Symbol WS 2000 System Reference Manual
  1. Manuals
  2. Brands
  3. Symbol Manuals
  4. Switch
  5. WS 2000
  6. System reference manual
Symbol WS 2000 System Reference Manual

Symbol WS 2000 System Reference Manual

Wireless switch version 1.0
Hide thumbs Also See for WS 2000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: System Installation Manual, System Reference Manual
WS 2000 Wireless Switch
System Reference
WS 2000 Wireless Switch Version 1.0
72E-67701-01
Rev A
March 2004
www.symbol.com

Advertisement

Table of Contents
loading

Related Manuals for Symbol WS 2000

Summary of Contents for Symbol WS 2000

  • Page 1 WS 2000 Wireless Switch System Reference WS 2000 Wireless Switch Version 1.0 72E-67701-01 Rev A March 2004 www.symbol.com...
  • Page 2 Copyright Copyright © 2004 by Symbol Technologies, Inc. All rights reserved. No part of this publication may be modified or adapted in any way, for any purposes without permission in writing from Symbol Technologies, Inc. (Symbol). The material in this manual is subject to change without notice.

  • Page 3: Table Of Contents

    Step 5: Configure WLANs ...................30 Step 6: Configure WLAN Security ................31 Setting the Authentication Method ..............32 Setting the Encryption Method ................33 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 4 Configuring the Printer WLAN ................106 Configuring the POS WLAN ................107 Setting Subnet Access ....................108 Configuring the Clients ..................110 Testing Connections....................110 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 5 Configuring the Access Ports ..................130 Configuring Subnet Access ..................135 Installing the Access Ports and Testing ..............136 Appendix A. Sample Configuration File ............. 137 Index Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 6: Chapter 1. Overview

    Warnings Warnings are displayed in red italic text and indicate a loss of data or potential injury. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 7: System Overview

    The WS 2000 Wireless Switch provides a low-cost, feature-rich wireless switch for sites with one to six Access Ports. The WS 2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks.

  • Page 8: Hardware Overview

    PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.) •...

  • Page 9: Software Overview

    • Operating Altitude: 2.4 km • Storage Altitude: 4.6 km Software Overview The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components:...

  • Page 10: Gateway Services

    • Security, including Secure Sockets Layer (SSL) and Firewall • Network Address Translation (NAT), DHCP services, and Layer 3 Routing Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 11: Chapter 2. Features

    • Rate Scaling: This feature seeks to connect MUs to the WS 2000 Wireless Switch (via Access Port) at the highest possible rate, automatically scaling to a lower rate when network traffic demands.

  • Page 12: Access Ports

    WS 2000 Wireless Switch receives a “boot me” packet, it uploads the appropriate firmware for the Access Port. Once complete, the Access Port becomes active. For an Access Port to be adopted by the WS 2000 Wireless Switch, three things must be configured: 1.

  • Page 13: Gateway Services

    NAT allows a company to use a single IP address to communicate with the Internet community. The WS 2000 Wireless Switch provides service, or forward, and reverse NAT translation on packets to and from the WAN and is fully compliant with RFC 1631.

  • Page 14: Dhcp Client And Server

    Layer 3 Routing DHCP Client and Server The WS 2000 Wireless Switch can act as a DHCP client on the WAN and each of its three subnets. It also act as an independent DHCP server on each of the three subnets.

  • Page 15: Wep 64 (40-Bit Key)

    Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to use the same key.

  • Page 16: 802.1X With Shared Key Authentication

    WS 2000 Wireless Switch to share the same key. The MU authenticates by presenting the key to a WS 2000 Wireless Switch. The switch examines the key, and uses it to perform a checksum, or error-checking operation, by comparing the key to one on the switch. The MU accesses network services only when the key passes the checksum process.

  • Page 17: Keyguard-Mcm Support

    Kerberos server exists as a separate entity on the wired LAN. On initial request from a Kerberos-enabled MU, the WS 2000 Wireless Switch acts as a proxy to the external KDC. The switch passes initial Kerberos authentication information to the external KDC until the MU authenticates in the manner described in this section.

  • Page 18: Chapter 3. Getting Started

    Getting Started Overview Installing the Switch To install the WS 2000 Wireless Switch hardware, follow the directions in the WS 2000 Wireless Switch Quick Installation Guide found in the box with the switch and on the CD- ROM that is distributed with the switch. These instructions describe how to: •...
  • Page 19 Getting Started Overview 4. Log in using “admin” as the username and “symbol” as the password. 5. If the login is successful, the following prompt will be displayed. Enter a new admin password in both fields, and click the Update Password Now button.

  • Page 20: Changing The Administrator Password

    Changing the Administrator Password The password information set at the factory is the same for all WS 2000 Network Switches. For security reasons, it is important to change the switch’s admin password as soon as possible.

  • Page 21: Configuring The Switch

    The first step of the network configuration process is to figure out the topology of the LAN. The WS 2000 Wireless Switch allows the administrator to enable and configure three different subnets. The administrator can assign a IP address, port associations, DHCP settings, and security settings to each subnet.

  • Page 22: Defining The Subnets

    An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 23: Step 2: Configure Subnets

    Step 2: Configure Subnets The WS 2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of three subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch-managed Local Area Network (LAN).

  • Page 24: The Dhcp Configuration

    IP addresses to devices as they connect. 3. Set the Advanced Settings, if necessary. 4. Click the Apply button to save all changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 25 2. Specify the address of a Primary DNS server. The Internet Server Provider (ISP) or a network administrator can provide this address. A DNS server translates a domain name, such as www.symbol.com, into an IP address that networks can use. 3. Specify the address of a Secondary DNS server if one is available.

  • Page 26: Step 3: Configure The Wan Interface

    WAN port might connect to a DSL or cable modem to access the Internet. The administrator needs to enter the WAN configuration information. The WS 2000 Wireless Switch includes one WAN port. In order to set up communications with the outside world, select Network Configuration -->...

  • Page 27: Setting Up Point-To-Point Over Ethernet (Pppoe) Communication

    3. It is not necessary to specify the IP Address or any of the other fields on the top section of this form when the WS 2000 wireless switch is set as a DHCP Client. The network host (router, switch, or modem) will provide these values each time it makes a connection with the wireless switch.

  • Page 28: Step 4: Enable Wireless Lans (Wlans)

    6. Click the Apply button to save changes. Step 4: Enable Wireless LANs (WLANs) The WS 2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable one, two or three wireless LANs (WLANs).

  • Page 29: Wireless Summary Area

    WLAN (under Network Configuration --> Wireless) is where the settings and rules for adopting Access Ports can be modified. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 30: Access Port Adoption

    WLAN, once it is enabled. The screen is titled with the name of the WLAN. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 31: Step 6: Configure Wlan Security

    Rename the WLAN in this field, if desired. Character spaces are allowed. This change affects several other screens and the interface will also change the name in the left menu tree. Symbol Technologies recommends the use of descriptive names for WLANs.

  • Page 32: Setting The Authentication Method

    For more information about how to configure these settings, go to How to Configure 802.1 EAP Authentication. 3. Click the Apply button to save changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 33: Setting The Encryption Method

    Decryption applies the algorithm in reverse to restore the data to its original form. Sender and receiver employ the same encryption/decryption method. The WS 2000 Wireless Switch provides three methods for data encryption: WEP, WPA- TKIP, and KeyGuard-MCM. The WPA-TKIP and KeyGuard-MCM methods use WEP 104-bit key encryption.
  • Page 34 5. Specify a Pass Key and click the Generate button. The pass key can be any alphanumeric string. The switch, other proprietary routers, and Symbol cards in mobile units (MUs) use an algorithm to convert an ASCII string to the same hexadecimal number, but this conversion is not required for a wireless connection.
  • Page 35 9. Click the OK button to return to the WLAN security screen. 10. Click the Apply button on the WLAN Security screen to save changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 36 KeyGuard-MCM KeyGuard-MCM is a proprietary encryption method developed by Symbol Technologies. KeyGuard is Symbol’s enhancement to WEP encryption and can work with any WEP device. This encryption method rotates WEP keys for devices that support the method. This encryption implementation is based on the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11i.

  • Page 37: Mobile Unit Access Control List (Acl)

    Port to the list of known ports under the left menu item, Network Configuration --> Wireless --> Access Ports--> <Access Port Name>. For an Access Port to be adopted by the WS 2000 Wireless Switch, three things must be configured: 1.
  • Page 38 Location information set in the System Settings screen and upon settings in the Default Access Port Settings screen for the radio type. The WS 2000 Wireless Switch GUI also allows the administrator to refine the basic Access Port configuration that is set at the point of detection. To examine or change that information: 4.

  • Page 39: Step 8: Configure Subnet Access

    Ports. For more information, see Advanced Access Port Settings. Step 8: Configure Subnet Access The WS 2000 Network Management System allows the administrator to set up access rules for subnet-to-subnet and subnet-to-WAN communication. These access rules control communication between subnets and the outside world (the WAN). Select Network Configuration -->...

  • Page 40: The Access Overview Table

    A combination of the two methods can be used to add multiple entries to the table. You can allow or deny communication through specific protocols using the following process. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 41 Specify a Name to identify the new access rule. This could be the name of a particular application, for example. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 42 Port column blank. Otherwise, use both columns for an entry that has a range of ports. 5. Click the Apply button to save changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 43: Chapter 4. Advanced Configuration

    4. Disable this option if broadcasting the WLAN’s ESSID poses a security risk, such as on a private, corporate network. The default setting is unchecked. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 44: Wlan-Setting Default Access Port Settings

    6. Click the Apply button to save changes. WLAN—Setting Default Access Port Settings The WS 2000 Network Switch can support up to six Access Port. These Access Ports can be either a 802.11a or 802.11b radio type. When an Access Port associates with the wireless switch, the initial settings for that Access Port are taken from the Default Access Port Setting for the appropriate radio type..
  • Page 45 RTS threshold. Set the Access Port beacon settings by clicking on the Beacon Settings button. The following window appears. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 46 Decrease this settings (shortening the time) to support streaming-multicast audio and video applications that are jitter-sensitive. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 47: Wlan-Advanced Access Port Settings

    10. Click the Apply button to save changes WLAN—Advanced Access Port Settings The WS 2000 Wireless Switch GUI allows the administrator to configure the Access Port settings. To examine or change that information: 1. Select Network Configuration --> Wireless --> Access Ports from the left menu and then click the + to the left of the menu item.
  • Page 48 An advantage is faster data-frame throughput. Environments with less wireless traffic and contention for transmission make the best use of a higher RTS threshold. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 49 Decrease this settings (shortening the time) to support streaming-multicast audio and video applications that are jitter-sensitive. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 50: Gateway-How To Configure Network Address Translation (Nat)

    NAT is the appropriate solution. 1. Select Network Configuration --> WAN --> NAT from the left menu. The following screen appears. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 51 OK button to close the screen. 6. Click the Apply button on the NAT screen to save changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 52: Gateway-How To Configure The Ws 2000 Firewall

    Gateway—How to Configure the WS 2000 Firewall Gateway—How to Configure the WS 2000 Firewall The WS 2000 Wireless Switch provides a secure firewall / Network Address Translation (NAT) solution for the WAN uplink. The firewall includes a proprietary CyberDefense Engine to protect internal networks from known Internet attacks. It also provides additional protection by performing source routing, IP unaligned timestamp, and sequence number prediction.

  • Page 53: Configurable Firewall Filters

    A sequence number prediction attack establishes a three-way TCP connection with a forged source address, and the attacker guesses the sequence number of the destination host’s response. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 54: Gateway-How To Configure Static Routes

    A router uses routing tables and protocols to forward data packets from one network to another. The switch’s router manages traffic within the switch’s network, and directs traffic from the WAN to destinations on the switch-managed LAN. The WS 2000 Network Management System provides the Router screen to view and set the router’s connected routes.

  • Page 55: Defining Routes

    Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 56: Security-How To Configure 802.1X Eap Authentication

    1. Go to the Network Configuration --> Wireless --> <WLAN Name> --> <WLAN Name> Security screen. 2. Select the 802.1x EAP radio button to enable the 802.1x Extensible Authentication Protocol (EAP). Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 57 The reauthentication period setting does not affect a wireless connection’s throughput. The engaged access port continues to forward traffic during the reauthentication process. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 58 Note that this is a different value from the Max Retry field at the top of the window. 16. Click the Apply button to save changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 59: Security-How To Configure Kerberos Authentication

    7. Optionally, specify a Backup KDC server by providing the IP address and port. 8. Optionally, specify a Remote KDC server by providing the IP address and port. 9. Click OK when done. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 60: Security-How To Specify A Network Time Protocol (Ntp) Server

    Apply button will result in the loss of all changes to this screen. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 61: Chapter 5. System Administration

    Chapter 5. System Administration Overview The WS 2000 Network Management System provides several screens for administering the switch and monitoring activity on the switch. From the interface the administrator can: • Change the general system settings, such as the name of the switch and the location of the switch •...

  • Page 62: Changing The Name Of The Switch

    Changing the Name of the Switch When the administrator first logs into the WS 2000 Network Management System, the System Settings screen appears. One of the fields in this screen is the System Name field.

  • Page 63: Change The Location And Country Settings Of The Ws 2000

    System Administration Change the Location and Country Settings of the WS 2000 When the administrator first logs into the WS 2000 Network Management System, the System Settings screen appears. One of the fields in this screen is the Country field.

  • Page 64: How To Restart The Ws 2000 Wireless Switch

    1. Select System Configuration --> System Settings from the left menu. 2. Click the Restart WS 2000 button to restart the switch. A second window appears, asking for confirmation. 3. Select the Restart button. Upon confirming the restart, the switch reboots. Typically, normal communications with the switch are restored within a minute or two.
  • Page 65 WS 2000 Wireless Switch. 4. Compare the WS 2000 Version with the most recent version listed on the site. All updates will be listed along with a description of what the update contains. 5. Check to see if an administrator has already downloaded the file. It might already be on an FTP server at the site.

  • Page 66: System Configuration

    System Configuration Exporting and Importing Wireless Switch Settings All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file and then either imported back into the same switch or transferred to another switch. This file-based configuration saving feature provides several benefits: •...
  • Page 67 4. After executing the export, check the Status field for messages about the success or errors in executing the specified operation. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 68: How To Restore Default Configuration Settings

    If, for some reason, access to the user interface is not possible to restore the factory settings, a process for restoring the defaults from the command line interface is available. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 69: Restoring Default Configuration Settings Using The Command Line Interface

    Although it should not be necessary during the normal course of operations, the administrator might need to restore the default configuration settings of the switch. This procedure is typically performed from the WS 2000 Network Management System user interface; however, there are circumstances in which the administrator cannot access the switch through the user interface (for example, if the administrator accidentally disables all the subnet checkboxes in the WS2000 Access screen).

  • Page 70: Remote Administration

    SNMP allows an administrator to manage network performance, find and solve network problems, and plan for network growth. The WS 2000 Wireless Switch includes SNMP management functions for gathering information from its network components, and communicating that information to specific users.
  • Page 71 8. Follow the directions for setting up the Access Control List (below). Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 72 2. Select the type of traps that will generate notification events. To do this, click each of the four trap buttons in the SNMP Trap Selection area to see all the possible trap settings. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 73 Configuration Check this box to generate a trap when Changes the SNMP access or management functions are reconfigured. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 74 5. Select the appropriate SNMP Version (v1 or v2) from the pull-down list for this particular SNMP server. 6. Click the Apply button to save the entries. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 75: Configure Administrator Access

    Configure Administrator Access The WS 2000 Network Management System allows two different users to log in to perform administration tasks: the switch administrator and the manager. The switch administrator can change any settings within the WS 2000 Network Management System.
  • Page 76 WAN can access the log screen by specifying one of the IP addresses associated with the user interface. The WS 2000 Access screen allows the administrator to restrict access from different locations. By selecting the appropriate checkboxes, the administrator can allow or disallow specific types of access from the WAN port or from the LAN subnets.

  • Page 77: Statistics And Logs

    3. Click the Apply button to save changes. Changing the Administrator and Manager Passwords In the lower half of the WS 2000 Access screen, two buttons open sub-screens that allow the administrator to change either the switch administrator’s or switch manager’s passwords.
  • Page 78 Access Port screen. Click on the Clear all AP Stats button to clear all the statistics for the selected Access Port. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 79 To see statistics about a particular mobile unit, click the MAC address button for the mobile unit. A sub-screen appears. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 80: Subnet Statistics

    Packets Subnet Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for each of the subnets. Selecting Status & Statistics -->...
  • Page 81 The total number of data packets sent over the subnet TX Bytes The total number of bytes of information sent over the subnet Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 82: Wan Statistics

    Access Ports for each of the associated WLANs are listed. WAN Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for the Wide Area Network (WAN) port. Selecting Status &...
  • Page 83 The number of data packets that fail to get sent from the WAN TX Dropped interface Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 84: Setting Up And Viewing The System Log

    The total number of TCP/IP data carrier errors received Setting Up and Viewing the System Log The WS 2000 Network Management System keeps a log of the events that happen on the switch. The switch has a modest of amount of memory to store events. If the administrator wishes to keep a more complete event history, the administrator needs to enable a log server.
  • Page 85 DNS communications are allowed. (UDP must be enabled to save the log entries.) Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 86: Chapter 6. Retail Use Cases

    Configuring the Cafe WLAN Configuring the Printer WLAN Configuring the POS WLAN Setting Subnet Access Configuring the Clients Testing the Connections Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 87: The Plan

    POS terminals. The WS 2000 allows the administrator to restrict access from one subnet to another, so Clarisa will create a subnet that is just for WLAN #3, and then restrict access from that subnet to the other subnets.

  • Page 88: Configuring The System Settings

    IP address of 192.168.0.1. She sets her laptop to have an IP address of 192.168.0.2 and a netmask of 255.255.255.0. She also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved...
  • Page 89 Retail Use Cases Clarisa starts her web browser and enters “http://192.168.0.1/” as the URL. The WS 2000 sends a login page to her browser. She logs in using “admin” for the username and “symbol” as the password. Entering the Basic System Settings Clarisa selects System Settings in the left menu, located under the System Configuration heading.
  • Page 90 In the WS 2000 Access screen, Clarisa controls which network interfaces can be used to reconfigure the WS 2000 switch. She is currently using HTTP access on port 80 over the LAN, so she leaves that on. She wants to be able to manage the switch from corporate headquarters, but she does not want to leave the standard HTTP port, port 80, open over the WAN.

  • Page 91: Configuring The Subnets

    Now Clarisa needs to name and define the subnets. The subnet menu items are under the LAN item in Network Configuration in the WS 2000 left menu. The subnets can be renamed, assigned an IP address, and have ports associated with them. Before she can do this, however, Clarisa needs to plan how she is going to assign IP addresses to the subnets and the devices on them.
  • Page 92 POS terminals), and 6 (the server). She activates the DHCP server and gives it an IP address range of 192.168.0.11 to 192.168.0.254. After she enters the Address Assignment Range, Clarisa clicks Advanced DHCP Server. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 93 Using the Interfaces section of the screen, she associates the second WLAN with this subnet. She activates the DHCP server with an IP address range of 192.168.1.11 to 192.168.1.254. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 94 Retail Use Cases After entering the Address Assignment Range, Clarisa clicks Advanced DHCP Server. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 95 Using the Interfaces section of the screen, she associates the third WLAN with this subnet, and activates the DHCP server with an IP address range of 192.168.2.11 to 192.168.2.254. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 96 This seems about right for the usage patterns that she expects for the cafe. If she gets complaints, she will bump it to an hour. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 97: Configuring The Wan Interface

    If her ISP required PPPoE account information, she would have entered that information in the PPP-over-Ethernet section of the screen. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 98: Configuring Network Address Translation (Nat)

    IP address shown. She selects 1 to Many from the NAT Type menu to the right of the IP address. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 99 Clarisa clicks the Ok button to confirm the Outbound Mappings and then clicks the Apply button in the main screen to confirm the NAT choices and save her choices on the switch. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 100: Inspecting The Firewall

    Inspecting the Firewall Clarisa selects the Firewall item in the left menu. Each of the checkbox items represents a type of attack the WS 2000 can filter out. She checks to see that all of the options are enabled. Clarisa clicks the Apply button to confirm that all attacks listed will be filtered.
  • Page 101 Having specified the general Access Port default values, Clarisa goes on to name and configure the Access Port for the POS WLAN. She selects the first Access Port in the left menu. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 102 AP” and a location description. She assigns channel 6 to this Access Port, avoiding contention with the POS AP and the Cafe AP. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 103 However, in the cafe, there will be older wireless devices coming in and rather than confuse them, she will stick with the longer preamble on this WLAN. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 104 Start MAC address for the Access Port for the Cafe WLAN and selects the checkbox for the Cafe WLAN. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 105: Configuring The Wlans

    WLAN. This is the WLAN that she plans to use for the cafe WLAN. The WLAN name is used with in the WS 2000 configuration screens to make the interface easier to navigate. She names this WLAN from “WLAN3” to “Cafe”. She also gives it an ESSID of “CCC-Cafe”.

  • Page 106: Configuring The Printer Wlan

    WLAN. She knows that she will configure all of the mobile units on this WLAN with the correct ESSID, so she disallows this option, potentially keeping a cafe customer out of the printer WLAN. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 107: Configuring The Pos Wlan

    Allowing Answer Broadcast ESS is a way to allow mobile units that are not configured with the network ESSID to associate with the WLAN. She knows that Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 108: Setting Subnet Access

    Deny all protocols. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 109 WAN, the POS subnet, and the Printer subnet. After specifying all of the subnet access rules, she clicks the Apply button to save her changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 110: Configuring The Clients

    After she is confident that everything is working, she moves the Access Ports to their permanent locations. She connects the WS 2000 to the DSL modem. Finally, she tests the connection from each subnet to the WAN.

  • Page 111: Chapter 7. A Field Office Example

    Leo has decided to upgrade to a WS 2000 wireless switch. He will have four Access Ports, one in the administration office area, one in the sales office area, one in the sales engineering area, and one in the engineers’...

  • Page 112: The Plan

    A Field Office Example The Plan Each WS 2000 WLAN has exactly one security policy, where a security policy is defined as a user authentication method and a data encryption method. Because each WLAN can have one and only one security policy, WLAN configuration is usually defined by the security needs of the installation.

  • Page 113: Configuring The System Settings

    IP address of 192.168.0.1. He sets his laptop to have an IP address of 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved...
  • Page 114 Leo clicks the “+” to the left of System Configuration in the left menu, then selects System Settings in the left menu. The system name is used to distinguish between WS 2000 switches for remote configuration. Leo gives the switch a descriptive name, “Atlanta1”. This name will appear in the footer for subsequent configuration windows for the switch.

  • Page 115: Setting Access Control

    A Field Office Example Setting Access Control Leo then clicks the WS 2000 Access node in the left menu. This controls which subnet can be used to reconfigure the WS 2000 switch and how that reconfiguration can be accomplished. Leo will be inside the LAN, so he leaves on all means of reconfiguring from within the LAN.
  • Page 116 Leo clicks the Update Password Now button to register the password change, then on the Apply button in the WS 2000 Access screen to save all changes. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved...

  • Page 117: Configuring The Lan

    10/100BaseT ports and the WLANs) that are currently associated with each subnet. All of the subnets are enabled; no changes are needed there. Next Leo needs to configure each of the subnets. He clicks the “+” symbol to the left of LAN in the left menu to expand it.
  • Page 118 The lease time of somewhere between 10000 seconds and 30000 seconds is appropriate for this application. Leo leaves it at 10000 seconds. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 119 IP address to a client with a specific MAC address. Leo clicks the OK button on the Advanced DHCP Server window, then the Apply button on the subnet window. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 120 Leo clicks the OK button on the Advanced DHCP Server window, then the Apply button on the subnet window. The administration subnet is configured in the same way: Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 121: Configuring The Wan

    The next step is to configure the WAN interface. Configuring the WAN Next Leo configures the WS 2000 WAN interface. This interface connects the WS 2000 switch to the VPN appliance and, through that appliance, to the Internet. Leo enables the WAN interface, but leaves the DHCP client option disabled. Instead of using DHCP to get address information for the switch, he enters the permanent information that he previously obtained from the corporate network administrator.
  • Page 122 He clicks Ok button in the address window, then the Apply button on the WAN window to save his changes. The next step is to set up the network address translations (NAT). Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 123: Setting Up Network Address Translation

    After entering the IP addresses for the WAN interface, Leo clicks the “+” left of the WAN item in the left menu to expand it. He then selects the NAT item. The WS 2000 displays the three IP addresses he entered when configuring the WAN.
  • Page 124 He clicks the Ok button to save his entries, and then clicks the Apply button in the NAT screen. The next step is to configure the firewall. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 125: Confirm Firewall Configuration

    Leo selects the Wireless item in the left menu. He sees that all three wireless LANs are enabled, though they do not have the names that Leo wants to use. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 126 WLAN3 checkbox and makes sure that the other WLAN checkboxes for that row are not selected. Leo clicks the Apply button to save his changes. The next step is to configure the WLANs. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 127: Configuring The Wlans

    WLAN. He expands the Wireless node in the left menu, and selects the first WLAN listed. Leo gives the WLAN the name “EngWLAN” so that subsequent screens in the WS 2000 interface will be a little easier to read. The ESSID is the identification string that his users will see, so he uses a name that will be easy for them to recognize, the string “Engineering.”...
  • Page 128 RADIUS servers, the ports used for RADIUS communication, and the secret string used to start communication. He leaves the rest of the parameters at their default settings. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 129 Leo does need to set the frequency with which the key for broadcast communication is changed. By default, the WS 2000 changes the broadcast every 600 seconds, every ten minutes. Breaking WEP encryption requires several hours of solid traffic, so Leo decides to change the broadcast key rotation to 3600 seconds, or once an hour.

  • Page 130: Configuring The Access Ports

    After these WLANs are configured, the next step is to configure the Access Ports. Configuring the Access Ports The WS 2000 allows the user to specify default settings for Access Ports. Leo expands the Access Ports node in the left menu and selects the 11b Defaults node. Leo has four 802.11a ports, so he will set the default settings for the 802.11a Access Ports.
  • Page 131 He clicks the “+” to the left of Access Ports in the left menu and selects the menu item labeled “AP1”. The WS 2000 switch has found and queried the Access Port for its MAC address. Leo enters a new name for the Access Port, “Eng-AP1,” and its location, “Eng.
  • Page 132 Leo then selects AP2, the second engineering Access Port. He gives it a new name, a location, and assigns it channel 48. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 133 To avoid interference with the sales and marketing AP, Leo chooses channel 149 for the administration Access Port. He then enters the Access Port name and location. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 134 Sales and Marketing Administration The Access Ports are now configured. The next step is to specify access levels between the subnets. Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 135: Configuring Subnet Access

    For example, if he wanted to restrict access from the engineering subnet to the WAN, he would click on the upper left cell of the matrix: Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 136: Installing The Access Ports And Testing

    When everything seems to be working, he sends an email to the users telling them that the new wireless network is up and running! Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 137: Appendix A. Sample Configuration File

    Sample Configuration File Appendix A. Sample Configuration File All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file, and then either imported back into the same switch or transferred to another switch.
  • Page 138 // SNMP v1/v2c trap configuration delete v1v2c all // SNMP v3 trap configuration delete v3 all network wlan Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 139 1 2 09000E000000 delete 1 all // WLAN 2 configuration set mode 2 disable set ess 2 102 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 140 3 disable set ess 3 103 set enc 3 none set auth 3 none set wep-mcm index 3 1 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 141 A in/out 149 100 set rate A 6 54 set div A enable set beacon mode A disable Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 142 6 s1 // WLAN To Subnet Map configuration set wlan 1 s1 set wlan 2 s2 set wlan 3 s3 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 143 3 0.0.0.0 set mode 4 disable set ipadr 4 0.0.0.0 set mode 5 disable set ipadr 5 0.0.0.0 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 144 6 0.0.0.0 set inb mode 6 disable set inb ip 6 0.0.0.0 set type 7 none set outb ip 7 0.0.0.0 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 145 8e57 set id 1 1 set enc-key 1 e2565fc57c2a766fb0d55160d6f92952 set id 2 1 set enc-key 2 e2565fc57c2a766fb0d55160d6f92952 delete all save Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 146 Sample Configuration File Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

  • Page 147: Index

    ......25 FTP bounce ........53 client and server ....... 14 MIME flood........54 configuration ........24 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 148 ......70 installation resetting switch ........64 changing password ......20 retail use cases........86 overview ........... 18 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 149 Wireless LAN ...... See WLANs specifications Wireless Protected Access (WPA)..17 hardware ..........8 wireless summary area ......29 software ..........9 WLANs Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...
  • Page 150 ..... 29 enabling ..........28 WPA, overview........17 example use cases... 104, 105, 127 WPA-TKIP, configuring ...... 34 Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004...

Table of Contents