Download Print this page

Symbol WS5000 Series System Reference Manual

Hide thumbs Also See for WS5000 Series:

System reference manual (728 pages)

,

Reference manual (314 pages)

,

Troubleshooting manual (56 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, System Reference Manual

WS5000 Series Switch

System Reference Guide

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the WS5000 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Symbol WS5000 Series

Page 1 WS5000 Series Switch System Reference Guide...
Page 2 2005 by Symbol Technologies, Inc. All rights reserved. No part of this publication can be modified or adapted in any way, for any purposes without permission in writing from Symbol. The material in this manual is subject to change without notice.
Page 3: Table Of Contents
Contents Chapter 1. WS5000 Series Switch Overview 1.1 Key Features........... 1-2 1.1.1 Installation Features.
Page 4 WS5000 Series Switch System Reference Guide 1.3 Software Overview ..........1-7 1.3.1 Accessing and Configuring the Switch Software.
Page 5 3.3 Command File Example ......... . 3-7 Chapter 4. Using the WS5000 Series Switch GUI 4.1 Logging In .
Page 6 WS5000 Series Switch System Reference Guide 6.1.5 Creating a Network Policy ........6-13 6.1.6 Modifying a Network Policy .
Page 7 8.2.5 clear ............8-7 8.2.6 emergencymode .
Page 8 WS5000 Series Switch System Reference Guide 8.4.27 securitypolicy ..........8-47 8.4.28 set daylight .
Page 9 8.8 AAA LDAP Context ............8-69 8.8.1 3.
Page 10 WS5000 Series Switch System Reference Guide 8.16.4 show ............8-93 8.17 Access Port Instance .
Page 11 8.23.1 description ..........8-123 8.23.2 name.
Page 12 WS5000 Series Switch System Reference Guide 8.31.7 start ............8-154 8.31.8 stop .
Page 13 xiii 8.39.2 show ............8-178 8.40 Radius Context .
Page 14 WS5000 Series Switch System Reference Guide 8.47.3 remove............8-209 8.47.4 show .
Page 15 Chapter 10. Converting AP-4131 Access Points to RF Ports 10.1 AP-4131 Features in the WS5000 Series Switch ....10-2 10.1.1 AP-4131 Port Adoption......... . 10-2 10.1.2 AP-4131 Radio Configuration.
Page 16 WS5000 Series Switch System Reference Guide 12.2.4 WVPN Authentication......... . . 12-8 12.2.4.1 Simple Authentication .
Page 17: About This Guide
Service Information Who Should Use this Guide The WS5000 Series Switch System Reference Guide is intended for system administrators responsible for the implementing, configuring, and maintaining the WS5000 Series Switch within the wireless local area network. It also serves as a reference for configuring and modifying most common system settings. The administrator should be familiar with wireless technologies, network concepts, Ethernet concepts, as well as IP addressing and SNMP concepts.
Page 18: How To Use This Guide
WS5000 Series Switch System Reference Guide How to Use this Guide This guide will help you implement, configure, and administer the WS5000 Series Switch and associated network elements. This guide is organized into the following sections: Table 1 Quick Reference on How This Guide Is Organized Chapter Jump to this section if you want to...
Page 19: Notational Conventions
• Sequential lists (those describing step-by-step procedures) appear as numbered lists. Service Information If a problem with is encountered with the WS5000 Series Switch, contact Symbol Customer Support. See Symbol’s Web site (http://www.symbol.com) for Symbol Customer Support contact information and policies.
Page 20 WS5000 Series Switch System Reference Guide...
Page 21: Chapter 1. Ws5000 Series Switch Overview
WS5000 Series Switch Overview The WS5000 Series Switch provides a centralized management solution for wireless networking components across the wired network infrastructure. Unlike traditional wireless network infrastructures that reside at the edge of a network, the switch uses centralized, policy-based management for all devices on the wireless network.
Page 22: Key Features
Line Interface (CLI). A WS5000 Series Switch streamlines management of a large wireless system and allows for network management features such as Quality of Service (QoS), virtual WLANs and packet forwarding. 1.1 Key Features WS5000 Series Switch includes a robust set of features. These features are briefly listed and described in the following sections: •...
Page 23: Security Features
• Support for Proxy ARP statistics applet operation with Sun JRE • Service mode features • The WS5000 Series Switch GUI Applet only supports Sun Java Runtime Environment (JRE) including the Sun Java Virtual Machine (JVM). Support for the Microsoft Virtual Machine is discontinued with the 1.4 release and WS5000 Series Switch.
Page 24: Networking Features
• Layer 3 filtering • Multiple WLAN 1.1.5 Access Port Support Access ports work on any VLAN with connectivity to the wireless switch. The WS5000 Series Switch supports the following access ports: • AP100 (supports 802.11b) • AP200 (supports 802.11a/b) •...
Page 25: Hardware Overview
WS5000 Series Switch Overview 1.2 Hardware Overview A WS5000 Series Switch contains types of hardware: a wireless switch and a set of access ports. The wireless switch is a rack-mountable device that manages all inbound and outbound traffic on the wireless network.
Page 26: Cabling Requirements
WS5000 Series Switch Installation Guide. 1.2.2 System Status LED Codes A WS5000 Series Switch has two LEDs on the front panel, adjacent to the RJ45 ports. The System Status LEDs display three colors—blue, amber, or red —and three “lit” states—solid, blinking, or off.
Page 27: 10/100/1000 Port Status Led Codes
The port is linked Green blinking The port is linked and active 1.3 Software Overview This section provides an overview of the WS5000 Series Switch software and features. It contains: • 1.3.1 Accessing and Configuring the Switch Software on page 7 •...
Page 28: Switch Policies
1.3.2 Switch Policies A WS5000 Series Switch uses a set of rules, or “policies,” to configure the wireless LAN (WLAN), the access ports that it adopts, and to integrate the wired LANs and VLANs. The policy-based management architecture lets a network administrator create a class of service (CoS) by defining network access, type of WLAN security, and quality of service (QoS) for a group of users.
Page 29: Access Port Adoption Process
1.3.3 Access Port Adoption Process The process in which the WS5000 Series Switch takes on a 802.11 access port and configures it is called adoption. It includes configuring adoption lists, loading the firmware image on the access port, and configuring the access port radios according to the switch policy.
Page 30: Different Dimensions Of Qos
1-10 WS5000 Series Switch System Reference Guide 1.3.4.1 Different Dimensions of QoS Different methods of QoS are applied for distinction between users and applications. The two main categories are: • QoS via Queuing – A network shared by different users such as in a revenue-based, shared office building or a public hotspot is implemented with Service Level Agreements (SLA) based on how much each group of users pay for bandwidth.
Page 31: Weighted Fair Queuing (Wfq)
1.3.5 Multi-BSSID and ESSID Access Ports In a networked wireless environment, multiple access ports are connected to a WS5000 Series Switch to provide RF connectivity to MUs. Each access port radio sends and receives RF signals over a range of space, the Basic Service Set (BSS).
Page 32: Standby Management
“Failover” or Standby Management enables the network administrator to significantly reduce the chance of a disruption in service to the switch and associated MUs by placing one or more additional WS5000 Series Switches as backup to a Primary wireless switch if it fails.
Page 33: Enhancements
16 1.4.1 AP-4131 Port Conversion You can convert the Symbol AP-4131 model access points to RF Ports for use with the WS5000. The port conversion enables existing customers to utilize an existing Symbol wireless infrastructure with the WS5000 Series Switch.
Page 34: Event Manager
1.4.4 Hot Standby You can use the WS5000 Series Switch in the hot standby mode, but when the switch is in this mode it will not adopt ant primary access ports.The hot standby system only adopts APs after it detects that the primary system it monitors failed.
Page 35: On-Board Dhcp
The SNMP architecture allows a variety of relationships among network entities. The WS5000 Series Switch v2.0 supports SNMP v3.0 as well as SNMP v2.0 and v1.0. To configure SNMP on the WS5000 Series Switch, see Chapter 11, Configuring SNMP.
Page 36: Wtls Vpn
For details, see Chapter 12, Configuring the WS5100 WTLS VPN. 1.4.11 Upgrade and Downgrade Using Autoinstall The WS5000 Series Switch provides an autoinstall script that enables you to upgrade to version 2.0 automatically. See Chapter 2, Installing the System Image.
Page 37: Chapter 2. Installing The System Image
Installing the System Image This chapter describes how to install a new system image with the latest software on the WS5000 Series Switch. It also guides you through the CLI commands for restoring the site configuration file for the switch.
Page 38 WS5000 Series Switch System Reference Guide Note The WS5000 Series Switch Graphical User Interface does not support this process. After you log into the WS5000 series switch, it displays the software version. For example:. user name:cli WS-5000 Wireless Switch... userid:admin password: Setting user permissions flags..
Page 39: Upgrading The Switch Firmware To 2.0
Installing the System Image 2.2 Upgrading the Switch Firmware to 2.0 The WS5000 Series Switch release 2.0 enables you to upgrade to the 2.0 baseline from the platforms: • WS5000 or 5100 running the 1.4/1.4.1.0/1.4.1.1/1.4.2 baseline. • WS5000 or 5100 running 1.1v49.
Page 40 WS5000 Series Switch System Reference Guide 1. Copy the PreUpgradeScript script using tftp/ftp to the system to be upgraded using the following command under the cfg mode of the CLI. This example uses ftp. WS5000> cfg WS5000.(Cfg)> copy ftp system -u chugtum Enter the file name to be copied from FTP server : PreUpgradeScript IP address of the FTP server : 157.235.188.237...
Page 41 Installing the System Image Note When ftping the PreUpgradeScript, the switch might display the error messages: /bin/dedos: line 69: syntax error near unexpected token 'dir' /bin/dedos: line 69: syntax error near unexpected token 'dir' Ignore these messages because they do not indicate a problem in ftp'ing the script . Just verify the size of the script ftp'ed matches with the actual one.
Page 42: Upgrading The Switch
Couldn't find the desired space to free 2.2.1.2 Upgrading the Switch To upgrade to from WS5000 1.4/1.4.1 or WS5000 Series Switch 1.1v49 to the WS5000 2.0 baseline: 1. Copy the WS5000_v2.0.0.0-xxxx.sys.kdi image (using ftp) to the system to be upgraded. Use the...
Page 43: Upgrading Using Autoinstall
Installing the System Image Note You cannot use tftp to acquire this image because the file size exceeds 32 MB. WS5000.(Cfg)> copy ftp system -u chugtum Enter the file name to be copied from FTP server : WS5000_v2.0.0.0-017D.sys.kdi IP address of the FTP server : 157.235.188.237 Enter the user password : ******* Copying 'WS5000_v2.0.0.0_kdi' from ftp://157.235.188.237 to Switch...
Page 44: Using Autoinstall To Upgrade From 1.4.X.x
If you enter all of these parameters, the switch upgrades successfully. 2.3.3 Using the AutoInstall to Upgrade From Wireless Switch 5000 Series Build 49 To upgrade from WS5000 Series Switch to 2.0 as part of Auto-install. 1. Copy the patch supplied to the switch running WS5000 Series Switch (build 49):...
Page 45: Installing The Patch File Automatically
Before you run the automatic patch file installation, check that you have: • A Linux Machine with the Expect program installed. • Telnet or Ssh enabled on the WS5000 Series Switch. Installing the Patch File in 1.4 Switches To install the patch file for 1.4 switches: 1.
Page 46 2-10 WS5000 Series Switch System Reference Guide <telnet/ssh> : Program (telnet or ssh) enabled on the list of WS5000 Series Switches specified by the <file_containing_ip_of_WS5000 Series Switch_switches>. ftp or tftp: Method used to download the patch file. service_password : Service mode CLI password.
Page 47: Recovering From Upgrade Errors
DOM using the pxeboot method. 2.5 Downgrading from 2.0 to 1.4/1.4.1 You can downgrade a switch running WS5000 Series Switch 2.0 image to the switch running one of the following versions: • WS5000 Series Switch 1.4.0.0 (026R) •...
Page 48: Running The Downgrade.exe Script
2-12 WS5000 Series Switch System Reference Guide Note If you use the PreDowngrade.exe script to release memory, you must proceed with the downgrade. 2.5.2 Running the Downgrade.exe Script After you verify that the switch has enough memory for the downgrade, run the Downgrade.exe script as follows: 1.
Page 49 DHCP lease file. • A command file – This is an ASCII text file that contains site-specific settings for the WS5000 Series Switch (the filename must end with a .sym suffix). The switch obtains this filename through DHCP and stores it in the returned DHCP lease file.
Page 50: Command File
WS5000 Series Switch System Reference Guide 3.1 Command File The command file option specifies a valid filename for an ASCII text format file that exists on the TFTP server and contains site-specific settings for the wireless switch. The command file (see...
Page 51: Event Logging
ConfigFile <config_name (.cfg)> This is the name of a WS5000 Series Switch configuration. This file is downloaded automatically from a specified TFTP server or though the CLI copy command.
Page 52: General Network Configuration And Standby Management
WS5000 Series Switch System Reference Guide Table 3.2 TFTP Server (Files to Download) Section (Continued) Option Value Notes KerberosFile <kerberos_name (.krb)> This is the name of a Kerberos username/password (Kerberos MIT DB file format) file and it is used to configure the primary Kerberos database of the on board KDC server.
Page 53: Kerberos Configuration Section
Configuring the WS 5000 Series Switch Auto- Table 3.3 General Network Configuration and Standby Management (Continued) Option Value Notes Eth1DHCP Indicates whether DHCP is on/off for Ethernet port 1. Eth2DHCP Indicates whether DHCP is on/off for Ethernet port 2. If DHCP is on for an interface, all IP settings provided in the command file will be ignored and the interface will be configured as a DHCP client.
Page 54: Snmp Configuration Section
WS5000 Series Switch System Reference Guide Table 3.4 Kerberos Configuration Section (Continued) Option Value Notes KDCRealm <KDC realm name> Kerberos realm name KDCInterface <KDC interface name> The interface on which the KDC is configured (1 or 2). KDCBackupHostname <xxx.xxx.xx.xx> Hostname of the backup slave.
Page 55: Command File Example
Configuring the WS 5000 Series Switch Auto- 3.3 Command File Example The following command file example shows the configuration of several options in the WS5000 Series Switch’s command file. You can use the same command file to configure both a primary wireless switch and an associated standby wireless switch.
Page 56 WS5000 Series Switch System Reference Guide # Primary IP configuration HostnamePrimary #Hostname of primary CC Eth1PrimaryIP #ip address of primary CC Eth2PrimaryIP #ip address of primary CC # Standby IP configuration HostnameStandby #Hostname of standby CC Eth1StandbyIP #ip address of standby CC...
Page 57 Configuring the WS 5000 Series Switch Auto- # SNMP Traps SNMPCommunity1Trap #SNMP community trap SNMPCommunity1TrapIP #SNMP community trap IP SNMPCommunity2Trap #SNMP community trap SNMPCommunity2TrapIP #SNMP community trap IP SNMPCommunity3Trap #SNMP community trap SNMPCommunity3TrapIP #SNMP community trap IP SNMPCommunity4Trap #SNMP community trap SNMPCommunity4TrapIP #SNMP community trap IP #############################################################################...
Page 58 3-10 WS5000 Series Switch System Reference Guide...
Page 59: Chapter 4. Using The Ws5000 Series Switch Gui
If you need to use a specific interface for a system configuration, this is specified at the beginning of the configuration process. For information on using the CLI, see Chapter 8, CLI Command Reference. 4.1 Logging In To log into the WS5000 Series Switch graphical user interface: 1. Open a compatible browser.
Page 60: Key Distribution Center
WS5000 Series Switch GUI. This file is included on the CD that ships with the product Figure 4.1 WS5000 Series Switch GUI Console Login 3. Type a User ID and Password and click the Login button. The default is “admin” and “symbol”, respectively. 4.2 Key Distribution Center The WS5000 Series wireless switch has an on-board Key Distribution Center (KDC), or Kerberos authentication server.
Page 61: Configuring Master Kdc Information
To configure master KDC information, follow these steps: 1. From the WS5000 Series Switch GUI main window, click System Settings > Kerberos > Configuration > KDC. The Kerberos Security Manager dialog box appears. Figure 4.2 Kerberos Security Manager—Configuring the Master KDC 2.
Page 62: Configuring Slave Kdc Information
CONFIGURED. To configure a KDC as a slave KDC: 1. Click System Settings > Kerberos > Configuration > KDC from the WS5000 Series Switch GUI main window. The Kerberos Security Manager dialog box appears. Figure 4.3 Kerberos Security Manager—Configuring a Slave KDC 2.
Page 63: Creating Kerberos User Accounts
Using the WS5000 Series Switch GUI 1. Click System Settings > Kerberos > Configuration > Slave from the WS5000 Series Switch GUI main window. 2. Select the slave KDC from the list in the left pane. Enter the hostname, IP address, and domain of the master KDC server.
Page 64: Setting Kerberos Time Synchronization
Except in a master/slave configuration, KDC NTP time configuration is optional. To synchronize the NTP server with the switch’s on board KDC, follow these steps: 1. From the WS5000 Series Switch GUI main window, click System Settings > Kerberos > Configuration > NTP.
Page 65 Using the WS5000 Series Switch GUI Figure 4.6 KDC Time Configuration 2. Enter the IP addresses for the Preferred Time Server, the First Alternate Time Server, and the Second Alternate Time Server. The alternate servers are optional, but recommended. 3. Click Save to apply settings. v...
Page 66 WS5000 Series Switch System Reference Guide...
Page 67: Chapter 5. Configuring User Authentication
Configuring User Authentication The WS5000 Series Switch provides an integrated Radius server as well as the ability to work with external Radius and LDAP servers to provide user database information and user authentication. Radius configuration supports: • Configuring appropriate authentication types •...
Page 68 WS5000 Series Switch System Reference Guide Figure 5.1 System Settings The following Radius Configuration screen appears: Figure 5.2 Radius Configuration...
Page 69: Managing Certificates
Exits the applet and terminate this session Help Displays the online help 5.2 Managing Certificates To generate a certificate request from the WS5000 Series Switch: 1. Select System Settings > Radius > Certificate Management > Self Certificate. 2. Click the Add button.
Page 70: Importing And Installing Ca Certificates
5. 5.2.1 Importing and Installing CA Certificates To import and install the CA and server certificates on the WS5000 Series Switch: 1. Ensure the time in the switch is synchronized with the Windows 2003 server PC. 2. Select System Settings > Radius > Certificate Management > Self Certificate to load the CA certificate.
Page 71: Uploading Certificates
Configuring User Authentication 5.2.2 Uploading Certificates If you have a server certificate from a CA and wish to use it on the Radius server: 1. Select Radius > Upload Certificate. The certificate upload screen (shown in Figure 5.4) appears. Figure 5.4 Uploading Server Certificate 2.
Page 72 WS5000 Series Switch System Reference Guide 3. Click one of the following buttons in the screen: Next Starts uploading the certificate. Reset Clears the filename and enter a new name. Cancel Exits the applet and terminate this session Help Displays the online help...
Page 73: Configuring Ldap Authentication
Configuring User Authentication 5.2.3 Configuring LDAP Authentication If the Radius Data Source is using an external LDAP server (see Configuring the Radius Server on page 5-1) the LDAP screen is used to provide data on the external LDAP server. Select System Settings -->...
Page 74: Configuring Clients
WS5000 Series Switch System Reference Guide Base DN Specify a distinguished name that establishes the base object for the search. The base object is the point in the LDAP tree at which to start searching. Pass Attribute Enter the password attribute used by the LDAP server for authentication.
Page 75: Configuring The Radius Accounting Server
Configuring User Authentication The Radius client configuration screen appears: 2. Enter the following information in the Clients Configuration table: Name of the subnet or host to authenticate. Name IP Address IP address of the subnet or host. Netmask The subnet mask number of the host to authenticate. Shared Secret A shared secret used for each host or subnet authenticating with the Radius server.
Page 76 5-10 WS5000 Series Switch System Reference Guide To configure the WS5000 Radius accounting server: 1. Click the Radius Accounting tab in the Radius Configuration screen. The Radius accounting server screen (shown in Figure 5.7) appears. Figure 5.7 Radius Accounting Server Configuration 2.
Page 77: Configuring Radius Users
5-11 Configuring User Authentication 4. Click one of the following buttons in the screen: Apply Saves your changes Undo Closes the screen without saving your changes. This reverts the screen back to the last saved configuration. Cancel Exits the applet and terminate this session Help Displays the online help.
Page 78: Adding Groups
5-12 WS5000 Series Switch System Reference Guide 5.3.1 Adding Groups Groups table displays a list of all groups in the local Radius server database. The groups are listed in the order they were added. Although groups can be added and deleted, there is no capability to edit the name of a group.
Page 79: Deleting Groups
5-13 Configuring User Authentication Close Exits the applet and terminate this session Displays the online help. Help 5.3.2 Deleting Groups To remove a group, select the group from the table and click the (Delete) button. A warning message displays when applying the change if there are users still assigned to the group. You can remove the group from each user or add the group back to the group list.
Page 80 5-14 WS5000 Series Switch System Reference Guide Figure 5.9 Radius Proxy Configuration For each proxy server, the WS5000 enables the administrator to configure the following: • Radius authentication server IP address • Radius authentication server port • Secret key • Suffix of the user ID such as isp2.com or company.com...
Page 81: Chapter 6. Configuring Policies
Network policies should be created to implement QoS and types of service (ToS) protocols. See Quality of Service on page 1-9 for more details on QoS and types of service protocols supported by the WS5000 Series wireless switch. 6.1 Configuring Network Policies To view the configuration hierarchy while creating a Network Policy, click Where Am I? at any point.
Page 82: Classifiers
WS5000 Series Switch System Reference Guide Figure 6.1 Network Policy Where Am I? Dialog Box Access Port policies use network policies (see Creating a Network Policy on page 6-13), but prior to creating a network policy, other network related components and policies must be configured within the switch. These are: •...
Page 83: Creating A Classifier
6.1.1.1 Creating a Classifier To create a classifier, follow these steps: 1. From the WS5000 Series Switch GUI main window, select Create > Network > Classifier. The system launches the Classifier Wizard. Figure 6.3 Creating a Classifier—Naming the Classifier (and Optionally, Choosing a Template) 2.
Page 84 WS5000 Series Switch System Reference Guide Figure 6.4 Creating a Classifier—Defining Match Criteria Each row of the Match Criteria table is a simple declaration. For each Criteria type to be defined, a value must also be defined. Unless otherwise noted, the Classifier uses a case-insensitive comparison when evaluating network packet values.
Page 85: Classification Groups
Configuring Policies Table 6.1 Classifier Types and Acceptable Value Ranges (Continued) Criteria Type Description Source Port The Ethernet port number, on the originating device, through which the packet was sent. Dest[ination] Port The Ethernet port number, on the recipient device, to which the packet is being sent.
Page 86: Creating A Classification Group
6.1.2.1 Creating a Classification Group To create a classification group: 1. From the WS5000 Series Switch GUI main window, click Create > Network > Classification Group. The system launches the Classification Group Wizard. Figure 6.6 Creating a Classification Group—Naming the Group (and Optionally, Choosing a Template) 2.
Page 87: Modifying A Classification Group
7. Click Finish to save the new Classification Group and exit the wizard. 6.1.2.2 Modifying a Classification Group To modify an existing Classification Group: 1. From the WS5000 Series Switch GUI main window, click Modify > Network > Classification Group. The system launches the Classification Group Manager.
Page 88 WS5000 Series Switch System Reference Guide Figure 6.8 Classification Group Manager 2. This panel lists all available Classification Groups configured on the system. Table 6.2 describes the fields and options within this panel. To edit a classification group, select the its name in the left pane first.
Page 89: Creating A Network Input Policy
Network Input Policies define incoming packet filters used with Network Policies. To create a Network Input Policy: 1. From the WS5000 Series Switch GUI main window, select Create > Network > Input Policy. The system launches New Input Policy Wizard.
Page 90 6-10 WS5000 Series Switch System Reference Guide To create a new Classification Group, click Create. See Creating a Classification Group on page 6-6 more details. 5. Click Next. A panel for applying prioritization actions to each chosen classification group is displayed.
Page 91: Creating A Network Output Policy
6.1.4 Creating a Network Output Policy To create a network output policy: 1. From the WS5000 Series Switch GUI main window, select Create > Network > Output Policy. The system launches Create a New Output Policy Wizard. Figure 6.12 Creating a Network Output Policy—Naming the Policy (and Optionally, Choosing a Template) 2.
Page 92 6-12 WS5000 Series Switch System Reference Guide To create a new Classification Group, click Create. See Creating a Classification Group on page 6-6 more details. 5. Click Next. A panel for applying prioritization actions to each chosen classification group is displayed.
Page 93 6.1.5 Creating a Network Policy To create a network policy: 1. From the WS5000 Series Switch GUI main window, select Create > Network > New Policy. The system launches Create a New Network Policy Wizard Figure 6.15 Creating a Network Policy—Naming the Policy (and Optionally, Choosing a Template) 2.
Page 94 6-14 WS5000 Series Switch System Reference Guide Figure 6.16 Creating a Network Policy—Selecting an Input Policy 4. When done, click Next. A panel for selecting an Output Policy is displayed. Output Policies define how to filter outgoing packets. Select an Output Policy, or to create a new Output Policy, click Create...
Page 95: Creating A Network Policy
6.1.6 Modifying a Network Policy To modify an existing network policy: 1. From the WS5000 Series Switch GUI main window, select Modify > Network > Existing Policy. The system launches the Network Policy Manager. Figure 6.18 Modifying an Existing Network Policy—Network Policy Manager 2.
Page 96: Switch Policies
6.2.1 Security Policies A Security Policy defines the authentication and encryption methods used to secure communication between the WS5000 Series switch, through its APs, and on to the mobile units. Each WLAN can have a different security policy associated with it.
Page 97: Creating A Security Policy
6.2.1.1 Creating a Security Policy To create a security policy: 1. From the WS5000 Series Switch GUI main window, select Create > Access Port > Security Policy. The Security Policy Wizard appears. Figure 6.21 Creating a Security Policy—Naming the Policy and Specifying an Encryption Type 2.
Page 98 6-18 WS5000 Series Switch System Reference Guide Protocol. If using PSK, an ASCII or hexadecimal value is required to configure TKIP. • AES CCMP – WPA2 dynamic encryption. If using PSK, an ASCII or hexadecimal value is required to complete configuration.
Page 99 6-19 Configuring Policies 6. When done, click Next. Depending on the Encryption and Authentication settings specified, the subsequent panels change. These different panels, and how to configure their settings or controls follow: • Kerberos Authentication Settings on page 6-19 • WEP Encryption Settings on page 6-20 •...
Page 100 6-20 WS5000 Series Switch System Reference Guide Table 6.7 Kerberos Authentication Settings (Continued) Setting Description Realm Name In addition to a Primary KDC server, a Kerberos Realm Name is required. The Realm Name value should be all upper-case (since it is usually also the DNS domain).
Page 101 6-21 Configuring Policies Table 6.8 WEP Encryption Setting Descriptions (Continued) Setting Description Key Values There are three ways to define your WEP key values: • Generate a key from a plain text password (or "pass key"). Enter the pass key in the Pass Key field, select the key you want to generate by clicking a radio button next to one of the Key #N fields, and then click the Generate button.
Page 102 6-22 WS5000 Series Switch System Reference Guide Table 6.9 describes the EAP authentication settings and Radius identification settings to be configured. Table 6.9 EAP Authentication Settings and Radius Identification Settings Setting Description Authentication Settings Pre-authentication When enabled, pre-authentication (or "fast-associate in advance") lets an access port send a mobile unit's authentication credentials (from a previous Radius authentication attempt) to the "next"...
Page 103 6-23 Configuring Policies Table 6.9 EAP Authentication Settings and Radius Identification Settings (Continued) Setting Description Max Retries If the reauthentication period is enabled, this value specifies the number of times the switch will try to re-authenticate an MU that doesn't respond to the "request identity"...
Page 104: Access Control Lists
6-24 WS5000 Series Switch System Reference Guide 6.2.2 Access Control Lists Use the switch Access Control List (ACL) to specify which mobile units can or cannot gain access to the WLAN. The ACL employs an adoption rule for allowing or denying specific mobile units by way of exception. By default, all mobile units can gain access.
Page 105: Creating An Access Control List
6-25 Configuring Policies 6.2.2.1 Creating an Access Control List To create an access control list: 1. From the main window, select Create > Access Port > Access Control List. The system launches the Access Control List Wizard. Figure 6.27 Creating an Access Control List—Naming the ACL (and Optionally, Choosing a Template) 2.
Page 106: Modifying An Access Control List
5. Click Finish to save the new Access Port Policy and exit the wizard. 6.2.2.2 Modifying an Access Control List To modify an existing Access Control List: 1. From the WS5000 Series Switch GUI main window, select Modify > Access Port > Access Control List. The system launches the Access Control List Manager.
Page 107: Wlans
6-27 Configuring Policies Figure 6.29 Modifying an Access Control List—Access Control List Manager 2. This panel lists all available Access Control Lists configured on the system. See Table 6.10 for more details on the controls within this panel to modify the ACL. 3.
Page 108: Creating A Wlan
6.2.3.1 Creating a WLAN To define a WLAN: 1. From the WS5000 Series Switch GUI main window, select Create > Access Port > WLAN. The system launches the WLAN Wizard. Figure 6.31 Creating a WLAN—Naming the WLAN (and Optionally, Choosing a Template) 2.
Page 109 6-29 Configuring Policies Table 6.11 Creating a WLAN—Configuring ESS ID, MU Associations, and WLAN Network Address Controls Configuration Components Description ESS ID Controls ESSID Use this text field (1 to 32 characters) to assign an Extended Service Set Identifier (ESSID) to the WLAN. Accept Any ESSID When unchecked, an MU trying to associate with the access port on the WLAN checkbox...
Page 110: Modifying A Wlan
6.2.3.2 Modifying a WLAN To modify an existing WLAN’s definition: 1. From the WS5000 Series Switch GUI main window, select Modify > Access Port > WLAN. The system launches the WLAN Manager. Figure 6.34 Modifying an Existing WLAN Definition—WLAN Manager...
Page 111 6-31 Configuring Policies 2. This panel lists all available WLANs configured on the system, as well as their settings. Table 6.12 describes the fields and options within this panel. Table 6.12 WLAN Manager Fields and Controls Field or Control Description Name Name of the selected WLAN.
Page 112: Ethernet Port Policies
The Ethernet Port Policy configures the switch’s Ethernet ports, and associates multiple WLANs with multiple LANs or VLANs. There are two Ethernet ports on WS5000 Series switches. By convention, port 1 (the left port) connects to the wireless LAN, and port 2 (the right port) connects to the wired LAN.
Page 113 6-33 Configuring Policies Figure 6.36 Creating an Ethernet Port Policy—Naming the Policy (and Optionally, Choosing a Template) 2. Enter a name and description for the new Ethernet Port Policy, then if desired, select Use an existing Ethernet Policy as a template. 3.
Page 114 6-34 WS5000 Series Switch System Reference Guide Figure 6.37 Creating an Ethernet Port Policy—Specifying VLAN Support 4. When done specifying a VLAN(s), click Next. A panel for associating WLANs to its NICs (or VLANs) is displayed (for trunk ports only).
Page 115: Modifying An Ethernet Port Policy
6.2.4.2 Modifying an Ethernet Port Policy To modify an existing Ethernet Port Policy: 1. From the WS5000 Series Switch GUI main window, select Modify > Ethernet > Existing Policy. The system launches the Ethernet Policy Manager. Figure 6.39 Modifying an Existing Ethernet Policy—Ethernet Policy Manager 2.
Page 116: Configuring Vlans
Modifying an Access Port Policy on page 6-41 6.2.5.1 Creating an Access Port Policy To create a new Access Port Policy: 1. From the WS5000 Series Switch GUI main window, select Create > Access Port > New Policy. The system launches the New Access Port Policy Wizard.
Page 117 6-37 Configuring Policies Figure 6.41 Creating an Access Port Policy—Naming the Policy (and Optionally, Choosing a Template) 2. Enter a name and description for the new Access port policy, then if desired, select Use an existing Access Port Policy as a template. 3.
Page 118 6-38 WS5000 Series Switch System Reference Guide Figure 6.43 Creating an Access Port Policy—Specifying Policy Definition for Specific AP Hardware Types There are seven AP hardware types: AP 100, AP 200a, AP 200b, AP 300a, AP 300g, and converted access points AP 302x (frequency-hopping) and AP 4131.
Page 119 6-39 Configuring Policies Table 6.14 WLAN Parameters, Per Hardware Type, within Access Port Policy Definition (Continued) Parameter Description WLAN Name This group provides a single BSS/ESS mapping, by default, for Frequency Hopping 302x (converted) Access Points. Use the radio buttons to select the WLAN that will support these devices.
Page 120 6-40 WS5000 Series Switch System Reference Guide Figure 6.45 Creating an Access Port Policy—Assigning a Network Policy for WLANs in the Access Policy A WLANs bandwidth is the guaranteed minimum amount of available network bandwidth reserved to be used by a specific WLAN.
Page 121: Modifying An Access Port Policy
10. Click Finish to save the new Access Port Policy and exit the wizard. 6.2.5.2 Modifying an Access Port Policy To modify an existing Access Port Policy: 1. From the WS5000 Series Switch GUI main window, select Modify > Access Port > Existing Policy. The system launches the Access Port Policy Manager.
Page 122 6-42 WS5000 Series Switch System Reference Guide Figure 6.47 Modifying an Existing Access Port Policy—Access Port Policy Manager 2. This panel lists all available Access Port Policies configured on the system. Table 6.16 describes the fields and options within this panel. To edit a policy, select the policy name in the left pane first.
Page 123: Setting The Country
6.2.7 Creating a Switch Policy To create a wireless switch policy: 1. From the WS5000 Series Switch GUI main window, click Create > Wireless Switch > New Policy. The system launches the Wireless Switch Policy Wizard. Figure 6.48 Creating a Wireless Switch Policy—Naming a Policy (and Optionally, Choosing a Template) 2.
Page 124 6-44 WS5000 Series Switch System Reference Guide Figure 6.49 Creating a Wireless Switch Policy—Configuring Settings Configure the Wireless Switch Policy settings per the descriptions in Table 6.17. Table 6.17 Wireless Switch Policy Settings Setting Description Switch Settings Country Select the appropriate country for the location of the wireless switch. The switch Once a country is specified, will not adopt Access Ports until the country is set.
Page 125 6-45 Configuring Policies Table 6.17 Wireless Switch Policy Settings (Continued) Setting Description AP Channel and Power Settings Channel Select a value from the Channel.11x field. The set of discreet channels available depends on the country of operation, and is further limited by the restricted channels declared in the Automatic Channel Settings panel.Special values include: •...
Page 126 6-46 WS5000 Series Switch System Reference Guide Figure 6.50 Creating a Wireless Switch Policy—Associating Access Port Policies 5. Select from among the Available Access Port Policies and click the >> button to move a Policy(s) to the Selected pane, and to apply it to the Wireless Switch Policy.
Page 127 6-47 Configuring Policies Figure 6.52 Creating a Wireless Switch Policy—Disallowed Adoption Lists 9. If desired, create an Access Port List that includes "disallowed" MAC address ranges. Only those APs that fall within the specified address range(s) are disallowed to be adopted. If you do not specify an allowed AP list, all APs are candidates for adoption.
Page 128: Defining/Activating An Emergency Switch Policy
6-48 WS5000 Series Switch System Reference Guide each of the radio types. 12. When done, click Next. A Wireless Switch Policy Created Successfully! message panel is displayed. 13. Click Finish to save the new Wireless Switch Policy and exit the wizard.
Page 129: Chapter 7. Configuring Rogue Ap Detection
Configuring Rogue AP Detection Rogue Access Ports are an area of concern with respect to LAN security. The term Rogue AP denotes an unauthorized access port connected to the production network or operating in a stand-alone mode (perhaps in a parking lot or in a neighbor’s building). Rogue APs are not under the management of network administrators and do not conform to any network security policies.
Page 130: Defining The Detection Method
WS5000 Series Switch System Reference Guide Figure 7.1 Rogue AP Detection Screen Add a selected AP to Select a row and click to view the the rule list details of the selected Rogue AP From the Rogue AP Detection field, select Enable to allow the switch to scan for rogue AP’s over the...
Page 131: Specifying Detector Aps
LAN (which you set up) to detect rogue APs. Note Only some devices have the capability of being a Detector AP, including Symbol AP100, AP200, and AP300 Access Ports. 4. Enter a time interval (in minutes) in the Scan Interval field for each enabled detection method.
Page 132: Configuring Rule Management
Authorize Any AP Having a Symbol Defined MAC Address box to indicate any Symbol AP (which has a known Symbol MAC address) is an approved AP. This is helpful for rendering all Symbol devices as approved without having to filter through the list of located addresses.
Page 133: Examining Approved And Rogue Access Ports
Configuring Rogue AP Detection 7.1.0.4 Examining Approved and Rogue Access Ports Use the AP List screen to display information about each AP (rogue or valid) known to the switch. All approved APs are listed in the upper table. All rogue APs are listed in the lower table. The AP List screen also allows the administrator to create detection rules from the information collected about approved or rogue APs.
Page 134: Viewing Details Of The Rogue Ap
WS5000 Series Switch System Reference Guide Each row of the AP List represents all unapproved and approved APs that the switch has located. The MAC and the ESSID for each AP are listed. Use this portion of the screen to change the age out time or to add a rule to the rule list for a particular AP: 1.
Page 135: Snmp Traps For Rogue Ap Events
(over the air, AP scanning, wire scanning or MU scanning). 7.1.0.7 Rogue AP Syslog Messages The WS5000 Series Switch logs a number of syslog events as rogue devices are encountered within the switch managed network. The messages and event scenarios include:...
Page 136 WS5000 Series Switch System Reference Guide For more information on configuring the WS5000 Series Switch to support the Syslog events described in this section, see Syslog Context on page 8-150.
Page 137: Chapter 8. Cli Command Reference
The default cli user is “cli”. The default username and password is admin and symbol, respectively. 8.1 CLI Overview Before you begin working with the WS5000 Series Switch CLI, review the following sections to gain some basic understandings of the CLI, in the following areas: •...
Page 138: About Contexts
WS5000 Series Switch System Reference Guide 8.1.1 About Contexts For a WS5000 Series Switch, CLI commands are invoked within “contexts.” Contexts are hierarchical in a manner similar to directories are hierachical in a traditional file system; in other words, contexts may contain other contexts.
Page 139: Cli Indexing
CLI Command Reference WS5000.(Cfg).wlan> .. ws5000.(Cfg)> To jump to the system context use exit WS5000.(Cfg).wlan> exit ws5000> Note You can’t go “up and over” when navigating the CLI—constructions such as “.. context” or “../context” do not work. 8.1.2 CLI Indexing You can use CLI indexing and navigate to a subcontext by typing the index number instead of the context name.
Page 140: About Instances
WS5000 Series Switch System Reference Guide Basic Rate for 11a : 6,12,24 Supported Rate for 11a : 9,18,36,48,54 Basic Rate for 11b : 1,2 Supported Rate for 11b : 5.5,11 Basic Rate for 11g : 1,2,5.5,11 Supported Rate for 11g...
Page 141: Common Commands
<Ctrl>-c Control 8.2 Common Commands Table 8.2 summarizes the commands common amongst many contexts and instance contexts within the WS5000 Series command line interface. Table 8.2 Common Commands Among Most Contexts Command Description Ref. .. or end Terminate a current session and moves up a context, hierarchically.
Page 142: Or Help
WS5000 Series Switch System Reference Guide For example, if you use the exit command in the ACL context, the prompt reverts to the System context prompt. Syntax exit Parameters None. Example WS5000.(Cfg).ACL> exit WS5000> 8.2.3 ? or help Common to all contexts and instances Retreives a list of commands supported given the context or instance.
Page 143: Clear
CLI Command Reference 8.2.5 clear Common to all contexts and instances Clear the screen of all running command input and output entries. Syntax clear Parameters None. Example WS5000> clear 8.2.6 emergencymode Common to all contexts and instances Enables or disables the “Emergency” Switch Policy (ESP), a switch policy that can activated (enabled) at any time in case of an emergency.
Page 144: Ping
WS5000 Series Switch System Reference Guide 8.2.8 ping System Context, Configuration (Cfg) Context, Host Context Sends ICMP ECHO_REQUEST packets to a network host. Syntax ping [-Rdfnqrv] [-c count] [-i wait] [-l preload] [-p pattern] [-s packetsize] <host/IP_address> Parameters -Rdfnqrv These optional flags are can be broken down as follows: •...
Page 145: System Context
CLI Command Reference 64 bytes from 10.1.1.101: icmp_seq=2 ttl=255 time=0.05 ms 64 bytes from 10.1.1.101: icmp_seq=3 ttl=255 time=0.052 ms --- WS5000 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.037/0.045/0.052 ms WS5000> 8.3 System Context Table 8.3 summarizes the commands within this context.
Page 146: Copy
8-10 WS5000 Series Switch System Reference Guide Note As a shortcut, “cfg” can be used instead of “configure”. Syntax configure Parameters None. Example WS5000> configure WS5000.(Cfg)> 8.3.2 copy System Context Copies a file from the WS5000 to a (T)FTP server, or vice versa. TFTP can be used to transfer *.sys.img...
Page 147: Delete
8-11 CLI Command Reference destination The destination of the file. Possible values are: • tftp • ftp • system • . • / • [protocol:]//<hostname or IP address> ftp_user FTP username. Default is ftpuser. mode FTP transfer mode, either ascii or binary. Default is binary. Example WS5000>...
Page 148: Description
8-12 WS5000 Series Switch System Reference Guide 8.3.4 description System Context Sets a description about the switch displayed with system information. Syntax description <description_text> Parameters description_text Enter a brief description of the Wireless Switch. Example WS5000> description “Rebooted 7-14-05” 8.3.5 directory System Context Lists the image and configuration files that are stored on the WS5000.
Page 149: Name
8-13 CLI Command Reference Parameters install_option One of: • primary – Configures the switch to act as Primary, and applies all settings specified in the <filename> command file (.sym). If the command file is not specified, install instead uses the default “command.sym” file, if present. If “command.sym” is also not present, install will not change anything.
Page 150: Save Configuration
8-14 WS5000 Series Switch System Reference Guide Parameters restore_option The type of restore to be invoked. image or configuration that you want to restore. One • system – Restores the system image and configuration from the specified file. • configuration – Restores the configuration from the specified file.
Page 151: Service
Places the user in a Service Mode (for which a new password is required also). This is a command line mode used mostly by Symbol technicians. For more details on working within Service Mode, refer to the WS5000 Series Switch Troubleshooting Guide. 8.3.11 show System Context Show the settings for the specified system component.
Page 152 8-16 WS5000 Series Switch System Reference Guide Table 8.4 show Command’s display_parameter Summary display_parameter Description Example show cg Displays Classification Group page 8-19 show channelinfo Displays channel no and country code details page 8-19 show chassis Displays Chassis details page 8-22...
Page 153 8-17 CLI Command Reference Table 8.4 show Command’s display_parameter Summary display_parameter Description Example show sysalerts Displays system alert logs (events) page 8-27 show syslog Displays Syslog details page 8-28 show system Displays system information page 8-28 show telnet Displays Telnet status page 8-28 show time Displays date and time information...
Page 154 8-18 WS5000 Series Switch System Reference Guide WS5000> show accessports available Access Ports Radio MAC Device MAC Type Status ------------ --------- ---------- ---- ------ 00:A0:F8:A2:26:66 [B] 00:A0:F8:A2:26:66 00:A0:F8:A2:26:66 B Active 00:A0:F8:BC:E8:37 [A] 00:A0:F8:BC:D3:F0 00:A0:F8:BC:E8:37 A Reset 00:A0:F8:BC:E8:37 [G] 00:A0:F8:BF:95:B4 00:A0:F8:BC:E8:37...
Page 155 8-19 CLI Command Reference MU Idle Timeout value : 1800 seconds Active Switch Policy : Default Wireless Switch Policy Emergency Switch Policy : Not defined Switch Uptime : 00d:19h:40m Global RF stats : false # of Unassigned Access Ports : 0 CLI AutoInstall Status : Enabled WS5000>...
Page 156 8-20 WS5000 Series Switch System Reference Guide Croatia B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: Cyprus B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,10 Czech Republic B Ch: 1-13 G Ch: 1-13...
Page 157 8-21 CLI Command Reference Netherlands B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,10 New Zealand B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,10 Norway B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,10 Oman B Ch: 1-13...
Page 158 8-22 WS5000 Series Switch System Reference Guide WS5000> show chassis Description Curr Value Max Value Min Value Notify Value ----------- ---------- --------- --------- ------------ CPU Temperature 42 C 48 C 40 C System Temperature 37 C 40 C 36 C...
Page 159 8-23 CLI Command Reference 26 MU status [disassociated] Enabled Enabled Disabled 27 MU EAP auth failed Enabled Enabled Disabled 28 MU EAP auth success Enabled Enabled Disabled 29 MU Kerberos auth failed Enabled Enabled Disabled 30 MU Kerberos auth success Enabled Enabled Disabled...
Page 160 8-24 WS5000 Series Switch System Reference Guide show arp (Cfg) Sun Jul 17 14:30:49 2005 show arp (Cfg) Sun Jul 17 14:30:42 2005 WS5000 Sun Jul 17 14:30:34 2005 show arp WS5000 Sun Jul 17 14:30:31 2005 WS5000> show https Web based configuration (Applet) access by : https WS5000>...
Page 161 8-25 CLI Command Reference WS5000> show mu # of MUs: 1 MU : MU_0 ESSID: 111 Type MAC Address IP Address WLAN ---- ----------- ---------- ---- Data 00:A0:F8:5D:85:6F 10.1.1.108 WLAN_NE RF Status Auth.Status Auth.Method Enc.Method Broadcast Enc.Method --------- ----------- ----------- ---------- -------------------- Associated Authenticated...
Page 162 8-26 WS5000 Series Switch System Reference Guide ------ ------------ ---- ----- ------- Primary Not defined 1812 Secondary Not defined 1812 WS5000.(Cfg)> show rfstats Must provide AP index or AP name Syntax:show rfstats <radioname|radioindex> {<radioname>|<radioindex>} where: <radioname|radioindex> {<radioname>|<radioindex>} : adopted Radioname or Radioindex.
Page 163 8-27 CLI Command Reference WS5000> show ssh SSH configurations details: --------------------------- SSH Status : Enabled Version : V2 Port : 22 Session inactivity timeout : 0 (Disabled) WS5000> show standby Standby Management: StandBy mode : Primary Standby Status : Disable State : Startup Failover Reason...
Page 164 8-28 WS5000 Series Switch System Reference Guide [04/29/2004][11:54:25] Mobile Unit (MU_1) with MAC address 00:A0:F8:BB:41:39 was disassociated. [Reason Code 4] [04/29/2004][11:01:16] Mobile Unit (00:A0:F8:BB:41:39) was associated to Access Port "00:A0:F8:A2:91:7C [B]". WS5000> show syslog Syslog Status: Disable (Syslog Deamon is not running).
Page 165 : Disabled VPN Server Serial Number Status Query Serial number 151-34-13-254-68 WS5000> show wlan WLAN Name ESSID Security Policy --------- ----- --------------- Symbol Default Default Secure Access secure Kerberos Default Private Access private WEP128 Default Public Access public Default WS5000.(Cfg)> show wsrfstats...
Page 166 8-30 WS5000 Series Switch System Reference Guide -------------------------------------------------------------------------------- 00:A0:F8:BC:B4:40 Unavailable Disable -------------------------------------------------------------------------------- 00:A0:F8:BC:A5:F8 Unavailable Disable -------------------------------------------------------------------------------- 00:A0:F8:60:C9:80 Unavailable Disable -------------------------------------------------------------------------------- 00:A0:F8:60:BE:E6 Unavailable Disable ================================================================================ Total for WS: WS5000.(Cfg)> show wtls WTLS Settings: Server number: Security mode: : defaultSecurity Wanted FIPS mode:...
Page 167: Configuration (Cfg) Context
8-31 CLI Command Reference 8.4 Configuration (Cfg) Context The Configuration context is where detailed configurations for the switch and network can be accessed, as well as configured. Also, in order to get to any uniquely defined policies for the switch, you must first access the Configuration context.
Page 168 8-32 WS5000 Series Switch System Reference Guide Table 8.5 Configuration Context Commands (Continued) Command Description Ref. name Set or change the name. page 8-43 Configure a Network Policy. page 8-43 ping Ping a network host/IP address page 8-8 Configure a Policy Object.
Page 169: Accessport
8-33 CLI Command Reference 8.4.1 accessport Configuration (Cfg) Context Display the current access ports being managed by the switch. Also, the context is changed to the Access Port (APort) Context. See page 8-90 for more details. Note As a shortcut, “aport” can be used instead of “accessport”. Syntax accessport Parameters...
Page 170: Appolicy
8-34 WS5000 Series Switch System Reference Guide 8.4.3 appolicy Configuration (Cfg) Context Display the currently available access port policies for the switch. Also, the context is changed to the Access Port Policy (APPolicy) Context. See page 8-101 for more details.
Page 171: Chassis
8-35 CLI Command Reference 8.4.5 cg Configuration (Cfg) Context Display the currently available classifiers for the switch. Also, the context is changed to the Classification Group (CG) Context. See page 8-120 for more details. Syntax Parameters None. Example WS5000.(Cfg)> cg Classification Group information...
Page 172: Date
8-36 WS5000 Series Switch System Reference Guide • *.sym • *.krb (FTP only) IMPORTANT! DO NOT USE THIS COMMAND FOR FILES LARGER THAN 32MB. Syntax For TFTP: copy <source> <destination> For FTP: copy <source> <destination> [ -u <ftp_user> ] [ -m <ftp_mode> ]...
Page 173: Delete
8-37 CLI Command Reference Syntax date [time_format] [time_zone] Parameters time_format The time to be set, in one of the following formats: • yyyymmddhhmm[.ss] • yymmddhhmm[.ss] • mmddhhmm[.ss] • ddhhmm[.ss] • hhmm[.ss] time_zone Valid range is -12:00 to +13:00 [+/-](HH:MM), where 0.00 is Greenwich Mean Time. Note timezone that the ‘+’...
Page 174: Description
8-38 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg)> directory Date & Time Bytes File Name Jan 25 15:11 15155 WS5000Defaults_v1.4.1.0-003D.cfg Jan 25 15:35 18819400 WS5000_v1.4.1.0-003D.sys.img Jan 25 14:05 6517 cmd_template.sym WS5000.(Cfg)> delete WS5000Defaults_v1.4.1.0-003D.cfg 8.4.10 description Configuration (Cfg) Context. Sets a description to the policy of the item in the selection.
Page 175: Ethernet
8-39 CLI Command Reference 8.4.12 ethernet Configuration (Cfg) Context Display the currently available ethernet ports for the switch. Also, the context is changed to the Ethernet Port Context. See page 8-134 for more details. Syntax ethernet Parameters None. Example WS5000.(Cfg)> ethernet Available EtherPorts are: Ethernet 1 Ethernet 2...
Page 176 8-40 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg)> events Num Events Local Log SNMP Trap Syslog Severity --- ------ --------- --------- --------------- 1 License number change Enabled Disabled Disabled 2 Clock change Enabled Disabled Disabled 3 Packet discard [wrong NIC]...
Page 177: Ftp
8-41 CLI Command Reference 60 CPU/SYS Temp Notification Enabled Enabled Disabled 61 Access Changed Notification Enabled Disabled Disabled 62 Radio power is reduced [TPC] Enabled Disabled Disabled 63 Radar is detected [DFS] Enabled Disabled Disabled 64 Channel selected to avoid radar [DFS] Enabled Disabled Disabled...
Page 178: Install
8-42 WS5000 Series Switch System Reference Guide 8.4.17 install Configuration (Cfg) Context Configures the switch’s failover role as Primary or Standby, and applies all settings specified in the command file (.sym). Alternatively, this command is used to update Kerberos principles from a specified Kerberos file (.krb), without reset.
Page 179: Name
8-43 CLI Command Reference WS5000.(Cfg).KDC> 8.4.19 name Configuration (Cfg) Context Use the name command to change the system name. Syntax name <system_name> Parameters system_name The new name of the switch. Example WS5000.(Cfg)> name MiamiWS5000 Configuring name... Status : Success. MiamiWS5000.(Cfg)> 8.4.20 np Configuration (Cfg) Context Display the currently available network policies on the switch.
Page 180: Radius
8-44 WS5000 Series Switch System Reference Guide Syntax Parameters None. Example WS5000.(Cfg)> po Policy Object information..Available Policies (PO): 1. NetVision Priority for RF. 2. NetVision Packet Marking for Ethernet. 3. New Input Policy. 4. New Output Policy. WS5000.(Cfg).PO> 8.4.22 radius Configuration (Cfg) Context Display the Radius authentication status on the switch.
Page 181: Restore
8-45 CLI Command Reference None. Example WS5000.(Cfg)> reset This command will reset the system. Are you sure (yes/no) : y System shutdown may take a few mins..Shutting down snmpd agent..done. Shutting down apache server...done. Shutting down cell controller..done. Shutting down database main thread...done. Rebooting the switch...
Page 182: Runacs
8-46 WS5000 Series Switch System Reference Guide Do you want to continue (yes/no) Restoring configuration from siteconfig.cfg Restoring Wireless Network Management Configuration ... This may take a few mins ... Restoring configuration from siteconfig.cfg Software Ver. : 1.4.1.0-003D Starting the Wireless Switch 5000 ...
Page 183: Securitypolicy
8-47 CLI Command Reference Saving running configuration in: WS5000_config_2-10-05.cfg Saving wireless network management configuration... Configuration saved successfully. WS5000.(Cfg)> directory Date & Time Bytes File Name Jan 25 15:11 15155 WS5000Defaults_v1.4.1.0-003D.cfg 04:44 15487 WS5000_config_2-10-05.cfg Jan 25 15:35 18819400 WS5000_v1.4.1.0-003D.sys.img Jan 25 14:05 6517 cmd_template.sym...
Page 184: Set Emergencypolicy
8-48 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg)> set daylight 1 Setting Daylight saving... Status: Success. System clock: 03:14:29 AM Date Thu Feb 10 2005 Time Zone (GMT -08:00) Pacific Time (US & Canada); Tijuana Daylight Saving: USA WS5000.(Cfg)>...
Page 185: Set Licensekey
WS5000.(Cfg)> 8.4.30 set licensekey Configuration (Cfg) Context Sets the license key for the switch. The license key, issued by Symbol, is used to determine the number of APs and MUs that the switch is able to support. Syntax set licensekey <licensekey>...
Page 186: Set Logout
8-50 WS5000 Series Switch System Reference Guide Serial Number : 00A0F8658C10 Number of Licenses : 48 Max Access Ports : 48 Max Mobile Clients : 4096 Active Switch Policy : Default Wireless Switch Policy Emergency Switch Policy : EmerPolicy2-10 Switch Uptime...
Page 187: Set Switchpolicy
: WS5000 Description : WS5000 Wireless Network Switch Location : San Francisco Software Ver. : 1.4.1.0-003D Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F8658C10 Number of Licenses : 48 Max Access Ports...
Page 188: Set Time
8-52 WS5000 Series Switch System Reference Guide 1. 00:A0:F8:6E:4A:7A [G]. 2. 00:A0:F8:BB:B3:6D [G]. WS5000.(Cfg)> 8.4.35 set time Configuration (Cfg) Context Sets the system time and date based on the specified parameters. Syntax set time [time_format] [time_zone] Parameters time_format The time to be set, in one of the following formats: •...
Page 189: Show
8-53 CLI Command Reference System clock: 01:52:52 AM Date Fri Feb 11 2005 Time Zone (GMT -08:00) Pacific Time (US & Canada); Tijuana WS5000.(Cfg)> WS5000.(Cfg)> set zone -12:00 Setting the time zone... Status: Success. System clock: 01:53:09 AM Date Fri Feb 11 2005 Time Zone (GMT -12:00) Eniwetok, Kwajalein WS5000.(Cfg)>...
Page 190: Shutdown
8-54 WS5000 Series Switch System Reference Guide show kdc Display KDC details show knownap Display known APs in the neighborhood. show mu Display MU details (list) show np Display Network Policy information show ntpservers Display NTP Server information show po...
Page 191: Snmp
8-55 CLI Command Reference 8.4.39 snmp Configuration (Cfg) Context Display the SNMP settings currently applied to the switch. Also, the context is changed to the SNMP Context. See page 8-192 for more details. Syntax snmp Parameters None. Example WS5000.(Cfg)> snmp SNMP details: ------------- SNMP (deamon) Status...
Page 192: Standby
8-56 WS5000 Series Switch System Reference Guide Parameters None. Example WS5000.(Cfg)> ssl Web based configuration (Applet) access by : https WS5000.(Cfg).SSL> 8.4.42 standby Configuration (Cfg) Context Display the standby (failover) management settings currently applied to the switch. Also, the context is...
Page 193: Telnet
8-57 CLI Command Reference Syntax switchpolicy Parameters None. Example WS5000.(Cfg)> switchpolicy Active Switch Policy name: Default Wireless Switch Policy Available Switch Policies: 1. Default Wireless Switch Policy. 2. EmerPolicy2-10. WS5000.(Cfg).SPolicy> 8.4.44 telnet Configuration (Cfg) Context Display the telnet accessibility settings currently defined on the switch. Also, the context is changed to the Telnet Context.
Page 194: Wlan
8-58 WS5000 Series Switch System Reference Guide 8.4.46 wlan Display the WLAN settings currently defined on the switch. Also, the context is changed to the WLAN Context. See page 8-230 for more details. Syntax wlan Parameters None. Example WS5000.(Cfg)> wlan...
Page 195: Aaa Context
8-59 CLI Command Reference 8.5 AAA Context The AAA context enables you to configure the onboard Radius server and user database. Table 8.6 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 196: Client
8-60 WS5000 Series Switch System Reference Guide TimeoutVal retryVal Example WS5000.(Cfg).AAA> acct 156.5.0.0 10 3 4 8.5.2 client AAA Context Configures client parameters. Syntax client Parameters None Example WS5000.(Cfg).AAA> acct 156.5.0.0 10 3 4WS5000.(Cfg).AAA> client Client information Available Client Servers: 1.
Page 197: Enable
To configure LDAP parameters, use the ldap command. Syntax Ldap Parameters None Example WS5000.(Cfg).AAA> ldap LDAP information LDAP Server IP 157.235.205.4 LDAP Server Port LDAP Bind DN cn=Manager,o=symbol,c=India LDAP Base DN o=symbol,c=India LDAP Password Attribute userPassword LDAP Login Attribute (uid=%{Stripped-User-Name:-%{User-Name} LDAP Group Membership Filter (|(&(objectClass=GroupOfNames)(member=%...
Page 198: Policy
8-62 WS5000 Series Switch System Reference Guide {Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) LDAP Password secret LDAP Group Name Attribute LDAP Group Membership Attribute radiusGroupName 8.5.7 3. policy AAA Context To configure acceess policy for a group, use the policy command. Syntax policy Parameters None Example WS5000.(Cfg).AAA>...
Page 199: Set
8-63 CLI Command Reference Example WS5000.(Cfg).AAA> save Configuring AAA server... Status : Success. AAA database update status: ----------------------------- AAA Server Status Disabled Database Type local 8.5.10 3. set AAA Context To configure the AAA Server database type, use the set command. Syntax set dbtype <value>...
Page 200: Userdb
8-64 WS5000 Series Switch System Reference Guide Table 8.7 Show Commands Command Description show proxy Display Proxy or details of a specific Proxy show aaa-server Display AAA information 8.5.12 3. userdb AAA Context To configure a user database for the AAA server, use the userdb command.
Page 201: Aaa Client Context
8-65 CLI Command Reference 8.6 AAA Client Context Table 8.8 shows the AAA client context commands. Table 8.8 AAA Client Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye Close this session...
Page 202: Remove
8-66 WS5000 Series Switch System Reference Guide 8.6.2 3. remove AAA Client Context To remove a client from the WS5000 Series Switch, use the remove command. Syntax remove <client_name> [CR] Parameters Client_name—Name of AAA client Example WS5000.(Cfg).AAA.Client> remove new Removing Client...
Page 203: Aaa Eap Context
8-67 CLI Command Reference 8.7 AAA EAP Context Table 8.9 shows the AAA EAP context commands. Table 8.9 AAA EAP Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye Close this session...
Page 204: Set
8-68 WS5000 Series Switch System Reference Guide PEAP Configurations ----------------------------- PEAP Type mschapv2 WS5000.(Cfg).AAA.EAP.PEAP> 8.7.3 3. set AAA EAP Context To set the EAP type and private key password, use the set command. This can be a table : Eaptype...
Page 205: Aaa Ldap Context
8-69 CLI Command Reference 8.8 AAA LDAP Context Table 8.10 shows the AAA LDAP context commands. Table 8.10 AAA LDAP Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye Close this session...
Page 206: Show
8-70 WS5000 Series Switch System Reference Guide parameter_value—Value for the LDAP server parameter. config_parameter: can be chosen from above table Example WS5000.(Cfg).AAA.LDAP> set ip 1.1.1.1 Configuring LDAP Server...Success. LDAP information LDAP Server IP 1.1.1.1 LDAP Server Port LDAP Bind DN...
Page 207: Aaa Policy Context
8-71 CLI Command Reference 8.9 AAA Policy Context AAA Policy Context shows the AAA policy context commands. Table 8.12 AAA Policy Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye...
Page 208: Set
8-72 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).AAA.Policy> remove ws5k NewWlan Configuring Policies.. Status : Success. Warning: Please commit these changes using Save command in AAA context. WS5000.(Cfg).AAA.Policy> show policies ws5k Policy information Available Policies for this group: WLAN Policies: 1.
Page 209: Show
8-73 CLI Command Reference Warning: Please commit these changes using Save command in AAA context. WS5000.(Cfg).AAA.Policy> set time ws5k 1000 2200 Adding Access Policy... Status: Success. Warning: Please commit these changes using Save command in AAA context. 8.9.4 3. show AAA Policy Context To view access policies attached to a group, use the show command.
Page 210: Aaa Proxy Context
8-74 WS5000 Series Switch System Reference Guide 8.10 AAA Proxy Context Table 8.10 shows the AAA proxy context commands. Table 8.13 AAA Proxy Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context.
Page 211: Enable
8-75 CLI Command Reference Available Proxy Servers: 1. NewProxy. Warning: Please commit these changes using Save command in AAA context. 2.remove Use remove to remove a Proxy from the system. Syntax: remove <proxyname> [CR] Example WS5000.(Cfg).AAA.Proxy> remove NewProxy Removing Proxy... Status: Success.
Page 212 8-76 WS5000 Series Switch System Reference Guide show Display context specific attributes show proxy Display Proxy or details of a specific Proxy show config-proxy Display details of Proxy Example WS5000.(Cfg).AAA.Proxy> show config-proxy Proxy information ----------------- Retry Count Retry Delay 6 (seconds) WS5000.(Cfg).AAA.Proxy>...
Page 213: Aaa User Database Context
8-77 CLI Command Reference 8.11 AAA User Database Context Table 8.14 shows the AAA user database context commands. Table 8.14 AAA User Database Context Commands Commands Description .. or end Go back to the previous context. exit Go back to root context. ? or help To get the command information logout or bye...
Page 214: Aaa User Database Group Context
8-78 WS5000 Series Switch System Reference Guide 8.12 AAA User Database Group Context The AAA user database group context contains commands to add, remove, and configure Radius user groups. This section describes the commands in the AAA user database group context.
Page 215: Group
8-79 CLI Command Reference 8.12.2 3. group AAA User Database Group Context Use group to select group to configure. Syntax group <group_name> Example WS5000.(Cfg).AAA.userdb.Group> group ws5k Group information Available Policies for this group: WLAN Policies: 1. xyz. StartTime Policy 1000 EndTime Policy 2200 Days Policy...
Page 216: Aaa User Database User Context
8-80 WS5000 Series Switch System Reference Guide 8.13 AAA User Database User Context The AAA user database user context contains commands to add or remove a new user, add ore remove a new group and to configure the user database.
Page 217: Adduser
8-81 CLI Command Reference 8.13.2 3. adduser AAA User Database User Context Use adduser to add a user to a group Syntax adduser <user> <group> Example WS5000.(Cfg).AAA.userdb.User> adduser new ws5k Configuring Userdb... Status : Success. Warning: Please commit these changes using Save command in AAA context. 8.13.3 3.
Page 218: Show
8-82 WS5000 Series Switch System Reference Guide Syntax set passwd <username> [CR] Example WS5000.(Cfg).AAA.userdb.User> set passwd abc Enter New Password : ****** Re-Enter New Password : ****** Configuring Userdb... Status : Success. Warning: Please commit these changes using Save command in AAA context.
Page 219: Access Control List (Acl) Context
8-83 CLI Command Reference 8.14 Access Control List (ACL) Context An Access Control List is a set of rules that governs the adoption of mobile units. Each rule contains a MAC address or MAC address range, and an allow or deny declaration deeming whether the device can have associations with access ports or not.
Page 220: Acl
8-84 WS5000 Series Switch System Reference Guide ACL Name : New ACL Default action on ACL items : allow MAC address (range) Rule ------------------- ---- 00:A0:F8:6E:4A:7A allow WS5000.(Cfg).ACL.[New ACL]> 8.14.2 add Access Control List (ACL) Context Adds a new ACL and then changes the context to the named ACL instance context.
Page 221: Show
8-85 CLI Command Reference Status: Success. Available ACLs: 1. 2-10ACL. WS5000.(Cfg).ACL> 8.14.4 show Access Control List (ACL) Context Display all defined ACLs within the switch. Syntax show Parameters None. Example WS5000.(Cfg).ACL> show Available ACLs: 1. 2-10ACL. WS5000.(Cfg).ACL>...
Page 222: Acl Instance Context
8-86 WS5000 Series Switch System Reference Guide 8.15 ACL Instance Context Table 8.17 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.17 ACL Instance Context Command Summary...
Page 223: Set Name
8-87 CLI Command Reference name, addItem, remItem, editItem, and set defaultAction for more details. Syntax set <set_operation> [applicable_parameters] 8.15.2.1 set name ACL Instance Context Renames an ACL, while displaying the MAC addresses included with the ACL. Similar command to the name command.
Page 224: Set Edititem
8-88 WS5000 Series Switch System Reference Guide 8.15.2.4 set editItem ACL Instance Context Edits an MU in the ACL list. Syntax set editItem <oldStartMac> <newStartMac> <allow | deny> | newEndMAC > Parameters oldStartMac Redefines an existing ACL entry. You can switch between...
Page 225 8-89 CLI Command Reference Default action on ACL items : allow MAC address (range) Rule ------------------- ---- WS5000.(Cfg).ACL.[oldACL]>...
Page 226: Access Port (Aport) Context
8-90 WS5000 Series Switch System Reference Guide 8.16 Access Port (APort) Context The Access Port context lets you name the RF devices (the radios in the Access Ports and converted Access Points) that exist on your WLAN. You can create Access Port instances by hand through the command, or enable them to be created as Access Ports are discovered and adopted by the switch.
Page 227: Port
8-91 CLI Command Reference a_MAC, b_MAC, g_MAC For dual-radio APs, you must supply the MAC of (at least) the AP’s “first” radio. The MAC of the second radio is optional. The a_name, b_name, and g_name arguments refer to the 802.11x radio types. name, a_name, b_name, Unique names that you give to the Access Port and/or its radios.
Page 228: Remove
8-92 WS5000 Series Switch System Reference Guide Note The system never needs to automatically assign a name to an 802.11g or a frequency-hopping (FH) radio since you’re compelled to supply names for these radios when you add their Access Port instances.
Page 229: Show
8-93 CLI Command Reference Syntax remove <name> Parameters name Removes the port with the given name. Example 8.16.4 show Access Port (APort) Context Shows the Access Port configuration values. Syntax show show interfaces show channelInfo Parameters (none) Display a list of Access Port instances. interfaces Display a list of Access Port instances and lists the available Ethernet ports.
Page 230 8-94 WS5000 Series Switch System Reference Guide ------------ ---- ---------------------------- Argentina B Ch: 1-11 G Ch: 1-11 FH Ch: 2-80 A Ch: 149,153,157,161 Australia B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,149,153,11 Austria B Ch: 1-13...
Page 231: Access Port Instance
8-95 CLI Command Reference 8.17 Access Port Instance To drop into an Access Port instance, use the < > command from within the context. port name APort Table 8.19 summarizes the commands within this context.Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 232: Reset
8-96 WS5000 Series Switch System Reference Guide Syntax name <AP_name> Parameters AP_name Name defined for the Access Port. Example WS5000.(Cfg).APort.[ap_name]> name New_AP_name WS5000.(Cfg).APort.[New_AP_name]> 8.17.3 reset Access Port Instance Resets the Access Port or its radio, depending on the parameter value.
Page 233 8-97 CLI Command Reference Table 8.20 Access Port Instance “Set” Command Summary (Continued) Set Command Description AP Models Syntax channel Access Port transmit channel. Possible values are: All except: set channel <value> • <channel#> – Specific channel number • AP 3020 •...
Page 234 8-98 WS5000 Series Switch System Reference Guide Table 8.20 Access Port Instance “Set” Command Summary (Continued) Set Command Description AP Models Syntax statistics Enable/disable Access Port information gathering. set statistics <enable_flag> When enabled, the Access Port reports throughput in packets-per-second, as well as the amount of time that it has been adopted by the switch.
Page 235: Show
8-99 CLI Command Reference Current Tx Channel Policy Attached : appol1 Tx Power : 20 dBm1 Current Tx Power : 20 dBm Location NIC Connected : Ethernet 1 VLAN id : None VLAN Tags seen : None CCA Mode CCA Threshold : 10 Diversity : Full...
Page 236 8-100 WS5000 Series Switch System Reference Guide Tx Packets/second Antenna : unknown Indoor/Outdoor : in Antenna Correction MU Power Adjustment All Channels : 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, Valid Power Range : 4-20 WS5000.(Cfg).APort.[00:A0:F8:A2:91:7C [B]]...
Page 237: Access Port Policy (Appolicy) Context
8-101 CLI Command Reference 8.18 Access Port Policy (APPolicy) Context An Access Port Policy configures a physical Access Port by defining attributes such as beacon interval, RTS threshold, the set of supported data rates, and so on. The APPolicy is also responsible for adding WLANs to the Access Port, and for attaching a Security Policy, Access Control List, and Network Policy (or packet filter) to each AP.
Page 238: Policy
8-102 WS5000 Series Switch System Reference Guide Access Port Policy details for "newpolicy": Policy Name : newpolicy Description Basic Rate for 11a : 6,12,24 Supported Rate for 11a : 9,18,36,48,54 Basic Rate for 11b : 1,2 Supported Rate for 11b : 5.5,11...
Page 239: Remove
8-103 CLI Command Reference WLAN details for the Access Port policy 'appol1' WLAN Name Network Policy --------- -------------- WLAN_NE WS5000.(Cfg).APPolicy.[appol1]> 8.18.3 remove Access Port Policy (APPolicy) Context Removes the named Access Port policy. Syntax remove <name> Parameters name The name of the Access Port policy that’s to be removed. Example WS5000.(Cfg).APPolicy>...
Page 240: Access Port Policy Instance
8-104 WS5000 Series Switch System Reference Guide 8.19 Access Port Policy Instance Table 8.22 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.22 Access Port Policy Instance Context Command Summary...
Page 241: Description
8-105 CLI Command Reference WLAN details for the Access Port policy 'NY_APpolicy' WLAN Name Network Policy --------- -------------- WLAN_NE WS5000.(Cfg).APPolicy.[NY_APpolicy]> 8.19.2 description Access Port Policy Instance Configures a b rief description for the Access Port Policy instance Syntax description <description_text> Parameters description_text Brief description of the Access Port Policy instance.
Page 242: Name
8-106 WS5000 Series Switch System Reference Guide Some explanation is necessary, as follows. There are six Access Port device/radio types: AP 100, AP 200a, AP 200b, AP 300(a/g), AP 302x, AP 4121, and AP 4131. These hardware types are grouped by the number of BSSs and ESSs that they support.
Page 243: Remove
8-107 CLI Command Reference Configuring name... Status : Success. WS5000.(Cfg).APPolicy.[NY_APPolicy]> 8.19.5 remove Access Port Policy Instance Remove an AP Policy instance. Syntax remove <APPolicy_name> Parameters APPolicy_name Name of the AP Policy to be removed. Example WS5000.(Cfg).APPolicy> remove "New Access Port Policy" Removing Access Port Policy...
Page 244: Set
8-108 WS5000 Series Switch System Reference Guide DTIM Period : 10 Beacon Interval : 100 Allow MUs w/o Spectrum Mgmt : false WLAN details for the Access Port policy 'NY_APpolicy' WLAN Name Network Policy --------- -------------- WLAN_NE WS5000.(Cfg).APPolicy.[NY_APpolicy]> 8.19.7 set Access Port Policy Instance Sets various configurations related to the Access Port Policy instance.
Page 245 8-109 CLI Command Reference 8.19.7.1 set basicRates Access Port Policy Instance Sets the basic frequency rates for a given 802.11 radio type. Syntax set basicRates <radioType> <rates ...> Parameters radioType One of A, B, G, or FH (frequency hopping). Radio values are: •...
Page 246: Set Dtim
8-110 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).APPolicy.[NY_APPolicy]> set beacon 125 Configuring a Access Port Policy... Status: Success. Access Port Policy details for "NY_APPolicy": Policy Name : NY_APPolicy Description Basic Rate for 11a : 6,12,24 Supported Rate for 11a...
Page 247: Set Preamble
8-111 CLI Command Reference Parameters name The name of the Network Policy. wlan_name The name of the WLAN. 8.19.7.6 set preamble Access Port Policy Instance Sets the length of the preamble (either ) that’s added to the packets that are sent by Access short long Ports that adopt this policy.
Page 248: Set Supportedrates
8-112 WS5000 Series Switch System Reference Guide 8.19.7.8 set supportedRates Access Port Policy Instance Sets the radio frequiencies that are supported by the device. Note Same as set basicRates (set on page 8-108). Syntax set supportedRates <radioType> <rates ...> Parameters...
Page 249: Access Port Map Context
8-113 CLI Command Reference 8.20 Access Port Map Context See the command for an introduction to the Map context, a context where mapping of WLANs to different Table radio types is configured. The four Map contexts and the radios that use each mapping are shown in 8.23.
Page 250: Select
8-114 WS5000 Series Switch System Reference Guide Table 8.24 Access Port Map Context Command Summary (Continued) Command Description BSS Map (AP Type) Ref. set bw Set the guaranteed bandwidth that is assigned to a 1BSS-to-16ESS page 8-115 (AP200a) WLAN. 4BSS-to-16ESS...
Page 251: Set Bss
8-115 CLI Command Reference 8.20.2 set bss Access Port Map Context Assigns a BSS index ID to a WLAN. The WLAN must already be part of the Access Port Policy that owns this Map. Note This command applies only to: 4BSS-to-16ESS (AP200b, AP300, AP4121) Syntax set bss <bss_index>...
Page 252: Set Primarywlan
8-116 WS5000 Series Switch System Reference Guide Status: Success. 4BSS-16BSS mapping (used for AP200 11b radio, AP300 and AP4121): WLAN Name Primary BW(%) --------- ------- ----- WLAN_NE 20.00% Total BandWidth: 20.00% WS5000.(Cfg).APPolicy.[NY_APpolicy].Map.[4BSS-16ESS]> 8.20.4 set primaryWLAN Access Port Map Context Sets the Primary WLAN for this map.
Page 253: Show
8-117 CLI Command Reference WLAN_NE Total BandWidth: 0.00% WS5000.(Cfg).APPolicy.[NY_APpolicy].Map.[4BSS-4ESS]> 8.20.6 show Access Port Map Context Syntax show Parameters None. Example WS5000.(Cfg).APPolicy.[NY_APPolicy].Map.[4BSS-4ESS]> show 4BSS-4ESS mapping (used for AP100): WLAN Name Selected BW(%) --------- -------- ----- WLAN_NE 5.00% Total BandWidth: 5.00% WS5000.(Cfg).APPolicy.[NY_APPolicy].Map.[4BSS-4ESS]>...
Page 254: Chassis Context
8-118 WS5000 Series Switch System Reference Guide 8.21 Chassis Context Display and manage CPU and system temperature. Table 8.25 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section..
Page 255: Show
8-119 CLI Command Reference CPU Temperature 42 C 48 C 40 C System Temperature 38 C 40 C 36 C 30 C System Fan (rpm) 8437 8653 8437 None CPU Fan (rpm) 23275 675000 5000 None WS5000.(Cfg).Chassis> set notify cpu-temperature 40 Configuring notify temperature...
Page 256: Classification Group (Cg) Context
8-120 WS5000 Series Switch System Reference Guide 8.22 Classification Group (CG) Context A Classification Group (CG) is a collection of classifiers that evaluate network packets as they are sent to or received from wireless devices (in Layer 2/layer 3 filters) and wired devices in firewall filters. The CG collects classifiers and specifies what the classifier should do after it evaluates a packet.
Page 257: Remove
8-121 CLI Command Reference Available Classification Groups: 1. NetVision_VoIP_In. 2. NetVision_VoIP_Out. 3. New Classification Group. 4. voip_in_cg. Classification Group information... Classification Group Name : voip_in_cg CG Description No of classifiers for this CG WS5000.(Cfg).CG.[voip_in_cg]> 8.22.2 cg Classification Group (CG) Context Changes the prompt to the context for a Classification Group instance.
Page 258: Show
8-122 WS5000 Series Switch System Reference Guide Available Classification Groups: 1. NetVision_VoIP_In. 2. NetVision_VoIP_Out. 3. voip_in_cg. WS5000.(Cfg).CG> 8.22.4 show Classification Group (CG) Context Display information about a system component or named context instance. Syntax show show ce Parameters None. Example WS5000.(Cfg).CG>...
Page 259: Classification Group Instance
8-123 CLI Command Reference 8.23 Classification Group Instance When you drop into a Classification Group instance, the CG’s set of Classifiers and associated actions are displayed. Table 8.27 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 260: Name
8-124 WS5000 Series Switch System Reference Guide 8.23.2 name Classification Group Instance Rename a Classification Group Instance. Syntax name <new_name> Parameters new_name New Name that the current Classification Group will be renamed. Example WS5000.(Cfg).CG.[new_CG]> name anotherName Configuring name... Status : Success.
Page 261 8-125 CLI Command Reference WS5000.(Cfg).CG.[voip_in_cg]> show ce Classifier information... Available Classifiers (CE): 1. Ex HTTP Traffic. 2. Ex Telnet Traffic. 3. RTP_Data. 4. Spectra_Link_Phone. 5. VoIP_Call_Setup_In. 6. VoIP_Call_Setup_Out. 7. VoIP_Ext_Services_Out. 8. VoIP_Ext_Services_In. 9. VoIP_RAS_In. 10. VoIP_RAS_Out. 11. New HTTP Traffic Classifier. WS5000.(Cfg).CG.[voip_in_cg]>...
Page 262: Show
8-126 WS5000 Series Switch System Reference Guide Syntax show Parameters None. Example WS5000.(Cfg).CG.[CG_name]> show Classification Group information... Classification Group Name : anotherName CG Description : This is a VOIP Group No of classifiers for this CG WS5000.(Cfg).CG.[CG_name]>...
Page 263: Classifier Context (Ce)
8-127 CLI Command Reference 8.24 Classifier Context (CE) A Classifier is a predicate that tests various aspects of a network packet: Source and destination IP, transport protocol, and so on. A packet will either “pass” or “fail” the predicate. The action that is taken when a packet passes or fails a Classifier isn’t included in the Classifier definition—that is the job (primarily) of a Classification Group.
Page 264: Remove
8-128 WS5000 Series Switch System Reference Guide Available Classifiers (CE): 1. Ex HTTP Traffic. 2. Ex Telnet Traffic. 3. RTP_Data. 4. Spectra_Link_Phone. 5. VoIP_Call_Setup_In. 6. VoIP_Call_Setup_Out. 7. VoIP_Ext_Services_Out. 8. VoIP_Ext_Services_In. 9. VoIP_RAS_In. 10. VoIP_RAS_Out. 11. New HTTP Traffic Classifier. 12. HTTP_ce.
Page 265 8-129 CLI Command Reference Syntax show Parameters None. Example...
Page 266: Classifier Instance
8-130 WS5000 Series Switch System Reference Guide 8.25 Classifier Instance A Classifier instance contains a collection of “matching criteria” (MC). Each MC consists of a network packet attribute and the value to which the attribute is compared. As packets arrive from or are sent to the wireless network, they’re evaluated by the Classifier.
Page 267 8-131 CLI Command Reference Parameters MACsource <MAC_address> The MAC address of the device that sent the packet. The value is a MAC address in the usual form. MACdestination <dest_MAC_address> The MAC address of the device to which the packet is being sent. The value is a MAC address in the usual form.
Page 268: Removemc
8-132 WS5000 Series Switch System Reference Guide 1. 172.39.80.2 IP Mask: 255.255.255.0 WS5000.(Cfg).CE.[HTTP_ce]> 8.25.2 removeMC Classifier Instance Removes the matching criterion for the named criteria. Syntax removeMC <parameters> Parameters See parameters described in addMC command on page 8-130. Example WS5000.(Cfg).CE.[HTTP_ce]> removemc IPsource Removing Matching Criteria...
Page 269: Show
8-133 CLI Command Reference Matching Criteria details for 'Source IP' : (MC Offset: 7) Matching Criteria details for 'Destination IP' : (MC Offset: 8) Matching Criteria details for 'Source Port' : (MC Offset: 9) 1. 7001. 2. 7001-7010. WS5000.(Cfg).CE.[HTTP_ce]> 8.25.4 show Classifier Instance Shows details for this Classifier instance.
Page 270: Ethernet Port Context
8-134 WS5000 Series Switch System Reference Guide 8.26 Ethernet Port Context There are two Ethernet ports on WS5000 Series switches. • Port 1 connects (by convention) to the wired LAN. • Port 2 connects to the wireless LAN. Table 8.30 summarizes the commands within this context.
Page 271: Show
8-135 CLI Command Reference Network Mask : 255.255.255.0 Domain Name : domain1 Port type (trunk/non-trunk) : Non-Trunk VLAN Tags seen : None Up-Time : 12d:03h:54m Transmit packets : 4260726 Received packets : 4959514 Gateway : 111.222.111.254 DNS servers 1. 111.222.111.100. WS5000.(Cfg).Ethernet.[1]>...
Page 272: Ethernet Port Instance
8-136 WS5000 Series Switch System Reference Guide 8.27 Ethernet Port Instance There are two Ethernet Port instances, one for each of the WS5000’s NICs. The instances are identified by number: 1 or 2. By convention, the WLAN is connected to the switch through NIC 1, and NIC 2 connects the switch to the wired network.
Page 273: Set
8-137 CLI Command Reference Configuring IP address of Ethernet 1... Status: Success. Name : Ethernet 1 Network Interface Card # Description : Ethernet Adapter MAC Address : 00:A0:F8:65:94:B8 Status : Enable Online : Yes Configured Mode : auto Negotiated Mode - Duplex : Full Negotiated Mode - Speed : 100...
Page 274 8-138 WS5000 Series Switch System Reference Guide attribute Description nonTrunk Sets the port to be non-trunked. trunk <primary_vLanID> Sets the port to be a trunked. vLanId Sets the primary VLAN ID. The port automatically becomes trunked. clearVlanTags Clears the VLAN tag register.
Page 275: Show
8-139 CLI Command Reference 8.27.3 show Ethernet Port Instance Display Ethernet Port instance information. Syntax show show interfaces Parameters (none) Display a list of Ethernet port instances. interfaces Shows adopted Access Port info and lists the switch’s Ethernet ports Example WS5000.(Cfg).Ethernet.[1]>...
Page 276: Ethernet Policy (Etherpolicy) Context
WS5000 Series Switch System Reference Guide 8.28 Ethernet Policy (EtherPolicy) Context EThernet policies are used by the WS5000 Series switch to configure a VLAN ID to an Ethernet port. Table 8.32 summarizes the commands within this context. Common commands between multiple contexts are...
Page 277: Policy
8-141 CLI Command Reference WS5000.(Cfg).EtherPolicy.[LabEtherPolicy]> 8.28.2 policy Ethernet Policy (EtherPolicy) Context Changes the prompt to the context of the named Ethernet policy instance. Syntax policy <name> Parameters name Selects the Ethernet policy. Example WS5000.(Cfg).EtherPolicy> policy LabEtherPolicy Ether Policy Name : LabEtherPolicy Description Rest of Network on : Ethernet 2...
Page 278 8-142 WS5000 Series Switch System Reference Guide Syntax show Parameters None. Example WS5000.(Cfg).EtherPolicy> show Available EtherPolicies are: 1. Default Ethernet Policy. 2. New Ethernet Port Policy. 3. eth1. WS5000.(Cfg).EtherPolicy>...
Page 279: Ethernet Policy Instance
8-143 CLI Command Reference 8.29 Ethernet Policy Instance An Ethernet policy instance configures the two Ethernet ports to support the LAN and the WLAN, and creates and maps VLANs to the two ports. Table 8.33 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 280: Remove
8-144 WS5000 Series Switch System Reference Guide LAN2 --> Ethernet: 2 VLAN 200 --> Ethernet: 1 Interface Priority # of WLANs Ethernet Policy --------- -------- ---------- --------------- VLAN 200 Ethernet 1 LabEtherPolicy WS5000.(Cfg).EtherPolicy.[LabEtherPolicy].Vlan.[200]> 8.29.2 remove Ethernet Policy Instance Removes a VLAN from this Ethernet Policy instance.
Page 281: Show
8-145 CLI Command Reference VLANs mapped are: LAN2 --> Ethernet: 2 WS5000.(Cfg).EtherPolicy.[LabEtherPolicy]> set ronnic 1 Ether Policy Name : LabEtherPolicy Description Rest of Network on : Ethernet 1 VLANs mapped are: LAN2 --> Ethernet: 2 WS5000.(Cfg).EtherPolicy.[LabEtherPolicy]> description “Created 3-8-05” Ether Policy Name : LabEtherPolicy Description : Created 3-8-05...
Page 282 8-146 WS5000 Series Switch System Reference Guide Ether Policy Name : LabEtherPolicy Description Rest of Network on : Ethernet 2 VLANs mapped are: LAN2 --> Ethernet: 2 VLAN 200 --> Ethernet: 1 Interface Priority # of WLANs Ethernet Policy ---------...
Page 283: Event Context
8-147 CLI Command Reference 8.30 Event Context The Event context provides a place to configure notifications and severities of system events. Table 8.34 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 284: Syslog
8-148 WS5000 Series Switch System Reference Guide default This form of the command resets all events to their factory defaults. 8.30.2 syslog Event Context Changes the prompt to the Syslog Context. See page 8-150 for more details. 8.30.3 show Event Context Display available system events, and notification settings in terms of the following logging: •...
Page 285 8-149 CLI Command Reference 27 MU EAP auth failed Enabled Enabled Disabled 28 MU EAP auth success Enabled Enabled Disabled 29 MU Kerberos auth failed Enabled Enabled Disabled 30 MU Kerberos auth success Enabled Enabled Disabled 31 MU TKIP [decrypt failure] Enabled Enabled Disabled...
Page 286: Syslog Context
8-150 WS5000 Series Switch System Reference Guide 8.31 Syslog Context The Syslog context is a subcontext of Event. The commands in the Syslog context let you configure and control the remote event logging service. The remote service sends system logging information to a remote host, which must have a message logging daemon running.
Page 287: Local
8-151 CLI Command Reference domain Optional domain name of the remote host. Example WS5000.(Cfg).Event.Syslog> add SFhost 111.222.111.32 domain1 Adding Host... Status: Success. Host Name IP Address Domain --------- ---------- ------ SFhost 111.222.111.32 domain1 WS5000.(Cfg).Event.Syslog> 8.31.2 local Syslog Context Stores the debug logs locally and maintains a ring buffer of debug logs. To save the logs to a file use the command: save local <filename>...
Page 288: Remove
8-152 WS5000 Series Switch System Reference Guide 8.31.4 remove Syslog Context Remove a Syslog host. Syntax remove <name> Parameters name The name of the Syslog host, as assigned in the command. Example WS5000.(Cfg).Host> show Host Name IP Address Domain ---------...
Page 289 8-153 CLI Command Reference set: Set syslog host severity level values. Syntax: set <host_name> <severity_level> <enable/disable> [CR] severity_level: emerg Enable or disable Severity level Emergency. alert Enable or disable Severity level Alert. crit Enable or disable Severity level Critical. Enable or disable Severity level Error. warning Enable or disable Severity level Warning.
Page 290: Show
8-154 WS5000 Series Switch System Reference Guide 8.31.6 show Syslog Context Display information about the Syslog service. Syntax show Parameters None. Example WS5000.(Cfg).Event.Syslog> show Syslog Status: Enable (Syslog Deamon is Running). Host emerg alert crit warning notice info debug ----...
Page 291: Stop
8-155 CLI Command Reference Syslog Status: Enable (Syslog Deamon is Running). Host emerg alert crit warning notice info debug ---- ----- ----- ---- ------- ------ ---- ----- SFhost WS5000.(Cfg).Event.Syslog> 8.31.8 stop Syslog Context Stops the Syslog service. Syntax stop Parameters None.
Page 292: Ftp Context
8-156 WS5000 Series Switch System Reference Guide 8.32 FTP Context Table 8.29 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.36 FTP Context Command Summary Command Description Ref.
Page 293: Show
8-157 CLI Command Reference None. Example WS5000.(Cfg).FTP> disable Disabling... Status : Success. FTP Status: Disabled. WS5000.(Cfg).FTP> 8.32.3 show FTP Context Display the state of the FTP server. Syntax show Parameters None. Example WS5000.(Cfg).FTP> show FTP Status: Active. WS5000.(Cfg).FTP>...
Page 294: Host Context
8-158 WS5000 Series Switch System Reference Guide 8.33 Host Context The Host context collects the various hosts that are declared in other contexts. Table 8.37 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 295: Host
8-159 CLI Command Reference 8.33.2 host Host Context Changes the prompt to the context of a specified Host instance context. Syntax edit <host> Parameters host The name of the host that you want to edit. Example WS5000.(Cfg).Host> host NYhost Host Name IP Address Domain ---------...
Page 296: Host Instance
8-160 WS5000 Series Switch System Reference Guide 8.34 Host Instance The Host instance context lets you modify an entry in the host list. Table 8.38 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section.
Page 297: Show
System Name : WS5000 Description : WS5000 Wireless Network Switch Location Software Ver. : 1.4.1.0-003D Licensed to : Symbol Technologies Copyright : Copyright (c) 2000-2005. All rights reserved. Serial Number : 00A0F86594B8 Number of Licenses : 48 Max Access Ports...
Page 298: Kdc Context
8-162 WS5000 Series Switch System Reference Guide 8.35 KDC Context KDC Context The KDC context provides configuration options to configure the switch-resident Kerberos Key Distribution Center (KDC) as a Master or Slave. Table 8.29 summarizes the commands within this context. Common commands between multiple contexts are...
Page 299: Remove Slave Kdc
8-163 CLI Command Reference Example WS5000.(Cfg).KDC> add slavekdc slaveKDC_NY 111.222.111.30 NYdomain1 Adding slave KDC..Status: Success. The system is configured as MASTER KDC. Kerberos Realm : realm1 Interface : ethernet1 User count (Active + deleted) Active users (MUs and WLANs) Slave KDCs IP Address Domain...
Page 300: Remove Mu
8-164 WS5000 Series Switch System Reference Guide ticket_life Ticket life duration, in minutes. Example WS5000.(Cfg).KDC> add mu 489-45-5672 3 Enter password for the mu "489-45-5672" : *** Confirm password for mu "489-45-5672" : *** Adding mu '489-45-5672' to the KDC.
Page 301: Ntpserver
8-165 CLI Command Reference ERROR: Command 'dir' not found in KDC context. WS5000.(Cfg).KDC> .. WS5000.(Cfg)> dir Date & Time Bytes File Name 21:33 1068 KerberosErrorLog.txt Jan 25 15:11 15155 WS5000Defaults_v1.4.0.0-026R.cfg Apr 23 16:18 18821897 WS5000_v1.4.1.0-003D.sys.img Feb 10 17:31 6517 cmd_template.sym 21:33 2105 kdcTracks.krb...
Page 302: Set Clear
8-166 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).KDC> set access cli enable Configuring KDC access restriction for cli..Status : Success. Configuration Access restriction details: Telnet access (CLI) : Disable. System access via SNMP : Enable. KDC configuration over remote console : Enable.
Page 303: Set Ntpserver
8-167 CLI Command Reference 8.35.10 set ntpServer KDC Context Sets one of the three NTP servers for this switch. Syntax set ntpServer <ntp_number> <ntp_ip> Parameters ntp_number The index of the NTP server that you’re setting. Either , or ntp_number ntp_ip IP address of the NTP server that’s assigned as server # Example WS5000.(Cfg).KDC>...
Page 304: Synchronize
8-168 WS5000 Series Switch System Reference Guide None. Example WS5000.(Cfg).KDC> show The system is configured as MASTER KDC. Kerberos Realm : realm1 Interface : ethernet1 User count (Active + deleted) Active users (MUs and WLANs) Slave KDCs IP Address Domain...
Page 305: Network Policy (Np) Context
8-169 CLI Command Reference 8.36 Network Policy (NP) Context A Network Policy is a collection of packet filters that you can use to implement various Quality of Service requirements. Each Network Policy contains an inbound Policy Object and an outbound Policy Object. The inbound policy filters packets that are sent from wireless devices to the WS5000.
Page 306: Remove
8-170 WS5000 Series Switch System Reference Guide Network Policy Name : NY_ntwk_SwitchPolicy Policy Description Outbound Policy Object name Inbound Policy Object name WS5000.(Cfg).NP.[NY_ntwk_SwitchPolicy]> 8.36.2 np Network Policy (NP) Context Changes the prompt to the context of a specific Network Policy instance.
Page 307: Show
8-171 CLI Command Reference Network Policy information Available Network Policies: 1. Default Network Policy. 2. NetVision_VoIP_Priority. 3. NY_ntwk_SwitchPolicy. WS5000.(Cfg).NP> 8.36.4 show Network Policy (NP) Context Shows Network Policy details. Syntax show Display context specific attributes show ce Display Classifiers show cg Display Classification Group show np Display Network Policy information...
Page 308: Network Policy Instance
8-172 WS5000 Series Switch System Reference Guide 8.37 Network Policy Instance Table 8.29 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.41 Network Policy Instance Context Command Summary...
Page 309: Show
8-173 CLI Command Reference inboundpolicy Assign Input Policy Object. outboundpolicy Assign Output Policy Object. ERROR: Command 'set' cancelled due to invalid or unrecognized parameter. WS5000.(Cfg).NP.[NY_NetworkPolicy]> WS5000.(Cfg).NP.[NY_NetworkPolicy]> show po Policy Object information..Available Policies (PO): 1. NetVision Priority for RF. 2. NetVision Packet Marking for Ethernet. 3.
Page 310: Policy Object (Po) Context
8-174 WS5000 Series Switch System Reference Guide 8.38 Policy Object (PO) Context Table 8.29 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.42 Policy Object Context Command Summary...
Page 311: Remove
8-175 CLI Command Reference Available Policies (PO): 1. NetVision Priority for RF. 2. NetVision Packet Marking for Ethernet. 3. New Input Policy. 4. New Output Policy. 5. Inbound. Policy Object information..Network Policy Name : Inbound Description Type : Inbound Access Port Default action : Allow No of CG Associated with the Policy Object: 0...
Page 312: Show
8-176 WS5000 Series Switch System Reference Guide 8.38.4 show Policy Object (PO) Context Shows Policy Object details. Syntax show Display context specific attributes show ce Display Classifiers show cg Display Classification Group show np Display Network Policy information show po...
Page 313: Policy Object Instance
8-177 CLI Command Reference 8.39 Policy Object Instance Table 8.43 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.43 Policy Object Instance Context Command Summary Command Description Ref.
Page 314: Show
8-178 WS5000 Series Switch System Reference Guide attribute Description Syntax priority set tos <bits> <cg_name> Sets the ToS packet marking bits for packets marked with the named Classification Group. The bits value is the packet marking/ToS given as a 6-bit bit-field.
Page 315 8-179 CLI Command Reference Syntax show Display context specific attributes show ce Display Classifiers show cg Display Classification Group show np Display Network Policy information show po Display Policy Object information Parameters None. Example WS5000.(Cfg).PO.[Inbound]> show Policy Object information..Network Policy Name : Inbound Description Type...
Page 316: Radius Context
8-180 WS5000 Series Switch System Reference Guide 8.40 Radius Context The Radius context enables you to specify an external Radius server for authenticating network users (Web, Telnet, and SSH) and local user through the serial port. Table 8.44 summarizes the commands within this context. Common commands between multiple contexts are...
Page 317: Set Secondary
8-181 CLI Command Reference Parameters attribute value Description host name | IP [port] [timeout] [retry] Identifies the Radius server by name or IP address. The other three attributes can be set here, as well port 0 - 65535 Sets the port number of the Radius server. retry 1 - 10 Specifies the number of times a Mobile Unit can try to authenticate itself...
Page 318 8-182 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).Radius> show Radius authentication status: ----------------------------- Network users (Web, Telnet, etc.) : Enable Local users (via serial port) : Enable Authenticate locally if Radius server refuses access : Enable Server Host Name/IP...
Page 319: Security Policy Context
8-183 CLI Command Reference 8.41 Security Policy Context Table 8.45 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.45 Security Policy Context Command Summary Command Description Ref.
Page 320: Policy
8-184 WS5000 Series Switch System Reference Guide EAP PreAuthentication : Enabled Opportunistic PMK Caching : Enabled Encryption Open KeyGuard-MCM TKIP AES CCMP ---------- ---- ------------ ---- -------- Status: Enable Disable Disable Disable Disable Authentication Pre-Shared Kerberos 802.1x,EAP with Radius --------------...
Page 321: Show
8-185 CLI Command Reference Parameters name The name of the new Security Policy. Example WS5000.(Cfg).SecurityPolicy> remove NewKerberosPolicy Removing Security Policy... Status: Success. Available Security Policies: 1. Kerberos Default. 2. Default. 3. WEP40 Default. 4. WEP128 Default. 5. New WEP Security Policy. WS5000.(Cfg).SecurityPolicy>...
Page 322: Security Policy Instance
• Open – No encryption; any unsecured Mobile Unit is allowed to associate with the system unless the adoption list specifically excludes it. • KeyGuard encryption for TKIP (Temporal Key Integrity Protocol) – This mode is only supported by Symbol mobile devices. KeyGuard requires a 128-bit WEP key.
Page 323: Set
• kerberos • eap You can enter multiple authetication values in the CLI with a space between each value. Note The WS5000 Series Switch does not work with the combination of wep40 encryption and kerberos authentication. Pre-Shared Key (PSK) Settings presharedKey Sets the PSK key in either ASCII or Hexidecimal format.
Page 324 8-188 WS5000 Series Switch System Reference Guide attribute Description Syntax wepKey Sets the WEP key string for the given key index. Valid set wepKey <key_index> <key string> key_index values are [1, 4]. The key_string argument must be enclosed in quotation marks.
Page 325 8-189 CLI Command Reference set wepkey set activewepkey set kerberos set eap set radius set groupkeyupdate set presharedkey set preauthentication set opppmkcaching ERROR: Command 'set' cancelled due to invalid or unrecognized parameter. WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set wepkey Enter the WEP Key number or keyword 'string' to generate the Keys. Enter 'default' to set the WEP Keys to default values.
Page 326 8-190 WS5000 Series Switch System Reference Guide WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set eap quietperiod Enter the value for EAP quietperiod. Syntax: set eap quietperiod <period: 1-99> [CR] Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set eap txperiod Enter the value for EAP txperiod.
Page 327: Show
8-191 CLI Command Reference WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set preauthentication Enter 'enable' or disable' Syntax: set preauthentication <enable/disable> [CR] Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SecurityPolicy.[New WEP Security Policy]> set opppmkcaching Enter 'enable' or disable' Syntax: set opppmkcaching <enable/disable> [CR] Incomplete command...
Page 328: Snmp Context
8-192 WS5000 Series Switch System Reference Guide 8.43 SNMP Context The SNMP context provides commands that configure the SNMP system and that control the activity of the SNMP daemon. Table 8.47 summarizes the commands within this context. Common commands between multiple contexts are...
Page 329: Disable
8-193 CLI Command Reference SNMP Traps : Disabled WS5000.(Cfg).SNMP> 8.43.2 disable SNMP Context Stops the SNMP daemon. Syntax disable Parameters None. Syntax WS5000.(Cfg).SNMP> disable Disabling... Status : Success. SNMP details: ------------- SNMP (deamon) Status : Disabled SNMP Traps : Disabled WS5000.(Cfg).SNMP>...
Page 330: Set Kdcconfig
8-194 WS5000 Series Switch System Reference Guide WS5000.(Cfg).SNMP> remove ro client_ip is required parameter Syntax: remove ro <client_ip> Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SNMP> remove rw client_ip is required parameter Syntax: remove rw <client_ip> Incomplete command... use '?' for help..exiting...
Page 331: Set Traphost
8-195 CLI Command Reference Parameters enable Enable or disable SNMP traps, as appropriate. Possible values are: • enable • disable Example WS5000.(Cfg).SNMP> set snmptrap Enter enable or disable. Syntax: set snmptrap <enable/disable> [CR] Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SNMP>...
Page 332: Set Client
8-196 WS5000 Series Switch System Reference Guide 1. domain1 172.34.55.67 WS5000.(Cfg).SNMP> 8.43.7 set client Set SNMP client. Example WS5000.(Cfg).SNMP> set client rw 172.34.35.67 sfusers Configuring SNMP client... Status : Success. State Port IP Address Community Name ----- ---- ---------- -------------- 1.
Page 333 8-197 CLI Command Reference SNMP (deamon) Status : Enabled SNMP Traps : Enabled WS5000.(Cfg).SNMP> show traphosts CommunityName Port IP Address ------------- ---- ---------- 1. domain1 172.34.55.67 WS5000.(Cfg).SNMP>...
Page 334: Ssh (Secure Shell) Context
The SSH context lets you configure the WS5000’s Secure Shell daemon. Note Do not change the SSH port number because this can create conflicts with other applications runnning in the WS5000 Series Switch. Table 8.29 summarizes the commands within this context. Common commands between multiple contexts are...
Page 335: Show
8-199 CLI Command Reference 8.44.2 show SSH (Secure Shell) Context Display connection configuration and session information. Syntax show <attribute> <value> Parameters (none) Display SSH configuration and session information. telnet Display telnet configuration and session information. See 8.50 Telnet Context on page Display SSH configuration and session information.
Page 336: Ssl (Secure Socket Layer) Context
8.45 SSL (Secure Socket Layer) Context The SSL context defines the protocol (http or https) that a client needs to access the WS5000 Series Switch applet, or graphical user interface. With SSL enabled, the applet can only be accessed through the (secure) https protocol;...
Page 337: Revert Certificate
8-201 CLI Command Reference Syntax disable Parameters None. Example WS5000.(Cfg).SSL> disable 8.45.3 revert certificate SSL (Secure Socket Layer) Context Tells the Web server to use the currently installed authentication certificate. You use this command after uploading a new certificate. Until the certificate is reverted, clients will not be able to establish new connections to the applet.
Page 338: Standby Context
8-202 WS5000 Series Switch System Reference Guide 8.46 Standby Context The Standby context lets you configure the failover system (aka “Standby” or “warm Standby”). You need two switches to implement the failover system: The “Primary” switch handles all network traffic; the Standby switch takes over if the Primary switch goes down.
Page 339: Enable
8-203 CLI Command Reference 8.46.1 enable Standby Context Adds the switch to the Standby system. Syntax enable Parameters None. Example WS5000.(Cfg).standby> enable 8.46.2 disable Standby Context Removes the switch from the Standby system. Syntax disable Parameters None. Example WS5000.(Cfg).standby> disable 8.46.3 set autorevert Standby Context Enables or disables the automatic reversion feature.
Page 340: Set Ardelay
8-204 WS5000 Series Switch System Reference Guide 8.46.4 set arDelay Standby Context Enables or disables the (sending of the) heartbeat on a particular NIC by setting an auto-revert delay, in minutes. Note You must call disable before calling this command.
Page 341: Set Mode
8-205 CLI Command Reference Parameters port Either the MAC address of the port, or auto for automatic discovery. The local NIC through which the heartbeat is sent. Either Example WS5000.(Cfg).standby> set mac auto 1 8.46.7 set mode Standby Context Set the mode that the switch should be running in (that is primary, standby, etc.). The mode command is used for three things: •...
Page 342 8-206 WS5000 Series Switch System Reference Guide Standby Management: StandBy mode : Primary Standby Status : Disable State : Startup Failover Reason Standby Connectivity status : Not Connected Standby AutoRevert Mode : Disable Standby AutoRevert Delay : 15 Minutes Interface (Ethernet) 1...
Page 343: Switch Policy (Spolicy) Context
8-207 CLI Command Reference 8.47 Switch Policy (SPolicy) Context A Switch Policy acts as a container for all the other policies. Although you can define any number of Switch Policies, only one of them can be active at a time. The WS5000 lets you designate an “Emergency Switch Policy”...
Page 344: Policy
8-208 WS5000 Series Switch System Reference Guide Active Switch Policy name: Default Wireless Switch Policy Available Switch Policies: 1. Default Wireless Switch Policy. 2. EmerPolicy2-10. 3. new_policy. Switch Policy details --------------------- Policy Name : new_policy Description Country : US Channel for .11a : Auto (once) Channel for .11b...
Page 345: Remove
8-209 CLI Command Reference Include Adoption List details : List is Empty. Exclude Adoption List details : List is Empty. Default Adoption action for .11a : Adopt .11a with APPolicy appol1 Default Adoption action for .11b : Adopt .11b with APPolicy appol1 Default Adoption action for FH : Deny.
Page 346 8-210 WS5000 Series Switch System Reference Guide Parameters component Description none Display information about this Switch Policy instance. channelInfo Display a list of country codes and the channels each country supports. interfaces Display a list of Access Port instances and lists the available Ethernet ports.
Page 347 8-211 CLI Command Reference A Ch: 36,40,44,48,52,56,60,64,149,153,11 Austria B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: 36,40,44,48,52,56,60,64,100,104,10 Bahrain B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: Belarus B Ch: 1-13 G Ch: 1-13 FH Ch: 2-80 A Ch: Belgium B Ch: 1-13...
Page 348: Switch Policy Instance
8-212 WS5000 Series Switch System Reference Guide 8.48 Switch Policy Instance Table 8.52 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.52 Switch Policy Instance Context Command Summary...
Page 349: Name
8-213 CLI Command Reference Channel for .11a : Auto (once) Channel for .11b : Auto (once) Channel for .11g : Auto (once) Power Level for .11a : 20 dBm Power Level for .11b : 20 dBm Power Level for .11g : 20 dBm Active EtherPolicy Name : Default Ethernet Policy...
Page 350: Restrictedchannel
8-214 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).SPolicy.[Default Wireless Switch Policy]> name newname Configuring name... Status : Success. WS5000.(Cfg).SPolicy.[newname]> 8.48.4 restrictedchannel Switch Policy Instance Changes the prompt to the Restricted Channel context, where channels that cannot be chosen by Automatic Channel Selection for a particular radio type can be specified.
Page 351: Set
8-215 CLI Command Reference Parameters radio The radio type that this list applies to. Valid values are: A, B, G, or FH (case-insensitive). For exclude, ALL is also a valid value. start_MAC, end_MAC Identifies the access ports that are part of this list entry. If end_MAC is excluded, the entry consists of the AP identified by start_MAC;...
Page 352: Show
8-216 WS5000 Series Switch System Reference Guide attribute and value Description dsCoexistence <enable_flag> Frequence hopping/direct sequence (FH/DS) coexistence. With coexistence enabled, the access port divides the frequency spectrum such that FH devices use one portion, and DS devices use the other. Possible values are: enable or disable.
Page 353 8-217 CLI Command Reference # of APPolicies attached List of APPolicies attached 1. Default Access Port Policy. Include Adoption List details : List is Empty. Exclude Adoption List details : List is Empty. Default Adoption action for .11a : Adopt .11a with APPolicy Default Access Porty Default Adoption action for .11b : Adopt .11b with APPolicy Default Access Porty Default Adoption action for FH : Adopt FH with APPolicy Default Access Port Py...
Page 354: Restricted Channel Instance
8-218 WS5000 Series Switch System Reference Guide 8.49 Restricted Channel Instance Restricted Channel is a subcontext of a Switch Policy instance. There are three Restricted Channel instances, one for each of the three 802.11x radio types. You drop into an...
Page 355: Remove
8-219 CLI Command Reference 8.49.2 remove Restricted Channel Instance Remove a channel from the list of restricted channels, thus making it available for use during Automatic Channel Selection. Syntax remove <channel_num> Parameters channel_num The channel that you want to “unrestrict”. The set of valid channel numbers depends on the country setting and radio type.
Page 356: Telnet Context
8-220 WS5000 Series Switch System Reference Guide 8.50 Telnet Context You can use telnet to access the CLI and/or to configure the on-board KDC. The Telnet context provides commands to configure (enable or disable) telnet access. Table 8.54 summarizes the commands within this context. Common commands between multiple contexts are...
Page 357: Disable
8-221 CLI Command Reference 8.50.2 disable Telnet Context Disable the port/service on the switch to enable Telnet configuration via the CLI. Syntax disable Parameters None. Example WS5000.(Cfg).Telnet> disable WARNING: This will disable all remote (CLI) access to the switch. Do you want to continue (yes/no)? : n WS5000.(Cfg).Telnet>...
Page 358: Show
8-222 WS5000 Series Switch System Reference Guide 8.50.4 show Telnet Context Display Telnet-related details based on the attribute used with the command. Syntax show show <attribute> Parameters attribute Description (none) Display statistics about the current telnet session. configAccess Display the permissibility of configuring the system and the KDC through telnet and SNMP.
Page 359: User Context
8-223 CLI Command Reference 8.51 User Context The user context is where users privileges are specified for particular users of the system. Users are added, removed, and configured via the User Context. Privileges that a specific user can have are categorized as follows: •...
Page 360: Add
8-224 WS5000 Series Switch System Reference Guide 8.51.1 add User Context Adds a new user to the switch. You are prompted to provide and then confirm the new user’s password. Syntax add <user_name> Parameters user_name The name (login) of the new user. The name can be 6 to 20 characters long.
Page 361: User
8-225 CLI Command Reference 2. techsupport. WS5000.(Cfg).User> 8.51.3 user User Context Select a user to configure and drop into specified user instance context. Syntax user <user_name> Parameters user_name The user name of the user to be configured. Example WS5000.(Cfg).User> user admin User information User Name : admin...
Page 362 8-226 WS5000 Series Switch System Reference Guide Policy Administration : true SNMP Administration : true Security Administration : true System Administration : true WS5000.(Cfg).User>...
Page 363: User Instance
8-227 CLI Command Reference 8.52 User Instance Table 8.56 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.56 User Instance Context Command Summary Command Description Ref. ..
Page 364: Allow
8-228 WS5000 Series Switch System Reference Guide 8.52.1 allow User Instance Sets the list of subsystems that you can configure. Syntax allow <subsystem1> [<subsystem2>] [...] Parameters subsystemN The subsystem that you can configure with one or more of the following possible values: •...
Page 365: Show
8-229 CLI Command Reference Syntax password Parameters None. Example WS5000.(Cfg).User.[admin]> password Creating the Event list... Enter new password : ****** Confirm new password : ****** Changing user password... done. WS5000.(Cfg).User.[admin]> 8.52.4 show User Instance Show the details of the user instance. Syntax show Parameters...
Page 366: Wlan Context
8-230 WS5000 Series Switch System Reference Guide 8.53 WLAN Context Table 8.57 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.57 WLAN Context Command Summary Command Description Ref.
Page 367: Add
The name to be given to the WLAN (instance). Example WS5000.(Cfg).WLAN> add EastCoastWLAN 124 Adding WLAN... Status: Success. WLAN Name ESSID Security Policy --------- ----- --------------- Symbol Default Default Symbol Default Default Private Access private WEP128 Default Public Access public Default WLAN_NE...
Page 368: Show
8-232 WS5000 Series Switch System Reference Guide 8.53.3 show WLAN Context Display summary details about all available WLAN instances, or specific details about a WLAN instance if the instance is called out as a parameter. Syntax show show [WLAN_name] Parameters WLAN_name When a WLAN_name is indicated, details about that WLAN instance is shown.
Page 369 8-233 CLI Command Reference Parameters name The name of the WLAN instance. Example WS5000.(Cfg).WLAN> wlan "Secure Access" WLAN details... Name : Secure Access ESSID # : secure Description : Default WLAN Security Policy : Kerberos Default WLAN Auth. Status : Not-Authenticated ACL Status : Disabled ACL Attached...
Page 370: Wlan Instance
8-234 WS5000 Series Switch System Reference Guide 8.54 WLAN Instance Table 8.58 summarizes the commands within this context. Common commands between multiple contexts are described in further detail in the Common Commands section. Table 8.58 WLAN Instance Context Command Summary...
Page 371: Name
: MU to MU Allow Maximum MUs allowed : 4096 Current MUs Default Route : 0.0.0.0 Network Mask : 0.0.0.0 WS5000.(Cfg).WLAN.[Symbol Default]> 8.54.2 name WLAN Instance Changes the name of the WLAN instance. Syntax name <new_name> Parameters new_name The new name of the WLAN instance.
Page 372: Show
8-236 WS5000 Series Switch System Reference Guide attribute <value> Description mutraffic <allow_flag> Specifies what to do with mobile unit traffic passed through the switch. Possible values are: allow, disallow, drop. name <new_name> Sets the name of the WLAN instance. security <security_policy_name>...
Page 373 Use this table to determine the correct power settings for International use when using external antennas with the AP 100 802.11b Access Port, Model CCRF-5020-10-WW. Note For US (FCC), all Symbol Technologies, certified antennas can be used on the maximum power level setting.
Page 374 WS5000 Series Switch System Reference Guide AP 100 802.11b Access Port Table 9.1 International Antenna and Power Settings for (Continued) Antenna Model Max Power Setting Antenna Type Comments ML-2499-PNAHD-01 Heavy-duty Indoor/Outdoor ° H-Plane Directional Panel ° ML-2499-7PNA2-01 Indoor/Outdoor 65 H-Plane...
Page 375 Antennas and Power for The AP 200 802.11a/b Access Port Table 9.2 European Union and Japanese Antenna and Power Settings (Contin- Additional Cable Length in Feet Antenna Model Antenna Type/Pattern Max Authorized Power Settings ML-2499-7PNA2-01 Panel Directional ML-2499-BMMA1-01 Hi-gain in/outdoor Dipole Omni- Directional ML-2499-SD3-01 Patch Omni-Directional...
Page 376 Model CCRF-5030-100-WW (external antenna 802.11a radio only), CCRF-5030-200-WW (external antenna 802.11a/b radio), CCRF-5030-210-WW. Note All Symbol Technologies certified antennas can be used on the maximum power level setting. Table 9.4 United States Antenna and Power Settings for the AP 200 802.11a/b Access Port...
Page 377 Antennas and Power Table 9.4 United States Antenna and Power Settings for the AP 200 802.11a/b Access Port (Continued) Additional Cable Length in Feet Antenna Model Antenna Type/Pattern Max Authorized Power Settings ML-2499-PNAHD-01 Hi-gain in/outdoor Panel Directional 3, 4, 3, 4, 3, 4, 3, 4, 3, 4,...
Page 378 WS5000 Series Switch System Reference Guide...
Page 379 Converting AP-4131 Access Points to RF Ports You can convert the Symbol AP-4131 model access points to RF Ports for use with the WS5000. The port conversion enables existing customers to utilize an existing Symbol wireless infrastructure with the WS5000 Series Switch.
Page 380: Ap-4131 Features In The Ws5000 Series Switch
This section describes some of the AP-4131 features in the WS5000 Series Switch. 10.1.1 AP-4131 Port Adoption A WS5000 Series Switch can adopt different types of Symbol RF ports. The switch supports AP-100, AP-200, AP-300 and AP-3121 ports. It reuses the existing AP-4131’s implementation and supports AP- 4131 as well.
Page 381: Converting Ap-4131 To Access Ports
You can also update the firmware using the TFTP program by configuring the AP4131 applet. The default login and password (both case-sensitive) for the AP4131 applet are: Username: admin Password: Symbol 10.2.2 Updating the Access Point Firmware Using the XMODEM To update the access point using the XMODEM: 1.
Page 382: Adding An Access Port
None 10.3 Reverting to Access Point Functionality The WS5000 Series Switch can revert a converted AP-4131 to a traditional access point. To revert an AP-4131 to a traditional access point, the switch must keep multiple versions of the firmware for the same type of RF port.
Page 383: Ws5000 Switch Applet Behavior
10-5 Converting AP-4131 Access Points to RF Ports 10.4 WS5000 Switch Applet Behavior The WS5000 Series Switch applet displays three new icons for an adopted AP-4131: • normal • alert • offline The applet adds ap4131 to 4BSS-16ESS tabs in the WLAN-BSS Mapping screen and the Bandwidth screen.
Page 384 10-6 WS5000 Series Switch System Reference Guide...
Page 385: Chapter 11. Configuring Snmp
Configuring SNMP 11.1 SNMP The Wireless 5000 Series Switch supports Simple Network Management Protocol (SNMP) version 3 as well as SNMP version 2 and version 1. Use the CLI context to configure the SNMP trap host and the SNMP agent status.There are two sub- SNMP contexts to configure: •...
Page 386: Set Traphost
SNMP community name for the trap host port Trap port To configure the trap host to be the device at 192.168.204.4, the community name to be Symbol, and to use port 162, enter: set traphost 192.168.204.4 Symbol 162 WS5100_VPN.(Cfg).SNMP>...
Page 387: Set Kdcconfig
11-3 Configuring SNMP WS5000.(Cfg).SNMP> disable Disabling... Status : Success. SNMP details: ------------- SNMP (deamon) Status : Disabled SNMP Traps : Disabled WS5000.(Cfg).SNMP> 11.1.4 set kdcConfig Allows or disallows the configuration of the on-board Kerberos KDC through SNMP. Syntax set kdcConifg <enable_flag> Parameter enable_flag Enable or disable Kerberos KDC configuration, as appropriate.
Page 388: Remove
11-4 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).SNMP> set snmptrap Enter enable or disable. Syntax: set snmptrap <enable/disable> [CR] Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SNMP> set snmptrap enable Setting SNMP Trap status..Status: Success. SNMP details: -------------...
Page 389: Set Client
11-5 Configuring SNMP Example WS5000.(Cfg).SNMP.v2> remove community_type or traphost is required parameter Syntax: remove <community_type/traphost> Valid commands: remove rw remove ro remove traphost Incomplete command... use '?' for help..exiting... WS5000.(Cfg).SNMP.v2> remove ro client_ip is required parameter Syntax: remove ro <client_ip> Incomplete command...
Page 390: Show
11-6 WS5000 Series Switch System Reference Guide Example WS5000.(Cfg).SNMP> set client rw 172.34.35.67 sfusers Configuring SNMP client... Status : Success. State Port IP Address Community Name ----- ---- ---------- -------------- 1. Read/Write 172.34.35.67 sfusers WS5000.(Cfg).SNMP> 11.1.6.3 show Shows SNMP details...
Page 391: Configuring Snmp V3
11-7 Configuring SNMP 11.1.7 Configuring SNMP v3 To configure the Wireless 5000 Series Switch with SNMP version 3, enter: WS5100_VPN.(Cfg).SNMP> SNMP v3 User Auth. Priv. ------------------------------- snmpv3AllRW snmpv3AllRO This example displays the default user profiles available for SNMP v3. 11.1.8 Modifying SNMP v3 Profiles To modify SNMP v3 user profiles, enter: set profile ? WS5100_VPN.(Cfg).SNMP.v3>...
Page 392 11-8 WS5000 Series Switch System Reference Guide...
Page 393: Chapter 12. Configuring The Ws5100 Wtls Vpn
Configuring the WS5100 WTLS VPN A Virtual Private Network or VPN is a protected network connection that tunnels through an unprotected connection. The WS5100-VPN uses a VPN connection to protect wireless transmissions on the untrusted side of the switch. The VPN funtionality includes the following: •...
Page 394: Onboard Dhcp
12-2 WS5000 Series Switch System Reference Guide 12.1 Onboard DHCP Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to computers using TCP/IP. A DHCP server assigns addresses to computers configured as DHCP clients. A feature of DHCP (Option 60) enables a DHCP server to recognize a DHCP client’s equipment identifier, and assign the device an IP drawn from an equipment-specific set of addresses (an IP pool).
Page 395: Viewing Dhcp Configurations
Sets the DHCP server’s maximum lease time, in seconds, to seconds. set dhcp_DomainName <domain.suffix> Sets the DHCP server’s domain name; for example, “symbol.com”. To clear the domain name, pass a NULL argument. set dhcp_PriDNS_IP <IP_address> Sets the IP address that the DHCP server will use as its primary Domain Name System server.
Page 396: Importing A Dhcpd.conf File
12-4 WS5000 Series Switch System Reference Guide Status : Disable Subnet IP : 192.000.000.0 Netmask IP : 255.255.255.0 etc... 12.1.3 Importing a dhcpd.conf File You can use a DHCP configuration file to configure the DHCP servers on the WS5100-VPN. The configuration dhcpd.conf...
Page 397: Dhcp Relay And Vpn
12-5 Configuring the WS5100 WTLS VPN Figure 12.1 Network with Trusted and Untrusted Elements WS 5100-V P N Eth1 Eth2 Layer 2 S witch Layer 2 S witch P OE AP 100 Internet Wireles s C lients C omputer L A N WL A N Trusted Network Untrusted Network...
Page 398: Dynamic Dns
12-6 WS5000 Series Switch System Reference Guide WS5000.(Cfg).wvpn.ip_pools.[default]> set dhcpServer 1.1.1.1 12.2.2 Dynamic DNS Each time a VPN client connects to the VPN server, an IP-address is allocated for the client. The server then sends a DNS Update to a pre-configured DNS server. Both the forward and reverse zone will be updated. The master DNS server for the zone will be obtained through a DNS SQA query.
Page 399: Certificates
Both certificates must be made available to the WS5100-VPN by copying them to a switch-accessible TFTP server. In addition, the Symbol AirBEAM VPN Client must be loaded on all Mobile Units requesting VPN services, AirBEAM Client is used to download the certificate to the device.
Page 400: Wvpn Authentication
12-8 WS5000 Series Switch System Reference Guide 12.2.4 WVPN Authentication A request for authentication made by a VPN client on the untrusted network can be forwarded to a VPN server which proxies to the RADIUS server (internal or external). The trusted RADIUS server authenticates the client and allows VPN client access from the untrusted network to the trusted network.
Page 401: Ip Pool Configuration
12-9 Configuring the WS5100 WTLS VPN set <primary/secondary> <radius_parameter> <value> Table 12.3 describes how to configure the server by settings the parameters for each RADIUS server. The VPN server supports any number of servers: Table 12.3 RADIUS Authentication Setting Parameter used CLI command used set the RADIUS host name host...
Page 402 12-10 WS5000 Series Switch System Reference Guide Table 12.4 IP Pool Configuration CLI command used get the index number WS5000.(Cfg).wvpn.pool >show pool <pool name> Output of this command (Index is in bold) Number of ranges IP Ranges: 0) 111.111.111.150-111.111.111.160 enable/disable use of DHCP WS5000.(Cfg).wvpn.pool >enable/disable...
Page 403: Certificate Configuration
12-11 Configuring the WS5100 WTLS VPN 12.2.4.4 Certificate configuration Table 12.5 lists and describes the CLI commands used to configure the WVPN certificate loading, generation and configuration in switch: Table 12.5 Certificate Configuration CLI command used enter certificate Configure wvpn cert configuration show the server...
Page 404: Vpn Session License
12-12 WS5000 Series Switch System Reference Guide Table 12.5 Certificate Configuration CLI command used show list of uploaded WS5000.(Cfg).wvpn.cert > directory certs certificates Expected output File Name Bytes Date & time anotherca.cer Mar 16 07:39 ca-x509.cer Mar 16 07:39 ca.cer Mar 16 07:39 jiar.cer...
Page 405: Aes Versus 3Des
12-13 Configuring the WS5100 WTLS VPN Table 12.6 Configuring VPN Session License CLI command used enable the VPN support cfg> set vpnsupport enable Note You don’t need to provide the name of the license file as the switch will use the license.lk file that was either disabled earlier or use the pre- loaded file.
Page 406: Wireless Transport Layer Security (Wtls)
12-14 WS5000 Series Switch System Reference Guide 12.2.6 Wireless Transport Layer Security (WTLS) WTLS is a security level protocol specifically designed to provide authentication and data integrity for wireless traffic where access devices can change dynamically (such as access port change due to environmental changes or roaming).
Page 407 12-15 Configuring the WS5100 WTLS VPN Table 12.7 WTLS Configuratin CLI command used configure the RsaKeySize WS5000.(Cfg).wvpn.wtls > set minRsaKey <Integer value> maximum and minimum values Key sizes available: 512, 768, 1024, 1536, 2048, 3072, 4096, 7680, 15360 configure the customCipher WS5000.(Cfg).wvpn.wtls >...
Page 408: Vpn Session Setup
12-16 WS5000 Series Switch System Reference Guide 12.3 VPN Session Setup Figure 12.2 VPN Network Setup 12.3.1 Switch Setup Table 12.8 lists and describes the CLI commands used to configure the various switch parameters. Table 12.8 Switch Setup set VPN support status set vpnsupport enable <license file>...
Page 409: Wvpn Setup
12-17 Configuring the WS5100 WTLS VPN Table 12.8 Switch Setup setup Security Policy Create a new security policy SampleSecurity and assign it to SampleWlan. WS5000.(Cfg)>securitypol WS5000.(Cfg).SecurityPolicy> add SampleSecurity Go to Wlan context WS5000.(Cfg).WLAN.[ SampleWlan]> set security SampleSecurity In the SampleSecurity Policyt context enable VPN authentication: WS5000.(Cfg)>securitypol WS5000.(Cfg).SecurityPolicy>SampleSecurity WS5000.(Cfg).SecurityPolicy.[SampleSecurity]>set...
Page 410: Starting Vpn Service
12-18 WS5000 Series Switch System Reference Guide WS5000.(Cfg)> wvpn WS5000.(Cfg).wvpn> cert WS5000.(Cfg).wvpn.cert> import /image/caCert cacert.cer WS5000.(Cfg).wvpn.cert> import serverCert ? import serverCert <server_pkcs12_key_file> <password> [<server_cert_file>] Note File names must always be accompanied by directory path. For example: certs/ca.cer WS5000.(Cfg).wvpn.cert> import serverCert /image/server.p12 password server.cer...
Page 411: Client Setup
12-19 Configuring the WS5100 WTLS VPN WS5000.(Cfg).wvpn> enable The expected output of this command is Enabling... Status : Success. WVPN Management: WVPN available : true WVPN Status : Started WVPN Server Address : 10.1.1.101 / 10.0.1.73 WVPN Server Port : 9102 WVPN Unused session timeout : 48h 0m (172800 secs) WVPN Debug level...
Page 412: Troubleshooting
12-20 WS5000 Series Switch System Reference Guide WS5000.(Cfg)> show sessions 12.3.6 TroubleShooting Question:1 The accessports are not adopted ? Reasons: 1. You don't have a valid license key. 2. The country code in the switchpolicy is not set. 3. The MAC address corresponding to the accessport is in the access port deny list of the switchpolicy.
Page 413: Ldap And Certificate Configuration
LDAP server (Linux OpenLDAP and Windows Active Directory Server) are as follows: 12.4.1 OpenLdap in Linux • Edit the LDAP configuration file ( ) with the base DN, Manager /etc/openldap/slapd.conf username and password. suffix "o=symbol,c=INDIA" rootdn "cn=Manager,o=symbol,c=INDIA" rootpw secret • Start the LDAP server ( /usr/sbin/slapd -d 4...
Page 414: User/Group Configuration With Ldapbrowser
12-22 WS5000 Series Switch System Reference Guide ldapadd -x -D "cn=Manager,o=SYMBOL,c=INDIA" -W -f base1.ldif ldapadd -x -D "cn=Manager,o=SYMBOL,c=INDIA" -W -f group6.ldif ldapadd -x -D "cn=Manager,o=SYMBOL,c=INDIA" -W -f member6.ldif ldapsearch -x -b 'o=SYMBOL,c=INDIA' '(&(cn=group2)(objectclass=groupofNames))' ldif file format (base1.ldif, group6.ldif, member6.ldif, wvpn.ldif)
Page 415: Ldap Configuration In Switch For Active Directory
12-23 Configuring the WS5100 WTLS VPN LDAP Server IP : 192.192.4.42 LDAP Server Port : 389 LDAP Bind DN : cn=Manager,o=symbol,c=India LDAP Base DN : o=symbol,c=India LDAP Login Attribute : (uid=%{Stripped-User-Name:-% {User-Name}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute...
Page 416: Certificate Management With Win-2003 Server
12-24 WS5000 Series Switch System Reference Guide 12.4.5 Certificate Management with Win-2003 server Windows 2003 server has Certificate Authority(CA) functionality which can be used for signing requests. This details the configuration for PEAP/TTLS authentication with WS5000 RADIUS server. 1. Install Certificate Authority which comes with Win-2003 server.
Page 417 12-25 Configuring the WS5100 WTLS VPN WS5000 provides limited stateless firewall functionality for a configurable list of peers on private and public networks. Firewall filtering is based on the existing packet classification engine. Part of the existing packet classification functionality allows the traffic that matches classifiers to be allowed or denied. Same functionality is used to implement firewall filtering.
Page 418: Network Address Translation (Nat)
12-26 WS5000 Series Switch System Reference Guide 12.6 Network Address Translation (NAT) Twice NAT is used for non-VPN clients to establish communication with the trusted side network. When the NAT feature is enabled, the switch can alter the source and destination IP addresses of packets so that hosts on different subnets can communicate with each other.
Page 419 12-27 Configuring the WS5100 WTLS VPN WS5100_VPN.(Cfg).Fw.[eth2]> set addrange ? Syntax: set addrange <"remoteRealIp,localNatIp,numEntries"> eth2 In this command, a range of NAT addresses was added in the LAN. delrange To delete a range of NAT addresses, use set and specify the range to be deleted.
Page 420 12-28 WS5000 Series Switch System Reference Guide...
Page 421: Customer Support
Customer Support Symbol Technologies provides its customers with prompt and accurate customer support. Use the Symbol Support Center as the primary contact for any technical problem, question or support issue involving Symbol products. If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines within Symbol becomes available for further assistance and support.
Page 422 North American Contacts Inside North America: Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 Telephone: 1-631-738-2400/1-800-SCAN 234 Fax: 1-631-738-5990 Symbol Support Center (for warranty and service information): telephone: 1-800-653-5350 fax: (631) 738-5410 Email: support@symbol.com International Contacts Outside North America:...
Page 423 Web Support Sites MySymbolCare http://www.symbol.com/services/msc Symbol Services Homepage http://symbol.com/services Symbol Software Updates http://symbol.com/services/downloads Symbol Developer Program http://software.symbol.com/devzone Additional Information Obtain additional information by contacting Symbol at: 1-800-722-6234, inside North America +1-516-738-5200, in/outside North America http://www.symbol.com/...
Page 424 WS50000 Series Switch System Reference Guide...
Page 426 Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 http://www.symbol.com 72E-71559-01 Document Revision B September 2005...