Download Print this page

Symbol WS5000 Series System Reference Manual

Hide thumbs Also See for WS5000 Series:

System reference manual (426 pages)

,

Reference manual (314 pages)

,

Troubleshooting manual (56 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Reference Manual

WS5000 Series Switch

System Reference Guide

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the WS5000 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Symbol WS5000 Series

Page 1 WS5000 Series Switch System Reference Guide...
Page 2 Symbol reserves the right to make changes to any product to improve reliability, function, or design. No license is granted, either expressly or by implication, estoppel, or otherwise under any Symbol Technologies, Inc., intellectual property rights. An implied license only exists for equipment, circuits, and subsystems contained in Symbol products.
Page 3: Table Of Contents
Contents Chapter 1. WS5000 Series Switch Overview 1.1 Key Features........... 1-2 1.1.1 Installation Features.
Page 4 WS5000 Series Switch System Reference Guide 1.3 Software Overview ..........1-7 1.3.1 Accessing and Configuring the Switch Software.
Page 5 3.4.2 Using AutoInstall to Upgrade from 1.4.X.X/1.4.1.0/1.4.1.1/1.4.2 /1.4.3 to 2.1 3-11 3.4.3 Using AutoInstall to Upgrade From WS5000 Series Switch Build 49 ..3-12 3.4.3.1 Installing the Patch File Automatically ....... . 3-13 3.5 Manual Auto-install .
Page 6 WS5000 Series Switch System Reference Guide 4.2.3 Creating Kerberos User Accounts........4-5 4.2.4 Setting Kerberos Time Synchronization .
Page 7 Chapter 6. Configuring Policies 6.1 Configuring Network Policies........6-1 6.1.1 Classifiers.
Page 8 WS5000 Series Switch System Reference Guide Chapter 8. CLI Command Reference 8.1 CLI Overview ..........8-1 8.1.1 About Contexts .
Page 9 8.4.6 show arp............8-26 8.4.7 show autoinstalllog .
Page 10 WS5000 Series Switch System Reference Guide 8.4.49 show version ..........8-42 8.4.50 show vlan .
Page 11 8.5.35 purge............8-65 8.5.36 radius .
Page 12 WS5000 Series Switch System Reference Guide 8.8.1 import ............8-96 8.8.2 peap.
Page 13 xiii 8.16.4 set............8-124 8.16.5 show .
Page 14 WS5000 Series Switch System Reference Guide 8.21.6 show ............8-154 8.22 Classifier Context (CE) .
Page 15 8.30.5 set............8-183 8.30.6 show .
Page 16 WS5000 Series Switch System Reference Guide 8.37.1 set ............8-212 8.37.2 show .
Page 17 xvii 8.45.4 show ............8-245 8.46 Security Policy Instance .
Page 18 WS5000 Series Switch System Reference Guide 8.54 Standby Context ............8-273 8.54.1 enable .
Page 19 8.62.3 password ........... 8-303 8.62.4 show .
Page 20 WS5000 Series Switch System Reference Guide 8.69.3 disable............8-334 8.69.4 enable .
Page 21 Chapter 11. Converting AP-4131 Access Points to RF Ports 11.1 AP-4131 Features in the WS5000 Series Switch ....11-2 11.1.1 AP-4131 Port Adoption......... . 11-2 11.1.2 AP-4131 Radio Configuration.
Page 22 WS5000 Series Switch System Reference Guide 11.2.1 Updating the Access Point Firmware Using the TFTP Program ... 11-3 11.2.2 Updating the Access Point Firmware Using the XMODEM ....11-3 11.2.3 Adding an Access Port .
Page 23 xxiii Chapter 14. Enhanced RF Statistics 14.1 ccApTable........... 14-1 14.2 ccPortal.
Page 24 WS5000 Series Switch System Reference Guide 15.2.2 Sensor Configuration ......... . . 15-2 15.2.3 Sensor Revert .
Page 25: About This Guide
Service Information Who Should Use this Guide The WS5000 Series Switch System Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the WS5000 Series Switch within the wireless local area network. It also serves as a reference for configuring and modifying most common system settings. The administrator should be familiar with wireless technologies, network concepts, ethernet concepts, as well as IP addressing and SNMP concepts.
Page 26: How To Use This Guide
WS5000 Series Switch System Reference Guide How to Use this Guide This guide will help you implement, configure, and administer the WS5000 Series Switch and associated network elements. This guide is organized into the following sections: Table 1 Quick Reference on How This Guide Is Organized Chapter Jump to this section if you want to...
Page 27: Conventions Used In This Guide
• Notational Conventions Annotated Symbols Note This symbol signals recommended behavior or reference information that might be important to consider. It may include tips or special requirements. IMPORTANT! THIS SYMBOL SIGNALS INFORMATION ABOUT A PROCESS OR CONDITION THAT COULD CAUSE DAMAGE TO EQUIPMENT, INTERRUPTION OF SERVICE, OR LOSS OF DATA.
Page 28: Notational Conventions
• lists of required steps that are not necessarily sequential • Sequential lists (those describing step-by-step procedures) appear as numbered lists. Service Information If a problem with is encountered with the WS5000 Series Switch, contact Symbol Customer Support. See Symbol’s Web site (http://www.symbol.com/services/online_support/online_support.html) for Symbol Customer Support contact information and policies.
Page 29: Chapter 1. Ws5000 Series Switch Overview
WS5000 Series Switch Overview The WS5000 Series Switch provides a centralized management solution for wireless networking components across the wired network infrastructure. Unlike traditional wireless network infrastructures that reside at the edge of a network, the switch uses centralized, policy-based management for all devices on the wireless network.
Page 30: Key Features
Line Interface (CLI). A WS5000 Series Switch streamlines management of a large wireless system and allows for network management features such as Quality of Service (QoS), virtual WLANs and packet forwarding. 1.1 Key Features WS5000 Series Switch includes a robust set of features. These features are briefly listed and described in the following sections: •...
Page 31: Security Features
• Support for Proxy ARP statistics applet operation with Sun JRE • Service mode features • The WS5000 Series Switch GUI applet only supports Sun Java Runtime Environment (JRE) including the Sun Java Virtual Machine (JVM). Support for the Microsoft Virtual Machine is discontinued with the 1.4 release and WS5000 Series Switch.
Page 32: Networking Features
• Layer 3 filtering • Multiple WLAN 1.1.5 Access Port Support Access ports work on any VLAN with connectivity to the wireless switch. The WS5000 Series Switch supports the following access ports: • AP 100 (supports 802.11b) • AP 300 (supports 802.11a/b/g) •...
Page 33: Hardware Overview
WS5000 Series Switch Overview 1.2 Hardware Overview A WS5000 Series Switch contains types of hardware: a wireless switch and a set of access ports. The wireless switch is a rack-mountable device that manages all inbound and outbound traffic on the wireless network.
Page 34: Cabling Requirements
WS5000 Series Switch Installation Guide. 1.2.2 System Status LED Codes A WS5000 Series Switch has two LEDs on the front panel, adjacent to the RJ45 ports. The System Status LEDs display three colors—blue, amber, or red —and three “lit” states—solid, blinking, or off.
Page 35: 10/100/1000 Port Status Led Codes
The port is linked Green blinking The port is linked and active 1.3 Software Overview This section provides an overview of the WS5000 Series Switch software and features. It contains: • 1.3.1 Accessing and Configuring the Switch Software on page 8 •...
Page 36: Accessing And Configuring The Switch Software
1.3.2 Switch Policies A WS5000 Series Switch uses a set of rules, or “policies,” to configure the wireless LAN (WLAN), the access ports that it adopts, and to integrate the wired LANs and VLANs. The policy-based management architecture lets a network administrator create a class of service (CoS) by defining network access, type of WLAN security, and quality of service (QoS) for a group of users.
Page 37: Access Port Adoption Process
1.3.3 Access Port Adoption Process The process in which the WS5000 Series Switch takes on a 802.11 access port and configures it is called adoption. It includes configuring adoption lists, loading the firmware image on the access port, and configuring the access port radios according to the switch policy.
Page 38: Different Dimensions Of Qos
1-10 WS5000 Series Switch System Reference Guide 1.3.4.1 Different Dimensions of QoS Different methods of QoS are applied for distinction between users and applications. The two main categories are: • QoS via Queuing – A network shared by different users such as in a revenue-based, shared office building or a public hotspot is implemented with Service Level Agreements (SLA) based on how much each group of users pay for bandwidth.
Page 39: Weighted Fair Queuing (Wfq)
1-11 WS5000 Series Switch Overview 1.3.4.3 Weighted Fair Queuing (WFQ) Weighted Fair Queuing (WFQ) enables a mechanism on the switch that uses up to eight queues to store data— network packets—and prioritize RF transmission to and from MUs depending on the data type. After the...
Page 40 1-12 WS5000 Series Switch System Reference Guide When QoS is configured on the switch, users can select specific network traffic, prioritize it, and use congestion management and congestion avoidance techniques to provide preferential treatment. Implementing QoS on wireless LANs makes network performance more predictable and bandwidth utilization more effective.
Page 41: Multi-Bssid And Essid Access Ports
1.3.5 Multi-BSSID and ESSID Access Ports In a networked wireless environment, multiple access ports are connected to a WS5000 Series Switch to provide RF connectivity to MUs. Each access port radio sends and receives RF signals over a range of space, the Basic Service Set (BSS).
Page 42: Standby Management
“Failover” or Standby Management enables the network administrator to significantly reduce the chance of a disruption in service to the switch and associated MUs by placing one or more additional WS5000 Series Switches as backup to a Primary wireless switch if it fails.
Page 43: New Features
• Access Port Policy mapping one or more WLANs to a BSSID • Security Policy mapping one security policy to a WLAN policy. 1.4 New Features This section describes the key enhancements in the WS5000 Series Switch: • • RF Statistics •...
Page 44: Gre Tunnel
1-16 WS5000 Series Switch System Reference Guide The salient features of enhnaced RF stats are: • It supports 350 RF stats, on a per APPortal and per MU basis. • Provides Long and Short statistics, Traps and Thresholds. • It is accessible using SNMP.
Page 45: Snmp Trap On Config Change
1-17 WS5000 Series Switch Overview 1.4.5 SNMP Trap on Config Change For improved system administration,WS5000 v2.1 supports the following: 1. Send out a SNMP Trap whenever configuration in the switch changes. The change could be initiated by CLI, GUI or SNMP.
Page 46: Cpu Temperature Monitoring In Ws5000
This will allow the Admin to ping an Access Port - at Layer 2 (the access port does not support IP). This uses Symbol's WNMP protocol's Ping Request and Ping Response to check the connectivity between the switch and the access port.
Page 47: Upgrade/Downgrade Process
23 1.5.1 AP-4131 Port Conversion You can convert the Symbol AP-4131 model access points to RF Ports for use with the WS5000. The port conversion enables existing customers to utilize an existing Symbol wireless infrastructure with the WS5000 Series Switch.
Page 48: Hot Standby
1.5.4 Hot Standby You can use the WS5000 Series Switch in the hot standby mode, but when the switch is in this mode it will not adopt primary access ports. The hot standby system only adopts APs after it detects that the primary system it monitors failed.
Page 49: Viewing Dhcp Configurations
Sets the DHCP server’s maximum lease time, in seconds, to seconds. set dhcp_DomainName <domain.suffix> Sets the DHCP server’s domain name; for example, “symbol.com”. To clear the domain name, pass a NULL argument. set dhcp_PriDNS_IP <IP_address> Sets the IP address that the DHCP server will use as its primary Domain Name System server.
Page 50: Importing A Dhcpd.conf File
: 255.255.255.0 etc... 1.5.6.3 Importing a dhcpd.conf File You can use a DHCP configuration file to configure the DHCP servers on the WS5000 Series Switch. The configuration file must be named dhcpd.conf . To install the file on the switch, use the...
Page 51: Simple Network Management Protocol (Snmp)
The SNMP architecture allows a variety of relationships among network entities. The WS5000 Series Switch v2.0 supports SNMP v3.0 as well as SNMP v2.0 and v1.0. To configure SNMP on the WS5000 Series Switch, see SNMP Context on page 8-258.
Page 52 1-24 WS5000 Series Switch System Reference Guide...
Page 53: Chapter 2. Installing The System Image
Installing the System Image This chapter describes how to install a new system image with the latest software on the WS5000 Series Switch. It also guides you through the CLI commands for restoring the site configuration file for the switch.
Page 54: System Information
WS5000 Series Switch System Reference Guide Note The WS5000 Series Switch Graphical User Interface does not support this process. After you log into the WS5000 series switch, it displays the software version. For example:. user name: cli Symbol Wireless Switch WS 5000 Series.
Page 55: Upgrading The Switch Software To 2.1
Contact your Symbol Support representative. 2.2 Upgrading the Switch Software to 2.1 The WS5000 Series Switch release 2.1 enables you to upgrade to the 2.1 baseline from the platforms: • WS5000 or 5100 running the 2.0/1.4.0/1.4.1.0/1.4.1.1/1.4.2/1.4.3/2.0 baseline. You can upgrade the switch using the following methods: •...
Page 56: Upgrading The Switch From 2.0 To 2.1
2.2.1.2 Upgrading the Switch from 1.4.0/1.4.1.0/1.4.1.1/1.4.2/1.4.3 to 2.1 To determine whether your WS5000 Series Switch has the memory required for upgrading to xxx, run the PreUgradeScript. If the switch has the memory, the script tells you how to upgrade. If the switch does not have enough memory, the script enables you to free the memory to upgrade.
Page 57 Installing the System Image Copying 'vdate' from ftp://111.111.111.111 to Switch... Data connection mode : BINARY (Connecting as 'ftpuser') Status : Transfer completed successfully 202311 bytes received in 0.036 seconds (5.5e+03 Kbytes/s) WS5000.(Cfg)> Copy the dominfo to the switch WS5000.(Cfg)> copy ftp system -u ftpuser -m bin Enter the file name to be copied from FTP server : dominfo IP address of the FTP server : 111.111.111.111 Enter the user password : *******...
Page 58 WS5000 Series Switch System Reference Guide script. Just verify the size of the script ftp'ed matches with the actual one. 2. Enter the CLI service mode: WS5000.(Cfg)> .. WS5000> service Enter CLI Service Mode password: ******** Enabling CLI Service Mode commands..done.
Page 59 Installing the System Image Dom Firmware up to date - Done Finding out the Free Space Needed ... !! Total Free Space on the System: 150 (in MB) OK. Required space to do the upgrade exists .. !! SM-WS5000> Note While running the PreUpgradeScript, you may encounter two problems. Scenario 1: The switch may not have enough space to upgrade.
Page 60 WS5000 Series Switch System Reference Guide Please continue with upgrade after this, as freeing might make the current system unusable .. !! Do you want to free some space (y/n): If the script does not find the required space, it displays: Do you want to free some space (y/n): y Trying to find out how much space can be freed ..
Page 61 Installing the System Image DMA Supported_____________________: No Number of ECC bytes transferred___: 4 Number of sectors per interrupt___: 1 Number of Cylinders_______________: 1004 Number of Heads___________________: 8 Number of Sectors per Track_______: 32 This is a Kouwell DOM which needs to check for the version of DOM firmware checking DOM firmware Verifying vdate Checksum...
Page 62 2-10 WS5000 Series Switch System Reference Guide Shutting down database main thread...done. Resetting the System.. SKDB kernel debugger installed. SKDB kernel debugger installed. Configuring ethernet ports ... Waiting for network elements to get initialized..done. Flushing stale dns entries..done. Checking database integrity...done.
Page 63 2-11 Installing the System Image Note If you do not wish to upgrade the firmware, use the following CLI command: launch -c /image/PreUpgradeScript upgrade nofwcheck 6. Run the following command: SM-WS5000> launch -c /image/PreUpgradeScript upgrade The following details are displayed on your monitor. Enter WS5000_v2.1.0.0-xxxx.sys.kdi as image name when the procedure prompts you to - “Enter the image name”.
Page 64: Recovering From Upgrade Errors
The most likely symptoms would be the system continuously restarting or never showing any activity on the serial console. Any system with these symptoms will need to be returned to the local Symbol Service Center for repair. See the Symbol Service Web-site http ://www.symbol.com/services/msc/msc.html for RMA procedures.
Page 65: Downgrading From 2.1 To 2.0
2-13 Installing the System Image If any of the below two messages are displayed then press the escape key (ESC) to return to the boot selection screen Minimal BASH-like line editing is supported. For the first word, TABlists possible command completions. Anywhere else TAB lists the possiblecompletions of a device/filename.
Page 66: Downgrading From 2.1 To 1.4.3/1.4.2/1.4.1/1.4.0
2-14 WS5000 Series Switch System Reference Guide 2.5 Downgrading from 2.1 to 1.4.3/1.4.2/1.4.1/1.4.0 You can downgrade a switch running WS5000 Series Switch 2.1 image to the switch running one of the following versions: • WS5000 Series Switch 1.4.0.0 (026R) • WS5000 Series Switch 1.4.1.0 (014R) •...
Page 67: Executing The Predowngrade Script
2-15 Installing the System Image Example WS5000.(Cfg)> copy ftp system -u ftpuser -m bin Enter the file name to be copied from FTP server : /home/ WS5x00Switch/builds/bf-2.1.0.0/R_BF_2.1.0.0-xxxR/ downgrade/PreDowngrade.exe IP address of the FTP server : 111.111.111.111 Enter the user password : ******* Copying 'PreDowngrade.exe' from ftp://111.111.111.111 to Switch...
Page 68: Downgrading The Image Version
2-16 WS5000 Series Switch System Reference Guide exec <CR> Executing CLI Service Mode command file ..Enter the command file name: Downgrade.exe 5. Enter Downgrade<x.x.x.x-xxxR>.image as the image filename (<x.x.x.x-xxxR> corresponds to the version to which you downgrade the switch from 2.0).
Page 69: Executing The Downgrade Script
2-17 Installing the System Image Status : Transfer completed successfully 25608008 bytes received in 8.56 seconds (2990804 bytes/s) SM-WS5000> 2.5.3.1 Executing the Downgrade Script You have to execute the Downgrade.exe from the service mode. The example below explains how to execute the Downgrade scipt.
Page 70 2-18 WS5000 Series Switch System Reference Guide Shutting down snmpd agent...done. Shutting down Postgres..done.
Page 71: Dhcp Auto-Install
DHCP lease file. • A command file – This is an ASCII text file that contains site-specific settings for the WS5000 Series Switch (the filename must end with a .sym suffix). The switch obtains this filename through DHCP and...
Page 72: Command File
WS5000 Series Switch System Reference Guide After you extract the configuration file from the DHCP lease file, it downloads, parses, and configures the WS5000 Series Switch 3.2 Command File The command file option specifies a valid filename for an ASCII text format file that exists on the TFTP server.
Page 73: Event Logging
Configuring the WS5000 Series Switch Auto- Note The command file is not invoked automatically using this method. The correct method is to use the DHCP option to send the file to the switch. 3.3.1 Event Logging The service option is a setting to turn on or off the logging feature, which pushes auto-installation event messages to a log file named CmdProcErrors.txt.
Page 74: General Network Configuration And Standby Management
<Value> Notes ConfigFile <config_name (.cfg)> This is the name of a WS5000 Series Switch configuration. This file is downloaded automatically from a specified TFTP server or though the CLI copy command. If the file is not found, or if there were errors during the TFTP download, the installation software will abort the configuration immediately and exit.
Page 75 Configuring the WS5000 Series Switch Auto- Warning! A WS5000 model switch cannot be configured as a standby for a WS5100 model switch. Table 3.3 General Network Configuration and Standby Management Option Value Notes Eth1DNSServer1 <ip_address> DNS server configuration for each interface. Users can configure up Eth1DNSServer2 <ip_address>...
Page 76: Kerberos Configuration
WS5000 Series Switch System Reference Guide 3.3.4 Kerberos Configuration The Wireless Switch features a built-in kerberos KDC, for authentication services, a site may require settings for configuring kerberos functionality. The settings in the command file for configuring the KDC include primary or slave status, hostname, IP address, realm and domain.
Page 77: Syslog Configuration
Configuring the WS5000 Series Switch Auto- Table 3.5 SNMP Configuration (Continued) Option Value Notes SNMPCommunity[1-4]Perm <RO | RW permissions> 3.3.6 Syslog Configuration The syslog section of the command file contains settings for adding syslog hosts to which log messages will be sent.
Page 78: Command File Example
WS5000 Series Switch System Reference Guide 3.3.7.1 Command File Example The following command file example shows the configuration of several options in the WS5000 Series Switch’s command file. You can use the same command file to configure both a primary wireless switch and an associated standby wireless switch.
Page 79 Configuring the WS5000 Series Switch Auto- Eth2DHCP #on/off Gateway #default gateway # Primary IP configuration HostnamePrimary #Hostname of primary CC Eth1PrimaryIP #ip address of primary CC Eth2PrimaryIP #ip address of primary CC # Standby IP configuration HostnameStandby #Hostname of standby CC...
Page 80 3-10 WS5000 Series Switch System Reference Guide SNMPCommunity4Perm #RO/RW: Access permissions # SNMP Traps SNMPCommunity1Trap #SNMP community trap SNMPCommunity1TrapIP #SNMP community trap IP SNMPCommunity2Trap #SNMP community trap SNMPCommunity2TrapIP #SNMP community trap IP SNMPCommunity3Trap #SNMP community trap SNMPCommunity3TrapIP #SNMP community trap IP...
Page 81: Upgrading Using Autoinstall
3-11 Configuring the WS5000 Series Switch Auto- 3.4 Upgrading Using AutoInstall This section describes how to upgrade to 2.1 using the autoinstall procedure. 3.4.1 Using AutoInstall to Upgrade from 2.0 to 2.1 1. Copy the new image (WS5000_v2.1.0.0-xxx.sys.img) to the TFTP Server.
Page 82: Using Autoinstall To Upgrade From Ws5000 Series Switch Build 49
3.4.3 Using AutoInstall to Upgrade From WS5000 Series Switch Build 49 To upgrade from WS5000 Series Switch to 2.1 as part of Auto-install. 1. Copy the patch supplied to the switch running WS5000 Series Switch (build 49): copy ftp system -u <user_name>...
Page 83: Installing The Patch File Automatically
<file_containing_ip_of_WS5000 Series Switch_switches> <patch_filename> <tftp_ip> where: • <telnet/ssh> : Program (telnet or ssh) enabled on the list of WS5000 Series Switches specified by the < file_containing_ip_of_WS5000 Series Switch_switches> • ftp or tftp : Method used to download the patch file.
Page 84 If you use tftp to download the file: ./mantis_caller.sh tftp <file_containing_ip_of_WS5000 Series Switch_switches> <patch_filename> <tftp_ip> where: • : Program (telnet or ssh) enabled on the list of WS5000 Series Switches specified by the <telnet/ssh> <file_containing_ip_of_WS5000 Series Switch_switches>. • ftp: Method used to download the patch file.
Page 85: Manual Auto-Install
3-15 Configuring the WS5000 Series Switch Auto- 3.5 Manual Auto-install There are two types of file you can use for manual auto-install: 1. The Command File Example shown above. This file has .sym extension. 2. The .cli file, which contains just the CLI section of command file (.sym file).See...
Page 86 3-16 WS5000 Series Switch System Reference Guide CLI#add aaasecuritypolicy CLI#set encryption wep40 enable CLI#2 CLI#157.235.208.234 CLI#1812 CLI#WS5000 CLI#set radius server 1 127.0.0.1 CLI#.. CLI#.. ############################################################################# #create a WLAN. Use the security policy that was created above ############################################################################# CLI#wlan CLI#add aaawlan aaawlan CLI#set security aaasecuritypolicy CLI#..
Page 87 3-17 Configuring the WS5000 Series Switch Auto- CLI#aaaaaa CLI#add aaauser4 CLI#aaaaaa CLI#aaaaaa CLI#.. ############################################################################# #Add a RADIUS Group ############################################################################# CLI#group CLI#add aaagroup CLI#.. ############################################################################# # Add aaauser0 to this created group ############################################################################# CLI#adduser aaauser0 aaagroup CLI#.. CLI#.. ############################################################################# # Set this access policy for this Group to allow the WLAN...
Page 88 3-18 WS5000 Series Switch System Reference Guide...
Page 89: Chapter 4. Using The Ws5000 Series Switch Gui
Using the WS5000 Series Switch GUI You can configure the WS5000 switch and access ports using one of the following methods: • The GUI through a web browser • SNMP commands • CLI from a Telnet connection through the wireless switch console port or a secure shell (SSH) application.
Page 90: Logging In
Switch GUI. This file is included on the CD that ships with the product. Figure 4.1 WS5000 Series Switch GUI Console Login 3. Type a User ID and Password and click the Login button. The default is “admin” and “symbol”, respectively.
Page 91: Configuring Master Kdc Information
Using the WS5000 Series Switch GUI Use the WS5000 Series Switch GUI (graphical user interface), the command line interface, or SNMP to configure the onboard KDC. To configure the KDC via the former, perform the steps in the following sections:...
Page 92: Configuring Slave Kdc Information
CONFIGURED. To configure a KDC as a slave KDC: 1. Click System Settings > Kerberos > Configuration > KDC from the WS5000 Series Switch GUI main window. The Kerberos Security Manager dialog box appears. Figure 4.3 Kerberos Security Manager—Configuring a Slave KDC 2.
Page 93: Configuring The Master Kdc To Recognize The Slave
Configuring the KDC Slave. 1. Click System Settings > Kerberos > Configuration > Slave from the WS5000 Series Switch GUI main window. 2. Select the slave KDC from the list in the left pane. Enter the hostname, IP address, and domain of the master KDC server.
Page 94: Setting Kerberos Time Synchronization
Except in a master/slave configuration, KDC NTP time configuration is optional. To synchronize the NTP server with the switch’s on board KDC, follow these steps: 1. From the WS5000 Series Switch GUI main window, click System Settings > Kerberos > Configuration > NTP.
Page 95 Using the WS5000 Series Switch GUI Figure 4.6 KDC Time Configuration 2. Enter the IP addresses for the Preferred Time Server, the First Alternate Time Server, and the Second Alternate Time Server. The alternate servers are optional, but recommended. 3. Click Save to apply settings.
Page 96 WS5000 Series Switch System Reference Guide...
Page 97 Configuring User and Management Authentication The WS5000 Series Switch provides an integrated Radius server as well as the ability to work with External Radius and LDAP servers to provide user database information and user authentication. Management users may also be authenticated using external/integrated RADIUS server. The External Radius server cannot be...
Page 98: Ws5000 As A Radius Client
23-19-CO:API”. 5.2 Configuring an On-board RADIUS Server The WS5000 Series Switch provides an integrated Radius server as well as the ability to work with external Radius and LDAP servers to provide user database information and user authentication. 5.2.1 Configuring the Radius Server The Radius Server screen allows the admin to set up data sources, as well as specify authentication information for the built-in Radius server.
Page 99 Configuring User and Management Authenti- Figure 5.2 Radius Configuration 1. Use the Data Source drop-down menu to select the data source for the local Radius server. • If you select Local, the internal User Database serves as the data source. Refer to the Users screen to enter the user data.
Page 100: Managing Certificates
6. 5.2.2.1 Importing and Installing CA Certificates To import and install the CA and server certificates on the WS5000 Series Switch: 1. Ensure the time in the switch is synchronized with the Windows 2003 server PC. 2. Select System Settings > Radius > Certificate Management > Self Certificate to load the CA certificate.
Page 101 Configuring User and Management Authenti- Figure 5.3 Generating Certificate 3. Click the Upload CA Certificate button. 4. Browse to the CA certificates file and click the Send button. 5. Click on the View/Install certificate button to install the CA certificate and Server certificates. The Install Certificates screen shown in Figure 5.4 appears.
Page 102: Uploading Certificates
WS5000 Series Switch System Reference Guide Figure 5.4 Installing Certificates 6. Select the corresponding request ID for the server certificate and the CA certificate ID. 7. Click Apply. 5.2.2.2 Uploading Certificates If you have a server certificate from a CA and wish to use it on the Radius server: 1.
Page 103: Configuring Ldap Authentication
Configuring User and Management Authenti- The menu displays the certificates imported to the switch. You can also choose an imported CA Certificate to use on the Radius server. If you use a server certificate signed by a CA, you must import that CA's root certificate using the CA certificates screen from the Certificate Management menu.
Page 104 WS5000 Series Switch System Reference Guide Figure 5.7 LDAP Configuration 1. Configure the LDAP Configuration field to enable the switch to work with the LDAP server. Consult with the LDAP server administrator for details on how to set the values if necessary.
Page 105: Configuring Clients
Configuring User and Management Authenti- Group Name Specify the name of the group sent to the LDAP server. Specify the Group Member Attribute to be sent to the LDAP server when Membership Attribute authenticating users. 2. Click one of the following buttons: Saves your changes Apply Undo...
Page 106: Configuring The Radius Accounting Server
5-10 WS5000 Series Switch System Reference Guide 2. Enter the following information in the Clients Configuration table: In the Field Enter Subnet/Host Name of the subnet or host to authenticate Netmask The subnet mask number of the host to authenticate.
Page 107 5-11 Configuring User and Management Authenti- Figure 5.9 Radius Accounting Server Configuration 2. Select Enabled or Disabled in the Accounting pulldown menu. Note Accounting files cannot be viewed from the switch. They have to be downloaded to a TFTP server for viewing. Downloading the accounting file is currently supported only through CLI.
Page 108: Configuring Radius Users
5-12 WS5000 Series Switch System Reference Guide 4. Click one of the following buttons in the screen: Apply Saves your changes Undo Closes the screen without saving your changes. This reverts the screen back to the last saved configuration. Cancel...
Page 109: Adding Groups
5-13 Configuring User and Management Authenti- 5.2.3.1 Adding Groups The Groups table displays a list of all groups in the local Radius server database. The groups are listed in the order they were added. Although groups can be added and deleted, there is no capability to edit the name of a group.
Page 110: Deleting Groups
5-14 WS5000 Series Switch System Reference Guide 5.2.3.2 Deleting Groups To remove a group, select the group from the table and click the Del (Delete) button. A warning message displays when applying the change if there are users still assigned to the group. You can remove the group from each user or add the group back to the group list.
Page 111: Configuring Management User Authentication
This section will take you step-by-step through the configuration of the wireless switch user authentication via remote RADIUS server feature using the Symbol WS5000 wireless switch version 1.2 on Microsoft Windows Server 2000 with Internet Authentication Service and Active Directory.
Page 112: Using On-Board Radius Server
5-16 WS5000 Series Switch System Reference Guide 3. Microsoft Windows Server 2000 (or Advanced Server) with SP4 or (newer) 4. Experience with Microsoft Windows operating systems and the WS5000 Note It is possible to use the Wireless Switch User Authentication via Remote RADIUS Server feature with different configurations than what’s provided in this guide.
Page 113: Configuring Ws5000
5-17 Configuring User and Management Authenti- 5.3.4 Configuring WS5000 1. From the System Settings menu, select Remote Admin … 2. Select the RADIUS Authentication tab. Check the Network Users (Web, Telnet, etc.) check box. Enter the IP address of the Windows Server 2000 for the Primary Name / IP Address. Enter a Shared Secret for the Primary.
Page 114: Ldap And Certificate Configuration
5-18 WS5000 Series Switch System Reference Guide 5.4 LDAP and Certificate Configuration LDAP Server is used as the database with WS5000 RADIUS server. The configuration details for WS5000 and LDAP server (Linux OpenLDAP and Windows Active Directory Server) are as follows: 5.4.1 OpenLdap in Linux...
Page 115: User/Group Configuration With Ldapbrowser
5-19 Configuring User and Management Authenti- ldapadd -x -D "cn=Manager,o=SYMBOL,c=INDIA" -W -f base1.ldif ldapadd -x -D "cn=Manager,o=SYMBOL,c=INDIA" -W -f group6.ldif ldapadd -x -D "cn=Manager,o=SYMBOL,c=INDIA" -W -f member6.ldif ldapsearch -x -b 'o=SYMBOL,c=INDIA' '(&(cn=group2)(objectclass=groupofNames))' ldif file format (base1.ldif, group6.ldif, member6.ldif, wvpn.ldif) dn: o=SYMBOL,c=INDIA...
Page 116: Ldap Configuration In Switch For Active Directory
5-20 WS5000 Series Switch System Reference Guide LDAP Server IP : 192.192.4.42 LDAP Server Port : 389 LDAP Bind DN : cn=Manager,o=symbol,c=India LDAP Base DN : o=symbol,c=India LDAP Login Attribute : (uid=%{Stripped-User-Name:-% {User-Name}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute...
Page 117: Certificate Management With Win-2003 Server
5-21 Configuring User and Management Authenti- 5.4.5 Certificate Management with Win-2003 server Windows 2003 server has Certificate Authority (CA) functionality which can be used for signing requests. This details the configuration for PEAP/TTLS authentication with WS5000 RADIUS server. 1. Install Certificate Authority which comes with Win-2003 server. 2.
Page 118: Installing Active Directory
5-22 WS5000 Series Switch System Reference Guide 5.5.1 Installing Active Directory If Active Directory is already installed, go to 5.5.2 Configuring Active Directory Users on page 32. 1. To install Active Directory, go to the Start Menu, select Programs > Administrative Tools >...
Page 119 5-23 Configuring User and Management Authenti- 3. Click on Start the Active Directory wizard.
Page 120 5-24 WS5000 Series Switch System Reference Guide 4. This will open the Welcome to the Active Directory Installation Wizard. Click Next >. 5. Select Domain controller for a new domain. Click Next >.
Page 121 5-25 Configuring User and Management Authenti- 6. Select Create a new domain tree. Click Next >. 7. Select Create a new forest of domain trees. Click Next >...
Page 122 5-26 WS5000 Series Switch System Reference Guide 8. Enter a Full DNS name for new domain. Click Next >. 9. The Domain NetBIOS name will be entered by the Wizard. Click Next >.
Page 123 5-27 Configuring User and Management Authenti- 10. Keep the default locations for the Database and Log. Click Next >. 11. Keep the default location for the Folder. Click Next >.
Page 124 5-28 WS5000 Series Switch System Reference Guide 12. You may get this alert. Click OK. 13. If you get the alert, you may be asked to configure a DNS server. Select No. Click Next >.
Page 125 5-29 Configuring User and Management Authenti- 14. Use the default permission selected by the Wizard. Click Next >. 15. Enter the Administrator password. Click Next >.
Page 126 5-30 WS5000 Series Switch System Reference Guide 16. Click Next >. 17. Wait while the Wizard configures Active Directory.
Page 127 5-31 Configuring User and Management Authenti- 18. Click Finish. 19. Click Restart Now.
Page 128: Configuring Active Directory Users
5-32 WS5000 Series Switch System Reference Guide 5.5.2 Configuring Active Directory Users If you have not installed Active Directory, go to 5.5.1 Installing Active Directory on page 22 1. To configure Active Directory users, go to the Start Menu, select Programs > Administrative Tools >...
Page 129 5-33 Configuring User and Management Authenti- 3. Enter a First name, Last name and User logon name. You will need to remember this User logon name when you log into the wireless switch. Click Next >. 4. Enter a Password and Confirm password. You will need to remember this password when you log into the switch.
Page 130 5-34 WS5000 Series Switch System Reference Guide 5. Click Finish. 6. Right click on the Active Directory User you’ve just created and select Properties.
Page 131 5-35 Configuring User and Management Authenti- 7. Click the Dial-in tab. Select Allow access. Click OK.
Page 132: Installing Internet Authentication Service
5-36 WS5000 Series Switch System Reference Guide 5.5.3 Installing Internet Authentication Service If Internet Authentication Service is already installed, go ahead to 5.5.4 Configuring Internet Authentication Service on page 1. To install Internet Authentication Service, go to the Start Menu, select Settings > Control Panel.
Page 133 5-37 Configuring User and Management Authenti- 3. Click Add/Remove Windows Components. 4. Select Networking Services. Click Details….
Page 134 5-38 WS5000 Series Switch System Reference Guide 5. Select Internet Authentication Service. Click OK. 6. Click Next >.
Page 135 5-39 Configuring User and Management Authenti- 7. Wait while Windows configures components. 8. Click Finish. Manually restart Windows.
Page 136: Configuring Internet Authentication Service
5-40 WS5000 Series Switch System Reference Guide 5.5.4 Configuring Internet Authentication Service 1. To configure Internet Authentication Service, go to the Start Menu, select Programs > Administrative Tools > Internet Authentication Service. 2. This will open Internet Authentication Service. From the Tree, right-click Clients and select New...
Page 137 5-41 Configuring User and Management Authenti- 3. Enter a Friendly name. We suggest you to use the name of the wireless switch that you configured in Step 3. Keep Protocol as RADIUS. Click Next >. 4. Enter the IP address of the switch configured in Step 3. Enter a Shared Secret and confirm. Click Finish.
Page 138 5-42 WS5000 Series Switch System Reference Guide 5. From Internet Authentication Service, right-click on Remote Access Policies and select New Remote Access Policy. 6. Enter a Policy friendly name. Click Next >.
Page 139 5-43 Configuring User and Management Authenti- 7. Click Add. 8. Select an Attribute type. If you are not sure which Attribute type to select, go to Windows-Groups. Click Add…...
Page 140 5-44 WS5000 Series Switch System Reference Guide 9. If you selected Windows-Group, click Add… . 10. Select Domain Users. Click Add.
Page 141 5-45 Configuring User and Management Authenti- 11. This will add Domain Users to the selected groups list. Click OK. 12. Click OK.
Page 142 5-46 WS5000 Series Switch System Reference Guide 13. Click Next >. 14. Select Grant remote access permission. Click Next >.
Page 143 5-47 Configuring User and Management Authenti- 15. Click Edit Profile … 16. Click on the Authentication tab. Select Unencrypted Authentication (PAP, SPAP). Unselect all other authentication methods. Click OK.
Page 144 5-48 WS5000 Series Switch System Reference Guide 17. Select the Advanced tab. Click Add… . 18. Select Vendor-Specific. Click Add.
Page 145 5-49 Configuring User and Management Authenti- 19. Click Add. 20. Select No. It does not conform. Click Configure Attribute… .
Page 146 5-50 WS5000 Series Switch System Reference Guide 21. Enter 3135 for Hexadecimal attribute value:. This value grants full administrative permissions to an authorized user. Click OK. 22. Click OK.
Page 147 5-51 Configuring User and Management Authenti- 23. Click OK. 24. Click Close.
Page 148 5-52 WS5000 Series Switch System Reference Guide 25. Click OK. 26. If this warning displays. Click No.
Page 149 5-53 Configuring User and Management Authenti- 27. Click Finish. This completes the configuration of Internet Authentication Service.
Page 150: Testing The Configuration
5-54 WS5000 Series Switch System Reference Guide 5.5.5 Testing the Configuration 1. To test the configuration, enter the user logon name and password from the new user created in the Windows Server 2000 Active Directory in 5.5.2 Configuring Active Directory Users on page 32.
Page 151 5-55 Configuring User and Management Authenti- 4. This will show the details of the IAS event.
Page 152 5-56 WS5000 Series Switch System Reference Guide...
Page 153: Chapter 6. Configuring Policies
Quality of Service on page 1-9 for more details on QoS and types of service protocols supported by the WS5000 Series wireless switch. The data from Access Port directed towards MU is governed by outbound Policy Object and the data from an MU directed to an Access Port is governed by inbound Policy Object.
Page 154: Classifiers
WS5000 Series Switch System Reference Guide Figure 6.1 Network Policy Where Am I? Dialog Box Access Port policies use network policies (see Creating a Network Policy on page 6-13), but prior to creating a network policy, other network related components and policies must be configured within the switch. These are: •...
Page 155: Creating A Classifier
6.1.1.1 Creating a Classifier To create a classifier: 1. From the WS5000 Series Switch GUI main window, select Create > Network > Classifier. The system launches the Classifier Wizard. Figure 6.3 Creating a Classifier—Naming the Classifier (and Optionally, Choosing a Template) 2.
Page 156 WS5000 Series Switch System Reference Guide Figure 6.4 Creating a Classifier—Defining Match Criteria Each row of the Match Criteria table is a simple declaration. For each Criteria type to be defined, a value must also be defined. Unless otherwise noted, the Classifier uses a case-insensitive comparison when evaluating network packet values.
Page 157: Classification Groups
Configuring Policies Table 6.1 Classifier Types and Acceptable Value Ranges (Continued) Criteria Type Description Source Port The Ethernet port number, on the originating device, through which the packet was sent. Dest[ination] Port The Ethernet port number, on the recipient device, to which the packet is being sent.
Page 158: Creating A Classification Group
6.1.2.1 Creating a Classification Group To create a classification group: 1. From the WS5000 Series Switch GUI main window, click Create > Network > Classification Group. The system launches the Classification Group Wizard. Figure 6.6 Creating a Classification Group—Naming the Group (and Optionally, Choosing a Template) 2.
Page 159: Modifying A Classification Group
7. Click Finish to save the new Classification Group and exit the wizard. 6.1.2.2 Modifying a Classification Group To modify an existing Classification Group: 1. From the WS5000 Series Switch GUI main window, click Modify > Network > Classification Group. The system launches the Classification Group Manager.
Page 160 WS5000 Series Switch System Reference Guide Figure 6.8 Classification Group Manager 2. This panel lists all available Classification Groups configured on the system. Table 6.2 describes the fields and options within this panel. To edit a classification group, select the its name in the left pane first.
Page 161: Creating A Network Input Policy
Network Input Policies define incoming packet filters used with Network Policies. To create a Network Input Policy: 1. From the WS5000 Series Switch GUI main window, select Create > Network > Input Policy. The system launches New Input Policy Wizard.
Page 162 6-10 WS5000 Series Switch System Reference Guide To create a new Classification Group, click Create. See Creating a Classification Group on page 6-6 more details. 5. Click Next. A panel for applying prioritization actions to each chosen classification group is displayed.
Page 163: Creating A Network Output Policy
6.1.4 Creating a Network Output Policy To create a network output policy: 1. From the WS5000 Series Switch GUI main window, select Create > Network > Output Policy. The system launches Create a New Output Policy Wizard. Figure 6.12 Creating a Network Output Policy—Naming the Policy (and Optionally, Choosing a Template) 2.
Page 164 6-12 WS5000 Series Switch System Reference Guide To create a new Classification Group, click Create. See Creating a Classification Group on page 6-6 more details. 5. Click Next. A panel for applying prioritization actions to each chosen classification group is displayed.
Page 165: Creating A Network Policy
6.1.5 Creating a Network Policy To create a network policy: 1. From the WS5000 Series Switch GUI main window, select Create > Network > New Policy. The system launches Create a New Network Policy Wizard Figure 6.15 Creating a Network Policy—Naming the Policy (and Optionally, Choosing a Template) 2.
Page 166: Configuring The Switch From The Default Configuration (Example)
6.1.5.1 Configuring the Switch from the Default Configuration (Example) All of the steps below assume that the user is logged in to the WS5100/WS5000 series switch via the console interface. The GUI may also be used (instructions are included later in this document).
Page 167 6-15 Configuring Policies If “Spectra_Link_Phone” is not present it needs to be created. b. WS5000.(Cfg).CE> add Spectralink_Phone c. WS5000.(Cfg).CE> addmc protocol 119 2. Create a Classification Group (from the prompt WS5000.(Cfg)>) a. WS5000.(Cfg)> cg If “Spectralink_Group” is not present it needs to be created. b.
Page 168 6-16 WS5000 Series Switch System Reference Guide e. WS5000.(Cfg).APPolicy.[SpectralinkAP]> set dtim 3 WS5000.(Cfg).APPolicy.[SpectralinkAP]> add SpectralinkWLAN g. WS5000.(Cfg).APPolicy.[SpectralinkAP]> set np SpectralinkNetwork SpectralinkWLAN 8. Create an Ethernet Policy a. WS5000.(Cfg)> etherpolicy b. WS5000.(Cfg).EtherPolicy> add SpectralinkEthernet 9. Create a Switch Policy a. WS5000.(Cfg)> switch b.
Page 169: Gui Configration T Oset Up A Switch (Example)
6-17 Configuring Policies 12. Save the Configuration a. WS5000.(Cfg)> end b. WS5000> save config example.cfg 6.1.5.2 GUI Configration t oset up a switch (EXAMPLE) 1. Log onto the switch with the proper User ID and Password. Figure 6.18 Configuring Ethernet 2 as a trunk port 2.
Page 170 6-18 WS5000 Series Switch System Reference Guide 3. Click OK in the Ethernet Port settings change confirmation dialog box. Figure 6.19 Ethernet port configured as a trunk before log off 4. Log out of the switch to reflect the trunk port settings.
Page 171 6-19 Configuring Policies 7. Log back into the switch. Figure 6.20 Ethernet 2 configuration screen 8. Click on the VLAN Discovery button. Figure 6.21 VLAN Discovery prior to Discovery 9. Click the Discover button.
Page 172 6-20 WS5000 Series Switch System Reference Guide 10. Click Close. Figure 6.22 WS5000 ready to create the Wireless Switch policy Figure 6.23 Creating the Wireless Switch policy...
Page 173 6-21 Configuring Policies 11. Click Create, Wireless Switch, New Policy. Figure 6.24 Naming the Wireless Switch Policy 12. Name the Wireless Switch Policy. Figure 6.25 Create the Ethernet Port Policy...
Page 174 6-22 WS5000 Series Switch System Reference Guide 13. Click Ceate. Figure 6.26 Name the Ethernet Port Policy 14. Name the Ethernet Port Policy and click Next. Figure 6.27 Establishing VLAN to WLAN mappings...
Page 175 6-23 Configuring Policies 15. Click VLAN Discovery. Figure 6.28 VLAN Discovery applet 16. Click Discover. 17. Click Continue. Figure 6.29 Ethernet Port policy, continued...
Page 176 6-24 WS5000 Series Switch System Reference Guide 18. Click Next. Figure 6.30 Ethernet Port Policy Wizard Creating the WLAN 19. Click Create WLAN. Figure 6.31 WLAN Manager...
Page 177 6-25 Configuring Policies 20. Click Create. Figure 6.32 WLAN Wizard 21. Name the WLAN and click Next. Figure 6.33 Adding an ESSID to a WLAN...
Page 178 6-26 WS5000 Series Switch System Reference Guide 22. Give the WLAN an ESSID and click Next. Figure 6.34 WLAN Wizard initiating the creation of the Security policy to be used 23. Click on Create. Figure 6.35 Naming the Security Policy...
Page 179 6-27 Configuring Policies 24. Name the Security Policy; choose the encryption method that meets you organization's security requirements and click Next. Figure 6.36 Encryption manager selecting PSK 25. Check the appropriate Key Management and click Next. Figure 6.37 Adding the Pre-Shared Key 26.
Page 180 6-28 WS5000 Series Switch System Reference Guide 27. Click Finish. Figure 6.38 Selecting the newly created Security Policy 28. Click the down arrow next to the Security Policy; select the newly created Security Policy and click Next. 29. Click Finish.
Page 181 6-29 Configuring Policies 30. Click Close. Figure 6.40 Mapping the newly created WLAN to the wired VLAN 31. Click the down arrow for NIC 2; select the newly created WLAN and click Next. 32. Click Finish. 33. Click OK in Ethernet Policy completion information dialog box. Figure 6.41 Adding the newly created Ethernet Port Policy to the Wireless Switch Policy...
Page 182 6-30 WS5000 Series Switch System Reference Guide 34. Click on the down-arrow next to the Ethernet Port Policy; select and click the newly created Ethernet Port Policy; click Next. Figure 6.42 Creating the Access Port Policy 35. Click Create. Figure 6.43 Naming the Access Port Policy...
Page 183 6-31 Configuring Policies 36. Name the Access Port Policy; click Next. Figure 6.44 Adding the newly created WLAN to the Access Port Policy 37. Select the newly created WLAN; click >>. 38. Click Next. Figure 6.45 Mapping ESSIDs to WLANS...
Page 184 6-32 WS5000 Series Switch System Reference Guide 39. Assign the newly created WLAN its own ESSID; click Next. Figure 6.46 Adding a Network Policy to the SpectralinkWLAN 40. Click the down-arrow next to the Spectralink WLAN; highlight and click the Spectralink Network Policy;...
Page 185 6-33 Configuring Policies 41. Click the AP300a,300g,200b,4121,4131 tab; allocate 70 percent bandwidth to the SpectralinkWLAN; click Next. Figure 6.48 AP 300 settings 42. Click the 802.11g tab, change the DTIM to 3; leave the 1, 2, 5.5, 11 rates at Basic and others at Supported;...
Page 186 6-34 WS5000 Series Switch System Reference Guide 44. Highlight the newly created Access Port Policy; click >>. Figure 6.50 Finishing adding the Access Port Policy to the Wireless Switch Policy 45. Click Next. Figure 6.51 Wireless Switch adoption list allow...
Page 187 6-35 Configuring Policies 46. Click Next. Figure 6.52 Wireless Switch adoption list disallow 47. Click Next. Figure 6.53 Default Access Port Policy that will be adopted by unknown access ports...
Page 188 6-36 WS5000 Series Switch System Reference Guide 48. Click Next. Figure 6.54 Wireless Switch Policy 49. Click Finish. Figure 6.55 Activating the newly created Wireless Switch Policy 50. Click the down-arrow next to Policy Name; highlight and click the newly created Wireless Switch Policy;...
Page 189 6-37 Configuring Policies 52. Click OK in the Wireless Switch Policy activation confirmation dialog box. Figure 6.56 Finished At this point the access ports connected should now adopt.
Page 190: Modifying A Network Policy
6.1.6 Modifying a Network Policy To modify an existing network policy: 1. From the WS5000 Series Switch GUI main window, select Modify > Network > Existing Policy. The system launches the Network Policy Manager. Figure 6.57 Modifying an Existing Network Policy—Network Policy Manager 2.
Page 191: Switch Policies
6.2.1 Security Policies A Security Policy defines the authentication and encryption methods used to secure communication between the WS5000 Series switch, through its APs, and on to the mobile units. Each WLAN can have a different security policy associated with it.
Page 192: Creating A Security Policy
6.2.1.1 Creating a Security Policy To create a security policy: 1. From the WS5000 Series Switch GUI main window, select Create > Access Port > Security Policy. The Security Policy Wizard appears. Figure 6.60 Creating a Security Policy—Naming the Policy and Specifying an Encryption Type 2.
Page 193 6-41 Configuring Policies Protocol. If using PSK, an ASCII or hexadecimal value is required to configure TKIP. • AES CCMP – WPA2 dynamic encryption. If using PSK, an ASCII or hexadecimal value is required to complete configuration. 4. Click Next. A panel for specifying authentication/key management methods is displayed. Figure 6.61 Creating a Security Policy—Authentication/Key Management Methods 5.
Page 194 6-42 WS5000 Series Switch System Reference Guide 6. When done, click Next. Depending on the Encryption and Authentication settings specified, the subsequent panels change. These different panels, and how to configure their settings or controls follow: • Kerberos Authentication Settings on page 6-42 •...
Page 195 6-43 Configuring Policies Table 6.7 Kerberos Authentication Settings (Continued) Setting Description Realm Name In addition to a Primary KDC server, a Kerberos Realm Name is required. The Realm Name value should be all upper-case (since it is usually also the DNS domain).
Page 196 6-44 WS5000 Series Switch System Reference Guide Table 6.8 WEP Encryption Setting Descriptions (Continued) Setting Description Key Values There are three ways to define your WEP key values: • Generate a key from a plain text password (or "pass key"). Enter the pass key in the Pass Key field, select the key you want to generate by clicking a radio button next to one of the Key #N fields, and then click the Generate button.
Page 197 6-45 Configuring Policies Table 6.9 describes the EAP authentication settings and Radius identification settings to be configured. Table 6.9 EAP Authentication Settings and Radius Identification Settings Setting Description Authentication Settings Pre-authentication When enabled, pre-authentication (or “fast-associate in advance”) lets an access port send a mobile unit's authentication credentials (from a previous Radius authentication attempt) to the “next”...
Page 198 6-46 WS5000 Series Switch System Reference Guide Table 6.9 EAP Authentication Settings and Radius Identification Settings (Continued) Setting Description Max Retries If the reauthentication period is enabled, this value specifies the number of times the switch will try to re-authenticate an MU that doesn't respond to the “request identity”...
Page 199: Access Control Lists
6-47 Configuring Policies 6.2.2 Access Control Lists Use the switch Access Control List (ACL) to specify which mobile units can or cannot gain access to the WLAN. The ACL employs an adoption rule for allowing or denying specific mobile units by way of exception. By default, all mobile units can gain access.
Page 200: Creating An Access Control List
6-48 WS5000 Series Switch System Reference Guide 6.2.2.1 Creating an Access Control List To create an access control list: 1. From the main window, select Create > Access Port > Access Control List. The system launches the Access Control List Wizard.
Page 201: Modifying An Access Control List
5. Click Finish to save the new Access Port Policy and exit the wizard. 6.2.2.2 Modifying an Access Control List To modify an existing Access Control List: 1. From the WS5000 Series Switch GUI main window, select Modify > Access Port > Access Control List. The system launches the Access Control List Manager.
Page 202: Wlans
6-50 WS5000 Series Switch System Reference Guide Figure 6.68 Modifying an Access Control List—Access Control List Manager 2. This panel lists all available Access Control Lists configured on the system. See Table 6.10 for more details on the controls within this panel to modify the ACL.
Page 203: Creating A Wlan
6.2.3.1 Creating a WLAN To define a WLAN: 1. From the WS5000 Series Switch GUI main window, select Create > Access Port > WLAN. The system launches the WLAN Wizard. Figure 6.70 Creating a WLAN—Naming the WLAN (and Optionally, Choosing a Template) 2.
Page 204 6-52 WS5000 Series Switch System Reference Guide Table 6.11 Creating a WLAN—Configuring ESS ID, MU Associations, and WLAN Network Address Controls Configuration Components Description ESS ID Controls ESSID Use this text field (1 to 32 characters) to assign an Extended Service Set Identifier (ESSID) to the WLAN.
Page 205: Modifying A Wlan
6.2.3.2 Modifying a WLAN To modify an existing WLAN’s definition: 1. From the WS5000 Series Switch GUI main window, select Modify > Access Port > WLAN. The system launches the WLAN Manager. Figure 6.73 Modifying an Existing WLAN Definition—WLAN Manager...
Page 206 6-54 WS5000 Series Switch System Reference Guide 2. This panel lists all available WLANs configured on the system, as well as their settings. Table 6.12 describes the fields and options within this panel. Table 6.12 WLAN Manager Fields and Controls...
Page 207: Ethernet Port Policies
The Ethernet Port Policy configures the switch’s Ethernet ports, and associates multiple WLANs with multiple LANs or VLANs. There are two Ethernet ports on WS5000 Series switches. By convention, port 1 (the left port) connects to the wireless LAN, and port 2 (the right port) connects to the wired LAN.
Page 208 6-56 WS5000 Series Switch System Reference Guide Figure 6.75 Creating an Ethernet Port Policy—Naming the Policy (and Optionally, Choosing a Template) 2. Enter a name and description for the new Ethernet Port Policy, then if desired, select Use an existing Ethernet Policy as a template.
Page 209 6-57 Configuring Policies Figure 6.76 Creating an Ethernet Port Policy—Specifying VLAN Support 4. When done specifying a VLAN(s), click Next. A panel for associating WLANs to its NICs (or VLANs) is displayed (for trunk ports only). Figure 6.77 Creating an Ethernet Port Policy—Associating WLAN toNICs (or VLANs) Select a VLAN row in the mapping table and select the WLAN you want to map it to.
Page 210: Modifying An Ethernet Port Policy
6.2.4.2 Modifying an Ethernet Port Policy To modify an existing Ethernet Port Policy: 1. From the WS5000 Series Switch GUI main window, select Modify > Ethernet > Existing Policy. The system launches the Ethernet Policy Manager. Figure 6.78 Modifying an Existing Ethernet Policy—Ethernet Policy Manager 2.
Page 211: Configuring Vlans
Modifying an Access Port Policy on page 6-64 6.2.5.1 Creating an Access Port Policy To create a new Access Port Policy: 1. From the WS5000 Series Switch GUI main window, select Create > Access Port > New Policy. The system launches the New Access Port Policy Wizard.
Page 212 6-60 WS5000 Series Switch System Reference Guide Figure 6.80 Creating an Access Port Policy—Naming the Policy (and Optionally, Choosing a Template) 2. Enter a name and description for the new Access port policy, then if desired, select Use an existing Access Port Policy as a template.
Page 213 6-61 Configuring Policies Figure 6.82 Creating an Access Port Policy—Specifying Policy Definition for Specific AP Hardware Types There are seven AP hardware types: AP 100, AP 200a, AP 200b, AP 300a, AP 300g, and converted access points AP 302x (frequency-hopping) and AP 4131. These hardware types are grouped by the number and mapping of BSSIDs and ESSIDs.
Page 214 6-62 WS5000 Series Switch System Reference Guide Table 6.14 WLAN Parameters, Per Hardware Type, within Access Port Policy Definition (Continued) Parameter Description WLAN Name This group provides a single BSS/ESS mapping, by default, for Frequency Hopping 302x (converted) Access Points. Use the radio buttons to select the WLAN that will support these devices.
Page 215 6-63 Configuring Policies Figure 6.84 Creating an Access Port Policy—Assigning a Network Policy for WLANs in the Access Policy A WLANs bandwidth is the guaranteed minimum amount of available network bandwidth reserved to be used by a specific WLAN. Edit the bandwidth field, in each hardware type tab, to divide the network RF bandwidth across all WLANs assigned per hardware type grouping.
Page 216: Modifying An Access Port Policy
10. Click Finish to save the new Access Port Policy and exit the wizard. 6.2.5.2 Modifying an Access Port Policy To modify an existing Access Port Policy: 1. From the WS5000 Series Switch GUI main window, select Modify > Access Port > Existing Policy. The system launches the Access Port Policy Manager.
Page 217 6-65 Configuring Policies Figure 6.86 Modifying an Existing Access Port Policy—Access Port Policy Manager 2. This panel lists all available Access Port Policies configured on the system. Table 6.16 describes the fields and options within this panel. To edit a policy, select the policy name in the left pane first. Table 6.16 Access Port Policy Manager Fields and Controls Field or Control Description...
Page 218: Setting The Country
6.2.7 Creating a Switch Policy To create a wireless switch policy: 1. From the WS5000 Series Switch GUI main window, click Create > Wireless Switch > New Policy. The system launches the Wireless Switch Policy Wizard. Figure 6.87 Creating a Wireless Switch Policy—Naming a Policy (and Optionally, Choosing a Template) 2.
Page 219 6-67 Configuring Policies Figure 6.88 Creating a Wireless Switch Policy—Configuring Settings Configure the Wireless Switch Policy settings per the descriptions in Table 6.17. Table 6.17 Wireless Switch Policy Settings Setting Description Switch Settings Country Select the appropriate country for the location of the wireless switch. The switch Once a country is specified, will not adopt Access Ports until the country is set.
Page 220 6-68 WS5000 Series Switch System Reference Guide Table 6.17 Wireless Switch Policy Settings (Continued) Setting Description AP Channel and Power Settings Channel Select a value from the Channel.11x field. The set of discreet channels available depends on the country of operation, and is further limited by the restricted channels declared in the Automatic Channel Settings panel.Special values...
Page 221 6-69 Configuring Policies Figure 6.89 Creating a Wireless Switch Policy—Associating Access Port Policies 5. Select from among the Available Access Port Policies and click the >> button to move a Policy(s) to the Selected pane, and to apply it to the Wireless Switch Policy. 6.
Page 222 6-70 WS5000 Series Switch System Reference Guide Figure 6.91 Creating a Wireless Switch Policy—Disallowed Adoption Lists 9. If desired, create an Access Port List that includes “disallowed” MAC address ranges. Only those APs that fall within the specified address range(s) are disallowed to be adopted.
Page 223: Defining/Activating An Emergency Switch Policy
6-71 Configuring Policies each of the radio types. 12. When done, click Next. A Wireless Switch Policy Created Successfully! message panel is displayed. 13. Click Finish to save the new Wireless Switch Policy and exit the wizard. 6.2.8 Defining/Activating an Emergency Switch Policy When creating or modifying a Wireless Switch Policy, the policy can be designated at the Emergency Switch Policy (ESP).
Page 224 6-72 WS5000 Series Switch System Reference Guide...
Page 225: Chapter 7. Configuring Rogue Ap Detection
Configuring Rogue AP Detection Rogue Access Ports (APs) are an area of concern with respect to LAN security. The term Rogue AP denotes an unauthorized access port connected to the production network or operating in a stand-alone mode (perhaps in a parking lot or in a neighbor’s building).
Page 226: Defining The Detection Method
WS5000 Series Switch System Reference Guide Figure 7.1 Rogue AP Detection Screen From the Rogue AP Detection field, select Enable to allow the switch to scan for rogue AP’s over the network. If you set Rogue AP Detection to Disable, all UI components in this screen are disabled. Disabling Rogue AP Detection leaves the switch vulnerable to data theft from rogue devices on the switch managed network.
Page 227: Specifying Detector Aps
LAN (which you set up) to detect rogue APs. Note Only some devices have the capability of being a Detector AP, including Symbol AP100, AP200, and AP300 Access Ports. 4. Enter a time interval (in minutes) in the Scan Interval field for each enabled detection method. By default, the scans are set at one hour intervals.
Page 228: Configuring Rule Management
1. Check the Authorize Any AP Having a Symbol Defined MAC Address box to indicate any Symbol AP (which has a known Symbol MAC address) is an approved AP. This is helpful for rendering all Symbol devices as approved without having to filter through the list of located addresses.
Page 229: Examining Approved And Rogue Access Ports
Configuring Rogue AP Detection 5. Click Apply from the Rogue AP screen to save your changes to the Rule List and Rogue AP screens. 6. Click Cancel from the Rogue AP screen to cancel all updates to the Rogue AP and Rule List screens. 7.1.4 Examining Approved and Rogue Access Ports Use the AP List screen to display information about each AP (rogue or valid) known to the switch.
Page 230: Viewing Details Of The Rogue Ap
WS5000 Series Switch System Reference Guide Each row of the AP List represents all unapproved and approved APs that the switch has located. The MAC and the ESSID for each AP are listed. Use this portion of the screen to change the age out time or to add a rule to the rule list for a particular AP: 1.
Page 231: Snmp Traps For Rogue Ap Events
(over the air, AP scanning, wire scanning or MU scanning). 7.1.7 Rogue AP Syslog Messages The WS5000 Series Switch logs a number of syslog events as rogue devices are encountered within the switch managed network. The messages and event scenarios include:...
Page 232 Approved AP list entries aged out and deleted from the approved list. Age out occurs for Approved list For more information on configuring the WS5000 Series Switch to support the Syslog events described in this section, see Syslog Context on page...
Page 233: Cli Overview
The default cli user is “cli”. The default username and password is admin and symbol, respectively. 8.1 CLI Overview Before you begin working with the WS5000 Series Switch CLI, review the following sections to gain some basic understandings of the CLI, in the following areas: •...
Page 234: About Contexts
WS 5000 Series System Reference 8.1.1 About Contexts For a WS5000 Series Switch, CLI commands are invoked within “contexts.” Contexts are hierarchical in a manner similar to directories are hierarchal in a traditional file system; in other words, contexts may contain other contexts.
Page 235: Cli Indexing
CLI Command Reference Main Context Subcontext Subcontext Instance Context Subcontext Route Security Policy [SecurityPolicy_Name] Sensor [Sensor_MAC] SNMP Secure Shell Secure Sockets Layer Standby Switch Policy [SPolicy_Name] Restricted Channel Telnet [GRE_Tunnel_Name] Tunnel User [User_Name] WLAN [WLAN_Name] [WME_Name] WVPN Most of the switch configuration is performed in subcontexts of the Configuration context. For example, to drop into the WLAN subcontext you type “...
Page 236 WS 5000 Series System Reference • Access Port Policy • Classifier Element • Classification Group • Ethernet • Ethernet Policy • Events • Firewall • Host • Network Policy • Policy Object • Security Policy • Sensor • Switch Policy •...
Page 237: About Instances
WLAN details for the Access Port policy 'Default Access Port Policy' WLAN Name Network Policy --------- -------------- Symbol Default Default Network Policy WS5000.(Cfg).APPolicy.[Default Access Port Policy]> 8.1.3 About Instances Most contexts contain “instances” of themselves. An instance, is like a named context; it is a set of configuration values that is identified by a name.
Page 238: Common Commands
<Ctrl>-c Control 8.2 Common Commands Table 8.2 summarizes the commands common amongst many contexts and instance contexts within the WS5000 Series command line interface. Table 8.2 Common Commands Among Most Contexts Command Description Ref. .. or end Terminate a current session and moves up a context, hierarchically.
Page 239: Or End
CLI Command Reference 8.2.1 .. or end Common to all contexts and instances, except System Context Terminates the context or instance session, and changes the command prompt to be one higher. Syntax exit Parameters None. Example WS5000.(Cfg).NP> .. WS5000.(Cfg)> end WS5000>...
Page 240: Logout Or Bye
WS 5000 Series System Reference WS5000> help 8.2.4 logout or bye Common to all contexts and instances Closes or logs out of the current session. Syntax logout Parameters None. Example WS5000 logout WS5000> bye 8.2.5 clear Common to all contexts and instances Clear the screen.
Page 241: History
CLI Command Reference Parameters enable_flag Indicates whether to enable or disable the ESP. Possible values are: • enable • disable Example WS5000.<context_path> > emergencymode enable 8.2.7 history Common to all contexts and instances Display the history of commands invoked at the command prompt for any given context. Alternatively, using the keyboard “up arrow”...
Page 242 8-10 WS 5000 Series System Reference Parameters -Rdfnqrv These optional flags are can be broken down as follows: • -R: Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. Note that the IP header is only large enough for nine such routes.
Page 243: System Context
8-11 CLI Command Reference 8.3 System Context Table 8.3 summarizes the commands within this context. Table 8.3 System Context Command Summary Command Description Ref. ? or help Get the command information page 8-11 logout or bye Close this session page 8-12 clear Clear the screen page 8-12...
Page 244: Logout Or Bye
8-12 WS 5000 Series System Reference Parameters None. Example WS5000> ? WS5000> help 8.3.2 logout or bye System Context Closes or logs out of the current session. Syntax logout Parameters None. Example WS5000 logout WS5000> bye 8.3.3 clear System Context Clear the screen.
Page 245: Copy
8-13 CLI Command Reference Parameters None. Example WS5000 > configure WS5000.(Cfg)> Note As a shortcut, “cfg” can be used instead of “configure”. 8.3.5 copy System Context Copies a file from the WS5000 to a (T)FTP server, or vice versa. TFTP can be used to transfer *.sys.img , and files.
Page 246: Delete
8-14 WS 5000 Series System Reference destination The destination of the file. Possible values are: • tftp • ftp • system • . • / • [protocol:]//<hostname or IP address> ftp_user FTP username. Default is ftpuser. mode FTP transfer mode, either ascii or binary. Default is binary. protocol Either ‘ftp’...
Page 247: Description
8-15 CLI Command Reference 8.3.7 description System Context Sets a description about the switch displayed with system information. Syntax description <description_text> Parameters description_text Enter a brief description of the Wireless Switch. Example WS5000> description “Fifth Floor Switch” 8.3.8 directory System Context Lists the image and configuration files that are stored on the WS5000.
Page 248: Export
8-16 WS 5000 Series System Reference Parameters enable_flag Indicates whether to enable or disable the ESP. Possible values are: • enable • disable Example WS5000.<context_path> > emergencymode enable 8.3.10 export System Context Copy the log files from switch to remote TFTP server. Use logdir to view the list of user log files that can be exported.
Page 249: Install
8-17 CLI Command Reference 7. Status : 550 Failed to change directory. 8. clear 9. export 10. clear 11. export 12. export 13. clear 14. history 8.3.12 install System Context Configures the switch’s failover role as Primary or Standby, and applies all settings specified in the command file (.sym).
Page 250: Logdir
8-18 WS 5000 Series System Reference Begin processing image file... Nothing to do. Skipping... Begin processing config file... Nothing to do. Skipping... Validating IP parameters... ERROR: Hostname or IP has not been provided! Cannot set switch to Primary. ERROR: IP parameter validation failed. Rebooting the switch...
Page 251: Name
8-19 CLI Command Reference 8.3.14 name System Context Use the name command to change the system name. Syntax name <system_name> Parameters system_name The new name of the switch. Example WS5000> name MiamiWS5000 Configuring name... Status : Success. MiamiWS5000> 8.3.15 ping System Context Sends ICMP ECHO_REQUEST packets to a network host.
Page 252: Remove
8-20 WS 5000 Series System Reference -c count Stop after sending count ECHO_REQUEST packets. With deadline option, ping waits for count ECHO_REPLY packets, until the timeout expires. -i wait Wait interval of seconds between sending each packet. The default is to wait for one second between each packet normally, or not to wait in flood mode.
Page 253: Restore
This may take a few mins ... Restoring configuration from siteconfig.cfg Software Ver. : 1.4.1.0-003D Starting the Wireless Switch 5000 ... Licensed to : Symbol Configuring ethernet ports ... Done. Done. No TFTP server is present. Max Mobile Clients Exiting auto install script...
Page 254: Save
Places the user in a Service Mode (for which a password is required). This is a command line mode used mostly by Symbol technicians. For more details on working within Service Mode, refer to the WS5000 Series Switch Troubleshooting Guide.
Page 255: Show Commands
8-23 CLI Command Reference 8.4 show commands System Context Configuration (Cfg) Context Show the settings for the specified system component. There are a number of ways to invoke the show command: • Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show command (usually) displays a list of these instances.
Page 256 8-24 WS 5000 Series System Reference Table 8.4 show command’s display_parameter Summary Display_parameter Description Context Example show events Show Syslog event details system / cfg page 8-32 show ftp Displays FTP status system / cfg page 8-34 show history Dispay previously executed CLI commands page 8-34 show host Displays the Hosts defined in the system...
Page 257: Show Aaa-Server
8-25 CLI Command Reference Table 8.4 show command’s display_parameter Summary Display_parameter Description Context Example show time Displays date and time information system / cfg page 8-41 show traphosts Displays the SNMP trap-host details system / cfg page 8-41 show tunnels Displays the configured GRE on the system system / cfg page 8-41...
Page 258: Show Acl
(111.222.200.007) at 00:11:25:89:19:34 [ether] on psdT 8.4.7 show autoinstalllog WS5000.(Cfg)> show autoinstalllog Autoinstall log Symbol Wireless Switch WS 5000 Series. Please enter your username and password to access the Command Line Interface. userid: password: Retrieving user and system information...
Page 259: Show Ce
System Name : primarynew Description : WS5000 Wireless Network Switch Location Software Ver. : 2.1.0.0-012B Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F865B4E4 Number of Licenses : 30 Max Access Ports...
Page 260: Show Cg
8-28 WS 5000 Series System Reference 3. cc.snmpip changed to add rw 138.200.200.11 symbol 161, at Fri Sep 16 11:32:32 2005. 4. wlans.[Private Access].essid changed to 7072697661746531, at Fri Sep 16 11:33:45 2005. Note To view the config change history you have to enable snmptrap for “Switch configuration changed “under Events context.
Page 261 8-29 CLI Command Reference A Ch: 149,153,157,161,165 Costa Rica B Ch: 1-11 G Ch: 1-11 FH Ch: 2-80 A Ch: Croatia B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: Cyprus B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,108,112,1 16,120,124,128,132,136,140...
Page 262 8-30 WS 5000 Series System Reference A Ch: Latvia B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,108,112,1 16,120,124,128,132,136,140 Liechtenstein B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64 Lithuania B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,108,112,1...
Page 263: Show Chassis
8-31 CLI Command Reference A Ch: 36,40,44,48,52,56,60,64 Slovenia B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64 South Africa B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,108,112,1 16,120,124,128,132,136,140 South Korea B Ch: 1-13 G Ch: 1-13 FH Ch: 54-76 A Ch:...
Page 264: Show Configaccess
8-32 WS 5000 Series System Reference 8.4.13 show configaccess WS5000> show configaccess Configuration Access restriction details: Telnet access (CLI) : Disable. System access via SNMP : Enable. KDC configuration over remote console : Enable. KDC configuration through SNMP : Enable. 8.4.14 show ethernet WS5000>...
Page 265 8-33 CLI Command Reference 26 MU status [disassociated] Enabled Enabled Disabled 27 MU EAP auth failed Enabled Enabled Disabled 28 MU EAP auth success Enabled Enabled Disabled 29 MU Kerberos auth failed Enabled Enabled Disabled 30 MU Kerberos auth success Enabled Enabled Disabled...
Page 266: Show Ftp
WS5000> show host Host Name IP Address Domain --------- ---------- ------ syslogHost 192.192.4.111 symbol.com WS5000> 8.4.20 show https WS5000> show https Web based configuration (Applet) access by : https 8.4.21 show interfaces WS5000> show interfaces Interface information Access Ports Radio MAC...
Page 267: Show Kdc
# of MUs: 1 MU : MU_0 ESSID: kris Type MAC Address IP Address WLAN ---- ----------- ---------- ---- Data 00:0F:3D:E9:A6:6A 157.235.208.93 Symbol Default RF Status Auth.Status Auth.Method Enc.Method Broadcast Enc.Method --------- ----------- ----------- ---------- -------------------- Associated Authenticated Open Open...
Page 268: Show Musummary
8-36 WS 5000 Series System Reference Access Port Interface RSSI Cur.Rate Supported Rates ----------- --------- ---- -------- --------------- 00:A0:F8:5A:B3:1B [B] 11 Mbps 1,2,5.5,11 Mbps Power Mode VLAN Uptime Time left Last Activity Session Username ---------- ---- ------ --------- ------------- ---------------- CAM Mode 2267 sec 0 sec...
Page 269: Show Rfstats
8-37 CLI Command Reference Server Host Name/IP Port Retry Timeout ------ ------------ ---- ----- ------- Primary Not defined 1812 Secondary Not defined 1812 8.4.30 show rfstats WS5000.(Cfg)> show rfstats Must provide AP index or AP name Syntax:show rfstats <radioname|radioindex> {<radioname>|<radioindex>} where: <radioname|radioindex>...
Page 270: Show Rogueap
8-38 WS 5000 Series System Reference WS5000.(Cfg)> show rfthreshold switch Switch Threshold details : Status : disabled Min Packets for RF Traps : Not Set Packets Per Second : Not Set Throughput in Mbps : Not Set Associated MUs : Not Set 8.4.32 show rogueap WS5000.(Cfg)>...
Page 271: Show Snmpclients
WS5000.(Cfg)> show snmpclients State Port IP Address Community Name ----- ---- ---------- -------------- 1. Read/Write 157.236.208.70 symbol WS5000.(Cfg)> 8.4.37 show snmpstatus WS5000> show snmpstatus SNMP details: ------------- SNMP (deamon) Status : Enabled SNMP Traps : Disabled 8.4.38 show ssh WS5000> show ssh...
Page 272: Show Switchpolicy
---- ----- ----- ---- ------- ------ ---- ----- 8.4.43 show system WS5000.(Cfg)> show system System information... System Name : WS5000 Description : WS5000 Wireless Network Switch Location Software Ver. : 2.1.0.0-012B Licensed to : Symbol Technologies...
Page 273: Show Telnet
(GMT -08:00) Pacific Time (US & Canada); Tijuana 8.4.46 show traphosts WS5000.(Cfg)> show traphosts CommunityName Port Version IP Address ------------- ---- ------- ---------- 1. symbol 157.235.208.70 8.4.47 show tunnel WS5000.(Cfg)> show tunnel Tunnel details... Tunnel Name Remote IP Address ----------- ----------------- 1. tunnel1 11.1.11.11 2.
Page 274: Show Users
VPN Server Serial Number Status Query Serial number 151-34-13-254-68 8.4.52 show wlan WS5000> show wlan WLAN Name ESSID Security Policy --------- ----- --------------- Symbol Default Default Secure Access secure Kerberos Default Private Access private WEP128 Default Public Access public Default...
Page 275: Show Wme
8-43 CLI Command Reference 8.4.53 show wme WS5000.(Cfg)> show wme WME Profile Name ---------------- 1. Default MU WME Profile 2. Default AP WME Profile 3. new 8.4.54 show WSrfstats WS5000.(Cfg)> show wsrfstats Displaying RF Statistics for Wireless Switch Status Gather- Stats Uptime Retry...
Page 276 8-44 WS 5000 Series System Reference WVPN Maximum VPN Licenses : 50 WVPN Currently In-Use VPN Licenses WVPN License Type Evaluation version,Total eval days 30,Eval days left...
Page 277: Configuration (Cfg) Context
8-45 CLI Command Reference 8.5 Configuration (Cfg) Context The Configuration context is where detailed configurations for the switch and network can be accessed, as well as configured. Also, in order to get to any uniquely defined policies for the switch, you must first access the Configuration context.
Page 278 8-46 WS 5000 Series System Reference Table 8.5 Configuration Context Commands (Continued) Command Description Ref. Configure system FTP settings. page 8-59 Configure Firewall for the system. page 8-60 host Configure Host properties. page 8-60 install Install primary/standby or Kerberos config. page 8-61 Configure KDC server.
Page 279: Or End
8-47 CLI Command Reference Table 8.5 Configuration Context Commands (Continued) Command Description Ref. telnet Configure system telnet settings. page 8-84 tunnel Configuring and mapping GRE to WLAN. page 8-85 user Configure user information. page 8-85 wlan Configure WLAN for the system. page 8-85 Configure WME setting.
Page 280: Or Help
8-48 WS 5000 Series System Reference 8.5.3 ? or help Configuration (Cfg) Context Retrieves a list of commands supported in a given the context or instance. Syntax help Parameters None. Example WS5000> ? WS5000> help 8.5.4 logout or bye Configuration (Cfg) Context Closes or logs out of the current session.
Page 281: Accessport
8-49 CLI Command Reference AAA Server Status Disabled Database Type local WS5000.(Cfg).AAA> 8.5.6 accessport Configuration (Cfg) Context Display the current access ports being managed by the switch. Also, the context is changed to the Access Port (APort) Context. See page 8-118 for more details.
Page 282: Appolicy
8-50 WS 5000 Series System Reference 8.5.8 appolicy Configuration (Cfg) Context Display the currently available access port policies for the switch. Also, the context is changed to the Access Port Policy (APPolicy) Context. See page 8-136 for more details. Syntax appolicy Parameters None.
Page 283: Chassis
8-51 CLI Command Reference Parameters ce_name Name of the configurable classifier. Example WS5000.(Cfg)> ce Classifier information... Available Classifiers (CE): 1. Ex HTTP Traffic. 2. Ex Telnet Traffic. 3. RTP_Data. 4. Spectra_Link_Phone. 5. VoIP_Call_Setup_In. 6. VoIP_Call_Setup_Out. 7. VoIP_Ext_Services_Out. 8. VoIP_Ext_Services_In. 9. VoIP_RAS_In. 10.
Page 284: Clear
8-52 WS 5000 Series System Reference Syntax chassis Parameters None. Example WS5000.(Cfg)> chassis Description Curr Value Max Value Min Value Notify Value ----------- ---------- --------- --------- ------------ CPU Temperature 42 C 48 C 40 C System Temperature 37 C 40 C 36 C System Fan (rpm)
Page 285: Date
8-53 CLI Command Reference Syntax For TFTP: copy <source> <destination> For FTP: copy <source> <destination> [ -u <ftp_user> ] [ -m <ftp_mode> ] Parameters source The source of the file. Possible values are: • [protocol:]//<hostname or IP address>/[filename]. For example, ftp://<ipAddress/path/[file_name].
Page 286: Delete
8-54 WS 5000 Series System Reference Parameters time_format The time to be set, in one of the following formats: • yyyymmddhhmm[.ss] • yymmddhhmm[.ss] • mmddhhmm[.ss] • ddhhmm[.ss] • hhmm[.ss] time_zone Valid range is -12:00 to +13:00 [+/-](HH:MM), where 0.00 is Greenwich Mean Time. Note that the ‘+’...
Page 287: Description
8-55 CLI Command Reference Example WS5000.(Cfg)> directory Date & Time Bytes File Name Jan 11 2006 86588 WS5000Defaults_v2.1.0.0-012B.cfg Jan 11 2006 86137 WS5k_Auto_v2.0.0.0-034R_20060111.cfg 2006 6453 cmd_template.sym 2006 15484 upgrade.cfg WS5000.(Cfg)> delete WS5000Defaults_v2.1.0.0-012B.cfg 8.5.17 description Configuration (Cfg) Context. Sets a description to the policy of the item in the selection. Syntax description <description_text>...
Page 288: Emergencymode
Syntax encrypt <password> Parameters password The password to be encrypted. Example WS5000.(Cfg)> encrypt <symbol> Encrypting password '<symbol>'..Actual Password <symbol> Encrypted Password 4527w5630f51f WS5000.(Cfg)> 8.5.21 ethernet Configuration (Cfg) Context Display the currently available ethernet ports for the switch. Also, the context is changed to the Ethernet Port Context.
Page 289: Etherpolicy
8-57 CLI Command Reference Example WS5000.(Cfg)> ethernet Available EtherPorts are: Ethernet 1 Ethernet 2 WS5000.(Cfg).Ethernet> 8.5.22 etherpolicy Configuration (Cfg) Context Display the currently available ethernet policies applied to the switch. Also, the context is changed to the Ethernet Policy (EtherPolicy) Context.
Page 290 8-58 WS 5000 Series System Reference 8 Sensor is no longer responding to ping Enabled Disabled Disabled 9 Switch configuration changed Disabled Disabled Disabled 10 Miscellaneous debug events Disabled Disabled Disabled 11 Tunnel Status change Enabled Disabled crit 12 NON IP packet received on Tunnel Enabled Disabled alert...
Page 291: Export
8-59 CLI Command Reference 72 Access Changed Notification Enabled Disabled info 73 Radio power is reduced [TPC] Enabled Disabled alert 74 Radar is detected [DFS] Enabled Disabled alert 75 Channel selected to avoid radar [DFS] Enabled Disabled alert 76 Switch to new channel [DFS] Enabled Disabled alert...
Page 292: Host
Display the host settings currently applied to the switch. Also, the context is changed to the Host Context. See page 8-209 for more details. Syntax host Parameters None. Example WS5000.(Cfg)> host Host Name IP Address Domain --------- ---------- ------ SFHost 157.235.208.117 symbol.com...
Page 293: Install
8-61 CLI Command Reference 8.5.28 install Configuration (Cfg) Context Configures the switch’s failover role as Primary or Standby, and applies all settings specified in the command file (.sym). Alternatively, this command is used to update Kerberos principal from a specified Kerberos file (.krb), without reset.
Page 294: Logdir
8-62 WS 5000 Series System Reference List of all active KDC users (MUs & WLANs): No active Users available. WS5000.(Cfg).KDC> 8.5.30 logdir Configuration (Cfg) Context This CLI is used to list available user log (history, syslog) files. It does not list image/config files. Use dir command to list image/config files.
Page 295: Ping
8-63 CLI Command Reference Example WS5000.(Cfg)> name MiamiWS5000 Configuring name... Status : Success. MiamiWS5000.(Cfg)> 8.5.32 np Configuration (Cfg) Context Display the currently available network policies on the switch. Also, the context is changed to the Network Policy (NP) Context. See page 8-222 for more details.
Page 296 8-64 WS 5000 Series System Reference Parameters -Rdfnqrv These optional flags are can be broken down as follows: • -R: Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. Note that the IP header is only large enough for nine such routes.
Page 297: Purge
8-65 CLI Command Reference 8.5.34 po Configuration (Cfg) Context Display the currently available policy object information on the switch. Also, the context is changed to the Policy Object (PO) Context. See page 8-228 for more details. Syntax Parameters None. Example WS5000.(Cfg)>...
Page 298: Radius
8-66 WS 5000 Series System Reference 8.5.36 radius Configuration (Cfg) Context Display the Radius authentication status on the switch. Also, the context is changed to the Radius Context. See page 8-235 for more details. Syntax radius Parameters None. Example WS5000.(Cfg)> radius Radius authentication status: ----------------------------- Network users (Web, Telnet, etc.)
Page 299: Reset
8-67 CLI Command Reference 8.5.38 reset Configuration (Cfg) Context WS5000.(Cfg)> reset Resets the switch. Resetting the switch includes a graceful shutdown, and reboot. Syntax reset Parameters None. Example WS5000.(Cfg)> reset This command will reset the system. Are you sure (yes/no) : yes System shutdown may take a few mins..
Page 300: Route
8-68 WS 5000 Series System Reference Shutting down dhcp daemon.. done Shutting down apache server in the SSL mode...done. Shutting down cell controller..done Shutting down snmpd agent...done. Shutting down Postgres..done. Restarting system 8.5.40 rougeap Configuration (Cfg) Context This CLI displays context specific attirbutes, rogue AP configuration, authorised AP rulelist and list of detector APs.
Page 301: Runacs
8-69 CLI Command Reference 8.5.42 runacs Configuration (Cfg) Context Runs Automatic Channel Selection on all adopted access ports. See Automatic Channel Select on page 1-19 for more details. Syntax runacs Parameters None. Example WS5000.(Cfg)> runacs Executing Automatic Channel Selection on all the adopted Access Ports... Success.
Page 302: Sensor
8-70 WS 5000 Series System Reference Example WS5000.(Cfg)> securitypolicy Available Security Policies: 1. Kerberos Default. 2. Default. 3. WEP40 Default. 4. WEP128 Default. WS5000.(Cfg).SecurityPolicy> 8.5.45 sensor Configuration (Cfg) Context Display details of all Sensors and the Active AP 300's.You can also configure the default sensor configuration in this context.See 8.47 Sensor Context on page 252 for more details.
Page 303 8-71 CLI Command Reference Table 8.6 set command’s display_parameter Summary Display Parameter Description Example set emergencypolicy Set the Emergency Switch Policy page 8-72 set autoinstall Enable/Disable auto-install page 8-73 set rfstats Enables/Disables RF Stats gathering page 8-73 set licensekey Update the port license page 8-74 set location Set the switch location string...
Page 304 System Name : ABS01_DEPOT_081804 Description : WS5000 Wireless Network Switch Location Software Ver. : 2.1.0.0-011B Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F853C13D Number of Licenses Max Access Ports Max Mobile Clients...
Page 305 8-73 CLI Command Reference Active Switch Policy : wm_stores Emergency Switch Policy : TestPolicy Switch Uptime : 00d:00h:00m Global RF stats : Enabled # of Unassigned Access Ports : 2 Unassigned Access Ports 1. 00:A0:F8:CD:ED:C1 [G]. 2. 00:A0:F8:CD:ED:C1 [A]. CLI AutoInstall Status : Disabled WS5000.(Cfg)>...
Page 306 WS5000.(Cfg)> set licensekey Configuration (Cfg) Context Sets the license key for the switch. The license key, issued by Symbol, is used to determine the number of APs and MUs that the switch is able to support. Syntax set licensekey <licensekey>...
Page 307 8-75 CLI Command Reference Parameters licensekey The license key, issued by Symbol. The switch must be configured as “Primary” if updating the license key. Use the set mode command to set the switch mode, if not already set as Primary.
Page 308 : WS5000 Description : WS5000 Wireless Network Switch Location : US Software Ver. : 2.1.0.0-014B Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2006. All rights reserved. Serial Number : 00A0F865A8E0 Number of Licenses Max Access Ports Max Mobile Clients...
Page 309 8-77 CLI Command Reference Mu Threshold details : Status : disabled Min Packets for RF Traps : Not Set Packets Per Second : 100 Throughput in Mbps : Not Set Average Bit Speed in Mbps : Not Set Percent of NUCast Packets : Not Set Average Signal in Dbm : Not Set...
Page 310 8-78 WS 5000 Series System Reference Parameters snmptrap_flag Indicates whether to enable or disable SNMP traps on the switch. Possible values are: • enable • disable Example WS5000.(Cfg)> set snmptrap enable Setting SNMP Trap status..Status: Success. SNMP details: ------------- SNMP (deamon) Status : Enabled SNMP Traps...
Page 311 : WS5000 Description : WS5000 Wireless Network Switch Location : San Francisco Software Ver. : 2.1.0.0-008D Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F8658C10 Number of Licenses : 48 Max Access Ports...
Page 312 8-80 WS 5000 Series System Reference time_zone Valid range is -12:00 to +13:00 [+/-](HH:MM), where 0.00 is Greenwich Mean Time. Note that the ‘+’ must be included for positive timezone values. Note In WS5000 2.1, Daylight Saving is enabled by default Example WS5000.(Cfg)>...
Page 313: Show
8-81 CLI Command Reference Setting the time zone... Status: Success. System clock: 01:53:09 AM Date Fri Feb 11 2005 Time Zone (GMT -12:00) Eniwetok, Kwajalein WS5000.(Cfg)> set clearstat Configuration (Cfg) Context Clears the packet statistics Syntax set clearstat Parameters none Example WS5000.(Cfg)>...
Page 314: Snmp
8-82 WS 5000 Series System Reference After the switch has been shut down, bring it back up with a full power cycle (power down and then power back up). Syntax shutdown Parameters None. Example WS5000.(Cfg)> shutdown This command will halt the system. A manual power cycle will be required to re-start the switch.
Page 315: Ssl
8-83 CLI Command Reference Parameters None. Example WS5000.(Cfg)> ssh SSH configurations details: --------------------------- SSH Status : Enabled Version : V2 Port : 22 Session inactivity timeout : 0 (Disabled) WS5000.(Cfg).SSH> 8.5.51 ssl Configuration (Cfg) Context Display the Secure Socket Layer settings currently applied to the switch. Also, the context is changed to the SSL (Secure Socket Layer) Context.
Page 316: Switchpolicy
8-84 WS 5000 Series System Reference Standby Connectivity status : Not Connected Standby AutoRevert Mode : Disable Standby AutoRevert Delay : 15 Minutes Interface (Ethernet) 1 ---------------------- StandBy Heart-Beat MAC : Auto Discovery Enabled Heart-Beat status : Enable Received Heart-Beat : No Interface (Ethernet) 2 ----------------------...
Page 317: Tunnel
8-85 CLI Command Reference 8.5.55 tunnel Configuration (Cfg) Context Displays the GRE tunnels and the remote tunnel IP address that is used to map it to the WLAN. Only 4 GRE tunnels can be configured in WS5000 switch. Also, the context changes to Tunnel Context.
Page 318: Wme
8-86 WS 5000 Series System Reference Example WS5000.(Cfg)> wlan WLAN Name ESSID Security Policy --------- ----- --------------- Symbol Default Default Secure Access secure Kerberos Default Private Access private WEP128 Default Public Access public Default WS5000.(Cfg).WLAN> 8.5.58 wme Configuration (Cfg) Context This CLI is used to displays and configure the various WME profiles.
Page 319 8-87 CLI Command Reference WVPN Client keep alive : 10 seconds WVPN Maximum VPN Licenses : 250 WVPN Currently In-Use VPN Licenses WVPN License Type Evaluation version,Total eval days 30,Eval days left WS5000.(Cfg)> wvpn...
Page 320: Aaa Context
8-88 WS 5000 Series System Reference 8.6 AAA Context The AAA context enables you to configure the onboard Radius server and user database. Table 8.7 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 321: Client
8-89 CLI Command Reference acct dir [ipAddr] | [ipAddr/fileName] acct tftp <destIpAddr> <srcDir>/<filename> acct purge [force] acct enable acct disable Parameters IP address of the Radius accounting server. portNum Port number of the accounting server. TimeoutVal The time out value thats set for the switch after which it stops attempting to connect to the Radius accounting server.
Page 322: Eap
8-90 WS 5000 Series System Reference Configuring AAA server... AAA database update status: ----------------------------- AAA Server Status Disabled Database Type local 8.6.4 eap AAA Context To configure EAP parameters, use the Eap command. Syntax Parameters None Example WS5000.(Cfg).AAA> eap EAP Configurations ----------------------------- EAP Type peap...
Page 323: Policy
CLI Command Reference Parameters None Example WS5000.(Cfg).AAA> ldap LDAP information LDAP Server IP 157.235.205.4 LDAP Server Port LDAP Bind DN cn=Manager,o=symbol,c=India LDAP Base DN o=symbol,c=India LDAP Password Attribute userPassword LDAP Login Attribute (uid=%{Stripped-User-Name:-%{User-Name} LDAP Group Membership Filter (|(&(objectClass=GroupOfNames)(member=% {Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) LDAP Password...
Page 324: Save
8-92 WS 5000 Series System Reference 8.6.9 save AAA Context To restart the AAA Server with the new configuration settings, use the save command. Syntax save [CR] Parameters None Example WS5000.(Cfg).AAA> save Configuring AAA server... Status : Success. AAA database update status: ----------------------------- AAA Server Status Disabled...
Page 325: Show
8-93 CLI Command Reference 8.6.11 show AAA Context Table 8.8 lists the show commands. Table 8.8 Show Commands Command Description show Display context specific attributes show eap-config Display EAP information show ldap Display LDAP information show certs Display Certificate information show clients Display Clients or details of a specific Client show radius-acct...
Page 326: Aaa Client Context
8-94 WS 5000 Series System Reference 8.7 AAA Client Context Table 8.9 shows the AAA client context commands. Table 8.9 AAA Client Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information.
Page 327: Remove
8-95 CLI Command Reference 8.7.2 remove AAA Client Context To remove a RADIUS client from the WS5000 Series Switch, use the remove command. Syntax remove <client_name> [CR] Parameters Client_name Name of AAA client Example WS5000.(Cfg).AAA.Client> remove new Removing Client... Status: Success.
Page 328: Aaa Eap Context
8-96 WS 5000 Series System Reference 8.8 AAA EAP Context Table 8.10 shows the AAA EAP context commands. Table 8.10 AAA EAP Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye...
Page 329: Peap
Warning: Please commit these changes using Save command in AAA context. WS5000.(Cfg).AAA.EAP> show cert CA Certficate ------------- Issuer /C=IN/ST=Karnataka/L=Bangalore/O=Symbol Technologies India vt Ltd/OU=Testing and Validation/CN=ROOT/emailAddress=KumarBes@symbol.com Serial Number AB111ABF223AA1A1 Valid From 3 08:20:34 2006 GMT Valid Till 2 08:20:34 2006 GMT WS5000.(Cfg).AAA.EAP>...
Page 330: Show
8-98 WS 5000 Series System Reference Example WS5000.(Cfg).AAA.EAP> set eaptype peap Configuring AAA EAP server... Status : Success. Warning: Please commit these changes using Save command in AAA context. WS5000.(Cfg).AAA.EAP> WS5000.(Cfg).AAA.EAP> set eaptype ttls Configuring AAA EAP server... Status : Success. Warning: Please commit these changes using Save command in AAA context.
Page 331 8-99 CLI Command Reference Example WS5000.(Cfg).AAA.EAP> ttls TTLS Configurations ----------------------------- TTLS Type mschapv2 WS5000.(Cfg).AAA.EAP.TTLS>...
Page 332: Aaa Ldap Context
8-100 WS 5000 Series System Reference 8.9 AAA LDAP Context Table 8.11 shows the AAA LDAP context commands. Table 8.11 AAA LDAP Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye...
Page 333: Show
<param_value> Example WS5000.(Cfg).AAA.LDAP> set ip 1.1.1.1 Configuring LDAP Server...Success. LDAP information LDAP Server IP 1.1.1.1 LDAP Server Port LDAP Bind DN cn=Manager,o=symbol,c=India LDAP Base DN o=symbol,c=India LDAP Password Attribute userPassword LDAP Login Attribute (uid=%{Stripped-User-Name:-%{User-Name} LDAP Group Membership Filter (|(&(objectClass=GroupOfNames)(member=% {Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
Page 334 8-102 WS 5000 Series System Reference {Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) LDAP Password secret LDAP Group Name Attribute LDAP Group Membership Attribute radiusGroupName...
Page 335: Aaa Policy Context
8-103 CLI Command Reference 8.10 AAA Policy Context AAA Policy Context shows the AAA policy context commands. Table 8.13 AAA Policy Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye...
Page 336: Set
8-104 WS 5000 Series System Reference Syntax remove <group> <wlan> Parameters group Name of the group to which you add the WLAN wlan Name of the WLAN for the group Example WS5000.(Cfg).AAA.Policy> remove ws5k NewWlan Configuring Policies.. Status : Success. Warning: Please commit these changes using Save command in AAA context.
Page 337: Show
8-105 CLI Command Reference Thursday Friday Saturday Sunday Use the following time format : hhmm Example WS5000.(Cfg).AAA.Policy> set days ws5k Sa Su Mo Adding Access Policy... Status: Success. Warning: Please commit these changes using Save command in AAA context. WS5000.(Cfg).AAA.Policy> set time ws5k 1000 2200 Adding Access Policy...
Page 338: Aaa Proxy Context
AuthIP port Port secret Secret code to access the proxy. Example WS5000.(Cfg).AAA.Proxy> add NewProxy symbol.com 1.1.1.1 1812 secret Adding Proxy... Status: Success. Proxy information Available Proxy Servers: 1. NewProxy. Warning: Please commit these changes using Save command in AAA context.
Page 339: Remove
8-107 CLI Command Reference 8.11.2 remove AAA Proxy Context Use remove to remove a Proxy from the system. Syntax remove <proxyname> [CR] Parameters proxy_name The name of the new proxy being removed. Example WS5000.(Cfg).AAA.Proxy> remove NewProxy Removing Proxy... Status: Success. Warning: Please commit these changes using Save command in AAA context.
Page 340: Show
Display Proxy or details of a specific Proxy proxy config-proxy Display details of Proxy Example WS5000.(Cfg).AAA.Proxy> show config-proxy Proxy information ----------------- Retry Count Retry Delay 6 (seconds) WS5000.(Cfg).AAA.Proxy> show proxy NewProxy Proxy information Proxy Suffix symbol.com Proxy Auth Server IP 1.1.1.1 Proxy Secret secret Proxy Port 1812...
Page 341: Aaa User Database Context
8-109 CLI Command Reference 8.12 AAA User Database Context Table 8.15 shows the AAA user database context commands. Table 8.15 AAA User Database Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye...
Page 342: User
8-110 WS 5000 Series System Reference WLAN Policies: StartTime Policy 0000 EndTime Policy 2359 Days Policy WS5000.(Cfg).AAA.userdb.Group.[newGroup1]> Note You need to enter into the Group sub-context level to add/remove a User/ Group. 8.12.2 user AAA User Database - User Context This is a sub-context of userdb context.To add and remove users, use the user command.Use AAA.userdb.Group context to •...
Page 343: Aaa User Database - Group Context
8-111 CLI Command Reference 8.13 AAA User Database - Group Context The AAA user database group context contains commands to add, remove, and configure Radius user groups. This section describes the commands in the AAA user database group context. Table 8.16 AAA User Database -Group Context Commands Commands Description ..
Page 344: Adduser
8-112 WS 5000 Series System Reference 2. newgroup. Group information Available Policies for this group: WLAN Policies: StartTime Policy 0000 EndTime Policy 2359 Days Policy WS5000.(Cfg).AAA.userdb.Group.[newgroup]> 8.13.2 adduser AAA User Database - Group Context Use adduser to add a user to a group. Syntax adduser <user>...
Page 345: Remove
8-113 CLI Command Reference 1. xyz. StartTime Policy 1000 EndTime Policy 2200 Days Policy Sa-Su-Mo WS5000.(Cfg).AAA.userdb.Group.[ws5k]> 8.13.4 remove AAA User Database - Group Context Use remove to remove a RADIUS group from the system. Syntax remove <group_name> [CR] Parameters group name The RADIUS group that you want to remove from the system.
Page 346: Aaa User Database - User Context
8-114 WS 5000 Series System Reference 8.14 AAA User Database - User Context The AAA user database user context contains commands to add or remove a new user, add ore remove a new group and to configure the user database. Table 8.17 shows the AAA user database Table 8.17 AAA User Database User Context Commands...
Page 347: Adduser
8-115 CLI Command Reference 8.14.2 adduser AAA User Database - User Context Use adduser to add a user to a group Syntax adduser <user> <group> Parameters user Adds a new user to the group group The group name to which you want to add the new User. Example WS5000.(Cfg).AAA.userdb.User>...
Page 348: Set
8-116 WS 5000 Series System Reference Parameters user removes the user from the group. group The group name from which you want to remove the user. Example WS5000.(Cfg).AAA.userdb.User> remuser abc ws5k Configuring Userdb... Status : Success. Warning: Please commit these changes using Save command in AAA context. 8.14.5 set AAA User Database - User Context Use set to set password for an existing user.
Page 349 8-117 CLI Command Reference Available Users: 1.abc. WS5000.(Cfg).AAA.userdb.User> show groups abc Available Groups for the User: 1.ws5k.
Page 350: Access Port (Aport) Context
8-118 WS 5000 Series System Reference 8.15 Access Port (APort) Context The Access Port context lets you name the RF devices (the radios in the Access Ports and converted Access Points) that exist on your WLAN. You can create Access Port instances by hand through the command, or enable them to be created as Access Ports are discovered and adopted by the switch.
Page 351: Port
8-119 CLI Command Reference a_MAC, b_MAC, g_MAC For dual-radio APs, you must supply the MAC of (at least) the AP’s “first” radio. The MAC of the second radio is optional. The a_name, b_name, and g_name arguments refer to the 802.11x radio types. name, a_name, b_name, Unique names that you give to the Access Port and/or its radios.
Page 352: Remove
8-120 WS 5000 Series System Reference Note The system never needs to automatically assign a name to an 802.11g or a frequency-hopping (FH) radio since you’re compelled to supply names for these radios when you add their Access Port instances. Syntax port <APort_name>...
Page 353: Show
8-121 CLI Command Reference Syntax remove <port_name> Parameters port_name Removes the port with the given name. Example WS5000.(Cfg).APort> remove "00:a0:f8:11:12:14 [B]" Removing the dsp device of the radio 00:a0:f8:11:12:14 [B]..Status: Success. 8.15.4 show Access Port (APort) Context Shows the Access Port configuration values. Syntax show show interfaces...
Page 354 8-122 WS 5000 Series System Reference NIC Connected : Ethernet 2 VLAN id : None VLAN Tags seen : None CCA Mode CCA Threshold Diversity : Full Maximum MUs allowed : 256 No. of MUs associated Up Time : 0d:0h:0m Statistics gathering : Disable Tx Packets/second...
Page 355: Access Port Instance
8-123 CLI Command Reference 8.16 Access Port Instance To drop into an Access Port instance, use the < > command from within the context. port name APort Table 8.19 summarizes the commands within this context.Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 356: Reset
8-124 WS 5000 Series System Reference Syntax name <AP_name> Parameters AP_name Name defined for the Access Port. Example WS5000.(Cfg).APort.[ap_name]> name New_AP_name WS5000.(Cfg).APort.[New_AP_name]> 8.16.3 reset Access Port Instance Resets the Access Port or its radio, depending on the parameter value. Syntax reset <reset_flag>...
Page 357 8-125 CLI Command Reference Table 8.20 Access Port Instance “Set” Command Summary (Continued) Set Command Description AP Models Syntax channel Access Port transmit channel. Possible values All except: set channel <value> are: • AP 3020 • <channel#> – Specific channel number •...
Page 358 8-126 WS 5000 Series System Reference Table 8.20 Access Port Instance “Set” Command Summary (Continued) Set Command Description AP Models Syntax statistics Enable/disable Access Port information set statistics <enable_flag> gathering. When enabled, the Access Port reports throughput in packets-per-second, as well as the amount of time that it has been adopted by the switch.
Page 359: Show
8-127 CLI Command Reference Configuring Access Port device... Status: Success. Access Port details... Name : 00:A0:F8:A2:91:7C [B] Device type : AP100 Radio MAC Address : 00:A0:F8:A2:91:7C Device MAC Address : 00:A0:F8:A2:91:7C Port Type Description Status : Active Tx Channel Current Tx Channel Policy Attached : appol1 Tx Power...
Page 360 8-128 WS 5000 Series System Reference Current Tx Channel Policy Attached : appol1 Tx Power : 20 dBm1 Current Tx Power : 20 dBm Location NIC Connected : Ethernet 1 VLAN id : None VLAN Tags seen : None CCA Mode CCA Threshold : 10 Diversity...
Page 361: Access Control List (Acl) Context
8-129 CLI Command Reference 8.17 Access Control List (ACL) Context An Access Control List is a set of rules that governs the adoption of mobile units. Each rule contains a MAC address or MAC address range, and an allow or deny declaration deeming whether the device can have associations with access ports or not.
Page 362: Add
8-130 WS 5000 Series System Reference ACL Name : New ACL Default action on ACL items : allow MAC address (range) Rule ------------------- ---- 00:A0:F8:6E:4A:7A allow WS5000.(Cfg).ACL.[New ACL]> 8.17.2 add Access Control List (ACL) Context Adds a new ACL and then changes the context to the named ACL instance context. Syntax add <ACLname>...
Page 363: Show
8-131 CLI Command Reference Status: Success. Available ACLs: 1. 2-10ACL. WS5000.(Cfg).ACL> 8.17.4 show Access Control List (ACL) Context Display all defined ACLs within the switch. Syntax show Parameters None. Example WS5000.(Cfg).ACL> show Available ACLs: 1. 2-10ACL. WS5000.(Cfg).ACL>...
Page 364: Acl Instance Context
8-132 WS 5000 Series System Reference 8.18 ACL Instance Context Table 8.22 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.22 ACL Instance Context Command Summary Command Description Ref.
Page 365: Set Name
8-133 CLI Command Reference name, addItem, remItem, editItem, and set defaultAction for more details. Syntax set <set_operation> [applicable_parameters] Parameters set_operation The configurable parameters of the ACL. 8.18.2.1 set name ACL Instance Context Renames an ACL, while displaying the MAC addresses included with the ACL. Similar to the name command.
Page 366: Set Remitem
8-134 WS 5000 Series System Reference 8.18.2.3 set remItem ACL Instance Context Removes a device(s) from the ACL. Syntax set remItem <MAC_Address> Parameters MAC_Address The MAC address of the device(s) to be removed. If the MAC address identifies the beginning of an device range, the entire range is removed from the ACL. Example WS5000.(Cfg).ACL.[testacl]>...
Page 367: Show
8-135 CLI Command Reference Parameters allow | deny Indicates a default adoption action for devices that are not associated with any ACL. If allow is set, the device is associated with this ACL. If not, the device remains unassociated. Example WS5000.(Cfg).ACL.[oldACL]>...
Page 368: Access Port Policy (Appolicy) Context
8-136 WS 5000 Series System Reference 8.19 Access Port Policy (APPolicy) Context An Access Port Policy configures a physical Access Port by defining attributes such as beacon interval, RTS threshold, the set of supported data rates, and so on. The APPolicy is also responsible for adding WLANs to the Access Port, and for attaching a Security Policy, Access Control List, and Network Policy (or packet filter) to each AP.
Page 369: Policy
8-137 CLI Command Reference Access Port Policy details for "newpolicy": Policy Name : newpolicy Description Basic Rate for 11a : 6,12,24 Supported Rate for 11a : 9,18,36,48,54 Basic Rate for 11b : 1,2 Supported Rate for 11b : 5.5,11 Basic Rate for 11g : 1,2,5.5,11 Supported Rate for 11g : 6,9,12,18,24,36,48,54...
Page 370: Remove
8-138 WS 5000 Series System Reference DTIM Period BSS 2 : 10 DTIM Period BSS 3 : 10 DTIM Period BSS 4 : 10 Beacon Interval : 100 Allow MUs w/o Spectrum Mgmt : false WME Enaled : Disabled WME Profile Name : Default AP WME Profile WLAN details for the Access Port policy 'appol1' WLAN Name...
Page 371: Access Port Policy Instance
8-139 CLI Command Reference 8.20 Access Port Policy Instance Table 8.24 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.24 Access Port Policy Instance Context Command Summary Command Description Ref.
Page 372: Description
8-140 WS 5000 Series System Reference WLAN details for the Access Port policy 'NY_APpolicy' WLAN Name Network Policy --------- -------------- WLAN_NE WS5000.(Cfg).APPolicy.[NY_APpolicy]> 8.20.2 description Access Port Policy Instance Configures a b rief description for the Access Port Policy instance Syntax description <description_text>...
Page 373: Map
8-141 CLI Command Reference 8.20.3 map Access Port Policy Instance The map command, depending on the specified AP hardware type, moves you into a WLAN-to-BSS/ESS mapping subcontext. Some explanation is necessary, as follows. There are six Access Port device/radio types: AP 100, AP 200a, AP 200b, AP 300(a/g), AP 302x, AP 4121, and AP 4131.
Page 374: Remove
8-142 WS 5000 Series System Reference Parameters appolicy_namename AP policy name of the access port policy. Example WS5000.(Cfg).APPolicy.[NY_appolicy]> name NY_APPolicy Configuring name... Status : Success. WS5000.(Cfg).APPolicy.[NY_APPolicy]> 8.20.5 remove Access Port Policy Instance Remove an AP Policy instance. Syntax remove <APPolicy_name> Parameters APPolicy_name Name of the AP Policy to be removed.
Page 375: Set
8-143 CLI Command Reference Supported Rate for 11a : 9,18,36,48,54 Basic Rate for 11b : 1,2 Supported Rate for 11b : 5.5,11 Basic Rate for 11g : 1,2,5.5,11 Supported Rate for 11g : 6,9,12,18,24,36,48,54 Basic Rate for FH Supported Rate for FH RF Preamble : short RTS Threshold...
Page 376: Set Basicrates
8-144 WS 5000 Series System Reference Access Port Policy details for "NY_APPolicy": Example WS5000.(Cfg).APPolicy.[NY_APPolicy]> set Syntax: set <config_parameter> config_parameter is a required parameter. Valid commands: set name set np set preamble set rtsthreshold set dtim set beacon set basicrates set supportedrates set nonspectrummgmt set wmm set wmeprofile...
Page 377: Set Beacon
8-145 CLI Command Reference Basic Rate for FH Supported Rate for FH RF Preamble : long RTS Threshold : 2347 Bytes DTIM Period : 10 DTIM Period BSS 2 : 10 DTIM Period BSS 3 : 10 DTIM Period BSS 4 : 10 Beacon Interval : 100...
Page 378: Set Nonspectrummgmt
8-146 WS 5000 Series System Reference Syntax set dtim <dtim_period : 1 - 20> set dtim <bss1 | bss2 | bss3 | bss4> <dtim_period : 1 - 20> Parameters dtim period Used to set the range of dtim interval Placeholder for selecting one of the four bss. AP which has only one bss use the value for bss1.
Page 379: Set Np
8-147 CLI Command Reference 8.20.7.5 set np Access Port Policy Instance Assigns the Network Policy that’s associated with the combination of this Access Port Policy and WLAN. Syntax set np <np_name> <wlan_name> Parameters name The name of the Network Policy. wlan_name The name of the WLAN.
Page 380: Set Supportedrates
8-148 WS 5000 Series System Reference Description Basic Rate for 11a : 6,12,24 Supported Rate for 11a : 9,18,36,48,54 Basic Rate for 11b : 1,2 Supported Rate for 11b : 5.5,11 Basic Rate for 11g : 1,2,5.5,11 Supported Rate for 11g : 6,9,12,18,24,36,48,54 Basic Rate for FH Supported Rate for FH...
Page 381: Set Wmm
8-149 CLI Command Reference Basic Rate for 11g : 1,2,5.5,11 Supported Rate for 11g : 6,9,12,18,24,36,48,54 Basic Rate for FH Supported Rate for FH RF Preamble : long RTS Threshold : 2347 Bytes DTIM Period : 10 DTIM Period BSS 2 : 10 DTIM Period BSS 3 : 10...
Page 382: Access Port Map Context
8-150 WS 5000 Series System Reference 8.21 Access Port Map Context See the command for an introduction to the Map context, a context where mapping of WLANs to different Table radio types is configured. The four Map contexts and the radios that use each mapping are shown in 8.25.
Page 383: Select
8-151 CLI Command Reference Table 8.26 Access Port Map Context Command Summary (Continued) Command Description BSS Map (AP Type) Ref. set bw Set the guaranteed bandwidth that is assigned to a 1BSS-to-16ESS page 8-152 (AP200a) WLAN. 4BSS-to-16ESS (AP200b, AP300, AP4121) set primaryWLAN Set the primary WLAN for this map.
Page 384: Set Bss
8-152 WS 5000 Series System Reference 8.21.2 set bss Access Port Map Context Assigns a BSS index ID to a WLAN. The WLAN must already be part of the Access Port Policy that owns this Map. Note This command applies only to: 4BSS-to-16ESS (AP200b, AP300, AP4121) Syntax set bss <bss_index>...
Page 385: Set Primarywlan
8-153 CLI Command Reference Status: Success. 4BSS-16BSS mapping (used for AP200 11b radio, AP300 and AP4121): WLAN Name Primary BW(%) --------- ------- ----- WLAN_NE 20.00% Total BandWidth: 20.00% WS5000.(Cfg).APPolicy.[NY_APpolicy].Map.[4BSS-16ESS]> 8.21.4 set primaryWLAN Access Port Map Context Sets the Primary WLAN for this map. Note This command applies only to: 1BSS-to-16ESS (AP200a), 4BSS-to-16ESS (AP200b, AP300, AP4121).
Page 386: Show
8-154 WS 5000 Series System Reference Example WS5000.(Cfg).APPolicy.[NY_APpolicy].Map.[4BSS-4ESS]> unselect WLAN_NE Success. 4BSS-4ESS mapping (used for AP100): WLAN Name Selected BW(%) --------- -------- ----- WLAN_NE Total BandWidth: 0.00% WS5000.(Cfg).APPolicy.[NY_APpolicy].Map.[4BSS-4ESS]> 8.21.6 show Access Port Map Context Syntax show Parameters None. Example WS5000.(Cfg).APPolicy.[NY_APPolicy].Map.[4BSS-4ESS]> show 4BSS-4ESS mapping (used for AP100): WLAN Name Selected...
Page 387: Classifier Context (Ce)
8-155 CLI Command Reference 8.22 Classifier Context (CE) A Classifier is a predicate that tests various aspects of a network packet: Source and destination IP, transport protocol, and so on. A packet will either “pass” or “fail” the predicate. The action that is taken when a packet passes or fails a Classifier isn’t included in the Classifier definition—that is the job (primarily) of a Classification Group.
Page 388: Remove
8-156 WS 5000 Series System Reference Available Classifiers (CE): 1. Ex HTTP Traffic. 2. Ex Telnet Traffic. 3. RTP_Data. 4. Spectra_Link_Phone. 5. VoIP_Call_Setup_In. 6. VoIP_Call_Setup_Out. 7. VoIP_Ext_Services_Out. 8. VoIP_Ext_Services_In. 9. VoIP_RAS_In. 10. VoIP_RAS_Out. 11. Spectralink_Multicast. 12. TestClassifier. Classifier information... Classifier Name : TestClassifier CE Description # of Matching Criteria assigned...
Page 389: Show
8-157 CLI Command Reference Syntax remove <name> Parameters name The name of the Classifier that is to be removed. Example WS5000.(Cfg).CE> remove TestClassifier Removing Classifier... Status: Success. Classifier information... Available Classifiers (CE): 1. Ex HTTP Traffic. 2. Ex Telnet Traffic. 3.
Page 390: Classifier Instance
8-158 WS 5000 Series System Reference 8.23 Classifier Instance A Classifier instance contains a collection of “matching criteria” (MC). Each MC consists of a network packet attribute and the value to which the attribute is compared. As packets arrive from or are sent to the wireless network, they’re evaluated by the Classifier.
Page 391 8-159 CLI Command Reference Parameters MACsource <MAC_address> The MAC address of the device that sent the packet. The value is a MAC address in the usual form. MACdestination <dest_MAC_address> The MAC address of the device to which the packet is being sent. The value is a MAC address in the usual form.
Page 392: Name
8-160 WS 5000 Series System Reference 8.23.2 name Classifier Instance This CLI is used to change the name of the classifier. Syntax name <name> Parameters name The new name placeholder Example WS5000.(Cfg).CE.[NewTraffic]> name "Ex HTTP Traffic" Configuring name... Status : Success. WS5000.(Cfg).CE.[Ex HTTP Traffic]>...
Page 393: Removemc
8-161 CLI Command Reference 8.23.4 removeMC Classifier Instance Removes the matching criterion for the named criteria. Syntax removeMC <parameters> Parameters See parameters described in addMC command on page 8-158. Example WS5000.(Cfg).CE.[HTTP_ce]> removemc IPsource Removing Matching Criteria... Status: Success. Classifier information... Classifier Name : HTTP_ce CE Description...
Page 394: Show
8-162 WS 5000 Series System Reference 2. 7001-7010. WS5000.(Cfg).CE.[HTTP_ce]> 8.23.6 show Classifier Instance Shows details for this Classifier instance. Syntax show show mc Parameters None. Example WS5000.(Cfg).CE.[Name]> show Classifier information... Classifier Name : HTTP_ce CE Description # of Matching Criteria assigned Matching Criteria details for 'Destination IP' : (MC Offset: 8) Matching Criteria details for 'Source Port' : (MC Offset: 9) 1.
Page 395: Classification Group (Cg) Context
8-163 CLI Command Reference 8.24 Classification Group (CG) Context A Classification Group (CG) is a collection of classifiers that evaluate network packets as they are sent to or received from wireless devices (in Layer 2/layer 3 filters) and wired devices in firewall filters. The CG collects classifiers and specifies what the classifier should do after it evaluates a packet.
Page 396: Remove
8-164 WS 5000 Series System Reference Classification Group information... Available Classification Groups: 1. NetVision_VoIP_In. 2. NetVision_VoIP_Out. 3. New Classification Group. 4. voip_in_cg. Classification Group information... Classification Group Name : voip_in_cg CG Description No of classifiers for this CG WS5000.(Cfg).CG.[voip_in_cg]> 8.24.2 cg Classification Group (CG) Context Changes the prompt to the context for a Classification Group instance.
Page 397: Show
8-165 CLI Command Reference Classification Group information... Available Classification Groups: 1. NetVision_VoIP_In. 2. NetVision_VoIP_Out. 3. voip_in_cg. WS5000.(Cfg).CG> 8.24.4 show Classification Group (CG) Context Display information about a system component or named context instance. Syntax show show ce Parameters None. Example WS5000.(Cfg).CG>...
Page 398: Classification Group Instance
8-166 WS 5000 Series System Reference 8.25 Classification Group Instance When you drop into a Classification Group instance, the CG’s set of Classifiers and associated actions are displayed. Table 8.30 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 399: Name
8-167 CLI Command Reference 8.25.2 name Classification Group Instance Rename a Classification Group Instance. Syntax name <new_name> Parameters new_name New Name that the current Classification Group will be renamed. Example WS5000.(Cfg).CG.[new_CG]> name anotherName Configuring name... Status : Success. WS5000.(Cfg).CG.[anotherName]> 8.25.3 set Classification Group Instance Performs an operation on the Classification Group instance.
Page 400: Classification Group Information
8-168 WS 5000 Series System Reference WS5000.(Cfg).CG.[voip_in_cg]> show ce Classifier information... Available Classifiers (CE): 1. Ex HTTP Traffic. 2. Ex Telnet Traffic. 3. RTP_Data. 4. Spectra_Link_Phone. 5. VoIP_Call_Setup_In. 6. VoIP_Call_Setup_Out. 7. VoIP_Ext_Services_Out. 8. VoIP_Ext_Services_In. 9. VoIP_RAS_In. 10. VoIP_RAS_Out. 11. New HTTP Traffic Classifier. WS5000.(Cfg).CG.[voip_in_cg]>...
Page 401: Show
8-169 CLI Command Reference Syntax show Parameters None. Example WS5000.(Cfg).CG.[CG_name]> show Classification Group information... Classification Group Name : anotherName CG Description : This is a VOIP Group No of classifiers for this CG WS5000.(Cfg).CG.[CG_name]>...
Page 402: Chassis Context
8-170 WS 5000 Series System Reference 8.26 Chassis Context Display and manage CPU and system temperature. Table 8.31 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.31 Chassis Context Command Summary Command Description Ref.
Page 403: Show
8-171 CLI Command Reference CPU Temperature 42 C 48 C 40 C System Temperature 38 C 40 C 36 C 30 C System Fan (rpm) 8437 8653 8437 None CPU Fan (rpm) 23275 675000 5000 None System Fan 2 None System Fan 3 None System Fan 4...
Page 404: Ethernet Port Context
8-172 WS 5000 Series System Reference 8.27 Ethernet Port Context There are two Ethernet ports on WS5000 Series switches. • Port 1 connects (by convention) to the wired LAN. • Port 2 connects to the wireless LAN. Table 8.32 summarizes the commands within this context. Common commands between multiple contexts are...
Page 405: Show
8-173 CLI Command Reference Network Mask : 255.255.255.0 Domain Name : domain1 Port type (trunk/non-trunk) : Non-Trunk VLAN Tags seen : None Up-Time : 12d:03h:54m Transmit packets : 4260726 Received packets : 4959514 Gateway : 111.222.111.254 DNS servers 1. 111.222.111.100. WS5000.(Cfg).Ethernet.[1]>...
Page 406: Ethernet Port Instance
8-174 WS 5000 Series System Reference 8.28 Ethernet Port Instance There are two Ethernet Port instances, one for each of the WS5000’s NICs. The instances are identified by number: 1 or 2. By convention, the WLAN is connected to the switch through NIC 1, and NIC 2 connects the switch to the wired network.
Page 407: Set
8-175 CLI Command Reference Configuring IP address of Ethernet 1... Status: Success. Name : Ethernet 1 Network Interface Card # Description : Ethernet Adapter MAC Address : 00:A0:F8:65:94:B8 Status : Enable Online : Yes Configured Mode : auto Negotiated Mode - Duplex : Full Negotiated Mode - Speed : 100...
Page 408 8-176 WS 5000 Series System Reference attribute Description nonTrunk Sets the port to be non-trunked. trunk <primary_vLanID> Sets the port to be a trunked. vLanId Sets the primary VLAN ID. The port automatically becomes trunked. clearVlanTags Clears the VLAN tag register. Example WS5000.(Cfg).Ethernet.[1]>...
Page 409: Show
8-177 CLI Command Reference 8.28.3 show Ethernet Port Instance Display Ethernet Port instance information. Syntax show show interfaces Parameters (none) Display a list of Ethernet port instances. interfaces Shows adopted Access Port info and lists the switch’s Ethernet ports Example WS5000.(Cfg).Ethernet.[1]>...
Page 410: Ethernet Policy (Etherpolicy) Context
WS 5000 Series System Reference 8.29 Ethernet Policy (EtherPolicy) Context Ethernet policies are used by the WS5000 Series switch to configure a VLAN ID to an Ethernet port. Table 8.34 summarizes the commands within this context. Common commands between multiple contexts are...
Page 411: Policy
8-179 CLI Command Reference WS5000.(Cfg).EtherPolicy.[LabEtherPolicy]> 8.29.2 policy Ethernet Policy (EtherPolicy) Context Changes the prompt to the context of the named Ethernet policy instance. Syntax policy <name> Parameters name Selects the Ethernet policy. Example WS5000.(Cfg).EtherPolicy> policy LabEtherPolicy Ether Policy Name : LabEtherPolicy Description Rest of Network on : Ethernet 2...
Page 412 8-180 WS 5000 Series System Reference Syntax show Parameters None. Example WS5000.(Cfg).EtherPolicy> show Available EtherPolicies are: 1. Default Ethernet Policy. 2. New Ethernet Port Policy. 3. eth1. WS5000.(Cfg).EtherPolicy>...
Page 413: Ethernet Policy Instance
8-181 CLI Command Reference 8.30 Ethernet Policy Instance An Ethernet policy instance configures the two Ethernet ports to support the LAN and the WLAN, and creates and maps VLANs to the two ports. Table 8.35 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 414: Add Tunnel
8-182 WS 5000 Series System Reference Adding VLAN... Status : Success. Ether Policy Name : LabEtherPolicy Description Rest of Network on : Ethernet 2 VLANs mapped are: LAN2 --> Ethernet: 2 VLAN 200 --> Ethernet: 1 Interface Priority # of WLANs Ethernet Policy --------- --------...
Page 415: Remove Tunnel
8-183 CLI Command Reference Syntax remove <vlan_id> Parameters vlan_id The ID number of the VLAN that’s to be removed. For a list of VLAN IDs, invoke show vlan Example WS5000.(Cfg).EtherPolicy.[LabEtherPolicy]> remove LAN2 Ether Policy Name : LabEtherPolicy Description Rest of Network on : Ethernet 2 VLANs mapped are: WS5000.(Cfg).EtherPolicy.[LabEtherPolicy]>...
Page 416: Show
8-184 WS 5000 Series System Reference Parameters attribute Description ronnic <Ethernet_Port#> Sets the “rest of the network” NIC. This is the NIC that connects the switch to the wired network. Possible values are: • 1 – Ethernet port 1 • 2 – Ethernet port 2 description <text_string>...
Page 417: Tunnel
8-185 CLI Command Reference 8.30.7 tunnel Use this to configure a tunnel. Syntax tunnel <tunnel_name> Parameters tunnel_name Place holders for one of the existing GRE tunnels that you want to configure. Example WS5000.(Cfg).EtherPolicy.[tunnelEP]> tunnel tunnel3 Tunnel Interface Priority # of WLANs Ethernet Policy ------- ---------...
Page 418: Set
8-186 WS 5000 Series System Reference 8.31 Event Context The Event context provides a place to configure notifications and severities of system events. Table 8.36 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 419: Syslog
8-187 CLI Command Reference default This form of the command resets all events to their factory defaults. 8.31.2 syslog Event Context Changes the prompt to the Syslog Context. See page 8-189 for more details. 8.31.3 show Event Context Display available system events, and notification settings in terms of the following logging: •...
Page 420 8-188 WS 5000 Series System Reference 27 MU EAP auth failed Enabled Enabled Disabled 28 MU EAP auth success Enabled Enabled Disabled 29 MU Kerberos auth failed Enabled Enabled Disabled 30 MU Kerberos auth success Enabled Enabled Disabled 31 MU TKIP [decrypt failure] Enabled Enabled Disabled...
Page 421: Syslog Context
8-189 CLI Command Reference 8.32 Syslog Context The Syslog context is a subcontext of Event. The commands in the Syslog context let you configure and control the remote and local event logging system. The remote service sends system logging information to a remote host, which must have a message logging daemon running.
Page 422: Local
8-190 WS 5000 Series System Reference Syntax add <host_name> <IP_address> [domain] Parameters host_name Gives a (local) name to the host. IP_address IP address of the remote host. domain Optional domain name of the remote host. Example WS5000.(Cfg).Event.Syslog> add SFhost 111.222.111.32 domain1 Adding Host...
Page 423: Logsubsys
8-191 CLI Command Reference Syntax logdir logdir <username> Parameters username A user of the switch as configured in cfg>user context. Example WS5000.(Cfg).Event.Syslog> logdir File Name Bytes Date & time ======================================================== SymbolLocal.syslog Thu Feb 23 03:14:13 2006 WS5000.(Cfg).Event.Syslog> 8.32.4 logsubsys Syslog Context Selects the subsystem logs (used for debugging) to be sent to the remote syslog server.
Page 424: Ping
8-192 WS 5000 Series System Reference logsubsys driver Parameters subsys Use any of the above mentioned subsys. enable/disable enable or disable the selected subsys. Example WS5000.(Cfg).Event.Syslog> logsubsys driver enable Success!! Subsystems Enabled: driver Subsystems saved: driver enable WS5000.(Cfg).Event.Syslog> 8.32.5 ping Syslog Context Ping is used to send ICMP ECHO_REQUEST packets to network hosts.
Page 425: Remlocal
8-193 CLI Command Reference Syntax purgelocal Parameters None Example WS5000.(Cfg).Event.Syslog> purgelocal Clearing local syslog memory...done. WS5000.(Cfg).Event.Syslog> 8.32.7 remlocal Syslog Context This command is used to delete the specified local syslog file. Use 'logdir' to view list of previously saved local syslog files.
Page 426: Save Local
8-194 WS 5000 Series System Reference 8.32.9 save local Syslog Context This is used to save local syslog in specified file. Syntax save local <file_name> Parameters file_name the naame of the local log file without the .syslog extension. Example WS5000.(Cfg).Event.Syslog> save local SymbolLocal Saving local syslog...done WS5000.(Cfg).Event.Syslog>...
Page 427 8-195 CLI Command Reference emerg Enable or disable Severity level Emergency. alert Enable or disable Severity level Alert. crit Enable or disable Severity level Critical. Enable or disable Severity level Error. warning Enable or disable Severity level Warning. notice Enable or disable Severity level Notice. info Enable or disable Severity level Info.
Page 428: Show
8-196 WS 5000 Series System Reference 8.32.11 show Syslog Context Display information about the syslog service. Syntax show Parameters None. Example WS5000.(Cfg).Event.Syslog> show Syslog Status: Enable (Syslog Deamon is Running). Host emerg alert crit warning notice info debug ---- ----- ----- ---- ------- ------...
Page 429: Stop
8-197 CLI Command Reference ---- ----- ----- ---- ------- ------ ---- ----- SFhost WS5000.(Cfg).Event.Syslog> 8.32.13 stop Syslog Context Stops the syslog service. Syntax stop Parameters None. Example WS5000.(Cfg).Event.Syslog> stop Status: Success. Syslog Status: Disable (Syslog Deamon is not running). Host emerg alert crit...
Page 430: Ftp Context
8-198 WS 5000 Series System Reference 8.33 FTP Context Table 8.38 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.38 FTP Context Command Summary Command Description Ref.
Page 431: Show
8-199 CLI Command Reference None. Example WS5000.(Cfg).FTP> disable Disabling... Status : Success. FTP Status: Disabled. WS5000.(Cfg).FTP> 8.33.3 show FTP Context Display the state of the FTP server. Syntax show Parameters None. Example WS5000.(Cfg).FTP> show FTP Status: Active. WS5000.(Cfg).FTP>...
Page 432: Fw (Firewall) Context
8-200 WS 5000 Series System Reference 8.34 FW (Firewall) Context Firewall is used to configure a LAN for traffic filtering.You need to first enable the VPN support to enter the firewall context. You need to first create a NP and then add it to an exisitng LAN in the firewall context. Table 8.39 summarizes the commands within this context.
Page 433: Addnat
8-201 CLI Command Reference 2. LAN2 3. LAN_VPN 4. testLAN LAN information: LAN details... Name : testLAN Description allow : https http telnet ftp deny NAT list: WS5000.(Cfg).Fw.[testLAN]> 8.34.2 addnat FW (Firewall) Context This command is used to add a NAT (Network Address Translation) entry to a specific LAN/LAN+ VLAN combination.
Page 434: Addnp
8-202 WS 5000 Series System Reference allow : https http telnet ftp deny NAT list: 1: 1.2.3.4,10.2.3.4 WS5000.(Cfg).Fw.[LAN1]> 8.34.3 addnp FW (Firewall) Context This command is used to add a new NP (network policy) to the system. Syntax addnp <lan_name> <NP> enter remove to delete the existing NP. Parameters lan_name The LAN in which this network policy should be added to.
Page 435: Addpf
8-203 CLI Command Reference LAN information: Available LANs: 1. LAN1 2. LAN2 3. LAN_VPN WS5000.(Cfg).Fw> addnp LAN2 TestNP Addng a NP (network policy) entry to a LAN... Status: Success. LAN information: Available LANs: 1. LAN1 2. LAN2 3. LAN_VPN WS5000.(Cfg).Fw> lan 2 LAN information: LAN details...
Page 436: Lan
8-204 WS 5000 Series System Reference LAN information: Available LANs: 1. LAN1 2. LAN2 3. LAN_VPN WS5000.(Cfg).Fw> 8.34.5 lan FW (Firewall) Context Use this command to select a LAN to configure. Syntax lan <lan_name> Parameters lan_name LAN which is to be configured. Could be one of LAN 1 or LAN 2 or LAN_VPN. Example WS5000.(Cfg).Fw>...
Page 437: Show
8-205 CLI Command Reference LAN information: Available LANs: 1. LAN1 2. LAN2 3. LAN_VPN 4. lan WS5000.(Cfg).Fw> 8.34.7 show FW (Firewall) Context This command is used to display the ACL information, security policy detials, LAN details and other context specific attributes. Syntax show acl show securitypolicy...
Page 438 8-206 WS 5000 Series System Reference WS5000.(Cfg).Fw>...
Page 439: Fw Instance
8-207 CLI Command Reference 8.35 FW Instance Table 8.40 Firewall Instance Command Summary Command Description Ref. .. or end Terminate a current session and moves up a context, hierarchically. page 8-7 exit Terminate a current session and returns to the “root” prompt. page 8-7 ? or help Get the command information.
Page 440: Show
8-208 WS 5000 Series System Reference LAN information: LAN details... Name : LAN1 Description : Public LAN : Default Network Policy allow : https http telnet ftp deny NAT list: 1: 1.2.3.4,10.2.3.4 WS5000.(Cfg).Fw.[LAN1]> 8.35.2 show FW Instance This command is used to display firewalls LAN information. Syntax show Parameters...
Page 441: Host Context
8-209 CLI Command Reference 8.36 Host Context The Host context collects the various hosts that are declared in other contexts. Table 8.41 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 442: Host
8-210 WS 5000 Series System Reference 8.36.2 host Host Context Changes the prompt to the context of a specified Host instance context. Syntax edit <host> Parameters host The name of the host that you want to edit. Example WS5000.(Cfg).Host> host NYhost Host Name IP Address Domain...
Page 443 8-211 CLI Command Reference Parameters host The name of the host defined in the system. syslog Displays the syslog details. system Displays the system information. Example WS5000.(Cfg).Host> show host NYhost 111.222.111.30 NYdomain Host Name IP Address Domain --------- ---------- ------ WS5000.(Cfg).Host>...
Page 444: Host Instance
8-212 WS 5000 Series System Reference 8.37 Host Instance The Host instance context lets you modify an entry in the host list. Table 8.42 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 445: Show
System Name : WS5000 Description : WS5000 Wireless Network Switch Location Software Ver. : 1.4.1.0-003D Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F86594B8 Number of Licenses : 48 Max Access Ports...
Page 446: Kdc Context
8-214 WS 5000 Series System Reference 8.38 KDC Context KDC Context The KDC context provides configuration options to configure the switch-resident Kerberos Key Distribution Center (KDC) as a Master or Slave. Table 8.43 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 447: Authenticate
IP address of the Slave KDC domain Domain of the Slave KDC. Example WS5000.(Cfg).KDC> add mu symbol 10 Enter password for the mu "symbol" : ****** Confirm password for mu "symbol" : ****** Adding mu 'symbol' to the KDC. Status: Success.
Page 448: Dump
Slave KDC to be removed. name Name of the User (MU) or slave KDC. ip_address IP address of the slave KDC. domain Domain of the slave KDC. ntp_server NTP server index: 1 - 3 or all. Example WS5000.(Cfg).KDC> remove mu symbol...
Page 449: Set
8-217 CLI Command Reference Deleting mu 'symbol' from the KDC. Status: Success. List of active MUs (KDC user):No active Users available. WS5000.(Cfg).KDC> WS5000.(Cfg).KDC> remove slavekdc standby 1.1.1.1 symbol.com Deleting slave KDC..Status: Success. The system is configured as MASTER KDC.
Page 450 8-218 WS 5000 Series System Reference slave Configure the switch as slave KDC. clear Clear all KDC configuration on the switch. realm Kerboros realm name. masters_name Name assigned to the Master KDC. Required if kdc_type is slave. masters_ip Domain over which the KDC has dominion.Required is kdc_type is slave. if_num interface number, 1 or 2.
Page 451: Show
8-219 CLI Command Reference WS5000.(Cfg).KDC> set ntpserver 1 192.192.4.111 Configuring time server (NTP) ..Status : Success. Time Server (NTP) details: Primary NTP Server : 192.192.4.111 First alternate NTP Server Second alternate NTP Server WS5000.(Cfg).KDC> WS5000.(Cfg).KDC> set slave test1 test2 1.1.1.1 2 Configuring KDC as slave.
Page 452 8-220 WS 5000 Series System Reference Interface : ethernet1 User count (Active + deleted) Active users (MUs and WLANs) Slave KDCs IP Address Domain ---------- ---------- ------ slaveKDC_NY 111.222.111.30 NYdomain1 List of all active KDC users (MUs & WLANs): Type Name Ticket Life ESSID...
Page 453: Synchronize
Master KDC database to the Slave KDC. Syntax synchronize <slave_name> <slave_ip> <slave_domain> Parameters slave_name Name of the KDC slave. slave_ip IP address of the KDC slave. slave_domain Domain of the KDC slave. Example WS5000.(Cfg).KDC> synchronize standby 111.222.111.30 Symbol.com Synchronizing slave KDC (standby) DB with master..
Page 454: Network Policy (Np) Context
8-222 WS 5000 Series System Reference 8.39 Network Policy (NP) Context A Network Policy is a collection of packet filters that you can use to implement various Quality of Service requirements. Each Network Policy contains an inbound Policy Object and an outbound Policy Object. The inbound policy filters packets that are sent from wireless devices to the WS5000.
Page 455: Remove
8-223 CLI Command Reference 3. New Network Policy. 4. NY_ntwk_SwitchPolicy. Network Policy information Network Policy Name : NY_ntwk_SwitchPolicy Policy Description Outbound Policy Object name Inbound Policy Object name WS5000.(Cfg).NP.[NY_ntwk_SwitchPolicy]> 8.39.2 np Network Policy (NP) Context Changes the prompt to the context of a specific Network Policy instance. Syntax np <name>...
Page 456: Show
8-224 WS 5000 Series System Reference Removing Network Policy... Status: Success. Network Policy information Available Network Policies: 1. Default Network Policy. 2. NetVision_VoIP_Priority. 3. NY_ntwk_SwitchPolicy. WS5000.(Cfg).NP> 8.39.4 show Network Policy (NP) Context Shows Network Policy details. Syntax show Display context specific attributes show ce Display Classifiers show cg...
Page 457: Network Policy Instance
8-225 CLI Command Reference 8.40 Network Policy Instance Table 8.45 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.45 Network Policy Instance Context Command Summary Command Description Ref.
Page 458: Show
8-226 WS 5000 Series System Reference inboundpolicy Assign Input Policy Object. outboundpolicy Assign Output Policy Object. ERROR: Command 'set' cancelled due to invalid or unrecognized parameter. WS5000.(Cfg).NP.[NY_NetworkPolicy]> WS5000.(Cfg).NP.[NY_NetworkPolicy]> show po Policy Object information..Available Policies (PO): 1. NetVision Priority for RF. 2.
Page 459 8-227 CLI Command Reference WS5000.(Cfg).NP.[NY_NetworkPolicy]>...
Page 460: Policy Object (Po) Context
8-228 WS 5000 Series System Reference 8.41 Policy Object (PO) Context Table 8.46 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.46 Policy Object Context Command Summary Command Description Ref.
Page 461 8-229 CLI Command Reference Incomplete command... use '?' for help..exiting... WS5000.(Cfg).PO> add Inbound 2 Adding Policy Object... Status: Success. Policy Object information..Available Policies (PO): 1. NetVision Priority for RF. 2. NetVision Packet Marking for Ethernet. 3. New Input Policy. 4.
Page 462: Remove
8-230 WS 5000 Series System Reference 8.41.3 remove Policy Object (PO) Context Removes a Policy Object instance. Syntax remove <name> Parameters name The name of the Policy Object to be removed. Example WS5000.(Cfg).PO> remove Inbound Removing Policy Object... Status: Success. Policy Object information..
Page 463 8-231 CLI Command Reference 5. Inbound. WS5000.(Cfg).PO>...
Page 464: Policy Object Instance
8-232 WS 5000 Series System Reference 8.42 Policy Object Instance Table 8.47 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.47 Policy Object Instance Context Command Summary Command Description Ref.
Page 465: Available Classification Groups: 1. Netvision_Voip_In
8-233 CLI Command Reference attribute Description Syntax priority set tos <bits> <cg_name> Sets the ToS packet marking bits for packets marked with the named Classification Group. The bits value is the packet marking/ToS given as a 6-bit bit-field. For example: 101101 Example WS5000.(Cfg).PO.[Inbound]>...
Page 466: Show
8-234 WS 5000 Series System Reference Network Policy Name : NetVision Priority for RF Description Type : Outbound Access Port Default action : Allow No of CG Associated with the Policy Object: 1 The list of CG associated: 1. NetVision_VoIP_Out. Tx-Profile Pkt Modifier(s) WME-AC...
Page 467: Radius Context
8-235 CLI Command Reference 8.43 Radius Context The Radius context enables you to specify an external Radius server for authenticating network users (Web, Telnet, and SSH) and local user through the serial port. Table 8.48 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 468: Set Primary
8-236 WS 5000 Series System Reference Server Host Name/IP Port Retry Timeout ------ ------------ ---- ----- ------- Primary 157.235.207.46 1812 Secondary Not defined 1812 WS5000.(Cfg).RADIUS> 8.43.1.2 set primary Radius Context Sets the identity or parameter value of the primary Radius server. Syntax set primary <radius_parameter>...
Page 469: Show
8-237 CLI Command Reference Syntax set secondary <radius_parameter> <value> set secondary host <host_name/IP> [port] [timeout] [retry] set secondary port <port: 1-65535> set secondary timeout <time: 5-20> set secondary retry <retry: 1-10> Parameters attribute value Description host name | IP [port] [timeout] [retry] Identifies the Radius server by name or IP address.
Page 470 8-238 WS 5000 Series System Reference Network users (Web, Telnet, etc.) : Enable Local users (via serial port) : Enable Authenticate locally if Radius server refuses access : Enable Server Host Name/IP Port Retry Timeout ------ ------------ ---- ----- ------- Primary SFhost 1812...
Page 471: Rogueap Context
8-239 CLI Command Reference 8.44 Rogueap Context The RougeAP context helps you to configure RogueAP detection for the system. Table 8.49 RogueAP Context Command Summary Command Description Ref. .. or end Terminate a current session and moves up a context, hierarchically. page 8-7 exit Terminate a current session and returns to the “root”...
Page 472: Detectorap
8-240 WS 5000 Series System Reference 8.44.2 detectorap Rogueap Context Use detectorap to view or configure DetectorAP List for DetectorAP scan. Syntax detectorap Parameters None Example WS5000.(Cfg).rogueap.detectorap> add "00:A0:F8:BF:8A:6B [A]" Adding DetectorAP... Status: Success. Available DetectorAPs: ---------------------- 00:A0:F8:BF:8A:6B [A] WS5000.(Cfg).rogueap.detectorap> 8.44.3 roguelist Rogueap Context Use roguelist to view or configure Approved AP List for RogueAP detection.
Page 473: Set
8-241 CLI Command Reference Parameters None Example WS5000.(Cfg).rogueap.rulelist> add 11:22:22:22:22:22 test Adding AuthAP... Status: Success. Authorise Symbol AP : disable Index ESSID ----- ---- ----- 11:22:22:22:22:22 test WS5000.(Cfg).rogueap.rulelist> 8.44.5 set Rogueap Context Use set to set or reset any or all of the detection mechanism.
Page 474: Show
8-242 WS 5000 Series System Reference Configuring APScan... Status: Success. RogueAP configuration details: ------------------------------ RogueAP Status : enable MU Scan Status : disable AP Scan Status : enable Detector Scan Status : disable MU Scan Interval(min.) AP Scan Interval(min.) Detector Scan Interval(min.) WS5000.(Cfg).rogueap>...
Page 475: Security Policy Context
8-243 CLI Command Reference 8.45 Security Policy Context Table 8.50 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.50 Security Policy Context Command Summary Command Description Ref.
Page 476: Policy
8-244 WS 5000 Series System Reference EAP PreAuthentication : Enabled Opportunistic PMK Caching : Enabled Encryption Open KeyGuard-MCM TKIP AES CCMP ---------- ---- ------------ ---- -------- Status: Enable Disable Disable Disable Disable Authentication Pre-Shared Kerberos 802.1x,EAP with Radius -------------- ---------- -------- ---------------------- Status:...
Page 477: Show
8-245 CLI Command Reference Example WS5000.(Cfg).SecurityPolicy> remove NewKerberosPolicy Removing Security Policy... Status: Success. Available Security Policies: 1. Kerberos Default. 2. Default. 3. WEP40 Default. 4. WEP128 Default. 5. New WEP Security Policy. WS5000.(Cfg).SecurityPolicy> 8.45.4 show Security Policy Context Lists the available Security Policy instances. Syntax show Display context specific attributes...
Page 478: Security Policy Instance
• Open – No encryption; any unsecured Mobile Unit is allowed to associate with the system unless the adoption list specifically excludes it. • KeyGuard encryption for TKIP (Temporal Key Integrity Protocol) – This mode is only supported by Symbol mobile devices. KeyGuard requires a 128-bit WEP key.
Page 479: Set
• kerberos • eap You can enter multiple authetication values in the CLI with a space between each value. Note The WS5000 Series Switch does not work with the combination of wep40 encryption and kerberos authentication. Pre-Shared Key (PSK) Settings presharedKey Sets the PSK key in either ASCII or Hexidecimal format.
Page 480 8-248 WS 5000 Series System Reference attribute Description Syntax wepKey Sets the WEP key string for the given key index. Valid set wepKey <key_index> <key key_index values are [1, 4]. The key_string argument must string> be enclosed in quotation marks. Kerberos Settings kerberos Sets the active WEP key string, identified by key index.
Page 481 8-249 CLI Command Reference set wepkey set activewepkey set kerberos set eap set radius set groupkeyupdate set presharedkey set preauthentication set opppmkcaching ERROR: Command 'set' cancelled due to invalid or unrecognized parameter. WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set wepkey Enter the WEP Key number or keyword 'string' to generate the Keys. Enter 'default' to set the WEP Keys to default values.
Page 482 8-250 WS 5000 Series System Reference WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set eap quietperiod Enter the value for EAP quietperiod. Syntax: set eap quietperiod <period: 1-99> [CR] Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set eap txperiod Enter the value for EAP txperiod.
Page 483: Show
8-251 CLI Command Reference WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set preauthentication Enter 'enable' or disable' Syntax: set preauthentication <enable/disable> [CR] Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set opppmkcaching Enter 'enable' or disable' Syntax: set opppmkcaching <enable/disable> [CR] Incomplete command...
Page 484: Sensor Context
8-252 WS 5000 Series System Reference 8.47 Sensor Context Table 8.52 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.52 Sensor Context Command Summary Command Description Ref.
Page 485: Disable
8-253 CLI Command Reference 8.47.2 disable Sensor Context Disbales the sensor functionality. Syntax disable Parameters None Example WS5000.(Cfg).sensor> disable Disable Sensor Functionality ... Status : Success. WS5000.(Cfg).sensor> 8.47.3 enable Sensor Context Enables the sensor functionality Syntax enable Parameters None Example WS5000.(Cfg).sensor>...
Page 486: Sensor
8-254 WS 5000 Series System Reference Status : Success. WS5000.(Cfg).sensor> 8.47.5 sensor Sensor Context This is used to configure a sensor. Syntax sensor <sensor/ap300 mac address> Parameters sensor The mac address of the sensor to be configured ap300 mac address The mac address of the AP to be configured Example WS5000.(Cfg).sensor>...
Page 487 8-255 CLI Command Reference Sensor AP's ----------- 1. 00:A0:F8:AA:BB:CC WS5000.(Cfg).sensor>...
Page 488: Sensor Instance
8-256 WS 5000 Series System Reference 8.48 Sensor Instance Table 8.53 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.53 Sensor Instance Command Summary Command Description Ref.
Page 489: Show
8-257 CLI Command Reference gateway Set the gateway address primary Set primary WIPS server's IP address secondary Set secondary WIPS server's IP address Example WS5000.(Cfg).sensor.[00:A0:F8:AA:BB:CC]> set dhcp enable Configuring Sensor Parameters... Status: Success. Sensor Details -------------- DHCP : enable Primary WIPS IP : 0.0.0.0 Secondary WIPS IP : 0.0.0.0...
Page 490: Snmp Context
8-258 WS 5000 Series System Reference 8.49 SNMP Context The Wireless 5000 Series Switch supports Simple Network Management Protocol (SNMP) version 1 ,SNMP v2 and SNMP v3. The switch supports SNMPv1 and SNMPv2 traps. Use the CLI context to configure the SNMP trap destinations, the SNMP clients as well as the SNMP SNMP agent status.
Page 491: Disable
8-259 CLI Command Reference Syntax enable Parameters None. Example WS5000.(Cfg).SNMP> enable Enabling... Status : Success. SNMP details: ------------- SNMP (deamon) Status : Enabled SNMP Traps : Disabled 8.49.2 disable SNMP Context Stops the SNMP daemon. Syntax disable Parameters None. Example WS5000.(Cfg).SNMP>...
Page 492: Set
8-260 WS 5000 Series System Reference 8.49.4 set SNMP Context Syntax set <kdcconfig | snmptrap | traphost> Parameters set kdcconfig Enable/disable KDC configuration through SNMP set snmptrap Enable/disable SNMP traps (global flag) set traphost Configure SNMP trap destination 8.49.4.1 set kdcconfig SNMP Context Allows or disallows the configuration of the on-board Kerberos KDC through SNMP.
Page 493: Set Traphost
Port number to which the traps would be sent version SNMP trap version (v1 or v2) Example To configure the SNMP v1 trap host at 192.168.204.4, with community name as Symbol, and use port 162, enter: set traphost 192.168.204.4 Symbol 162 v1 WS5100.(Cfg).SNMP>...
Page 494: Show
8-262 WS 5000 Series System Reference 8.49.5 show SNMP Context Displays the various details of the SNMP in the switch. Syntax show configaccess show snmpclients show snmpstatus show traphosts show v3users Parameters configaccess Displays configured system access restrictions snmpclients Displays the configured SNMP clients snmpstatus Displays the current SNMP status traphosts...
Page 495 IP Address Community Name ----- ---- ---------- -------------- 1. Read/Write 157.235.208.44 symbol 8.49.7 v3 SNMP Context Use v3 to configure SNMP v3 access parameters. You need to enter the v3 Context to configure the SNMP v3 parameters. Syntax Parameters None Example WS5000.(Cfg).SNMP>...
Page 496: V2 Context
— readwrite client_ip IP address of the SNMP client. community_name Name of the community the client is a member of. port_no Optional port number. The default is Example WS5000.(Cfg).SNMP.v2> remove rw 172.34.35.68 symbol Removing SNMP Client... Status : Success.
Page 497: Set
IP address of the snmp client. community_name Name of the SNMP community. port_no SNMP port (0 - 65535), default is Example WS5000.(Cfg).SNMP.v2> set client rw 172.34.35.68 symbol Configuring SNMP client... Status : Success. State Port IP Address Community Name...
Page 498 8-266 WS 5000 Series System Reference Example WS5000.(Cfg).SNMP.v2> show State Port IP Address Community Name ----- ---- ---------- -------------- 1. Read/Write 172.34.35.68 symbol WS5000.(Cfg).SNMP.v2> show snmpclients State Port IP Address Community Name ----- ---- ---------- -------------- 1. Read/Write 172.34.35.68 symbol...
Page 499: V3 Context
8-267 CLI Command Reference 8.51 v3 Context SNMP Context The v3 context provides commands that configure the SNMP v3 access parameters. Table 8.55 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 500: Show
8-268 WS 5000 Series System Reference SNMP v3 User Auth. Priv. ------------------------------- snmpv3AllRW snmpv3AllRO 8.51.2 show v3 Context Displays the details of the SNMP v3 in the switch Syntax show show v3users Parameters v3users Display the SNMP v3 user profile details Example WS5000.(Cfg).SNMP.v3>...
Page 501: Ssh (Secure Shell) Context
The SSH context lets you configure the WS5000’s Secure Shell daemon. Note Do not change the SSH port number because this can create conflicts with other applications running in the WS5000 Series Switch. Table 8.57 summarizes the commands within this context. Common commands between multiple contexts are...
Page 502: Show
8-270 WS 5000 Series System Reference 8.52.2 show SSH (Secure Shell) Context Display connection configuration and session information. Syntax show <attribute> <value> Parameters (none) Display SSH configuration and session information. telnet Display telnet configuration and session information. See 8.58 Telnet Context on page Display SSH configuration and session information.
Page 503: Ssl (Secure Socket Layer) Context
8.53 SSL (Secure Socket Layer) Context The SSL context defines the protocol (http or https) that a client needs to access the WS5000 Series Switch applet, or graphical user interface. With SSL enabled, the applet can only be accessed through the (secure) https protocol;...
Page 504 8-272 WS 5000 Series System Reference Syntax disable Parameters None. Example WS5000.(Cfg).SSL> disable 8.53.3 revert certificate SSL (Secure Socket Layer) Context Tells the Web server to use the currently installed authentication certificate. You use this command after uploading a new certificate. Until the certificate is reverted, clients will not be able to establish new connections to the applet.
Page 505: Standby Context
8-273 CLI Command Reference 8.54 Standby Context The Standby context lets you configure the failover system (aka “Standby” or “warm Standby”). You need two switches to implement the failover system: The “Primary” switch handles all network traffic; the Standby switch takes over if the Primary switch goes down. After the Primary comes back up, it can automatically take over active duty, or you can configure the switch so that it waits to be re-activated manually.
Page 506: Set Autorevert
8-274 WS 5000 Series System Reference 8.54.1 enable Standby Context Adds the switch to the Standby system. Syntax enable Parameters None. Example WS5000.(Cfg).standby> enable 8.54.2 disable Standby Context Removes the switch from the Standby system. Syntax disable Parameters None. Example WS5000.(Cfg).standby>...
Page 507: Set Ardelay
8-275 CLI Command Reference 8.54.4 set arDelay Standby Context Enables or disables the (sending of the) heartbeat on a particular NIC by setting an auto-revert delay, in minutes. Note You must call disable before calling this command. Syntax set arDelay <delay> Parameters delay The delay time, in minutes.
Page 508: Set Mode
8-276 WS 5000 Series System Reference Parameters port Either the MAC address of the port, or auto for automatic discovery. The local NIC through which the heartbeat is sent. Either Example WS5000.(Cfg).standby> set mac auto 1 8.54.7 set mode Standby Context Set the mode that the switch should be running in (that is primary, standby, etc.).
Page 509 8-277 CLI Command Reference Example WS5000.(Cfg).StandBy> show Standby Management: StandBy mode : Primary Standby Status : Disable State : Startup Failover Reason Standby Connectivity status : Not Connected Standby AutoRevert Mode : Disable Standby AutoRevert Delay : 15 Minutes Interface (Ethernet) 1 ---------------------- StandBy Heart-Beat MAC : Auto Discovery Enabled...
Page 510: Switch Policy (Spolicy) Context
8-278 WS 5000 Series System Reference 8.55 Switch Policy (SPolicy) Context A Switch Policy acts as a container for all the other policies. Although you can define any number of Switch Policies, only one of them can be active at a time. The WS5000 lets you designate an “Emergency Switch Policy”...
Page 511: Policy
8-279 CLI Command Reference Active Switch Policy name: Default Wireless Switch Policy Available Switch Policies: 1. Default Wireless Switch Policy. 2. EmerPolicy2-10. 3. new_policy. Switch Policy details --------------------- Policy Name : new_policy Description Country : US Channel for .11a : Auto (once) Channel for .11b : Auto (once) Channel for .11g...
Page 512: Remove
8-280 WS 5000 Series System Reference Include Adoption List details : List is Empty. Exclude Adoption List details : List is Empty. Default Adoption action for .11a : Adopt .11a with APPolicy appol1 Default Adoption action for .11b : Adopt .11b with APPolicy appol1 Default Adoption action for FH : Deny.
Page 513 8-281 CLI Command Reference Parameters component Description none Display information about this Switch Policy instance. channelInfo Display a list of country codes and the channels each country supports. interfaces Display a list of Access Port instances and lists the available Ethernet ports. Example WS5000.(Cfg).SPolicy>...
Page 514 8-282 WS 5000 Series System Reference A Ch: 36,40,44,48,52,56,60,64,149,153,11 Austria B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,10 Bahrain B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: Belarus B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: Belgium...
Page 515: Switch Policy Instance
8-283 CLI Command Reference 8.56 Switch Policy Instance Table 8.61 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.61 Switch Policy Instance Context Command Summary Command Description Ref.
Page 516: Edit
8-284 WS 5000 Series System Reference Channel for .11a : Auto (once) Channel for .11b : Auto (once) Channel for .11g : Auto (once) Power Level for .11a : 20 dBm Power Level for .11b : 20 dBm Power Level for .11g : 20 dBm Active EtherPolicy Name : Default Ethernet Policy...
Page 517: Restrictedchannel
8-285 CLI Command Reference Parameters new_name New name to set or change the switch policy name to. Example WS5000.(Cfg).SPolicy.[Default Wireless Switch Policy]> name newname Configuring name... Status : Success. WS5000.(Cfg).SPolicy.[newname]> 8.56.4 restrictedchannel Switch Policy Instance Changes the prompt to the Restricted Channel context, where channels that cannot be chosen by Automatic Channel Selection for a particular radio type can be specified.
Page 518: Set
8-286 WS 5000 Series System Reference Syntax set adoptionList <radio> include <start_MAC> [<end_MAC>] <app_name | remove> set adoptionList <radio> exclude <start_MAC> [<end_MAC>] [remove] set adoptionList <radio> default allow <app_name> set adoptionList <radio> default deny [traps <enable | disable>] Parameters radio The radio type that this list applies to.
Page 519: Show
8-287 CLI Command Reference attribute and value Description dsCoexistence <enable_flag> Frequence hopping/direct sequence (FH/DS) coexistence. With coexistence enabled, the access port divides the frequency spectrum such that FH devices use one portion, and DS devices use the other. Possible values are: enable or disable.
Page 520 8-288 WS 5000 Series System Reference # of APPolicies attached List of APPolicies attached 1. Default Access Port Policy. Include Adoption List details : List is Empty. Exclude Adoption List details : List is Empty. Default Adoption action for .11a : Adopt .11a with APPolicy Default Access Porty Default Adoption action for .11b : Adopt .11b with APPolicy Default Access Porty Default Adoption action for FH : Adopt FH with APPolicy Default Access Port Py...
Page 521: Restricted Channel Instance
8-289 CLI Command Reference 8.57 Restricted Channel Instance Restricted Channel is a subcontext of a Switch Policy instance. There are three Restricted Channel instances, one for each of the three 802.11x radio types. You drop into an instance by invoking restrictedchannel command from a Switch Policy instance.
Page 522: Remove
8-290 WS 5000 Series System Reference 8.57.2 remove Restricted Channel Instance Remove a channel from the list of restricted channels, thus making it available for use during Automatic Channel Selection. Syntax remove <channel_num> Parameters channel_num The channel that you want to “unrestrict”. The set of valid channel numbers depends on the country setting and radio type.
Page 523: Telnet Context
8-291 CLI Command Reference 8.58 Telnet Context You can use telnet to access the CLI and/or to configure the on-board KDC. The Telnet context provides commands to configure (enable or disable) telnet access. Table 8.63 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 524: Disable
8-292 WS 5000 Series System Reference 8.58.2 disable Telnet Context Disable the port/service on the switch to enable Telnet configuration via the CLI. Syntax disable Parameters None. Example WS5000.(Cfg).Telnet> disable WARNING: This will disable all remote (CLI) access to the switch. Do you want to continue (yes/no)? : n WS5000.(Cfg).Telnet>...
Page 525: Show
8-293 CLI Command Reference 8.58.4 show Telnet Context Display Telnet-related details based on the attribute used with the command. Syntax show show <attribute> Parameters attribute Description (none) Display statistics about the current telnet session. configAccess Display the permissibility of configuring the system and the KDC through telnet and SNMP.
Page 526: Tunnel Context
8-294 WS 5000 Series System Reference 8.59 Tunnel Context Table 8.64 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.64 Tunnel Context Command Summary Commands Brief Description Ref.
Page 527: Tunnel
8-295 CLI Command Reference 8.59.2 tunnel Tunnel Context Display Tunnel-related details based on the attribute used with the command. Syntax tunnel tunnel <attribute> Parameters attribute Description Name Name of the GRE tunnel Description Description provided for the GRE tunnel Mode State Active or inactive Remote IP Address...
Page 528: Tunnel Instance
8-296 WS 5000 Series System Reference 8.60 Tunnel Instance Table 8.65 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.65 Tunnel Instance Command Summary Commands Brief Description Ref.
Page 529: Show
8-297 CLI Command Reference Time To Live : 255 Keepalive Clear IP DF : disable WS5000.(Cfg).Tunnel.[tunnel1]> 8.60.2 show Tunnel Instance Display Tunnel-related details based on the attribute used with the command. Syntax show show <attribute> Parameters tunnel displays the tunnel details. Example WS5000.(Cfg).Tunnel.[tunnel1]>...
Page 530: User Context
8-298 WS 5000 Series System Reference 8.61 User Context The user context is where users privileges are specified for particular users of the system. Users are added, removed, and configured via the User Context. Privileges that a specific user can have are categorized as follows: •...
Page 531: Remove
8-299 CLI Command Reference 8.61.1 add User Context Adds a new user to the switch. You are prompted to provide and then confirm the new user’s password. Syntax add <user_name> Parameters user_name The name (login) of the new user. The name can be 6 to 20 characters long. Example WS5000.(Cfg).User>...
Page 532: User
8-300 WS 5000 Series System Reference 2. techsupport. WS5000.(Cfg).User> 8.61.3 user User Context Select a user to configure and drop into specified user instance context. Syntax user <user_name> Parameters user_name The user name of the user to be configured. Example WS5000.(Cfg).User>...
Page 533 8-301 CLI Command Reference Policy Administration : true SNMP Administration : true Security Administration : true System Administration : true WS5000.(Cfg).User>...
Page 534: User Instance
8-302 WS 5000 Series System Reference 8.62 User Instance Table 8.67 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.67 User Instance Context Command Summary Command Description Ref.
Page 535: Deny
8-303 CLI Command Reference 8.62.1 allow User Instance Sets the list of subsystems that you can configure. Syntax allow <subsystem1> [<subsystem2>] [...] Parameters subsystemN The subsystem that you can configure with one or more of the following possible values: • all •...
Page 536: Show
8-304 WS 5000 Series System Reference Syntax password Parameters None. Example WS5000.(Cfg).User.[admin]> password Creating the Event list... Enter new password : ****** Confirm new password : ****** Changing user password... done. WS5000.(Cfg).User.[admin]> 8.62.4 show User Instance Show the details of the user instance. Syntax show Parameters...
Page 537: Wlan Context
8-305 CLI Command Reference 8.63 WLAN Context Table 8.68 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.68 WLAN Context Command Summary Command Description Ref. .. or end Terminate a current session and moves up a context, hierarchically.
Page 538: Remove
WEP128 Default Public Access public Default WLAN_NE Default EastCoastWLAN Default WLAN details... Name : Symbol Default ESSID # : 101 Description : Default WLAN Security Policy : Default WLAN Auth. Status : Authenticated Kerberos auth. name : 101 ACL Attached...
Page 539: Show
Otherwise, with no parameter, a summary list of all WLAN instances is shown. Example WS5000.(Cfg).WLAN> show WLAN Name ESSID Security Policy --------- ----- --------------- Symbol Default Default Secure Access secure Kerberos Default Private Access private WEP128 Default Public Access public Default WS5000.(Cfg).WLAN>...
Page 540 8-308 WS 5000 Series System Reference Parameters name The name of the WLAN instance. Example WS5000.(Cfg).WLAN> wlan "Secure Access" WLAN details... Name : Secure Access ESSID # : secure Description : Default WLAN Security Policy : Kerberos Default WLAN Auth. Status : Not-Authenticated ACL Status : Disabled...
Page 541: Wlan Instance
WLAN Instance Set description text. Syntax description <description_text> Parameters description_text String of text that briefly describes the WLAN instance. Example WS5000.(Cfg).WLAN.[Symbol Default]> description “Sample description text” Adding description... Status : Success. WLAN details... Name : Symbol Default ESSID # : 101...
Page 542: Name
: MU to MU Allow Maximum MUs allowed : 4096 Current MUs Default Route : 0.0.0.0 Network Mask : 0.0.0.0 WS5000.(Cfg).WLAN.[Symbol Default]> 8.64.2 name WLAN Instance Changes the name of the WLAN instance. Syntax name <new_name> Parameters new_name The new name of the WLAN instance.
Page 543: Show
Display ACL information show securitypolicy Display security policy details show wlan Display WLAN details Parameters None. Example WS5000.(Cfg).WLAN.[Symbol Default]> show WLAN details... Name : Symbol Default ESSID # : 101 Description : Sample description text Security Policy : Default WLAN Auth.
Page 544: Wme Context
8-312 WS 5000 Series System Reference 8.65 WME Context Table 8.70 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.70 WME Context Command Summary Command Description Ref.
Page 545 8-313 CLI Command Reference 8.65.1 add WME Context Creates and adds a new WME Profile to the instance. Syntax add <WME_ProfileName> Parameters WME_ProfileName The name to be given to the WME Profile Example WS5000.(Cfg).WME> add symbol3 # of params = 1 param #0 = symbol3 Adding WME...
Page 546: Remove
8-314 WS 5000 Series System Reference 8.65.2 remove WME Context Removes a WME from the system Syntax remove <wmeProfileName> Parameters wmeProfileName The name of the WME instance that is to be removed. Example WS5000.(Cfg).WME> remove symbol2 Removing WME Profile... Status: Success. WS5000.(Cfg).WME>...
Page 547 8-315 CLI Command Reference Parameters wme_profile_name The name of the WME Profile. Example WS5000.(Cfg).WME> wme symbol1 WME Profile Details ------------------- Name : symbol1 Description eCWMin [VO/AC1] : 2 eCWMax [VO/AC1] : 3 Txop Lim [VO/AC1] : 102/[b] 47/[a/g] AIFSN [VO/AC1] : 2 eCWMin [VI/AC2] : 3 eCWMax...
Page 548: Wme Instance
8-316 WS 5000 Series System Reference 8.66 WME Instance Table 8.71 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.71 WME Instance Context Command Summary Command Description Ref.
Page 549: Name
8-317 CLI Command Reference eCWMin [VI/AC2] : 3 eCWMax [VI/AC2] : 4 Txop Lim [VI/AC2] : 188/[b] 94/[a/g] AIFSN [VI/AC2] : 2 eCWMin [BE/AC3] : 4 eCWMax [BE/AC3] : 10 Txop Lim [BE/AC3] : 0/[b] 0/[a/g] AIFSN [BE/AC3] : 3 eCWMin [BK/AC4] : 4 eCWMax...
Page 550: Show
8-318 WS 5000 Series System Reference Parameters attribute <value> Description Sets the AC to be configured. It can be either of the following: • ac1 | vo ac2 | vi • ac3 | be • ac4 | bk configParam Sets the WME parameter to be configured. value Sets the value for the WME parameter.
Page 551: Wvpn Context
8-319 CLI Command Reference 8.67 WVPN Context The commands mentioned under this context are used to configure system WVPN settings. Table 8.72 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 552: Cert
8-320 WS 5000 Series System Reference Simple user name: Simple password: : ****** Simple domain: RADIUS authentication: : Disabled Primary Host: : Unset Primary Port: : 1645 Primary Retry: Primary Timeout: : 5 ms Primary User Password: : Unset Primary Secret: : Unset Secondary Host: : Unset...
Page 553: Ddns
8-321 CLI Command Reference Index Serial Number Issuer Keylen Valid ------------------------------------------------------------------ 1434020001 OU=CA ; O=Symbo 1024 5Apr2005 to 6Apr2010 Index Serial Number Issuer Keylen Valid ------------------------------------------------------------------ ServerCert OU=CA ; O=Symbo 1024 5Apr2005 to 6Apr2010 WS5000.(Cfg).wvpn.cert> 8.67.3 ddns WVPN Context This command is used to configure DDNS settings.This command changes the context to ddns. For details of cert context see ddns Instance on page 8-332 Syntax...
Page 554: Disable
8-322 WS 5000 Series System Reference 8.67.5 disable WVPN Context This command is used to disable the interface/service in CC. Syntax disable Parameters None Example WS5000.(Cfg).wvpn> disable Disabling... Status : Success. WVPN Management: WVPN available : true WVPN Status : Stopped WVPN Server Address : 10.1.1.101 / 192.192.4.156 WVPN Server Port...
Page 555: Ip_Pools
8-323 CLI Command Reference WVPN DOS Port : 9103 WVPN Client keep alive : 10 seconds WVPN Maximum VPN Licenses : 250 WVPN Currently In-Use VPN Licenses WVPN License Type Evaluation version,Total eval days 30,Eval days left WS5000.(Cfg).wvpn> 8.67.7 ip_pools WVPN Context This command is used to configure ip pools.This command changes the context to ip_pools.
Page 556: Set
8-324 WS 5000 Series System Reference 8.67.9 set WVPN Context This command is used to configure WVPN Management attributes. Syntax set <parameter> <value> Parameters restart Restart WVPN. licensefile Installs/upgrades WVPN session license file. debug Enable WVPN debug support. sport Sets IP port number to listen on for client VPN requests. session_timeout Unused session timeout (seconds).
Page 557 8-325 CLI Command Reference Syntax show show auth show certs show ddns show ip_pools show session show sessions show wtls show wvpn Parameters auth Display Auth general settings. certs Display installed certificates. ddns Display DDNS settings. ip_pools Display pool information. session Display VPN session details.
Page 558: Wtls
8-326 WS 5000 Series System Reference 8.67.11 wtls WVPN Context This command is used to configure system WTLS settings.This command changes the context to wtls. For details of cert context see 8.72 wtls Instance on page 347 Syntax wtls Parameters None Example WS5000.(Cfg).wvpn>...
Page 559: Cert Instance
8-327 CLI Command Reference 8.68 cert Instance WVPN Context This context is an instance of WVPN context.Table 8.73 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.73 cert Instance Command Summary Command Description Ref.
Page 560: Dump Cert
The certificate filename that you want to view. Example WS5000.(Cfg).wvpn.cert> dump cert CA_WVPN.cer Certificate Information: Serial number: 1434020001 Issuer: OU=CA ; O=Symbol India - WID; C=IN; CN=WS5000; E=balasubk@symbol.com; SN =1434020001 Subject: OU=CA ; O=Symbol India - WID; C=IN; CN=WS5000; E=balasubk@symbol.com; S N=1434020001 Valid From: 20050405183000Z...
Page 561: Purge
8-329 CLI Command Reference Certificate Management: Index Serial Number Issuer Keylen Valid ------------------------------------------------------------------ 1434020001 OU=CA ; O=Symbo 1024 5Apr2005 to 6Apr2010 Index Serial Number Issuer Keylen Valid ------------------------------------------------------------------ ServerCert OU=CA ; O=Symbo 1024 5Apr2005 to 6Apr2010 WS5000.(Cfg).wvpn.cert> 8.68.4 purge cert Instance This command is used to delete a certificate file from the local repository.
Page 562: Show
8-330 WS 5000 Series System Reference Certificate Management: Index Serial Number Issuer Keylen Valid ------------------------------------------------------------------ ServerCert OU=CA ; O=Symbo 1024 5Apr2005 to 6Apr2010 WS5000.(Cfg).wvpn.cert> 8.68.6 show cert Instance This command is used to view all the installed certificates information. Syntax show certs to see all installed certificates.
Page 563 8-331 CLI Command Reference ipAddr IP address of the tftp server from where the CA certificate needs to be downloaded. serverPkcs12keyFile Pkcs12 format of server certificate file. passwd password to decrypt the Pkcs12 format server certificate file (*.pl2 file). serverCertFile The server certificate file that you want to download/import.
Page 564: Ddns Instance
8-332 WS 5000 Series System Reference 8.69 ddns Instance WVPN Context This context is an instance of WVPN context and is used to configure the DDNS settings. Table 8.73 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands Table 8.74 ddns Instance Command Summary...
Page 565: Clearclientdns
8-333 CLI Command Reference Adding dynamicDnsSettings.addDnsAddr..Status : Success. DDNS Settings: DNS Enable : true Time to Live (ttl) : 50% Cleanup Timeout Forward Zone : forward.update.net Reverse Zones : 1. 1.168.192.in-addr.arpa. DNS Servers : 1. 192.168.1.1 2. 192.168.1.3 WS5000.(Cfg).wvpn.ddns> add dnsReverseZone 2.168.192.in-addr.arpa Adding dynamicDnsSettings.addReverseZone..
Page 566: Disable
8-334 WS 5000 Series System Reference 2. 2.168.192.in-addr.arpa. DNS Servers 1. 192.168.1.1 2. 192.168.1.3 WS5000.(Cfg).wvpn.ddns> 8.69.3 disable ddns Instance This command disables the DDNS. Syntax disable Parameters None Example WS5000.(Cfg).wvpn.ddns> disable Disabling DDNS dynamicDnsSettings.update..Status : Success. DDNS Settings: DNS Enable : false Time to Live (ttl) : 50%...
Page 567: Remove
8-335 CLI Command Reference DNS Enable : true Time to Live (ttl) : 50% Cleanup Timeout Forward Zone : forward.update.net Reverse Zones 1. 1.168.192.in-addr.arpa. 2. 2.168.192.in-addr.arpa. DNS Servers 1. 192.168.1.1 2. 192.168.1.3 WS5000.(Cfg).wvpn.ddns> 8.69.5 remove ddns Instance Use remove to remove DNS specific attributes. Syntax remove <rem_parameter>...
Page 568: Set
8-336 WS 5000 Series System Reference 8.69.6 set ddns Instance This command is used to configure DDNS management attributes. Syntax set <cfg_parameter> <value> Parameters Time-To-Live.A long value indicating ttl as a percentage of unused session timeout (0-100). Text string containing the forward zone to be updated. forwardZone Duration of cleanup timeout (currently locked at 5).
Page 569: Updateclientdns
8-337 CLI Command Reference DNS Enable : true Time to Live (ttl) : 39% Cleanup Timeout Forward Zone : forward.update.net Reverse Zones 1. 1.168.192.in-addr.arpa. 2. 2.168.192.in-addr.arpa. DNS Servers 1. 192.168.1.1 WS5000.(Cfg).wvpn.ddns> 8.69.8 updateClientDns ddns Instance This command is used to update client DNS table. Syntax updateClientDns Parameters...
Page 570: Ip Pools Instance
8-338 WS 5000 Series System Reference 8.70 ip pools Instance WVPN Context This context is an instance of WVPN context and is used to configure the DDNS settings. Table 8.75 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands Table 8.75 ip_pools Instance Command Summary...
Page 571: Disable
8-339 CLI Command Reference DHCP Enabled : no Use DHCP Gateway : no Available Pools: 1. Default. 2. TestPool. WS5000.(Cfg).wvpn.ip_pools> 8.70.2 disable ip pools Instance This command disable DHCP WVPN service. Syntax disable Parameters None Example WS5000.(Cfg).wvpn.ip_pools> disable Disabling... Status : Success. WVPN IP Pools: DHCP Enabled : no...
Page 572: Ip_Pools
8-340 WS 5000 Series System Reference 2. TestPool. WS5000.(Cfg).wvpn.ip_pools> 8.70.4 ip_pools ip pools Instance This command issued to select a Pool to configure. Syntax ip_pools <pool_name_or_number> [CR] Parameters pool_name The name of the IP pool that you want to configure. Example WS5000.(Cfg).wvpn.ip_pools>...
Page 573: Remove
8-341 CLI Command Reference 2. Configure the DHCP Server Addres,Default Gateway,DNS Address,WINS Address and Domain name mentioned in the above example using the set command Syntax set <cfg_parameter> <value> Parameters netmask The IP address of the network mask. dhcpServer The IP address of the DHCP server. The IP address of the DNS server.
Page 574: Set
8-342 WS 5000 Series System Reference Example WS5000.(Cfg).wvpn.ip_pools> remove pool TestPool Removing pool TestPool..Status : Success. WVPN IP Pools: DHCP Enabled : no Use DHCP Gateway : no Available Pools: 1. Default. WS5000.(Cfg).wvpn.ip_pools> 8.70.6 set ip pools Instance This command issued to configure WVPN DHCP. Syntax set useDhcpGateway <yes/no>...
Page 575 8-343 CLI Command Reference Parameters ip_pools Displays the pool information. Example WS5000.(Cfg).wvpn.ip_pools> show ip_pools WVPN IP Pools: DHCP Enabled : yes Use DHCP Gateway : yes Available Pools: 1. Default. WS5000.(Cfg).wvpn.ip_pools>...
Page 576: Rt Instance
8-344 WS 5000 Series System Reference 8.71 rt Instance WVPN Context This context is an instance of WVPN context and is used to view the VPN runtime session information. Table 8.76 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands Table 8.76 rt Instance Command Summary...
Page 577: Show
8-345 CLI Command Reference WS5000.(Cfg).wvpn.rt> 8.71.2 Show rt Instance This command is used to view the VPN session and VPN runtime details. Syntax Syntax: show [display_parameter] show Display context specific attributes show session Display VPN session details. show sessions Display VPN runtime summary. Parameters session Displays VPN session details.
Page 578 8-346 WS 5000 Series System Reference WS5000.(Cfg).wvpn.rt> show sessions 1 VPN sessions '*' indicates inactive VPN tunnel. Session VPN IP Real IP MAC Addr User Class ------- --------------- --------------- ----------------- --------------- 192.168.1.15 10.1.1.50 00:40:96:a8:4e:38 WS5000.(Cfg).wvpn.rt>...
Page 579: Wtls Instance
8-347 CLI Command Reference 8.72 wtls Instance WVPN Context This context is an instance of WVPN context and is used to configure the DDNS settings. Table 8.75 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands Table 8.77 ip_pools Instance Command Summary...
Page 580: Show
8-348 WS 5000 Series System Reference Example WS5000.(Cfg).wvpn.wtls> set customCipher AES256 Configuring WTLS..Status : Success. WTLS Settings: Server number: Security mode: : customSecurity Wanted FIPS mode: : Unavailable Cipher: : AES256 MAC: : SHA_160 Minimum client RSA key size: : 1024 bits Maximum client RSA key size: : 4096 bits...
Page 581 8-349 CLI Command Reference Example WS5000.(Cfg).wvpn.wtls> show wtls WTLS Settings: Server number: Security mode: : defaultSecurity Wanted FIPS mode: : Unavailable Cipher: : AES128 MAC: : SHA_160 Minimum client RSA key size: : 1024 bits Maximum client RSA key size: : 4096 bits Minimum RSA key size: : 1024 bits...
Page 582 8-350 WS 5000 Series System Reference...
Page 583: Chapter 9. Service Mode Cli
9.1 CLI Service Mode Overview The CLI Service Mode allows retrieval of system data that includes tables, log files, configuration, status, and operation, for use in debugging and problem resolution while troubleshooting the WS5000 Series Switch configuration. Only Symbol Technologies trained and customer-authorized personnel should use the advanced commands within the CLI Service Mode.
Page 584: Logging Into The Service Mode
WS5000 Series Switch System Reference 9.1.1 Logging into the Service Mode Initially, to log into the Service mode, follow these steps: 1. Enter service at the WS5000> System Context prompt. 2. Enter the CLI Service Mode password. The default password is password.
Page 585 Service Mode CLI Table 9.1 Service Mode Command Summary Command Description Ref. delete Delete an image files from the memory page 9-10 description Set description text page 9-11 diag Diagnostic utility page 9-12 directory Display the available image files in memory page 9-12 emergencymode Enable or disable Emergency Mode...
Page 586: Or Help
WS5000 Series Switch System Reference 9.2.1 ? or help Displays a list of available commands. Identical to "help" command. Syntax Parameters None Example SM-WS5000> ? System Context. ---------------------------------------------- Commands Brief Description ---------------------------------------------- ? or help To get the command information...
Page 587: Logout Or Bye
This command saves the current system status (and packets) of various tables, files and processes of the switch to a file, for use by Symbol engineers during problem resolution. The file name, ssm_report, appears in the WS5000/scripts/service/ directory. Any previous ssm_report file gets renamed to ssm_report.prev.
Page 588: Cleanapdbglog
WS5000 Series Switch System Reference Example SM-WS5000> capture sysstat Capturing current system status..Starting the SSM capture ... Finished the SSM capture ... SM-WS5000> 9.2.5 cleanapdbglog This command is used to clean up AP300 debug log files. Syntax cleanapdbglog Parameters...
Page 589 Service Mode CLI .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye Close this session Configure AAA setting. accessport Configure an Access Port. Configure ACL for the system.
Page 590: Copy
WS5000 Series Switch System Reference snmp Configure SNMP parameters. Configure SSH settings. Configure SSL settings. standby Configure system Standby settings. switchpolicy Configure Switch Policy. telnet Configure system Telnet settings. tunnel Configure tunnel information. user Configure user information. watchdogtimer Enable/disable watch dog timer wlan Configure WLAN for the system.
Page 591: Debug
Service Mode CLI The destination of the file. Possible values are: destination • tftp • ftp • system • . • / FTP username. Default is anonymous. user FTP transfer mode, either ascii or binary. Default is binary. mode Example SM-WS5000>...
Page 592: Delete
9-10 WS5000 Series Switch System Reference enable/disable Events information. events enable/disable Corba handling. corba enable/disable Packets data. packets enable/disable AP firmware information. apfirmware enable/disable Mobile unit data. enable/disable XML information. enable/disable QOS handling. enable/disable VLAN handling. vlan enable/disable Database information.
Page 593: Description
System Name : WS5000 Description : WS5000 Wireless Network Switch Location Software Ver. : 2.1.0.0-017B Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F853D9A9 Number of Licenses : 30 Max Access Ports...
Page 594: Diag
9-12 WS5000 Series Switch System Reference 9.2.12 diag Use diag to create a text file for memory dump of different data structures. It dumps all the information related to the object in /logfile which can be viewed using the root permission.This command is to be used by an admin with a root permission (access to the shell).
Page 595: Emergencymode
This command is used to enable the CC log with dd.conf input file. Syntax enablecclog Parameters None Example 9.2.16 execute Executes the specified file. The command is used with specified optimization (patch file) files provided from Symbol Technologies when a service upgrade is needed on the WS5000 Series Switch.
Page 596: Export
9-14 WS5000 Series Switch System Reference Syntax execute Parameters None Example SM-WS5000> execute Executing CLI Service Mode command file..Enter the command file name: 9.2.17 export This command is used to copy the log files from the switch to the remote TFTP server. use ‘logdir’ to view the list of user log files that can be exported.
Page 597: Getcclogfile
9-15 Service Mode CLI Syntax ftpPasswd Parameters None Example SM-WS5000> ftpPasswd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Password for FTP operations updated SM-WS5000> 9.2.19 getcclogfile This command is used to upload the CC log file to the TFTP server. Syntax getcclogfile Parameters...
Page 598: Launch
9-16 WS5000 Series Switch System Reference Example SM-WS5000> install primary test.sym Begin command file processing... Begin parsing command file for download and logging parameters... /WS5000/scripts/cmd_process: tr: command not found /WS5000/scripts/cmd_process: tr: command not found... Command file was parsed successfully. Shutting down running processes. This may take a while...
Page 599: Ledcolor
9-17 Service Mode CLI SM-WS5000.(Cfg)> launch -p 14c8bf727be6e37b3fbd25489b00b3b1 -c ps PID TTY TIME CMD 20808 pts/0 00:00:00 CLI 25402 pts/0 00:00:00 ps SM-WS5000.(Cfg)> 9.2.22 ledcolor This command is not supported in WS5000 hardware platform. Syntax None Parameters None Example None 9.2.23 logdir This command is used to lists available user log (history, syslog, pktlog, diag log, system status log) files.
Page 600: Name
9-18 WS5000 Series Switch System Reference examplepacketcapture.pktbin 25835 Sun Feb 12 17:26:39 2006 9.2.24 name This command is used to change the systems name. Syntax name <name> Parameters The name which you want to assign to the switch. name Example SM-WS5000>...
Page 601 9-19 Service Mode CLI Syntax ping <host/ip_address> Options: ping [-Rdfnqrv] [-c count] [-i wait] [-l preload] [-p pattern] [-s packetsize] host Parameters -Rdfnqrv These optional flags are can be broken down as follows: • -R — Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets.
Page 602: Remove
9-20 WS5000 Series Switch System Reference Example SM-WS5000> ping WS5000 PING WS5000 (10.1.1.101) from 10.1.1.101 : 56(84) bytes of data. 64 bytes from WS5000 (10.1.1.101): icmp_seq=1 ttl=64 time=0.074 ms 64 bytes from WS5000 (10.1.1.101): icmp_seq=2 ttl=64 time=0.027 ms 64 bytes from WS5000 (10.1.1.101): icmp_seq=3 ttl=64 time=0.031 ms 64 bytes from WS5000 (10.1.1.101): icmp_seq=4 ttl=64 time=0.032 ms...
Page 603: Rfping
9-21 Service Mode CLI Example SM-WS5000> restore configuration kp.cfg This command will reset the system and boot up with the new configuration. Do you want to continue (yes/no) : yes Restoring configuration from kp.cfg Rebooting the switch... 9.2.29 rfping This command is used to ping to the Access Port. You need to enter the Access Port MAC address to ping. Syntax rfping <mac address>...
Page 604: Setthresholds
9-22 WS5000 Series Switch System Reference Example SM-WS5000> save config TestConfig Saving running configuration in: TestConfig.cfg Saving wireless network management configuration... Configuration saved successfully. SM-WS5000> 9.2.31 setThresholds This command is used to set/clear thresholds for monitoring.Whenever any of the cpu/mem/disk usage goes above the specified threshold percent value, an alert is sent.
Page 605: Show
9-23 Service Mode CLI Example SM-WS5000> shell Entering into O.S.Command shell..password: WS5000# WS5000# exit SM-WS5000> 9.2.33 show Displays a list of details about the WS5000 system related to the chosen display_parameter. Syntax show <display_parameter> Parameters show aaa-server Display AAA information show accessports Display details of all access ports or all available access ports show acl...
Page 606 9-24 WS5000 Series Switch System Reference show mu Display MU details (list) show musummary Display MU summary show np Display Network Policy information show po Display Policy Object information show radius-server Display RADIUS information show restorelog Display the current system restore log...
Page 607: Showapfirmware
9-25 Service Mode CLI Example SM-WS5000> show accessports Access Ports Radio MAC Device MAC Type Status ------------ --------- ---------- ---- ----- 00:A0:F8:BC:E8:F2 [G] 00:A0:F8:BC:97:48 00:A0:F8:BC:E8:F2 Unavailable 00:A0:F8:BC:E8:F2 [A] 00:A0:F8:BF:99:00 00:A0:F8:BC:E8:F2 Unavailable 00:A0:F8:BF:8A:9F [G] 00:A0:F8:BF:E0:EC 00:A0:F8:BF:8A:9F G Active 00:A0:F8:BF:8A:9F [A] 00:A0:F8:BF:ED:00 00:A0:F8:BF:8A:9F A Active No.
Page 608: Showdiskusage
9-26 WS5000 Series Switch System Reference Example SM-WS5000> showBuildInfo WVPND ver= 126 RFIMG ver= ap-302x-revert.bin.img root 329596 Mar 9 RFIMG ver= ap-302x.bin.img root 169664 Mar 9 RFIMG ver= ap-413x-revert.bin.img root 665704 Mar 9 RFIMG ver= ap-413x.bin.img root 191440 Mar 9 RFIMG ver= ap-41xx-revert.bin.img root 391688 Mar 9...
Page 609: Showmemusage
9-27 Service Mode CLI Example SM-WS5000> showHardwareInfo Hardware Type : 5000 Ethernet Port Type : 10/100 DOM Size : 121M RAM Size : 376 M SM-WS5000> 9.2.38 showMemUsage This command is used to view the current memory usage. Syntax showMemUsage Parameters None Example...
Page 610: Watchdogtimer
9-28 WS5000 Series Switch System Reference Example SM-WS5000> showThresholds Various thresholds are now: CPU Usage : Monitoring disabled Memory Usage : Monitoring disabled Disk Usage : Monitoring disabled SM-WS5000> 9.2.40 watchdogtimer This command is used t oeither enable or disable the watch dog timer.
Page 611: Diagnosing Problems In Ws5000/Ws5100 Switch
9-29 Service Mode CLI Example SM-WS5000> wvpnctl enable size=1024 filename=/image/Testwvpn WVPN debugging is now enabled with filename="/image/Testwvpn" size="1024" flags="All" SM-WS5000> 9.3 Diagnosing problems in WS5000/WS5100 Switch The WS5000/WS5100 generates logs for various features in /log folder which cannot be seen using CLI, Applet or SNMP.
Page 612: Finding Whether A Particular Process Is Running Or Not
9-30 WS5000 Series Switch System Reference 9.3.2 Finding whether a particular process is running or not 1. Login to the switch as diagnose user and execute any of the following command ps -amx | grep <process_name> 2. If the process is running then this displays the process name together with its process id, else 3.
Page 613: Chapter 10. Antennas And Power
Use this table to determine the correct power settings for International use when using external antennas with the AP 100 802.11b Access Port, Model CCRF-5020-10-WW. Note For US (FCC), all Symbol Technologies, certified antennas can be used on the maximum power level setting.
Page 614 10-2 WS5000 Series Switch System Reference AP 100 802.11b Access Port Table 10.1 International Antenna and Power Settings for (Continued) Antenna Model Max Power Setting Antenna Type Comments ML-2499-PNAHD-01 Heavy-duty Indoor/Outdoor ° H-Plane Directional Panel ° ML-2499-7PNA2-01 Indoor/Outdoor 65 H-Plane...
Page 615 10-3 Antennas and Power for The AP 200 802.11a/b Access Port Table 10.2 European Union and Japanese Antenna and Power Settings (Con- Additional Cable Length in Feet Antenna Model Antenna Type/Pattern Max Authorized Power Settings ML-2499-7PNA2-01 Panel Directional ML-2499-BMMA1-01 Hi-gain in/outdoor Dipole Omni- Directional ML-2499-SD3-01 Patch Omni-Directional...
Page 616 Model CCRF-5030-100-WW (external antenna 802.11a radio only), CCRF-5030-200-WW (external antenna 802.11a/b radio), CCRF-5030-210-WW. Note All Symbol Technologies certified antennas can be used on the maximum power level setting. Table 10.4 United States Antenna and Power Settings for the AP 200 802.11a/b Access Port...
Page 617 10-5 Antennas and Power Table 10.4 United States Antenna and Power Settings for the AP 200 802.11a/b Access Port (Continued) Additional Cable Length in Feet Antenna Model Antenna Type/Pattern Max Authorized Power Settings ML-2499-PNAHD-01 Hi-gain in/outdoor Panel Directional 3, 4, 3, 4, 3, 4, 3, 4,...
Page 618 10-6 WS5000 Series Switch System Reference...
Page 619 Converting AP-4131 Access Points to RF Ports You can convert the Symbol AP-4131 model access point to RF Ports for use with the WS5000. The port conversion enables existing customers to utilize an existing Symbol wireless infrastructure with the WS5000 Series Switch.
Page 620: Ap-4131 Features In The Ws5000 Series Switch
This section describes some of the AP-4131 features in the WS5000 Series Switch. 11.1.1 AP-4131 Port Adoption A WS5000 Series Switch can adopt different types of Symbol RF ports. The switch supports AP-100, AP-200, AP-300 and AP-3121 ports. It reuses the existing AP-4131’s implementation and supports AP- 4131 as well.
Page 621: Converting Ap-4131 To Access Ports
Stop : 1 bit Flow Control : hardware The Access Point Configuration Main Menu appears. 3. Enter the Admin mode. The default password is Symbol (it is case-sensitive). 4. Select the Special Functions --> Firmware Update menu. 5. Press the F3 button.
Page 622: Adding An Access Port
None 11.3 Reverting to Access Point Functionality The WS5000 Series Switch can revert a converted AP-4131 to a traditional access point. To revert an AP-4131 to a traditional access point, the switch must keep multiple versions of the firmware for the same type of RF port.
Page 623: Ws5000 Switch Applet Behavior
11-5 Converting AP-4131 Access Points to RF Ports 11.4 WS5000 Switch Applet Behavior The WS5000 Series Switch applet displays three new icons for an adopted AP-4131: • normal • alert • offline The applet adds ap4131 to 4BSS-16ESS tabs in the WLAN-BSS Mapping screen and the Bandwidth screen.
Page 624 11-6 WS5000 Series Switch System Reference...
Page 625: Chapter 12. Configuring The Ws5100 Wtls Vpn
Configuring the WS5100 WTLS VPN A Virtual Private Network or VPN is a protected network connection that tunnels through an unprotected connection. The WS5100-VPN uses a VPN connection to protect wireless transmissions on the untrusted side of the switch. The VPN functionary includes the following: •...
Page 626: Onboard Dhcp
12-2 WS5000 Series Switch System Reference 12.1 Onboard DHCP Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to computers using TCP/IP. A DHCP server assigns addresses to computers configured as DHCP clients. WS5100 VPN consists of two DHCP servers: 1.
Page 627: Dhcp Relay And Vpn
12-3 Configuring the WS5100 WTLS VPN Figure 12.1 Network with Trusted and Untrusted Elements WS 5100-V P N Eth1 Eth2 Layer 2 S witch Layer 2 S witch P OE AP 100 Internet Wireles s C lients C omputer L A N WL A N Trusted Network Untrusted Network...
Page 628: Dynamic Dns
12-4 WS5000 Series Switch System Reference WS5000.(Cfg).wvpn.ip_pools.[default]> set dhcpServer 1.1.1.1 12.2.2 Dynamic DNS Each time a VPN client connects to the VPN server, an IP-address is allocated for the client. The server then sends a DNS Update to a pre-configured DNS server. Both the forward and reverse zone will be updated. The master DNS server for the zone will be obtained through a DNS SQA query.
Page 629: Certificates
Both certificates must be made available to the WS5100-VPN by copying them to a switch-accessible TFTP server. In addition, the Symbol AirBEAM VPN Client must be loaded on all Mobile Units requesting VPN services, AirBEAM Client is used to download the certificate to the device.
Page 630: Wvpn Authentication
12-6 WS5000 Series Switch System Reference 12.2.4 WVPN Authentication A request for authentication made by a VPN client on the untrusted network can be forwarded to a VPN server which proxies to the RADIUS server (internal or external). The trusted RADIUS server authenticates the client and allows VPN client access from the untrusted network to the trusted network.
Page 631: Ip Pool Configuration
12-7 Configuring the WS5100 WTLS VPN set <primary/secondary> <radius_parameter> <value> Table 12.2 describes how to configure the server by settings the parameters for each RADIUS server. The VPN server supports any number of servers: Table 12.2 RADIUS Authentication Setting Parameter used CLI command used set the RADIUS host name host...
Page 632 12-8 WS5000 Series Switch System Reference Table 12.3 IP Pool Configuration CLI command used get the index number WS5000.(Cfg).wvpn.pool >show pool <pool name> Output of this command (Index is in bold) Number of ranges IP Ranges: 0) 111.111.111.150-111.111.111.160 enable/disable use of DHCP WS5000.(Cfg).wvpn.pool >enable/disable...
Page 633: Certificate Configuration
12-9 Configuring the WS5100 WTLS VPN 12.2.4.4 Certificate configuration Table 12.4 lists and describes the CLI commands used to configure the WVPN certificate loading, generation and configuration in switch: Table 12.4 Certificate Configuration CLI command used enter certificate Configure wvpn cert configuration show the server...
Page 634: Vpn Session License
12-10 WS5000 Series Switch System Reference Table 12.4 Certificate Configuration CLI command used show list of uploaded WS5000.(Cfg).wvpn.cert > directory certs certificates Expected output File Name Bytes Date & time anotherca.cer Mar 16 07:39 ca-x509.cer Mar 16 07:39 ca.cer Mar 16 07:39 jiar.cer...
Page 635: Aes Versus 3Des
12-11 Configuring the WS5100 WTLS VPN Table 12.5 Configuring VPN Session License CLI command used enable the VPN support cfg> set vpnsupport enable Note You don’t need to provide the name of the license file as the switch will use the license.lk file that was either disabled earlier or use the pre- loaded file.
Page 636: Wireless Transport Layer Security (Wtls)
12-12 WS5000 Series Switch System Reference 12.2.6 Wireless Transport Layer Security (WTLS) WTLS is a security level protocol specifically designed to provide authentication and data integrity for wireless traffic where access devices can change dynamically (such as access port change due to environmental changes or roaming).
Page 637 12-13 Configuring the WS5100 WTLS VPN Table 12.6 WTLS Configuratin CLI command used configure the RsaKeySize WS5000.(Cfg).wvpn.wtls > set minRsaKey <Integer value> maximum and minimum values Key sizes available: 512, 768, 1024, 1536, 2048, 3072, 4096, 7680, 15360 configure the customCipher WS5000.(Cfg).wvpn.wtls >...
Page 638: Vpn Session Setup
12-14 WS5000 Series Switch System Reference 12.3 VPN Session Setup Figure 12.2 VPN Network Setup 12.3.1 Switch Setup Table 12.7 lists and describes the CLI commands used to configure the various switch parameters. Table 12.7 Switch Setup set VPN support status set vpnsupport enable <license file>...
Page 639: Wvpn Setup
12-15 Configuring the WS5100 WTLS VPN Table 12.7 Switch Setup setup Security Policy Create a new security policy SampleSecurity and assign it to SampleWlan. WS5000.(Cfg)>securitypol WS5000.(Cfg).SecurityPolicy> add SampleSecurity Go to Wlan context WS5000.(Cfg).WLAN.[ SampleWlan]> set security SampleSecurity In the SampleSecurity Policyt context enable VPN authentication: WS5000.(Cfg)>securitypol WS5000.(Cfg).SecurityPolicy>SampleSecurity WS5000.(Cfg).SecurityPolicy.[SampleSecurity]>set...
Page 640: Starting Vpn Service
12-16 WS5000 Series Switch System Reference WS5000.(Cfg)> wvpn WS5000.(Cfg).wvpn> cert WS5000.(Cfg).wvpn.cert> import /image/caCert cacert.cer WS5000.(Cfg).wvpn.cert> import serverCert ? import serverCert <server_pkcs12_key_file> <password> [<server_cert_file>] Note File names must always be accompanied by directory path. For example: certs/ca.cer WS5000.(Cfg).wvpn.cert> import serverCert /image/server.p12 password server.cer...
Page 641: Client Setup
12-17 Configuring the WS5100 WTLS VPN WS5000.(Cfg).wvpn> enable The expected output of this command is Enabling... Status : Success. WVPN Management: WVPN available : true WVPN Status : Started WVPN Server Address : 10.1.1.101 / 10.0.1.73 WVPN Server Port : 9102 WVPN Unused session timeout : 48h 0m (172800 secs) WVPN Debug level...
Page 642: Troubleshooting
12-18 WS5000 Series Switch System Reference WS5000.(Cfg)> show sessions 12.3.6 TroubleShooting Problem: 1 The Access Ports are not adopted Possible Reasons: 1. You don't have a valid license key. 2. The country code in the switchpolicy is not set. 3. The MAC address corresponding to the Access Port is in the access port deny list of the switchpolicy.
Page 643: Firewall
12-19 Configuring the WS5100 WTLS VPN 6. The date settings of the hand-held are not current. Change the date setting of the hand-held to the current dates. Problem: 5 Hand-held looses ip address after some time. It shows 0.0.0.0 as IP address on renewing the ip address.
Page 644: Network Address Translation (Nat)
12-20 WS5000 Series Switch System Reference Table 12.9 Managing Firewall CLI command enter firewall context WS5000.(Cfg)> fw add a new LAN - lan3 WS5000.(Cfg).Fw> add lan3 add a network policy to the lan3 WS5000.(Cfg).Fw.[lan3]> set np testnppolicy add port filter configuration to lan3 WS5000.(Cfg).Fw>...
Page 645: Twice Nat Commands
12-21 Configuring the WS5100 WTLS VPN Figure 12.3 Configuring NAT 12.5.1 Twice NAT Commands To add the NAT entry pairs associating the local NAT address and the real IP address, go to the conf.fw.eth2 set addnet context and use the command: WS5100_VPN>...
Page 646 12-22 WS5000 Series Switch System Reference...
Page 647: Chapter 13. Neighboring Aps
The switch maintains a table, on a adopted AP - found AP basis, along with other information like the signal strengths etc. Also, the switch maintains a similar table for the APs detected by an associated Mobile Unit. (Only Symbol Mobile Units support this). The following are the details of the two tables, accessible through SNMP: 13.1 ccPortalBeaconRptTable...
Page 648: Ccmuproberpttable
13-2 WS5000 Series Switch System Reference b. ccPortalBeaconRptPortalIndex Table 13.1 ccPortalBeaconRptTable Field Type Description neighbor AP ccRapResultsRogueIndex Integer index of the that has been heard. ccPortalBeaconRptPortalIndex The index of the portal (adopted by Integer the switch), that has detected the...
Page 649: Management Interface
13-3 Neighboring APs 13.3 Management Interface The above tables, are populated when the the RogueAP/DetectorAP scan is enabled or the MU scan is enabled in the RogueAP CLI context. You can also enable these using the RogueAP feature within the GUI.
Page 650 13-4 WS5000 Series Switch System Reference...
Page 651: Ccaptable
Enhanced RF Statistics Enhanced RF Stats is a feature to monitor the RF environment of the wireless switch system. RF stats includes an extensive set of RF parameters which are maintained by the wireless switch which are sourced from the data packets and the WISP packets that are transmitted to and from the switch.
Page 652: Ccportal
14-2 WS5000 Series Switch System Reference Guide INDEXED ON:ccApIndex Field Type Description Small, arbitrary integer index. ccApIndex Integer32 MAC Address of Access Port. ccApNicMac PhysAddress Model number of Access Port. ccApModelNumber DisplayString Serial number of this Access Port. ccApSerialNumber DisplayString...
Page 653 14-3 Enhanced RF Statistics Field Type Description This value is the index in the ApTable for the ccPortalPointerToAp SinglePointer entry representing the Access Port that contains this portal. Since each portal has one and only one Access Port as 'Parent', this value is a simple integer, not a bit-mask.
Page 654: Ccportallast Mac
14-4 WS5000 Series Switch System Reference Guide Field Type Description Sum of the noise values (in dBm) ccPortalBackgroundNoise Integer32 Note This value is normally a negative value ranging from - 10dBm to -80dBm. It is possible for this value to be...
Page 655: Ccportalstatstable
14-5 Enhanced RF Statistics Field Type Description The number of octets received in probe ccPortalSystemStatsProbeReqRx Unsigned32 Octets request packets. The number of probe response packets ccPortalSystemStatsProbeRespR Unsigned32 etriesNone sent with no retries. The number of probe response packets ccPortalSystemStatsProbeRespR Unsigned32 etries1 sent with 1 retry.
Page 656: Ccportalrxpktstable
14-6 WS5000 Series Switch System Reference Guide Field Type Description The number of time ticks elapsed since ccPortalLastActivity TimeTicks portal’s last activity. 14.2.6 ccPortalRxPktsTable DESCRIPTION: This table gives the statistics of the packets received by a portal at various rates.
Page 657: Ccportalrxoctetstable
14-7 Enhanced RF Statistics INDEXED ON: ccPortalIndex Field Type Description Number of packets transmitted ccPortalTxPktsAt1Mb Counter32 through this portal at 1 Mbps. Number of packets transmitted ccPortalTxPktsAt2Mb Counter32 through this portal at 2 Mbps. Number of packets transmitted ccPortalTxPktsAt5pt5Mb Counter32 through this portal at 5.5 Mbps.
Page 658: Ccportaltxoctetstable
14-8 WS5000 Series Switch System Reference Guide Field Type Description Number of octets received through this ccPortalRxOctetsAt6Mb Counter32 portal at 6 Mbps. Number of octets received through this ccPortalRxOctetsAt9Mb Counter32 portal at 9 Mbps. Number of octets received through this...
Page 659: Ccportaltxretriespktstable
14-9 Enhanced RF Statistics Field Type Description Number of octets transmitted through ccPortalTxOctetsAt18Mb Counter32 this portal at 18 Mbps. Number of octets transmitted through ccPortalTxOctetsAt22Mb Counter32 this portal at 22 Mbps. Number of octets transmitted through ccPortalTxOctetsAt24Mb Counter32 this portal at 24 Mbps. Number of octets transmitted through ccPortalTxOctetsAt36Mb Counter32...
Page 660: Ccportaltxretriesoctetstable
14-10 WS5000 Series Switch System Reference Guide Field Type Description Number of packets successfully ccPortalTxRetriesPkts08 Counter32 transmitted through this portal with 8 retries. Number of packets successfully ccPortalTxRetriesPkts09 Counter32 transmitted through this portal with 9 retries. Number of packets successfully...
Page 661 14-11 Enhanced RF Statistics Field Type Description Number of octets successfully ccPortalTxRetriesOctets02 Counter32 transmitted through this portal with 2 retries. Number of octets successfully ccPortalTxRetriesOctets03 Counter32 transmitted through this portal with 3 retries. Number of octets successfully ccPortalTxRetriesOctets04 Counter32 transmitted through this portal with 4 retries.
Page 662: Ccportalsigstatstable
14-12 WS5000 Series Switch System Reference Guide Field Type Description Number of octets that never were ccPortalTxRetriesOctetsFailed Counter32 successfully transmitted through this portal because the maximum retry count was exceeded. 14.2.12 ccPortalSigStatsTable DESCRIPTION: This table gives statistics about RSSI, Signal, Noise, and SNR for packets received by a portal.
Page 663: Ccportalsumstatsshorttable
14-13 Enhanced RF Statistics Field Type Description The worst noise value seen by the portal so ccPortalSigStatsNoiseWorst Integer32 far. (-50dBm noise is worse than 60dBm). The sum of the noise values (in dBm) ccPortalSigStatsNoiseSum Integer32 received by the portal. Like SignalSum, this value is normally a negative value.
Page 664 14-14 WS5000 Series Switch System Reference Guide INDEXED ON: ccPortalIndex Field Type Description The number of time ticks ccPortalSumStatsShortTimestamp TimeTicks elapsed since the beginning of this window The number of packets used to ccPortalSumStatsShortNumPkts Unsigned32 calculate the statistics in this window.
Page 665 14-15 Enhanced RF Statistics Field Type Description The average of all noise values ccPortalSumStatsShortAvgMuNoise Integer32 over the window. (in dBm) The average of all SNR values ccPortalSumStatsShortAvgMuSnr Integer32 over the window. (in dBm) Ratio of packets that were not ccPortalSumStatsShortPp10kNUcastPkts PartsPer10k unicast to the total number of packets sent/received by the...
Page 666: Ccportalsumstatslongtable
14-16 WS5000 Series Switch System Reference Guide Field Type Description The total number of Mobile ccPortalSumStatsShortTotalMus Unsigned32 Units associated with the portal. The approximate utilization of ccPortalSumStatsShortPp10kRfUtil PartsPer10k the portal's RF port. Calculated as Throughput divided by AvgBitSpeed. Expressed as parts-per-10000.
Page 667 14-17 Enhanced RF Statistics Field Type Description Number of packets received per ccPortalSumStatsLongPktsPerSecRx100 ScaleBy100 second as averaged over the 'window'.Since SNMP does not convey decimal values, the result is multiplied by 100. Actual number of bits sent and ccPortalSumStatsLongThroughput Unsigned32 received over the window, divided by the number of seconds in the window.
Page 668 14-18 WS5000 Series Switch System Reference Guide Field Type Description Ratio of transmitted packets ccPortalSumStatsLongPp10kTxMaxRetries PartsPer10k that were dropped due to excessive retries to the total number of packets transmitted by this portal. Expressed as parts-per-10000. For all transmitted packets...
Page 669: Ccmus
Integer32 which this MU is associated. The MAC address of the portal to which this ccMuPortalMac PhysAddress MU is associated. If true, this MU supports Symbol's Rogue AP ccMuSymbolRogueApEna TruthValue detection assist algorithm. IP address of the MU. ccMuIpAddr IpAddress Type of the MU.
Page 670: Ccmurxpktstable
14-20 WS5000 Series Switch System Reference Guide Field Type Description The number of non-unicast packets received ccMuRxPktsNUcast Counter32 from a MU. The number of unicast bytes transmitted to ccMuTxOctetsUcast Counter32 the MU. The number of unicast bytes received from an...
Page 671: Ccmutxpktstable
14-21 Enhanced RF Statistics Field Type Description The number of packets received from the MU at ccMuRxPktsAt18Mb Counter32 18 Mbps. The number of packets received from the MU at ccMuRxPktsAt22Mb Counter32 22 Mbps. The number of packets received from the MU at ccMuRxPktsAt24Mb Counter32 24 Mbps.
Page 672: Ccmurxoctetstable
14-22 WS5000 Series Switch System Reference Guide Field Type Description The number of packets transmitted to the MU ccMuTxPktsAt48Mb Counter32 at 48 Mbps. The number of packets transmitted to the MU ccMuTxPktsAt54Mb Counter32 at 54 Mbps. 14.3.5 ccMuRxOctetsTable DESCRIPTION: The number of bytes received from the MU at various rates.
Page 673: Ccmutxretriestable
14-23 Enhanced RF Statistics Field Type Description The number of bytes transmitted to the MU at 22 Mbps. ccMuTxOctetsAt22Mb Counter32 The number of bytes transmitted to the MU at 24 Mbps. ccMuTxOctetsAt24Mb Counter32 The number of bytes transmitted to the MU at 36 Mbps. ccMuTxOctetsAt36Mb Counter32 The number of bytes transmitted to the MU at 48 Mbps.
Page 674: Ccmurfsum
14-24 WS5000 Series Switch System Reference Guide Field Type Description The number of packets transmitted to the MU ccMuTxRetries14 Counter32 with 14 retries. The number of packets transmitted to the MU ccMuTxRetries15 Counter32 with 15 retries. The number of failed packet transmissions to...
Page 675: Ccmusigstatstable
14-25 Enhanced RF Statistics Field Type Description The number of octets transmitted to the MU ccMuTxRetriesOctets10 Counter32 with 10 retries. The number of octets transmitted to the MU ccMuTxRetriesOctets11 Counter32 with 11 retries. The number of octets transmitted to the MU ccMuTxRetriesOctets12 Counter32 with 12 retries.
Page 676: Ccmusumstatsshorttable
14-26 WS5000 Series Switch System Reference Guide Field Type Description The sum of the square of all the noise samples ccMuSigStatsNoiseSumSquares Counter64 in dBm received from the radio to which this MU is associated. The strength of the most recent noise value...
Page 677 14-27 Enhanced RF Statistics Field Type Description Number of received packets per ccMuSumStatsShortPktsPerSecRx100 ScaleBy100 second as averaged over the 'window'. Since SNMP does not convey decimal values, the result is multiplied by 100. Actual number of bits sent and ccMuSumStatsShortThroughput Unsigned32 received over the window, divided by the number of...
Page 678: Ccmusumstatslongtable
14-28 WS5000 Series Switch System Reference Guide Field Type Description Ratio of transmitted packets ccMuSumStatsShortPp10kDropped PartsPer10k that were dropped due to excessive retries to the total number of transmitted pakets. Expressed as parts-per-10000. For all transmitted packets ccMuSumStatsShortTxAvgRetries100 ScaleBy100 (including those that...
Page 679 14-29 Enhanced RF Statistics Field Type Description The number of transmitted ccMuSumStatsLongPktsPerSecTx100 ScaleBy100 packets per second as averaged over the 'window'. Since SNMP does not convey decimal values, the result is multiplied by 100. Number of received packets per ccMuSumStatsLongPktsPerSecRx100 ScaleBy100 second as averaged over the 'window'.
Page 680: Rf-Traps
14-30 WS5000 Series Switch System Reference Guide Field Type Description Ratio of packets that were not ccMuSumStatsLongPp10kNUcastPkts PartsPer10k unicast to the total number of packets sent/received. Expressed as parts-per-10000. Ratio of transmitted packets ccMuSumStatsLongPp10kTxWithRetries PartsPer10k that experienced one or more retries to the total number of packets sent or received.
Page 681 14-31 Enhanced RF Statistics A short window can be explained as :Time period over which the threshold values (of the derived statistics) are computed (it has a value of 30 seconds). To enable the RF Traps you have to set the snmp_trap for the corresponding event in events context. WS5000 v2.1 supports traps for AP, Switch and MU.
Page 682: Explanation Of Enhanced Rf Statisitcs
14.6 Explanation of Enhanced RF Statisitcs Symbol’s family of wireless products all share a rich set of monitoring variables, called enhanced RF Statisitcs .This section describes those statistics, and how they can be used to detect common wireless networking problems.
Page 683 14-33 Enhanced RF Statistics Figure 14.1 Pyramid” of network infrastructure monitoring statistics. Information is available to identify all Access Ports and their embedded radios, (called “Portals”), associated with the wireless switch. Figure 14.2 Figure 14.3 show the tables that give this general information. Figure 14.2 The ccApTable lists all the Access Ports currently adopted by the wireless switch.
Page 684 14-34 WS5000 Series Switch System Reference Guide Figure 14.3 The ccPortalTable lists all radios (“Portals”) currently adopted by the wireless switch. In a similar fashion, (see Figure 14.4 ), every MU currently associated with the device are shown in a table, along with general information.
Page 685 14-35 Enhanced RF Statistics • Every MU currently associated to the device • Every Portal currently adopted by the device • The device in it’s entirety For the remainder of this description, only the MU tables are shown, but there are nearly identical tables for the Portals (the entire switch is represented by entry #1001 in the WLAN tables).
Page 686 14-36 WS5000 Series Switch System Reference Guide Figure 14.6 These tables show counts of all packets/octets transmitted/received to/from the MU Note In all cases, variables are named from the perspective of the network infrastructure device. For example, a packet sent from an MU is, (for the MU), a transmitted packet, but for the wireless switch, a received packet.
Page 687 14-37 Enhanced RF Statistics Figure 14.7 The ccMuSigStatsTable shows statistics for signal, noise, and SNR. All of the above “raw” statistics have no time interval – they count the number of occurrences since the device booted-up. Those “raw” stats are summarized over selected time-intervals: the “short”...
Page 688: A Sample Usage Example
14-38 WS5000 Series Switch System Reference Guide Figure 14.8 The ccMuSumStats tables show the key history for the past 30 seconds and past 1hr. The device can be programmed with thresholds for most of these time-based stats. Those thresholds can be different for the entire switch than for the WLANs than for the APs than for the MUs.
Page 689 14-39 Enhanced RF Statistics Figure 14.9 Just minutes after the antenna was removed, the long-term (1hr) average bit speed continues to- hover near 7Mb/s while short-term (30sec) value sinks quickly to less than 2Mb. Figure 14.10 Only one minute after the antenna was removed, the short-term statistics reflect the new [poor]wireless conditions, while the long-term stats show the (mostly good) prior hour.
Page 690 14-40 WS5000 Series Switch System Reference Guide The RF environment is also effected by the presence/absence of antennas in the APs. The Figure 14.11 Figure 14.12 below shows the received and transsmit speed are severly degraded without the antenna installed.
Page 691 14-41 Enhanced RF Statistics Figure 14.13 Without the antenna, many packets had 1 to 4 retries. The “raw” stats also accumulate the number of packets received, the sum of all signal values on those packets, and the sum of all each signal value squared. Taking the delta of each of those values over both the interval with the antenna present and absent, results in average signal readings with corresponding standard deviations.
Page 692: Watching Min, Max, Or Average Is Not Enough
14-42 WS5000 Series Switch System Reference Guide Figure 14.14 Distributions of received signal strength, as predicted by the average and standard deviationcalculated across the collection of packets received. 14.6.1.1 Watching min, max, or average is not enough Suppose your SLA (Service Level Agreement) states to provide a wireless signal strength of –63dB (or better) to your customers partners/colleagues.
Page 693: Who Calculates Standard Deviation
14-43 Enhanced RF Statistics Figure 14.15 Graph dispalying the 3 possible scenarios while monitoring the signal strenght This begs the question: what percentage of end stations must be experiencing –63dB or better at any given time? Depending on the situation, the requirement might be that 80% must have 63dB or better, (which the red and green distributions achieve).
Page 694: How Is Standard Deviation Calculated From Running Sums
14-44 WS5000 Series Switch System Reference Guide has 80% of the end stations at –63dB or better as averaged over a 24 hour period may not have met that standard each and every hour of that day. SLA 3 — Within each 30 seconds interval, 80% of end stations will experience -63dB or better Whatever interval the SLA specifies is the minimum interval at which monitoring must take place.
Page 695 14-45 Enhanced RF Statistics Or, in terms more suited to a programmer, rather than a math major: // at start of the time interval GET start-n, start-sum-of-values, start-sum-of-squares // wait for the time interval to expire // at end of the time interval GET end-n, end-sum-of-values, end-sum-of-squares // calculate the delta of readings over the interval n = end-n - start-n...
Page 696 14-46 WS5000 Series Switch System Reference Guide...
Page 697: Overview
AP-300 Sensor Conversion 15.1 Overview WS5000 switch is capable of adopting different types of Access Ports. It is capable of using custom firmware instead of default firmware images for specified APs. This functionality is used to perform the conversion from an AP to an W-IPS sensor.
Page 698: Functionality
15-2 WS5000 Series Switch System Reference Guide 15.2 Functionality In addition to the basic AP to sensor conversion it is also desirable that the switch provide some minimal management capabilities for the sensors. You should be able to view the list of sensors, read and send sensors' configuration and revert selected sensors back to AP.
Page 699: Sensor Revert
15-3 AP-300 Sensor Conversion 15.2.3 Sensor Revert You can revert sensors back to AP's by selecting sensors from the list and issuing a command. The revert switch sends a DOWNGRADE command to all selected sensors and waits for an acknowledgement from every one of them.
Page 700 15-4 WS5000 Series Switch System Reference Guide 1. The sensor conversion and management functionality is disabled by default. Select Enable from the Enable Sensor drop-down box, this will enable you to convert the AP300 to a sensor. Figure 15.1 AP300/Sensor window 2.
Page 701 15-5 AP-300 Sensor Conversion window. All the fields in this window are configurable and you can change the default configuration if required and commit it by clicking on the Save button. Figure 15.2 The WIPS Default configuration window Note If you enable the DHCP, then you cannot edit Sensor IP, Subnet Mask and Gateway fields.
Page 702 15-6 WS5000 Series Switch System Reference Guide 3. Click on the Convert to Sensor button to convert the selected AP300 into a sensor. This opens the WIPS Configuration window. Click on the Save button to commit the changes made. Figure 15.3 The WIPS Configuration window 4.
Page 703: Converting An Sensor Into Ap300
15-7 AP-300 Sensor Conversion 5. To view the new sensor, click on the AP300/Sensor from the tree menu on the left hand side. Select the Sensor tab and then click on the Refresh button in the main AP300/Sensor window. It generally takes about a minute to convert the AP into a sensor.
Page 704 15-8 WS5000 Series Switch System Reference Guide Figure 15.5 Sensor tab displaying the available sensor(s) 2. Select an sensor by clicking on the checkbox associated with the sensor that you want to convert to an AP300. Click on the Modify button to view the current/default configuration of the sensor. This opens the WIPS Configuration window.
Page 705 15-9 AP-300 Sensor Conversion 3. The switch opens a dialog box prompting you to save the configuration. Click OK to confirm the changes made (if any) and save the configuration. Figure 15.7 Converting a Sensor to an AP300 4. To view the new AP300,click on the AP300/Sensor from the tree menu on the left hand side.Select the AP300 tab and then click on the Refresh button in the main AP300/Sensor window.
Page 706 15-10 WS5000 Series Switch System Reference Guide...
Page 707: List Of Traps And Syslog Messages
Syslog and Traps The WS5000 switch supports raising of SNMP Traps and/or logging of Syslog messages, on certain events. The list of events are listed in the table below. The user can configure, for each event, if a SNMP Trap is to be sent, a syslog message is to be logged or both 16.1 List of Traps and Syslog Messages.
Page 708 16-2 WS5000 Series Switch System Reference Table 16.1 Default Syslog and Traps Configuration S.No Event Default Default Default Local Log Syslog SNMP Severity Trap Clock change Enabled Disabled Disabled Whenever the time changes. Packet discard [wrong NIC] Enabled Disabled Disabled Whenever the switch has received a packet from the access port via a NIC that is different from the one through which the access port is/was adopted.
Page 709 16-3 Syslog and Traps Table 16.1 Default Syslog and Traps Configuration S.No Event Default Default Default Local Log Syslog SNMP Severity Trap AP detected Enabled Disabled Disabled Whenever an AP is detected by the switch. Device msg dropped [info] Enabled Enabled Disabled Whenever the device info message from the AP is dropped (for various...
Page 710 16-4 WS5000 Series Switch System Reference Table 16.1 Default Syslog and Traps Configuration S.No Event Default Default Default Local Log Syslog SNMP Severity Trap MU TKIP [MIC error] Enabled Enabled Disabled Whenever an MU using TKIP encryption mechanism has encountered a micheal intergrity check failure.
Page 711 16-5 Syslog and Traps Table 16.1 Default Syslog and Traps Configuration S.No Event Default Default Default Local Log Syslog SNMP Severity Trap Standby active Enabled Enabled Disabled Whenever standby is taken over from primary. Primary internal failure [reset] Enabled Disabled Disabled Whenever primary interface is stopped.
Page 712 16-6 WS5000 Series Switch System Reference Table 16.1 Default Syslog and Traps Configuration S.No Event Default Default Default Local Log Syslog SNMP Severity Trap Radio power is reduced [TPC] Enabled Disabled Disabled Whenever the radio power is reduced. Radar is detected [DFS]...
Page 713 16-7 Syslog and Traps Table 16.1 Default Syslog and Traps Configuration S.No Event Default Default Default Local Log Syslog SNMP Severity Trap NON IP packet received on Tunnel Enabled Disabled Disabled Whenever a non IP (internet protocol) packet is received in the tunnel. Statistics has crossed the prescribed threshold by a AP Enabled Disabled...
Page 714 16-8 WS5000 Series Switch System Reference...
Page 715: Update Mechanism
DDNS DDNS is based on the current ISC DHCP server on WS5000. It implements the update all feature by parsing the existing DHCP server lease database and sends an update for every valid lease. The user class option send by the DHCP client must perform in accordance to RFC3004. To know about this the user must specify whether the user class option must be interpreted as a multiple user option field or not.
Page 716 17-2 WS5000 Series Switch System Reference 5. If this fails because the A entry already exists, an update is sent for the A record with the name, the prerequisite being that the TXT record must have the same hash. 6. It next sends a PTR update.
Page 717 DOM Firmware Upgrade Images Needed 1. For Upgrade on Mantis DOM's domfix.patch.sys.img 2. For Upgrade on 1.4 DOM's WS5k_domfix.cfg Procedure to Upgrade On the Mantis DOM 1. FTP/TFTP the domfix.patch.sys.img on the switch using copy tftp/ftp command. 2. In the Cfg mode, run patch command to install the Firmware Upgrade Patch Cfg>...
Page 718 WS5000 Series Switch System Reference Guide Procedure to Upgrade On the WS5x00 Series Wireless Switch DOM 1. FTP/TFTP the WS5k_domfix.cfg on the switch using copy tftp/ftp command. 2. In the service mode CLI, run exec command to install the Firmware Upgrade Patch SM-WS5000>...
Page 719 DTIM Interval per BSS The WS5000 switch allows the user to modify the DTIM interval. This value, also called as DTIM Period, is set on a per AP Policy basis. The choice of this DTIM period depends on what is more important–power consumption, or WLAN performance.
Page 720 WS5000 Series Switch System Reference Guide used when the AP does not support setting of DTIM per BSS, and will be indicated as such through the user interface. The AP indicates its ability to set the DTIM interval on a per BSS basis through the DeviceInfo message. If the AP supports this feature, the switch will include an item with DTIM interval for each BSS the AP supports in the configuration packet sent at adoption of the AP.
Page 721 AP300 LED Codes The AP300 LED operates under the following circumstances: • Quiet state. • RF Transmit activity state. • RF Receive activity state. The maximum flash rate for each LED in the AP300 is ten times per second. Table C.1 AP300 LED code Current AP300 State LED Code Quiet State...
Page 722 WS5000 Series Switch System Reference Guide Table C.1 AP300 LED code Current AP300 State LED Code RF Receive activity state Each data packet received causes the corresponding LED to flash.
Page 723: Customer Support
Customer Support Symbol Technologies provides its customers with prompt and accurate customer support. Use the Symbol Support Center as the primary contact for any technical problem, question or support issue involving Symbol products. If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines within Symbol becomes available for further assistance and support.
Page 724 North American Contacts Inside North America: Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 Telephone: 1-631-738-2400/1-800-SCAN 234 Fax: 1-631-738-5990 Symbol Support Center (for warranty and service information): telephone: 1-800-653-5350 fax: (631) 738-5410 Email: support@symbol.com International Contacts Outside North America:...
Page 725 Web Support Sites MySymbolCare http://www.symbol.com/services/msc Symbol Services Homepage http://symbol.com/services Symbol Software Updates http://symbol.com/services/downloads Symbol Developer Program http://software.symbol.com/devzone Additional Information Obtain additional information by contacting Symbol at: 1-800-722-6234, inside North America +1-516-738-5200, in/outside North America http://www.symbol.com/...
Page 726 WS5000 Series Switch System Reference...
Page 728 Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 http://www.symbol.com 72E-81435-01 Document Revision A March 2006...