Refresh checkbox and continue with the rest of the...
Page 140: Setting Up And Viewing The System Log
Setting Up and Viewing the System Log The WS 2000 Network Management System keeps a log of the events that happen on the switch. The switch has a modest of amount of memory to store events. If the administrator wishes to keep a more complete event history, the administrator needs to enable a log server.
Page 141: Setting Up A Log Server
Setting Up a Log Server To keep a complete history of the events that are logged by the switch, the administrator needs to set up an external system log on a server. The server listens for incoming switch-generated syslog messages on a UDP port (514 by default), and then decodes the messages into a log file appropriate for viewing and printing.
Page 142 7-30 WS 2000 Wireless Switch System Reference Guide...
Page 143 WAN Statistics................8-2 Subnet Statistics .
Page 144: Wan Statistics
WS 2000 Wireless Switch System Reference Guide WAN Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for the Wide Area Network (WAN) port.
Page 145: Subnet Statistics
The total number of TCP/IP data carrier errors received Subnet Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for each of the subnets. Selecting Status &...
Page 146 WS 2000 Wireless Switch System Reference Guide Information portion of the Subnet Stats screen displays general information about the subnet. • The HW address is the Media Access Control (MAC) address of the switch’s WAN port, which is set at the factory.
Page 147: Interfaces
Transmitted Field Description TX Errors The total number of errors including dropped data packets, buffer overruns, and carrier errors that fail on outbound traffic TX Dropped The number of data packets that fail to get sent from the subnet TX Overruns The total number of buffer overruns (when packets are sent faster than the subnet can handle them) The total number of TCP/IP data carrier errors received TX Carrier...
Page 148: Wireless Lan Statistics
WS 2000 Wireless Switch System Reference Guide Wireless LAN Statistics The WS 2000 Network Management System provides screens that display information about all of the switch’s wireless operations as well as information for each enabled wireless LAN (WLAN). Both screens are described in this section.
Page 149: Getting Statistics For A Particular Wlan
In the lower section of the screen, the Total pkts per second Displays the average number of RF packets sent per second across all active WLANs on the wireless switch. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
Page 150: General Wlan Information
WS 2000 Wireless Switch System Reference Guide General WLAN Information Information Section ESSID Displays the Extended Service Set Identification name that users will see when accessing the WLAN. Subnet Displays the name of the subnet to which this WLAN is associated.
Page 151: Access Port Statistics
Access Port Statistics The WS 2000 Network Management System provides two screens, one that displays summary information for all associated assess ports, and one that displays real-time statistics about the activity for each Access Port and its associated units.
Page 152: Detailed Information About A Particular Access Port
8-10 WS 2000 Wireless Switch System Reference Guide Each Access Port associated with the switch is listed in the AP Summary area. For each AP, the following information is provided. Field Description Displays the IP address of the Access Port.
Page 153: General Access Port Information
General Access Port Information Information Section HW Address The Media Access Control (MAC) address of the Access Port. This value is typically set at the factory and can be found on the bottom of the Access Port. Placement Lists whether the Access Port is placed indoors or outdoors. This is determined by the place- ment setting in the Access Port configuration screen in the Network Configuration section.
Page 154 8-12 WS 2000 Wireless Switch System Reference Guide RF Status Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected Access Port. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
Page 155: Mobile Unit (Mu) Statistics
Mobile Unit (MU) Statistics Each Access Port can have up to 32 associated mobile units. These units are listed in the Mobile Unit Access Control List of the WLAN Security screen (Network Configuration To see a summary of the associated mobile units and general information about each unit, select Stats.
Page 156: View Statistics In Graphic Form
However, administrators often want to see the trends of the activity on the LAN. To aid with that project, the WS 2000 Wireless Switch enables the administrator to view the statics in a graphical format that is constantly updated.
Page 157 Throughput If selected, the switch will monitor the switches throughput. Select one or more of the different throughput values to monitor: total throughput, transmission received, transmitted throughput or the average bit speed. If selected, information about packets per second will be graphed for the selected member. Select one or more of the three values to monitor: total packets per second, received packets, and transmitted packets.
Page 158 8-16 WS 2000 Wireless Switch System Reference Guide...
Page 159 Testing Connections..............9-32 WS 2000 Use Cases...
Page 160 WS 2000 Wireless Switch System Reference Guide Field Office Use Case ..............9-33 A Field Office Example .
Page 161: Chapter 9. Ws 2000 Use Cases
But management wants to be absolutely certain that users of the cafe net cannot get access to the store computers or POS terminals. The WS 2000 allows the administrator to restrict access from one subnet to another, so Clarisa will create a subnet that is just for WLAN #3, and then restrict access from that subnet to the other subnets.
Page 162: Contacting The Wireless Switch
There are also some conventional, 100baseT wired devices to consider. There is the store server and two wired POS terminals. Clarisa will put all of these on the 100baseT ports on the WS 2000. To keep things simple, Clarisa decides to define one subnet for each WLAN and assign one Access Port to each WLAN. The wired devices will be part of the POS subnet.
Page 163: Entering The Basic System Settings
192.168.0.1, the WS 2000’s IP address. Clarisa starts her web browser and enters “http://192.168.0.1/” as the URL. The WS 2000 sends a login page to her browser. She logs in using “admin” for the username and “symbol“ as the password. The system immediately asks her to change the password to something else.
Page 164: Setting Access Control
Setting Access Control In the WS 2000 Access screen, Clarisa controls which network interfaces can be used to reconfigure the WS 2000 switch. She is currently using HTTP access on port 80 over the LAN, so she leaves that on. She may also want to make changes using the Command Line Interface (CLI), so she leaves on local CLI access.
Page 165: The Ip Address Plan
For the devices, she plans to use IP numbers from the range 192.168.*.*, because IP addresses in that range are designated for internal use only. She will assign them as follows: Subnet IP Address Range 192.168.0.*** POS subnet 192.168.1.*** Printer subnet 192.168.2.*** Cafe subnet WS 2000 Use Cases 9-7 Network...
Page 166: Configuring Pos Subnet
WS 2000 Wireless Switch System Reference Guide And for each subnet: 192.168.**.1 192.168.**.2 to 192.168.**.10 192.168.**.11 to 192.168.**.254 WIth this plan, she can begin to configure the individual subnets Configuring POS Subnet Clarisa selects the first subnet from the LAN menu items in the left menu.
Page 167: Configuring The Printer Subnet
WS 2000 Use Cases 9-9 Default Gateway is already set to the subnet address. This is the IP address to which the DHCP clients on this subnet will forward their outbound traffic. Clarisa fills in the DNS Server addresses, which corporate has specified. This will also be supplied to the DHCP clients.
Page 168 9-10 WS 2000 Wireless Switch System Reference Guide After the Address Assignment Range is entered, Clarisa clicks Advanced DHCP Server.
Page 169: Configuring The Cafe Subnet
WS 2000 Use Cases 9-11 Clarisa enters the DNS server IP addresses and leaves the Default Gateway DHCP Lease Time at their defaults. She clicks in the Advanced DHCP Server window and then Apply in the Subnet window to save her changes.
Page 170 9-12 WS 2000 Wireless Switch System Reference Guide Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects the cafe patrons to come and go frequently, so she reduces the...
Page 171: Configuring The Wan Interface
WS 2000 Use Cases 9-13 Clarisa clicks the button in the Advanced DHCP Server window, then on the Apply button in the subnet screen to save her choices. The subnets are now configured. Next Clarisa configures the WAN interface. Configuring the WAN Interface Now Clarisa selects the WAN node in the left menu.
Page 172: Configuring Network Address Translation (Nat)
9-14 WS 2000 Wireless Switch System Reference Guide If corporate had not paid their ISP for a static IP address for each store, she would have selected the DHCP Client option and the WAN configuration information would have been assigned by the ISP each time they connected to the Internet.
Page 173 WS 2000 Use Cases 9-15 After she makes this selection a new button appears, labelled “1 to Many Mappings”. She selects the “1 to Many Mappings“ button. If Clarisa had more than one static IP address, she would have been able to assign several to the WAN interface. This screen would be used to choose how the internal IP addresses on each subnet translated into the selection of external IP addresses.
Page 174: Inspecting The Firewall
Configuring the Access Ports So far, Clarisa has been operating with the WS 2000 connected only to her laptop. To configure the Access Ports, she will need to connect them to the switch. She plans to use switch ports as follows:...
Page 175: Setting Access Port Defaults
WS 2000 Use Cases 9-17 Setting Access Port Defaults The WS 2000 allows the user to specify the default settings for Access Ports. Clarisa expands the Access Ports node in the left menu and selects the 802.11b Defaults node. Clarisa has only 802.11b Access Ports.
Page 176: Naming The Pos Access Port
9-18 WS 2000 Wireless Switch System Reference Guide Naming the POS Access Port Having specified the general Access Port defaults, Clarisa goes on to name and configure the Access Port for the POS WLAN. She selects the first Access Port in the left menu.
Page 177: Configuring The Printer Access Port
WS 2000 Use Cases 9-19 Configuring the Printer Access Port Clarisa configures the Printer Access Port in a similar way. She give it the name “Printer AP“ and a location description. She assigns channel 6 to this Access Port, avoiding contention with the POS AP and the Cafe AP.
Page 178: Configuring The Cafe Access Port
9-20 WS 2000 Wireless Switch System Reference Guide Configuring the Cafe Access Port Finally, she names the third Access Port Preamble is not selected. There are two preambles in use in the wireless world, an older, longer one and a newer, shorter one.
Page 179: Associating The Access Ports To The Wlans
WS 2000 Use Cases 9-21 Associating the Access Ports to the WLANs Now Clarisa selects the Wireless item in the left menu. This screen indicates which Access Ports are associated with which WLANs. First Clarisa looks in the Summary section of the screen to determine that all three WLANs are enabled.
Page 180: Configuring The Cafe Wlan
She selects the third WLAN. This is the WLAN which she plans to use for the cafe WLAN. The WLAN name is used with in the WS 2000 configuration screens to make the interface easier to navigate. She names this WLAN from “WLAN3” to “Cafe”. She also gives it an ESSID of “CCC-Cafe”. The ESSID is broadcast to the users and will be what the cafe users see when they select a wireless network on their laptops.
Page 181 WS 2000 Use Cases 9-23 Clarisa goes to the left menu and clicks the button to the left of the Cafe WLAN node. A menu item labeled “Cafe Security” is displayed and Clarisa selects it. She confirms that the Cafe Security screen shows that no authentication and no encryption methods.
Page 182: Configuring The Printer Wlan
9-24 WS 2000 Wireless Switch System Reference Guide Configuring the Printer WLAN For the printer WLAN, Clarisa makes the following selections: Name ESSID Subnet Disallow MU to MU Communication Use Voice Prioritization Answer Broadcast ESS The wireless printers will never need to communicate with each other directly. MU-to-MU communications can be safely disallowed.
Page 183 WS 2000 Use Cases 9-25 Clarisa clicks the to the left of the Printer WLAN menu item and selects the Printer Security item. In the screen that displays, Clarisa selects no authentication. She enters the MAC numbers of the wireless printers in the Mobile Access Control section.
Page 184: Configuring The Pos Wlan
9-26 WS 2000 Wireless Switch System Reference Guide She clicks the button to confirm the WEP key selections, then the Configuring the POS WLAN For the POS WLAN, she makes the following choices: Name ESSID Subnet Disallow MU to MU Communication...
Page 185 WS 2000 Use Cases 9-27 Clarisa then clicks the “+” to the left of the POS WLAN in the left menu and selects Security. In that screen, she selects 802.1x EAP for authentication. This will allow her to use the corporate RADIUS server for user authentication.
Page 186 9-28 WS 2000 Wireless Switch System Reference Guide She clicks the button in the 802.1x-EAP configuration window. She then clicks the WPA-TKIP Settings button in the security screen. TKIP encryption protocol calls for keys between two specific nodes to change with every packet. However, there is no standard with respect to how often one should change keys for broadcast packets.
Page 187: Configuring Subnet Access
WS 2000 Use Cases 9-29 With this, Clarisa has finished configuring the basic WLAN configuration and the WLAN security. She clicks the button in the WPA-TKIP window and then the Apply button in the WLAN security screen. Configuring Subnet Access Clarisa wants the two internal subnets to have complete access to one another, but she wants the Cafe subnet to have access only to the WAN.
Page 188 9-30 WS 2000 Wireless Switch System Reference Guide To set the subnet access for a pair of subnets, she clicks the square for traffic from one subnet to another and then uses the detail section, which appears below, to determine the rules for traffic between those two subnets.
Page 189: Configuring The Clients
The remaining tasks are to test the network and to put the Access Ports in their permanent locations. Apply button to save her changes. Subnet Mask Gateway 255.255.255.0 192.168.0.1 255.255.255.0 192.168.0.1 255.255.255.0 192.168.0.1 Wireless channel Authentication 802.1x EAP 802.1x EAP None WS 2000 Use Cases 9-31 WS 2000 Port Encryption WPA-TKIP WPA-TKIP...
Page 190: Testing Connections
After she is confident that everything is working, she moves the Access Ports to their permanent locations. She connects the WS 2000 to the DSL modem. Finally, she tests the connection from each subnet to the WAN. The store network is now complete.
Page 191: Field Office Use Case
Leo needs to establish secure communication with from the engineering subnet to this expansion office. The other office will also have a WS 2000, so Leo will establish a direct VPN link to that WS 2000 and use the VPN as the secure communication link.
Page 192: Configuring The System Settings
9-34 WS 2000 Wireless Switch System Reference Guide To keep things simple, he will define one subnet for the administration users, one subnet for the sales and marketing users, and one subnet for the engineers. Each subnet will have one WLAN associated with it and one Access Port. The only exception is the engineering subnet, which will have one WLAN and two Access Ports.
Page 193 WS 2000 Use Cases 9-35 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address. Leo launches his web browser and enters “http://192.168.0.1/” as the URL. He logs in using admin for the username and...
Page 194 9-36 WS 2000 Wireless Switch System Reference Guide As soon as he logs in, the WS 2000 asks him to set the password. He sets the administration password to something relatively secure. He presses Update Password Now to record his selection.
Page 195: Entering The Basic System Settings
Leo sets the location to United States - The system name is used to distinguish between WS 2000 switches for remote configuration. Leo gives the switch a descriptive name, Atlanta1.
Page 196: Setting Access Control
CompactFlash card slot. So, he turns Leo clicks on the Apply button in the WS 2000 Access screen to save his changes. node in the left menu. This controls which subnet can be used to reconfigure the WS AirBEAM Access...
Page 197: Configuring The Lan
WS 2000 Use Cases 9-39 Configuring the LAN Leo clicks the toggle to the left of Network Configuration in the left menu. The tree expands and he selects the item. This screen shows the subnets, their IP addresses, and the network interfaces (the 10/100BaseT ports and the WLANs) that are currently associated with each subnet.
Page 198: Configuring The Engineering Lan
Subnet1 from the choices under the LAN heading. He enters a new name for the subnet, Eng-SN, to make it easier to recognize this subnet throughout the WS 2000 interface. He also selects the option This interface is a DHCP IP addresses from the Address Assignment Range and assign them to network clients on this subnet, as needed.
Page 199 WS 2000 Use Cases 9-41 WINS Server field is designed to supply the Windows Network Server IP address to any DHCP clients that request it. Leo supplies the IP number for the local WINS server. Domain Name field will be supplied to any DHCP clients that request it. Leo enters his company’s domain name.
Page 200: Configuring The Sales Subnet
9-42 WS 2000 Wireless Switch System Reference Guide Configuring the Sales Subnet The sales and marketing subnet is configured exactly the same way as the engineering subnet, though with a different name and a different IP address range. Leo selects the Advanced DHCP Server button and follows the same procedures as he did for the engineering subnet. Leo...
Page 201: Configuring The Wan Interface
The next step is to configure the WAN interface. Configuring the WAN Interface Next Leo configures the WS 2000 WAN interface. This interface connects the WS 2000 switch to the VPN appliance and, through that appliance, to the Internet. Leo enables the WAN interface, but leaves the DHCP Client option disabled. Instead of using DHCP to get address information for the switch, he enters the permanent information which he previously obtained from the corporate network administrator.
Page 202 9-44 WS 2000 Wireless Switch System Reference Guide Leo has three addresses for this switch. He plans to use one address for the traffic from each of the subnets. He clicks the More IP Addresses button and enters the other two IP addresses:...
Page 203: Setting Up Network Address Translation
IP addresses. Leo chooses of each IP number. As he does so, a Outbound Mappings column. item. The WS 2000 displays the three IP addresses he entered when configuring the 1 to Many 1 to Many Mappings...
Page 204 9-46 WS 2000 Wireless Switch System Reference Guide Leo clicks any of the NAT Ranges button to the right of the IP addresses. The 1 to Many Outbound Mappings window displays. Leo uses the pull-down menu to set the outbound IP address for each subnet. These are the same as the inbound IP addresses that he specified in the WAN configuration screen.
Page 205: Confirm Firewall Configuration
Sales and marketing area 00:A0:F8:BB:FC:97 Administration area He marks each Access Port with its intended location and WLAN, so he will not get confused later. Firewall under WAN in the left menu. The WS 2000 displays a series of WLAN Engineering Engineering Marketing Admin.
Page 206 9-48 WS 2000 Wireless Switch System Reference Guide Leo selects the Wireless item in the left menu. He sees that only the first wireless LAN is enabled. None of the WLANs have the names he would like them to have. He clicks on the checkboxes to the left of...
Page 207: Configuring The Wlans
EngWLAN so that subsequent screens in the WS 2000 interface will be a little easier to read. The ESSID is the identification string that his users will see, so he uses a name that will be easy for them to recognize, the string Engineering.
Page 208 9-50 WS 2000 Wireless Switch System Reference Guide In the Advanced section of the screen, the Disallow MU to MU Communications setting would keep mobile units from communicating directly with each other. Leo believes that people sometimes share files directly, laptop to laptop, instead of using the file server.
Page 209: Security
WS 2000 Use Cases 9-51 Security The next step to set security for the engineering WLAN. He selects the toggle to the left of EngWLAN in the left menu to display the EngWLAN Security item. Leo selects that item and the security screen is displayed. Leo selects 802.1x EAP...
Page 210 Settings section is grayed out for Leo. Leo does need to set the frequency with which the key for broadcast communication is changed. By default, the WS 2000 changes the broadcast every 84,600 seconds, i.e., every twenty-four hours. Breaking WEP encryption requires several hours...
Page 211 Access Port for network traffic. Under wireless client which has agreed upon a given Pairwise Master Key (PMK) with one Access Port on a given WS 2000 is allowed to use that same PMK with other Access Ports connected to the same WS 2000. Both options increase the speed of roaming under 802.1x security and Leo enables both of them.
Page 212: Configuring The Access Ports
9-54 WS 2000 Wireless Switch System Reference Guide Configuring the Access Ports The WS 2000 allows the user to specify default settings for Access Ports. Leo expands the Access Ports node in the left menu and selects the 802.11b/g Defaults in this section.
Page 213 Administration He clicks the toggle to the left of Access Ports in the left menu and selects the menu item labeled AP1. The WS 2000 has found and queried the Access Port for its MAC address. Leo enters a new name for the Access Port, Eng-AP1, and its location, Eng.
Page 214 9-56 WS 2000 Wireless Switch System Reference Guide Leo clicks the Apply button to save the configuration for this Access Port. Leo then selects the third Access Port in the left menu. This will be the sales and marketing Access Port. Leo configures it...
Page 215 WS 2000 Use Cases 9-57 Leo clicks Apply to save his changes. To avoid interference with the sales and marketing AP, Leo chooses channel 10 for the administration Access Port. He then enters the Access Port Name and Location.
Page 216 9-58 WS 2000 Wireless Switch System Reference Guide Leo clicks the Apply button to save the changes for the administration Access Port. The Access Ports are now configured. The next step is to specify access levels between the subnets.
Page 217: Configuring Subnet Access
WS 2000 Use Cases 9-59 Configuring Subnet Access Leo selects the Subnet Access item in the left menu. This screen determines what subnet-to-subnet traffic can occur. The subnet access defaults every subnet having access to every other subnet and full access to the WAN. Leo wants to restrict subnet access to that marketing has no access to the engineering subnet and no access to the administration subnet.
Page 218 9-60 WS 2000 Wireless Switch System Reference Guide Similarly, Leo restricts access from the marketing subnet to the administration subnet. Leo would also like to restrict traffic from all subnets to the WAN to just HTTP, SMTP, and POP protocols. He selects the cell...
Page 219 WS 2000 Use Cases 9-61 Similarly, he restricts the marketing and administration subnets in their access to the WAN. Leo clicks the Apply button to record his changes. The subnet access is configured. Now Leo needs to set up VPN access to the Engineering Annex and test the installation.
Page 220: Configuring The Vpn
9-62 WS 2000 Wireless Switch System Reference Guide Configuring the VPN To configure a VPN link between WS 2000s, the following must be specified: • The subnets on each end of the VPN link (tunnel) • The authentication method for allowing a connection •...
Page 221 VPN, in this case, the Engineering subnet. The is the IP address for the interface that this WS 2000 will show to the WS 2000 on the other side of the VPN. Leo enters an unused, internal IP address, 192.168.24.198.
Page 222 9-64 WS 2000 Wireless Switch System Reference Guide Remote Subnet specifies the subnet, on the other WS 2000, to which the engineering subnet will be connected. The Remote Gateway and the Remote Subnet Mask describe the network interface on the other WS 2000 switch. After Leo...
Page 223: Installing The Access Ports And Testing
AH Authentication protocol The AH authentication method must match on both switches and the inbound key on one WS 2000 must match the outbound key on the other. Leo selects Secure Hash Algorithm 1 character authentication keys. inbound Security Parameter Index (SPI) vice versa.
Page 224 9-66 WS 2000 Wireless Switch System Reference Guide second to connect to the sales and marketing WLAN, and the third laptop to connect to the administration WLAN. He makes sure that laptops on each WLAN can connect to the WAN and to each other.
Page 225 Command Line Interface Reference Admin and Common Commands ............10-3 Network Commands.
Page 226 10-2 WS 2000 Wireless Switch System Reference Guide Network WLAN Rogue AP Approved AP List Commands ........10-138 Network WLAN Rogue AP List Commands .
Page 227: Admin And Common Commands
10.1 Admin and Common Commands WS2000>admin> admin Description: Displays admin configuration options. The items available under this command are shown below. Syntax: help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu stats Goes to the stats submenu.
Page 228: Ws2000>Admin> Help
10-4 WS 2000 Wireless Switch System Reference Guide WS2000>admin> help Description: Displays general CLI user interface help. Syntax: help Displays command line help. Example: admin>help : display command help - Eg. ?, show ?, s? <ctrl-q> : go backwards in command history <ctrl-p>...
Page 229: Ws2000>Admin> Passwd
WS2000>admin> passwd Description: Changes the password for the admin login. Syntax: passwd Changes the admin password. This requires typing the old admin password. Passwords can be up to 11 characters. Example: admin>passwd Old Admin Password:****** New Admin Password:****** Verify Admin Password:****** Command Line Interface Reference 10-5...
Page 230: Ws2000>Admin> Quit
10-6 WS 2000 Wireless Switch System Reference Guide WS2000>admin> quit Description: Quits the command line interface. This command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI.
Page 231: Ws2000>Admin> Save
WS2000>admin> save Description: Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. Syntax: save Saves configuration settings. This command works at all levels of the CLI. The save command must be issued before leaving the UI for the settings to be retained.
Page 232: Ws2000>Admin> Summary
10-8 WS 2000 Wireless Switch System Reference Guide WS2000>admin> summary Description: Displays the system summary. Syntax: summary Displays a summary of high-level characteristics and settings for the WAN, subnet, and WLAN. Example: admin>summary System Information WS2000 firmware version country code...
Page 233 enc type auth type Subnet 1 Information subnet interface ip address network mask dhcp mode default gateway ports wlans Subnet 2 Information subnet interface ip address network mask dhcp mode default gateway ports wlans Subnet 3 Information subnet interface ip address network mask dhcp mode default gateway...
Page 234 10-10 WS 2000 Wireless Switch System Reference Guide Primary WAN Information wan interface ip address network mask default gateway dhcp mode admin> : enable : 192.168.24.198 : 255.255.255.0 : 192.168.24.1 : enable...
Page 235: Ws2000>Admin
WS2000>admin> .. Description: Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Example: admin(network.ap)>.. admin(network)>...
Page 236: Ws2000>Admin> /
10-12 WS 2000 Wireless Switch System Reference Guide WS2000>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.
Page 237: Network Commands
10.2 Network Commands WS2000>admin> network Description: Displays the network submenu. The items available under this command are shown below. Goes to the Access Port submenu. Goes to the LAN submenu. router Goes to the router submenu. vlan Goes to the VLAN submenu. Goes to the WAN submenu.
Page 238: Network Ap Commands
10-14 WS 2000 Wireless Switch System Reference Guide 10.3 Network AP Commands WS2000>admin(network)> ap Description: Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface. The items available under this command are shown below.
Page 239: Ws2000>Admin(Network.ap)> Add
WS2000>admin(network.ap)> add Description: Adds entries to the Access Port adoption list. Performs functionality available in the Access Port Adoption List area of the Wireless screen. Syntax: Allows adoption of Access Ports with MAC addresses in the range of <mac1> to <mac2> <idx>...
Page 240: Ws2000>Admin(Network.ap)> Copydefaults
10-16 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> copydefaults Description: Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).
Page 241: Ws2000>Admin(Network.ap)> Delete
WS2000>admin(network.ap)> delete Description: Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area. Syntax: delete Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number <idx>...
Page 242: Ws2000>Admin(Network.ap)> List
10-18 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> list Description: Displays entries in the Access Port adoption list for a specified wireless LAN. Syntax: list <idx> Lists the Access Port adoption entries for WLAN <idx> (1–4). Example: The following example shows the access port adoption list for WLAN 1.
Page 243: Ws2000>Admin(Network.ap)> Reset
WS2000>admin(network.ap)> reset Description: Resets an Access Port. Syntax: reset <idx> Resets the Access Port associated with index <idx>. Example: admin(network.ap)>reset ap 2 admin(network.ap)>? Command Line Interface Reference 10-19...
Page 244: Ws2000>Admin(Network.ap)> Set
10-20 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> set Description: Sets Access Port parameters. Syntax: set beacon mode enable/ disable intvl <idx> ch_mode <idx> fixed/ random <idx> <mode> dtim <idx> <period> <idx> <loc> name <idx> <name> primary <idx> <widx>...
Page 245 802.1x <username> <password> detectorap <idx> enable/ disable <idx> <mac> Example: admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use...
Page 246: Ws2000>Admin(Network.ap)> Show
10-22 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> show Description: Shows Access Port parameters. Syntax: show <idx> status Example: admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use...
Page 247 ap index ap status ap index ap status ap index ap status ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status admin(network.ap)>...
Page 248: Network Ap Default Commands
10-24 WS 2000 Wireless Switch System Reference Guide 10.4 Network AP Default Commands WS2000>admin(network.ap)> default Description: Displays the default Access Port (AP) submenu. The items available under this command are shown below. Sets default Access Port parameters. show Shows default Access Port parameters.
Page 249: Ws2000>Admin(Network.ap.default)> Set
WS2000>admin(network.ap.default)> set Description: Sets the default Access Port parameters. Syntax: set beacon mode <type> intvl <type> ch-mode <type> fixed/ random <type> <mode> dtim <type> <period> primary <type> <wdix> rate <type> <basic> <type> <indoor> <type> <bytes> short-pre <type> enable/ disable enable/ Sets the default for secure beacons of specified type <type>...
Page 250 10-26 WS 2000 Wireless Switch System Reference Guide Example: admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap indoor use ap channel ap channel mode ap radio power power to antenna ap diversity...
Page 251: Ws2000>Admin(Network.ap.default)> Show
WS2000>admin(network.ap.default)> show Description: Shows the default Access Port parameters for a particular radio type. Syntax: show default Shows the default Access Port parameters. Example: admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap indoor use ap channel ap channel mode ap radio power...
Page 252: Network Ap Test Commands
10-28 WS 2000 Wireless Switch System Reference Guide 10.5 Network AP Test Commands WS2000>admin(network.ap)> test Description: Displays the test submenu. The items available under this command are shown below. Switches the Access Port to a new channel. quit Quits the CLI.
Page 253: Ws2000>Admin(Network.ap.test)> New
WS2000>admin(network.ap.test)> new Description: Switches the specified Access Port to a new channel. Syntax: <idx> <ch> Switches the Access Port indexed with <idx> (1–12) to channel <ch> (which must be a valid channel for the specified Access Port. Example: admin(network.ap.test)>new 2 15 admin(network.ap.test)>...
Page 254: Network Dchp Commands
10-30 WS 2000 Wireless Switch System Reference Guide 10.6 Network DCHP Commands WS2000>admin(network)> dhcp Description: Displays the DHCP submenu. The items available under this command are shown below. Sets system updated flags. show Shows system updated flags. save Saves the configuration to system flash.
Page 255: Ws2000>Admin(Network.dhcp)> Set
WS2000>admin(network.dhcp)> set Description: Sets parameters for automated firmware and configuration upgrades. Syntax: firmwareupgrade configupgrade interface <int> Example: admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface admin(network.dhcp)>set firmwareupgrade 1 admin(network.dhcp)>set con 1 admin(network.dhcp)>set inter s1 admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands:...
Page 256: Ws2000>Admin(Network.dhcp)> Show
10-32 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.dhcp)> show Description: Displays system updated flags. Syntax: show Displays all of the DHCP-related system update parameters. Example: admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands: Sets the DHCP-related parameters for updating system firmware and configuration.
Page 257: Network Firewall Commands
10.7 Network Firewall Commands WS2000>admin(network)> fw Description: Displays the firewall submenu. The items available under this command are shown below. Sets firewall parameters. show Shows firewall parameters. submap Goes to the subnet mapping submenu. policy Goes to the advanced subnet mapping submenu. save Saves the configuration to system flash.
Page 258: Ws2000>Admin(Network.fw)> Set
10-34 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw)> set Description: Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen. Syntax: mode enable/disable override enable/disable enable/disable enable/disable mime filter enable/disable enable/disable enable/disable timeout <time>...
Page 259 ip spoofing attack filter land attack filter ping of death attack filter reassembly attack filter admin(network.fw)> Related Commands: show Shows the current firewall settings. : enable : enable : enable : enable Command Line Interface Reference 10-35...
Page 260: Ws2000>Admin(Network.fw)> Show
10-36 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw)> show Description: Displays the firewall parameters. Syntax: show Shows all firewall settings. Example: admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters ftp bounce attack filter syn flood attack filter...
Page 261: Network Firewall Policy Commands
10.8 Network Firewall Policy Commands WS2000>admin(network.fw)> policy Description: Displays the firewall policy submenu. The items available under this command are shown below. inbound Goes to the inbound policy submenu. outbound Goes to the outbound policy submenu. import Imports subnet access rules. save Saves the configuration to system flash.
Page 262: Ws2000>Admin(Network.fw.policy)> Import
10-38 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy)> import Description: Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted.
Page 263: Network Firewall Policy Inbound Commands
10.9 Network Firewall Policy Inbound Commands WS2000>admin(network.fw.policy)> inb Description: Displays the inbound policy submenu. The items available under this command are shown below. Adds a firewall policy. Sets firewall policy parameters. delete Deletes a firewall policy. list Lists firewall policies. move Moves a firewall policy to a different position in the list.
Page 264: Ws2000>Admin(Network.fw.policy.inb)> Add
10-40 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> add Description: Adds an inbound firewall policy. Syntax: <sip> <snetmask> <dip> Example: admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask ----------------------------------------------------------------------------- 192.168.24.0-...
Page 265: Ws2000>Admin(Network.fw.policy.inb)> Delete
WS2000>admin(network.fw.policy.inb)> delete Description: Deletes a firewall policy. Syntax: delete <idx> Deletes inbound firewall policy <idx> from the policy list. Deletes all inbound firewall policies. Example: admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ----------------------------------------------------------------------------- 209.239.179.52- 168.192.56.4- all 1: 255.255.255.224 255.255.255.0 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0...
Page 266: Ws2000>Admin(Network.fw.policy.inb)> Insert
10-42 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> insert Description: Inserts a new firewall policy before an existing policy. Syntax: insert <idx> <sip> <snetmask> Example: admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT ----------------------------------------------------------------------------- 209.239.170.88- 192.168.42.2- all 1: 255.255.255.224 255.255.255.0...
Page 267: Ws2000>Admin(Network.fw.policy.inb)> List
WS2000>admin(network.fw.policy.inb)> list Description: Lists inbound firewall policies. Syntax: list Lists all firewall policies. <idx> Displays firewall policy with number <idx>. Example: admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask ----------------------------------------------------------------------------- 192.168.24.0- 255.255.255.0 Dst IP-Netmask...
Page 268: Ws2000>Admin(Network.fw.policy.inb)> Move
10-44 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> move Description: Moves a firewall policy to a different position in the list and renumbers all affected items in the list. Syntax: move <idx> Moves policy <idx> up one (to a lower number) in the policy list.
Page 269: Ws2000>Admin(Network.fw.policy.inb)> Set
WS2000>admin(network.fw.policy.inb)> set Description: Sets inbound firewall policy parameters. Syntax: saddr <idx> <Ip Addr> daddr <idx> <Ip Addr> <idx> <tp> sport <idx> <port1> dport <idx> <port1> rnat <idx> <Ip Addr> rport <idx> <rport> action <idx> allow/deny Example: admin(network.fw.policy.inb)>set tp 1 gre admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask...
Page 270: Network Firewall Policy Outbound Commands
10-46 WS 2000 Wireless Switch System Reference Guide 10.10 Network Firewall Policy Outbound Commands WS2000>admin(network.fw.policy)> outb Description: Displays the outbound policy submenu. The items available under this command are shown below. Adds a firewall policy. Sets firewall policy parameters. delete Deletes a firewall policy.
Page 271: Ws2000>Admin(Network.fw.policy.outb)> Add
WS2000>admin(network.fw.policy.outb)> add Description: Adds an outbound firewall policy. Syntax: <sip> <snetmask> <dip> <dnetmask> Example: admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Outbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask ----------------------------------------------------------------------------- 192.168.24.0- 255.255.255.0 Related Commands: delete Deletes firewall policies from the outbound list. move Moves policies either up or down in the list of policies.
Page 272: Ws2000>Admin(Network.fw.policy.outb)> Delete
10-48 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.outb)> delete Description: Deletes an outbound firewall policy. Syntax: delete <idx> Deletes outbound firewall policy <idx> from the policy list. Deletes all outbound firewall policies. Example: admin(network.fw.policy.outb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ----------------------------------------------------------------------------- 209.239.179.52- 168.192.56.4- all 1:...
Page 273: Ws2000>Admin(Network.fw.policy.outb)> Insert
WS2000>admin(network.fw.policy.outb)> insert Description: Inserts a new outbound firewall policy before an existing policy. Syntax: insert <idx> <sip> <snetmask> <dip> Example: admin(network.fw.policy.outb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp ----------------------------------------------------------------------------- 209.239.170.88- 192.168.42.2- all 255.255.255.224 255.255.255.0 admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Outbound Policy Successfully inserted at index 1 admin(network.fw.policy.outb)>list -----------------------------------------------------------------------------...
Page 274: Ws2000>Admin(Network.fw.policy.outb)> List
10-50 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.outb)> list Description: Lists outbound firewall policies. Syntax: list Lists all outbound firewall policies. <idx> Displays outbound firewall policy with number <idx>. Example: admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list...
Page 275: Ws2000>Admin(Network.fw.policy.outb)> Move
WS2000>admin(network.fw.policy.outb)> move Description: Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move. Syntax: move <idx> Moves a policy <idx> up one (to a lower number) in the outbound policy list. down <idx>...
Page 276: Ws2000>Admin(Network.fw.policy.outb)> Set
10-52 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.outb)> set Description: Sets firewall policy parameters. Syntax: set saddr <idx> <Ip Addr> daddr <idx> <Ip Addr> <idx> <tp> sport <idx> <port1> dport <idx> <port1> <idx> <wan idx> action <idx> allow/deny Example: admin(network.fw.policy.outb)>set tp 1 gre...
Page 277: Network Firewall Submap Commands
10.11 Network Firewall Submap Commands WS2000>admin(network.fw)> submap Description: Displays the subnet mapping submenu. The items available under this command are shown below. Adds subnet access exception rules. delete Deletes subnet access exception rules. list Lists subnet access exception rules. Sets subnet access parameters. show Shows subnet access parameters.
Page 278: Ws2000>Admin(Network.fw.submap)> Add
10-54 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.submap)> add Description: Adds subnet access exception rules. Syntax: <from> <to> <name> <tran> Example: admin(network.fw.submap)>add s1 w test gre 21 101 admin(network.fw.submap)>list s1 --------------------------------------------------------------------------- index from --------------------------------------------------------------------------- subnet1 wan admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300...
Page 279: Ws2000>Admin(Network.fw.submap)> Delete
WS2000>admin(network.fw.submap)> delete Description: Deletes subnet access exception rules. Syntax: delete <from> <idx> Deletes access exception rule entry <idx> from <from> (one of subnet3, <from> Deletes all access exception rule entries from <from> = subnet4). Example: admin(network.fw.submap)>list s1 ----------------------------------------------------------------------------- index from ----------------------------------------------------------------------------- subnet1 wan subnet1 subnet2 test2...
Page 280: Ws2000>Admin(Network.fw.submap)> List
10-56 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.submap)> list Description: Lists subnet access exception rules. Syntax: list <from> Lists the access exception entries for <from> (one of Example: admin(network.fw.submap)>list s1 ----------------------------------------------------------------------------- index from --------------------------------------------------------------------------- subnet1 wan admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300...
Page 281: Ws2000>Admin(Network.fw.submap)> Set
WS2000>admin(network.fw.submap)> set Description: Sets a default subnet access rule to allow or deny communication. Syntax: set default <from> <to> deny/allow Example: admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>show default s1 ----------------------------------------------------------------------------- subnet1 ----------------------------------------------------------------------------- allow allow admin(network.fw.submap)> Creates a default subnet access rule to deny or allow communication <from> one of the subnets (one of = subnet1, = subnet2,...
Page 282: Ws2000>Admin(Network.fw.submap)> Show
10-58 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.submap)> show Description: Displays default subnet access exception rules for indicated subnet. Syntax: show default <from> Shows all default access exception rules for subnet <from> (one of subnet3, Example: admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>show default s1...
Page 283: Network Lan Commands
10.12 Network LAN Commands WS2000>admin(network)> lan Description: Displays the LAN submenu. The items available under this command are shown below. dhcp Goes to the DHCP submenu. Sets LAN parameters. show Shows LAN parameters. save Saves the configuration to system flash. quit Quits the CLI.
Page 284: Ws2000>Admin(Network.lan)> Set
10-60 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.lan)> set Description: Sets the LAN parameters for the four subnets. Syntax: ipadr <idx> <IPaddr> mask <idx> <IPmask> mode <idx> enable/disable name <idx> <name> port <port#> <subnet> wlan <wlan#> <subnet> Example: admin(network.lan)>show lan 1...
Page 285: Ws2000>Admin(Network.lan)> Show
WS2000>admin(network.lan)> show Description: Shows the LAN parameters. Syntax: show <idx> Shows the settings for the subnet <idx> (1–4). Example: admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans admin(network.lan)>set name 1 NewName admin(network.lan)>set port 4 none admin(network.lan)>set wlan 2 s1 admin(network.lan)>show lan 1 subnet name...
Page 286: Network Lan Dhcp Commands
10-62 WS 2000 Wireless Switch System Reference Guide 10.13 Network LAN DHCP Commands WS2000>admin(network.lan)> dhcp Description: Displays the DHCP submenu. The items available under this command are shown below. Adds static DHCP address assignments. delete Deletes static DHCP address assignments.
Page 287: Ws2000>Admin(Network.lan.dhcp)> Add
WS2000>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: <idx> <mac> <ip> Adds a static DHCP address assignment for subnet <idx> where the device with the MAC address <mac> (00A0F8F01234) assigned to the IP address <ip>. Example: admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6 admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>list 1 -----------------------------------------------------------------------------...
Page 288: Ws2000>Admin(Network.lan.dhcp)> Delete
10-64 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.lan.dhcp)> delete Description: Deletes static DHCP address assignments. Syntax: delete <idx> <entry> <idx> Example: admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- index mac address ----------------------------------------------------------------------------- admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42 admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>list 1 -----------------------------------------------------------------------------...
Page 289: Ws2000>Admin(Network.lan.dhcp)> List
WS2000>admin(network.lan.dhcp)> list Description: Lists static DHCP address assignments. Syntax: list <idx> Lists the static DHCP address assignments for subnet <idx> (1–4). Example: admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- index mac address ip address ----------------------------------------------------------------------------- 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)> admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3 admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- index mac address...
Page 290: Ws2000>Admin(Network.lan.dhcp)> Set
10-66 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.lan.dhcp)> set Description: Sets DHCP parameters for the subnets. Syntax: set dgw <idx> <ip> <idx> wins <idx> <ip> lease <idx> <lease> domain <idx> <dname> mode <idx> none client server range <idx> <ip1>...
Page 291: Ws2000>Admin(Network.lan.dhcp)> Show
WS2000>admin(network.lan.dhcp)> show Description: Shows DHCP parameter settings for specified subnets. Syntax: show dhcp <idx> Show the DHCP parameter settings for subnet <idx> (1–4). These parameters are set with the set command. Example: admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218 admin(network.lan.dhcp)>show dhcp 1 dhcp mode default gateway...
Page 292: Network Qos Commands
10-68 WS 2000 Wireless Switch System Reference Guide 10.14 Network QoS Commands WS2000>admin(network)> qos Description: Displays the quality of service (QoS) submenu. The items available under this command are shown below. Sets QoS parameters. show Shows QoS parameters. clear Clears QoS parameters.
Page 293: Ws2000>Admin(Network.qos)> Clear
WS2000>admin(network.qos)> clear Description: Clears QoS radio statistics. Syntax: clear queuing Clears the radio QoS queuing statistics. Example: admin(network.qos)>clear queue Related Commands: Sets the QoS parameters. show Shows the QoS parameters and the QoS queuing statistics. Command Line Interface Reference 10-69...
Page 294: Ws2000>Admin(Network.qos)> Set
10-70 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.qos)> set Description: Sets QoS parameters. Syntax: bw-share mode none static weighted weight <idx> Example: admin(network.qos)>set bw-share mode weighted admin(network.qos)>set bw weight 1 4 admin(network.qos)> Related Commands: show Shows the bandwidth settings and the queuing statistics.
Page 295: Ws2000>Admin(Network.qos)> Show
WS2000>admin(network.qos)> show Description: Shows QoS parameters and queuing statistics. Syntax: show bw-share queuing <idx> Example: admin(network.qos)>show bw BW Share Mode:static admin(network.qos)>show qu 1 BW Share Mode:static ------------------------------------------------------------------------------- Priority ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- WLAN: ------------------------------------------------------------------------------- admin(network.qos)> Related Commands: Sets the QoS parameters. clear Clears the QoS queuing statistics.
Page 296: Network Router Commands
10-72 WS 2000 Wireless Switch System Reference Guide 10.15 Network Router Commands WS2000>admin(network)> router Description: Displays the router submenu. The items available under this command are shown below. Adds user-defined routes. delete Deletes user-defined routes. list Lists user-defined routes. Sets RIP parameters.
Page 297: Ws2000>Admin(Network.router)> Add
WS2000>admin(network.router)> add Description: Adds user-defined routes. Syntax: <dest> <netmask> <gw> <iface> Example: admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3 admin(network.router)>list ------------------------------------------------------------------ index destination ------------------------------------------------------------------ 202.57.42.6 admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ------------------------------------------------------------------ index destination ------------------------------------------------------------------ 202.57.42.6 234.44.33.212 <metric> Adds a route with destination IP address <dest>, IP netmask <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface>...
Page 298: Ws2000>Admin(Network.router)> Delete
10-74 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.router)> delete Description: Deletes user-defined routes. Syntax: delete <idx> Deletes the user-defined route <idx> (1–20) from the list. Deletes all user-defined routes. Example: admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3...
Page 299: Ws2000>Admin(Network.router)> List
WS2000>admin(network.router)> list Description: Lists user-defined routes. Syntax: list Displays a list of user-defined routes. Example: admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ----------------------------------------------------------------------------- index destination netmask gateway interface metric ----------------------------------------------------------------------------- 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5 Command Line Interface Reference 10-75...
Page 300: Ws2000>Admin(Network.router)> Set
10-76 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.router)> set Description: Sets routing information protocol (RIP) parameters. Syntax: auth <auth> <dir> <idx> <keyid> <idx> <key> passwd <passwd> type <type> Example: admin(network.router)>set auth md5 admin(network.router)>set key 1 12345678 admin(network.router)>set key 2 87654321 admin(network.router)>show rip...
Page 301: Ws2000>Admin(Network.router)> Show
WS2000>admin(network.router)> show Description: Shows connected routes and routing information protocol (RIP) parameters. Syntax: show Shows RIP parameters. routes Shows connected routes. Example: admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1...
Page 302: Network Vlan Commands
10-78 WS 2000 Wireless Switch System Reference Guide 10.16 Network VLAN Commands WS2000>admin(network)> vlan Description: Displays the VLAN submenu. The items available under this command are shown below. trunk Goes to the trunk submenu. Sets VLAN parameters. show Shows VLAN parameters.
Page 303: Ws2000>Admin(Network.vlan)> Set
WS2000>admin(network.vlan)> set Description: Sets VLAN parameters. Syntax: assign-mode user port default <vlan-id> vlan-id Example: admin(network.vlan)>set assign-mode user admin(network.vlan)>set default 3 admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID Related Commands: show Displays the VLAN settings. Assigns the VLAN assignment mode to one of Assigns the default VLAN ID to <vlan-id>, which is a number between <vlan-id>...
Page 304: Ws2000>Admin(Network.vlan)> Show
10-80 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.vlan)> show Description: Shows VLAN parameters. Syntax: show vlan <id> Displays the VLAN settings for the VLAN specified by <id> (1–31). Example: admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID admin(network.vlan)>show vlan 2...
Page 305: Network Vlan Trunk Commands
10.17 Network VLAN Trunk Commands WS2000>admin(network.vlan)> trunk Description: Displays the trunk submenu. The items available under this command are shown below. Sets trunk parameters. show Shows trunk parameters. clear Clears options. Goes to the parent menu. Goes to the root menu. Command Line Interface Reference 10-81...
Page 306: Ws2000>Admin(Network.vlan.trunk)> Clear
10-82 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.vlan.trunk)> clear Description: Clears VLANs that are trunked. Syntax: clear trunked Clears all the VLANs that are being trunked. Example: admin(network.vlan.trunk)>clear trunked Related Commands: Sets the VLAN trunking parameters. show Displays the VLAN trunking settings.
Page 307: Ws2000>Admin(Network.vlan.trunk)> Set
WS2000>admin(network.vlan.trunk)> set Description: Sets trunk parameters. Syntax: trunk-port <port idx> enable disable trunked <vlan list> Example: admin(network.vlan.trunk)>set trunked add 3,4 admin(network.vlan.trunk)> Enables disables the trunk port for the VLAN to be <port id> (1–6) as numbered on the switch. Adds the VLANs in <vlan list> to be trunked. Specify a VLAN by number (1– 31), separated by commas.
Page 308: Ws2000>Admin(Network.vlan.trunk)> Show
10-84 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.vlan.trunk)> show Description: Displays VLAN trunk settings. Syntax: show trunk Displays VLAN trunking settings. Example: admin(network.vlan.trunk)>show trunk Trunk Port VLAN's Trunked Related Commands: Sets trunking parameters. : None : None...
Page 309: Network Wan Commands
10.18 Network WAN Commands WS2000>admin(network)> wan Description: Displays the WAN submenu. The items available under this command are shown below. Goes to the VPN submenu. Goes to the NAT submenu. Goes to the outbound content filtering submenu. renew Renews the IP address. Sets WAN parameters.
Page 310: Ws2000>Admin(Network.wan)> Renew
10-86 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> renew Description: Renews the IP address. Syntax: renew Renews the switch’s DHCP lease of the IP address if it is a DHCP client. Example: admin(network.wan)>renew admin(network.wan)>...
Page 311: Ws2000>Admin(Network.wan)> Set
WS2000>admin(network.wan)> set Description: Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen. Syntax: set dhcp enable disable <a.b.c.d> <idx> <a.b.c.d> ipadr <idx> <a.b.c.d> mask <a.b.c.d> mode <idx> enable pppoe mode enable idle <val> enable disable passwd...
Page 312: Ws2000>Admin(Network.wan)> Show
10-88 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> show Description: Shows the WAN parameters. Syntax: show <idx> Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 1–8).
Page 313: Network Wan App Commands
10.19 Network WAN App Commands WS2000>admin(network.wan)> app Description: Displays the outbound content filtering submenu. The items available under this command are shown below. addcmd Adds app control commands to the deny list. delcmd Deletes app control commands from the deny list. list Lists app control records.
Page 314: Ws2000>Admin(Network.wan.app)> Addcmd
10-90 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.app)> addcmd Description: Adds app control commands to the deny list. Syntax: addcmd file <filename>.<ext> proxy activex mkdir pasv smtp helo mail rcpt data quit send saml reset vrfy expn Example: admin(network.wan.app)>addcmd ftp ?
Page 315 Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation admin(network.wan.app)>addcmd smtp helo admin(network.wan.app)>addcmd smtp vrfy admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)> Related Commands: delcmd Removes a file or command from the deny list. : deny : allow : allow...
Page 316: Ws2000>Admin(Network.wan.app)> Delcmd
10-92 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.app)> delcmd Description: Deletes application control commands from the deny list. Syntax: delcmd file <filename>.<ext> proxy activex mkdir pasv smtp helo mail rcpt data quit send saml reset vrfy expn Example: admin(network.wan.app)>list ftp...
Page 317 FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)>delcmd smtp helo admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET...
Page 318: Ws2000>Admin(Network.wan.app)> List
10-94 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.app)> list Description: Lists the app control records. Syntax: list Lists Web/HTTP app control settings. Lists FTP app control settings. smtp Lists SMTP app control record. Example: admin(network.wan.app)>list web HTTP Files/Commands Web Proxy...
Page 319: Network Wan Nat Commands
10.20 Network WAN NAT Commands WS2000>admin(network.wan)> nat Description: Displays the nat submenu. The items available under this command are shown below. Adds NAT records. delete Deletes NAT records. list Lists NAT records. Sets NAT parameters. show Shows NAT parameters. save Saves the configuration to system flash.
Page 320: Ws2000>Admin(Network.wan.nat)> Add
10-96 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> add Description: Adds NAT records. Syntax: <idx> <name> Sets an inbound network address translation (NAT) for WAN address <idx>, where <name> is the name of the entry (1 to 7 characters), <tran> is the transport protocol (one of tcp, udp, icmp, ah, esp, gre, or all), <port1> is the starting port number in a port range, <port2>...
Page 321: Ws2000>Admin(Network.wan.nat)> Delete
WS2000>admin(network.wan.nat)> delete Description: Deletes NAT records. Syntax: delete <idx> <entry> Deletes a NAT entry <entry> (1–20) that is associated with WAN <idx> (1–8). <idx> Deletes all NAT entries associated with WAN <idx> (1–8). Example: admin(network.wan.nat)>list inb 2 ----------------------------------------------------------------------------- index name prot ----------------------------------------------------------------------------- special tcp...
Page 322: Ws2000>Admin(Network.wan.nat)> List
10-98 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> list Description: Lists NAT records. Syntax: list <idx> Lists the inbound NAT entries associated with WAN port <idx> (1–8). Example: admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2...
Page 323: Ws2000>Admin(Network.wan.nat)> Set
WS2000>admin(network.wan.nat)> set Description: Sets NAT inbound and outbound parameters. Syntax: set inb mode <idx> enable/ disable <idx> <ip> outb <idx> <ip> <from> <to> type <idx> none 1-to-1 1-to-many Example: admin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address...
Page 324: Ws2000>Admin(Network.wan.nat)> Show
10-100 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> show Description: Shows NAT parameters. Syntax: show <idx> Example: admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping Shows NAT settings for WAN <idx>...
Page 325: Network Wan Vpn Commands
10.21 Network WAN VPN Commands WS2000>admin(network.wan)> vpn Description: Displays the VPN submenu. The items available under this command are shown below. cmgr Goes to the cmgr (Certificate Manager) submenu. Adds an security policy database (SPD) entry. Sets SPD parameters. list Lists SPD entries.
Page 326: Ws2000>Admin(Network.wan.vpn)> Add
10-102 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> add Description: Adds an security policy database (SPD) entry. Syntax: <name> <LSubnet> Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4), through local WAN IP <LWanIP>...
Page 327: Ws2000>Admin(Network.wan.vpn)> Delete
WS2000>admin(network.wan.vpn)> delete Description: Deletes security policy database (SPD) entries. Syntax: delete Deletes all SPD entries. <name> Deletes SPD entries named <name>. Example: admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type -------------------------------------------------------------------------- Eng2EngAnnex Manual Manual admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type -------------------------------------------------------------------------- Eng2EngAnnex Manual admin(network.wan.vpn)>...
Page 328: Ws2000>Admin(Network.wan.vpn)> Ikestate
10-104 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax: ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is con- nected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.
Page 329: Ws2000>Admin(Network.wan.vpn)> List
WS2000>admin(network.wan.vpn)> list Description: Lists security policy database (SPD) entries. Syntax: list Lists all tunnel entries. <name> Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name in the SPD entry. “Bob” is not equal to “bob”, as shown in the example below. Example: admin(network.wan.vpn)>list --------------------------------------------------------------------------...
Page 330: Ws2000>Admin(Network.wan.vpn)> Reset
10-106 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> reset Description: Resets all VPN tunnels. Syntax: reset Resets all VPN tunnels. Example: admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)>...
Page 331: Ws2000>Admin(Network.wan.vpn)> Set
WS2000>admin(network.wan.vpn)> set Description: Sets security policy database (SPD) entry parameters. Syntax: set ike myidtype <name> remidtype <name> myiddata <name> remiddata <name> opmode <name> authtype <name> authalgo <name> <name> encalgo <name> lifetime <name> group <name> type <name> Auto/ Manual <name> <sub> remip <name>...
Page 332 10-108 WS 2000 Wireless Switch System Reference Guide authkey <name> enctype <name> encalgo <name> espauthalgo <name> enckey <name> espauthkey <name> <name> localgw <name> <name> usepfs salife <name> Example: admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name Local Subnet...
Page 333 ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100 admin(network.wan.vpn)>set usepfs Bob enable admin(network.wan.vpn)>set spi Bob ESP IN abcde admin(network.wan.vpn)>set spi Bob ESP OUT cdef23 admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name : Bob Local Subnet Tunnel Type : Manual Remote IP...
Page 334 10-110 WS 2000 Wireless Switch System Reference Guide admin(network.wan.vpn)>set authkey Bob IN 12345678901234567890123456789012 admin(network.wan.vpn)>set authkey Bob OUT 11111111112222222222333333333344 admin(network.wan.vpn)>set spi Bob AUTH IN 2233445 admin(network.wan.vpn)>set spi Bob AUTH OUT 33344 admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name...
Page 335: Ws2000>Admin(Network.wan.vpn)> Stats
WS2000>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: stats Display statistics for all active VPN tunnels. Example: admin(network.wan.vpn)>stats ----------------------------------------------------------------------------- Tunnel Name Status ----------------------------------------------------------------------------- Eng2EngAnnex Not Active Not Active SPI(OUT/IN) Life Time Command Line Interface Reference 10-111 Bytes(Tx/Rx)
Page 336: Network Wan Vpn Cmgr Commands
10-112 WS 2000 Wireless Switch System Reference Guide 10.22 Network WAN VPN Cmgr Commands WS2000>admin(network.wan.vpn)> cmgr Description: Displays to the Certificate Manager submenu. The items available under this command are shown below. genreq Generates a Certificate Request. loadca Loads a trusted certificate from CA.
Page 337: Ws2000>Admin(Network.wan.vpn.cmgr)> Delca
WS2000>admin(network.wan.vpn.cmgr)> delca Description: Deletes a trusted certificate. Syntax: delca <IDname> Deletes the trusted certificate <IDname>. Example: admin(network.wan.vpn.cmgr)>delca CAfinance admin(network.wan.vpn.cmgr)> Command Line Interface Reference 10-113...
Page 338: Ws2000>Admin(Network.wan.vpn.cmgr)> Delprivkey
10-114 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> delprivkey Description: Deletes a private key. Syntax: delprivkey <IDname> Example: admin(network.wan.vpn.cmgr)>delprivkey <IDname> admin(network.wan.vpn.cmgr)> Deletes private key named <IDname>.
Page 339: Ws2000>Admin(Network.wan.vpn.cmgr)> Delself
WS2000>admin(network.wan.vpn.cmgr)> delself Description: Deletes a self certificate. Syntax: delself <IDname> Deletes the self certificate named <IDname>. Example: admin(network.wan.vpn.cmgr)>delself<IDname> admin(network.wan.vpn.cmgr)> Command Line Interface Reference 10-115...
Page 340: Ws2000>Admin(Network.wan.vpn.cmgr)> Expcert
10-116 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> expcert Description: Exports the certificate file. Syntax: expcert tftp <file name> Example: admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>expcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands: impcert Imports a certificate. Exports the certificate with specified filename <file name> by either or ftp options for this file transfer will use the settings for the configuration file settings.
Page 341: Ws2000>Admin(Network.wan.vpn.cmgr)> Genreq
WS2000>admin(network.wan.vpn.cmgr)> genreq Description: Generates a Certificate Request. Syntax: genreq <IDname> <Subject> ...optional arguments... [-ou [-on [-cn [-st [-cc [-sa Note: The parameters in [square brackets] are optional. Check with the CA to determine what fields are necessary. For example, most CAs require an email address and an IP address, but not the address of the organization.
Page 342: Ws2000>Admin(Network.wan.vpn.cmgr)> Impcert
10-118 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> impcert Description: Imports the certificate file. Syntax: impcert tftp <file name> Example: admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>impcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands: expcert Exports a certificate. Imports the certificate with specified filename <file name> by either ftp options for this file transfer will use the settings for the configuration file settings.
Page 343: Ws2000>Admin(Network.wan.vpn.cmgr)> Listca
WS2000>admin(network.wan.vpn.cmgr)> listca Description: Lists the loaded trusted certificate. Syntax: listca Lists the loaded trusted certificates. Example: admin(network.wan.vpn.cmgr)>listca Trusted Certificate List: Command Line Interface Reference 10-119...
Page 344: Ws2000>Admin(Network.wan.vpn.cmgr)> Listprivkey
10-120 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> listprivkey Description: Lists the names of private keys. Syntax: listprivkey Lists all private keys. Example: admin(network.wan.vpn.cmgr)>listprivkey ----------------------------------------------------------------------------- Private Key Name ----------------------------------------------------------------------------- Certificate Associated...
Page 345: Ws2000>Admin(Network.wan.vpn.cmgr)> Listself
WS2000>admin(network.wan.vpn.cmgr)> listself Description: Lists the loaded self certificates. Syntax: listself Lists all self certificates that are loaded. Example: admin(network.wan.vpn.cmgr)>listself Self Certificate List: Command Line Interface Reference 10-121...
Page 346: Ws2000>Admin(Network.wan.vpn.cmgr)> Loadca
10-122 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> loadca Description: Loads a trusted certificate from the Certificate Authority. Syntax: loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. Example: admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded...
Page 347: Ws2000>Admin(Network.wan.vpn.cmgr)> Loadself
WS2000>admin(network.wan.vpn.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority. Syntax: loadself <IDname> Loads the self certificate signed by the CA with name <IDname>. Example: admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate: Command Line Interface Reference 10-123...
Page 348: Ws2000>Admin(Network.wan.vpn.cmgr)> Showreq
10-124 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: showreq <IDname> Displays a certificate request named <IDname> generated from the genreq command.
Page 349: Network Wlan Commands
10.23 Network WLAN Commands WS2000>admin(network)> wlan Description: Displays the WLAN submenu. The items available under this command are shown below. Adds MU access control list entries. delete Deletes MU access control list entries. list Lists MU access control list entries. rogueap Goes to the rogue AP submenu.
Page 350: Ws2000>Admin(Network.wlan)> Add
10-126 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> add Description: Adds entries to the mobile unit (MU) access control list. Syntax: <idx> <mac1> <mac2> Example: admin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 ----------------------------------------------------------------------------- index start mac ----------------------------------------------------------------------------- 000000000000 admin(network.wlan)> Related Commands: delete Deletes entries from the MU access control list.
Page 351: Ws2000>Admin(Network.wlan)> Delete
WS2000>admin(network.wlan)> delete Description: Deletes specified entry or entries from mobile unit (MU) access control list. Syntax: delete <idx> <entry> Deletes MU access control list entry <entry> (1–30) for WLAN <idx> (1–4). <idx> Deletes all access control list entries for the WLAN specified by <idx>. Example: admin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1...
Page 352: Ws2000>Admin(Network.wlan)> List
10-128 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> list Description: Lists the entries in the mobile unit (MU) access control list. Syntax: list <idx> Displays the entries in the MU access control list for WLAN <idx> (1–4). Example: admin(network.wlan)>list 1...
Page 353: Ws2000>Admin(Network.wlan)> Set
WS2000>admin(network.wlan)> set Description: Sets WLAN parameters. Syntax: set acl <idx> allow/ deny adopt <idx> allow/ deny auth <idx> <type> bcast <idx> enable/ disable mu-quiet mu-tx mu-timeout mu-retry server- timeout server-retry server <idx> port <idx> rad-acct mode retry-count timeout reauth mode period retry Sets the default MU access control mode to allow or deny...
Page 354 10-130 WS 2000 Wireless Switch System Reference Guide secret syslog <idx> <idx> kerb passwd port realm server user mcast <idx> mode <idx> name <idx> no-mu-mu <idx> <idx> tkip type phrase rotate-mode interval ccmp <idx> <rsidx> <secret> <idx> <ip> mode <idx>...
Page 355 type <idx> phrase <idx> rotate-mode <idx> interval <idx> mixed-mode <idx> preauth <idx> opp-pmk <idx> wep-mcm index <idx> <idx> Example: admin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104.
Page 356 10-132 WS 2000 Wireless Switch System Reference Guide admin(network.wlan)>...
Page 357: Ws2000>Admin(Network.wlan)> Show
WS2000>admin(network.wlan)> show Description: Displays the WLAN parameters. Syntax: show <idx> kerb <idx> tkip <idx> ccmp <idx> wep-mcm <idx> wlan <idx> Example: admin(network.wlan)>show tkip 1 tkip key type tkip phrase tkip key tkip rotate mode tkip rotate interval admin(network.wlan)>show ccmp 1 ccmp key type ccmp phrase ccmp key...
Page 358 10-134 WS 2000 Wireless Switch System Reference Guide ess identifier wlan mode enc type auth type voice prioritization disallow mu to mu answer broadcast ess default mu acl mode default ap adopt mode multicast address 1 multicast address 2 Related Commands: Sets WLAN parameters.
Page 359: Network Wlan Rogue Ap Commands
10.24 Network WLAN Rogue AP Commands WS2000>admin(network.wlan)> rogueap Description: Displays the rogue AP submenu. The items available under this command are shown below. show Shows current rogue AP configuration. Sets rogue AP parameters. rulelist Goes to the rule list submenu. approvedlist Goes to the approved AP list submenu.
Page 360: Ws2000>Admin(Network.wlan.rogueap)> Set
10-136 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap)> set Description: Sets rogue access point parameters. Syntax: muscan mode interval apscan mode interval detscan mode interval Example: admin(network.wlan.rogueap)>set apscan mode enable admin(network.wlan.rogueap)>set apscan int 60 Related Commands: show Displays the rogue AP parameters.
Page 361: Ws2000>Admin(Network.wlan.rogueap)> Show
WS2000>admin(network.wlan.rogueap)> show Description: Shows the current rogue AP configuration. Syntax: show Displays the rogue AP scanning settings. Example: admin(network.wlan.rogueap)>show mu scan mu scan interval ap scan ap scan interval detector ap scan detector ap scan interval : 60 minutes Related Commands: Sets the rogue AP scanning parameters.
Page 362: Network Wlan Rogue Ap Approved Ap List Commands
10-138 WS 2000 Wireless Switch System Reference Guide 10.25 Network WLAN Rogue AP Approved AP List Commands WS2000>admin(network.wlan.rogueap)> approvedlist Description: Displays the approved AP list submenu. The items available under this command are shown below. show Shows the approved AP list.
Page 363: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Ageout
WS2000>admin(network.wlan.rogueap.approvedlist)> ageout Description: Displays ageout time for an approved list entry. Syntax: ageout <interval> Sets the number of minutes, <interval> (0–1000) before an entry in the approved list is automatically removed. Example: admin(network.wlan.rogueap.approvedlist)>ageout 30 admin(network.wlan.rogueap.approvedlist)> Related Commands: erase Erases the approved AP list. Command Line Interface Reference 10-139...
Page 364: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Approve
10-140 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.approvedlist)> approve Description: Approves an AP. Syntax: approve <idx> Approves an access point from the list. Approves all access points in the list. Example: admin(network.wlan.rogueap.approvedlist)>approve 1 admin(network.wlan.rogueap.approvedlist)>approve all admin(network.wlan.rogueap.approvedlist)> Related Commands: erase...
Page 365: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Erase
WS2000>admin(network.wlan.rogueap.approvedlist)> erase Description: Erases the approved AP list. Syntax: erase Erases all entries in the approved list. Example: admin(network.wlan.rogueap.approvedlist)>erase all admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----- Related Commands: approve Adds an Access Port to the approved list. show Displays the approved list.
Page 366: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Show
10-142 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.approvedlist)> show Description: Shows the approved AP list. Syntax: show Displays the list of approved APs. Example: admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----- Related Commands: approve Adds an AP to the approved list.
Page 367: Network Wlan Rogue Ap List Commands
10.26 Network WLAN Rogue AP List Commands WS2000>admin(network.wlan.rogueap)> roguelist Description: Displays the rogue AP list submenu. The items available under this command are shown below. show Displays the rogue list entries. locate Goes to the submenu for locating a rogue AP. muscan Goes to the submenu for on-demand MU polling.
Page 368: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Ageout
10-144 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> ageout Description: Displays the ageout time for a rogue list entry. Syntax: ageout <time> Sets the ageout time for the entry associated to <time> (1–1000) minutes. Example: admin(network.wlan.rogueap.roguelist)>ageout 50 Related Commands: locate Locates a rogue AP.
Page 369: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Approve
WS2000>admin(network.wlan.rogueap.roguelist)> approve Description: Moves a rogue AP into the approved AP list. Syntax: approve <idx> Puts the rogue AP <idx> into the approved AP list. Puts all the entries of the rogue list into the approved AP list. Example: admin(network.wlan.rogueap.approvedlist)>approve all Related Commands: show Shows the rogue list entries.
Page 370: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Erase
10-146 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> erase Description: Erases the rogue AP list. Syntax: erase Deletes all entries from the rogue AP list. Example: admin(network.wlan.rogueap.roguelist)>erase all Related Commands: show Lists all entries in the rogue AP list.
Page 371: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Show
WS2000>admin(network.wlan.rogueap.roguelist)> show Description: Displays the rogue list entries. Syntax: show Displays the list of rogue APs. <idx> Displays detailed information for the rogue AP with index number <idx>. Example: admin(network.wlan.rogueap.roguelist)>show all rogue ap list ++++++++++++++++++++ rogue list ageout ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Related Commands: locate Locates a rogue AP.
Page 372: Network Wlan Rogue Ap Locate Commands
10-148 WS 2000 Wireless Switch System Reference Guide 10.27 Network WLAN Rogue AP Locate Commands WS2000>admin(network.wlan.rogueap.roguelist)> locate Description: Displays the locate submenu. The items available under this command are shown below. start Starts locating a rogue AP. list Lists results of the locate rogue AP scan.
Page 373: Ws2000>Admin(Network.wlan.rogueap.roguelist.locate)> List
WS2000>admin(network.wlan.rogueap.roguelist.locate)> list Description: Lists the results of the locate rogue AP scan. Syntax: list Lists the results of the locate rogue AP scan. Example: admin(network.wlan.rogueap.roguelist.locate)>list Related Commands: start Starts the rogue AP location process. Command Line Interface Reference 10-149...
Page 374: Ws2000>Admin(Network.wlan.rogueap.roguelist.locate)> Start
10-150 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist.locate)> start Description: Locates a rogue AP. Syntax: start <mac> <essid> Example: admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg Related Commands: list Lists information for the rogue AP found during the scan. Starts locating a rogue AP where <mac> is the MAC address (or BSSID) of the rogue AP, and...
Page 375: Network Wlan Rogue Ap Mu Scan Commands
10.28 Network WLAN Rogue AP MU Scan Commands WS2000>admin(network.wlan.rogueap.roguelist)> muscan Description: Displays the MU scan submenu. The items available under this command are shown below. start Starts a rogue AP scan using on-demand MU polling. list Lists the rogue APs found during the scan. save Saves the configuration to system flash.
Page 376: Ws2000>Admin(Network.wlan.rogueap.roguelist.muscan)> List
10-152 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist.muscan)> list Description: Lists the results of the locate rogue AP scan. Syntax: list Lists the results of the locate rogue AP scan. Example: admin(network.wlan.rogueap.roguelist.muscan)>list Related Commands: start Starts the MU scan process.
Page 377: Ws2000>Admin(Network.wlan.rogueap.roguelist.muscan)> Start
WS2000>admin(network.wlan.rogueap.roguelist.muscan)> start Description: Starts an on-demand MU polling for rogue APs. Syntax: start <mac> Starts locating a rogue AP where <mac> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP. Example: admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344 Related Commands:...
Page 378: Network Wlan Rogue Ap Rule List Commands
10-154 WS 2000 Wireless Switch System Reference Guide 10.29 Network WLAN Rogue AP Rule List Commands WS2000>admin(network.wlan.rogueap)> rulelist Description: Displays the rule list submenu. The items available under this command are shown below. show Displays the rule list. Adds an entry to the rule list.
Page 379: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Add
WS2000>admin(network.wlan.rogueap.rulelist)> add Description: Adds an entry to the rule list. Syntax: <mac> <essid> Adds an entry into the rule list to allow an AP with the mac address <mac> and the ESSID <essid>. Example: admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index...
Page 380: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Authsymbolap
10-156 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.rulelist)> authsymbolap Description: Authorizes all Symbol APs. Syntax: authsymbolap enable disable Example: admin(network.wlan.rogueap.rulelist)>auth enable admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----- 00:a0:f8:f3:12:12 Related Commands: show Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.
Page 381: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Delete
WS2000>admin(network.wlan.rogueap.rulelist)> delete Description: Deletes an entry from the rule list. Syntax: delete Deletes all entries in the rule list. <idx> Deletes the <idx> entry in the rule list. Example: admin(network.wlan.rogueap.rulelist)>delete all admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----- Related Commands: show Displays the entries in the rule list.
Page 382: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Show
10-158 WS 2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.rulelist)> show Description: Displays the rule list. Syntax: show Displays all entries in the rule list. Example: admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----- 00:a0:f8:f3:12:12 Related Commands: delete Deletes entries from the rule list.
Page 383: Statistics Commands
10.30 Statistics Commands WS2000>admin)> stats Description: Displays statistics and status for different switch entities. The items available under this command are shown below. show Shows system status and statistics. Goes to the RF statistics submenu. save Saves the configuration to system flash. quit Quits the CLI.
Page 384: Ws2000>Admin(Stats)> Show
10-160 WS 2000 Wireless Switch System Reference Guide WS2000>admin(stats)> show Description: Displays the system status and statistics for either the specified subnet or the WAN. Syntax: show leases subnet <idx> Example: show subnet example admin(stats)>show subnet 1 LAN Interface Information subnet interface 1 : enable ip address 1 : 192.168.0.1...
Page 385 Command Line Interface Reference 10-161 show wan example admin(stats)>show wan WAN Interface Information wan interface 1 : enable ip address 1 : 192.168.24.198 wan interface 2 : disable ip address 2 : 192.168.24.198 wan interface 3 : disable ip address 3 : 192.168.24.198 wan interface 4 : disable ip address 4 : 192.168.24.198 wan interface 5 : disable...
Page 386: Statistics Rf Commands
10-162 WS 2000 Wireless Switch System Reference Guide 10.31 Statistics RF Commands WS2000>admin(stats)> rf Description: Displays the RF statistics submenu. The items available under this command are shown below. show Shows RF statistics. reset Resets/clears all RF statistics. save Saves the configuration to system flash.
Page 387: Ws2000>Admin(Stats.rf)> Reset
WS2000>admin(stats.rf)> reset Description: Resets/clears all RF statistics. Syntax: reset Resets RF statistics. Example: admin(stats.rf)>reset Command Line Interface Reference 10-163...
Page 388: Ws2000>Admin(Stats.rf)> Show
10-164 WS 2000 Wireless Switch System Reference Guide WS2000>admin(stats.rf)> show Description: Shows radio frequency (RF) statistics. Syntax: show wlan wlan <idx> <idx> <mu> total Example: admin(stats.rf)>show all wlan example Index Name Status Index Name Status Index Name Status Index Name Status admin(stats.rf)>show wlan 1 example...
Page 389 Non-Unicast Packets Signal Noise Signal-to-Noise Average Number of Retries Dropped Packets Undecryptable Packets admin(stats.rf)>show all ap example ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index...
Page 390 10-166 WS 2000 Wireless Switch System Reference Guide ap status ap index ap status admin(stats.rf)>show ap 2 example Name Location Radio Type Current Channel Adopted By Number of Associated Mus Packets per second Throughput Average Bit Speed Approximate Utilization Non-Unicast Packets...
Page 391: System Commands
10.32 System Commands WS2000>admin)> system Description: Displays the system submenu. The items available under this command are shown below. lastpw Displays the last debug password. config Goes to the config submenu. logs Goes to the logs submenu. Goes to the NTP submenu. snmp Goes to the SNMP submenu.
Page 392: Ws2000>Admin(System)> Lastpw
10-168 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system)> lastpw Description: This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid.
Page 393: System Authentication Commands
10.33 System Authentication Commands WS2000>admin(system)> authentication Description: Displays the authentication submenu. The items available under this command are shown below. radius Goes to the RADIUS submenu. Sets the mode. save Saves the configuration to system flash. show Shows the authentication parameters. Goes to the parent menu.
Page 394: Ws2000>Admin(System.authentication)> Set
10-170 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication)> set Description: Sets the parameter that specifies how user authentication is taking place. Syntax: mode local radius Example: admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode admin(system.authentication)> Related Commands: radius--> set Sets the parameters to specify that the external RADIUS server is used for user authentication.
Page 395: Ws2000>Admin(System.authentication)> Show
WS2000>admin(system.authentication)> show Description: Shows the main user authentication parameters. Syntax: show Displays the user authentication settings. Example: admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode admin(system.authentication)> Related Commands: Sets the authentication parameters. : local Command Line Interface Reference 10-171...
Page 396: System Authentication Radius Commands
10-172 WS 2000 Wireless Switch System Reference Guide 10.34 System Authentication RADIUS Commands WS2000>admin(system.authentication)> radius Description: Displays the RADIUS submenu. The items available under this command are shown below. Sets the RADIUS authentication parameters. show Shows the RADIUS authentication parameters.
Page 397: Ws2000>Admin(System.authentication.radius)> Set
WS2000>admin(system.authentication.radius)> set Description: Sets the RADIUS proxy server authentication parameters. Syntax: auth-server-ip <IP> auth-server-port <port> shared-secret <password> Example: admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)> admin(system.authentication.radius)>show all radius server ip radius server port radius server shared secret Sets the IP address for the RADIUS authentication proxy server.
Page 398: Ws2000>Admin(System.authentication.radius)> Show
10-174 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication.radius)> show Description: Shows the RADIUS authentication parameters. Syntax: show Displays the RADIUS proxy server parameters. Example: admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)>show all radius server ip radius server port...
Page 399: System Configuration Commands
10.35 System Configuration Commands WS2000>admin(system)> config Description: Displays the config submenu. Syntax: default Restores default configuration. export Exports configuration from the system. import Imports configuration to the system. partial Restores partial default configuration. Sets import/export parameters. show Shows import/export parameters. update Performs firmware update.
Page 400: Ws2000>Admin(System.config)> Default
10-176 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> default Description: Restores the factory default configuration. Syntax: default Restores the switch to the original (factory default) configuration. Example: admin(system.config)>default ****************************************************************************** System will now restore default configuration. You will need to set the country code for correct operation.
Page 401: Ws2000>Admin(System.config)> Export
WS2000>admin(system.config)> export Description: Exports the configuration from the system. Syntax: export Exports the configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. tftp Exports the configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command.
Page 402 10-178 WS 2000 Wireless Switch System Reference Guide ws2000 // WS2000 menu set name WS2000 set loc Extra\20office set email fred@symbol.com set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable...
Page 403: Ws2000>Admin(System.config)> Import
WS2000>admin(system.config)> import Description: Imports the configuration to the system. Syntax: import ftp Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. tftp Imports the configuration from the TFTP server. Use the set command to set the server and file. Example: Import FTP Example admin(system.config)>set server 192.168.22.12...
Page 404: Ws2000>Admin(System.config)> Partial
The following settings will remain intact when using Restore Partial Default Configuration: • All settings on the WAN page • SNMP access to the WS 2000 on the WS 2000 Access page • All settings on the SNMP Access page Before using this feature, consider exporting the current configuration for safekeeping.
Page 405: Ws2000>Admin(System.config)> Set
WS2000>admin(system.config)> set Description: Sets the import/export parameters. Syntax: server <ipaddress> user <username> passwd <pswd> file <filename> file <filename> path <pathname> Example: FTP Set Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation Building configuration file File transfer File transfer Export operation Firmware Example...
Page 406: Ws2000>Admin(System.config)> Show
10-182 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> show Description: Shows the import/export parameters. Syntax: show Shows all import/export parameters. Example: admin(system.config)>show all ftp/tftp server ip address ftp user name ftp password cfg filename firmware filepath firmware filename : 192.168.0.101...
Page 407: Ws2000>Admin(System.config)> Update
WS2000>admin(system.config)> update Description: Performs a firmware update. Syntax: update tftp/ <iface> Sets how firmware updates will occur. Select between <iface> specifies the interface (location), as follows: s1 = subnet1 s2 = subnet2 s3 = subnet3 s4 = subnet4 w = wan Note: Before using this command, use set server to set the IP address for the FTP/ TFTP server.
Page 408: System Logs Commands
10-184 WS 2000 Wireless Switch System Reference Guide 10.36 System Logs Commands WS2000>admin(system)> logs Description: Displays the logs submenu. Syntax: delete Deletes core files. Sets log options and parameters. send Sends log and core files. show Shows logging options. view Views system log.
Page 409: Ws2000>Admin(System.logs)> Delete
WS2000>admin(system.logs)> delete Description: Deletes the core log files. Syntax: delete Deletes the core system log files. Example: admin(system.logs)>delete Command Line Interface Reference 10-185...
Page 410: Ws2000>Admin(System.logs)> Send
10-186 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> send Description: Sends log and core files. Syntax: send Sends the system log file via FTP to a location specified with the set command. Use the set command to set the FTP login and site information.
Page 411: Ws2000>Admin(System.logs)> Set
WS2000>admin(system.logs)> set Description: Sets log options and parameters. Syntax: ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d). level <level> Sets the level of the events that will be logged. All event with a level at or above <level> (L0–L7) will be saved in the system log.
Page 412: Ws2000>Admin(System.logs)> Show
10-188 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> show Description: Shows logging options. Syntax: show Displays all of the logging options. Example: admin(system.logs)>set user fred admin(system.logs)>set password mygoodness unknown input before marker set password mygoodness admin(system.logs)>set passwd mygoodness admin(system.logs)>show all...
Page 413: Ws2000>Admin(System.logs)> View
WS2000>admin(system.logs)> view Description: Views the system log file. Syntax: view Views the system log file. Example: admin(system.logs)>view 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance 7 16:15:43 (none) last message repeated 2 times 7 16:16:01 (none) CC: 0.00...
Page 414: System Ntp Commands
10-190 WS 2000 Wireless Switch System Reference Guide 10.37 System NTP Commands WS2000>admin(system)> ntp Description: Displays the NTP submenu. Syntax: show Shows NTP parameters settings. Sets NTP parameters. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu.
Page 415: Ws2000>Admin(System.ntp)> Set
WS2000>admin(system.ntp)> set Description: Sets NTP parameters. Syntax: set mode enable/disable intrvl <time> server <idx> <ip> port <idx> <port> Example: admin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2...
Page 416: Ws2000>Admin(System.ntp)> Show
10-192 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ntp)> show Description: Shows NTP parameters. Syntax: show Shows all NTP server settings. Example: admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2...
Page 417: System Radius Commands
10.38 System RADIUS Commands WS2000>admin(system)> radius Description: Displays the RADIUS submenu. The items available under this command are shown below. Goes to the EAP submenu. policy Goes to the access policy submenu. ldap Goes to the LDAP submenu. proxy Goes to the proxy submenu. client Goes to the client submenu.
Page 418: Ws2000>Admin(System.radius)> Set
10-194 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius)> set Description: Sets the RADIUS database. Syntax: database local ldap Example: admin(system.radius)>set database ldap admin(system.radius)>show all Database Related Commands: show all Shows the top-level RADIUS parameters. Sets the RADIUS server to either the local database or an LDAP server.
Page 419: Ws2000>Admin(System.radius)> Show
WS2000>admin(system.radius)> show Description: Shows the RADIUS parameters. Syntax: show Displays the RADIUS database setting. Example: admin(system.radius)>set database ldap admin(system.radius)>show all Database Related Commands: Sets the RADIUS database source. : ldap Command Line Interface Reference 10-195...
Page 420: System Radius Client Commands
10-196 WS 2000 Wireless Switch System Reference Guide 10.39 System RADIUS Client Commands WS2000>admin(system.radius)> client Description: Displays the client submenu. The items available under this command are shown below. Adds a RADIUS client. Deletes a RADIUS client. show Displays a list of configured clients.
Page 421: Ws2000>Admin(System.radius.client)> Add
WS2000>admin(system.radius.client)> add Description: Adds a RADIUS client. Syntax: <ip> <mask> <secret> Example: admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)>show List of Radius Clients ------------------------------------------------------------------------------- Subnet/Host ------------------------------------------------------------------------------- 192.168.46.4 admin(system.radius.client)> Related Commands: Deletes a RADIUS client. show Shows a list of RADIUS clients. Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>.
Page 422: Ws2000>Admin(System.radius.client)> Del
10-198 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.client)> del Description: Deletes a RADIUS client. Syntax: <ip> Deletes the RADIUS client with IP address <ip>. Example: admin(system.radius.client)>show List of Radius Clients ------------------------------------------------------------------------------- Subnet/Host ------------------------------------------------------------------------------- 192.168.46.4 192.168.101.43 admin(system.radius.client)>del 192.168.46.4 admin(system.radius.client)>show List of Radius Clients...
Page 423: Ws2000>Admin(System.radius.client)> Show
WS2000>admin(system.radius.client)> show Description: Displays a list of configured clients. Syntax: show Displays the list of RADIUS clients. Example: admin(system.radius.client)>show List of Radius Clients ------------------------------------------------------------------------------- Subnet/Host ------------------------------------------------------------------------------- 192.168.46.4 192.168.101.43 admin(system.radius.client)> Related Commands: Adds a RADIUS client to the list. Deletes a RADIUS client from the list. Netmask SharedSecret 225.225.225.0...
Page 424: System Radius Eap Commands
10-200 WS 2000 Wireless Switch System Reference Guide 10.40 System RADIUS EAP Commands WS2000>admin(system.radius)> eap Description: Displays the EAP submenu. The items available under this command are shown below. peap Goes to the PEAP submenu. ttls Goes to the TTLS submenu.
Page 425: Ws2000>Admin(System.radius.eap)> Import
WS2000>admin(system.radius.eap)> import Description: Imports the EAP certificates. Syntax: import server <cert id> cacert <cert id> Example: admin(system.radius.eap)>import server mycert admin(system.radius.eap)>import cacert NETE3443 Related Commands: show cert Show the list of certificates. Imports a server certificate with the certificate ID <cert id>. Imports a Trusted Certificate with certificate ID <cert id>.
Page 426: Ws2000>Admin(System.radius.eap)> Set
10-202 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap)> set Description: Sets the EAP parameters. Syntax: auth peap ttls Example: admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type Related Commands: show all Shows the EAP settings. Sets the default authorization type to one of associated with the selection to finish the setup.
Page 427: Ws2000>Admin(System.radius.eap)> Show
WS2000>admin(system.radius.eap)> show Description: Shows the EAP parameters. Syntax: show Displays the default EAP authentication settings. cert Displays a list of certificates. Example: admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type Related Commands: Sets the EAP parameters. : peap Command Line Interface Reference 10-203...
Page 428: System Radius Eap Peap Commands
10-204 WS 2000 Wireless Switch System Reference Guide 10.41 System RADIUS EAP PEAP Commands WS2000>admin(system.radius.eap)> peap Description: Displays the PEAP submenu. The items available under this command are shown below. Sets the PEAP authentication type. show Shows the PEAP authentication type.
Page 429: Ws2000>Admin(System.radius.eap.peap)> Set
WS2000>admin(system.radius.eap.peap)> set Description: Sets the PEAP authentication type. Syntax: auth mschapv2 Example: admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type Related Commands: show Displays the PEAP authentication type. Sets the authentication type for PEAP to one of : gtc Command Line Interface Reference 10-205 or MTCHAPv2.
Page 430: Ws2000>Admin(System.radius.eap.peap)> Show
10-206 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap.peap)> show Description: Shows the PEAP authentication type. Syntax: show Displays the PEAP authentication type. Example: admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type Related Commands: Sets the PEAP authentication type. : gtc...
Page 431: System Radius Eap Ttls Commands
10.42 System RADIUS EAP TTLS Commands WS2000>admin(system.radius.eap)> ttls Description: Displays the TTLS submenu. The items available under this command are shown below. Sets the TTLS authentication type. show Shows the TTLS authentication type. save Saves the configuration to system flash. quit Quits the CLI.
Page 432: Ws2000>Admin(System.radius.eap.ttls)> Set
10-208 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap.ttls)> set Description: Sets the TTLS authentication type. Syntax: auth mschapv2 Example: admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type Related Commands: show Show the TTLS authentication type. Sets the authentication type for TTLS to one of PAP, MD5, or MSCHAPv2.
Page 433: Ws2000>Admin(System.radius.eap.ttls)> Show
WS2000>admin(system.radius.eap.ttls)> show Description: Shows the TTLS authentication type. Syntax: show Displays the TTLS authentication type. Example: admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type Related Commands: Sets the TTLS authentication type. : md5 Command Line Interface Reference 10-209...
Page 434: System Radius Ldap Commands
10-210 WS 2000 Wireless Switch System Reference Guide 10.43 System RADIUS LDAP Commands WS2000>admin(system.radius)> ldap Description: Displays the LDAP submenu. The items available under this command are shown below. Sets the LDAP parameters. show Shows the LDAP parameters. save Saves the configuration to system flash.
Page 435: Ws2000>Admin(System.radius.ldap)> Set
WS2000>admin(system.radius.ldap)> set Description: Sets the LDAP parameters. Syntax: ipadr <ip> port <port> binddn <binddn> basedn <basedn> passwd <password> login <logattr> pass_attr <passattr> groupname <gname attr> filter membership <groupattr> Example: admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP LDAP Server Port LDAP Bind DN LDAP Base DN...
Page 436: Ws2000>Admin(System.radius.ldap)> Show
10-212 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.ldap)> show Description: Shows the LDAP parameters. Syntax: show Displays the list of LDAP parameters. Example: admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP LDAP Server Port LDAP Bind DN...
Page 437: System Radius Policy Commands
10.44 System RADIUS Policy Commands WS2000>admin(system.radius)> policy Description: Displays the policy submenu. The items available under this command are shown below. Sets the group’s access policy. show Shows the group’s access policy. save Saves the configuration to system flash. quit Quits the CLI.
Page 438: Ws2000>Admin(System.radius.policy)> Set
10-214 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.policy)> set Description: Sets the group’s access to WLANs. Syntax: <group> <idx list> Example: admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies Related Commands: show Displays the group’s access policies.
Page 439: Ws2000>Admin(System.radius.policy)> Show
WS2000>admin(system.radius.policy)> show Description: Shows the group’s access policy. Syntax: show Displays the group access settings. Example: admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies Related Commands: Sets the group WLAN access settings. : 2 3 4 : No Wlans Command Line Interface Reference 10-215...
Page 440: System Radius Proxy Commands
10-216 WS 2000 Wireless Switch System Reference Guide 10.45 System RADIUS Proxy Commands WS2000>admin(system.radius)> proxy Description: Displays the proxy submenu. The items available under this command are shown below. Adds a proxy realm. Deletes a proxy realm. Sets the proxy server parameters.
Page 441: Ws2000>Admin(System.radius.proxy)> Add
WS2000>admin(system.radius.proxy)> add Description: Adds a proxy realm. Syntax: <realm> <ip> <port> Example: admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms ------------------------------------------------------------------------------- Suffix ------------------------------------------------------------------------------- realm1 Related Commands: show realm Displays this list of defined proxy servers. Deletes a proxy server from the list. <secret>...
Page 442: Ws2000>Admin(System.radius.proxy)> Del
10-218 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.proxy)> del Description: Deletes a proxy realm. Syntax: <realm> Deletes a proxy server realm with name <realm>. Example: admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms ------------------------------------------------------------------------------- Suffix ------------------------------------------------------------------------------- realm1 admin(system.radius.proxy)>del realm1 admin(system.radius.proxy)>show realm...
Page 443: Ws2000>Admin(System.radius.proxy)> Set
WS2000>admin(system.radius.proxy)> set Description: Sets the proxy server parameters. Syntax: delay <delay> Sets the retry delay of the proxy server to <delay> minute (5–10). count <count> Sets the retry count of the proxy server to <count> (3–6). Example: admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count...
Page 444: Ws2000>Admin(System.radius.proxy)> Show
10-220 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.proxy)> show Description: Shows the proxy server parameters. Syntax: show proxy Displays the proxy server parameters. realms Displays proxy server realm information. Example: admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms...
Page 445: System Redundancy Commands
10.46 System Redundancy Commands WS2000>admin(system)> redundancy Description: Displays the redundancy submenu. The items available under this command are shown below. Sets redundancy parameters. show Shows redundancy settings. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu.
Page 446: Ws2000>Admin(System.redundancy)> Set
Sets the redundancy operation state of the switch to one of: • standalone—The switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network. This is the default setting. • redundancy—Two WS 2000 switches are connected, with one set as a primary and the other as a standby.
Page 447: Ws2000>Admin(System.redundancy)> Show
WS2000>admin(system.redundancy)> show Description: Displays the switch redundancy settings. Syntax: show Displays the switch redundancy settings. Example: admin(system.redundancy)>show all redundancy configured mode redundancy operational mode redundancy operational state heart beat interval revert delay heart beat interface Related Commands: Sets the redundancy settings. : primary : VRRP daemon not running : standalone...
Page 448: System Snmp Commands
10-224 WS 2000 Wireless Switch System Reference Guide 10.47 System SNMP Commands WS2000>admin(system)> snmp Description: Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu.
Page 449: System Snmp Access Commands
10.48 System SNMP Access Commands WS2000>admin(system.snmp)> access Description: Displays the SNMP access menu. The items available under this command are shown below. Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries. show Shows SNMP v3 engine ID. save Saves the configuration to system flash.
Page 450 10-226 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.access)> add Description: Adds SNMP access entries. Syntax: add acl <ip1> <ip2> v1v2c <comm> ro/rw <user> ro/rw <auth> <pass1> Example: admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list acl ---------------------------------------------------------------- index start ip ---------------------------------------------------------------- 209.236.24.1 admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none...
Page 451 admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme des changemetoo admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : judy : read/write : 1.3.6.1 : auth/priv : md5 : ******** : des : ******* Command Line Interface Reference 10-227...
Page 452 10-228 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.access)> delete Description: Deletes SNMP access entries. Syntax: delete <idx> v1v2c <idx> <idx> Example: admin(system.snmp.access)>list acl ----------------------------------------------------------------------------- index start ip ----------------------------------------------------------------------------- 209.236.24.1 admin(system.snmp.access)>delete acl all admin(system.snmp.access)>list acl ----------------------------------------------------------------------------- index start ip ----------------------------------------------------------------------------- admin(system.snmp.access)>list v3 all...
Page 453 auth password privacy algorithm privacy password admin(system.snmp.access)>delete v3 2 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password admin(system.snmp.access)> : ******** : des : ******** : fred : read/write : 1.3.6.6 : none : md5 : ********...
Page 454 10-230 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.access)> list Description: Lists SNMP access entries. Syntax: list Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration. <idx> Lists SNMP v3 user definition with index <idx>. Lists all SNMP v3 user definitions.
Page 455 WS2000>admin(system.snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: show Shows the SNMP v3 Engine ID. Example: admin(system.snmp.access)>show eid WS2000 snmp v3 engine id admin(system.snmp.access)> : 0000018457D71CDFF86FD8FC Command Line Interface Reference 10-231...
Page 456: System Snmp Traps Commands
10-232 WS 2000 Wireless Switch System Reference Guide 10.49 System SNMP Traps Commands WS2000>admin(system.snmp)> traps Description: Displays the SNMP traps submenu. The items available under this command are shown below. Adds SNMP trap entries. delete Deletes SNMP trap entries. list Lists SNMP trap entries.
Page 457 WS2000>admin(system.snmp.traps)> add Description: Adds SNMP trap entries. Syntax: add v1v2 <ip> <port> <comm> Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to <port>, the community string set to <comm> (1 to 31 characters), and the SNMP version set to <ip>...
Page 458 10-234 WS 2000 Wireless Switch System Reference Guide auth password privacy algorithm privacy password : ******** : des : ********...
Page 459 WS2000>admin(system.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: delete v1v2c <idx> Deletes entry <idx> from the v1v2c access control list. Deletes all entries from the v1v2c access control list. <idx> Deletes entry <idx> from the v3 access control list. Deletes all entries from the v3 access control list. Example: admin(system.snmp.traps)>list v3 all index...
Page 460 10-236 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.traps)> list Description: Lists SNMP trap entries. Syntax: list v1v2c <idx> Example: admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip ---------------------------------------------------------------------- 203.223.24.2 admin(system.snmp.traps)>add v3 201.232.24.33 555 BigBoss none md5 admin(system.snmp.traps)>list v3 all...
Page 461 WS2000>admin(system.snmp.traps)> set Description: Sets SNMP trap parameters. Syntax: cold enable disable enable disable lowcf enable disable port enable disable dos-attack enable disable snmp-auth enable disable snmp-acl enable disable mu-assoc enable disable mu-unassoc enable disable mu-deny-assoc enable disable mu-deny-auth enable disable ap-adopt enable disable...
Page 462 10-238 WS 2000 Wireless Switch System Reference Guide Example: admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation...
Page 463 admin(system.snmp.traps)>set ap-radar enable admin(system.snmp.traps)>set min-pkt 1000 admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu associated mu unassociated mu denied association...
Page 464 10-240 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.traps)> show Description: Shows SNMP trap parameters. Syntax: show trap Shows SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings. Example: admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed...
Page 465 compact flash memory threshold min packets required for rate trap: 1000 denial of service trap rate limit : 10 admin(system.snmp.traps)>show rate-trap SNMP Switch Rate Traps pkts/s greater than throughput(Mbps) greater than num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than...
Page 466 10-242 WS 2000 Wireless Switch System Reference Guide -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than admin(system.snmp.traps)> : disable : disable : disable : disable...
Page 467: System Ssh Commands
10.50 System SSH Commands WS2000>admin(system)> ssh Description: Displays the secure shell (SSH) submenu. The items available under this command are shown below. Sets SSH parameters show Shows SSH parameters. save Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
Page 468: Ws2000>Admin(System.ssh)> Set
10-244 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ssh)> set Description: Sets secure shell parameters for system access. Syntax: auth-timeout <time> inactive-timeout <time> Example: admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout SSH Client Inactivity Timeout admin(system.ssh)> Related Commands: show all Shows the SSH parameter values.
Page 469: Ws2000>Admin(System.ssh)> Show
WS2000>admin(system.ssh)> show Description: Shows secure shell timeout parameters. Syntax: show Display the SSH parameter settings. Example: admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout SSH Client Inactivity Timeout admin(system.ssh)> Related Commands: Sets the values for the secure shell timeout parameters. : 60 : 2000 Command Line Interface Reference 10-245...
Page 470: System User Database Commands
10-246 WS 2000 Wireless Switch System Reference Guide 10.51 System User Database Commands WS2000>admin(system)> userdb Description: Displays the userdb submenu. The items available under this command are shown below. user Goes to the user submenu. group Goes to the group submenu.
Page 471: System User Database Group Commands
10.52 System User Database Group Commands WS2000>admin(system.userdb)> group Description: Displays the group submenu. The items available under this command are shown below. create Creates a new group. delete Deletes a group. Adds a user to a group. remove Removes a user from a group. show Shows the existing groups.
Page 472: Ws2000>Admin(System.userdb.group)> Add
10-248 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> add Description: Adds a user to a group. Syntax: <userID> <groupID> Example: admin(system.userdb.group)>add fred g1 admin(system.userdb.group)>add joe g1 admin(system.userdb.group)>add joe g2 admin(system.userdb.group)>show user g1 List of Users of Group admin(system.userdb.group)>show user g2...
Page 473: Ws2000>Admin(System.userdb.group)> Create
WS2000>admin(system.userdb.group)> create Description: Creates a new group. Syntax: create <groupID> Creates a new group with the ID <groupID>. The <groupID> can be an alphanumeric string. Example: admin(system.userdb.group)>create g1 admin(system.userdb.group)>create g2 admin(system.userdb.group)>create g3 admin(system.userdb.group)>show groups List of Group Names admin(system.userdb.group)> Related Commands: delete Deletes a group.
Page 474: Ws2000>Admin(System.userdb.group)> Delete
10-250 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> delete Description: Deletes a group from the database. Syntax: delete <groupID> Deletes the group named <groupID> from the database. A warning will occur if there are still users assigned to that group.
Page 475: Ws2000>Admin(System.userdb.group)> Remove
WS2000>admin(system.userdb.group)> remove Description: Removes a user from a group. Syntax: remove <userID> <groupID> Example: admin(system.userdb.group)>remove joe g1 admin(system.userdb.group)>show users g1 List of Users of Group admin(system.userdb.group)> Related Commands: Adds a user to a group. show users Shows a list of users in a group. Removes user <userID>...
Page 476: Ws2000>Admin(System.userdb.group)> Show
10-252 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> show Description: Shows the existing groups. Syntax: show groups users <groupID> Example: admin(system.userdb.group)>create g1 admin(system.userdb.group)>create g2 admin(system.userdb.group)>create g3 admin(system.userdb.group)>show groups List of Group Names admin(system.userdb.group)>show users g1 List of Users of Group...
Page 477: System User Database User Commands
10.53 System User Database User Commands WS2000>admin(system.userdb)> user Description: Displays the user submenu. The items available under this command are shown below. Adds a new user to the database. Deletes a user from the database. Sets the password for a user. show Shows a list of users and group information about a user.
Page 478: Ws2000>Admin(System.userdb.user)> Add
10-254 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user)> add Description: Adds a new user to the database. Syntax: <userID> <password> Example: admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)> List of User Ids Related Commands: show users Show a list of the users in the database.
Page 479: Ws2000>Admin(System.userdb.user)> Del
WS2000>admin(system.userdb.user)> del Description: Deletes a user from the database. Syntax: <userID> Deletes the user with the ID <userID> from the database. Example: admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)>show users List of User Ids admin(system.userdb.user)>del sally admin(system.userdb.user)>show users List of User Ids admin(system.userdb.user)>...
Page 480: Ws2000>Admin(System.userdb.user)> Set
10-256 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user)> set Description: Sets the password for a user. Syntax: <userID> <newpassword> Example: admin(system.userdb.user)>set fred frednew Related Commands: Adds a new user. Resets the password for user with <userID> to <newpassword>.
Page 481: Ws2000>Admin(System.userdb.user)> Show
WS2000>admin(system.userdb.user)> show Description: Shows a list of users and group membership for a particular user. Syntax: show groups <userID> Displays the list of groups that a user with <userID> belongs to. users Displays a list of all defined users in the database. Example: admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass...
Page 482: System Ws2000 Commands
WS 2000 Wireless Switch System Reference Guide 10.54 System WS2000 Commands WS2000>admin(system)> ws2000) Description: Displays the WS 2000 submenu. The items available under this command are shown below. restart Restarts the WS 2000 Wireless Switch. Sets WS 2000 system parameters.
Page 483: Ws2000>Admin(System.ws2000)> Restart
Restarts the switch from the firmware. Example: admin(system.ws2000)>restart Restarting system. WS 2000 Boot Firmware Version 1.5.0.0-160b Copyright(c) Symbol Technologies Inc. 2003. All rights reserved. Press escape key to run boot firmware ... Power On Self Test testing ram testing nor flash...
Page 484: Ws2000>Admin(System.ws2000)> Set
10-260 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> set Description: Sets WS 2000 system parameters. Syntax: airbeam mode passwd applet slan swan <cc> email <email> <loc> name <name> snmp <time> timeout Example: admin(system.ws2000)>show all system name system location admin email address...
Page 485 airbeam access password admin(system.ws2000)>set name BldgC admin(system.ws2000)>set email johndoe@mycompany.com admin(system.ws2000)>set applet lan enable admin(system.ws2000)>set airbeam mode enable admin(system.ws2000)>set airbeam passwd changeme admin(system.ws2000)>show all system name system location admin email address system uptime WS2000 firmware version country code applet http access from lan applet http access from wan applet https access from lan applet https access from wan...
Page 486: Ws2000>Admin(System.ws2000)> Show
10-262 WS 2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> show Description: Shows WS 2000 system information. Syntax: show Shows all of the WS 2000 system information. Example: admin(system.ws2000)>show all system name system location admin email address system uptime WS2000 firmware version...
Page 487 Numerics 1 to 1 NAT ....... . .4-8 1 to Many NAT ......4-8 802.11 b/g mode .
Page 488 Index-2 PPT 8800 with Windows Mobile 2003 Software for Pocket PCs Product Reference Guide RADIUS setup ......6-3 settings .
Page 489 WPA-TKIP ......5-10 environmental specifications ....1-4 error information Access Ports .
Page 490 Index-4 PPT 8800 with Windows Mobile 2003 Software for Pocket PCs Product Reference Guide 1 to 1 ....... . .4-8 1 to Many .
Page 491 creating ......6-12 description ......6-11 request form .
Page 492 Index-6 PPT 8800 with Windows Mobile 2003 Software for Pocket PCs Product Reference Guide User Datagram Protocol (UDP) ... . . 3-8, 3-10 user-based VLANs ......3-11 user-defined routes, creating .
Page 494 Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 http://www.symbol.com 72E-72622-01 Rev A June 2005...

Symbol WS 2000 System Reference Manual

Chapter 1 . Product Overview

Chapter 2 . Getting Started

Chapter 3 . Lan/Subnet Configuration

Chapter 4 . WAN Configuration

Chapter 5. Wireless Configuration

Chapter 6 . Administrator and User Access

Chapter 7. Switch Administration

Chapter 8 . Status & Statistics

Chapter 9. WS 2000 Use Cases

Chapter 10 . Command Line Interface Reference

Quick Links

Related Manuals for Symbol WS 2000

Summary of Contents for Symbol WS 2000