Page 1 WS5100 Series Switch System Reference Guide...
Page 2 © 2008 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Page 3: Table Of Contents
Contents Chapter 1. Overview 1.1 Hardware Overview................1-1 1.1.1 Physical Specifications .
Page 4 TOC-2 WS5100 Series Switch System Reference Guide 3.4.3 Updating the Switch Firmware ............3-23 3.5 Switch File Management .
Page 5 TOC-3 4.10.4 Viewing and Configuring Port Instance Details..........4-123 Chapter 5.
Page 6 TOC-4 WS5100 Series Switch System Reference Guide 6.3.1 Configuring MU Intrusion Detection ............6-9 6.3.2 Viewing Filtered MUs .
Page 7 TOC-5 7.3.1 Configuring SNMP v1/v2 Access............7-5 7.3.2 Configuring SNMP v3 Access .
Page 8 TOC-6 WS5100 Series Switch System Reference Guide...
Page 9: About This Guide
• WS5100 Troubleshooting Guide- describes workarounds to known conditions the user may encounter. • RF Management Software Users Guide - describes how to use Motorola RFMS to set up and monitor your WS5100 in respect to areas of good RF throughput and defined physical barriers.
Page 10: Notational Conventions
WS5100 Series Switch System Reference Guide Notational Conventions The following additional notational conventions are used in this document: • Italics are used to highlight the following: • Chapters and sections in this and related documents • Dialog box, window and screen names •...
Page 11: Chapter 1. Overview
Overview The WS5100 switch is a centralized management solution for wireless networking. It connects to non-legacy access ports through L2 or L3 (L2 is preferable, if the situation allows it). Access ports function as radio antennas for data traffic management and routing. System configuration and intelligence for the wireless network resides with the switch.
Page 12: Physical Specifications
The console cable included with the switch connects the switch to a computer running a serial terminal emulator program to access the switch’s Command Line Interface (CLI) for initial configuration. An initial configuration is described within the WS5100 Series Switch Installation Guide shipped with each switch. 1.1.2 System Status LED Codes A WS5100 has two LEDs on the front panel (adjacent to the RJ45 ports).
Page 13: 10/100/1000 Port Status Led Codes
Overview 1.1.2.1 Start Up Event Top LED Bottom LED Power off Power On Self Test (POST) running All colors in rotation All colors in rotation POST succeeded Blue solid Blue solid 1.1.2.2 Primary Event Top LED Bottom LED Active (Continually Adopting Access Ports) Blue blinking Blue solid No License to Adopt...
Page 14: Software Overview
Motorola RFMS can help optimize the positioning and configuration of a switch in respect to a WLAN’s MU throughput requirements and can help detect rogue devices. For more information, refer to the Motorola Web site.
Page 15 Overview 1.2.1.1 Installation Feature The upgrade/downgrade of the switch can be performed at boot time using one of the following methods: • Web UI • DHCP • CLI • SNMP • Patches The switch platform has sufficient non-volatile memory to store multiple firmware images 1.2.1.2 Licensing Support The following licensing information is utilized when upgrading the switch.
Page 16 1-6 WS5100 Series Switch System Reference Guide 1.2.1.5 Serviceability A special set of Service CLI commands are available to provide additional troubleshooting capabilities for service personnel. For example, access to Linux services, panic logs, etc. Only authorized users or service personnel are provided access to the Service CLI.
Page 17: Wireless Switching
Overview • Members within the same redundancy group can be deployed across different subnets and maintain their interdependence as redundancy group members. • Each member of the redundancy group supports AP load balancing by default. • Members of the redundancy group support license aggregation. When a new member joins the group, the new member can leverage the access port adoption license(s) of existing members.
Page 18 1-8 WS5100 Series Switch System Reference Guide • Wireless Roaming • Power Save Polling • • Wireless Layer 2 Switching • Automatic Channel Selection • WMM-Unscheduled APSD • Multiple VLANs per WLAN\ 1.2.2.1 Adaptive AP An adaptive AP (AAP) is an AP-51XX access point that can adopt like an AP300 (L3). The management of an AAP is conducted by the switch, once the access point connects to the switch and receives its AAP configuration.
Page 19 Overview • Detect interference from other systems and avoid co-channeling with those systems (most notably radar systems). • Provide uniform spectrum loading across all devices. This feature is enabled automatically when the country code indicates that DFS is required for at least one of the frequency bands that are allowed in the country.
Page 20 1-10 WS5100 Series Switch System Reference Guide 2. A user ID/ Password and hotspot ESSID is issued by the site receptionist or IT staff. 3. The user connects their laptop to this ESSID 4. The laptop receives its IP configuration via DHCP. DHCP service can be provided by an external DHCP server or provided by the internal DHCP server located on the switch.
Page 21 1-11 Overview 1.2.2.7 Voice Prioritization The switch has the capability of having its QoS policy configured to prioritize network traffic requirements for associated MUs. Use QoS to enable voice prioritization for devices using voice as its transmission priority. Voice prioritization allows you to assign priority to voice traffic over data traffic, and (if necessary) assign legacy voice supported devices (non WMM supported voice devices) additional priority.
Page 22 • 802.11e admission control — 1 byte: channel utilization % and 1 byte: MU count is sent in QBSS Load Element in beacons to MU. • Motorola load balancing element (proprietary) — 2 byte: Kbps, 2 byte: Kbps and 2 byte: MU Count are sent in beacon to MU.
Page 23 1-13 Overview AP Balancing Across Multiple Switches At adoption, the AP solicits and receives multiple adoption responses from the switches on the network. These adoption responses contain preference and loading information the AP uses to select the optimum switch to be adopted by. Use this mechanism to define which APs are adopted by which switches. By default, the adoption algorithm generally distributes AP adoption evenly among the switches available.
Page 24 The wireless switch supports international roaming per the 802.11d specification. MU Move Command As a value added proprietary feature between Motorola infrastructure products and Motorola MUs, a move command has been introduced. The move command permits an MU to roam between ports connected to the same switch without the need to perform the full association and authentication defined by the 802.11...
Page 25 1-15 Overview Management, Voice and Data. Packets within each category are processed based on the weights defined for each WLAN. The switch supports the following QoS mechanisms: 802.11e QoS 802.11e enables real-time audio and video streams to be assigned a higher priority over data traffic. The switch supports the following 802.11e features: •...
Page 26 1-16 WS5100 Series Switch System Reference Guide 1.2.2.14 Wireless Layer 2 Switching The switch supports the following layer 2 wireless switching techniques: • WLAN to VLAN • MU User to VLAN • WLAN to GRE 1.2.2.15 Automatic Channel Selection Automatic channel selection works sequentially as follows: 1.
Page 27 1-17 Overview Limiting Users Per VLAN Multiple VLANs mapped to a WLAN cannot map back to the same IP address pool size. Assign a user limit to each VLAN to allow the mapping of different pool sizes. Specify the VLAN user limit. This specifies the maximum number of MUs associated with a VLAN (for a particular WLAN).
Page 28: Wired Switching
1-18 WS5100 Series Switch System Reference Guide 1.2.3 Wired Switching The switch includes the following wired switching features: • DHCP Servers • DDNS • VLAN Enhancements • Interface Management • DHCP User Class Options 1.2.3.1 DHCP Servers Dynamic Host Configuration Protocol (DHCP) allows hosts on an IP network to request and be assigned IP addresses as well as discover information about the network to which they are attached.
Page 29: Management Features
• A Command Line Interface (CLI) accessible via the serial port or through a Secure Shell (SSH) application • A CLI Service mode enabling the capture of system status information that can be sent to Motorola personnel for use in problem resolution •...
Page 30: Security Features
1-20 WS5100 Series Switch System Reference Guide 1.2.5 Security Features The switch security can be classified into wireless security and wired security. The switch includes the following Wireless Security features: • Encryption and Authentication • MU Authentication • Secure Beacon •...
Page 31 KeyGuard is Motorola’s proprietary dynamic WEP solution. Motorola (upon hearing of the vulnerabilities of WEP) developed a non standard method of rotating keys to prevent compromises. Basically, KeyGuard is TKIP without the message integrity check. KeyGuard is proprietary to Motorola MUs only. For information on configuring KeyGuard for a WLAN, see Configuring WEP 128 / KeyGuard on page 4-49.
Page 32 1-22 WS5100 Series Switch System Reference Guide uses the MAC address of the MU as both the username and password (this configuration is also expected on the Radius server). MAC-Auth supports all encryption types, and (in case of 802.11i) the handshake is completed before the Radius lookup begins.
Page 33 Radius Server. 1.2.5.8 WIDS The Motorola Wireless Intrusion Dectection System (WIDS) monitors for any presence of unauthorized rogue access points. Unauthorized attempts to access the WLAN is generally accompanied by anomalous behavior as intruding MUs try to find network vulnerabilities. Basic forms of this behavior can be monitored and reported without needing a dedicated WIDS.
Page 34 With this most recent switch firmware release, the switch can provide rogue device detection data to the Motorola RF Management software application (or Motorola RFMS). Motorola RFMS uses this data to refine the position and display the rogue on a site map representative of the physical dimensions of the actual radio coverage area of the switch.
Page 35 1-25 Overview allowed. If the action is to mark, the packet is tagged for priority. The switch supports the following types of ACLs: • IP Standard ACLs • IP Extended ACLs • MAC Extended ACLs • Wireless LAN ACLs ACLs are identified by a number or a name (the exception being MAC extended ACLs which take only name as their identifier).
Page 36: Access Port Support
1-26 WS5100 Series Switch System Reference Guide address of the public interface of the switch is used to NAT packets going out from private network and vice versa for packets entering private network. • Static NAT– Static NAT is similar to Port NAT with the only difference being that it allows the user to configure a source NAT IP address and/or destination NAT IP address to which all the packets will be NATted to.
Page 37: Chapter 2. Switch Web Ui Access And Image Upgrades
Switch Web UI Access and Image Upgrades The content of this chapter is segregated amongst the following: • Accessing the Switch Web UI • Switch Password Recovery • Upgrading the Switch Image • Auto Installation • Downgrading the Switch Image •...
Page 38: Connecting To The Switch Web Ui
This warning screen will continue to display on future login attempts until a self-signed certificate is implemented. Motorola recommends only using the default certificate for the first few login attempts until a self-signed certificate can be generated.
Page 39: Switch Password Recovery
Switch Web UI Access and Image Upgrades of firmware running on the switch, quickly assess the last 5 alarms generated by the switch, view the status of the switch’s Ethernet connections and view switch CPU and memory utilization statistics. NOTE: The chapters within this System Reference Guide are arranged to be complimentary with the main menu items in the menu tree of the switch Web UI.
Page 40: Upgrading The Switch Image
Verify your current switch firmware version with the latest version available from the Motorola Web site before determining if your system requires an upgrade. Additionally, legacy users running either the 1.4.x or 2.x version switch firmware may want to upgrade to the new 3.x baseline to take complete advantage of the new diverse feature set available to them.
Page 41: Auto Installation
This is the configuration that will be upgraded to the new 3.x baseline. NOTE: Motorola recommends saving a copy of the switch configurartion to a secure location before the upgrade. If an error occurs with the upgrade a viable configuration will be needed to restore on the switch.
Page 42 2-6 WS5100 Series Switch System Reference Guide Configuration files are tracked by their MD5 checksum. If a file is renamed, it will still have the same md5 sum. Once a file has been loaded it will not be reloaded, even if the local configuration information is changed.
Page 43: Downgrading The Switch Image
To convert an AP-4131 “fat” access point to a “thin” AP-4131 access port you need to load the port conversion version firmware. Refer to the files available with you Motorola Web site download package. To convert an AP-4131 access point 1.
Page 44 2-8 WS5100 Series Switch System Reference Guide 3. Select the AP Installation main menu item. 4. From the IP Address field, enter a new IP address (if required) and select Save-[F1] to save the change. If the IP address was changed, you will need to reset the AP for the change to be implemented.
Page 45 Switch Web UI Access and Image Upgrades 6. Select the Special Functions main menu item. 7. Select the Firmware Update Menu-[F3] menu item 8. Select the Alter Filename(s)/HELP URL/TFTP Server menu item. a. Confirm that the Firmware File Name is correct, make changes as needed. b.
Page 46 2-10 WS5100 Series Switch System Reference Guide...
Page 47: Chapter 3. Switch Information
Motorola RFMS can help optimize the positioning and configuration of a switch (and its associated radios) in respect to a WLAN’s MU throughput requirements and can help detect rogue devices.
Page 48: Viewing The Switch Configuration
3-2 WS5100 Series Switch System Reference Guide NOTE: When the switch’s configuration is successfully updated (using the Web UI), the effected screen is closed without informing the user their change was successful. However, if an error were to occur, the error displays within the effected screen’s Status field and the screen remains displayed.
Page 49 Firmware Displays the current firmware version running on the switch. This version should be periodically compared to the most recent version available on the Motorola Web site, as versions with increased functionality are periodically released. AP Licenses Displays the number of access port licenses currently available for the switch.
Page 50 3-4 WS5100 Series Switch System Reference Guide 7. Click the Show Dashboard button to display a screen with important indicators of switch health and status. For more information, see Viewing Dashboard Details. Referencing the Details screen is recommended before new configurations are employed that utilize increased switch bandwidth.
Page 51 Switch Information Click the Show Dashboard button (within the Switch screen’s Configuration tab) to display the current health of the switch. Dashboard screen displays the current health of the switch and is divided into fields representing the following important diagnostics: •...
Page 52 3-6 WS5100 Series Switch System Reference Guide Access Ports Displays the total number of access ports adopted by the switch. Mobile Units Displays the total number of MUs associated with the switch. Up Time Displays the actual switch uptime. The...
Page 53: Viewing Switch Statistics
Switch Information 3.1.2 Viewing Switch Statistics Switch Statistics tab displays an overview of the recent network traffic and RF status for the switch. To display the Switch Statistics tab: 1. Select Switch from the main menu tree. 2. Click the Switch Statistics tab at the top of the Switch screen.
Page 54: Viewing Switch Port Information
3-8 WS5100 Series Switch System Reference Guide Avg. Bit Speed Displays the average bit speed for the switch over last 30 seconds and 1 hour. Use the average bit speed value to help determine overall network speeds and troubleshoot network congestion.
Page 55: Viewing The Port Configuration
Switch Information 3.2.1 Viewing the Port Configuration Configuration tab displays the current configuration for the switch ports. Use the port configuration information to determine whether an existing port configuration can be used as is or requires modification for use within the switch managed network. To view configuration details for the uplink and downlink ports: 1.
Page 56 3-10 WS5100 Series Switch System Reference Guide 2. Click the Edit button. Port Change Warning screen displays, stating any change to the port setting could disrupt access to the switch. Communication errors may occur even if modifications made are successful.
Page 57: Viewing The Ports Runtime Status
3-11 Switch Information Name Displays the read-only name assigned to the port. Speed Select the speed at which the port can receive and transmit the data. Select from the following range: • 10 Mbps • 100 Mbps • 1000 Mbps •...
Page 58: Reviewing Port Statistics
3-12 WS5100 Series Switch System Reference Guide 2. Select the Runtime tab to display the following read-only information: Name Displays the port’s current name. MAC Address Displays the port’s MAC Address. This value is read-only, set at the factory and cannot be modified.
Page 59 3-13 Switch Information 1. Select Switch > Port from the main menu tree. 2. Select the Statistics tab. 3. Refer to the Statistics tab to display the following read-only information: Name Defines the port name. Bytes In Displays the total number of bytes received by the port. Packets In Displays the total number of packets received by the port.
Page 60 3-14 WS5100 Series Switch System Reference Guide 3.2.3.1 Detailed Port Statistics To view detailed statistics for a port: 1. Select a port from the table displayed within the Statistics screen. 2. Click the Details button. 3. The Interface Statistics screen displays. This screen displays the following statistics for the selected...
Page 61 3-15 Switch Information Output Unicast Displays the number of unicast packets (packets directed towards a single Packets destination address) transmitted from the interface. Output NonUnicast Displays the number of unicast packets transmitted from the interface. Packets Output Total Packets Displays the total number of packets transmitted from the interface. Output Packets Displays the number of transmitted packets dropped from the interface.
Page 62 3-16 WS5100 Series Switch System Reference Guide Interface Statistics screen displays for the selected port. The screen provides the option to view the following: • Input Bytes • Input Pkts Dropped • Output Pkts Total • Output Pkts Error • Input Pkts Total •...
Page 63: Viewing Switch Configurations
Motorola RFMS can help optimize the positioning and configuration of a switch (and its associated radios) in respect to a WLAN’s MU throughput requirements and can help detect rogue devices.
Page 64: Viewing The Detailed Contents Of A Config File
3.3.1 Viewing the Detailed Contents of a Config File The View screen displays the entire contents of a configuration file. Motorola recommends a file be reviewed carefully before it is selected from the Config Files screen for edit or designation as the switch startup configuration.
Page 65: Transferring A Config File
3-19 Switch Information Use the up and down navigation facilities on the right-hand side of the screen to view the entire page. 3. The Page parameter displays the portion of the configuration file in the main viewing area. The total number of pages in the file are displayed to the right of the current page. The total number of lines in the file display in the Status field at the bottom of the screen.
Page 66 3-20 WS5100 Series Switch System Reference Guide 1. Click the Transfer Files button on the bottom of the Configuration screen. 2. Refer to the Source field to define the location and address information for the source config file. From Select the location representing the source file’s current location using the From drop-down menu.
Page 67: Viewing Switch Firmware Information
3-21 Switch Information 3.4 Viewing Switch Firmware Information The switch can store (retain) two software versions (primary and secondary). Information supporting the two versions displays within the Firmware screen. The Version column displays the version string. The Build Time is the date and time each version was generated. Install represents the date and time the upgrade was performed.
Page 68: Editing The Switch Firmware
3-22 WS5100 Series Switch System Reference Guide 3. Refer to the Patch field for a listing of those Patches available to the switch. The name and version of each patch file is displayed. Each patch file has an associated .txt file designation. the text file describes nuances associated with the file that may make it optimal for use with the switch.
Page 69: Updating The Switch Firmware
3-23 Switch Information 1. Select an image from the table in the Firmware screen. 2. Click the Global Settings button. 3. Select the Enable Image Failover checkbox to load an alternative firmware version if the WLAN module fails to load the selected version successfully after 2 reboot attempts. 4.
Page 70: Switch File Management
3-24 WS5100 Series Switch System Reference Guide 5. From the Using drop down menu, select either FTP or TFTP as a medium to update the firmware. a. Use to get the firmware update from a File Transfer Protocol (FTP) server. A user account must be established on the FTP server specified for the firmware update.
Page 71 3-25 Switch Information 1. Select Switch > File Management from the main menu tree. 2. Refer to the Source field to specify the details of the source file. From Use the From drop-down menu to select the source file’s current location. The options include Wireless Switch and Server.
Page 72 3-26 WS5100 Series Switch System Reference Guide 1. Select Wireless Switch from the From drop-down menu 2. Use the Browse button to locate a target file for the file transfer. 3. Use the drop-down menu (within the Target field) and select Wireless Switch.
Page 73 3-27 Switch Information 2. Use the Browse button and select a file for transfer. 3. Use the drop-down menu (within the Target field) and select Server. This defines the transfer location of the configuration file. Enter the file location marked to store the transferred file. 4.
Page 74: Configuring Automatic Updates
Enable this option for either the firmware, configuration file or cluster configuration file. Motorola recommends leaving this setting disabled if a review of a new file is required before it is automatically uploaded by the switch.
Page 75 3-29 Switch Information To enable and configure the automatic update feature for switch firmware, configuration files and cluster configurations: 1. Select Switch > Automatic Updates from the main menu tree. 2. Refer to the Switch Configuration field to enable and define the configuration for automatic configuration file updates.
Page 76 3-30 WS5100 Series Switch System Reference Guide 3. Refer to the Redundancy Configuration field to enable and define the configuration for automatic cluster file updates. Enable Select the Enable checkbox to allow an automatic cluster file update when a new (updated) file is detected (upon the boot of the switch) at the specified IP address.
Page 77: Viewing The Switch Alarm Log
3-31 Switch Information 3.7 Viewing the Switch Alarm Log Use the Alarm Log screen as an initial snapshot for alarm log information. Expand alarms (as needed) for greater detail, delete alarms, acknowledge alarms or export alarm data to a user-specified location for archive and network performance analysis.
Page 78: Viewing Alarm Log Details
3-32 WS5100 Series Switch System Reference Guide Time Stamp Displays the date, year and time the alarm was raised (as well as the time zone of the system). The time stamp only states the time the alarm was generated, not the time it was acknowledged.
Page 79: Viewing Switch Licenses
3-33 Switch Information 3. Refer to the Alarm Details Alarm Message for the following information: Description Displays the details of the alarm log event. This information can be used in conjunction with the Solution Possible Causes items to troubleshoot the event and determine how the event can be avoided in the future.
Page 80 License Key Enter the license key required to install a particular feature. The license key is returned when you supply the switch serial number to Motorola support. Feature Name Enter the name of the feature you wish to install/upgrade using the license.
Page 81: How To Use The Filter Option
3-35 Switch Information 3.9 How to use the Filter Option Use the Filter Option to sort the display details of screen that employ the filtering option as a means of sorting how data is displayed within the screen. 1. Click the Show Filtering Option to expand the Filter Option zone, whenever it appears in any screen.
Page 82 3-36 WS5100 Series Switch System Reference Guide...
Page 83: Chapter 4. Network Setup
Network Setup This chapter describes the Network Setup menu information used to configure the switch. This chapter consists of the following switch Network configuration activities: • Displaying the Network Interface • Viewing Network IP Information • Viewing and Configuring Layer 2 Virtual LANs •...
Page 84: Displaying The Network Interface
4-2 WS5100 Series Switch System Reference Guide 4.1 Displaying the Network Interface The main Network interface displays a high-level overview of the configuration (default or otherwise) as defined within the Network main menu. Use the information to determine if items require additional configuration using the sub-menu items under the main Network menu item.
Page 85 Network Setup 2. Refer to the following information to discern if configuration changes are warranted: DNS Servers Displays the number of DNS Servers configured thus far for use with the switch. For more information, see Viewing Network IP Information on page 4-4.
Page 86: Viewing Network Ip Information
4-4 WS5100 Series Switch System Reference Guide 4.2 Viewing Network IP Information Use the Internet Protocol screen to view and configure network associated IP details. The Internet Protocol screen contains tabs supporting the following configuration activities: • Configuring DNS •...
Page 87 Network Setup 5. Click the button to display a screen used to add another domain name server. For more information, Adding an IP Address for a DNS Server on page 4-5. 6. Click the Global Settings button to open a screen that allows the domain lookup to be enabled/disabled and the domain name to be specified.
Page 88: Configuring Ip Forwarding
4-6 WS5100 Series Switch System Reference Guide 2. Select the Domain Look Up checkbox to enable the switch to query domain name servers to resolve domain names to IP addresses. NOTE: The order of look up is determined by the order of the servers within...
Page 89 Network Setup 3. The read-only IP Forwarding tab displays the current status between VLANs. To toggle the status of routing between VLANs, use the Enable/Disable options located at the bottom of the screen. The following details display in the table: Destination Subnet Displays the mask used for destination subnet entries.
Page 90: Viewing Address Resolution
4-8 WS5100 Series Switch System Reference Guide 1. Click the button. A new Configuration screen displays enabling you to add a new destination subnet, subnet mask and gateway for routing packets to a defined destination. 2. In the Destination Subnet field, enter an IP address to route packets to a specific destination address.
Page 91 Network Setup 2. Select the Address Resolution tab. 3. Refer to the Address Resolution table for the following information: Displays the name of the actual interface where the IP address was Interface found (typically a VLAN). Displays the IP address being resolved. IP Address Displays the MAC address corresponding to the IP address being MAC Address...
Page 92: Viewing And Configuring Layer 2 Virtual Lans
4-10 WS5100 Series Switch System Reference Guide 4.3 Viewing and Configuring Layer 2 Virtual LANs A virtual LAN (VLAN) is similar to a Local Area Network (LAN), however devices do not need to be connected to the same segment physically. Devices operate as if connected to the same LAN, but could be connected at different physical connections across the LAN segment.
Page 93: Editing The Details Of An Existing Vlan
4-11 Network Setup 4.3.1 Editing the Details of an Existing VLAN To revise the configuration of an existing VLAN: 1. Select Network > Virtual LANs from the main menu tree. 2. Select an Ethernet for which you want to configure the VLAN and click on the Edit button.
Page 94: Configuring Switch Virtual Interfaces
4-12 WS5100 Series Switch System Reference Guide Native VLAN Use this field to change the tag assigned to the native VLAN. Allowed VLANs This section has the following 2 options (and is only available when Trunk is selected from the Mode drop-down menu): •...
Page 95 4-13 Network Setup The following configuration details display in the table: Name Displays the name of the virtual interface. VLAN ID Displays the VLAN ID associated with the interface. DHCP Displays whether the DHCP client is enabled or not. A green check mark defines the DHCP client as enabled for the interface.
Page 96 4-14 WS5100 Series Switch System Reference Guide 4. Select a record from the table and click the Delete button to remove the configuration from the list of switch virtual interfaces. 5. Click the button to add a new configuration to the switch virtual interface. For more information, see Adding a Virtual Interface on page 4-14.
Page 97 4-15 Network Setup 8. Use the Secondary IP Addresses field to define additional IP addresses to associate with VLAN IDs. The address provided in this field is used if the primary IP address is unreachable. Select the button (within the Secondary IP Addresses field) to define additional addresses from a sub screen.
Page 98: Viewing Virtual Interface Statistics
4-16 WS5100 Series Switch System Reference Guide 7. Select the Set as Management Interface checkbox to convert the selected VLAN ID to a management interface. 8. Use the Secondary IP Addresses field to define/modify additional IP addresses to associate with VLAN IDs.
Page 99 4-17 Network Setup Packets In Displays the number of packets coming into the interface (including packets dropped, error packets, etc.) Displays the number of dropped packets coming into the interface. Packets are Packets In Dropped dropped if: The input queue for the hardware device/software module handling the interface definition is saturated/full.
Page 100 4-18 WS5100 Series Switch System Reference Guide 2. Click the Details button. 3. The Interface Statistics screen displays with the following content: Name Displays the title of the logical interface selected. MAC Address Displays physical address information associated with the interface. This address is read-only (hard-coded at the factory) and cannot be modified.
Page 101 4-19 Network Setup Output Total Packets Displays the total number of packets transmitted from the interface. Output Packets Displays the number of transmitted packets dropped at the interface. Output Dropped Packets Dropped are packets dropped when the output queue of the physical device associated with interface is saturated.
Page 102: Viewing And Configuring Switch Wlans
4-20 WS5100 Series Switch System Reference Guide NOTE: Do not select more than four parameters at any given time. 4. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.
Page 103 4-21 Network Setup updates to a WLAN’s description and their current authentication and encryption schemes. Be careful to properly map BSS WLANs and security schemes. the WS5100 supports 32 WLANs. To configure a WLAN: 1. Select Network > Wireless LANs from the main menu tree.
Page 104 4-22 WS5100 Series Switch System Reference Guide Authentication Displays the type of authentication used with the specified WLAN. Click the Edit button to modify the WLAN’s current authentication scheme. For information on configuring an authentication scheme for a WLAN, see...
Page 105 4-23 Network Setup 6. Click the Global Settings button to display a screen with WLAN settings applying to the all the WLANs on the system. Remember, changes made to any one value impact each WLAN. Click to save updates to the Global WLAN Settings screen. Click Cancel to disregard changes and revert back to the previous screen.
Page 106 4-24 WS5100 Series Switch System Reference Guide 4.5.1.1 Editing the WLAN Configuration Security measures for the switch and its WLANs are critical. Use the available switch security options to protect each WLAN from wireless vulnerabilities, and secure the transmission of RF packets between WLANs and the MU traffic they support.
Page 107 4-25 Network Setup The Wireless LANs Edit screen is divided into the following user-configurable fields: • Configuration • Authentication • Encryption • Advanced 5. Refer to the Configuration field to define the following WLAN values ESSID Displays the Extended Service Set ID (ESSID) associated with each WLAN. If changing the ESSID, ensure the value used is unique.
Page 108 For detailed information on configuring WEP 128 for the WLAN, see Configuring WEP 128 / KeyGuard on page 4-49. KeyGuard Uses a Motorola proprietary encryption mechanism to protect data. For detailed information on configuring KeyGuard for the WLAN, see Configuring WEP 128 / KeyGuard on page 4-49.
Page 109 Select the Use Voice Prioritization option if Voice is used on the WLAN. This gives Prioritization priority to voice packets and voice management packets and is supported only on certain legacy Motorola VOIP phones. Enable SVP Enabling SVP (Spectralink Voice Prioritization) allows the switch to identify and prioritize traffic from Spectralink/Polycomm phones.
Page 110 4-28 WS5100 Series Switch System Reference Guide MCast Addr 1 The address provided takes packets (where the first 4 bytes match the first 4 bytes of the mask) and sends them immediately over the air instead of waiting for the DTIM period.
Page 111 4-29 Network Setup 4. Select the Dynamic Assignment checkbox for an user based VLAN assignment with Radius for this WLAN. 5. Select the Assign Multiple VLAN(s) button to map a WLAN to more than one VLAN. This displays the Multiple VLAN Mapping screen. 6.
Page 112 4-30 WS5100 Series Switch System Reference Guide 4.5.1.3 Configuring Authentication Types Refer to the following to configure the WLAN authentication options available on the switch: • Configuring 802.1x EAP • Configuring Kerboros • Configuring Hotspots • Configuring an Internal Hotspot •...
Page 113 Once a MU and server prove their identity, they can encrypt all communications to assure privacy and data integrity. Kerberos can only be used with Motorola clients. CAUTION: Kerberos makes no provisions for host security. Kerberos assumes it is running on a trusted host with an untrusted network.
Page 114 4-32 WS5100 Series Switch System Reference Guide 5. Click the Config button to the right of the Kerberos checkbox. The Kerberos screen displays. 6. Specify a case-sensitive Realm Name. The realm name is the name domain/realm name of the KDC Server. A realm name functions similarly to a DNS domain name.
Page 115 4-33 Network Setup 1. Simple internal pre-built web-pages. 2. External Web-pages 3. Customized internal Web page (using the Advanced feature in hotspot configuration) When a user visits a public hotspot and wants to browse a Web page, they can boot up their laptop and associate with the local Wi-Fi network by entering the correct SSID.
Page 116 4-34 WS5100 Series Switch System Reference Guide 3. Select the Hotspot button from within the Authentication field. The Radius Config... button on the bottom of the screen becomes enabled. Ensure a primary and optional secondary Radius Server have been configured to authenticate users requesting access to the hotspot supported WLAN. For more...
Page 117 4-35 Network Setup 4. Click the tab and enter the title, header, footer Small Logo URL, Main Logo URL and Descriptive Login Text you would like to display when users login to the switch maintained hotspot. Title Text Displays the HTML text displayed on the Welcome page when using the switch’s internal Web server.
Page 118 4-36 WS5100 Series Switch System Reference Guide Main Logo URL Displays the URL for the main logo image displayed on the Failed page when using the switch’s internal Web server. This option is only available if Internal is chosen from the drop-down menu above.
Page 119 4-37 Network Setup 3. Select the Hotspot button from within the Authentication field. Ensure External is selected from within This WLAN’s Web Pages are of the drop-down menu. 4. Refer to the External Web Pages field and provide the Login, Welcome and Failed Page URLs used by the external Web server to support the hotspot.
Page 120 4-38 WS5100 Series Switch System Reference Guide NOTE: When using an external hotspot page for redirection, certain HTML codes must be included on the pages to properly redirect to the switch. For the Login Welcome pages, the following code must be modified: form action="https ://<ip address of the switch>:444/cgi-bin/hslogin.cgi"...
Page 121 4-39 Network Setup 4. Select the Hotspot button from within the Authentication field. Ensure Advanced is selected from within the This WLAN’s Web Pages are of the drop-down menu. NOTE: Advanced hotspot configuration is not permissible using the switch Web UI. Refer to the switch CLI or other advanced configuration options to define a hotspot with advanced properties.
Page 122 (default users are admin with superuser privileges and operator with monitor privileges). No secondary authentication source is specified. However, Motorola recommends using an external Radius Server as the primary user authentication source and the local switch Radius Server as the secondary user authentication source.
Page 123 To configure an external Radius Server for EAP 802.1x, Hotspot or Dynamic MAC ACL WLAN support: NOTE: To optimally use an external Radius Server with the switch, Motorola recommends defining specific external Server attributes to best utilize user privilege values for specific switch permissions.
Page 124 4-42 WS5100 Series Switch System Reference Guide 6. Refer to the Server field and define the following credentials for a primary and secondary Radius server. RADIUS Server Enter the IP address of the primary and secondary server acting as the Radius user Address authentication data source.
Page 125 Configuring an External Radius Server for Optimal Switch Support The switch’s external Radius Server should be configured with Motorola WS5100 specific attributes to best utilize the user privilege values assignable by the Radius Server. The following two values should be configured on the external Server for optimal use with the switch: •...
Page 126 4-44 WS5100 Series Switch System Reference Guide access, configure the Radius Server with two attributes. Once with a value 1 for monitor access and then with a value 2 for the helpdesk role. Multiple roles can also be defined by configuring the Radius Server with attribute 1 and value 3 (or monitor value 1 and helpdesk value 2).
Page 127 4-45 Network Setup 1. Select Network > Wireless LANs from the main menu tree. 2. Select an existing WLAN from those displayed with the Configuration tab. 3. Click on the Edit button. 4. Select either the 802.1x, Hotspot Dynamic MAC ACL button from within the Authentication field.
Page 128 4-46 WS5100 Series Switch System Reference Guide NAC Shared Secret Provide a shared secret (password) for user credential authentication with the primary or secondary NAC server. Server Timeout Enter a value (between 1 and 300 seconds) to indicate the number of elapsed seconds causing the switch to time out on a request to the primary or secondary NAC server.
Page 129 4-47 Network Setup CHAP CHAP is an encrypted authentication method based on Microsoft's challenge/ response authentication protocol. DSCP/TOS Optionally mark packets with a DiffServ CodePoint (DSCP) in its header. The DSCP value is stored in the first 6 bits of the Type of Service (ToS) field that is part of the standard IP header.
Page 130 Generate button. The pass key can be any alphanumeric string. The switch, other proprietary routers and Motorola MUs use the algorithm to convert an ASCII string to the same hexadecimal number. MUs without Motorola adapters need to use WEP keys manually configured as hexadecimal numbers.
Page 131 Generate button. The pass key can be any alphanumeric string. The switch and Motorola MUs use the algorithm to convert an ASCII string to the same hexadecimal number. MUs without Motorola adapters need to use WEP keys manually configured as hexadecimal numbers.
Page 132 4-50 WS5100 Series Switch System Reference Guide 6. Use the Key #1-4 areas to specify key numbers. The key can be either a hexadecimal or ASCII. The keys are 26 hexadecimal characters in length or 13 ASCII characters. Select one of these keys for activation by clicking its radio button.
Page 133 4-51 Network Setup Configuring WPA/WPA2 using TKIP and CCMP Wi-Fi Protected Access (WPA) is a robust encryption scheme specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11i. WPA provides more sophisticated data encryption than WEP. WPA is designed for corporate networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by an unauthorized person.
Page 134 4-52 WS5100 Series Switch System Reference Guide 5. Select the Broadcast Key Rotation checkbox to enable the broadcasting of encryption-key changes to MUs. Only broadcast key changes when required by associated MUs to reduce the transmissions of sensitive key information. This value is enabled by default.
Page 135: Viewing Wlan Statistics
4-53 Network Setup 8. Optionally select one of the following from within the Fast Roaming (8021x only) field. PMK Caching Select Pairwise Master Key (PMK) caching to create a shared key between a client device and its authenticator. When a client roams between devices, the client’s credentials no longer need to completely reauthenticated (a process that can take up to 100 milliseconds).
Page 136 4-54 WS5100 Series Switch System Reference Guide 2. Click the Statistics tab. 3. Refer to the following details displayed within the table: Last 30s Click the Last 30s radio button to display statistics for the WLAN over the last 30 seconds.
Page 137 4-55 Network Setup % Non-UNI Displays the percentage of the total packets for the selected WLAN that are non- unicast packets. Non-unicast packets include broadcast and multicast packets. Retries Displays the average number of retries for all MUs associated with the selected WLAN.
Page 138 4-56 WS5100 Series Switch System Reference Guide • Information • Traffic • RF Status • Errors Information in black represents the statistics from the last 30 seconds and information in blue represents statistics from the last hour. 4. Refer to the...
Page 139 4-57 Network Setup Avg MU Noise Displays the average RF noise for all MUs associated with the selected WLAN. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour. Avg MU SNR Displays the average Signal to Noise Ratio (SNR) for all MUs associated with the selected WLAN.
Page 140 4-58 WS5100 Series Switch System Reference Guide 2. Click the Graph button. The WLAN Statistics screen displays for the select port. The WLAN Statistics screen provides the option of viewing the graphical statistics of the following parameters: • Pkts per sec •...
Page 141 WLAN. NOTE: The Motorola RF Management Software is recommended to plan the deployment of the switch. Motorola RFMS can help optimize the positioning and configuration of a switch in respect to a WLAN’s MU throughput requirements. For more information, refer to the Motorola Web site.
Page 142: Configuring Wmm
4-60 WS5100 Series Switch System Reference Guide 6. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.
Page 143 4-61 Network Setup Access Displays the Access Category for the intended radio traffic. Access Categories are the different WLAN-WMM options available. The four Access Category types are: • Background — Optimized for background traffic • Best-effort — Optimized for best effort traffic •...
Page 144 4-62 WS5100 Series Switch System Reference Guide 4. Select the QoS Mappings button to revise the existing mappings of access category to 802.1p and DSCP to access category settings. With a drastic increase in bandwidth absorbing network traffic (VOIP, multimedia etc.), the importance of data prioritization is critical to effective network management.
Page 145 4-63 Network Setup 4.5.3.1 Editing WMM Settings Use the WMM Edit screen to modify existing Access Category settings for the WLAN selected within the WMM screen. This could be necessary in instances when data traffic has changed and high-priority traffic (video and voice) must be accounted for by modifying AIFSN Transmit Ops and CW values.
Page 146: Configuring The Nac Inclusion List
4-64 WS5100 Series Switch System Reference Guide AIFSN Define the current Arbitrary Inter-frame Space Number (AIFSN). Higher-priority traffic categories should have lower AIFSNs than lower-priority traffic categories. This will causes lower-priority traffic to wait longer before trying to access the medium.
Page 147 4-65 Network Setup • Include a few MU’s for NAC validation and bypass the rest of the MU’s. To view the attributes of a NAC Include list: 1. Select Network > Wireless LANs from the main menu tree. 2. Select the NAC Include List Configuration tab to view and configure NAC enabled devices.
Page 148 4-66 WS5100 Series Switch System Reference Guide 4.5.4.1 Adding an Include List to a WLAN To add a device to a WLAN’s include list configuration: 1. Select Network > Wireless LANs from the main menu tree. 2. Select the NAC Include tab to view and configure NAC Include enabled devices.
Page 149 4-67 Network Setup 7. Refer to the Status field. It displays the current state of the requests made from the applet. Requests are any “SET/GET” operation from the applet. The Status field displays error messages if something goes wrong in the transaction between the applet and the switch. 8.
Page 150: Configuring The Nac Exclusion List
4-68 WS5100 Series Switch System Reference Guide 4.5.5 Configuring the NAC Exclusion List The switch provides a means to bypass NAC for 802.1x devices without a NAC agent. For Motorola handheld devices (like the MC9000), authentication is achieved using an exclusion list.
Page 151 4-69 Network Setup entries maximum per list. For more information, see Configuring Devices on the Exclude List on page 4- 5. The Configured WLANs field displays the available switch WLANs. Associate a list item in the Exclude Lists field with multiple WLANs. For information on mapping NAC Exclude list’s items to WLANs, see Mapping Exclude List Items to WLANs on page...
Page 152 4-70 WS5100 Series Switch System Reference Guide 3. Click on the button in the List Configuration field. 4. The List Name displays the read-only name of the list for which you wish to add more devices. 5. Enter the Host Name for the device you wish to add for the selected exclude list.
Page 153: Nac Configuration Examples Using The Switch Cli
The following are NAC include list, exclude list and WLAN configuration examples using the switch CLI interface: 4.5.6.1 Creating an Include List Since few devices require NAC, Motorola recommends using the "bypass-nac-except-include-list" option. Refer to the commands below to create a NAC Include List: 1. Create a NAC include list.
Page 154 4-72 WS5100 Series Switch System Reference Guide 2. Add a host entry to the include list. This adds a specified MAC entry/MAC range into the client’s include list. WS5100 (config-wireless-client-list) #station pc1 AA:BB:CC:DD:EE:FF WS5100 (config-wireless-client-list) # 3. Associate the include list to a WLAN. This adds the client’s include list into the WLAN.
Page 155 4-73 Network Setup WS5100 (config-wireless) #wlan 1 nac-server secondary 192.168.1.20 WS5100 (config-wireless) # d. Configure the secondary NAC Server’s Radius Key. WS5100 (config-wireless) #wlan 1 nac-server secondary radius-key my secret-2 WS5100 (config-wireless) # 3. MUs not NAC authenticated use Radius for authentication. To configure the WLAN’s Radius settings: a.
Page 156: Viewing Associated Mu Details
• Viewing MU Statistics NOTE: The Motorola RF Management Software is a recommended utility to plan the deployment of the switch and view its configuration once operational. Motorola RFMS can help optimize switch positioning and configuration in respect to a WLAN’s MU throughput requirements and can help detect rogue devices.
Page 157: Viewing Mu Details
4-75 Network Setup Power Save Displays the current (read-only) Power-Save-Poll (PSP) state of the MU. The Power Save field has two potential settings. PSP indicates the MU is operating in Power Save Protocol mode. In PSP, the MU runs enough power to check for beacons and is otherwise inactive.
Page 158 4-76 WS5100 Series Switch System Reference Guide 3. Select a MU from the table in the Status screen and click the Details button. 4. Refer to the following read-only MU’s transmit and receive statistics:. MAC Address Displays the Hardware or Media Access Control (MAC) address for the MU.
Page 159: Viewing Mu Statistics
4-77 Network Setup Voice Displays whether or not the MU is a voice capable device. Traffic from a voice enabled MU is handled differently than traffic from MUs without this capability. MUs grouped to particular WLANs can be prioritized to transmit and receive voice traffic over data traffic.
Page 160 4-78 WS5100 Series Switch System Reference Guide 4. Select the Last HR checkbox to display MU statistics gathered over the last hour. This option is helpful for assessing performance trends over a measurable period. 5. Refer to following details as displayed within the...
Page 161 4-79 Network Setup 3. Select a MU from the table displayed in the Statistics screen and click the Details button. The Details screen displays WLAN statistics for the selected WLAN, including: • Information • Traffic • RF Status • Errors Information in black represents the statistics from the last 30 seconds and information in blue represents statistics from the last hour.
Page 162 4-80 WS5100 Series Switch System Reference Guide WLAN Displays the name of the WLAN the MU is currently associated with. Displays WMM usage status for the MU, including the access category currently in use. Use this information to assess whether the MU is using the correct WMM settings in relation to its intended data traffic type.
Page 163: Viewing Access Port Information
NOTE: Each switch can support a maximum of 48 access ports. However, port adoption per switch is determined by the number of licenses acquired. NOTE: The Motorola RF Management Software is a recommended utility to plan the deployment of the switch and view its configuration once operational. Motorola RFMS can help optimize the positioning and configuration of a switch and access ports in respect to a WLAN’s MU throughput requirements.
Page 164: Configuring Access Port Radios
Description Displays a user assigned name for the radio. AP Type Displays the type of access port detected. The switch supports Motorola AP-300 model access ports. Type Use the Type to identify whether the radio is 802.11a radio or an 802.11bg radio.
Page 165 4-83 Network Setup Parent AP MAC Displays the access port's Ethernet MAC (the device MAC address that is printed Address on the casing of the unit). Please do not confuse this BSSID MAC with the access port's Ethernet MAC address. MAC Address The Base Radio MAC is the radio's first MAC address when it is adopted by the Switch.
Page 166 4-84 WS5100 Series Switch System Reference Guide channels and moves the radio to the channel where it is least likely to have interference from the other radios. Use the Export option to move the contents of the table to a Comma Separated Values file (CSV).
Page 167 4-85 Network Setup Port Authentication To configure the port authentication settings on an access port: 1. Select Network > Access Port Radios from the main menu tree. 2. Click the Configuration tab. 3. Click the Global Settings button. 4. Click the Configure Port Authentication button.
Page 168 4-86 WS5100 Series Switch System Reference Guide settings as well as a set of advanced properties in case its transmit and receive capabilities need to be adjusted. NOTE: The screen display can vary slightly depending on whether the access port radio is an 802.11a or 802.11bg model.
Page 169 MU RSSI information. RSSI data (as obtained by at least three detecting radios) can be used by the Motorola RFMS application to triangulate the location of a MU on a site map representative of the actual physical dimensions of the switch radio coverage area.
Page 170 4-88 WS5100 Series Switch System Reference Guide 14.In most cases, the default settings for the Advanced Properties are sufficient. If needed, additional Advanced Properties can be modified for the following: Antenna Diversity Use the drop-down menu to configure the Antenna Diversity settings for access ports using external antennas.
Page 171 4-89 Network Setup Beacon Interval Specify a beacon interval in units of 1,000 microseconds (K-us). This is a multiple of the DTIM value, for example, 100: 10. (See "DTIM Period," below). A beacon is a packet broadcast by the adopted access ports to keep the network synchronized. Included in a beacon is information such as the WLAN service area, the radio-port address, the broadcast destination addresses, a time stamp, and indicators about traffic and delivery such as a DTIM.
Page 172 4-90 WS5100 Series Switch System Reference Guide Supported rates allow an 802.11 network to specify the data rate it supports. When a MU attempts to join the network, it checks the data rate used on the network. If a rate is selected as a basic rate, it is automatically selected as a supported rate.
Page 173: Viewing Ap Statistics
4-91 Network Setup 3. Click the button to display at screen containing settings for adding a radio 4. Enter the device MAC Address (the physical MAC address of the radio). Ensure this address is the actual hard-coded MAC address of the device. 5.
Page 174 4-92 WS5100 Series Switch System Reference Guide 2. Click the Statistics tab. 3. To select the time frame for the radio statistics, select either Last 30s Last Hr above the statistics table. • Select the Last 30s radio button to display statistics for the last 30 seconds for the radio.
Page 175 4-93 Network Setup 5. Select a radio from those displayed and click the Details button for additional radio information in rae data format. For more information, see Viewing AP Statistics in Detail on page 4-93. 6. Select a radio from those displayed and click the Graph button for additional radio performance information in graphical format.
Page 176 4-94 WS5100 Series Switch System Reference Guide Avg Bit Speed Displays the average bit speed in Mbps on the selected radio. This includes all packets that are sent and received. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
Page 177: Configuring Wlan Assignment
4-95 Network Setup 3. Select a radio index from the table displayed in the Statistics screen and click the Graph button. 4. Select a checkbox to display that metric charted within the graph. Do not select more than four checkboxes at any one time. 5.
Page 178 4-96 WS5100 Series Switch System Reference Guide 4. Select a radio from the table to view WLAN assignment information. The WLAN Assignment tab is divided into two fields; Select Radios Assigned WLANs. 5. Refer to the Select Radios field for the following information Index Displays the numerical index (device identifier) used with the radio.
Page 179: Configuring Wmm
4-97 Network Setup 3. Select a radio from the table and click the Edit button. Select Radio/BSS field displays the WLANs associated to each of the BSSIDs used by the radios within the radio table. Use Select/Change Assigned WLANs field to edit the WLAN assignment. 4.
Page 180 4-98 WS5100 Series Switch System Reference Guide 2. Click the tab. WMM information displays per radio with the following information: Index Displays the identifier assigned to each WLAN index, each index is assigned a unique identifier such as (1/4, 1/3, etc.).
Page 181 4-99 Network Setup 4. Select a radio and click the Edit button to modify its properties. For more information, see Editing WMM Settings on page 4-99. 4.7.4.1 Editing WMM Settings Use the Edit screen to modify a WMM profile's properties (AIFSN, Tx Op, Cw Min and CW Max). Modifying these properties may be necessary as Access Categories are changed and transmit intervals need to be adjusted to compensate for larger data packets and contention windows.
Page 182: Configuring Access Point Radio Bandwidth
4-100 WS5100 Series Switch System Reference Guide 7. Enter a value between 0 and 15 for the Contention Window maximum value. The CW Maximum is combined with the CW Minimum to define the Contention Window. From this range, a random number is selected for the back off mechanism. Lower values are used for higher priority traffic.
Page 183: Viewing Access Port Adoption Defaults
4-101 Network Setup Index The Index is the numerical index (device identifier) used with the device radio. Use this index (along with the radio name) to differentiate the radio from other device radios. Description The displayed name is the name used with the device radio. Use this name (along with the radio index) to differentiate the radio from other device radios.
Page 184 4-102 WS5100 Series Switch System Reference Guide 2. Click the Configuration tab. 3. Refer to the following information as displayed within the Configuration tab: Type Displays whether the radio is an 802.11a radio or an 802.11 bg model radio Placement Displays the default placement when an radio auto-adopts and takes on the default settings.
Page 185 4-103 Network Setup 4.8.1.1 Editing Default Access Port Adoption Settings Use the Edit screen to dedicate a target radio as a detector radio, as well as change the radios settings (placement, power and channel) and advanced properties (antenna setting, maximum associations, adoption preference etc.).
Page 186 4-104 WS5100 Series Switch System Reference Guide 9. Within the Radio Settings field, configure the Placement of the radio as either Indoors or Outdoors. The setting will affect the selection channel and power levels. Default is Indoor. 10.Select a channel for communications between the access port and MUs in the Desired Channel field.
Page 187 4-105 Network Setup RTS Threshold Specify a Request To Send (RTS) threshold (in bytes) for use by the WLAN's adopted access ports. RTS is a transmitting station's signal that requests a Clear To Send (CTS) response from a receiving station. This RTS/CTS procedure clears the air where many MUs (or nodes) are contending for transmission time.
Page 188 4-106 WS5100 Series Switch System Reference Guide 14.Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.
Page 189: Configuring Layer 3 Access Port Adoption
4-107 Network Setup 4.8.2 Configuring Layer 3 Access Port Adoption The configuration activity required for adopting access ports in a layer 3 environment is unique. In a layer 3 environment, switch discovery is attempted in the following ways: • On the local VLAN •...
Page 190 4-108 WS5100 Series Switch System Reference Guide 2. Click the WLAN Assignment tab. The Assigned WLANs tab displays two fields: Select Radios/BSS Select/Change Assigned WLANs. 3. With the Select Radios/BSS field, select the radio type to configure (802.11a or 802.11bg) from the Select Radio drop-down menu.
Page 191: Configuring Wmm
4-109 Network Setup 6. Click Apply to save the changes made within the screen. 7. Click Revert to cancel the changes made and revert back to the last saved configuration. 4.8.4 Configuring WMM Use the tab to review each radio type, as well as the Access Category that defines the data (Video, Voice, Best Effort and Background) the radio has been configured to process.
Page 192 4-110 WS5100 Series Switch System Reference Guide CW Min The CW Min is combined with the CW Max to define the Contention Window. From this range, a random number is selected for the back off mechanism. Lower values are used for higher priority traffic.
Page 193: Viewing Access Port Status
4-111 Network Setup 5. Enter a number between 0 and 65535 for the Transmit Ops value. The Transmit Ops value is the maximum duration a device can transmit after obtaining a transmit opportunity. For Higher-priority traffic categories, this value should be set higher. 6.
Page 194 4-112 WS5100 Series Switch System Reference Guide 2. Click the Adopted AP tab. 3. Refer to the Adopted AP screen for the following information: MAC Address Displays the radio's first MAC address when it is adopted by the switch. Model Displays the model number of the access port.
Page 195: Viewing Unadopted Access Ports
4-113 Network Setup 5. Click the Convert to Sensor button to convert the selected adopted AP to a sensor that can be used with the Wireless Intrusion Detection System (WIDS) application. WIDS uses sensors to collect data transmitted by 802.11a and 802.11b/g compliant devices and sends the data to a centralized server for analysis and correlation.
Page 196: Multiple Spanning Tree
4-114 WS5100 Series Switch System Reference Guide Unadopted AP tab displays the following information: Index Displays a numerical identifier used to associate a particular access port with a set of statistics and can help differentiate the access port from other access ports with similar attributes.
Page 197 4-115 Network Setup The following definitions describe the STP instances that define an MST configuration: • Common Spanning (CST) – MST runs a single spanning tree instance (called the Common Spanning Tree) that interconnects all the bridges in a network. This instance treats each region as a single bridge. In all other ways, it operates exactly like Rapid Spanning Tree (RSTP).
Page 198: Configuring A Bridge
4-116 WS5100 Series Switch System Reference Guide 4.10.1 Configuring a Bridge Use the Bridge tab to configure the Bridge. This window displays bridge configuration details for the switch. To configure the MSTP bridge: 1. Select Network > Multiple Spanning Tree from the main menu tree.
Page 199 4-117 Network Setup Error Disable Timeout Select this option to enable an error disable-timeout facility. The error disable- timeout is used to set a timeout value for ports disabled resulting from a BPDU guard. The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU-guard enabled port.
Page 200: Viewing And Configuring Bridge Instance Details
4-118 WS5100 Series Switch System Reference Guide CIST Bridge Forward Displays the configured forward delay period. Delay CIST Bridge Maximum Enter the CIST bridge maximum age received from the root bridge. If this is the root bridge, the value will be equal to the Configured Max Age.
Page 201 4-119 Network Setup Internal Root Cost Displays the configured path cost on a link connected to this port within the internal MSTP region. Root Port Displays the MAC address of the root port. Master Port Displays the MAC address of the master port. VLANs Displays the number of VLANs included in this MSTP instance.
Page 202: Configuring A Port
4-120 WS5100 Series Switch System Reference Guide 6. Click Cancel to disregard the changes. 4.10.3 Configuring a Port Use the Port tab to view and configure MST port parameters, including enabling/disabling the spanning tree algorithm on one or more ports (displaying the designated bridge and port/root information).
Page 203 4-121 Network Setup AdminPort PortFast Displays the portfast BPDU filter for the admin port. The Spanning Tree Protocol BPDU Filter sends BPDUs from all ports. Enabling the BPDU Filter ensures PortFastenabled admin ports do not transmit or receive BPDUs. OperPort PortFast Displays a portfast BPDU filter for the oper port.
Page 204: Editing A Mst Port Configuration
4-122 WS5100 Series Switch System Reference Guide Admin Edge Port A green checkmark defines the listed index enabled as an Admin Edge Port, and a red “X” defines the listed index as not being an Admin Edge Port. Oper Edge Port An oper edge port transitions MST data into a forwarding state.
Page 205: Viewing And Configuring Port Instance Details
4-123 Network Setup Port auto Edge Select the checkbox to use the port as an operational edge port. Port Guard Root Select this checkbox to support guard root for this port index. Guard root ensures the port is a designated port. Typically, each guard root port is a designated port, unless two or more ports (within the root bridge) are connected together.
Page 206 4-124 WS5100 Series Switch System Reference Guide 2. Select the PortInstance tab. The Port Instance table displays the following: Displays the port instance ID. Index Displays the port index. State Displays the availability status of the port. Role Displays the state of the port. It can be either Enabled or Disabled.
Page 207 4-125 Network Setup 4.10.4.1 Editing a Port Instance Configuration To edit and reconfigure Port Instance parameters. 1. Select a row from the port table and click the Edit button. Most of the MST Port Instance parameters can be reconfigured, as indicated below. Port Instance ID Read only indicator of the instance ID used as a basis for other modifications.
Page 208 4-126 WS5100 Series Switch System Reference Guide...
Page 209: Chapter 5. Switch Services
Switch Services This chapter describes the Services main menu information available for the following switch configuration activities.: • Displaying the Services Interface • DHCP Server Settings • Configuring Secure NTP • Configuring Switch Redundancy • Layer 3 Mobility • Configuring Self Healing •...
Page 210: Displaying The Services Interface
5-2 WS5100 Series Switch System Reference Guide 5.1 Displaying the Services Interface Refer to the Services main menu interface to review a summary describing the availability of several central features within the Services main menu item. NOTE: When the switch’s configuration is successfully updated (using the Web UI), the effected screen is closed without informing the user their change was successful.
Page 211: Dhcp Server Settings
Switch Services Layer 3 Mobility Displays whether Layer 3 Mobility is currently enabled or disabled. Layer 3 mobility is a mechanism which enables a MU to maintain the same Layer 3 address while roaming throughout a multi-VLAN network. This enables the transparent routing of IP datagrams to MUs during their movement, so data sessions can be initiated while they roam (in for voice applications in particular).
Page 212: Configuring The Switch Dhcp Server
5-4 WS5100 Series Switch System Reference Guide 5.2.1 Configuring the Switch DHCP Server The switch contains an internal Dynamic Host Configuration Protocol (DHCP) Server. DHCP can provide the dynamic assignment of IP addresses automatically. DHCP is a protocol that includes mechanisms for IP address allocation and delivery of host-specific configuration parameters from a DHCP server to a host.
Page 213 Switch Services 5. Refer to the following as displayed within Network Pool field. Displays the name of the IP pool from which IP addresses can be issued to DHCP Pool Name client requests on the current interface. The pool is the range of IP addresses available.
Page 214 5-6 WS5100 Series Switch System Reference Guide • A p-peer (peer-to-peer node) uses directed calls to communicate with a known NetBIOS name server, such as a Windows Internet Name Service (WINS) server, for the IP address of a NetBIOS machine.
Page 215 Switch Services 2. Click the button at the bottom of the screen. 3. Enter the name of the IP pool from which IP addresses can be issued to client requests on this interface. 4. Provide the Domain name as appropriate for the interface using the pool.
Page 216 5-8 WS5100 Series Switch System Reference Guide 7. From the Network field, use the Associated Interface drop-down menu to define the switch interface is used for the newly created DHCP configuration. Use VLAN1 as a default interface if no others have been defined.
Page 217 Switch Services 2. Highlight an existing pool name from within either the Configuration or Host Pool tab and click the Options Setup button at the bottom of the screen 3. Click the Insert button to display an editable field wherein the name and value of the DHCP option can be added.
Page 218: Viewing The Attributes Of Existing Host Pools
5-10 WS5100 Series Switch System Reference Guide 2. Highlight an existing pool name from within either the Configuration or Host Pool tabs and click the DDNS button at the bottom of the screen. 3. Enter a Domain Name which represents the forward zone in the DNS server. For example test.net.
Page 219 5-11 Switch Services 2. Select the Host Pool 3. Refer to the following information to assess whether the existing group of DHCP pools is sufficient: Pool Name Displays the name of the IP pool from which IP addresses can be issued to DHCP client requests on this interface.
Page 220: Configuring Excluded Ip Address Information
5-12 WS5100 Series Switch System Reference Guide 8. Click the DDNS button to configure a DDNS domain and server address that can be used with the list of available pools. For more information, see Configuring DHCP Server DDNS Values on page 5-9.
Page 221: Configuring The Dhcp Server Relay
5-13 Switch Services 5.2.4 Configuring the DHCP Server Relay Refer to the Relay tab to view the current DHCP Relay configurations for available switch VLAN interfaces. The Relay tab also displays the VLAN interfaces for which the DHCP Relay is enabled/configured. The Gateway Interface address information is helpful in selecting the interface suiting the data routing requirements between the External DHCP Server and DHCP client (present on one of the switch’s available VLANs).
Page 222 5-14 WS5100 Series Switch System Reference Guide 2. Click the Relay tab. 3. Refer to the Interfaces field for the names of the interfaces available to route information between the DHCP Server and DHCP clients. If this information is insufficient, consider creating a new IP pool or edit an existing pool.
Page 223: Viewing Ddns Bindings
5-15 Switch Services d. Click Cancel to close the dialog without committing updates to the running configuration. 5.2.5 Viewing DDNS Bindings DDNS Bindings tab displays mappings between client IP addresses and domain names. DDNS keeps a domain name linked to a changing IP address. Typically, when a user connects to a network, the user’s ISP assigns an unused IP address from a pool of IP addresses (usually done through a DHCP server).
Page 224: Viewing Dhcp Bindings
5-16 WS5100 Series Switch System Reference Guide 3. Refer to the contents of the DDNS Bindings tab for the following information: IP Address Displays the IP address assigned to the client. Domain Name Displays the domain name mapping corresponding to the IP address listed in the left-hand side of the tab.
Page 225: Reviewing Dhcp Dynamic Bindings
5-17 Switch Services 5.2.7 Reviewing DHCP Dynamic Bindings Dynamic DHCP bindings automatically map a hardware address to an IP address from a pool of available addresses. The Dynamic Bindings tab displays only automatic bindings. To view detailed Dynamic DHCP Binding Status information: 1.
Page 226: Configuring The Dhcp User Class
5-18 WS5100 Series Switch System Reference Guide 5.2.8 Configuring the DHCP User Class The DHCP server assigns IP addresses to clients based on user class option names. Clients with a defined set of user class option names are identified by their user class name.
Page 227 5-19 Switch Services 2. Select the User Class tab. 3. Click the button from the User Class Name section. The DHCP server groups clients based on user class option values. DHCP Clients with the defined set of user class option values are identified by class. a.
Page 228: Configuring Dhcp Pool Class
5-20 WS5100 Series Switch System Reference Guide 3. Select an existing DHCP user class name from the list and click on the Edit button from the DHCP User Class Name section. a. The User Class Name is a display field and cannot be modified.
Page 229 5-21 Switch Services 2. Select the Pool Class tab to view the DHCP pool class details. 3. Refer to the Pool Class Names field to configure a pool class. A pre configured pool and class must exist to configure a pool class. Address Ranges section displays the address ranges associated with the pool class.
Page 230 5-22 WS5100 Series Switch System Reference Guide b. Select a address range and click Remove to delete that particular address range. 7. Refer to the Status field. It displays the current state of the requests made from the applet. Requests are any “SET/GET”...
Page 231: Configuring Secure Ntp
5-23 Switch Services 5.3 Configuring Secure NTP Secure Network Time Protocol (SNTP) is central for networks that rely on their switch to supply system time. Without an SNTP implementation, switch time is unpredictable, which can result in data loss, failed processes and compromised security.
Page 232 5-24 WS5100 Series Switch System Reference Guide 2. Select the Configuration tab. 3. An ACL Id must be created before it is selectable from any of the drop-down menus. Refer to the Access Group field to define the following: Supply a numeric ACL ID from the drop-down menu to provide the ACL full access.
Page 233: Configuring Symmetric Key
5-25 Switch Services Listen to NTP Select this checkbox to allow the switch to listed over the network for SNTP Broadcasts broadcast traffic. Once enabled, the switch and the SNTP broadcast server must be on the same network. Broadcast Delay Enter the estimated round-trip delay (between 1 and 999999 seconds) for SNTP broadcasts between the SNTP broadcast server and the switch.
Page 234 5-26 WS5100 Series Switch System Reference Guide 3. Refer to the Symmetric Key screen to view the following information. Displays a Key ID between 1-65534. The Key ID is a abbreviation allowing the Key ID switch to reference multiple passwords. This makes password migration easier and more secure between the switch and its NTP resource.
Page 235: Defining A Sntp Neighbor Configuration
5-27 Switch Services 11.Click Cancel to close the dialog without committing updates to the running configuration. 5.3.3 Defining a SNTP Neighbor Configuration The switch’s SNTP association can be either a neighboring peer (the switch synchronizes to another associated device) or a neighboring server (the switch synchronizes to a dedicated SNTP server resource). Refer to the NTP Neighbor tab to assess the switch’s existing configurations (both peer and server) and, if...
Page 236: Adding An Ntp Neighbor
5-28 WS5100 Series Switch System Reference Guide Preferred Source Displays whether this NTP resource is a preferred NTP resource. Preferred sources (those with a checkmark) are contacted before non-preferred resources. There can be more than one preferred source. Displays a NTP version between 1 and 4. Currently version three and four NTP Version implementations of NTP are available.
Page 237 5-29 Switch Services 6. Select the Broadcast Server checkbox to allow the switch to listen over the network for NTP broadcast traffic. The switch’s NTP configuration can be defined to use broadcast messages instead of messaging between fixed NTP synchronization resource addresses. Use a NTP broadcast to listen for NTP synchronization packets within a network.
Page 238: Viewing Sntp Associations
5-30 WS5100 Series Switch System Reference Guide 5.3.5 Viewing SNTP Associations The interaction between the switch and a SNTP server constitutes an association. SNTP associations can be either a peer association (the switch synchronizes to the another system or allows another system to synchronize to it), or a server association (only the switch synchronizes to the SNTP resource, not the other way around).
Page 239 5-31 Switch Services Delay (sec) Displays the round-trip delay (in seconds) for SNTP broadcasts between the SNTP server and the switch. Offset (sec) Displays the calculated offset between the switch and SNTP server. The switch adjusts its clock to match the server's time value. The offset gravitates toward zero over time, but never completely reduces its offset to zero.
Page 240: Viewing Sntp Status
5-32 WS5100 Series Switch System Reference Guide 5.3.6 Viewing SNTP Status Refer to the SNTP Status tab to display performance (status) information relative to the switch’s current NTP association. Verifying the switch’s SNTP status is important to assess which resource the switch is currently getting its system time from, as well as the time server’s current differences in time attributes as...
Page 241: Configuring Switch Redundancy
5-33 Switch Services The total round-trip delay in seconds. This variable can take on both positive and Root delay negative values, depending on the relative time and frequency offsets. The values that normally appear in this field range from negative values of a few milliseconds to positive values of several hundred milliseconds.
Page 242 5-34 WS5100 Series Switch System Reference Guide on the other switches at the same time. This is done by the cluster-protocol running on WS1, by duplicating the commands and sending them to the group over the virtual connection: After sending the command to other members, the cluster-management protocol (at WS1) waits for a response from the members of the redundancy group.
Page 243 5-35 Switch Services user can make use of any switch as the group centralized management entity (using the cluster-management context). To view status and membership data and define a redundancy group configuration, refer to the following: • Reviewing Redundancy Status •...
Page 244 5-36 WS5100 Series Switch System Reference Guide Heartbeat Period is the interval heartbeat messages are sent. Heartbeat Heartbeat Period messages discover the existence and status of other members within the group. Configure an interval between 1 and 255 seconds. The default value is 5seconds.
Page 245: Reviewing Redundancy Status
5-37 Switch Services Trigger Displays the event causing the redundancy group state change on the switch. Description Displays a redundancy event description defining the redundancy group state change on the switch. Typical states include Redundancy Disabled or Redundancy Enabled. 4. Click Apply to save any changes to the screen.
Page 246 5-38 WS5100 Series Switch System Reference Guide 3. Refer to the Status field to assess the current state of the redundancy group. Redundancy state is Displays the state of the redundancy group. When the redundancy feature is disabled, the state is “Disabled.” When enabled, it goes to a “Startup” state. From “Startup”...
Page 247 5-39 Switch Services Adoption capacity on Displays the AP adoption capability for this switch. Compare this value with the this switch adoption capacity for the entire cluster to determine if the cluster members (or this switch) have adequate adoption capabilities. For information on licensing rules impacting redundancy group members, see Redundancy Group License Aggregation Rules on page...
Page 248: Configuring Redundancy Group Membership
5-40 WS5100 Series Switch System Reference Guide 5.4.2 Configuring Redundancy Group Membership The redundancy group should be disabled to conduct an Add/Delete operation. There are a minimum of 2 members needed to comprise a Redundancy Group, including the initiating switch To configure switch redundancy memberships: 1.
Page 249 5-41 Switch Services License Count Displays the number of licenses installed on this member. Mode The Redundancy Mode could be Active or Standby depending on the mode configuration on the member. Refer to the Configuration screen to change the mode. 4.
Page 250 5-42 WS5100 Series Switch System Reference Guide 4. Refer to the following redundancy member information: IP Address Displays the IP addresses of the members of the redundancy group. There are a minimum of 2 members needed to define a redundancy group, including this current module.
Page 251 5-43 Switch Services Rogue APs Displays the number of Rogue APs detected by each member. Use this information to discern whether these radios represent legitimate threats to other members of the redundancy group. Self Healing Radios Displays the number of self healing radios on each detected member. These radios can be invaluable if other radios within the redundancy group were to experience problems requiring healing by another radio.
Page 252: Redundancy Group License Aggregation Rules
5-44 WS5100 Series Switch System Reference Guide 5.4.3 Redundancy Group License Aggregation Rules The following are rules governing license usage amongst members of a redundancy group: • A redundancy group license is determined by adding individual switch licenses. • Do not allow different port speed/duplex settings on members. Each members should have the settings.
Page 253: Configuring Layer 3 Mobility
5-45 Switch Services 5.5.1 Configuring Layer 3 Mobility Layer 3 mobility is a mechanism enabling a MU to maintain the same Layer 3 address while roaming throughout a multi-VLAN network. This enables transparent routing of IP datagrams to MUs during their movement, so data sessions can be maintained while they roam (in for voice applications in particular).
Page 254 5-46 WS5100 Series Switch System Reference Guide • Forward and reverse data paths for traffic originating from and destined to MUs that have roamed from one L3 subnet to another are symmetric. To configure Layer 3 Mobility for the switch: 1.
Page 255: Defining The Layer 3 Peer List
5-47 Switch Services 10.Click the Revert button to disregard any changes made within this screen and revert back to the last saved configuration. 5.5.2 Defining the Layer 3 Peer List The Layer 3 Peer List contains the IP addresses MUs are using to roam amongst various subnets. This screen is helpful in displaying the IP addresses available to those MUs requiring access to different subnet resources.
Page 256: Reviewing Layer 3 Peer List Statistics
5-48 WS5100 Series Switch System Reference Guide 5. Click the button to display a screen used for adding the IP address to the list of addresses available for MU Layer 3 roaming. Enter the IP addresses in the area provided and click the...
Page 257 5-49 Switch Services 2. Select the Peer Statistics tab. 3. Refer to the following information within the Peer Statistics tab: Peer IP Displays the IP addresses of the peer switches within the mobility domain. Each peer can support up to 500 MUs. JOIN Events Displays the number of JOIN messages sent and received.
Page 258: Reviewing Layer 3 Mu Status
5-50 WS5100 Series Switch System Reference Guide L2-ROAMs Displays the number of Layer 2 ROAM messages sent and received. When a MU sent/rcvd roams to a new switch on a different layer 3 network (MU is mapped to a different VLAN ID), it sends a L3-ROAM message to the home switch with the new IP information for the current switch it is associated with.
Page 259: Configuring Self Healing
5-51 Switch Services 5.6 Configuring Self Healing The switch supports a feature called Self Healing that enables radios to take corrective action when one or more radios fail. To enable the feature the user must specify radio neighbors that would self heal if either one goes down.
Page 260: Configuring Self Healing Neighbor Details
5-52 WS5100 Series Switch System Reference Guide 5. Click the Revert button to disregard any changes made within this screen and revert back to the last saved configuration. 5.6.1 Configuring Self Healing Neighbor Details The Neighbor Details page displays all the radios configured on the switch and their neighbor designations.
Page 261 5-53 Switch Services Action Displays the self healing action configured for the radio. Options include: • Raise Power - The transmit power of the radio is increased when a neighbor radio is not functioning as expected. • Open Rates - Radio rates are decreased to support all rates when a neighbor radio is not functioning as expected.
Page 262 5-54 WS5100 Series Switch System Reference Guide 3. Select an existing neighbor and click the Edit button. The radio index and description display in the upper right corner of the screen. The Available Radios value represents the radios that can be added as a neighbor for the target radio.
Page 263: Configuring Switch Discovery
5-55 Switch Services 5.7 Configuring Switch Discovery Switch discovery enables the SNMP discovery (location) of devices. To discover devices in the specified range of IP addresses, the switch Web UI sends SNMP GET requests (using the user specified SNMP v2 or v 3 version) to all IP addresses on the specified network.
Page 264 IP address and SNMP version. Motorola recommends editing a profile only if some of its attributes are still valid, if the profile is obsolete, delete it and create a new one.
Page 265 5-57 Switch Services If SNMP v3 is used with a discovering profile, a V3 Authentication screen displays. The User Name and Password are required to match the name used by the remote network management software of the discovered switch. When the credentials of the V2 Read Community or V3 Authentication screens are satisfied, the switch discovery process begins.
Page 266: Viewing Discovered Switches
5-58 WS5100 Series Switch System Reference Guide End IP Address Enter the ending numeric (non DNS) IP address from where the search for available network devices is conducted SNMP Version Use the drop-down menu to define the SNMP version (either v2 or v3) used for discovering available network devices.
Page 267 5-59 Switch Services 3. Refer to the following within the Recently Found Devices screen to discern whether a located device should be deleted from the list or selected to have its Web UI launched and its current configuration modified. IP Address Displays the IP address of the discovered switch.
Page 268: Configuring Sole Support
5-60 WS5100 Series Switch System Reference Guide 5.8 Configuring SOLE Support The switch has the ability to use Smart Opportunistic Location Engine (SOLE) adapters to assist in the locationing of devices within the switch managed network. The switch currently supports the use of AeroScout SOLE adapters.
Page 269: Viewing Sole Adapters
5-61 Switch Services 2. Click the Enable button to enable a selected SOLE adapter currently disabled. Enabled column displays a green checkmark next to the SOLE adapter once enabled. A Red X defines the adapter as disabled. NOTE: In order to set the listening MAC in each radio you must use the radio command in the switch’s Command Line Interface (CLI).
Page 270: Reviewing Sole Statistics
5-62 WS5100 Series Switch System Reference Guide 5.8.3 Reviewing SOLE Statistics Periodically review SOLE statistics to determine the extent of the message traffic transmitted and received over the SOLE adapter. To review SOLE statistics: 1. Select Services > SOLE from the main menu tree.
Page 271: Chapter 6. Switch Security
Switch Security This chapter describes the security mechanisms available to the switch. This chapter describes the following security configuration activities: • Displaying the Main Security Interface • AP Intrusion Detection • MU Intrusion Detection • Configuring Wireless Filters • Configuring ACLs •...
Page 272 6-2 WS5100 Series Switch System Reference Guide To view main menu security information: 1. Select Security from the main menu tree. 2. Refer to the following information to discern if configuration changes are warranted: Access Port Intrusion Displays the Enabled or Disabled state of the switch to detect potentially hostile Detection access ports (the definition of which defined by you).
Page 273: Ap Intrusion Detection
Switch Security 6.2 AP Intrusion Detection Use the Access Point Detection menu options to view and configure network related IP information. The Access Point Detection screen consists of the following tabs: • Enabling and Configuring AP Detection • Approved APs (Reported by APs) •...
Page 274 6-4 WS5100 Series Switch System Reference Guide 3. Enable AP assisted scanning and timeout intervals as required. Enable Select the Enable checkbox to enable associated access ports to detect potentially hostile access points (the definition of which defined by you). Once detected, the access points can be added to a list of APs either approved or denied from interoperating within the switch managed network.
Page 275 Switch Security 10.Click the button to display a screen used to enter device information for a new AP added to the Allowed AP list. For more information, see Adding or Editing an Allowed AP on page 6-5. 6.2.1.1 Adding or Editing an Allowed AP To add a new address range or modify the address range used to designate devices as allowed: 1.
Page 276: Approved Aps (Reported By Aps)
6-6 WS5100 Series Switch System Reference Guide 7. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.
Page 277: Unapproved Aps (Reported By Aps)
Switch Security Last Seen (In Displays the time (in seconds) the approved AP was last seen on the network. Seconds) ESSID Displays the SSID of each approved AP. 4. The Number of Approved APs is simply the sum of all of approved access point MAC Addresses detected.
Page 278: Unapproved Aps (Reported By Mus)
6-8 WS5100 Series Switch System Reference Guide Signal Strength (in Displays the Relative Signal Strength Indicator (RSSI) for the detected (and dbm) unapproved) AP. AP’s with a strong signal may pose a more significant risk within the switch managed network.
Page 279: Mu Intrusion Detection
Switch Security 3. The Unapproved APs (Reported by MUs) table displays the following information: BSS MAC Address Displays the MAC Address of each Unapproved AP. These MAC addresses are access points observed on the network (by associated MUs), but have yet to be added to the list of approved APs, and are therefore interpreted as a threat on the network.
Page 280 6-10 WS5100 Series Switch System Reference Guide 2. Click the Configuration tab. The MU Intrusion Detection tab consists of the following two fields: • Collection Settings • Violation Parameters 3. Within the Collection Settings field, set the Detection Window interval (in seconds) the switch uses to scan for MU violations.
Page 281: Viewing Filtered Mus
6-11 Switch Security 5. When using the Frames with known bad ESSIDs violation parameter it is necessary to enter a list of known bad ESSIDs for the violation parameter. To enter this information, select Frames with known bad ESSIDs and then click the Bad Essid Config button to launch a dialogue box where bad ESSIDs can be added and removed.
Page 282: Configuring Wireless Filters
6-12 WS5100 Series Switch System Reference Guide Violation Type Displays the reason the violation occurred for each detected MU. Use the Violation Type to discern whether the detected MU is truly a threat on the switch managed network (and must be removed) or can be interpreted as a non threat. The following violation types are possible: •...
Page 283 6-13 Switch Security 1. Select Security > Wireless Filters from the main menu tree. 2. The Wireless Filters tab is divided into 2 fields: • Filters • Associated WLANs 3. The Filters field contains the following read-only information: MU-ACL Index Displays a numerical identifier used to associate a particular ACL to a range of MAC addresses (or a single MAC address) that are either allowed or denied access to the switch managed network.
Page 284: Editing An Existing Wireless Filter
6-14 WS5100 Series Switch System Reference Guide Authentication Displays the authentication scheme configured for the devices comprising this WLAN. Encryption Displays the encryption method configured for the devices comprising this WLAN. 5. If the properties of an existing filter fulfill to your needs but still require modification to better filter...
Page 285: Adding A New Wireless Filter
6-15 Switch Security 6. Modify the existing Ending MAC for the target Index. Enter the same Starting MAC address within the Ending MAC field to use only the Starting MAC address as either allowed or denied access to the switch managed network. 7.
Page 286: Associating An Acl With Wlan
6-16 WS5100 Series Switch System Reference Guide This rule applies to MUs within the specified Starting and Ending MAC Address range. For example, if the adoption rule is to Allow, access is granted for all MUs within the specified range.
Page 287: Configuring Acls
6-17 Switch Security 5. Refer to the Status field for the state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch. 6. Click to use the changes to the running configuration and close the dialog. 7.
Page 288 6-18 WS5100 Series Switch System Reference Guide • Wireless LAN ACLs - A Wireless LAN ACL is designed to filter/mark packets based on the wireless LAN from which they arrived rather than filtering the packets arrived on L2 ports. For more information, see •...
Page 289 6-19 Switch Security The default idle time-out intervals for different sessions are: • ICMP and UDP sessions— 30 seconds • TCP sessions— 2 hours 6.5.1.2 Port ACLs The switch supports Port ACLs on physical interfaces and inbound traffic only. The following Port ACLs are supported: •...
Page 290: Configuring An Acl
6-20 WS5100 Series Switch System Reference Guide • TOS/DSCP bits in the IP header. NOTE: A Permit All ACL is not supported when using NTP. If a Permit All ACL is used with NTP, the client will not be able to synchronize with the NTP server.
Page 291 6-21 Switch Security ACLs field displays the list of ACLs currently associated with the switch. An ACL contains an ordered list of ACEs. Each ACE specifies a permit or deny designation and a set of conditions the packet must satisfy to match the ACE. Because the switch stops testing conditions after the first match, the order of conditions in the list is critical.
Page 292 6-22 WS5100 Series Switch System Reference Guide 3. Click the button. 4. Select an ACL Type from the drop-down menu. The following options are available: • Standard IP List – Uses source IP addresses for matching operations. • Extended IP List – Uses source and destination IP addresses and optional protocol information for matching operations.
Page 293 6-23 Switch Security 3. Click the button within the Associated Rules field. 4. Use the Precedence field to enter a precedence (priority) value between 1 and 5000. The rules within an ACL will be applied to packets based on their precedence value. Rules with lower precedence are always applied first.
Page 294 6-24 WS5100 Series Switch System Reference Guide 6.5.2.3 Editing an Existing Rule As network and access permission requirements change, existing ACL rules need to be modified to be relevant with new client access requests. To modify an existing ACL rule: 1.
Page 295: Attaching An Acl L2/L3 Configuration
6-25 Switch Security 6.5.3 Attaching an ACL L2/L3 Configuration Use the Attach-L2/L3 screen to view and assign the ACL to a physical interface or VLAN. To attach an interface: 1. Select Security > ACLs from the main menu tree. 2. Click the Attach-L2/L3 tab.
Page 296: Attaching An Acl On A Wlan Interface/Port
6-26 WS5100 Series Switch System Reference Guide 1. Select Security > ACLs from the main menu tree. 2. Click on the Attach-L2/L3 tab. 3. Click the button. 4. Use the Interface drop-down menu to select the interface to configure on the switch. Available options include –...
Page 297 6-27 Switch Security 3. Refer to the following information as displayed within the Attach -WLAN tab: WLAN Index Displays the list of WLANs attached with ACLs. IP ACL Displays the IP ACL configured. MAC ACL Displays the MAC ACL configured. Direction Displays whether the WLAN ACL is configured to work in an inbound or outbound direction.
Page 298: Reviewing Acl Statistics
6-28 WS5100 Series Switch System Reference Guide 4. Define a WLAN Index between 1 and 32. 5. Use the IP ACL drop-down menu to select an IP ACL for the WLAN. 6. Use the MAC ACL drop-down menu to select the MAC ACL for the WLAN interface.
Page 299 6-29 Switch Security 2. Click the Statistics tab. 3. Refer to the following information as displayed within the Statistics tab: Interface Displays the Ethernet 1, Ethernet 2 or VLAN 1 interface used to add the ACL association to the switch. Action Displays the permit, deny or mark designation for the ACL.
Page 300: Configuring Nat Information
6-30 WS5100 Series Switch System Reference Guide 6.6 Configuring NAT Information Network Address Translation NAT provides the translation of an Internet Protocol (IP) address within one network to a different, known IP address within another network. One network is designated as the private network, while the other is public.
Page 301 6-31 Switch Security 3. Refer to the following information as displayed within the Dynamic Translation tab. Type Displays the NAT type as either: • Inside - Applies NAT on packets arriving on interfaces marked as inside. These interfaces should be private networks not accessible from outside (public) networks.
Page 302 6-32 WS5100 Series Switch System Reference Guide 5. Select an existing NAT configuration and click the Delete button to remove it from the list of available configurations. 6. Click the button to display a screen to create a new NAT configuration and add it to the list of available configurations.
Page 303: Defining Static Nat Translations
6-33 Switch Security 7. Use the Interface drop-down menu to select the VLAN used as the communication medium between the source and destination points within the NAT configuration. Ensure the VLAN selected represents the intended network traffic within the NAT supported configuration. VLAN1 is available by default. 8.
Page 304 6-34 WS5100 Series Switch System Reference Guide 3. Refer to the following information as displayed within the Static Translation tab. Type Displays the NAT type as either: • Inside - The set of networks subject to translation. These are the internal addresses you are trying to prevent from being exposed to the outside world.
Page 305 6-35 Switch Security 3. Click the button. 4. Define the NAT Type from the drop-down menu. Options include: • Inside - The set of networks subject to translation. These are the internal addresses you are trying to prevent from being exposed to the outside world. •...
Page 306: Configuring Nat Interfaces
6-36 WS5100 Series Switch System Reference Guide 13.Click Cancel to close the dialog without committing updates to the running configuration. 6.6.3 Configuring NAT Interfaces The NAT Interface is the VLAN used to route switch data traffic between the source and destination address locations within the switch-managed network.
Page 307: Viewing Nat Status
6-37 Switch Security 5. If an interface is obsolete or of no use to the NAT translation process, select it and click the Delete button to remove it from the list of interfaces available 6. If modifying an existing interface is not a valid option, consider configuring a new interface. To define a new NAT interface: a.
Page 308 6-38 WS5100 Series Switch System Reference Guide 3. Refer to the following to assess the validity and total NAT translation configurations available to the switch. Inside-Global Displays the internal global pool of addresses (allocated out of the switch’s private address space but relevant to the outside) you are trying to prevent from being exposed to the outside world.
Page 309: Configuring Ike Settings
Setting IKE Policies • Viewing SA Statistics NOTE: By default, the IKE feature is enabled. Motorola does not support disabling the IKE server. NOTE: The default isakmp policy will not be picked up for IKE negotiation if another crypto isakmp policy is created. For the default isakmp policy to be picked up for AAP adoption you must first create the default isakmp policy as a new policy with default parameters.
Page 310 6-40 WS5100 Series Switch System Reference Guide 2. Click the Configurations tab. During IKE negotiations, peers must identify themselves to one another. Thus, the configuration you define is the identification medium for device recognition. 3. Set a Keep Alive interval (in seconds) the switch uses for monitoring the continued presence of a peer and report of the client's continued presence.
Page 311: Setting Ike Policies
6-41 Switch Security 9. If the properties of an existing peer IP address, key and aggressive mode designation are no longer relevant and cannot be edited, click the button to create a new pre-shared key a. Select the Peer IP Address checkbox to associate an IP address with the specific tunnel used by a group of peers or, select the Distinguished Name...
Page 312 6-42 WS5100 Series Switch System Reference Guide A IKE policy matches when they have the same encryption, hash, authentication and Diffie-Hellman settings. The SA lifetime must also be less than or equal to the lifetime in the policy sent. If the lifetimes do not match, the shorter lifetime applies.
Page 313 IPSec security associations quickly. Encryption strength is great enough to ensure security without using fast rekey times. Motorola recommends using the default value. DH Group Displays the Diffie-Hellman (DH) group identifier. IPSec peers use the defined value to derive a shared secret without transmitting it to one another.
Page 314: Viewing Sa Statistics
6-44 WS5100 Series Switch System Reference Guide a. Configure a set of attributes for the new IKE policy: Priority Define the priority for the IKE policy. The available range is from 1 to 65,543, with 1 being the highest priority value.
Page 315 6-45 Switch Security 2. Click the SA Statistics tab. 3. Refer to the information displayed within SA Statistics tab to discern the following: Index Displays the alpha-numeric name (index) used to identify individual SAs. Phase 1 done Displays whether this index is completed with the phase 1 (authentication) credential exchanged between peers.
Page 316: Configuring Ipsec Vpn
Security associations are unidirectional and established per security protocol. To configure IPSec security associations, Motorola uses the Crypto Map entries. Crypto Map entries created for IPSec pull together the various parts used to set up IPSec security associations. Crypto Map entries include transform sets.
Page 317 6-47 Switch Security security parameters in the Crypto Maps at both peers, allows you to specify a lifetime for the IPSec security association, allows encryption keys to change during IPSec sessions and permits Certification Authority (CA) support for a manageable, scalable IPSec implementation. If you do not want IKE with your IPSec implementation, disable it for IPSec peers.
Page 318: Defining The Ipsec Configuration
6-48 WS5100 Series Switch System Reference Guide 6.8.1 Defining the IPSec Configuration Use the IPSec VPN Configuration tab to view the attributes of existing VPN tunnels and modify the security association lifetime and keep alive intervals used to maintain the sessions between VPN peers. From the Configuration tab, transform sets can be created as existing sets, modified or deleted.
Page 319 6-49 Switch Security 4. Refer to the Transform Sets field to view the following data: Name Displays a transform set identifier used to differentiate transform sets. The index is helpful when transform sets with similar attributes need to be revised or discarded.
Page 320 6-50 WS5100 Series Switch System Reference Guide 4. Revise the following information as required to render the existing transform set useful. Name The name is read-only and cannot be modified unless a new transform set is created. AH Authentication Select the...
Page 321 6-51 Switch Security 6. Click to use the changes to the running configuration and close the dialog. 7. Click Cancel to close the dialog without committing updates to the running configuration. 6.8.1.2 Adding a New Transform Set A transform set represents a combination of security protocols and algorithms. During the IPSec security association negotiation, peers agree to use a particular transform set for protecting data flow.
Page 322: Defining The Ipsec Vpn Remote Configuration
6-52 WS5100 Series Switch System Reference Guide ESP Encryption Select the Use ESP checkbox to define the ESP Encryption Scheme. Options Scheme include: • None - No ESP encryption is used with the transform set. • ESP-DES - ESP with the 56-bit DES encryption algorithm.
Page 323 6-53 Switch Security 2. Click the Remote tab. 3. Refer to the Configuration field to define the following: DNS Server Enter the numerical IP address of the DNS Server used to route information to the remote destination of the IPSec VPN. WINS Server Enter the numerical IP address of the WINS Server used to route information to the remote destination of the IPSec VPN.
Page 324: Configuring Ipsec Vpn Authentication
6-54 WS5100 Series Switch System Reference Guide 7. To add a new range of IP addresses, click the button (within the IP Range tab) and define the range in the fields provided. Click when completed to save the changes. 8. Click Cancel to disregard the changes and revert to the last saved configuration.
Page 325 Radius Server, IP address, port, NAS ID and shared secret password. Motorola recommends only modifying an existing Radius Server when its current configuration is no longer viable for providing user authentication. Otherwise, define a new Radius Server.
Page 326: Configuring Crypto Maps
6-56 WS5100 Series Switch System Reference Guide 10.Click the button to display a screen used to add a new User and Password. Enter a User Name and Password and confirm. Click to save the changes. 11.To change an existing user’s password, select the user from within the User Table and click the...
Page 327 6-57 Switch Security 2. Click the Crypto Maps tab. The Crypto Maps screen is divided into 5 tabs, each serving a unique function in the overall Crypto Map configuration. Refer to the following: • Crypto Map Entries • Crypto Map Peers •...
Page 328 6-58 WS5100 Series Switch System Reference Guide SA Lifetime (secs) Displays a SA Lifetime (in seconds) that forces the periodical expiration and re- negotiation of peer credentials. Thus, continually validating the peer relationship. SA Lifetime (Kb) Causes the security association to time out after the specified amount of traffic (in kilobytes) has passed through the IPSec tunnel (using the security association).
Page 329 6-59 Switch Security e. Define a SA Lifetime (Kb) to time out the security association after the specified traffic (in kilobytes) has passed through the IPSec tunnel using the security association. f. Use the ACL ID drop-down menu to permit a Crypto Map data flow using the permissions within the selected ACL.
Page 330 6-60 WS5100 Series Switch System Reference Guide 2. Click the Crypto Maps tab and select Peers. 3. Refer to the read-only information displayed within the Peers tab to determine whether a peer configuration (among those listed) requires modification or a new peer requires creation.
Page 331 6-61 Switch Security a. Define the Seq # /Name for the new peer. b. Enter the name of the IKE Peer used with the Crypto Map to build an IPSec security association. 7. Click to save the configuration of the new Crypto Map peer. 6.8.4.3 Crypto Map Manual SAs To review, revise or add a Crypto Map using a manually defined security association: 1.
Page 332 6-62 WS5100 Series Switch System Reference Guide 5. Select an existing table entry and click the Delete button to remove it from the list of those available to the switch. 6. If a new Crypto Map manual security association requires creation, click the button.
Page 333 6-63 Switch Security 6.8.4.4 Crypto Map Transform Sets A transform set is a combination of security protocols and algorithms defining how the switch protects data. To review, revise or add a Crypto Map transform set: 1. Select Security > IPSec VPN from the main menu tree.
Page 334 6-64 WS5100 Series Switch System Reference Guide 6. If a new Crypto Map transform set requires creation, click the button. a. Select the #/Name. b. Enter the name of the Transform set used with the Crypto Map. 7. Click when completed to save the configuration of the Crypto Map transform set.
Page 335: Viewing Ipsec Security Associations
6-65 Switch Security 3. Refer to the following read-only information displayed within the Interfaces tab. Name Lists the name of the Crypto Maps available for the interface. Interface Name Displays the name of the interface through which IPSec traffic flows. Applying the Crypto Map set to an interface instructs the switch to evaluate all the interface's traffic against the Crypto Map set and to use the specified policy during connection or security association negotiation on behalf of traffic protected by...
Page 336 6-66 WS5100 Series Switch System Reference Guide 3. Refer to the following security association data: Index Displays the numerical (if defined) ID for the security association. Use the index to differentiate the index from others with similar configurations. Local Peer Displays the name of the local peer at the near side of the VPN connection.
Page 337: Configuring The Radius Server
Configuring Radius User Groups • Viewing Radius Accounting Logs NOTE: For hotspot deployment, Motorola recommends using the switch’s onboard Radius server and built-in user database. This is the easiest setup option and offers a high degree of security and accountability.
Page 338 6-68 WS5100 Series Switch System Reference Guide Apart from EAP authentication, the switch allows the enforcement of user-based policies. User-based policies include dynamic VLAN assignment and access based on time of day. The switch uses a default trustpoint. A certificate is required for EAP TTLS,PEAP and TLS Radius authentication (configured with the Radius service).
Page 339: Using The Switch's Radius Server Versus An External Radius
(default users are admin with superuser privileges and operator with monitor privileges). No secondary authentication source is specified. However, Motorola recommends using an external Radius Server as the primary authentication source and the local switch Radius Server as the secondary user authentication source.
Page 340: Defining The Radius Configuration
6-70 WS5100 Series Switch System Reference Guide 6.9.3 Defining the Radius Configuration To configure Radius support on the switch: 1. Select Security > Radius Server from the main menu. 2. Ensure the Configuration tab is selected. 3. Click the Start the RADIUS server link to use the switch’s own Radius server to authenticate users...
Page 341 6-71 Switch Security 6.9.3.1 Radius Client Configuration A Radius client implements a client/server mechanism enabling the switch to communicate with a central server to authenticate users and authorize access to the switch managed network. A Radius client is often an embedded device since it alleviates the need to store detailed user information locally. To configure Radius client support: 1.
Page 342: Configuring Radius Authentication And Accounting
6-72 WS5100 Series Switch System Reference Guide 1. Select Security > Radius Server from the main menu. 2. Ensure the Configuration tab is selected. 3. Select the Proxy Servers tab from the bottom of the Configuration tab. The Proxy Servers tab displays the user ID suffix (index), IP address and port number of the switch’s existing proxy server configurations.
Page 343 6-73 Switch Security To define the Radius authentication and accounting configuration: 1. Select Security > Radius Server from the main menu. 2. Select the Authentication tab. 3. Refer to the Authentication field to define the following Radius authentication information: EAP and Auth Type Specify the EAP type for the Radius server.
Page 344 6-74 WS5100 Series Switch System Reference Guide Cert Trustpoint Click the View/Change button to specify the trustpoint from which the Radius server automatically grants certificate enrollment requests. A trustpoint is a representation of a CA or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration parameters, and an association with one enrolled identity certificate.
Page 345: Configuring Radius Users
6-75 Switch Security 6.9.5 Configuring Radius Users Refer to the Users tab to view the current set of users and groups assigned for the Radius server. The Users tab is employed when Local is selected as the Auth Data Source within the Authentication &...
Page 346 6-76 WS5100 Series Switch System Reference Guide Modify the existing user’s guest designation, password, expiry date and group assignments as required to reflect the user’s current local Radius authentication requirements. 5. If an existing user is no longer needed, select the user from those displayed and click the...
Page 347: Configuring Radius User Groups
6-77 Switch Security a. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch. b. Click to use the changes to the running configuration and close the dialog. c.
Page 348 6-78 WS5100 Series Switch System Reference Guide 2. Select the Groups tab. 3. Refer to the user groups listed to review the following read-only attributes for each group: Name Displays the unique name assigned to each group. The group name should be indicative of the user population within and their shared activity within the switch managed network.
Page 349 6-79 Switch Security This value is read-only within the Groups tab. Click Edit to modify the access assignments of an existing group or click to create a new group with unique access assignments. 6. To modify the attributes of an existing group, select the group from the list of groups displayed and click Edit button.
Page 350: Viewing Radius Accounting Logs
6-80 WS5100 Series Switch System Reference Guide 6.9.7 Viewing Radius Accounting Logs Accounting logs contain information about the use of remote access services by users. This information is of great assistance in partitioning local versus remote users and how to best accommodate each. Remote user information can be archived to a location outside of the switch for periodic network and user permission administration.
Page 351: Creating Server Certificates
6-81 Switch Security 6.10 Creating Server Certificates Use the Server Certificates screen to view existing self-signed certificate values. The values displayed are read-only. The Server Certificates screen also allows an administrator to: • create a certificate request • send it to a Certificate Authority (CA) •...
Page 352 6-82 WS5100 Series Switch System Reference Guide 2. Select the Trustpoints tab. A panel (on the far left of the screen) displays currently enrolled trustpoints. Server Certificate CA Root Certificate tabs display read-only credentials for the certificates in use by the switch. A table displays the following...
Page 353 6-83 Switch Security Organizational Unit If a unit exists within the organization that is representative of the certificate issuer, that name should be displayed here. Common Name If there is a common name (IP address) for the organizational unit issuing the certificate, it displays here.
Page 354 6-84 WS5100 Series Switch System Reference Guide 1. Select the Create new self-signed certificate /certificate request radio button in the wizard and click the Next button. The second page of the wizard contains three editable fields, SelectCertificate Operation, Select a...
Page 355 6-85 Switch Security Select a trustpoint for the new certificate. • Use existing trustpoint - Select an existing trustpoint from the drop-down menu. • Create a new trustpoint - Provide a name for the new trustpoint in the space provided. To specify a key for a new certificate, select one of the following: •...
Page 356 City name is San Jose. This is a required field. Organization Define an Organization for the organization used in the Self-Signed Certificate. By default, it is Motorola, Inc. The user is allowed to modify the Organization name. This is a required field. Organization Unit Enter an Org.
Page 357 6-87 Switch Security Email Address Provide an email address used as the contact address for issues relating to this certificate request. FQDN Enter a fully qualified domain name (FQDN) is an unambiguous domain name that specifies the node's position in the DNS tree hierarchy absolutely. To distinguish an FQDN from a regular domain name, a trailing period is added.
Page 358: Configuring Trustpoint Associated Keys
6-88 WS5100 Series Switch System Reference Guide Using the Wizard Delete Operation The wizard can also be used to delete entire trustpoints, the certificate used with a trustpoint or the CA root certificate use with a trustpoint. Delete trustpoint properties as they become obsolete or the properties of a certificate are no longer relevant to the operation of the switch.
Page 359 6-89 Switch Security 2. Select the Keys tab. The Keys tab displays the following: Key Name Displays the name of the key pair generated separately, or automatically when selecting a certificate. Specify the option within the wizard. Key Sizes Displays the size of the desired key. If not specified, a default key size of 1024 is used.
Page 360 6-90 WS5100 Series Switch System Reference Guide 3. Click the button at the bottom of the screen. 4. Enter a Key Label in the space provided to specify a name for the new key pair. 5. Define the Key Size between 1024 and 2048 bytes.
Page 361: Configuring Enhanced Beacons And Probes
6-91 Switch Security 8. Use the Using drop down-menu to configure whether the log file transfer is sent using FTP or TFTP. 9. Enter the IP Address of destination server or system receiving the target log file. 10.Enter the User ID credentials required to send the file to the target location.
Page 362 • Time when the AP was detected. This information is used by the Motorola RF Management application (or Motorola RFMS) to locate the rogue AP. Motorola RFMS uses this information to physically locate the position of rogues and authorized devices within a site map representative of the physical dimensions of the actual device deployment area.
Page 363 6-93 Switch Security 6. Define a Max Number of APs value to set the number of detected APs displayed in the Beacon Found table. The available range is from 0 to 512. 7. Refer to 802.11a Channel Set field to select channels for the 802.11a transmission band. The channel information is provided to the switch, which then makes an 802.11a radio scan for the configured channels.
Page 364: Configuring The Probe Table
AP forwards the MU’s probe request information to the switch. The switch maintains a table of the probe requests the AP300 receives from MUs. In conjunction with the Motorola RF Management application, the AP locates the rogue MU and displays its location within a Motorola RFMS maintained site map. To configure enhanced beacons: 1.
Page 365: Reviewing Found Beacons
6-95 Switch Security 802.11bg Radios: Click the Enable button to allow the AP’s 802.11bg radios to receive MU probe requests and forward them to the switch. 802.11bg Radios: Click the Disable button to stop AP’s 802.11bg radios from forwarding MU probe requests to the switch.
Page 366: Reviewing Found Probes
6-96 WS5100 Series Switch System Reference Guide Heard Channel Displays the channel frequency when the unadopted AP was detected. Heard Time Displays the time when the unadopted AP was detected. 4. Select the Clear Report button to clear the statistic counters and begin a new data calculation.
Page 367: Chapter 7. Switch Management
Switch Management This chapter describes the Management Access main menu items used to configure the switch. This chapter consists of the following switch management activities: • Displaying the Management Access Interface • Configuring Access Control • Configuring SNMP Access • Configuring SNMP Traps •...
Page 368: Configuring Access Control
7-2 WS5100 Series Switch System Reference Guide To display the main Management screen: 1. Select Management Access from the main menu tree. 2. Refer to the Current Status field to review the following read-only information: Firmware In Use Firmware In Use value displays the software version currently running on the switch.
Page 369 Switch Management 1. Select Management Access > Access Control from the main menu tree. 2. Refer to the Management Settings field to enable or disable the following switch interfaces: Secure Management Select this checkbox to allow management VLAN access to switch resources. The (on Management management VLAN is used to establish an IP connection to the switch from a VLAN only)
Page 370: Configuring Snmp Access
7-4 WS5100 Series Switch System Reference Guide Enable HTTPS Select this checkbox to enable HTTPS access to the switch. This setting is enabled by default. HTTPS Trustpoint Use the Trustpoint drop-down menu to select the local or default trustpoint used with a HTTPS session with the switch.
Page 371: Configuring Snmp V1/V2 Access
Switch Management NOTE: The SNMP facility cannot retrieve a configuration file directly from its SNMP interface. First deposit the configuration file to a computer, then FTP the file to the switch. 7.3.1 Configuring SNMP v1/v2 Access SNMP version 2 (SNMPv2) is an evolution of SNMPv1. The Get, GetNext, and Set operations used in SNMPv1 are exactly the same as those used in SNMPv2.
Page 372: Configuring Snmp V3 Access
7-6 WS5100 Series Switch System Reference Guide 3. Highlight an existing entry and click the Edit button to modify the properties of an existing SNMP V1/v2 community and access control definition. For more information, see Editing an Existing SNMP v1/v2 Community Name on page 7-6.
Page 373 Switch Management CAUTION: The 3.x version WS5100 switch uses 3 unique (default) SNMPv3 user names and passwords for MD5 authentication and DES privacy. If upgrading your configuration from a 1.4.x or 2.x baseline, you will need to change your SNMPv3 usernames and passwords to ensure SNMPv3 interoperation.
Page 374 7-8 WS5100 Series Switch System Reference Guide 4. Highlight an existing v3 entry and click the Edit button to modify the password for the Auth Protocol and Priv Protocol. For additional information, see Editing an Existing SNMP v1/v2 Community Name on page 7-6 5.
Page 375: Accessing Snmp V2/V3 Statistics
Switch Management 7.3.3 Accessing SNMP v2/v3 Statistics Refer to the Statistics screen for a read-only overview of SNMP V2/V3 events and their current values. The screen also displays Usm Statistics (SNMP V3 specific events specific to the User-based Security Model) and their values.
Page 376: Configuring Snmp Traps
7-10 WS5100 Series Switch System Reference Guide Usm Statistics Displays SNMP v3 events specific to Usm. The User-based Security Model (USM) decrypts incoming messages. The module then verifies authentication data. For outgoing messages, the USM module encrypts PDUs and generates authentication data.
Page 377 7-11 Switch Management 1. Select Management Access > SNMP Trap Configuration from the main menu tree. 2. Select the Allow Traps to be generated checkbox to enable the selection (and employment) of all the traps within the screen. Leaving the checkbox unselected means traps must be enabled by category or individually.
Page 378 7-12 WS5100 Series Switch System Reference Guide DHCP Displays a list of sub-items (trap options) specific to the DHCP configuration option. Select an individual trap within this subsection and click the Enable button to enable this specific trap or highlight the DHCP trap family parent item and click Enable all sub-items to enable all traps within the DHCP category.
Page 379: Configuring Trap Thresholds
7-13 Switch Management 7.4.2 Configuring Trap Thresholds Use the Wireless Statistics Thresholds screen to modify existing threshold conditions values for individual trap descriptions. Refer to the greater than, less than and worse than conditions to interpret how the values should be defined. Additionally, the Unit of threshold Values increment should be referenced to interpret the unit of measurement used.
Page 380 7-14 WS5100 Series Switch System Reference Guide Threshold values for: Use the Threshold Name Threshold Conditions as input criteria to define Switch an appropriate Threshold Value unique to the switch. For information on specific values, see Wireless Trap Threshold Values on page 7-15.
Page 381: Wireless Trap Threshold Values
7-15 Switch Management 7.4.2.1 Wireless Trap Threshold Values The table below lists the Wireless Trap threshold values for the switch: # Threshold Name Condition Station Range Radio Range WLAN Range Wireless Units Service Range 1 Packets per Second Greater than A decimal A decimal A decimal...
Page 382: Configuring Snmp Trap Receivers
7-16 WS5100 Series Switch System Reference Guide 7.5 Configuring SNMP Trap Receivers Refer to the Trap Receivers screen to review the attributes of existing SNMP trap receivers (including destination address, port, community and trap version). A new v2c or v3 trap receiver can be added to the existing list by clicking the button.
Page 383: Editing Snmp Trap Receivers
7-17 Switch Management 5. Click the button to display a sub-screen used to assign a new Trap Receiver IP Address, Port Number and v2c or v3 designation to the new trap. Add trap receivers as needed if the existing trap receiver information is insufficient. For more information, see Adding SNMP Trap Receivers on page 7-17.
Page 384 7-18 WS5100 Series Switch System Reference Guide 2. Click the button at the bottom of the screen. 3. Create a new (non DNS name) destination IP address for the new trap receiver to be used for receiving the traps sent by the SNMP agent.
Page 385: Configuring Management Users
7-19 Switch Management 7.6 Configuring Management Users Refer to the Users screen to view the administrative privileges assigned to different switch users. You can modify the roles and access modes assigned to each user. The Users screen also allows you to configure the authentication methods used by the switch.
Page 386 7-20 WS5100 Series Switch System Reference Guide 4. Click on the Edit button to modify the associated roles and access modes of the selected user. By default, the switch has two default users – Admin and Operator. Admin’s role is that of a superuser and Operator the role will be monitored (read only).
Page 387 7-21 Switch Management 5. Select the role you want to assign to the new user from the options provided in the Associated Roles panel. Select one or more of the following options: Monitor Select Monitor to assign regular user permissions without any administrative rights.
Page 388 7-22 WS5100 Series Switch System Reference Guide 5. Select the user role from the options provided in the Associated Roles field. Select one or more of the following options: Monitor If necessary, modify user permissions without any administrative rights. The Monitor option provides read-only permissions.
Page 389 7-23 Switch Management 7.6.1.3 Creating a Guest Admin and Guest User Optionally, create a guest administrator for creating guest users with specific usernames, start and expiry times and passwords. Each guest user can be assigned access to specific user groups to ensure they are limited to just the group information they need, and nothing additional.
Page 390: Configuring Switch Authentication
7-24 WS5100 Series Switch System Reference Guide 5. Assign the guest-admin WebUser Administrator access. NOTE: To create guest users, a guest administrator must be assigned a WebUser Administrator access mode. None of the other modes launch the required Guest User Configuration screen upon login.
Page 391 7-25 Switch Management 2. Select the Authentication tab. 3. Refer to the Authentication methods field for the following: Preferred Method Select the preferred method for authentication. Options include: • None - No authentication • Local - The user employs a local user authentication resource. This is the default setting.
Page 392 7-26 WS5100 Series Switch System Reference Guide Shared Secret Displays the shared secret used to verify Radius messages (with the exception of the Access-Request message) are sent by a Radius-enabled device configured with the same shared secret. The shared secret is a case-sensitive string (password) that can include letters, numbers, or symbols.
Page 393 7-27 Switch Management 4. Modify the following Radius Server attributes as necessary: Radius Server Index Displays the read-only numerical Index value for the Radius Server to help distinguish this server from other servers with a similar configuration (if necessary). The maximum number that can be assigned is 32. Radius Server IP Modify the IP address of the external Radius server (if necessary).
Page 394 7-28 WS5100 Series Switch System Reference Guide 3. Click the button at the bottom of the screen. 4. Configure the following Radius Server attributes: Radius Server IP Provide the IP address of the external Radius server. Ensure this address is a valid Address IP address and not a DNS name.
Page 395: Chapter 8. Diagnostics
NOTE: HTTPS must be enabled to access the switch applet. Ensure HTTPS access has been enabled before using the login screen to access the switch applet. NOTE: The Motorola RF Management Software is a recommended utility to plan the deployment of the switch and view its configuration once operational. Motorola RFMS can help optimize the positioning and configuration of a switch and assist in the troubleshooting of performance issues as they are encountered in the field.
Page 396: Switch Environment
8-2 WS5100 Series Switch System Reference Guide NOTE: When the switch’s configuration is successfully updated (using the Web UI), the effected screen is closed without informing the user their change was successful. However, if an error were to occur, the error displays within the effected screen’s Status field and the screen remains displayed.
Page 397: Cpu Performance
5. Use the Temperature Sensors field to monitor the CPU and system temperatures. This information is extremely useful in assessing if the switch exceeds its critical limits. Unlike a WS5100 Series Switch, a RF7000 Series Switch has six sensors.
Page 398: Switch Memory Allocation
8-4 WS5100 Series Switch System Reference Guide 4. The Load Limits field displays the maximum CPU load limits for the last 1, 5, and 15 minutes. The limits displayed coincide with periods of increased or decreased switch activity. The maximum CPU load threshold can be manually configured.
Page 399: Switch Disk Allocation
Diagnostics 5. The Buffers field displays buffer usage information. The Buffers field consists the following information: Name The name of the buffer. Usage Buffers current usage The buffer limit. Limit 6. Click the Apply button to commit and apply the changes. 7.
Page 400: Switch Memory Processes
8-6 WS5100 Series Switch System Reference Guide 8.1.5 Switch Memory Processes Processes tab displays the number of processes in use and percentage of memory usage limit per process. 1. Select Diagnostics from the main tree menu. 2. Select the Processes 3.
Page 401: Configuring System Logging
Diagnostics 2. Select the Other Resources tab. Keep the Cache allocation in line with cache expectations required within the switch managed network. 3. Define the maximum limit for each resource accordingly as you expect these resources to be utilized within the switch managed network. 4.
Page 402 8-8 WS5100 Series Switch System Reference Guide 2. Select the Log Options tab. 3. Select the Enable Logging Module checkbox to enable the switch to log system events to a user defined log file or a syslog server. 4. Select the Enable Logging to Buffer checkbox to enable the switch to log system events to a buffer.
Page 403: File Management
Diagnostics 7. Use the Logging aggregation time parameter to define the increment (or interval) system events are logged (0-60 seconds). The shorter the interval, the sooner the event is logged. 8. Click Apply to save the changes made to the screen. This will overwrite the previous configuration. 9.
Page 404 Log Files on page 8-12. 8.2.2.1 Viewing the Entire Contents of Individual Log Files Motorola recommends the entire contents of a log file be viewed to make an informed decision whether to transfer the file or clear the buffer. The View screen provides additional details about a target file by allowing the entire contents of a log file to be reviewed.
Page 405 8-11 Diagnostics 3. Select an individual log file whose properties you wish to display in detail and click the View button. 4. Refer to the following for information on the elements that can be viewed within a log file: Timestamp Displays the date, year and time of day the log file was initially created.
Page 406 8-12 WS5100 Series Switch System Reference Guide Mnemonic Use the Mnemonic as a text version of the severity code information. A mnemonic is convention for the classification, organization, storage and recollection of switch information. Description Displays a high-level overview of the event, and (when applicable) message type, error or completion codes for further clarification of the event.
Page 407 8-13 Diagnostics 9. If Server has been selected as the source, enter the IP Address of the destination server or system receiving the log file. Ensure the IP address is valid or risk jeopardizing the success of the log file transfer. 10.If Server has been selected as the source, enter the User ID credentials required to send the log file to...
Page 408: Reviewing Core Snapshots
8-14 WS5100 Series Switch System Reference Guide 8.3 Reviewing Core Snapshots Use the Core Snapshots screen to view the core snapshots (system events and process failures with a .core extension) logged by the system. Core snapshots are issues impacting switch core (or distribution layer).
Page 409 8-15 Diagnostics 2. Select a target file, and select the Transfer Files button. 3. Use the From drop-down menu to specify the location from which the log file is sent. If only the applet is available as a transfer location, use the default switch option. 4.
Page 410: Reviewing Panic Snapshots
8-16 WS5100 Series Switch System Reference Guide 8.4 Reviewing Panic Snapshots Refer to the Panic Snapshots screen for an overview of the panic files available. Typically, panic files refer to switch events interpreted as critical conditions (and thus requiring prompt attention). Use the information displayed within the screen to make informed decisions whether a target file should be discarded or transferred to a secure location for permanent archive.
Page 411: Viewing Panic Details
8-17 Diagnostics 6. Click the Transfer Files button to open the transfer dialogue to transfer the file to another location. For more information, see Transferring Panic Files on page 8-17. 8.4.1 Viewing Panic Details Use the View facility to review the entire contents of a panic snapshot before transferring or deleting the file.
Page 412 8-18 WS5100 Series Switch System Reference Guide 5. Use the drop-down menu (within the Target field) to define whether the target panic file is to be sent to the system's local disk (Local Disk) or to an external server (Server).
Page 413: Debugging The Applet
8-19 Diagnostics 8.5 Debugging the Applet Refer to the Applet Debugging screen to debug the applet. This screen allows you to view and debug system events by a criticality level you define. 1. Select Diagnostics > Applet Debugging from the main menu. 2.
Page 414: Configuring A Ping
8-20 WS5100 Series Switch System Reference Guide 6. Select the message deployed when a bug is raised. What Kind of message should be seen field allows you to select a range of parameters for returned messages while debugging. Move your mouse pointer over a message checkbox for a message description.
Page 415 8-21 Diagnostics 2. Refer to the following information displayed within the Configuration tab: Description Displays the user assigned description of the ping test. The name is read-only. Use this title to determine whether this test can be used as is or if a new ping test is required.
Page 416: Modifying The Configuration Of An Existing Ping Test
8-22 WS5100 Series Switch System Reference Guide 8.6.1 Modifying the Configuration of an Existing Ping Test The properties of an existing ping tests can be modified to ping an existing (known) device whose network address attributes may have changed and require modification to connect (ping) to it.
Page 417: Adding A New Ping Test
8-23 Diagnostics 8.6.2 Adding a New Ping Test If the attributes of an existing ping test do not satisfy the requirements of a new connection test, and you do not want to modify an existing test, a new test can be created and added to the list of existing ping tests displayed within the Configuration tab.
Page 418: Viewing Ping Statistics
8-24 WS5100 Series Switch System Reference Guide 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch 6.
Page 419 8-25 Diagnostics Max RTT Displays the longest round trip time for ping packets transmitted from the switch to its destination IP address. This may reflect the time when data traffic was at its most congested for the two devices. Average RTT Displays the average round trip time for ping packets transmitted between the switch and its destination IP address.
Page 420 8-26 WS5100 Series Switch System Reference Guide...
Page 421: Appendix A Customer Support
• Software type and version number Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner for support.
Page 422 A-2 WS5100 Series System Reference Guide...
Page 423 An adaptive AP (AAP) is an AP-51XX access point that can adopt like an AP300 (L3). The management of an AAP is conducted by the switch, once the access point connects to a Motorola WS5100 or RFS7000 model switch and receives its AAP configuration.
Page 424 B - 2 WS5100 Series Switch System Reference Guide B.1.1 Where to Go From Here Refer to the following for a further understanding of AAP operation: • “B.1.2 Adaptive AP Management” • “B.1.3 Types of Adaptive APs” • “B.1.4 Licensing”...
Page 425 Appendix B: Adaptive AP B - 3 B.1.3 Types of Adaptive APs Two low priced AP-5131 SKU configurations are being introduced allowing customers to take advantage of the adaptive AP architecture and to reduce deployment costs. These dependent mode AP configurations are a software variant of the AP-5131 and will be functional only after the access point is adopted by a wireless switch.
Page 426 B - 4 WS5100 Series Switch System Reference Guide B.1.5 Switch Discovery For an AP-51XX to function as an AAP (regardless of mode), it needs to connect to a switch to receive its configuration. There are two methods of switch discovery: •...
Page 427 Appendix B: Adaptive AP B - 5 ** The AP-51xx uses an encryption key to hash passphrases and security keys. To obtain the encryption passphrase, configure an AP-51xx with the passphrase and export the configuration file. B.1.5.2 Manual Adoption Configuration A manual switch adoption of an AAP can be conducted using: •...
Page 428 B - 6 WS5100 Series Switch System Reference Guide B.1.7 Adaptive AP WLAN Topology An AAP can be deployed in the following WLAN topologies: • Extended WLANs - Extended WLANs are the centralized WLANs created on the switch • Independent WLANs - Independent WLANs are local to an AAP and can be configured from the switch.
Page 429 Appendix B: Adaptive AP B - 7 B.1.11 Remote Site Survivability (RSS) RSS can be used to turn off RF activity on an AAP if it loses adoption (connection) to the switch. RSS State Independent WLANs Extended WLANs RSS Enabled WLAN continues beaconing WLAN continues beaconing but AP does allow clients to associate on that WLAN...
Page 430 B - 8 WS5100 Series Switch System Reference Guide B.2 Supported Adaptive AP Topologies The following AAP topologies are supported with the WS5100: • “B.2.2 Extended WLANs Only” • “B.2.3 Independent WLANs Only” • “B.2.3 Extended WLANs with Independent WLANs”...
Page 431 LAN1. If the WAN Interface is used, explicitly configure WAN as the default gateway interface. • Motorola recommends using the LAN1 interface for adoption in multi-cell deployments. • If you have multiple independent WLANs mapped to different VLANs, the AAP's LAN1 interface requires trunking be enabled with the correct management and native VLAN IDs configured.
Page 432 B - 10 WS5100 Series Switch System Reference Guide B.2.4 Extended VLAN with Mesh Networking Mesh networking is an extension of the existing wired network. There is no special configuration required, with the exception of setting the mesh and using it within one of the two extended VLAN configurations.
Page 433 Appendix B: Adaptive AP B - 11 To avoid a lengthy broken connection with the switch, Motorola recommends generating an SNMP trap when the AAP loses adoption with the switch. NOTE For additional information (in greater detail) on the AP configuration activities described above, see “B.4.1 Adaptive AP...
Page 434 B - 12 WS5100 Series Switch System Reference Guide B.4.1 Adaptive AP Configuration An AAP can be manually adopted by the switch, adopted using a configuration file (consisting of the adaptive parameters) pushed to the access point or adopted using DHCP options. Each of these adoption techniques is described in the sections that follow.
Page 435 Appendix B: Adaptive AP B - 13 5. Select the Enable AP-Switch Tunnel option to allow AAP configuration data to reach a switch using a secure VPN tunnel. 6. If using IPSec as the tunnel resource, enter the IPSec Passkey to ensure IPSec connectivity.
Page 436 B - 14 WS5100 Series Switch System Reference Guide 3. Ensure the Adopt unconfigured radios automatically option is NOT selected. When disabled, there is no automatic adoption of non-configured radios on the network. Additionally, default radio settings will NOT be applied to access ports when automatically adopted.
Page 437 Appendix B: Adaptive AP B - 15 NOTE Additionally, a WLAN can be defined as independent using the "wlan <index> independent" command from the config-wireless context.
Page 438 B - 16 WS5100 Series Switch System Reference Guide Once an AAP is adopted by the switch, it displays within the switch Access Port Radios screen (under the Network parent menu item) as an AP-5131 or AP-5181 within the AP Type column.
Page 439 Appendix B: Adaptive AP B - 17 B.4.4. Sample Switch Configuration File for IPSec and Independent WLAN The following constitutes a sample WS5100 switch configuration file supporting an AAP IPSec with Independent WLAN configuration. Please note new AAP specific CLI commands in and relevant comments in blue.
Page 440 B - 18 WS5100 Series Switch System Reference Guide ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh no service pm sys-restart timezone America/Los_Angeles license AP xyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxxyxyxyx wireless no adopt-unconf-radio enable manual-wlan-mapping enable wlan 1 enable wlan 1 ssid qs5-ccmp...
Page 441 Appendix B: Adaptive AP B - 19 radio 1 rss enable radio add 2 00-15-70-00-79-30 11a aap5131 radio 2 bss 1 5 radio 2 bss 2 1 radio 2 bss 3 2 radio 2 channel-power indoor 48 8 radio 2 rss enable radio 2 base-bridge max-clients 12 radio 2 base-bridge enable radio add 3 00-15-70-00-79-12 11bg aap5131...
Page 442 B - 20 WS5100 Series Switch System Reference Guide switchport trunk allowed vlan add 1-9,100,110,120,130,140,150,160,170, switchport trunk allowed vlan add 180,190,200,210,220,230,240,250, static-channel-group 1 interface ge2 switchport access vlan 1 interface ge3 switchport mode trunk switchport trunk native vlan 1 switchport trunk allowed vlan none...
Page 444 MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-103894-01 Revision A January 2008...

Motorola WS5100 Series Reference Manual

Chapter 1. Overview

Chapter 2. Switch Web UI Access and Image Upgrades

Chapter 3. Switch Information

Chapter 4. Network Setup

Chapter 5. Switch Services

Chapter 6. Switch Security

Chapter 7. Switch Management

Chapter 8. Diagnostics

Appendix A Customer Support

Quick Links

Related Manuals for Motorola WS5100 Series

Summary of Contents for Motorola WS5100 Series