hit counter script
Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual

Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual

Wireless switch
Hide thumbs Also See for WS2000 - Wireless Switch - Network Management Device:
Table of Contents

Advertisement

WS 2000 Wireless Switch
System Reference Guide

Advertisement

Table of Contents
loading

Summary of Contents for Motorola WS2000 - Wireless Switch - Network Management Device

  • Page 1 WS 2000 Wireless Switch System Reference Guide...
  • Page 2 © 2007 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
  • Page 3: Table Of Contents

    Contents Chapter 1: Product Overview 1.1 WS2000 Wireless Switch System Reference Guide ............1-2 1.1.1 About this Document .
  • Page 4 TOC-2 WS2000 Wireless Switch System Reference Guide 3.2.1 The DHCP Configuration ............... . . 3-4 3.2.2 Advanced DHCP Settings .
  • Page 5 TOC-3 5.3.3 Configuring Kerberos Authentication ............. . 5-10 5.3.4 Setting the Encryption Method.
  • Page 6 TOC-4 WS2000 Wireless Switch System Reference Guide 6.2.1 Configuring the RADIUS Server ..............6-5 6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication .
  • Page 7 TOC-5 8.2 Configuring Hotspot................8-2 8.2.1 Enabling Hotspot on a WLAN .
  • Page 8 TOC-6 WS2000 Wireless Switch System Reference Guide 12.2 The Plan ..................12-3 12.3 Contacting the Wireless Switch .
  • Page 9 TOC-7 Chapter 13: Command Line Interface Reference 13.1Admin and Common Commands ............... . 13-9 WS2000>admin>...
  • Page 10 TOC-8 WS2000 Wireless Switch System Reference Guide 13.9Network AP Mesh commands............... . . 13-53 admin(network.ap)>mesh .
  • Page 11 TOC-9 WS2000>admin(network.lan.dhcp)> add ............13-93 WS2000>admin(network.lan.dhcp)>...
  • Page 12 TOC-10 WS2000 Wireless Switch System Reference Guide 13.26Network WAN VPN Commands ..............13-136 WS2000>admin(network.wan)>...
  • Page 13 TOC-11 13.32Network WLAN Rogue AP Locate Commands ............13-185 WS2000>admin(network.wlan.rogueap.roguelist)>...
  • Page 14 TOC-12 WS2000 Wireless Switch System Reference Guide WS2000>admin(network)> ipfilter ............. . 13-223 WS2000>...
  • Page 15 TOC-13 WS2000> admin(system.config)> loadtocf............13-269 13.52System Logs Commands .
  • Page 16 TOC-14 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius)> proxy ............13-306 WS2000>admin(system.radius.proxy)>...
  • Page 17 TOC-15 WS2000>admin(system.userdb.user)> guest ........... . . 13-352 WS2000>admin(system.userdb.user.guest)>...
  • Page 18 TOC-16 WS2000 Wireless Switch System Reference Guide...
  • Page 19: Product Overview

    Product Overview 1.1 WS2000 Wireless Switch System Reference Guide ............1-2 1.1.1 About this Document .
  • Page 20: Ws2000 Wireless Switch System Reference Guide

    1-2 WS2000 Wireless Switch System Reference Guide 1.1 WS2000 Wireless Switch System Reference Guide This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use during the initial setup and configuration of the system.
  • Page 21: System Overview

    Product Overview 1.2 System Overview The WS 2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS 2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks.
  • Page 22: Hardware Overview

    1-4 WS2000 Wireless Switch System Reference Guide 1.3 Hardware Overview The WS 2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or router).
  • Page 23: Ws 2000 Wireless Switch Led Functions

    Product Overview 1.3.2 WS 2000 Wireless Switch LED Functions The switch has a large blue LED on the right front that indicates that the switch is powered on. Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs.
  • Page 24: Software Overview

    1-6 WS2000 Wireless Switch System Reference Guide 1.4 Software Overview The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components: 1.4.1 Operating System (OS) Services Operating System (OS) Services determine how the WS 2000 Wireless Switch communicates with existing network and operating system-centric software services, including: •...
  • Page 25 Getting Started 2.1 Getting Started with the WS2000 Wireless Switch ............2-2 Step 1: Install the Switch .
  • Page 26: Getting Started With The Ws2000 Wireless Switch

    2-2 WS2000 Wireless Switch System Reference Guide 2.1 Getting Started with the WS2000 Wireless Switch This section provides just enough instruction to set up the WS2000 Wireless Switch, connect an Access Port, and test communications with a single mobile unit (MU) and the wide area network (WAN). The configuration suggestions made here are just the minimum needed to test the hardware.
  • Page 27 Getting Started NOTE: For optimum compatibility use Sun Microsystems’ JRE 1.4 or higher (available from Sun’s website), and be sure to disable Microsoft’s Java Virtual Machine if it is installed. The following screen displays. 4. Log in using “admin” as the User ID and “symbol”...
  • Page 28: Step 3: Set The Basic Switch Setting

    2-4 WS2000 Wireless Switch System Reference Guide Step 3: Set the Basic Switch Setting 1. Enter a System Name for the wireless switch. The specified name appears in the lower-left corner of the configuration screens, beneath the navigation tree. This name can be a useful reminder if multiple Symbol wireless switches are being administered.
  • Page 29: Step 4: Configure The Lan Interface

    Getting Started Step 4: Configure the LAN Interface The first step of network configuration process is to figure out the topology of the LAN. The WS2000 Wireless Switch allows the administrator to enable and configure four different subnets. The administrator can assign an IP address, port associations, and DHCP settings for each subnet.
  • Page 30: Step 5: Configure Subnet1

    2-6 WS2000 Wireless Switch System Reference Guide Step 5: Configure Subnet1 The WS2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of four subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch-managed local area network (LAN).
  • Page 31: Step 6: Configure The Wan Interface

    Getting Started Step 6: Configure the WAN Interface A wide area network (WAN) is a widely dispersed telecommunications network. In a corporate environment, the WAN port might connect to a larger corporate network. For a small business, the WAN port might connect to a DSL or cable modem to access the Internet.
  • Page 32: Setting Up Point-To-Point Over Ethernet (Pppoe) Communication

    DSL router). • The two DNS Server fields specify DNS addresses of servers that can translate domain names, such as www.motorola.com, into IP addresses that the network uses when passing information. The Secondary DNS Server acts as a backup to the...
  • Page 33: Step 7: Enable Wireless Lans (Wlans)

    Getting Started Step 7: Enable Wireless LANs (WLANs) The WS2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable up to four wireless LANs (WLANs).
  • Page 34: Step 8: Configure Wlan Security

    2-10 WS2000 Wireless Switch System Reference Guide Step 8: Configure WLAN Security In the previous step, the administrator set parameters for each WLAN that fine tune the performance of the WLAN. In addition, the administrator can set the type and level of security for each WLAN. These security measures do not control communications from the WAN;...
  • Page 35: Mobile Unit Access Control List (Acl)

    Stats). If it does not appear on the MU Stats screen, recheck the network and WEP settings on the mobile device. 4. In the Web browser, enter a URL for a site (such as www.motorola.com) on the WAN. If the site does not appear, go to the WAN Stats screen (Status &...
  • Page 36: Where To Go From Here

    2-12 WS2000 Wireless Switch System Reference Guide 2.2 Where to Go from Here? When full connectivity has been verified, the switch can be configured further to meet the needs of the organization. Refer to the two case studies provided with this reference for specific installation examples. These case studies describe the environment, the desired features, and the configuration selections that were made in two different usage scenarios.
  • Page 37 LAN/Subnet Configuration 3.1 Enabling Subnets for the LAN Interface..............3-2 3.1.1 Defining Subnets.
  • Page 38: Enabling Subnets For The Lan Interface

    3-2 WS2000 Wireless Switch System Reference Guide 3.1 Enabling Subnets for the LAN Interface Subnets are used to maximize the available network addresses and to logically separate the existing organizational network into smaller related networks. The WS 2000 Wireless Switch allows administrators to enable and configure four different subnets for each switch.
  • Page 39: Configuring Subnets

    LAN/Subnet Configuration Address This IP address allows users from outside the subnet (whether from the WAN or from another subnet from the same switch) to access the right subnet. An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1. Interfaces Interfaces field displays which of the six physical LAN ports are associated with the subnet.
  • Page 40: The Dhcp Configuration

    3-4 WS2000 Wireless Switch System Reference Guide 2. Set an IP address to be used for the subnet. The switch uses the IP address to refer to a particular subnet. This IP address could be a WAN address; but is generally a non-routable address. An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1.
  • Page 41: Advanced Dhcp Settings

    LAN/Subnet Configuration 3.2.2 Advanced DHCP Settings 1. Click the Advanced DHCP Server button to display a sub-screen to further customize IP address allocation. 2. If Dynamic DNS services are needed on the subnet, check the box labeled Enable Dynamic DNS. Enabling Dynamic DNS will allow domain name information to be updated when the IP address associated with that domain changes.
  • Page 42: Configuring Subnet Access

    3-6 WS2000 Wireless Switch System Reference Guide 7. Specify a DHCP Lease Time period in seconds for available IP addresses. The DHCP server grants an IP address for as long as it remains in active use. The lease time is the number of seconds that an IP address is reserved for re-connection after its last use.
  • Page 43: The Access Overview Table

    LAN/Subnet Configuration 3.3.1 The Access Overview Table In the overview table, each of the rectangles represents a subnet association. The three possible colors indicate the current access level, as defined, for each subnet association. Color Access Type Description Green Full Access No protocol exceptions (rules) are specified.
  • Page 44 3-8 WS2000 Wireless Switch System Reference Guide 3. Enable or disable logging of firewall access by using the Enable logging check box. When enabled, a log entry is created every time a packet is denied by the action “Deny”. A log entry is created once per session for packets that match the firewall rules when the action is “Allow”.
  • Page 45: Advanced Subnet Access Settings

    LAN/Subnet Configuration Transport Description User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet. Like TCP, UDP runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP provides very few error recovery services and methods. UDP offers a way to directly connect, and then send and receive datagrams over an IP network.
  • Page 46 3-10 WS2000 Wireless Switch System Reference Guide 1. To enable the advanced access settings, check the Override Subnet Access and NAT settings box. The rest of the screen will become active. When this box is not checked, the settings in both the Subnet Access screen (under Firewall) and the NAT screen (under WAN) are disabled;...
  • Page 47 3-11 LAN/Subnet Configuration • Destination IP—The Destination IP range determines the target address(es) for the firewall rule. To configure the Destination IP range, click the field and a new window will pop up to enter the IP address and range. An IP address of 0.0.0.0 indicates all IP addresses. •...
  • Page 48: Bridge Configuration

    (commonly referred to as the root). Motorola recommends assigning a Base Bridge AP with the lowest bridge priority so it becomes the root in the STP. If a root already exists, set the Bridge Priorities of new APs accordingly so the root of the STP does not get altered.
  • Page 49: Virtual Lan (Vlan) Configuration

    3-13 LAN/Subnet Configuration 2. Set the Maximum Message age timer is used with the Message Age timer. The Message Age timer is used to measure the age of the received protocol information recorded for a port, and to ensure the information is discarded when it exceeds the value set for the Maximum Message age timer.
  • Page 50 3-14 WS2000 Wireless Switch System Reference Guide The upper part of the screen is used to set up the VLAN type to be created. 1. Use the pull-down menu to select a VLAN Type for this switch. The two options are User Based Port Based.
  • Page 51: Configuring Ip Filtering

    3-15 LAN/Subnet Configuration NOTE: Trunking VLANs through LAN ports is not available. For more information on trunking VLAN through the WAN port, and for assigning VLANs to WLANs, see Chapter 10, Trunking VLANs Through the WAN Port. 3.7 Configuring IP Filtering IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts.
  • Page 52 3-16 WS2000 Wireless Switch System Reference Guide Transport Description ICMP Internet Control Message Protocol (ICMP) is tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation. Because ICMP uses IP, ICMP packet delivery is unreliable. Hosts cannot count on receiving ICMP packets for a network problem.
  • Page 53: Port Configuration

    3-17 LAN/Subnet Configuration Transport Description RAW_IP RAW IP is used when communication is done directly to the IP layer without using any additional protocols. 4. Select a Port from the pulldown menu for this IP Filtering rule to apply to. The default is and will apply the filtering to all ports on the switch.
  • Page 54 3-18 WS2000 Wireless Switch System Reference Guide...
  • Page 55: Wan Configuration

    WAN Configuration 4.1 Configuring the WAN Interface ............... . 4-2 4.1.1 Configuring WAN IP Information .
  • Page 56: Configuring The Wan Interface

    4-2 WS2000 Wireless Switch System Reference Guide 4.1 Configuring the WAN Interface A wide area network (WAN) is a widely dispersed telecommunications network. In a corporate environment, the WAN port might connect to a larger corporate network. For a small business, the WAN port might connect to a DSL or cable modem to access the Internet.
  • Page 57: Setting Up Point-To-Point Over Ethernet (Pppoe) Communication

    WAN Configuration • The IP Address refers to the IP address that the outside world will use to address the WS 2000 Wireless Switch. • Click the More IP Addresses button to specify additional static IP addresses for the switch. Additional IP addresses are required when users within the LAN need dedicated IP addresses, or when servers in the LAN need to be accessed (addressed) by the outside world.
  • Page 58 4-4 WS2000 Wireless Switch System Reference Guide 4. Check Keep Alive to instruct the switch to continue occasional communications over the WAN even when client communications to the WAN are idle. Some ISPs terminate inactive connections, while others do not. In either case, enabling Keep-Alive mode keeps the switch’s WAN connection alive, even when there is no traffic.
  • Page 59: Configuring The Ws 2000 Firewall

    WAN Configuration 4.2 Configuring the WS 2000 Firewall The WS 2000 Wireless Switch provides a secure firewall/Network Address Translation (NAT) solution for the WAN uplink. The firewall includes a proprietary CyberDefense Engine to protect internal networks from known Internet attacks. It also provides additional protection by performing source routing, IP unaligned timestamp, and sequence number prediction.
  • Page 60: Configurable Firewall Filters

    4-6 WS2000 Wireless Switch System Reference Guide Enter a default timeout value (in seconds) for the switch to use as the timeout value when no matching records are found in the NAT Timeout Table below. This is a global configuration for any TCP/IP packets going through firewall that don't match other values.
  • Page 61 WAN Configuration FTP Bounce Attack Check An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary ports on machines other than the originating client. IP Unaligned Timestamp An IP unaligned timestamp attack uses a frame with the IP timestamp Check option, where the timestamp is not aligned on a 32-bit boundary.
  • Page 62: Configuring Network Address Translation (Nat)

    4-8 WS2000 Wireless Switch System Reference Guide 4.3 Configuring Network Address Translation (NAT) NAT provides the translation of an Internet Protocol (IP) address within one network to a different, known IP address within another network. One network is designated the private network, while the other is the public.
  • Page 63 WAN Configuration 4. If the NAT type is 1 to Many, the 1 to Many button in the adjacent Outbound Mappings field is active, allowing the administrator to specify address assignments for each subnet. If no translation should be done, none should be selected for the subnet. 5.
  • Page 64: Configuring Static Routes

    4-10 WS2000 Wireless Switch System Reference Guide Translation Enter the port to which traffic is sent to after translation. Port 7. Click the Forward all unspecified ports to check box and then specify an IP address to enable port forwarding for incoming packets with unspecified ports. 8.
  • Page 65: Creating User Defined Routes

    4-11 WAN Configuration Subnet 2 If Subnet 2 is enabled, sets it as the Default Gateway Interface for all unspecified routes. Subnet 3 If Subnet 3 is enabled, sets it as the Default Gateway Interface for all unspecified routes. Subnet 4 If Subnet 4 is enabled, sets it as the Default Gateway Interface for all unspecified routes.
  • Page 66 4-12 WS2000 Wireless Switch System Reference Guide 1. Select the RIP Type from the pull-down menu to be one of the following values. No RIP Depending on the RIP Direction setting, the No RIP option partially or completely disal- lows the switch’s router from exchanging routing information with other routers. Routing information may not be appropriate to share, for example, if the switch manages a private LAN.
  • Page 67: Configuring A Virtual Private Network (Vpn)

    4-13 WAN Configuration 4.5 Configuring a Virtual Private Network (VPN) VPNs are IP-based networks that use encryption and tunneling to give users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security.
  • Page 68: Creating A Vpn Tunnel

    4-14 WS2000 Wireless Switch System Reference Guide Use the Auto Initiate Interval to set the interval when the status of all tunnels are checked. This is a global configuration which is common for all the tunnels and is valid only when Auto Initiate is enabled. Normally, when the tunnel’s life time gets over, its gets disconnected.
  • Page 69: Setting Up Vpn Security

    4-15 WAN Configuration 3. Select the subnet that will be the local end of the tunnel from the Local Subnet menu. 4. Specify the IP address to use for the local WAN (Local Wan IP), which should be one of the (up to) eight IP addresses specified in the WAN screen.
  • Page 70 4-16 WS2000 Wireless Switch System Reference Guide 3. Select the authentication and anti-replay method you wish to use for the tunnel from the Authentication menu. None Disables AH authentication and the rest of the fields in this area will not be active. Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal) authentication keys.
  • Page 71: Setting Up Automatic Key Exchange

    4-17 WAN Configuration AES 128-bit This option selects the Advanced Encryption Standard algorithm in use with 128-bit (32- character hexadecimal) keys. AES 192-bit This option selects the Advanced Encryption Standard algorithm in use with 192-bit (48- character hexadecimal) keys. AES 256-bit This option selects the Advanced Encryption Standard algorithm in use with 256-bit (64- character hexadecimal) keys.
  • Page 72 4-18 WS2000 Wireless Switch System Reference Guide 3. Forward secrecy is a key-establishment protocol that guarantees that the discovery of a session key or a long-term private key will not compromise the keys of any other sessions. Select from the Perfect Forward Secrecy menu to enable this option.
  • Page 73: Setting Up Internet Key Exchange (Ike)

    4-19 WAN Configuration 3DES This option selects the 3DES encryption algorithm, which requires 192-bit (48-character hexadecimal) keys. When creating keys for 3DES, the first 8 bytes cannot equal the sec- ond 8 bytes, and the second 8 bytes cannot equal the third 8 bytes. AES 128-bit This options selects the Advanced Encryption Standard algorithm in use with 128-bit (32-character hexadecimal) keys.
  • Page 74 4-20 WS2000 Wireless Switch System Reference Guide 3. Select the Operation Mode for IKE. The Phase I protocols of IKE are based on the ISAKMP identity- protection and aggressive exchanges. IKE main mode refers to the identity-protection exchange, and IKE aggressive mode refers to the aggressive exchange.
  • Page 75: Vpn: Frequently Asked Questions

    4-21 WAN Configuration AES 128-bit This options selects the Advanced Encryption Standard algorithm in use with 128-bit (32-character hexadecimal) keys. AES 192-bit This options selects the Advanced Encryption Standard algorithm in use with 192-bit (48-character hexadecimal) keys. AES 256-bit This options selects the Advanced Encryption Standard algorithm in use with 256-bit (64-character hexadecimal) keys.
  • Page 76 4-22 WS2000 Wireless Switch System Reference Guide An allow outbound rule: <Local Subnet IP range> <Remote Subnet IP range> Transport Src port 1:65535 Dst port 1:65535 Rev NAT None For IKE, an allow inbound rule: <Remote Gateway IP address> <Wan IP address> Transport Src port 1:65535...
  • Page 77 4-23 WAN Configuration 4.5.6.4 How do I specify which certificates to use from the WS 2000 certificate manager to be used for an IKE policy? When generating a certificate to be used with IKE, you must use one of the following fields: IP address, Domain Name, or E-mail address.
  • Page 78 4-24 WS2000 Wireless Switch System Reference Guide 4.5.6.7 How can I setup the WS 2000 switch to accept VPN tunnels from gateways that have a DHCP WAN address? To accept a VPN tunnel from a unknown (DHCP) address, the WS 2000 Wireless Switch operates in what is called responder-only mode.
  • Page 79: Configuring Content Filtering

    4-25 WAN Configuration 4.6 Configuring Content Filtering Content filtering allows system administrators to block specific commands and URL extensions from going out through the WS 2000 switch’s WAN port. This feature allows blocking up to 10 files or URL extensions and allows blocking of specific outbound HTTP, SMTP, and FTP requests.
  • Page 80 4-26 WS2000 Wireless Switch System Reference Guide SAML (Send and Mail) This command initiates a mail transaction where mail data is sent to one or more local mailboxes and remote terminals. RESET (Reset) This command cancels the current mail transaction and informs the recipient to discard any data sent during this transaction.
  • Page 81: Configuring Dyndns

    4-27 WAN Configuration 4.7 Configuring DynDNS The WS 2000 Wireless Switch provides support for using the DynDNS service. Dynamic DNS is a feature offered by www.dyndns.com which allows the mapping of domain names to dynamically assigned IP addresses. When the dynamically assigned IP address of a client changes that new IP address is sent to the DynDNS servers and traffic for the specified domain(s) is routed to the new IP address.
  • Page 82 4-28 WS2000 Wireless Switch System Reference Guide...
  • Page 83: Wireless Configuration

    Wireless Configuration 5.1 Enabling Wireless LANs (WLANs) ..............5-3 5.1.1 WLAN Summary .
  • Page 84 5-2 WS2000 Wireless Switch System Reference Guide 5.11 Wireless Intrusion Detection System..............5-38 5.11.1 WIDS Configuration .
  • Page 85: Chapter 5: Wireless Configuration

    Wireless Configuration 5.1 Enabling Wireless LANs (WLANs) The WS 2000 Wireless Switch works in either a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. To use the wireless features of the switch, the administrator needs to enable one, two, or three wireless LANs (WLANs).
  • Page 86: Ap Adoption Configuration

    5-4 WS2000 Wireless Switch System Reference Guide The screen also displays the following information: 1. By default, the switch assigns consecutive Extended Service Set Identification (ESSIDs). This is the name that users will see when accessing the wireless network. The ESSID can be given any recognizable alphanumeric string up to 32 characters in length.
  • Page 87 Wireless Configuration 5.1.2.1 AP Deny List AP Deny List allows you to prevent individual Access Ports from associating with the switch. For each Access Port you wish to deny, click the button and enter the device’s MAC Address into the field provided.
  • Page 88: Configuring Wireless Lans

    5-6 WS2000 Wireless Switch System Reference Guide 5.2 Configuring Wireless LANs Network Configuration --> Wireless window (covered in Enabling Wireless LANs (WLANs)) is where WLANs are enabled; however, the Network Configuration --> Wireless --> <WLAN name> screen is where the administrator configures each WLAN, after it is enabled. The screen is titled with the name of the WLAN.
  • Page 89: Configuring Wireless Lan Security

    Wireless Configuration corporate network. Leave this checkbox unchecked (default setting) to allow MU-to-MU communications on this WLAN. 2. Check the Answer Broadcast ESS checkbox to enable adopted Access Ports to transmit the WLAN’s Extended Service Set Identification (ESSID). The purpose of allowing WLANs to answer the broadcast ESS is to identify Access Ports that are associated with the WLAN.
  • Page 90: Configuring 802.1X Eap Authentication

    5-8 WS2000 Wireless Switch System Reference Guide The authentication method sets a challenge-response procedure for validating user credentials such as username, password, and sometimes, secret-key information. The WS 2000 Wireless Switch provides two methods for authenticating users: 802.1x EAP and Kerberos. The administrator can select between these two methods.
  • Page 91 Wireless Configuration 5. The administrator can specify a RADIUS Shared Secret for authentication on the primary RADIUS server. Shared secrets are used to verify that RADIUS messages (with the exception of the Access- Request message) are sent by a RADIUS-enabled device that is configured with the same shared secret. The shared secret is a case-sensitive string that can include letters, numbers, or symbols.
  • Page 92: Configuring Kerberos Authentication

    5-10 WS2000 Wireless Switch System Reference Guide 18.Click the button to save changes. 5.3.3 Configuring Kerberos Authentication Kerberos provides a strong authentication method for client/server applications by using secret-key cryptography. Using this protocol, a client can prove their identity to a server (and vice versa) across an insecure network connection.
  • Page 93: Configuring Wep Encryption

    5-11 Wireless Configuration The available encryption methods also depend on the authentication method used. Kerberos authentication supports only the WEP 128 (104 bit key) KeyGuard encryption methods. 5.3.5 Configuring WEP Encryption Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b.
  • Page 94 5-12 WS2000 Wireless Switch System Reference Guide networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by an unauthorized person. WPA’s encryption method is Temporal Key Integrity Protocol (TKIP). TKIP addresses WEP weaknesses with a re-keying mechanism, a per-packet mixing function, a message integrity check, and an extended initialization vector.
  • Page 95: Configuring Wpa2-Ccmp (802.11I) Encryption

    5-13 Wireless Configuration 5.3.7 Configuring WPA2-CCMP (802.11i) Encryption WPA2 is a newer 802.11i standard that provides stronger wireless security than WiFi Protected Access (WPA) and WEP. CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method.
  • Page 96: Keyguard

    5-14 WS2000 Wireless Switch System Reference Guide Port. This enables the roaming the client to start sending and receiving data sooner by not having to do 802.1x authentication after it roams. Enabling Opportunistic Key Caching allows the switch to use a Pairwise Master Key (PMK) derived with a client on one Access Port with the same client when it roams over to another Access Port.
  • Page 97: Ip Filtering

    5-15 Wireless Configuration 5.3.10 IP Filtering IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. To Configure IP Filtering for the WLAN: 1.
  • Page 98: Configuring Access Ports

    5-16 WS2000 Wireless Switch System Reference Guide mobile units will be allowed access to the Access Port. If Deny is visible, the access criteria will be used to indicated which mobile units should not be allowed access. 2. Click the button to add a new entry to the list.
  • Page 99 5-17 Wireless Configuration The switch can adopt up to six Access Ports at a time, but the number of Access Ports listed can exceed six in number. A dual-radio 802.11a/b Access Port counts as one Access Port with respect to the maximum allowed;...
  • Page 100 5-18 WS2000 Wireless Switch System Reference Guide The following screen is displayed with the settings for the selected Access Port. 3. From this screen, the administrator can change several pieces of information about each Access Port. Name Administrators can change the names of the Access Ports from Access Port# to something much more descriptive, so that they can easily identify which Access Port is being referenced in the various screens and in the left menu.
  • Page 101: Setting Default Access Port Settings

    Wireless Configuration MU dB This is a Motorola specific feature. This value indicates the amount of power in dBm that the MU Power Level should reduce its Tx power by with respect to the Tx power of the AP. This feature is used to reduce Adjustment the amount of radio noise in the environment for better reception.
  • Page 102: Common Settings To All Radio Types

    5-20 WS2000 Wireless Switch System Reference Guide 5.5.1 Common Settings to All Radio Types Some of the settings are common to all three radio types. Channel Click the Channel Selection Mode button to configure how channel selection for the selected Selection Mode AP is determined.
  • Page 103 5-21 Wireless Configuration Antenna Use the drop-down menu to configure the Antenna Diversity settings for Access Ports that use Diversity external antennas. Full Diversity: Utilizes both antennas to provide antenna diversity Primary Only: Enables only the primary antenna Secondary Only: Enables only the secondary antenna NOTE: Antenna Diversity should only be enabled if the Access Port has two matching external antennas.
  • Page 104: Radio-Specific Settings

    5-22 WS2000 Wireless Switch System Reference Guide Beacon Set the Access Port beacon settings by Settings clicking on the Beacon Settings button. Set the following beacon values. Beacon Interval—A beacon is a packet broadcast by the adopted Access Ports to keep the network synchronized.
  • Page 105: Advanced Access Port Settings

    5-23 Wireless Configuration Support Short Check the Support Short Preamble box to allow the Access Port to communicate with Preamble the MUs using a short 56-bit preamble. A preamble is the beginning part of a frame. The preamble comprises such elements as robust carrier sensing, collision detection, equalizer training, timing recovery, and gain adjustment.
  • Page 106: Radio Settings

    Access Port and the MUs. MU dB Power This is a Motorola specific feature. This value indicates the amount of power in dBm that the Level MU should reduce its Tx power by with respect to the Tx power of the AP. This feature is used Adjustment to reduce the amount of radio noise in the environment for better reception.
  • Page 107: Antenna Settings

    5-25 Wireless Configuration Channel Click the Channel Selection Mode button to open a sub-screen where you can select the Selection modes by which channels are selected. The available options are User Selection, Uniform Mode Spreading, and Automatic Selection. Selecting Automatic Selection from the sub-screen enables the Remap Channel button and...
  • Page 108 5-26 WS2000 Wireless Switch System Reference Guide RTS Threshold Set the Request to Send Threshold (RTS Threshold) by specifying a number. RTS is a transmitting station’s signal that requests a Clear To Send (CTS) response from a receiving station. This RTS/CTS procedure clears the air when many mobile units (MUs) are contending for transmission time.
  • Page 109: Quality Of Service Configuration

    5-27 Wireless Configuration Beacon Settings Set the Access Port beacon settings by clicking Beacon Settings button. Beacon Interval A beacon is a packet broadcast by the adopted Access Ports to keep the network synchronized. Included in a beacon is information such as the WLAN service area, the access-port address, the broadcast destination addresses, a time stamp, and indicators about traffic and delivery such as a...
  • Page 110: Setting The Bandwidth Share Mode

    5-28 WS2000 Wireless Switch System Reference Guide 5.7.1 Setting the Bandwidth Share Mode First, specify how the networking resources will be shared. The Bandwidth Share Mode provides three allocation options: Packets are served on a first-come-first-served basis. If this option is selected, the information in the Bandwidth Share for Each WLAN area is ignored.
  • Page 111: Configuring Voice Prioritization And Multicast Address Settings

    5-29 Wireless Configuration Bandwidth Share for Each WLAN Table The fields in this table are: WLAN Name This field lists the WLANs on the switch by name (the same name that you see in the left menu). You cannot change the name of the WLAN in this field. Go to the Wireless screen to change a WLAN name.
  • Page 112: Rogue Access Point (Port) Detection

    5-30 WS2000 Wireless Switch System Reference Guide To set up Port Authentication for all adopted AP 300 Access Ports: 1. In the Username field, specify a 802.1x username for all AP 300 Access Ports adopted by the switch. To use the default username click the <- Default button next to the Username...
  • Page 113: Setting Up The Detection Method

    5-31 Wireless Configuration The Rogue AP Detection screen allows the administrator to determine how thoroughly the switch will search for rogue APs as well as list the approved APs. 5.9.1 Setting Up the Detection Method The WS 2000 Wireless Switch provides three methods for detecting rogue Access Points (APs). Use the top part of the Rogue AP Detection screen to set the method or methods that the switch will use to detect rogue APs.
  • Page 114: Defining And Maintaining Approved Ap List Rules

    5-32 WS2000 Wireless Switch System Reference Guide NOTE: Note that only some access ports have the capability of being a Detector AP, including Symbol AP 100, AP 200, and AP 300 Access Ports. 5. In the Scan Interval field, enter a time interval (in minutes) between detection RF scans. Do this for each of the selected detection methods.
  • Page 115: Examine The Approve And Rogue Access Ports

    5-33 Wireless Configuration 5.9.3 Examine the Approve and Rogue Access Ports This screen displays information about APs known to the switch. All approved APs are listed in the upper table. All rogue APs are listed in the lower table. This screen also allows the administrator to create detection rules from the information collected about approved or rogue APs.
  • Page 116 5-34 WS2000 Wireless Switch System Reference Guide First Seen This field indicates the number of elapsed hours since the rogue AP was first noticed on the network in hours:minutes:seconds. Last Seen This field indicates the number of elapsed hours since the rogue AP was last noticed on the network in hours:minutes:seconds.
  • Page 117 5-35 Wireless Configuration To enable and configure Rogue AP Containment: 1. Check the Enable Rogue AP Containment box to enable this feature. 2. All MUs associated to Rogue APs in the Rogue AP Containment list are deauthenticated by the switch. Deauth Interval value sets the time duration in seconds between two such de-authentications.
  • Page 118: Setting Snmp Traps For Rogue Aps

    5-36 WS2000 Wireless Switch System Reference Guide Details About the Rogue Detector The lower portion of the Rogue AP Detail screen displays information about the AP that detected the rogue. This information if provided to the administrator to help located the rogue. Finder's MAC This is the MAC address for the AP that detected the rogue AP.
  • Page 119: Configuring Wirless Intrusion Protection System (Wips)

    5-37 Wireless Configuration 2. Check the Rogue AP box (in the lower right area of the screen) to generate a trap when a rogue (unauthorized) access port (AP) is detected. The detection process is non-disruptive and will not affect the performance of the switch. The detection functionality is greatly enhanced when the Approved AP list is filled out on the AP List screen under Rogue AP Detection.
  • Page 120: Wireless Intrusion Detection System

    5-38 WS2000 Wireless Switch System Reference Guide 5.11 Wireless Intrusion Detection System The Motorola Wireless Intrusion Detection System (WIDS) protects against a wide range of malicious attacks on the WS2000 Wireless Switch. This feature inspects each packet that is received by the WS2000 and then based on analysis decides if an intrusion is happening on the device.
  • Page 121: Wids Configuration

    5-39 Wireless Configuration WIDS also keep track of anomalies. An anomaly is defined as an event which is different from the general occurrences on a WS2000. The following anomalies are tracked: • null-dst - NULL destination • same-src-dst - Same source and destination address •...
  • Page 122: Filtered Mus

    5-40 WS2000 Wireless Switch System Reference Guide 5.11.2 Filtered MUs The Filtered MUs screen displays a list of all MUs that have been filtered out by WIDS. You can, if required, remove any or all MUs listed in the Filtered MUs table. The Filtered MUs table displays the following: MU MAC The MAC address of the MU that has been filtered out.
  • Page 123: Smart Scan

    5-41 Wireless Configuration 5.12 Smart Scan Each radio, depending on the country it is operating in, provides a large number of channels for data transmission. This means that when a MU roams from one AP to another, it has to scan all the available channels for that radio to find the WLAN it was connected to.
  • Page 124: Self Healing

    5-42 WS2000 Wireless Switch System Reference Guide 5.13 Self Healing A self-healing network is one that is capable of maintaining the availability of the network under all circumstances. The network can self-manage in response to the events that occur within the network. Self heal for WS2000 is provided by the device maintaining a Neighbor Table with entries for each device in its neighborhood.
  • Page 125: Mesh Settings

    Mesh network is supported by the WS2000 Wireless Switch through APs that have mesh network support integrated in them. AP300 from Motorola is an AP that has in built support for Mesh networks. To create and manage a Mesh Network, select [Network Configuration]-->Wireless-->APs/Radios--...
  • Page 126: Mesh Base Setting

    5-44 WS2000 Wireless Switch System Reference Guide 5.14.1 Mesh Base Setting Use the Mesh Base Settings area of the Mess Setting screen to set up the device as a Mesh Base device. To do so: 1. Check the Mesh Base box to set the device as a Mesh Base.
  • Page 127 Administrator and User Access 6.1 Configuring Administrator Access ..............6-2 6.1.1 Selecting the Type of Admin Access .
  • Page 128: Configuring Administrator Access

    6-2 WS2000 Wireless Switch System Reference Guide 6.1 Configuring Administrator Access The WS 2000 Network Management System allows users to log in to perform administration tasks. The switch administrator can change any settings within the WS 2000 Network Management System. The default login name for the switch administrator is “admin”...
  • Page 129: Configuring Secure Shell Connection Parameters

    Administrator and User Access Access Description Port CLI TELNET Allows administrator access to the wireless switch through TELNET. Allows the administrator to access the switch through the command line interface. CLI SSH Allows administrator access to the command line interface of the wireless switch through the Secure Shell (SSH) protocol of TCP/IP.
  • Page 130: Applet Timeout Specification

    6-4 WS2000 Wireless Switch System Reference Guide 3. Click the Apply button to save changes. 6.1.5 Applet Timeout Specification This screen provides a method to set a timeout for an inactive connection from either an HTTP or HTTPs connection. Specify the maximum number of inactive minutes allowed in the HTTP/S Timeout field.
  • Page 131: Configuring The Radius Server

    Administrator and User Access 6.2.1 Configuring the RADIUS Server The WS 2000 Wireless Switch provides an integrated RADIUS server as well as the ability to work with external RADIUS and LDAP servers to provide user database information and authentication. The RADIUS Server page allows the admin to set up data sources, as well as specify authentication information for the built-in RADIUS server.
  • Page 132 6-6 WS2000 Wireless Switch System Reference Guide 4. If TTLS is selected, specify a Default Auth Type for TTLS to use from the pull-down menu. The options MD5, PAP and MSCHAP-V2. • Message Digest 5 (MD5) is a secure hash function which converts a long data stream into a fixed size digest.
  • Page 133: Configuring Lightweight Directory Access Protocol (Ldap) Authentication

    Administrator and User Access 6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication When the RADIUS Data Source is set to use an external LDAP server (see Configuring the RADIUS Server), the LDAP screen is used to provide information about the external LDAP server. Select [User Authentication] -->...
  • Page 134: Setting Up A Proxy Radius Server

    6-8 WS2000 Wireless Switch System Reference Guide Group Member Attribute Specify the Group Member Attribute to be sent to the LDAP server when authenticating the users. The following are the additional settings that are required for the LDAPS data source. Fully Qualified Domain name Enter the fully qualified domain name of the LDAP server that provides authentication information to your RADIUS server.
  • Page 135: Managing The Local User Database

    Administrator and User Access Port Enter the TCP/IP port number for the RADIUS server that will be acting as a proxy server. The default port is 1812. Shared Secret Set a shared secret to be used for each suffix that will be used for authentication with the RADIUS proxy server.
  • Page 136 6-10 WS2000 Wireless Switch System Reference Guide 2. To set a group as a group of Guest users, click the check-box in the Guest column, next to the Groups field. 3. To enable a group access to a particular VLAN, enter the ID in the VLAN ID field for the group.
  • Page 137: Adding New Guest Users Quickly

    6-11 Administrator and User Access 6.2.5 Adding New Guest Users Quickly The WS2000 also enables the administrators to add a guest user quickly. A separate screen is provided outside of the normal administrative environment for this purpose. To add a new guest user quickly: 1.
  • Page 138: Setting The User Access Policy

    6-12 WS2000 Wireless Switch System Reference Guide Expiry Date box. Similarly, enter the time on which the login expires in the format hh:mm in the Expiry Time box. 5. Click Apply to create the new user. Or, click Undo Changes to revert back the changes made to this screen.
  • Page 139: Managing Digital Certificates

    6-13 Administrator and User Access 6.3 Managing Digital Certificates A digital certificate is an electronic identification card that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains a name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
  • Page 140 6-14 WS2000 Wireless Switch System Reference Guide To import a CA certificate perform the following steps: 1. Select System Configuration --> Certificate Mgmt --> CA Certificates from the left menu. The following screen appears. 2. Copy the content of the CA Certificate message into the clipboard and then click Paste from Clipboard.
  • Page 141: Creating Self Certificates

    6-15 Administrator and User Access 6.3.2 Creating Self Certificates Self certificates are those for which the organization creates a certificate request, sends it off to a Certificate Authority (CA) to be signed, and then imports the signed certificate into the management system. To go through this process, select System Configuration-->...
  • Page 142 6-16 WS2000 Wireless Switch System Reference Guide Signature Indicate the signature algorithm to use for the certificate. The selection should match the Algorithm VPN tunnel settings. • MD5-RSA: Message Digest 5 algorithm in combination with RSA encryption. • SHA1-RSA: Secure Hash Algorithm 1 in combination with RSA encryption. Key Length Indicate the desired length of the key.
  • Page 143: Switch Administration

    Switch Administration 7.1 Overview of Administration Support ..............7-2 7.2 Restarting the WS 2000 Wireless Switch .
  • Page 144: Overview Of Administration Support

    7-2 WS2000 Wireless Switch System Reference Guide 7.1 Overview of Administration Support The WS 2000 Network Management System provides several screens for administering the switch and monitoring activity on the switch. From the interface the administrator can: • Change the general system settings, such as the name of the switch and the location of the switch •...
  • Page 145: Changing The Name Of The Switch

    Switch Administration 7.3 Changing the Name of the Switch When the administrator first logs into the WS 2000 Network Management System, the System Settings screen appears. One of the fields in this screen is the System Name field. In this field, the administrator can specify the name of the switch.
  • Page 146: Configuring The Dns Server Information

    7-4 WS2000 Wireless Switch System Reference Guide 1. Select System Configuration --> System Settings from the left menu. 2. Type in a description of the physical location of the switch within your facility into the Location field. 3. Find the Country field and use the drop down menu to select the correct country from the list.
  • Page 147: Configuring Switch Redundancy

    Switch Administration 2. Enter the IP address of the DNS server in the DNS Server IP Address field. 3. Enter the DNS domain name in the DNS Domain Name field. 4. Click Apply to save changes. 7.6 Configuring Switch Redundancy The WS 2000 Wireless Switch supports redundancy between two WS 2000 Wireless Switch, allowing a standby switch to take over if the primary switch stop responding.
  • Page 148: Setting Up Switch Redundancy

    7-6 WS2000 Wireless Switch System Reference Guide 7.6.1 Setting Up Switch Redundancy For each of the two switches, use the following procedure to set up redundancy. 1. Choose the redundancy mode in which the WS 2000 Wireless Switch will operate in. Stand-alone The switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network.
  • Page 149: Checking For And Downloading Firmware Updates

    Switch Administration 7.7.1 Checking for and Downloading Firmware Updates The switch administrator should check for firmware updates for the WS 2000 Wireless Switch on a monthly basis, as follows: 1. Select System Configuration --> Cfg/Firmware Mgt. --> Firmware Update from the menu on the left.
  • Page 150: Formatting A Compact Flash Card

    7-8 WS2000 Wireless Switch System Reference Guide 4. Specify the Boot Device for the WS2000. The WS2000 boots from the selected Boot Device. Select the option from one of Onboard Flash or CF Card. 5. Specify a folder pathname for an FTP login, if necessary. 6.
  • Page 151: Setting Up Dhcp Options For Firmware Upload

    Switch Administration 2. Verify that the Compact Flash card is firmly seated in the WS2000’s Compact Flash slot. 3. Click the Format CF button. 4. Click to continue formatting the card. 7.7.4 Setting Up DHCP Options for Firmware Upload It is also possible to configure the switch to receive firmware and configuration files automatically from a server using the Dynamic Host Configuration Protocol (DHCP).
  • Page 152: Exporting And Importing Wireless Switch Settings

    7-10 WS2000 Wireless Switch System Reference Guide Auto FW/Config upgrade. Any string provided in the text field will be prefixed with a “SymbolWS.WS2K” string. 6. Navigate to the Firmware Config Import/Export screen depending on whether you are setting up the automatic firmware download or configuration settings download. Set the TFTP server IP address to the IP address of the server what will do the download.
  • Page 153: To Import Settings To A Local File

    7-11 Switch Administration 3. Specify the Username to be used when logging in to the FTP server. The user account must be established on the FTP server that is targeted for importing or exporting file data. 4. Specify the Password that will allow the user access to the FTP server for the import or export operation.
  • Page 154 7-12 WS2000 Wireless Switch System Reference Guide // WS2000 menu set name WS2000 set loc \0 set email \0 set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable set applet slan enable set applet swan enable set cli lan enable set cli wan enable...
  • Page 155 7-13 Switch Administration delete v1v2c all add v1v2c public ro 1.3.6.1 add v1v2c private rw 1.3.6.1 // SNMP v3 user definitions delete v3 all system snmp traps // SNMP trap selection set cold disable set cfg disable set acl disable set auth disable set adopt disable set unadopt disable...
  • Page 156 7-14 WS2000 Wireless Switch System Reference Guide set eap enc-secret 1 1 8e57 set eap enc-secret 1 2 8e57 set eap reauth mode 1 disable set eap reauth retry 1 2 set eap reauth period 1 3600 set eap adv mu-quiet 1 10 set eap adv mu-tx 1 5 set eap adv mu-timeout 1 10 set eap adv mu-retry 1 2...
  • Page 157 7-15 Switch Administration set eap adv server-retry 2 2 set tkip type 2 phrase set tkip enc-phrase 2 a11e00942773343deb84 set tkip enc-key 2 c2767fe55c0a564fa8cd3201b1984a33f986e7872572740a80c6dcff32905735 set tkip interval 2 86400 set tkip rotate-mode 2 disable set name 2 WLAN2 set no-mu-mu 2 disable set vop 2 enable set adopt 2 allow set acl 2 allow...
  • Page 158 7-16 WS2000 Wireless Switch System Reference Guide set adopt 3 allow set acl 3 allow set mcast 3 1 01005E000000 set mcast 3 2 09000E000000 delete 3 all network default // Default 802.11 A radio configuration set reg A in/out 149 100 set rate A 6 54 set div A enable set beacon mode A disable...
  • Page 159 7-17 Switch Administration set port 1 s1 set port 2 s1 set port 3 s1 set port 4 s1 set port 5 s1 set port 6 s1 // WLAN To Subnet Map configuration set wlan 1 s1 set wlan 2 s2 set wlan 3 s3 network dhcp...
  • Page 160 7-18 WS2000 Wireless Switch System Reference Guide set mode 3 disable set ipadr 3 0.0.0.0 set mode 4 disable set ipadr 4 0.0.0.0 set mode 5 disable set ipadr 5 0.0.0.0 set mode 6 disable set ipadr 6 0.0.0.0 set mode 7 disable set ipadr 7 0.0.0.0 set mode 8 disable set ipadr 8 0.0.0.0...
  • Page 161 7-19 Switch Administration set outb ip 7 0.0.0.0 set inb mode 7 disable set inb ip 7 0.0.0.0 set type 8 none set outb ip 8 0.0.0.0 set inb mode 8 disable set inb ip 8 0.0.0.0 // Outbound 1-To-Many NAT configuration set outb map s1 1 set outb map s2 1 set outb map s3 1...
  • Page 162: Configuring Snmp

    7-20 WS2000 Wireless Switch System Reference Guide 7.9 Configuring SNMP The Simple Network Management Protocol (SNMP) facilitates the exchange of management information between network devices. SNMP allows an administrator to manage network performance, find and solve network problems, and plan for network growth. The WS 2000 Wireless Switch includes SNMP management functions for gathering information from its network components, and communicating that information to specific users.
  • Page 163 7-21 Switch Administration retrieve information, while a read/write community string also allows a remote device to modify settings. Set up a read/write definition to facilitate full access by the administrator. 1. To create a new community definition, click the button in the SNMP v1/v2c Community Configuration area.
  • Page 164: Setting Up The Access Control List

    7-22 WS2000 Wireless Switch System Reference Guide 5. Click the Password button in the cell and the Password Settings screen appears. 1.Select an Authentication Algorithm from the drop-down menu, either or SHA1. 2.Type in an Authentication Password. 3.Select a Privacy Algorithm from the drop-down menu.
  • Page 165: Setting The Trap Configuration

    7-23 Switch Administration 7.9.3 Setting the Trap Configuration To set the trap notification destination for SNMP, select System Configuration --> SNMP Access --> SNMP Trap Configuration from the left menu. 7.9.4 Setting the Trap Configuration for SNMP v1/v2c To set the trap notification destination for the SNMP v1/v2c servers, add one or more entries to SNMP v1/ v2c Trap Configuration table.
  • Page 166: Selecting Traps

    7-24 WS2000 Wireless Switch System Reference Guide 3. Specify a destination User Datagram Protocol (UDP) port for receiving the traps that are sent by SNMP agents. UDP offers direct connection for sending and receiving datagrams over an IP network. 4. Specify a Username that matches one of the user names added on the SNMP Access screen.
  • Page 167 7-25 Switch Administration Trap Trap Name Generates a Trap whenever… Category Configuration SNMP access or management functions are reconfigured. Changes User Login Failure A user fails to successfully login from the CLI or Applet. Admin Password A change is made to the Admin user password. Change Low Compact Flash The memory in the Compact Flash card in the system falls below the...
  • Page 168: Setting Rf Traps

    7-26 WS2000 Wireless Switch System Reference Guide Trap Trap Name Generates a Trap whenever… Category Rogue AP A rogue (unauthorized) access port (AP) is detected. Several methods for rogue AP detection are employed by the switch. The detection process is non-disruptive and will not affect the performance of the switch.
  • Page 169: Specifying A Network Time Protocol (Ntp) Server

    7-27 Switch Administration 2. Determine whether you want the rate to apply to Switch (the switch as a whole), Wlan (for each WLAN enabled), (each associated Access Port), or (each mobile unit connected to the switch). 3. Type in the threshold rate into the field associated with the selected object. 4.
  • Page 170 7-28 WS2000 Wireless Switch System Reference Guide Select System Configuration --> NTP Servers from the left menu to enable NTP. The NTP Server screen appars. 1. The field on the left of the Current Time area displays what the switch believes is the current time. Click Refresh button to update that time.
  • Page 171: Setting Up And Viewing The System Log

    7-29 Switch Administration 7.11 Setting Up and Viewing the System Log The WS 2000 Network Management System keeps a log of the events that happen on the switch. The switch has a modest of amount of memory to store events. If the administrator wishes to keep a more complete event history, the administrator needs to enable a log server.
  • Page 172: Commands To Unmount A Cf Card

    7-30 WS2000 Wireless Switch System Reference Guide 4. Check the Enable logging to CF checkbox to enable logging of events to a CF card on the switch. This is useful when the connection to the Syslog server is lost due to network disturbances or any other cause. When enabled, the event log is written to the CF card when the Syslog server is not available for any reason.
  • Page 173: Configuring Hotspot

    Configuring HotSpot 8.1 Overview ..................8-2 8.1.1 Requirements .
  • Page 174: Overview

    8-2 WS2000 Wireless Switch System Reference Guide 8.1 Overview The hotspot feature enables the WS2000 Wireless Switch to act as a single on-site solution to provide wireless LAN hotspots and management. The hotspot access controller enables hotspot operators to provide user authentication and accounting without a special client application.
  • Page 175: Configuring Hotspot

    Configuring HotSpot 8.2.1 Enabling Hotspot on a WLAN To enable hotspot on a WLAN: 1. Click [Network Configuration] --> Wireless. The Wireless screen is displayed. 2. Select the Hotspot check-box for the WLAN that will support Hotspot. 3. Click Apply to apply the changes made to this screen.
  • Page 176: Set Hotspot Configuration

    8-4 WS2000 Wireless Switch System Reference Guide 8.2.2 Set Hotspot Configuration Hotspots can be configured from the <WLAN Name> Hotspot Config screen. This screen allows you to configure the different parameters to enable users to use the hotspots. To configure the hotspot: 1.
  • Page 177 Configuring HotSpot Radius Server Configuration 3. By default, hotspot user authentication is performed using a RADIUS server. This server could be on the network or you can use the onboard/local RADIUS server. To use a RADIUS server located on the network, enter the appropriate information in the Radius Configuration area.
  • Page 178 8-6 WS2000 Wireless Switch System Reference Guide Redirect Pages Hotspot uses HTML pages to provide login and login status to the user. Three files are used. They are • Login page • Welcome page • Fail page When selecting Use CF Card to set the location where these files can be found, the CF Card Files area...
  • Page 179: Setting The User Access Policy

    Configuring HotSpot 8.2.3 Setting the User Access Policy The RADIUS Access Policy screen allows you to set WLAN access based on a user group defined on the User Database screen. Select [User Authentication] --> RADIUS Server --> Access Policy to set group access.
  • Page 180: Handling Log-In And Redirection

    8-8 WS2000 Wireless Switch System Reference Guide When the mobile unit requests the RADIUS server to log out, the RADIUS server again sends a trigger to the wireless switch to change the state of the mobile unit to REDIRECT. 8.2.5 Handling log-in and redirection When a client requests a URL from a web server, the login handler returns an HTTP redirection status code in the range 300-399 (for example, 301 Moved Permanently), which indicates to the browser that it should look for the page at another URL.
  • Page 181 Configuring HotSpot If a client logs out or an MU is dis-associated, an Accounting Stop packet will be generated describing the type of service that was delivered, the statistics, and the elapsed time. That packet will be sent to the RADIUS accounting server, which replies with an acknowledgement that the packet has been received.
  • Page 182 8-10 WS2000 Wireless Switch System Reference Guide...
  • Page 183 Using DDNS 9.1 Overview ..................9-2 9.2 Enabling DDNS .
  • Page 184: Overview

    9-2 WS2000 Wireless Switch System Reference Guide 9.1 Overview When browsing web sites or sending E-mail messages a domain name is used. For example, the URL www.yahoo.com and the e-mail address user@yahoo.com contains the domain name yahoo.com. Domain names allow users to remember the address to a site without knowing the IP address. For traffic to be routed on a network those domain names must first be converted to an IP address.
  • Page 185: Updating Dns Entries Using Ddns

    Using DDNS 2. Enter a range of IPs in the Address Assignment Range fields. 3. Click the Advanced DHCP Server button to open the Advanced DHCP window. 4. In the Advanced DHCP Server window check the box next to Enable Dynamic DNS.
  • Page 186 9-4 WS2000 Wireless Switch System Reference Guide 2. From the Subnet configuration screen click the Update DNS button located in the DHCP section of the screen. After the Update DNS button has been clicked, an ADD DNS message for all the active leases on the DHCP server for that subnet is sent to the DNS server.
  • Page 187: Updating Dns Entries For All Active Subnets

    Using DDNS 9.3.2 Updating DNS Entries for All Active Subnets The DNS entries for all active subnets can be updated using the following steps. 1. Select from menu tree on the left side of the screen. 2. From the DNS Update section of the screen click the Update DNS for All Subnets button located in the DHCP section of the screen.
  • Page 188 9-6 WS2000 Wireless Switch System Reference Guide...
  • Page 189: Assigning Vlan Tags To Packets

    Trunking VLANs Through the WAN Port 10.1 Overview ..................10-2 10.1.1 Assigning VLAN Tags to Packets .
  • Page 190: Overview

    10-2 WS2000 Wireless Switch System Reference Guide 10.1 Overview Earlier versions of WS2000 had a limit of 31 VLAN IDs (IDs 1-31) due to LAN port switch hardware limitations. It was difficult to seamlessly integrate the WS2000 with existing network topology of VLANs with VLAN IDs greater than 31.
  • Page 191: Configuring Vlan Trunking

    10-3 Trunking VLANs Through the WAN Port 10.2 Configuring VLAN Trunking Use the following steps to configure VLAN trunking on the WAN port. 1. Select Network Configuration --> VLAN to open the VLAN Configuration screen. 1. Use the pull-down menu to select a VLAN Type for this switch.
  • Page 192: Mapping Wlans To Vlans

    10-4 WS2000 Wireless Switch System Reference Guide 6. To enable filtering using IP, check the Enable IP Filtering check box. This option is only available only when Trunk Port is set to Wan. To add an IP filter, click IP Filtering button.
  • Page 193 Status & Statistics 11.1 WAN Statistics ..................11-2 11.2 Subnet Statistics.
  • Page 194: Wan Statistics

    11-2 WS2000 Wireless Switch System Reference Guide 11.1 WAN Statistics The WS 2000 Network Management System provides a set of screens that allow the administrator to view real-time statistics for monitoring the switch’s activity. One of those screens displays statistics for the Wide Area Network (WAN) port.
  • Page 195: Subnet Statistics

    11-3 Status & Statistics Received Field Description RX Errors The total number of errors including dropped data packets, buffer overruns, and frame errors on inbound traffic RX Dropped The number of data packets that failed to reach the WAN interface RX Overruns The total number of buffer overruns (when packets are received faster than the WAN interface can handle them)
  • Page 196 11-4 WS2000 Wireless Switch System Reference Guide The following information is displayed: • The field displays an unique number for each of the DHCP client lease. • The field displays the IP address assigned to the client by the DHCP server. •...
  • Page 197: Subnet Stats

    11-5 Status & Statistics 11.2.2 Subnet Stats The Subnet Stats screens displays statistics for each of the subnets. Selecting Status & Statistics --> Subnet Stats --> <Subnet Name> Stats from the left menu displays the following screen. Information portion of the Subnet Stats screen displays general information about the subnet. •...
  • Page 198: Stp Stats

    11-6 WS2000 Wireless Switch System Reference Guide Transmitted Field Description TX Packets The total number of data packets sent over the subnet TX Bytes The total number of bytes of information sent over the subnet TX Errors The total number of errors including dropped data packets, buffer overruns, and carrier errors that fail on outbound traffic TX Dropped The number of data packets that fail to get sent from the subnet...
  • Page 199 11-7 Status & Statistics Selecting the [Status & Statistics]-->Subnet Stats--><Subnet Name> Stats-->STP Stats displays the following screen. The Spanning Tree Info portion of the screen displays the following information: Field Description Displays whether the spanning tree state is currently enabled or disabled. The Spanning Tree State spanning tree state must be enabled for a unique spanning-tree calculation to occur when the bridge is powered up or when a topology change is detected.
  • Page 200: Wireless Lan Statistics

    11-8 WS2000 Wireless Switch System Reference Guide The screen also provide comprehensive information on the port interfaces used. This information is displayed in the form of a table in the Port Interface Table portion of the screen. Field Description Port ID Identifies the port from which the configuration message was sent.
  • Page 201 11-9 Status & Statistics The WLAN Summary section of the screen shows basic statistics about the currently enabled WLANs. Name The WLAN name. Subnet Displays the name of the subnet that is associated with the WLANs. Displays the number of mobile units associated with this WLAN. T-put Displays the total throughput in Megabits per second (Mbps) for each of the active WLANs.
  • Page 202: Getting Statistics For A Particular Wlan

    11-10 WS2000 Wireless Switch System Reference Guide 11.3.2 Getting Statistics for a Particular WLAN To see a summary information about wireless operations, select Status & Statistics --> Wireless Stats - -> <WLAN name> Stats from the navigation menu. A screen like the one shown for EngWLAN (below) will appear.
  • Page 203: General Wlan Information

    11-11 Status & Statistics 11.3.3 General WLAN Information 11.3.3.1 Information Section ESSID Displays the Extended Service Set Identification name that users will see when accessing the WLAN. Subnet Displays the name of the subnet to which this WLAN is associated. Num.
  • Page 204: Access Port Statistics

    11-12 WS2000 Wireless Switch System Reference Guide Avg MU SNR Displays the average Signal to Noise Ratio (SNR) for all MUs associated with the selected WLAN. The Signal to Noise Ratio is an indication of overall RF performance on your wireless networks. 11.3.3.4 Errors Avg Num of Displays the average number of retries for all MUs associated with the selected...
  • Page 205: Detailed Information About A Particular Access Port

    11-13 Status & Statistics Each Access Port associated with the switch is listed in the AP Summary area. For each AP, the following information is provided. Field Description Displays the IP address of the Access Port. WLAN Displays the WLAN with which the Access Port is associated. Displays the name of the Access Port with which the Access Port is associated.
  • Page 206: General Access Port Information

    11-14 WS2000 Wireless Switch System Reference Guide 11.4.3 General Access Port Information 11.4.3.1 Information Section HW Address The Media Access Control (MAC) address of the Access Port. This value is typically set at the factory and can be found on the bottom of the Access Port. Placement Lists whether the Access Port is placed indoors or outdoors.
  • Page 207 11-15 Status & Statistics Avg. Bit Speed The Total column displays the average bit speed in Mbps for a given time period on the selected Access Port.This includes all packets that are sent and received. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
  • Page 208: Mobile Unit (Mu) Statistics

    11-16 WS2000 Wireless Switch System Reference Guide 11.5 Mobile Unit (MU) Statistics Each Access Port can have up to 32 associated mobile units. These units are listed in the Mobile Unit Access Control List of the WLAN Security screen (Network Configuration -->...
  • Page 209: Mesh Statistics

    11-17 Status & Statistics 11.6 Mesh Statistics A mesh network is a type of local area network where each node participating in the network is connected directly to its peers. This kind of network provides a robustness that cannot be matched by the standard network.
  • Page 210: View Statistics In Graphic Form

    11-18 WS2000 Wireless Switch System Reference Guide The unique 48-bit, hard-coded Media Access Control address, known as the devices station identifier. This value is hard coded at the factory by the manufacturer and cannot be changed. Wlan Displays the WLAN name each wireless bridge is interoperating with. The AP on which connection is made to the Client bridge.
  • Page 211 11-19 Status & Statistics Select [Status & Statistics] --> Statistical Graphs from the navigation menu on the left. The Graphical Display of Statistics screen appears. To create a graph that will remain on your screen until you close it, follow these steps: 1.
  • Page 212 11-20 WS2000 Wireless Switch System Reference Guide 5. Repeat Steps 1 through 4 to display as many statistics windows as required. A graphical statistics display window will stay available until you manually close it or Logout of the application.
  • Page 213 WS 2000 Use Cases 12.1 Retail Use Case..................12-3 12.1.1 A Retail Example.
  • Page 214 12-2 WS2000 Wireless Switch System Reference Guide 12.20 Configuring the WAN Interface ..............12-40 12.21 Configuring the WAN Interface .
  • Page 215: Chapter 12: Ws 2000 Use Cases

    12-3 WS 2000 Use Cases 12.1 Retail Use Case 12.1.1 A Retail Example 12.1.1.1 Background CCC Clothing Stores have, in the past, used POS terminals with a 10BaseT Ethernet connection to an in- house server. Management has decided to install wireless networking in the stores. Wireless point of sale (POS) terminals and printers will allow them to be more flexible with store layout.
  • Page 216: Contacting The Wireless Switch

    12-4 WS2000 Wireless Switch System Reference Guide This plan covers all the wireless devices—the POS terminals, the printers, and the customer laptops— except the wireless handheld terminals. Clarissa decides to put them on the WLAN with the POS terminals. There are also some conventional, 100baseT wired devices to consider. There is the store server and two wired POS terminals.
  • Page 217: Entering The Basic System Settings

    12-5 WS 2000 Use Cases Clarissa starts her web browser and enters “http://192.168.0.1/” as the URL. The WS2000 sends a login page to her browser. She logs in using “admin” for the username and “symbol“ as the password. The system immediately asks her to change the password to something else.
  • Page 218: Setting Access Control

    AirBEAM is a Motorola Technology software system designed to simplify maintenance of wireless devices. CCC Clothing Stores recently purchased an AirBEAM license as part of a major commitment to Motorola Technology wireless bar code scanners for inventory. Clarissa would like to integrate the WS2000 into the...
  • Page 219: The Ip Address Plan

    12-7 WS 2000 Use Cases Clarissa clicks the Apply button to save her changes. Clarissa leaves the rest of the System Configuration screens for now, moves to the left menu, and clicks on Network Configuration so that she can begin to define the subnets. 12.3.3 The IP Address Plan Subnets can be renamed, assigned an IP address, and have ports associated with them.
  • Page 220: Configuring Pos Subnet

    12-8 WS2000 Wireless Switch System Reference Guide 12.4 Configuring POS Subnet Clarissa selects the first subnet from the LAN menu items in the left menu. Clarissa renames this subnet “POSsn”, then gives the switch an IP address of 192.168.0.1 on that subnet and assigns a subnet mask of 255.255.255.0.
  • Page 221: Configuring The Printer Subnet

    12-9 WS 2000 Use Cases Default Gateway is already set to the subnet address. This is the IP address to which the DHCP clients on this subnet will forward their outbound traffic. Clarissa fills in the DNS Server addresses, which corporate has specified.
  • Page 222 12-10 WS2000 Wireless Switch System Reference Guide After the Address Assignment Range is entered, Clarissa clicks Advanced DHCP Server. Clarissa enters the DNS server IP addresses and leaves the Default Gateway DHCP Lease Time at their defaults. She clicks in the Advanced DHCP Server window and then Apply in the Subnet window to save her changes.
  • Page 223: Configuring The Cafe Subnet

    12-11 WS 2000 Use Cases 12.6 Configuring the Cafe Subnet Clarissa selects the third subnet in the LAN menu list under Network Configuration in the left menu. She then renames this subnet “Cafesn“and gives it the IP address 192.168.2.1 and a subnet mask of 255.255.255.0.
  • Page 224: Configuring The Wan Interface

    12-12 WS2000 Wireless Switch System Reference Guide Clarissa clicks the button in the Advanced DHCP Server window, then on the Apply button in the subnet screen to save her choices. The subnets are now configured. Next Clarissa configures the WAN interface. 12.7 Configuring the WAN Interface Now Clarissa selects the WAN node in the left menu.
  • Page 225: Configuring Network Address Translation (Nat)

    12-13 WS 2000 Use Cases If corporate had not paid their ISP for a static IP address for each store, she would have selected the This interface is a DHCP Client option and the WAN configuration information would have been assigned by the ISP each time they connected to the Internet.
  • Page 226: Inspecting The Firewall

    12-14 WS2000 Wireless Switch System Reference Guide After she makes this selection a new button appears, labelled “1 to Many Mappings”. She selects the “1 to Many Mappings“button. If Clarissa had more than one static IP address, she would have been able to assign several to the WAN interface.
  • Page 227: Configuring The Access Ports

    12-15 WS 2000 Use Cases Clarissa clicks the Apply button to confirm that all attacks listed will be filtered. 12.10 Configuring the Access Ports So far, Clarissa has been operating with the WS 2000 connected only to her laptop. To configure the Access Ports, she will need to connect them to the switch.
  • Page 228 12-16 WS2000 Wireless Switch System Reference Guide She does not change the supported rates—using the Set Rates button—but leaves them as they are. The switch will operate at the maximum rate allowed by radio conditions, scaling back as needed. She also does not change the Antenna Diversity setting, Short Preamble...
  • Page 229: Naming The Pos Access Port

    12-17 WS 2000 Use Cases 12.10.2 Naming the POS Access Port Having specified the general Access Port defaults, Clarissa goes on to name and configure the Access Port for the POS WLAN. She selects the first Access Port in the left menu. In the Properties section, Clarissa enters a new name for the Access Port and a brief description of its permanent location.
  • Page 230: Configuring The Cafe Access Port

    12-18 WS2000 Wireless Switch System Reference Guide She clicks the Apply button to save her changes. 12.10.4 Configuring the Cafe Access Port Finally, she names the third Access Port “Cafe AP” and gives it a channel of 9. In this case she makes sure Support Short Preamble is not selected.
  • Page 231: Associating The Access Ports To The Wlans

    12-19 WS 2000 Use Cases 12.10.5 Associating the Access Ports to the WLANs Now Clarissa selects the APs/Radio item in the left menu. This screen indicates which Access Ports are associated with which WLANs. First Clarissa looks in the [Network Configuration] --> Wireless screen to determine that all three WLANs are enabled.
  • Page 232 12-20 WS2000 Wireless Switch System Reference Guide different ESSID. Since the cafe is a public access WLAN, leaving this option on will make it easier for the cafe customer to associate with the WLAN. For the private WLANs on this switch, she will turn this option off.
  • Page 233: Configuring The Printer Wlan

    12-21 WS 2000 Use Cases Clarissa goes to the left menu and clicks the button to the left of the Cafe WLAN node. A menu item labeled “Cafe Security” is displayed and Clarissa selects it. She confirms that the Cafe Security screen shows that no authentication and no encryption methods. Clarissa clicks the Apply button to save her choices.
  • Page 234 12-22 WS2000 Wireless Switch System Reference Guide Clarissa clicks the Apply button to confirm her choices.
  • Page 235 12-23 WS 2000 Use Cases Clarissa clicks the to the left of the Printer WLAN menu item and selects the Printer Security item. In the screen that displays, Clarissa selects no authentication. She enters the MAC numbers of the wireless printers in the Mobile Access Control section.
  • Page 236: Configuring The Pos Wlan

    12-24 WS2000 Wireless Switch System Reference Guide She clicks the button to confirm the WEP key selections, then the Apply button to confirm the screen selections. 12.13 Configuring the POS WLAN For the POS WLAN, she makes the following choices: Name ESSID CCC-POS...
  • Page 237 12-25 WS 2000 Use Cases Clarissa then clicks the “+” to the left of the POS WLAN in the left menu and selects Security. In that screen, she selects 802.1x EAP for authentication. This will allow her to use the corporate RADIUS server for user authentication.
  • Page 238 12-26 WS2000 Wireless Switch System Reference Guide She clicks the button in the 802.1x-EAP configuration window. She then clicks the WPA-TKIP Settings button in the security screen. Clarissa selects the Use WPA choice to enable WPA. WPA is disabled by default. TKIP encryption protocol calls for keys between two specific nodes to change with every packet.
  • Page 239: Configuring Subnet Access

    12-27 WS 2000 Use Cases With this, Clarissa has finished configuring the basic WLAN configuration and the WLAN security. She clicks button in the WPA-TKIP window and then the Apply button in the WLAN security screen. 12.14 Configuring Subnet Access Clarissa wants the two internal subnets to have complete access to one another, but she wants the Cafe subnet to have access only to the WAN.
  • Page 240 12-28 WS2000 Wireless Switch System Reference Guide To set the subnet access for a pair of subnets, she clicks the square for traffic from one subnet to another and then uses the detail section, which appears below, to determine the rules for traffic between those two subnets.
  • Page 241: Configuring The Clients

    12-29 WS 2000 Use Cases 12.15 Configuring the Clients Clarissa has now finished configuring the switch. Next she configures the wired clients. Going to each device, she gives it the IP address and other networking information that it will need to communicate with the switch: Client IP Address...
  • Page 242: Field Office Use Case

    12-30 WS2000 Wireless Switch System Reference Guide 12.16 Field Office Use Case 12.16.1 A Field Office Example 12.16.1.1 Background Leo is the network administrator, system administrator, and IT professional for a field office with 60 employees. The users include sales people, sales engineers, office administration and customer support people.
  • Page 243: Configuring The System Settings

    12-31 WS 2000 Use Cases To keep things simple, he will define one subnet for the administration users, one subnet for the sales and marketing users, and one subnet for the engineers. Each subnet will have one WLAN associated with it and one Access Port.
  • Page 244 12-32 WS2000 Wireless Switch System Reference Guide 192.168.0.1. He sets his laptop to have an IP address of 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address. Leo launches his web browser and enters “http://192.168.0.1/” as the URL. He logs in using admin for the username and symbol as the password.
  • Page 245: Entering The Basic System Settings

    12-33 WS 2000 Use Cases As soon as he logs in, the WS 2000 asks him to set the password. He sets the administration password to something relatively secure. He presses Update Password Now to record his changed password. 12.18.2 Entering the Basic System Settings The interface opens by displaying the System Setting screen.
  • Page 246: Setting Access Control

    12-34 WS2000 Wireless Switch System Reference Guide Different countries have different regulations for the use of radio frequencies. Setting the location configures the switch to use only the channels, frequencies, and power levels that are legal for that country. Leo sets the location to United States - us.
  • Page 247: Configuring The Lan

    12-35 WS 2000 Use Cases ® AirBEAM is a Symbol Technology product for the management of software on wireless devices. Leo does not have a copy of AirBEAM yet, but he hopes to get one when the company purchases some Voice over IP (VoIP) phones.
  • Page 248: Configuring The Engineering Lan

    12-36 WS2000 Wireless Switch System Reference Guide This screen shows the subnets, their IP addresses, and the network interfaces (the 10/100BaseT ports and the WLANs) that are currently associated with each subnet. Only the first subnet is initially enabled, so Leo clicks on the check boxes to the left of Subnet2 Subnet3...
  • Page 249 12-37 WS 2000 Use Cases He also selects the option This interface is a DHCP Server. Choosing this DHCP option means that the switch will pick IP addresses from the Address Assignment Range and assign them to network clients on this subnet, as needed.
  • Page 250: Configuring The Sales Subnet

    12-38 WS2000 Wireless Switch System Reference Guide Domain Name field will be supplied to any DHCP clients that request it. Leo enters his company’s domain name. There is no reason to set up static DHCP mappings now. These would permanently lease an IP address to a client with a specific MAC address.
  • Page 251 12-39 WS 2000 Use Cases Leo selects the Advanced DHCP Server button and follows the same procedures as he did for the engineering subnet. Leo clicks the button on the Advanced DHCP Server window, then the Apply button on the subnet window.
  • Page 252: Configuring The Wan Interface

    12-40 WS2000 Wireless Switch System Reference Guide Again, Leo fills out the advanced DHCP screen as he did for the two previous subnets. Leo clicks the button on the Advanced DHCP Server window, then the Apply button on the subnet window. The next step is to configure the WAN interface.
  • Page 253: Configuring The Wan Interface

    12-41 WS 2000 Use Cases He clicks button in the address window, then the Apply button on the WAN window to save his changes. The next step is to set up the network address translations (NAT). 12.21 Configuring the WAN Interface 12.21.1 Setting Up Network Address Translation After entering the IP addresses for the WAN interface, Leo clicks the toggle to the left of the WAN item in the left menu to expand it.
  • Page 254: Confirm Firewall Configuration

    12-42 WS2000 Wireless Switch System Reference Guide the pull-down menus to the right of each IP number. As he does so, a 1 to Many Mappings button appears to the right of the pull-down menus, in the Outbound Mappings column. Leo clicks any of the NAT Ranges button to the right of the IP addresses.
  • Page 255: Adopting Access Ports

    12-43 WS 2000 Use Cases Leo examines the list and sees no reason to turn off any of the filters. He clicks the Apply button. The next step is to determine which Access Ports each WLAN will use. 12.23 Adopting Access Ports Now that the LAN and WAN interfaces are configured, Leo needs to specify which Access Ports will go with which wireless LANs (WLANs).
  • Page 256 12-44 WS2000 Wireless Switch System Reference Guide Now that the WLANs are enabled, Leo needs to specify which Access Ports go with which WLANs. He selects APs/Radio from the menu tree on the left. All discovered APs are listed in this screen. He deselects the check boxes to the right of the row in which the MAC address range is specified as ANY.
  • Page 257: Configuring The Wlans

    12-45 WS 2000 Use Cases For the engineering WLAN, Leo selects the AP with MAC of 00:A0:F8:BB:FC:94 and makes sure that all WLAN check boxes are not checked. He then selects the WLAN1 checkbox for this AP. He performs the same actions for the AP with MAC of 00:A0:F8:BB:FC:95.
  • Page 258: Security

    12-46 WS2000 Wireless Switch System Reference Guide In the Advanced section of the screen, the Disallow MU to MU Communications setting would keep mobile units from communicating directly with each other. Leo believes that people sometimes share files directly, laptop to laptop, instead of using the file server. Leo does not want to prevent this type of communication, so he leaves this option disabled.
  • Page 259 12-47 WS 2000 Use Cases Leo also needs to configure the 802.1x EAP system and the WPA2 encryption. Leo clicks 802.1x EAP Configuration. In the window that appears, he enters the RADIUS server information that he obtained from corporate system administration: the IP addresses of the RADIUS servers, the ports used for RADIUS communication, and the secret string used to start communication.
  • Page 260 12-48 WS2000 Wireless Switch System Reference Guide Leo clicks the button to save the 802.1x EAP settings. Leo then clicks the WPA2-CCMP Settings button. WPA2 constantly changes keys, but requires an initial key, known to both ends of the communication. If Leo was not using 802.1X EAP user authentication, that initial key would need to be entered here, in the Key Settings section.
  • Page 261: Configuring The Access Ports

    12-49 WS 2000 Use Cases Leo also selects Allow WPA-TKIP clients in the section labelled WPA-CCMP Mixed Mode. WPA-TKIP is an earlier version of the WPA encryption method. WPA2 is more secure, but not all wireless clients in Leo’s office are WPA2-capable. Selecting this option allows the older clients to use WPA-TKIP when they are not WPA2-CCMP-capable.
  • Page 262 12-50 WS2000 Wireless Switch System Reference Guide All the Access Ports will be indoors, so he specifies Placement as Indoors. He sets the default Channel 1, even though all of his Access Ports will be using different 802.11b channels. He sets the Power Level 20dBm.
  • Page 263 12-51 WS 2000 Use Cases He sets the channel at 1, and notes the number. Access Ports channels should be separated as much as practical to minimize interference between them. The other engineering Access Port will use channel 4 and the marketing Access Port will use channel 7.
  • Page 264 12-52 WS2000 Wireless Switch System Reference Guide He clicks the Apply button to save his changes. Leo then selects AP2, the second engineering Access Port. He gives it a new name, a location, and assigns it channel 4. Leo clicks the Apply button to save the configuration for this Access Port.
  • Page 265 12-53 WS 2000 Use Cases Leo clicks Apply to save his changes. To avoid interference with the sales and marketing AP, Leo chooses channel 10 for the administration Access Port. He then enters the Access Port Name and Location. Leo clicks the Apply button to save the changes for the administration Access Port.
  • Page 266: Configuring Subnet Access

    12-54 WS2000 Wireless Switch System Reference Guide The Access Ports are now configured. The next step is to specify access levels between the subnets. 12.26 Configuring Subnet Access Leo selects the Firewall --> Subnet Access item in the left menu. This screen determines what subnet- to-subnet traffic is allowed.
  • Page 267 12-55 WS 2000 Use Cases Similarly, Leo restricts access from the marketing subnet to the administration subnet. Leo would also like to restrict traffic from all subnets to the WAN to just HTTP, SMTP, and POP protocols. He selects the cell in the matrix defined by From Eng-SN on the left and To WAN...
  • Page 268 12-56 WS2000 Wireless Switch System Reference Guide Similarly, he restricts the marketing and administration subnets in their access to the WAN. Leo clicks the Apply button to record his changes. The subnet access is configured. Now Leo needs to set up VPN access to the Engineering Annex and test the installation.
  • Page 269: Configuring The Vpn

    12-57 WS 2000 Use Cases 12.27 Configuring the VPN To configure a VPN link between WS 2000s, the following must be specified: • The subnets on each end of the VPN link (tunnel) • The authentication method for allowing a connection •...
  • Page 270 12-58 WS2000 Wireless Switch System Reference Guide Leo clicks the button to add a VPN tunnel. Now Leo specifies the network parameters for the tunnel. The Tunnel Name is simply a name by which to distinguish one tunnel from another. Leo names the tunnel “Eng2EngAnnex.” Local Subnet is the subnet that will be networked over the VPN, in this case, the Engineering subnet.
  • Page 271 12-59 WS 2000 Use Cases Remote Subnet specifies the subnet, on the other WS 2000, to which the engineering subnet will be connected. The Remote Gateway and the Remote Subnet Mask describe the network interface on the other WS 2000 switch. After Leo fills in these parameters, he clicks Apply to record the changes.
  • Page 272: Installing The Access Ports And Testing

    12-60 WS2000 Wireless Switch System Reference Guide AH Authentication protocol is used between the two WS 2000 switches to authorize initialization of the VPN tunnel. The AH authentication method must match on both switches and the inbound key on one WS 2000 must match the outbound key on the other.
  • Page 273 12-61 WS 2000 Use Cases laptop to connect to the administration WLAN. He makes sure that laptops on each WLAN can connect to the WAN and to each other. After he has tested the three subnets, he installs the Access Ports in their permanent locations. He test coverage with the laptops, making sure each Access Port is covering its assigned area.
  • Page 274 12-62 WS2000 Wireless Switch System Reference Guide...
  • Page 275: Chapter 13: Command Line Interface Reference

    Command Line Interface Reference 13.1 Admin and Common Commands ..............13-9 WS2000>admin>...
  • Page 276 13-2 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.denyap)>show ............13-48 13.8 Network AP Smartscan commands.
  • Page 277 13-3 Command Line Interface Reference WS2000>admin(network.lan.dhcp)> delete ............13-94 WS2000>admin(network.lan.dhcp)>...
  • Page 278 13-4 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> stats ............13-146 13.27 Network WAN VPN Cmgr Commands.
  • Page 279 13-5 Command Line Interface Reference WS2000> admin(network.wlan)> enhancedrogueap ........... 13-196 WS2000>...
  • Page 280 13-6 WS2000 Wireless Switch System Reference Guide 13.47 Statistics RF Commands ............... . . 13-246 WS2000>admin(stats)>...
  • Page 281 13-7 Command Line Interface Reference WS2000>admin(system.radius.eap.peap)> set............13-293 WS2000>admin(system.radius.eap.peap)>...
  • Page 282 13-8 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> set ............13-343 WS2000>admin(system.userdb.group)>...
  • Page 283: Admin And Common Commands

    13-9 Command Line Interface Reference 13.1 Admin and Common Commands WS2000>admin> ? Description: Displays admin configuration options. The items available under this command are shown below. Syntax: help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu stats...
  • Page 284: Ws2000>Admin> Help

    13-10 WS2000 Wireless Switch System Reference Guide WS2000>admin> help Description: Displays general CLI user interface help. Syntax: help help Displays command line help. Example: admin>help : display command help - Eg. ?, show ?, s? <ctrl-q> : go backwards in command history <ctrl-p>...
  • Page 285: Ws2000>Admin> Passwd

    13-11 Command Line Interface Reference WS2000>admin> passwd Description: Changes the password for the admin login. Syntax: passwd [admin|manager] passwd admin/manager Administrator and Manager passwords can be changed. To change password, type the old password once and the new password twice at their respective prompts. Passwords can be up to 11 characters.
  • Page 286: Ws2000>Admin> Quit

    13-12 WS2000 Wireless Switch System Reference Guide WS2000>admin> quit Description: Quits the command line interface. Requires you to logon again. This command appears in all the submenus under menu. In each case, it has the same function, to admin exit out of the CLI. Example: admin>quit...
  • Page 287: Ws2000>Admin> Save

    13-13 Command Line Interface Reference WS2000>admin> save Description: Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. Syntax: save Saves configuration settings. This command works at all levels of the CLI. The save command must be issued before leaving the UI for the settings to be retained.
  • Page 288: Ws2000>Admin> Summary

    13-14 WS2000 Wireless Switch System Reference Guide WS2000>admin> summary Description: Displays system summary. Syntax: summary Displays a summary of high-level characteristics and settings for the WAN, subnet, and WLAN. Example: admin>summary System Information WS2000 firmware version : 2.3.0.0-006X country code : us WLAN 1 Information ess identifier...
  • Page 289 13-15 Command Line Interface Reference Subnet 1 Information subnet interface : enable ip address : 192.168.0.1 network mask : 255.255.255.0 dhcp mode : server default gateway : 192.168.0.1 ports : port1 port2 port3 port4 port5 port6 wlans : wlan1 Subnet 2 Information subnet interface : disable ip address...
  • Page 290: Ws2000>Admin

    13-16 WS2000 Wireless Switch System Reference Guide WS2000>admin> .. Description: Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Example: admin(network.ap)>..
  • Page 291: Ws2000>Admin

    13-17 Command Line Interface Reference WS2000>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure. Example: admin(network.ap)>/ admin>...
  • Page 292: Network Commands

    13-18 WS2000 Wireless Switch System Reference Guide 13.2 Network Commands WS2000>admin> network Description: Displays the network submenu. The items available under this command are shown below. Goes to the Access Port submenu. Goes to the LAN submenu. port Goes to the Port configuration submenu router Goes to the router submenu.
  • Page 293: Network Ap Commands

    13-19 Command Line Interface Reference 13.3 Network AP Commands WS2000>admin(network)> ap Description: Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface. The items available under this command are shown below.
  • Page 294: Ws2000>Admin(Network.ap)> Add

    13-20 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> add Description: Adds entries to the Access Port adoption list. Performs functionality available in the Access Port Adoption List area of the Wireless screen. Syntax: <idx> <mac1> <mac2> Allows the adoption of Access Port with MAC addresses in the range specified by <mac1>...
  • Page 295: Ws2000>Admin(Network.ap)> Copydefaults

    13-21 Command Line Interface Reference WS2000>admin(network.ap)> copydefaults Description: Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type). Syntax: copydefaults <idx> copydefaults Copies default Access Port settings to the connected AP specified by <idx>...
  • Page 296: Ws2000>Admin(Network.ap)> Delete

    13-22 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> delete Description: Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area. Syntax: delete <idx> <entry> delete <idx>...
  • Page 297: Ws2000>Admin(Network.ap)>Forget

    13-23 Command Line Interface Reference WS2000>admin(network.ap)>forget Description: Forgets the AP parameters at a particular index specified by the <idx> value. Syntax: forget <idx> forget forget Removes the AP parameters at a particular index <idx> The index to remove the AP parameters from Removes all AP parameters from all the indexes.
  • Page 298: Ws2000>Admin(Network.ap)> List

    13-24 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> list Description: Displays entries in the Access Port adoption list for a specified wireless LAN. Syntax: list <idx> list Lists the Access Port adoption entries for WLAN <idx> (1-8). <idx> Example: The following example shows the access port adoption list for WLAN 1. list 1 admin(network.ap)>...
  • Page 299: Ws2000>Admin(Network.ap)>Remap

    13-25 Command Line Interface Reference WS2000>admin(network.ap)>remap Description: Remaps the channels for a radio at index specified by <idx>. Syntax: remap <idx> remap remap Remaps the channels for a radio specified by index <idx> <idx> Remaps all the channels for all the radios Example: <PENDING>...
  • Page 300: Ws2000>Admin(Network.ap)> Reset

    13-26 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> reset Description: Resets an Access Port. Syntax: reset ap <idx> reset Resets the Access Port associated with index <idx>. <idx> Example: admin(network.ap)>reset ap 2 admin(network.ap)>...
  • Page 301: Ws2000>Admin(Network.ap)> Set

    13-27 Command Line Interface Reference WS2000>admin(network.ap)> set Description: Sets Access Port parameters. Syntax: set beacon intvl Sets the beacon interval for Access Port <idx> <interval> <idx> ( – ) to <interval> in K-us ( – ch_mode Sets the channel mode for Access Port <idx>...
  • Page 302 13-28 WS2000 Wireless Switch System Reference Guide Sets Access Port <idx> regulatory <idx> <indoor> <ch> <pwr> parameters, which <indoor> is one of ; <ch> is the channel to use, and in/out <pwr> is the power (in dB from 4 to 20). Select the value of <ch>...
  • Page 303 13-29 Command Line Interface Reference Example: admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1 ap name : BigOffice ap location : BigBldg ap mac address : 00A0F8565656 ap serial number : 00A0F8565656 ap radio type...
  • Page 304: Ws2000>Admin(Network.ap)> Show

    13-30 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap)> show Description: Shows Access Port parameters. Syntax: show Shows Access Port <idx> radio parameters. <idx> status Shows a list of Access Ports and their status. Shows SIP statistics for the portal <idx> legacy-mode Shows the legacy mode configuration for the switch Example:...
  • Page 305: Related Commands

    13-31 Command Line Interface Reference ap index ap status : not connected ap index ap status : not connected ap status : not connected ap index ap status : not connected ap index ap status : not connected ap index ap status : not connected ap index...
  • Page 306: Network Ap Default Commands

    13-32 WS2000 Wireless Switch System Reference Guide 13.4 Network AP Default Commands WS2000>admin(network.ap)> default Description: Displays the default Access Port (AP) submenu. The items available under this command are shown below. Sets default Access Port parameters. loadfromcf Loads the configured images from the CF card immediately show Shows default Access Port parameters.
  • Page 307: Ws2000>Admin(Network.ap.default)> Set

    13-33 Command Line Interface Reference WS2000>admin(network.ap.default)> set Description: Sets the default Access Port parameters. Syntax: set beacon intvl Sets the default beacon interval for specified radio type <type> <interva l> (one of , or ) to <interval> 802.11a 802.11b 802.11b/g in K-us ( –...
  • Page 308 13-34 WS2000 Wireless Switch System Reference Guide Sets the default RTS threshold for radios of specified <type <bytes> > <type> (one of , or ) to 802.11a 802.11b 802.11b/g <bytes> (e.g., 2341). short- By default, enables or disables the short preamble mode for <type enable >...
  • Page 309: Ws2000>Admin(Network.ap.default)> Loadfromcf

    13-35 Command Line Interface Reference WS2000>admin(network.ap.default)> loadfromcf Description: Immediately loads configured images from the CF card. Syntax: loadfromcf Example: admin(network.ap.default)>loadfromcf...
  • Page 310: Ws2000>Admin(Network.ap.default)> Show

    13-36 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.default)> show Description: Shows the default Access Port parameters for a particular radio type. Syntax: show default Shows the default Access Port parameters. img- Shows the Sensor/Access Port image locations. location Example: admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a...
  • Page 311: Network Ap Test Commands

    13-37 Command Line Interface Reference 13.5 Network AP Test Commands WS2000>admin(network.ap)> test Description: Displays the test submenu. The items available under this command are shown below. Switches the Access Port to a new channel. quit Quits the CLI. Goes to the parent menu. Goes to the root menu.
  • Page 312: Ws2000>Admin(Network.ap.test)> New

    13-38 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.test)> new Description: Switches the specified Access Port to a new channel. Syntax: Switches the Access Port indexed with <idx> ( – ) to channel <ch> (which <idx> <ch> must be a valid channel for the specified Access Port. Example: new 2 15 admin(network.ap.test)>...
  • Page 313: Network Ap Selfheal Commands

    13-39 Command Line Interface Reference 13.6 Network AP Selfheal commands admin(network.ap)>selfheal Description: Displays the selfheal submenu. The items available under this menu are shown below. Sets self-heal parameters detect-neighbor Detects neighbors and prepares the neighbors list automatically Adds entries to the self-heal table Removes entries from the self-heal table show Shows entries in the self-heal table...
  • Page 314: Ws2000>Admin(Network.ap.selfheal)>Set

    13-40 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.selfheal)>set Description: Sets the different self-heal parameters. Syntax: set interference- mode Sets the self-healing interference enable/ disable avoidance mode. max-retires Sets the threshold limit on the <max- retires>/ maximum number of retires permitted. default hold-time Sets the hold-time between running...
  • Page 315: Ws2000>Admin(Network.ap.selfheal)>Detect-Neighbor

    13-41 Command Line Interface Reference WS2000>admin(network.ap.selfheal)>detect-neighbor Description: Detects the neighbor devices. Syntax: detect-neighbor Example admin(network.ap.selfheal)>detect-neighbor admin(network.ap.selfheal)>...
  • Page 316: Ws2000>Admin(Network.ap.selfheal)>Add

    13-42 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.selfheal)>add Description Adds entries into the selfheal AP-AP neighbor table. Syntax: Adds the specified APs into the neighbor-recovery <from-ap> <to-ap> table. <from-ap> and <to-ap> accepts values . All indicates all the APs. Example: admin(network.ap.selfheal)>add 2 4 admin(network.ap.selfheal)>show Interference Avoidance Mode...
  • Page 317: Ws2000>Admin(Network.ap.selfheal)>Del

    13-43 Command Line Interface Reference WS2000>admin(network.ap.selfheal)>del Description: Deletes entries from the selfheal AP-AP neighbor table. Syntax: Adds the specified APs into the neighbor-recovery <from-ap> <to-ap> table. <from-ap> and <to-ap> accepts values . All indicates all the APs. Example: admin(network.ap.selfheal)> del 2 4 admin(network.ap.selfheal)>...
  • Page 318: Ws2000>Admin(Network.ap.selfheal)>Show

    13-44 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.selfheal)>show Description: Shows the selfheal parameter details. Syntax: show Example: admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : disable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION none none none none...
  • Page 319: Network Ap Denyap Commands

    13-45 Command Line Interface Reference 13.7 Network AP Denyap commands admin(network.ap)>denyap Description: Displays the denyap submenu. The items available under this menu are shown below. Adds access port deny list entries delete Deletes access port deny list entries show Shows access port deny list save Saves cfg to system flash quit...
  • Page 320: Ws2000>Admin(Network.ap.denyap)>Add

    13-46 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.denyap)>add Description Add entries to the Access Port Deny List. Syntax: Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC <mac> entries are to be entered without the ‘:’ Example: admin(network.ap.denyap)>add 00b4c2114534...
  • Page 321: Ws2000>Admin(Network.ap.denyap)>Delete

    13-47 Command Line Interface Reference WS2000>admin(network.ap.denyap)>delete Description: Deletes an entry in the Access Port Deny List. Syntax: delete Deletes the MAC specified in the <mac> parameter from the Access Port Deny List. <mac> Deletes all the entries in the Access Port Deny List Example: admin(network.ap.denyap)>show ------------------------------------------------------------------------------...
  • Page 322: Ws2000>Admin(Network.ap.denyap)>Show

    13-48 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.denyap)>show Description: Displays the Access Port Deny List. Syntax: show Shows the Access Port Deny List entries Example: admin(network.ap.denyap)>show ------------------------------------------------------------------------------ AP NIC MAC ------------------------------------------------------------------------------ 00b4c2114535 00b4c2114534...
  • Page 323: Network Ap Smartscan Commands

    13-49 Command Line Interface Reference 13.8 Network AP Smartscan commands admin(network.ap)>smartscan Description: Displays the smartscan submenu. The items available under this menu are shown below. Sets smartscan channels delete Removes smartscan channels show Shows all smartscan channels save Saves the configuration to system flash. quit Quits the CLI.
  • Page 324: Ws2000>Admin(Network.ap.smartscan)>Set

    13-50 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.smartscan)>set Description: Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs. Syntax: Sets the smart scan channel list for the 5 GHz band. Channel list should be a <11a>...
  • Page 325: Ws2000>Admin(Network.ap.smartscan)>Delete

    13-51 Command Line Interface Reference WS2000>admin(network.ap.smartscan)>delete Description: Deletes all the channels in the smartscan list for a specific radio. Syntax: delete Sets the smart scan channel list for the 5 GHz band. Channel list should be a <11a> comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band.
  • Page 326: Ws2000>Admin(Network.ap.smartscan)>Show

    13-52 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.smartscan)>show Description: Displays the list of channels used for smartscan for the different radios. Syntax: show Shows the list of channels in the smartscan list. Example: admin(network.ap.smartscan)>show smart scan 11a channels smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165...
  • Page 327: Network Ap Mesh Commands

    13-53 Command Line Interface Reference 13.9 Network AP Mesh commands admin(network.ap)>mesh Description: Displays the mesh submenu. The items available under this menu are shown below. Sets mesh parameters Adds a preferred base to the list Removes preferred bases from the list preferred-list Shows a list of preferred bases available-list...
  • Page 328: Ws2000>Admin(Network.ap.mesh)>Set

    13-54 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.ap.mesh)>set Description: Sets the mesh related parameters. Syntax: Enables or disables the mesh client for the radio with the client <radio-idx> enable/ disable index <radio-idx>. Selects the WLAN for the mesh client. wlan <radio-idx>...
  • Page 329: Ws2000>Admin(Network.ap.mesh)> Add

    13-55 Command Line Interface Reference WS2000>admin(network.ap.mesh)> add Description: Adds a preferred base to the device’s Preferred Base Bridge List. Syntax: Adds the base to the device’s Preferred Base Bridge List. The <radio-idx> <radio-idx> <mac> is the unique ID for the radio. <mac> is the address of the base device to be added to the list.
  • Page 330: Ws2000> Admin(Network.ap.mesh)> Del

    13-56 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.ap.mesh)> del Description: Removes a Mesh Base from the device’s Preferred Base Bridge List. Syntax: Removes all preferred bases from the device’s Preferred Base Bridge <radio-idx> List. Removes the preferred base referred by <index> from the device’s <index>...
  • Page 331: Ws2000> Admin(Network.ap.mesh)> Preferred-List

    13-57 Command Line Interface Reference WS2000> admin(network.ap.mesh)> preferred-list Description: Displays the Preferred Base Bridge List for the device Syntax: preferred-list Displays the device’s Preferred Base Bridge List. <radio-idx> Example: admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------------ "Priority" "Base MAC" ------------------------------------------------------------------------------ 00:15:70:41:9F:9F 00:15:45:70:9C:8D 15:03:54:07:23:45 admin(network.ap.mesh)>...
  • Page 332: Ws2000> Admin(Network.ap.mesh)> Available-List

    13-58 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.ap.mesh)> available-list Description: Displays the list of available base bridges along with their MAC addresses and the RSSI. Syntax: available-list Displays the available base bridges for a particular radio indicated by <radio-idx> the <radio-idx>...
  • Page 333: Ws2000> Admin(Network.ap.mesh)> Show

    13-59 Command Line Interface Reference WS2000> admin(network.ap.mesh)> show Description: Displays the mesh details for a particular radio. Syntax: show Displays the mesh configuration information for the radio indicated by <radio-idx> the <radio-idx> value. Example: admin(network.ap.mesh)> show 3 ------------------------------------------------------------------------------ "Mode" "WLAN" "Base Auto Selection"...
  • Page 334: Network Dchp Commands

    13-60 WS2000 Wireless Switch System Reference Guide 13.10 Network DCHP Commands WS2000>admin(network)> dhcp Description: Displays the DHCP submenu. The items available under this command are shown below. Sets system updated flags. show Shows system updated flags. save Saves the configuration to system flash. Goes to the parent menu.
  • Page 335: Ws2000>Admin(Network.dhcp)> Set

    13-61 Command Line Interface Reference WS2000>admin(network.dhcp)> set Description: Sets parameters for automated firmware and configuration upgrades. Syntax: set firmwareupgrade Enables ( ) or disables ( ) automatic switch firmware upgrade. configupgrade Enables ( ) or disables ( ) automatic switch configuration update. interface Sets the interface for the upgrades to <int>: <int>...
  • Page 336: Ws2000>Admin(Network.dhcp)> Show

    13-62 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.dhcp)> show Description: Displays system updated flags. Syntax: show Displays all of the DHCP-related system update parameters. Example: show all admin(network.dhcp)> Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands: Sets the DHCP-related parameters for updating system firmware and configuration.
  • Page 337: Network Firewall Commands

    13-63 Command Line Interface Reference 13.11 Network Firewall Commands WS2000>admin(network)> fw Description: Displays the firewall submenu. The items available under this command are shown below. Sets firewall parameters. show Shows firewall parameters. submap Goes to the subnet mapping submenu. policy Goes to the advanced subnet mapping submenu.
  • Page 338: Ws2000>Admin(Network.fw)> Set

    13-64 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw)> set Description: Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen. Syntax: set mode Enables or disables the firewall. enable disable override Enables or disables subnet access override. enable disable Enables or disables FTP bounce attack check.
  • Page 339 13-65 Command Line Interface Reference ping of death attack filter : enable reassembly attack filter : enable admin(network.fw)> Related Commands: show Shows the current firewall settings.
  • Page 340: Ws2000>Admin(Network.fw)> Show

    13-66 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw)> show Description: Displays the firewall parameters. Syntax: show Shows all firewall settings. Example: admin(network.fw)>show all Firewall Status : enable Subnet Access Override : disable Configurable Firewall Filters ftp bounce attack filter : enable syn flood attack filter : enable unaligned ip timestamp filter...
  • Page 341: Network Firewall Policy Commands

    13-67 Command Line Interface Reference 13.12 Network Firewall Policy Commands WS2000>admin(network.fw)> policy Description: Displays the firewall policy submenu. The items available under this command are shown below. inbound Goes to the inbound policy submenu. outbound Goes to the outbound policy submenu. import Imports subnet access rules.
  • Page 342: Ws2000>Admin(Network.fw.policy)> Import

    13-68 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy)> import Description: Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted.
  • Page 343: Network Firewall Policy Inbound Commands

    13-69 Command Line Interface Reference 13.13 Network Firewall Policy Inbound Commands WS2000>admin(network.fw.policy)> inb Description: Displays the inbound policy submenu. The items available under this command are shown below. Adds a firewall policy. Sets firewall policy parameters. delete Deletes a firewall policy. list Lists firewall policies.
  • Page 344: Ws2000>Admin(Network.fw.policy.inb)> Add

    13-70 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> add Description: Adds an inbound firewall policy. Syntax: Adds a firewall policy to be effective on <sip> <snetmask> <dip> <dnetmask> communications between <sip> with <snetmask> (an IP and associated netmask) and a destination site specified by <dip>...
  • Page 345: Ws2000>Admin(Network.fw.policy.inb)> Delete

    13-71 Command Line Interface Reference WS2000>admin(network.fw.policy.inb)> delete Description: Deletes a firewall policy. Syntax: delete Deletes inbound firewall policy <idx> from the policy list. <idx> Deletes all inbound firewall policies. Example: admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ----------------------------------------------------------------------------- 209.239.179.52- 168.192.56.4- all 1: 0.0.0.0 deny...
  • Page 346: Ws2000>Admin(Network.fw.policy.inb)> Insert

    13-72 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> insert Description: Inserts a new firewall policy before an existing policy. Syntax: insert Inserts a new policy into the inbound firewall <idx> <sip> <snetmask> <dip> <dnetmask> policy list at spot <idx>, with source IP address and netmask of <sip>...
  • Page 347: Ws2000>Admin(Network.fw.policy.inb)> List

    13-73 Command Line Interface Reference WS2000>admin(network.fw.policy.inb)> list Description: Lists inbound firewall policies. Syntax: list Lists all firewall policies. Displays firewall policy with number <idx>. <idx> Example: admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask...
  • Page 348: Ws2000>Admin(Network.fw.policy.inb)> Move

    13-74 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.inb)> move Description: Moves a firewall policy to a different position in the list and renumbers all affected items in the list. Syntax: move Moves policy <idx> up one (to a lower number) in the policy list. <idx>...
  • Page 349: Ws2000>Admin(Network.fw.policy.inb)> Set

    13-75 Command Line Interface Reference WS2000>admin(network.fw.policy.inb)> set Description: Sets inbound firewall policy parameters. Syntax: set saddr Sets source IP address and IP netmask for inbound firewall <idx> <Ip Addr> <netmask> policy <idx>. daddr Sets destination IP address and IP netmask for inbound <idx>...
  • Page 350: Network Firewall Policy Outbound Commands

    13-76 WS2000 Wireless Switch System Reference Guide 13.14 Network Firewall Policy Outbound Commands WS2000>admin(network.fw.policy)> outb Description: Displays the outbound policy submenu. The items available under this command are shown below. Adds a firewall policy. Sets firewall policy parameters. delete Deletes a firewall policy. list Lists firewall policies.
  • Page 351: Ws2000>Admin(Network.fw.policy.outb)> Add

    13-77 Command Line Interface Reference WS2000>admin(network.fw.policy.outb)> add Description: Adds an outbound firewall policy. Syntax: Adds an outbound firewall policy to be effective on <sip> <snetmask> <dip> <dnetmask> communications between <sip> with <snetmask> (an IP and associated netmask) and a destination site specified by <dip>...
  • Page 352: Ws2000>Admin(Network.fw.policy.outb)> Delete

    13-78 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.outb)> delete Description: Deletes an outbound firewall policy. Syntax: delete Deletes outbound firewall policy <idx> from the policy list. <idx> Deletes all outbound firewall policies. Example: admin(network.fw.policy.outb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ----------------------------------------------------------------------------- 209.239.179.52- 168.192.56.4- all 1: 0.0.0.0 deny...
  • Page 353: Ws2000>Admin(Network.fw.policy.outb)> Insert

    13-79 Command Line Interface Reference WS2000>admin(network.fw.policy.outb)> insert Description: Inserts a new outbound firewall policy before an existing policy. Syntax: insert Inserts a new policy into the outbound firewall <idx> <sip> <snetmask> <dip> <dnetmask> policy list at spot <idx>, with source IP address and netmask of <sip>...
  • Page 354: Ws2000>Admin(Network.fw.policy.outb)> List

    13-80 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.outb)> list Description: Lists outbound firewall policies. Syntax: list Lists all outbound firewall policies. Displays outbound firewall policy with number <idx>. <idx> Example: admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ----------------------------------------------------------------------------- Idx Src IP-Netmask...
  • Page 355: Ws2000>Admin(Network.fw.policy.outb)> Move

    13-81 Command Line Interface Reference WS2000>admin(network.fw.policy.outb)> move Description: Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move. Syntax: move up Moves a policy <idx> up one (to a lower number) in the outbound policy list. <idx>...
  • Page 356: Ws2000>Admin(Network.fw.policy.outb)> Set

    13-82 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.policy.outb)> set Description: Sets firewall policy parameters. Syntax: set saddr Sets source IP address and IP netmask for outbound firewall <idx> <Ip Addr> <netmask> policy <idx>. daddr Sets destination IP address and IP netmask for outbound <idx>...
  • Page 357: Network Firewall Submap Commands

    13-83 Command Line Interface Reference 13.15 Network Firewall Submap Commands WS2000>admin(network.fw)> submap Description: Displays the subnet mapping submenu. The items available under this command are shown below. Adds subnet access exception rules. delete Deletes subnet access exception rules. list Lists subnet access exception rules. Sets subnet access parameters.
  • Page 358: Ws2000>Admin(Network.fw.submap)> Add

    13-84 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.submap)> add Description: Adds subnet access exception rules. Syntax: <from> <to> <name> <tran> <port1> <port2> Adds a subnet access exception rule for communication from <from> (one of = subnet1, = subnet2, = subnet3, = subnet4) to <to>...
  • Page 359: Ws2000>Admin(Network.fw.submap)> Delete

    13-85 Command Line Interface Reference WS2000>admin(network.fw.submap)> delete Description: Deletes subnet access exception rules. Syntax: delete Deletes access exception rule entry <idx> from <from> (one of = subnet1, <from> <idx> = subnet2, = subnet3, = subnet4). Deletes all access exception rule entries from <from> ( = subnet1, <from>...
  • Page 360: Ws2000>Admin(Network.fw.submap)> List

    13-86 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.submap)> list Description: Lists subnet access exception rules. Syntax: list Lists the access exception entries for <from> (one of = subnet1, = subnet2, <from> subnet3, = subnet4). Example: admin(network.fw.submap)>list s1 ----------------------------------------------------------------------------- index from name prot start port...
  • Page 361: Ws2000>Admin(Network.fw.submap)> Set

    13-87 Command Line Interface Reference WS2000>admin(network.fw.submap)> set Description: Sets a default subnet access rule to allow or deny communication. Syntax: set default Creates a default subnet access rule to deny or allow <from> <to> deny allow communication <from> one of the subnets (one of = subnet1, = subnet2, = subnet3,...
  • Page 362: Ws2000>Admin(Network.fw.submap)> Show

    13-88 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.fw.submap)> show Description: Displays default subnet access exception rules for indicated subnet. Syntax: show default Shows all default access exception rules for subnet <from> (one of = subnet1, <from> = subnet2, = subnet3, = subnet4) to all other subnets.
  • Page 363: Network Lan Commands

    13-89 Command Line Interface Reference 13.16 Network LAN Commands WS2000>admin(network)> lan Description: Displays the LAN submenu. The items available under this command are shown below. dhcp Goes to the DHCP submenu. Sets LAN parameters. show Shows LAN parameters. updateDNS Updates DNS for a subnet updateAllDNS Updates DNS for all subnets bridge...
  • Page 364: Ws2000>Admin(Network.lan)> Set

    13-90 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.lan)> set Description: Sets the LAN parameters for the four subnets. Syntax: ipadr Sets the IP address of subnet <idx> ( – ) to the IP address <idx> <IPaddr> <IPaddr> in the form a.b.c.d. mask Sets the netmask of subnet <idx>...
  • Page 365: Ws2000>Admin(Network.lan)> Show

    13-91 Command Line Interface Reference WS2000>admin(network.lan)> show Description: Shows the LAN parameters. Syntax: show lan Shows the settings for the subnet <idx> ( – <idx> Example: admin(network.lan)>show lan 1 subnet name : Subnet1 subnet interface : enable ip address : 192.168.0.1 network mask : 255.255.255.0 ports...
  • Page 366: Network Lan Dhcp Commands

    13-92 WS2000 Wireless Switch System Reference Guide 13.17 Network LAN DHCP Commands WS2000>admin(network.lan)> dhcp Description: Displays the DHCP submenu. The items available under this command are shown below. Adds static DHCP address assignments. delete Deletes static DHCP address assignments. list Lists static DHCP address assignments.
  • Page 367: Ws2000>Admin(Network.lan.dhcp)> Add

    13-93 Command Line Interface Reference WS2000>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: Adds a static DHCP address assignment for subnet <idx> where the device <idx> <mac> <ip> with the MAC address <mac> (00A0F8F01234) assigned to the IP address <ip>.
  • Page 368: Ws2000>Admin(Network.lan.dhcp)> Delete

    13-94 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.lan.dhcp)> delete Description: Deletes static DHCP address assignments. Syntax: delete Deletes the static DHCP address entry <entry> for subnet <idx>. <idx> <entry> Deletes all static DHCP addresses for subnet <idx>. <idx> Example: admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- index mac address...
  • Page 369: Ws2000>Admin(Network.lan.dhcp)> List

    13-95 Command Line Interface Reference WS2000>admin(network.lan.dhcp)> list Description: Lists static DHCP address assignments. Syntax: list Lists the static DHCP address assignments for subnet <idx> ( – <idx> Example: admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- index mac address ip address ----------------------------------------------------------------------------- 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>...
  • Page 370: Ws2000>Admin(Network.lan.dhcp)> Set

    13-96 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.lan.dhcp)> set Description: Sets DHCP parameters for the subnets. Syntax: set dgw Sets the default gateway for subnet <idx> ( – ) to the IP <idx> <ip> address <ip>. Sets the = primary or = secondary DNS server for subnet <idx>...
  • Page 371 13-97 Command Line Interface Reference dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1...
  • Page 372: Ws2000>Admin(Network.lan.dhcp)> Show

    13-98 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.lan.dhcp)> show Description: Shows DHCP parameter settings for specified subnets. Syntax: show dhcp Show the DHCP parameter settings for subnet <idx> ( – ). These parameters are <idx> set with the set command. Example: admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218...
  • Page 373: Ws2000>Admin(Network.lan.dhcp)> Renew

    13-99 Command Line Interface Reference WS2000>admin(network.lan.dhcp)> renew Description: Renews the IP address assigned by DHCP. Syntax: show dhcp Show the DHCP parameter settings for subnet <idx> ( – ). These parameters are <idx> set with the set command. Example: admin(network.lan.dhcp) renew...
  • Page 374: Network Lan Bridge Commands

    13-100 WS2000 Wireless Switch System Reference Guide 13.18 Network LAN Bridge commands WS2000>admin(network.lan)> bridge Description: Displays the Bridge submenu. The items available under this command are shown below. show Shows the bridge configuration parameters Sets bridge configuration parameters save Saves the configuration to system flash. quit Quits the CLI.
  • Page 375: Ws2000>Admin(Network.lan.bridge)>Show

    13-101 Command Line Interface Reference WS2000>admin(network.lan.bridge)>show Description: Displays the bridge configuration parameters. Syntax: show Displays the bridge configuration parameters. Example: admin(network.lan.bridge)> show ** LAN1 Bridge Configuration ** Bridge Priority : 32768 Hello Time (seconds) Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds)
  • Page 376: Ws2000>Admin(Network.lan.bridge)>Set

    13-102 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.lan.bridge)>set Description: Sets the bridge configuration parameters. Syntax: set priority Sets the bridge priority to <priority> ( ) for <LAN-idx> <priority> 0-65535 the lan <LAN-idx> ( hello Sets the bridge’s hello time to <hello> ( <LAN-idx>...
  • Page 377: Network Qos Commands

    13-103 Command Line Interface Reference 13.19 Network QoS Commands WS2000>admin(network)> qos Description: Displays the quality of service (QoS) submenu. The items available under this command are shown below. Sets QoS parameters. show Shows QoS parameters. clear Clears QoS parameters. save Saves the configuration to system flash.
  • Page 378: Ws2000>Admin(Network.qos)> Clear

    13-104 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.qos)> clear Description: Clears QoS radio statistics. Syntax: clear queuing Clears the radio QoS queuing statistics. Example: clear queue admin(network.qos)> Related Commands: Sets the QoS parameters. show Shows the QoS parameters and the QoS queuing statistics.
  • Page 379: Ws2000>Admin(Network.qos)> Set

    13-105 Command Line Interface Reference WS2000>admin(network.qos)> set Description: Sets QoS parameters. Syntax: set bw-share mode Set bandwidth share mode to one of , or none none static static weighted weighted weight Set the weight for WLAN <idx> ( – ) to <weight> ( –...
  • Page 380: Ws2000>Admin(Network.qos)> Show

    13-106 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.qos)> show Description: Shows QoS parameters and queuing statistics. Syntax: show bw-share Shows the bandwidth sharing settings. queuing Displays the radio QoS queuing statistics. <idx> Example: show bw admin(network.qos)> BW Share Mode:static show qu 1 admin(network.qos)>...
  • Page 381: Network Router Commands

    13-107 Command Line Interface Reference 13.20 Network Router Commands WS2000>admin(network)> router Description: Displays the router submenu. The items available under this command are shown below. Adds user-defined routes. delete Deletes user-defined routes. list Lists user-defined routes. Sets RIP parameters. show Shows routes/RIP parameters.
  • Page 382: Ws2000>Admin(Network.router)> Add

    13-108 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.router)> add Description: Adds user-defined routes. Syntax: Adds a route with destination IP address <dest>, IP <dest> <netmask> <gw> <iface> <metric> netmask <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface> (one of subnet1, = subnet2, = subnet3,...
  • Page 383: Ws2000>Admin(Network.router)> Delete

    13-109 Command Line Interface Reference WS2000>admin(network.router)> delete Description: Deletes user-defined routes. Syntax: delete Deletes the user-defined route <idx> ( – ) from the list. <idx> Deletes all user-defined routes. Example: admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5 admin(network.router)>delete 2 admin(network.router)>list...
  • Page 384: Ws2000>Admin(Network.router)> List

    13-110 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.router)> list Description: Lists user-defined routes. Syntax: list Displays a list of user-defined routes. Example: admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ----------------------------------------------------------------------------- index destination netmask gateway interface metric ----------------------------------------------------------------------------- 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5...
  • Page 385: Ws2000>Admin(Network.router)> Set

    13-111 Command Line Interface Reference WS2000>admin(network.router)> set Description: Sets routing information protocol (RIP) parameters. Syntax: set auth Sets RIP authentication type to <auth> (one of , or <auth> none simple Sets RIP direction to <dir> (one of = receive, = transmit, or <dir>...
  • Page 386: Ws2000>Admin(Network.router)> Show

    13-112 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.router)> show Description: Shows connected routes and routing information protocol (RIP) parameters. Syntax: show Shows RIP parameters. routes Shows connected routes. Example: admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ********...
  • Page 387: Network Vlan Commands

    13-113 Command Line Interface Reference 13.21 Network VLAN Commands WS2000>admin(network)> vlan Description: Displays the VLAN submenu. The items available under this command are shown below. trunk Goes to the trunk submenu. Sets VLAN parameters. show Shows VLAN parameters. save Saves the configuration to system flash. Goes to the parent menu.
  • Page 388: Ws2000>Admin(Network.vlan)> Set

    13-114 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.vlan)> set Description: Sets VLAN parameters. Syntax: assign-mode Assigns the VLAN assignment mode to one of user user port port default Assigns the default VLAN ID to <vlan-id>, which is a number <vlan- id>...
  • Page 389: Ws2000>Admin(Network.vlan)> Show

    13-115 Command Line Interface Reference WS2000>admin(network.vlan)> show Description: Shows VLAN parameters. Syntax: show vlan Displays the VLAN settings for the VLAN specified by <id> ( – <id> 4094 Example: show vlan 3 admin(network.vlan)> VLAN assignment mode : user VLAN ID VLAN Mapped Subnet : Subnet3 Default VLAN ID...
  • Page 390: Network Vlan Trunk Commands

    13-116 WS2000 Wireless Switch System Reference Guide 13.22 Network VLAN Trunk Commands WS2000>admin(network.vlan)> trunk Description: Displays the trunk submenu. The items available under this command are shown below. Sets trunk parameters. show Shows trunk parameters. clear Clears options. Goes to the parent menu. Goes to the root menu.
  • Page 391: Ws2000>Admin(Network.vlan.trunk)> Clear

    13-117 Command Line Interface Reference WS2000>admin(network.vlan.trunk)> clear Description: Clears VLANs that are trunked. Syntax: clear trunked Clears all the VLANs that are being trunked. Example: clear trunked admin(network.vlan.trunk)> Related Commands: Sets the VLAN trunking parameters. show Displays the VLAN trunking settings.
  • Page 392: Ws2000>Admin(Network.vlan.trunk)> Set

    13-118 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.vlan.trunk)> set Description: Sets trunk parameters. Syntax: enable the trunk port for the VLAN to be <port trunk- <port Enables disables port idx> disable id> ( – ) as numbered on the switch. Adds the VLANs in <vlan list>...
  • Page 393: Ws2000>Admin(Network.vlan.trunk)> Show

    13-119 Command Line Interface Reference WS2000>admin(network.vlan.trunk)> show Description: Displays VLAN trunk settings. Syntax: show trunk Displays VLAN trunking settings. Example: show trunk admin(network.vlan.trunk)> Trunk Port : None VLAN's Trunked : None Related Commands: Sets trunking parameters.
  • Page 394: Network Wan Commands

    13-120 WS2000 Wireless Switch System Reference Guide 13.23 Network WAN Commands WS2000>admin(network)> wan Description: Displays the WAN submenu. The items available under this command are shown below. Goes to the VPN submenu. Goes to the NAT submenu. Goes to the outbound content filtering submenu. renew Renews the IP address.
  • Page 395: Ws2000>Admin(Network.wan)> Renew

    13-121 Command Line Interface Reference WS2000>admin(network.wan)> renew Description: Renews the IP address. Syntax: renew Renews the switch’s DHCP lease of the IP address if it is a DHCP client. Example: renew admin(network.wan)> admin(network.wan)>...
  • Page 396: Ws2000>Admin(Network.wan)> Set

    13-122 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> set Description: Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen. Syntax: set dhcp Enables or disables the switch as a DHCP client. enable disable Sets the default gateway IP address to <a.b.c.d>.
  • Page 397: Ws2000>Admin(Network.wan)> Show

    13-123 Command Line Interface Reference WS2000>admin(network.wan)> show Description: Shows the WAN parameters. Syntax: show ip Shows the general IP parameters for the WAN along with settings for the WAN <idx> interface associated with <idx> (where <idx> is in the range –...
  • Page 398: Network Wan App Commands

    13-124 WS2000 Wireless Switch System Reference Guide 13.24 Network WAN App Commands WS2000>admin(network.wan)> app Description: Displays the outbound content filtering submenu. The items available under this command are shown below. addcmd Adds app control commands to the deny list. delcmd Deletes app control commands from the deny list.
  • Page 399: Ws2000>Admin(Network.wan.app)> Addcmd

    13-125 Command Line Interface Reference WS2000>admin(network.wan.app)> addcmd Description: Adds app control commands to the deny list. Syntax: addcmd web file Denies specified web file name. <filename> can be up to 15 <filename> .<ext> characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java).
  • Page 400 13-126 WS2000 Wireless Switch System Reference Guide Directory List : allow Create Directory : allow Change Directory : deny Passive Operation : deny admin(network.wan.app)>addcmd smtp helo admin(network.wan.app)>addcmd smtp vrfy admin(network.wan.app)>list smtp SMTP Commands HELO : deny MAIL : allow RCPT : allow DATA : allow...
  • Page 401: Ws2000>Admin(Network.wan.app)> Delcmd

    13-127 Command Line Interface Reference WS2000>admin(network.wan.app)> delcmd Description: Deletes application control commands from the deny list. Syntax: delcmd web file Deletes specified web file name from deny list. <filename> can be <filename> .<ext> up to 15 characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java).
  • Page 402 13-128 WS2000 Wireless Switch System Reference Guide Storing Files : allow Retrieving Files : allow Directory List : allow Create Directory : allow Change Directory : allow Passive Operation : deny admin(network.wan.app)>list smtp SMTP Commands HELO : deny MAIL : allow RCPT : allow DATA...
  • Page 403: Ws2000>Admin(Network.wan.app)> List

    13-129 Command Line Interface Reference WS2000>admin(network.wan.app)> list Description: Lists the app control records. Syntax: list Lists Web/HTTP app control settings. Lists FTP app control settings. smtp Lists SMTP app control record. Example: admin(network.wan.app)>list web HTTP Files/Commands Web Proxy : deny ActiveX : deny filename...
  • Page 404: Network Wan Nat Commands

    13-130 WS2000 Wireless Switch System Reference Guide 13.25 Network WAN NAT Commands WS2000>admin(network.wan)> nat Description: Displays the nat submenu. The items available under this command are shown below. Adds NAT records. delete Deletes NAT records. list Lists NAT records. Sets NAT parameters. show Shows NAT parameters.
  • Page 405: Ws2000>Admin(Network.wan.nat)> Add

    13-131 Command Line Interface Reference WS2000>admin(network.wan.nat)> add Description: Adds NAT records. Syntax: add inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port> Sets an inbound network address translation (NAT) for WAN address <idx>, where <name> is the name of the entry (1 to 7 characters), <tran> is the transport protocol (one of , or ), <port1>...
  • Page 406: Ws2000>Admin(Network.wan.nat)> Delete

    13-132 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> delete Description: Deletes NAT records. Syntax: delete inb Deletes a NAT entry <entry> ( – ) that is associated with WAN <idx> <idx> <entry> – Deletes all NAT entries associated with WAN <idx> ( –...
  • Page 407: Ws2000>Admin(Network.wan.nat)> List

    13-133 Command Line Interface Reference WS2000>admin(network.wan.nat)> list Description: Lists NAT records. Syntax: list Lists the inbound NAT entries associated with WAN port <idx> ( – <idx> Example: admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ----------------------------------------------------------------------------- index name prot...
  • Page 408: Ws2000>Admin(Network.wan.nat)> Set

    13-134 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.nat)> set Description: Sets NAT inbound and outbound parameters. Syntax: set inb mode Enables or disables port forwarding for WAN IP address index <idx> enable <idx> ( – disable Forwards unspecified ports associated with WAN address <idx> to <idx>...
  • Page 409: Ws2000>Admin(Network.wan.nat)> Show

    13-135 Command Line Interface Reference WS2000>admin(network.wan.nat)> show Description: Shows NAT parameters. Syntax: show Shows NAT settings for WAN <idx> ( – <idx> Example: admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type : 1-to-1 one to one nat ip address : 209.239.44.36 port forwarding mode : enable...
  • Page 410: Network Wan Vpn Commands

    13-136 WS2000 Wireless Switch System Reference Guide 13.26 Network WAN VPN Commands WS2000>admin(network.wan)> vpn Description: Displays the VPN submenu. The items available under this command are shown below. cmgr Goes to the cmgr (Certificate Manager) submenu. Adds an security policy database (SPD) entry. Sets SPD parameters.
  • Page 411: Ws2000>Admin(Network.wan.vpn)> Add

    13-137 Command Line Interface Reference WS2000>admin(network.wan.vpn)> add Description: Adds an security policy database (SPD) entry. Syntax: <name> <LSubnet> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP> Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> ( ), through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP>...
  • Page 412: Ws2000>Admin(Network.wan.vpn)> Delete

    13-138 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> delete Description: Deletes security policy database (SPD) entries. Syntax: delete Deletes all SPD entries. Deletes SPD entries named <name>. <name> Example: admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet -------------------------------------------------------------------------- Eng2EngAnnex...
  • Page 413: Ws2000>Admin(Network.wan.vpn)> Ikestate

    13-139 Command Line Interface Reference WS2000>admin(network.wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax: ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.
  • Page 414: Ws2000>Admin(Network.wan.vpn)> List

    13-140 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> list Description: Lists security policy database (SPD) entries. Syntax: list Lists all tunnel entries. Lists detailed information about tunnel named <name>. Note that the <name> must match <name> case with the name in the SPD entry. “Bob” is not equal to “bob”, as shown in the example below.
  • Page 415: Ws2000>Admin(Network.wan.vpn)> Reset

    13-141 Command Line Interface Reference WS2000>admin(network.wan.vpn)> reset Description: Resets all VPN tunnels. Syntax: reset Resets all VPN tunnels. Example: admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)>...
  • Page 416: Ws2000>Admin(Network.wan.vpn)> Set

    13-142 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> set Description: Sets security policy database (SPD) entry parameters. Syntax: set ike myidtype Sets the Local ID type for IKE <name> <idtype> authentication for SPD <name> (1 to 13 characters) to <idtype> (one of , or FQDN UFQDN...
  • Page 417 13-143 Command Line Interface Reference remgw Sets the Remote IP gateway for SPD <name> <remgw> <name> to be <remgw> (a.b.c.d). Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client. authalgo Sets the authentication algorithm for SPD <name>...
  • Page 418 13-144 WS2000 Wireless Switch System Reference Guide usepfs Enables or disables Perfect Forward <name> enable Secrecy for SPD <name>. disable salife Sets SA life time to <lifetime> seconds <name> <life time> (minimum 300). ipsecdel Enables the deletion of IPSEC SA when IKE <name>...
  • Page 419 13-145 Command Line Interface Reference admin(network.wan.vpn)>set authalgo Bob MD5 admin(network.wan.vpn)>list Bob ----------------------------------------------------------------------------- Detail listing of VPN entry: ----------------------------------------------------------------------------- Name : Bob Local Subnet Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm...
  • Page 420: Ws2000>Admin(Network.wan.vpn)> Stats

    13-146 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: stats Display statistics for all active VPN tunnels. Example: admin(network.wan.vpn)>stats ----------------------------------------------------------------------------- Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) ----------------------------------------------------------------------------- Eng2EngAnnex Not Active Not Active...
  • Page 421: Network Wan Vpn Cmgr Commands

    13-147 Command Line Interface Reference 13.27 Network WAN VPN Cmgr Commands WS2000>admin(network.wan.vpn)> cmgr Description: Displays to the Certificate Manager submenu. The items available under this command are shown below. genreq Generates a Certificate Request. loadca Loads a trusted certificate from CA. loadself Loads a self certificate signed by CA.
  • Page 422: Ws2000>Admin(Network.wan.vpn.cmgr)> Delca

    13-148 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> delca Description: Deletes a trusted certificate. Syntax: delca Deletes the trusted certificate <IDname>. <IDname> Example: admin(network.wan.vpn.cmgr)>delca CAfinance admin(network.wan.vpn.cmgr)>...
  • Page 423: Ws2000>Admin(Network.wan.vpn.cmgr)> Delprivkey

    13-149 Command Line Interface Reference WS2000>admin(network.wan.vpn.cmgr)> delprivkey Description: Deletes a private key. Syntax: delprivkey Deletes private key named <IDname>. <IDname> Example: admin(network.wan.vpn.cmgr)>delprivkey <IDname> admin(network.wan.vpn.cmgr)>...
  • Page 424: Ws2000>Admin(Network.wan.vpn.cmgr)> Delself

    13-150 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> delself Description: Deletes a self certificate. Syntax: delself Deletes the self certificate named <IDname>. <IDname> Example: admin(network.wan.vpn.cmgr)>delself<IDname> admin(network.wan.vpn.cmgr)>...
  • Page 425: Ws2000>Admin(Network.wan.vpn.cmgr)> Expcert

    13-151 Command Line Interface Reference WS2000>admin(network.wan.vpn.cmgr)> expcert Description: Exports the certificate file. Syntax: expcert Exports the certificate with specified filename <file name> by either <file name> . The tftp or ftp options for this file transfer will use the tftp tftp settings for the configuration file settings.
  • Page 426: Ws2000>Admin(Network.wan.vpn.cmgr)> Genreq

    13-152 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> genreq Description: Generates a Certificate Request. Syntax: genreq <IDname <Subject ...optiona Generates a self-certificate request for a > > Certification Authority (CA), where <IDname> arguments. is the private key ID (up to 7 characters) and <subject>...
  • Page 427: Ws2000>Admin(Network.wan.vpn.cmgr)> Impcert

    13-153 Command Line Interface Reference WS2000>admin(network.wan.vpn.cmgr)> impcert Description: Imports the certificate file. Syntax: impcert Imports the certificate with specified filename <file name> by either <file name> . The tftp or ftp options for this file transfer will use the settings for tftp tftp the configuration file settings.
  • Page 428: Ws2000>Admin(Network.wan.vpn.cmgr)> Listca

    13-154 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> listca Description: Lists the loaded trusted certificate. Syntax: listca Lists the loaded trusted certificates. Example: admin(network.wan.vpn.cmgr)>listca Trusted Certificate List:...
  • Page 429: Ws2000>Admin(Network.wan.vpn.cmgr)> Listprivkey

    13-155 Command Line Interface Reference WS2000>admin(network.wan.vpn.cmgr)> listprivkey Description: Lists the names of private keys. Syntax: listprivkey Lists all private keys. Example: admin(network.wan.vpn.cmgr)>listprivkey ----------------------------------------------------------------------------- Private Key Name Certificate Associated -----------------------------------------------------------------------------...
  • Page 430: Ws2000>Admin(Network.wan.vpn.cmgr)> Listself

    13-156 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> listself Description: Lists the loaded self certificates. Syntax: listself Lists all self certificates that are loaded. Example: admin(network.wan.vpn.cmgr)>listself Self Certificate List:...
  • Page 431: Ws2000>Admin(Network.wan.vpn.cmgr)> Loadca

    13-157 Command Line Interface Reference WS2000>admin(network.wan.vpn.cmgr)> loadca Description: Loads a trusted certificate from the Certificate Authority. Syntax: loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. Example: admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded Paste the certificate:...
  • Page 432: Ws2000>Admin(Network.wan.vpn.cmgr)> Loadself

    13-158 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan.vpn.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority. Syntax: loadself Loads the self certificate signed by the CA with name <IDname>. <IDname> Example: admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate:...
  • Page 433: Ws2000>Admin(Network.wan.vpn.cmgr)> Showreq

    13-159 Command Line Interface Reference WS2000>admin(network.wan.vpn.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: showreq Displays a certificate request named <IDname> generated from the genreq command. <IDname>...
  • Page 434: Network Wlan Commands

    13-160 WS2000 Wireless Switch System Reference Guide 13.28 Network WLAN Commands WS2000>admin(network)> wlan Description: Displays the WLAN submenu. The items available under this command are shown below. Adds MU access control list entries. delete Deletes MU access control list entries. list Lists MU access control list entries.
  • Page 435: Ws2000>Admin(Network.wlan)> Add

    13-161 Command Line Interface Reference WS2000>admin(network.wlan)> add Description: Adds entries to the mobile unit (MU) access control list. Syntax: Adds an entry to the MU access control list, where <idx> is the WLAN <idx> <mac1> <mac2> index ( – ), <mac1> is the starting MAC address (e.g., 001122334455), and <mac2>...
  • Page 436: Ws2000>Admin(Network.wlan)> Delete

    13-162 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> delete Description: Deletes specified entry or entries from mobile unit (MU) access control list. Syntax: delete Deletes MU access control list entry <entry> ( – ) for WLAN <idx> ( – <idx> <entry> Deletes all access control list entries for the WLAN specified by <idx>.
  • Page 437: Ws2000>Admin(Network.wlan)> List

    13-163 Command Line Interface Reference WS2000>admin(network.wlan)> list Description: Lists the entries in the mobile unit (MU) access control list. Syntax: list Displays the entries in the MU access control list for WLAN <idx> ( – <idx> Example: admin(network.wlan)>list 1 ----------------------------------------------------------------------------- index start mac end mac...
  • Page 438: Ws2000>Admin(Network.wlan)> Set

    13-164 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> set Description: Sets WLAN parameters. Syntax: set acl Sets the default MU access control mode to <idx> allow allow or deny for WLAN <idx>. deny adopt Sets default Access Port adoption to allow or <idx>...
  • Page 439 13-165 Command Line Interface Reference secret Sets the EAP shared secret <secret> (1–127 <idx> <rsidx > characters) for server <rsidx> ( -primary or <secre secondary) on WLAN <idx>. t> Note: Note: Kerberos parameters are only in effect if “kerberos” is specified for the authentication method (set auth <idx>...
  • Page 440 13-166 WS2000 Wireless Switch System Reference Guide interval Sets the broadcast key rotation interval to <idx> <inter val> <interval> seconds ( – ) for WLAN 604800 <idx>. ccmp Sets the CCMP key to <key> (1–64 hex digits) <idx> <key> for WLAN <idx>. Must be specified when type parameter is set to key.
  • Page 441 13-167 Command Line Interface Reference ess identifier : 101 wlan mode : enable enc type : wep104 auth type : kerberos voice prioritization : enable disallow mu to mu : enable answer broadcast ess : disable default mu acl mode : allow all default ap adopt mode : allow all...
  • Page 442: Ws2000>Admin(Network.wlan)> Show

    13-168 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan)> show Description: Displays the WLAN parameters. Syntax: show Shows the EAP parameters for WLAN <idx>. <idx> kerb Shows the Kerberos parameters for WLAN <idx>. <idx> tkip Shows the TKIP parameters for WLAN <idx>. <idx>...
  • Page 443 13-169 Command Line Interface Reference disallow mu to mu : disable answer broadcast ess : disable default mu acl mode : allow all default ap adopt mode : allow all multicast address 1 : 01005E000000 multicast address 2 : 09000E000000 Related Commands: Sets WLAN parameters.
  • Page 444: Network Wlan Rogue Ap Commands

    13-170 WS2000 Wireless Switch System Reference Guide 13.29 Network WLAN Rogue AP Commands WS2000>admin(network.wlan)> rogueap Description: Displays the rogue AP submenu. The items available under this command are shown below. show Shows current rogue AP configuration. Sets rogue AP parameters. rulelist Goes to the rule list submenu.
  • Page 445: Ws2000>Admin(Network.wlan.rogueap)> Set

    13-171 Command Line Interface Reference WS2000>admin(network.wlan.rogueap)> set Description: Sets rogue access point parameters. Syntax: set muscan mode enable Enables or disables mobile unit scanning. disable interval Sets the MU scan interval to <interval> ( – ) minutes. <interval> 65535 apscan mode enable Enables or disables AP scanning.
  • Page 446: Ws2000>Admin(Network.wlan.rogueap)> Show

    13-172 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap)> show Description: Shows the current rogue AP configuration. Syntax: show Displays the rogue AP scanning settings. Example: show admin(network.wlan.rogueap)> mu scan : disabled mu scan interval : 60 minutes ap scan : disabled ap scan interval : 60 minutes detector ap scan...
  • Page 447: Network Wlan Rogue Ap Approved Ap List Commands

    13-173 Command Line Interface Reference 13.30 Network WLAN Rogue AP Approved AP List Commands WS2000>admin(network.wlan.rogueap)> approvedlist Description: Displays the approved AP list submenu. The items available under this command are shown below. show Shows the approved AP list. ageout Displays the ageout time for an approved list entry. approve Approves an AP.
  • Page 448: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Ageout

    13-174 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.approvedlist)> ageout Description: Displays ageout time for an approved list entry. Syntax: ageout Sets the number of minutes, <interval> ( – ) before an entry in the approved list <interva 1000 l> is automatically removed. Example: ageout 30 admin(network.wlan.rogueap.approvedlist)>...
  • Page 449: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Approve

    13-175 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.approvedlist)> approve Description: Approves an AP. Syntax: approve Approves an access point from the list based on the location specified by <index> <index>. Approves all access points in the list. Example: approve 1 admin(network.wlan.rogueap.approvedlist)> approve all admin(network.wlan.rogueap.approvedlist)>...
  • Page 450: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Erase

    13-176 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.approvedlist)> erase Description: Erases the approved AP list. Syntax: erase Erases all entries in the approved list. Example: erase all admin(network.wlan.rogueap.approvedlist)> show admin(network.wlan.rogueap.approvedlist)> approved ap list ++++++++++++++++ approved list ageout : 30 minutes index essid -----...
  • Page 451: Ws2000>Admin(Network.wlan.rogueap.approvedlist)> Show

    13-177 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.approvedlist)> show Description: Shows the approved AP list. Syntax: show Displays the list of approved APs. Example: show admin(network.wlan.rogueap.approvedlist)> approved ap list ++++++++++++++++ approved list ageout : 30 minutes index essid ----- ------ Related Commands: approve Adds an AP to the approved list.
  • Page 452: Network Wlan Rogue Ap List Commands

    13-178 WS2000 Wireless Switch System Reference Guide 13.31 Network WLAN Rogue AP List Commands WS2000>admin(network.wlan.rogueap)> roguelist Description: Displays the rogue AP list submenu. The items available under this command are shown below. show Displays the rogue list entries. locate Goes to the submenu for locating a rogue AP. muscan Goes to the submenu for on-demand MU polling.
  • Page 453: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Ageout

    13-179 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.roguelist)> ageout Description: Displays the ageout time for a rogue list entry. Syntax: ageout Sets the ageout time for the entry associated to <time> ( – ) minutes. <time> 1000 Example: ageout 50 admin(network.wlan.rogueap.roguelist)> Related Commands: locate Locates a rogue AP.
  • Page 454: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Approve

    13-180 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> approve Description: Moves a rogue AP into the approved AP list. Syntax: approve Puts the rogue AP <index> into the approved AP list. <index> Puts all the entries of the rogue list into the approved AP list. Example: approve all admin(network.wlan.rogueap.approvedlist)>...
  • Page 455: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Erase

    13-181 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.roguelist)> erase Description: Erases the rogue AP list. Syntax: erase Deletes all entries from the rogue AP list. Example: erase all admin(network.wlan.rogueap.roguelist)> Related Commands: show Lists all entries in the rogue AP list.
  • Page 456: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Show

    13-182 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> show Description: Displays the rogue list entries. Syntax: show Displays the list of rogue APs. Displays detailed information for the rogue AP with index number <index>. <index> Displays the Rogue AP Containment list deauth- list Example:...
  • Page 457: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Set

    13-183 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.roguelist)> set Description: Sets rogue list parameters. Syntax: RAP-Containment enable Enables or disables Rogue AP Containment feature. disable deauth-interval Sets the Rogue AP de-authentication interval to <interval> ( – <interval> ) seconds. This is the time after which MUs associated to a Rogue AP is deauthenticated.
  • Page 458: Ws2000>Admin(Network.wlan.rogueap.roguelist)> Deauth

    13-184 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist)> deauth Description: Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from the list. Syntax: deauth add-to-list Adds an AP to the Rogue AP containment list at the position <index>...
  • Page 459: Network Wlan Rogue Ap Locate Commands

    13-185 Command Line Interface Reference 13.32 Network WLAN Rogue AP Locate Commands WS2000>admin(network.wlan.rogueap.roguelist)> locate Description: Displays the locate submenu. The items available under this command are shown below. start Starts locating a rogue AP. list Lists results of the locate rogue AP scan. save Saves the configuration to system flash.
  • Page 460: Ws2000>Admin(Network.wlan.rogueap.roguelist.locate)> List

    13-186 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist.locate)> list Description: Lists the results of the locate rogue AP scan. Syntax: list Lists the results of the locate rogue AP scan. Example: list admin(network.wlan.rogueap.roguelist.locate)> Related Commands: start Starts the rogue AP location process.
  • Page 461: Ws2000>Admin(Network.wlan.rogueap.roguelist.locate)> Start

    13-187 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.roguelist.locate)> start Description: Locates a rogue AP. Syntax: start Starts locating a rogue AP where <mac> is the MAC address (or BSSID) of the <mac> <essid> rogue AP, and <essid> is the ESSID for the rogue AP. Example: start 00A0f8fe2344 wlan-engg admin(network.wlan.rogueap.roguelist.locate)>...
  • Page 462: Network Wlan Rogue Ap Mu Scan Commands

    13-188 WS2000 Wireless Switch System Reference Guide 13.33 Network WLAN Rogue AP MU Scan Commands WS2000>admin(network.wlan.rogueap.roguelist)> muscan Description: Displays the MU scan submenu. The items available under this command are shown below. start Starts a rogue AP scan using on-demand MU polling. list Lists the rogue APs found during the scan.
  • Page 463: Ws2000>Admin(Network.wlan.rogueap.roguelist.muscan)> List

    13-189 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.roguelist.muscan)> list Description: Lists the results of the locate rogue AP scan. Syntax: list Lists the results of the locate rogue AP scan. Example: list admin(network.wlan.rogueap.roguelist.muscan)> Related Commands: start Starts the MU scan process.
  • Page 464: Ws2000>Admin(Network.wlan.rogueap.roguelist.muscan)> Start

    13-190 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.roguelist.muscan)> start Description: Starts an on-demand MU polling for rogue APs. Syntax: start Starts locating a rogue AP where <mac> is the MAC address (or BSSID) of <mac> <essid> the rogue AP, and <essid> is the ESSID for the rogue AP. Example: start 00A0f8fe2344 admin(network.wlan.rogueap.roguelist.muscan)>...
  • Page 465: Network Wlan Rogue Ap Rule List Commands

    13-191 Command Line Interface Reference 13.34 Network WLAN Rogue AP Rule List Commands WS2000>admin(network.wlan.rogueap)> rulelist Description: Displays the rule list submenu. The items available under this command are shown below. show Displays the rule list. Adds an entry to the rule list. delete Deletes an entry from the rule list.
  • Page 466: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Add

    13-192 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.rulelist)> add Description: Adds an entry to the rule list. Syntax: Adds an entry into the rule list to allow an AP with the mac address <mac> and <mac> <essid> the ESSID <essid>. Example: add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>...
  • Page 467: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Authsymbolap

    13-193 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.rulelist)> authsymbolap Description: Authorizes all Symbol APs. Syntax: authsymbolap enable disable Enables or disables automatic authorization of all Symbol APs. Example: auth enable admin(network.wlan.rogueap.rulelist)> show admin(network.wlan.rogueap.rulelist)> rule list +++++++++ symbol ap authorization : enabled index essid ----- ------...
  • Page 468: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Delete

    13-194 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.rogueap.rulelist)> delete Description: Deletes an entry from the rule list. Syntax: delete Deletes all entries in the rule list. Deletes the <idx> entry in the rule list. <idx> Example: delete all admin(network.wlan.rogueap.rulelist)> show admin(network.wlan.rogueap.rulelist)>...
  • Page 469: Ws2000>Admin(Network.wlan.rogueap.rulelist)> Show

    13-195 Command Line Interface Reference WS2000>admin(network.wlan.rogueap.rulelist)> show Description: Displays the rule list. Syntax: show Displays all entries in the rule list. Example: show admin(network.wlan.rogueap.rulelist)> rule list +++++++++ symbol ap authorization : enabled index essid ----- ------ 00:a0:f8:f3:12:12 mywlan Related Commands: delete Deletes entries from the rule list.
  • Page 470: Network Wlan Enhanced Rogue Ap Commands

    13-196 WS2000 Wireless Switch System Reference Guide 13.35 Network WLAN Enhanced Rogue AP Commands WS2000> admin(network.wlan)> enhancedrogueap Description: Displays the Enhanced Rogue AP detection submenu. The items available under this command are shown below. show Displays the Enhanced Rogue AP parameters. Sets the Enhanced Rogue AP parameters save Saves the configuration to system flash.
  • Page 471: Ws2000> Admin(Network.wlan.enhancedrogueap)>Show

    13-197 Command Line Interface Reference WS2000> admin(network.wlan.enhancedrogueap)>show Description: Displays the Enhanced Rogue AP parameters. Syntax: show Shows the Enhanced Rogue AP parameter information. Example: admin(network.wlan.enhancedrogueap)>show Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A Channel Set for Radio B/G : admin(network.wlan.enhancedrogueap)>...
  • Page 472: Ws2000> Admin(Network.wlan.enhancedrogueap)> Set

    13-198 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.enhancedrogueap)> set Description: Sets the Enhanced Rogue AP parameters. Syntax: mode enable Enables or disables the Enhanced Rogue AP feature disable scaninterval Sets the Enhanced Rogue AP feature scan interval. <scan interval> scanduration Sets the Enhanced Rogue AP feature scan duration <scan...
  • Page 473: Network Wlan Mu Probe Commands

    13-199 Command Line Interface Reference 13.36 Network WLAN MU Probe Commands WS2000>admin(network.wlan)> muprobe Description: Displays the MU Probe sub menu. The items available under this menu are shown below. show Shows the MU Probe Table configuration Sets the MU Probe Table configuration save Saves the configuration to system flash.
  • Page 474: Ws2000>Admin(Network.wlan.muprobe)> Show

    13-200 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wlan.muprobe)> show Description: Displays the MU Probe Table configuration information. Syntax: show Shows the MU Probe Table configuration information Example: admin(network.wlan.muprobe)> show mu probe table : disabled mu probe table size : 200 MUs (number of rows could be more) mu probe window : 30 seconds...
  • Page 475: Ws2000>Admin(Network.wlan.muprobe)> Set

    13-201 Command Line Interface Reference WS2000>admin(network.wlan.muprobe)> set Description: Sets the different MU Probe Table configurations. Syntax: mode Enables or disables MU Probe scans enable/disable size Sets the size in number of rows of the MU Probe Table. erase Erases the MU Probe Table window Sets the MU Probe time window to <value>...
  • Page 476: Network Wlan Hotspot Commands

    13-202 WS2000 Wireless Switch System Reference Guide 13.37 Network WLAN Hotspot Commands WS2000>admin(network.wlan)> hotspot Description: Displays the Hotspot sub menu. The items available under this menu are shown below. Sets the hotspot parameters show Displays the hotspot parameters import Imports hotspot display pages radius Sets hotspot RADIUS configuration.
  • Page 477: Ws2000>Admin(Network.wlan.hotspot)> Set

    13-203 Command Line Interface Reference WS2000>admin(network.wlan.hotspot)> set Description: Sets the different Hotspot parameters. Syntax set mode Enables or disables hotspot for a WLAN with the index <idx> enable/ disable value <idx> ( page- Sets the location of the welcome page for Hotspot for a <idx>...
  • Page 478 13-204 WS2000 Wireless Switch System Reference Guide admin(network.wlan.hotspot)> set exturl 1 fail //192.168.1.10/wlan1/hotspt/ fail.htm admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode : enable Hotspot Page Location : url External Login URL : //192.168.1.10/wlan1/hotspt/login.htm External Welcome URL : //192.168.1.10/wlan1/hotspt/welcome.htm External Fail URL : //192.168.1.10/wlan1/hotspt/fail.htm Http Mode : https...
  • Page 479: Ws2000> Admin(Network.wlan.hotspot)> Show

    13-205 Command Line Interface Reference WS2000> admin(network.wlan.hotspot)> show Description: Displays the different hotspot configuration information. Syntax: show hotspot Displays the hotspot configuration information. <idx> white-list Displays the white list rules. <idx> hs-session- Displays the global hotspot session timeout value. timeout Example: admin(network.wlan.hotspot)>...
  • Page 480: Ws2000> Admin(Network.wlan.hotspot)> Import

    13-206 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.hotspot)> import Description: Imports the html pages for the welcome, login, and fail screens. Syntax: import Imports the specified page for the WLAN with index <idx> ( <idx> <page> <page> must be one of , or .
  • Page 481: Network Wlan Hotspot Radius Commands

    13-207 Command Line Interface Reference 13.38 Network WLAN Hotspot RADIUS commands WS2000> admin(network.wlan.hotspot)> radius Description: Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users. The items available under this command are shown below. show Shows RADIUS configuration information. Sets RADIUS configuration save Saves the configuration to system flash.
  • Page 482: Ws2000> Admin(Network.wlan.hotspot.radius)> Show

    13-208 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.hotspot.radius)> show Description: Displays the RADIUS server information for each hotspot. Syntax: show radius Displays the RADIUS information for the WLAN with the index <idx> ( <idx> Example admin(network.wlan.hotspot.radius)> show radius 1 Primary Server Ip adr : 127.0.0.1 Primary Server Port...
  • Page 483: Ws2000> Admin(Network.wlan.hotspot.radius)> Set

    13-209 Command Line Interface Reference WS2000> admin(network.wlan.hotspot.radius)> set Description: Configures the RADIUS server information for hotspots for each WLAN. Syntax: server Sets the IP address <ipadr> of the RADIUS server <idx> <srvr_type> <ipadr> for the WLAN with index <idx> ( ).
  • Page 484 13-210 WS2000 Wireless Switch System Reference Guide Secondary Server Secret : ****** Accounting Mode : enable Accounting Timeout : 90 Accounting Retry-count...
  • Page 485: Network Wlan Hotstpot White-List Commands

    13-211 Command Line Interface Reference 13.39 Network WLAN Hotstpot White-list Commands WS2000> admin(network.wlan.hotspot)> white-list Description: Displays the White-list submenu. White-list is a list of devices that can use the hotspot. The items available under this command are shown below. Adds hotspot white-list entries. clear Clears the hotspot white-list entries.
  • Page 486: Ws2000> Admin(Network.wlan.hotspot.white-List)> Add

    13-212 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.hotspot.white-list)> add Description: Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot. Syntax: add rule Adds an IP entry <ipadr> to the White-list for the WLAN <wlan_idx>...
  • Page 487: Ws2000> Admin(Network.wlan.hotspot.white-List)> Clear

    13-213 Command Line Interface Reference WS2000> admin(network.wlan.hotspot.white-list)> clear Description: Clears or deletes the WLAN hotspot white-list entries. Syntax: clear rule Clears all the hotspot white-list entries. Clears all the hotspot white-list entries for the WLAN <wlan_idx> all specified by the <wlan_idx> ( ) value.
  • Page 488: Ws2000> Admin(Network.wlan.hotspot.white-List)> Show

    13-214 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.hotspot.white-list)> show Description: Displays the WLAN hotspot white-list entries. Syntax: show white-rule Displays the hotspot white-list for the WLAN with the index <idx> ( <idx> Example: admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ----------------------------------------------------------------------------- IP Address -----------------------------------------------------------------------------...
  • Page 489: Network Wlan Wlan Ip Fiter Policy Commands

    13-215 Command Line Interface Reference 13.40 Network WLAN WLAN IP Fiter Policy Commands WS2000> admin(network.wlan)> wlanipfpolicy Description: Displays the WLAN IP Filter Policy submenu. The items available under this command are shown below. Sets the WLAN IP Filter Policy configurations. Adds entries to the WLAN IP Filter table.
  • Page 490: Ws2000> Admin(Network.wlan.wlanipfpolicy)> Set

    13-216 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.wlanipfpolicy)> set Description: Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu. Syntax: set ipf-mode Sets the IP filter mode <ipf-mode> ( <wlan-idx>...
  • Page 491: Ws2000> Admin(Network.wlan.wlanipfpolicy)> Add

    13-217 Command Line Interface Reference WS2000> admin(network.wlan.wlanipfpolicy)> add Description: Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu. Syntax: <wlan-idx> <filter-name> <direction> <action> Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be added to the WLAN specified by the <wlan-idx>...
  • Page 492: Ws2000> Admin(Network.wlan.wlanipfpolicy)> Del

    13-218 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wlan.wlanipfpolicy)> del Description: Deletes a entry from the IP Filter association table. Syntax: delete Deletes an IP Filter association table entry. The WLAN is specified <wlan-idx> all/<index> by the <wlan-idx> ( ). <index> indicates the filter to delete. is used to delete all entries from the IP Filter association table.
  • Page 493: Ws2000> Admin(Network.wlan.wlanipfpolicy)> Show

    13-219 Command Line Interface Reference WS2000> admin(network.wlan.wlanipfpolicy)> show Description: Displays the contents of the IP Filter association table. Syntax: show Displays the IP filter association table for the WLAN with the index <wlan- <wlan-idx> idx> ( Example: admin(network.wlan.wlanipfpolicy)> show 1 ----------------------------------------------------------------------------- Filter-Name Direction...
  • Page 494: Network Port Commands

    13-220 WS2000 Wireless Switch System Reference Guide 13.41 Network Port Commands WS2000>admin(network)> port Description: Displays the port configuration submenu. The items available under this command are shown below. show Shows the port configuration information. Sets the port configuration save Saves the configuration to system flash. quit Quits the CLI.
  • Page 495: Ws2000> Admin(Network.port)> Set

    13-221 Command Line Interface Reference WS2000> admin(network.port)> set Description: Sets the port configuration parameters. Syntax: set auto- Enables or disables auto negotiation. When enabled, the <idx> <auto- negotiation> negotiation port negotiates the speed and the duplex type. <auto- negotiation> can be one of .
  • Page 496: Ws2000> Admin(Network.port)> Show

    13-222 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.port)> show Description: Displays the port configuration parameters. Syntax: show Displays the port configuration information for the port <idx> ( <idx> port1-port6, Example: admin(network.port)> show port1 auto-negotiation : enable speed : 100M duplex : full...
  • Page 497: Network Ip Filter Commands

    13-223 Command Line Interface Reference 13.42 Network IP Filter Commands WS2000>admin(network)> ipfilter Description: Displays the IP Filter submenu. IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP Address or as a default rule for all IPs in a given direction.
  • Page 498: Ws2000> Admin(Network.ipfilter)> Set

    13-224 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.ipfilter)> set Description: Adds an entry into the global IP Filter table. Syntax: <filter-name> <protocol> <port> <start- <end- <start- <end-dest- src- src- dest- address> address> address> address> Adds an IP Filter with <filter-name> to the IP Filter table. <protocol>...
  • Page 499: Ws2000> Admin(Network.ipfilter)> Del

    13-225 Command Line Interface Reference WS2000> admin(network.ipfilter)> del Description: Deletes an entry from the global IP Filter table. Syntax: Deletes the global IP Filter table entry at <index>. <index> Deletes all entries of the global IP Filter table. Example: admin(network.ipfilter)> del 3 admin(network.ipfilter)>...
  • Page 500: Ws2000> Admin(Network.ipfilter)> Show

    13-226 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.ipfilter)> show Description: Displays the global IP Filter table. Syntax: show Shows the global IP FIlter table. Example: admin(network.ipfilter)> show ------------------------------------------------------------------------------ Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------------ allow_tcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow_udp 0.0.0.0 0.0.0.0...
  • Page 501: Network Wips Command

    13-227 Command Line Interface Reference 13.43 Network WIPS Command WS2000>admin(network)> wips Description: Displays the Wireless Intrusion Protection System (WIPS) submenu. The items available under this command are shown below. Sets WIPS parameters. show Displays WIPS parameters list Lists the APs and Sensors discovered. convert Converts APs to dedicated WIPS sensors revert...
  • Page 502: Ws2000> Admin(Network.wips)> Set

    13-228 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wips)> set Description: Enables or disables WIPS. Syntax: mode Enables or disables WIPS. enable/ disable Example: admin(network.wips)> set mode enable admin(network.wips)> show mode State : enable...
  • Page 503: Ws2000> Admin(Network.wips)> Show

    13-229 Command Line Interface Reference WS2000> admin(network.wips)> show Description: Displays the WIPS parameters. Syntax: show mode Displays the enable state of WIPS. Example: admin(network.wips)> show mode State : enable...
  • Page 504: Ws2000> Admin(Network.wips)> List

    13-230 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wips)> list Description: Lists the adopted APs and detected sensors for WIPS. Syntax: list sensors Lists the sensor APs Lists the discovered APs Example: admin(network.wips)> list sensors ----------------------------------------------------------------------------- Sensor MAC IP address ----------------------------------------------------------------------------- 00a0f8bf8a70 192.168.0.167...
  • Page 505: Ws2000> Admin(Network.wips)> Convert

    13-231 Command Line Interface Reference WS2000> admin(network.wips)> convert Description: Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300. Syntax: convert Converts the list of AP represented by their MAC addresses <mac1> <mac1> <mac2> ...
  • Page 506: Ws2000> Admin(Network.wips)> Revert

    13-232 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wips)> revert Description: Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300. Syntax: revert Converts the list of Sensors represented by their MAC addresses <mac1> <mac2> ...
  • Page 507: Ws2000> Admin(Network.wips)> Update

    13-233 Command Line Interface Reference WS2000> admin(network.wips)> update Description: Sends configuration information to dedicated sensor devices. Syntax: update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> <swips> Sends the configuration information to the sensor device, where: • <mac> is the MAC address of the sensor device. •...
  • Page 508: Network Wips Default Commands

    13-234 WS2000 Wireless Switch System Reference Guide 13.44 Network WIPS Default commands WS2000> admin(network.wips)> default Description: Goes to the WIPS default configuration menu. The items available under this command are shown below. show Shows the WIPS default configuration information. Sets the Sensor default configuration for WIPS. save Saves the configuration to system flash.
  • Page 509: Ws2000> Admin(Network.wips)> Set

    13-235 Command Line Interface Reference WS2000> admin(network.wips)> set Description: Sets the default WIPS configuration information. These settings are used when WIPS configurations are not changed. Syntax: mode Sets the default mode to enable/ enable disable. disable ipaddr Sets the IP address to <a.b.c.d> for the WIPS sensor <a.b.c.d>...
  • Page 510: Ws2000> Admin(Network.wips)> Show

    13-236 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wips)> show Description: Displays the default WIPS configuration. Syntax: show Displays the default WIPS configuration values. Example: admin(network.wips.default)> show DHCP Mode : client IP Address : 192.168.0.10 IP Mask : 255.255.255.0 Default Gateway : 192.168.0.1 Primary WIPS Server : 192.168.0.20...
  • Page 511: Network Wids Commands

    13-237 Command Line Interface Reference 13.45 Network WIDS Commands WS2000>admin(network)> Description: Displays the Wireless Intrusion Detection System (WIDS) commands. The items available under this command are shown below. show Shows system status and statistics. Goes to the RF statistics submenu. save Saves the configuration to system flash.
  • Page 512: Ws2000> Admin(Network.wips)> Set

    13-238 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wips)> set Description: Sets the WIDPS parameters. Syntax: set mode WIDS enable/ Enables disables disable detect- Sets the duration for which WIDS <detect window information is collected. Once collected, window> the information is sent for analysis. anomaly mode the detection of...
  • Page 513 13-239 Command Line Interface Reference excess- threshold Sets the MU violation <violation-type> <violati <thres on-type> hold> threshold value to <threshold> ( 0-65535 seconds. <violation-type> can be: • - all the excess operations • - excess probe requests probe-req • - excess 802.11 auth-assoc-req authorization and authentication requests •...
  • Page 514 13-240 WS2000 Wireless Switch System Reference Guide Sets the switch violation <violation-type> switch <violati <thres on-type> hold> threshold value to <threshold> ( 0-65535 seconds. <violation-type> can be: • - all the excess operations • - excess probe requests probe-req • - excess 802.11 auth-assoc-req authorization and authentication requests...
  • Page 515 13-241 Command Line Interface Reference WIDS feature is : Enabled Detect Window : 10 (Secs) Excessive Operations :: Threshold (0 == disabled) Filter-Ageout (Secs) -------------------- radio switch probe-req auth-assoc-req deauth-disassoc-req auth-fails crypto-replay-fails 80211-replay-fails decrypt-fails unassoc-frames eap-starts Anomaly Analysis Status Filter-Ageout (Secs) ---------------- null-dst enabled...
  • Page 516: Ws2000> Admin(Network.wips)> Show

    13-242 WS2000 Wireless Switch System Reference Guide WS2000> admin(network.wips)> show Description: Displays the default WIDS configuration information Syntax: show wids Displays the default WIDS configuration values. filter Displays the filter configuration values. Example: admin(network.wids)> show wids WIDS feature is : Enabled Detect Window : 10 (Secs) Excessive Operations ::...
  • Page 517: Status And Statistics Commands

    13-243 Command Line Interface Reference 13.46 Status and Statistics Commands WS2000>admin> stats Description: Displays statistics and status for different switch entities. The items available under this command are shown below. show Shows system status and statistics. Goes to the RF statistics submenu. save Saves the configuration to system flash.
  • Page 518: Ws2000>Admin(Stats)> Show

    13-244 WS2000 Wireless Switch System Reference Guide WS2000>admin(stats)> show Description: Displays the system status and statistics for either the specified subnet or the WAN. Syntax: show leases Show the leases issued by the switch. subnet Shows subnet status, where <idx> is the index number of the subnet (LAN) to <idx>...
  • Page 519 13-245 Command Line Interface Reference WAN Interface Information wan interface 1 : enable ip address 1 : 192.168.24.198 wan interface 2 : disable ip address 2 : 192.168.24.198 wan interface 3 : disable ip address 3 : 192.168.24.198 wan interface 4 : disable ip address 4 : 192.168.24.198 wan interface 5 : disable ip address 5 : 192.168.24.198...
  • Page 520: Statistics Rf Commands

    13-246 WS2000 Wireless Switch System Reference Guide 13.47 Statistics RF Commands WS2000>admin(stats)> rf Description: Displays the RF statistics submenu. The items available under this command are shown below. show Shows RF statistics. reset Resets/clears all RF statistics. save Saves the configuration to system flash. quit Quits the CLI.
  • Page 521: Ws2000>Admin(Stats.rf)> Reset

    13-247 Command Line Interface Reference WS2000>admin(stats.rf)> reset Description: Resets/clears all RF statistics. Syntax: reset Resets RF statistics. Example: admin(stats.rf)>reset...
  • Page 522: Ws2000>Admin(Stats.rf)> Show

    13-248 WS2000 Wireless Switch System Reference Guide WS2000>admin(stats.rf)> show Description: Shows radio frequency (RF) statistics. Syntax: show wlan Shows all WLAN status. Shows all Access Port status. Shows all mobile unit (MU) status. mesh- Shows all mesh-base statistics base mesh- Shows all mesh-client statistics client wlan...
  • Page 523 13-249 Command Line Interface Reference Number of Associated MUs Packets per second : 0.00 pps Throughput : 0.00 Mbps Average Bit Speed : 0.00 Mbps Non-Unicast Packets : 0.00 % Signal : 0.0 dBm Noise : 0.0 dBm Signal-to-Noise : 0.0 dBm Average Number of Retries : 0.00 Retries Dropped Packets...
  • Page 524 13-250 WS2000 Wireless Switch System Reference Guide ap index : 12 ap status : not connected admin(stats.rf)>show ap 2 example Name : AP2 Location Radio Type : 802.11 B Current Channel Adopted By : WLAN1 Number of Associated Mus Packets per second : 0.13 pps Throughput : 0.00 Mbps...
  • Page 525: System Commands

    13-251 Command Line Interface Reference 13.48 System Commands WS2000>admin)> system Description: Displays the system submenu. The items available under this command are shown below. lastpw Displays the last debug password. exec Execute a linux command. config Goes to the config submenu. logs Goes to the logs submenu.
  • Page 526: Ws2000>Admin(System)> Lastpw

    13-252 WS2000 Wireless Switch System Reference Guide WS2000>admin(system)> lastpw Description: This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid.
  • Page 527: Ws2000>Admin(System)> Exec

    13-253 Command Line Interface Reference WS2000>admin(system)> exec Description: Executes a linux command Syntax: exec Executes a linux command Example: admin(system)> exec df -h /mnt Filesystem Size Used Avail Use% Mounted on automount(pid153) /mnt...
  • Page 528: System Authentication Commands

    13-254 WS2000 Wireless Switch System Reference Guide 13.49 System Authentication Commands WS2000>admin(system)> authentication Description: Displays the authentication submenu. The items available under this command are shown below. radius Goes to the RADIUS submenu. Sets the mode. show Shows the authentication parameters. save Saves the configuration to system flash.
  • Page 529: Ws2000>Admin(System.authentication)> Set

    13-255 Command Line Interface Reference WS2000>admin(system.authentication)> set Description: Sets the parameter that specifies how user authentication is taking place. Syntax: set mode Sets the authentication mode. If set to , the internal User Database will local local serve as the data source. If set to , the switch will use an external radius radius...
  • Page 530: Ws2000>Admin(System.authentication)> Show

    13-256 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication)> show Description: Shows the main user authentication parameters. Syntax: show Displays the user authentication settings. Example: set mode local admin(system.authentication)> show all admin(system.authentication)> authentication mode : local radius user location and type : radius admin(system.authentication)>...
  • Page 531: System Authentication Radius Commands

    13-257 Command Line Interface Reference 13.50 System Authentication RADIUS Commands WS2000>admin(system.authentication)> radius Description: Displays the RADIUS submenu. The items available under this command are shown below. Sets the RADIUS authentication parameters. show Shows the RADIUS authentication parameters. save Saves the configuration to system flash. Goes to the parent menu.
  • Page 532: Ws2000>Admin(System.authentication.radius)> Set

    13-258 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication.radius)> set Description: Sets the RADIUS proxy server authentication parameters. Syntax: set auth-server-ip Sets the IP address for the RADIUS authentication proxy server. <IP> auth-server- Specifies the TCP/IP port number for the RADIUS server that will be <port>...
  • Page 533: Ws2000>Admin(System.authentication.radius)> Show

    13-259 Command Line Interface Reference WS2000>admin(system.authentication.radius)> show Description: Shows the RADIUS authentication parameters. Syntax: show Displays the RADIUS proxy server parameters. Example: set auth-server-ip 192.168.0.4 admin(system.authentication.radius)> set auth-server-port 1812 admin(system.authentication.radius)> set shared mysecret admin(system.authentication.radius)> show all admin(system.authentication.radius)> radius server ip : 192.168.0.4 radius server port : 1812...
  • Page 534: System Configuration Commands

    13-260 WS2000 Wireless Switch System Reference Guide 13.51 System Configuration Commands WS2000>admin(system)> config Description: Displays the config submenu. Syntax: default Restores default configuration. export Exports configuration from the system. import Imports configuration to the system. partial Restores partial default configuration. Sets import/export parameters.
  • Page 535: Ws2000>Admin(System.config)> Default

    13-261 Command Line Interface Reference WS2000>admin(system.config)> default Description: Restores the factory default configuration. Syntax: default Restores the switch to the original (factory default) configuration. Example: admin(system.config)>default ****************************************************************************** System will now restore default configuration. You will need to set the country code for correct operation. ******************************************************************************...
  • Page 536: Ws2000>Admin(System.config)> Export

    13-262 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> export Description: Exports the configuration from the system. Syntax: export ftp Exports the configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. tftp Exports the configuration to the TFTP server.
  • Page 537 13-263 Command Line Interface Reference set email fred@symbol.com set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable set applet slan enable set applet swan enable set cli lan enable set cli wan enable set snmp lan enable set snmp wan enable system...
  • Page 538: Ws2000>Admin(System.config)> Import

    13-264 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> import Description: Imports the configuration to the system. Syntax: import ftp Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. tftp Imports the configuration from the TFTP server. Use the set command to set the server and file.
  • Page 539: Ws2000>Admin(System.config)> Partial

    13-265 Command Line Interface Reference WS2000>admin(system.config)> partial Description: Resets the switch's configuration to the factory default settings for all settings except the WAN and some SNMP related settings. The following settings will remain intact when using Restore Partial Default Configuration: •...
  • Page 540: Ws2000>Admin(System.config)> Set

    13-266 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> set Description: Sets the import/export parameters. Syntax: set server Sets the FTP/TFTP server IP address (a.b.c.d). <ipaddress > user Sets the FTP user name (up to 47 characters). <username> passwd Sets the FTP password (up to 39 characters). <pswd>...
  • Page 541: Ws2000>Admin(System.config)> Show

    13-267 Command Line Interface Reference WS2000>admin(system.config)> show Description: Shows the import/export parameters. Syntax: show Shows all import/export parameters. Example: admin(system.config)> show all ftp/tftp server ip address : 157.235.208.196 ftp user name : admin ftp password : ******** cfg filename : v23.26b.bin config filepath : /home/ftp/admin/2k/ firmware filepath...
  • Page 542: Ws2000>Admin(System.config)> Update

    13-268 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.config)> update Description: Performs a firmware update. Syntax: update Sets how firmware updates will occur. Select between <iface> tftp tftp <iface> specifies the interface (location), as follows: s1 = subnet1 s2 = subnet2 s3 = subnet3 s4 = subnet4 w = wan...
  • Page 543: Ws2000> Admin(System.config)> Loadtocf

    13-269 Command Line Interface Reference WS2000> admin(system.config)> loadtocf Description: This command loads and updates the firmware to the CF card. This is used for dual boot. Syntax: loadtoc Loads the image to the CF card. The <image-type> ( ) is <image- primary, secondary type>...
  • Page 544: System Logs Commands

    13-270 WS2000 Wireless Switch System Reference Guide 13.52 System Logs Commands WS2000>admin(system)> logs Description: Displays the logs submenu. Syntax: delete Deletes core files. Sets log options and parameters. send Sends log and core files. show Shows logging options. view Views system log. save Saves configuration to system flash.
  • Page 545: Ws2000>Admin(System.logs)> Delete

    13-271 Command Line Interface Reference WS2000>admin(system.logs)> delete Description: Deletes the core log files. Syntax: delete Deletes the core system log files. Example: admin(system.logs)>delete...
  • Page 546: Ws2000>Admin(System.logs)> Send

    13-272 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> send Description: Sends log and core files. Syntax: send Sends the system log file via FTP to a location specified with the set command. Use the set command to set the FTP login and site information. Example: admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness...
  • Page 547: Ws2000>Admin(System.logs)> Set

    13-273 Command Line Interface Reference WS2000>admin(system.logs)> set Description: Sets log options and parameters. Syntax: ipadr Sets the external syslog server IP address to <ip> (a.b.c.d). <ip> level Sets the level of the events that will be logged. All event with a level <level>...
  • Page 548: Ws2000>Admin(System.logs)> Show

    13-274 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.logs)> show Description: Shows logging options. Syntax: show Displays all of the logging options. Example: admin(system.logs)>set user user1 admin(system.logs)>set passwd hello admin(system.logs)>show all log level : L4 Warning ext syslog server logging : enable syslog server logging on CF : disable ext syslog server ip address...
  • Page 549: Ws2000>Admin(System.logs)> View

    13-275 Command Line Interface Reference WS2000>admin(system.logs)> view Description: Views the system log file. Syntax: view Views the system log file. Example: admin(system.logs)>view 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance 7 16:15:43 (none) last message repeated 2 times 7 16:16:01 (none) CC: 4:16pm...
  • Page 550: System Ntp Commands

    13-276 WS2000 Wireless Switch System Reference Guide 13.53 System NTP Commands WS2000>admin(system)> ntp Description: Displays the NTP submenu. Syntax: show Shows NTP parameters settings. Sets NTP parameters. date-zone Shows the date, time and time zone zone-list Shows the list of time zones save Saves the configuration to system flash.
  • Page 551: Ws2000>Admin(System.ntp)> Set

    13-277 Command Line Interface Reference WS2000>admin(system.ntp)> set Description: Sets NTP parameters. Syntax: set mode Enables or disables NTP. enable disable intrvl <time> Sets the length of time <time>, in minutes, for the switch to synchronize its time with an NTP server. server Sets the NTP server IP address <ip>...
  • Page 552: Ws2000>Admin(System.ntp)> Show

    13-278 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.ntp)> show Description: Shows NTP parameters. Syntax: show Shows all NTP server settings. Example: admin(system.ntp)>show all ntp mode : enable server ip 1 : 114.233.112.4 server ip 2 : 0.0.0.0 server ip 3 : 0.0.0.0 server port 1 : 123...
  • Page 553: Ws2000>Admin(System.ntp)> Date-Zone

    13-279 Command Line Interface Reference WS2000>admin(system.ntp)> date-zone Description: Shows the WS2000 date, time and time zone. Syntax: date-zone Shows the device’s date, time and time zone Example: admin(system.ntp)> date-zone Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST Time Zone : Asia/Calcutta admin(system.ntp)>...
  • Page 554: Ws2000>Admin(System.ntp)> Zone-List

    13-280 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.ntp)> zone-list Description: Displays the different time zones. Syntax: zone-list Displays the time zones list. Example: admin(system.ntp)>zone-list ---------------------------------------------- Index | TimeZone ---------------------------------------------- | Africa/Abidjan | Africa/Accra | Africa/Addis_Ababa | Africa/Algiers | Africa/Asmera | Africa/Bamako | Africa/Bangui | Africa/Banjul | Africa/Bissau...
  • Page 555: System Radius Commands

    13-281 Command Line Interface Reference 13.54 System RADIUS Commands WS2000>admin(system)> radius Description: Displays the RADIUS submenu. The items available under this command are shown below. Goes to the EAP submenu. policy Goes to the access policy submenu. ldap Goes to the LDAP submenu. proxy Goes to the proxy submenu.
  • Page 556: Ws2000>Admin(System.radius)> Set

    13-282 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius)> set Description: Sets the RADIUS database. Syntax: database local ldap Sets the RADIUS server to either the local database or an LDAP server. Example: set database ldap admin(system.radius)> show all admin(system.radius)> Database : ldap Related Commands: show all...
  • Page 557: Ws2000>Admin(System.radius)> Show

    13-283 Command Line Interface Reference WS2000>admin(system.radius)> show Description: Shows the RADIUS parameters. Syntax: show Displays the RADIUS database setting. Example: set database ldap admin(system.radius)> show all admin(system.radius)> Database : ldap Related Commands: Sets the RADIUS database source.
  • Page 558: System Radius Client Commands

    13-284 WS2000 Wireless Switch System Reference Guide 13.55 System RADIUS Client Commands WS2000>admin(system.radius)> client Description: Displays the client submenu. The items available under this command are shown below. Adds a RADIUS client. Deletes a RADIUS client. show Displays a list of configured clients. save Saves the configuration to system flash.
  • Page 559: Ws2000>Admin(System.radius.client)> Add

    13-285 Command Line Interface Reference WS2000>admin(system.radius.client)> add Description: Adds a RADIUS client. Syntax: Adds a RADIUS client with IP address <ip>, netmask <mask>, and <ip> <mask> <secret > shared secret <secret>. Example: add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)> show admin(system.radius.client)> List of Radius Clients ------------------------------------------------------------------------------ Subnet/Host Netmask...
  • Page 560: Ws2000>Admin(System.radius.client)> Del

    13-286 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.client)> del Description: Deletes a RADIUS client. Syntax: Deletes the RADIUS client with IP address <ip>. <ip> Example: show admin(system.radius.client)> List of Radius Clients ------------------------------------------------------------------------------ Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------------ 192.168.46.4 225.225.225.0 ****** 192.168.101.43 225.225.225.0 ****** del 192.168.46.4...
  • Page 561: Ws2000>Admin(System.radius.client)> Show

    13-287 Command Line Interface Reference WS2000>admin(system.radius.client)> show Description: Displays a list of configured clients. Syntax: show Displays the list of RADIUS clients. Example: show admin(system.radius.client)> List of Radius Clients ------------------------------------------------------------------------------ Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------------ 192.168.46.4 225.225.225.0 ****** 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)>...
  • Page 562: System Radius Eap Commands

    13-288 WS2000 Wireless Switch System Reference Guide 13.56 System RADIUS EAP Commands WS2000>admin(system.radius)> eap Description: Displays the EAP submenu. The items available under this command are shown below. peap Goes to the PEAP submenu. ttls Goes to the TTLS submenu. import Imports the EAP certificates.
  • Page 563: Ws2000>Admin(System.radius.eap)> Import

    13-289 Command Line Interface Reference WS2000>admin(system.radius.eap)> import Description: Imports the EAP certificates. Syntax: import server Imports a server certificate with the certificate ID <cert id>. <cert id> cacert Imports a Trusted Certificate with certificate ID <cert id>. <cert id> Example: import server mycert admin(system.radius.eap)>...
  • Page 564: Ws2000>Admin(System.radius.eap)> Set

    13-290 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap)> set Description: Sets the EAP parameters. Syntax: set auth Sets the default authorization type to one of . When selected, peap ttls PEAP TTLS go to the submenu associated with the selection to finish the setup. Example: set auth peap admin(system.radius.eap)>...
  • Page 565: Ws2000>Admin(System.radius.eap)> Show

    13-291 Command Line Interface Reference WS2000>admin(system.radius.eap)> show Description: Shows the EAP parameters. Syntax: show Displays the default EAP authentication settings. cert Displays a list of certificates. Example: set auth peap admin(system.radius.eap)> show all admin(system.radius.eap)> Default EAP Type : peap Related Commands: Sets the EAP parameters.
  • Page 566: System Radius Eap Peap Commands

    13-292 WS2000 Wireless Switch System Reference Guide 13.57 System RADIUS EAP PEAP Commands WS2000>admin(system.radius.eap)> peap Description: Displays the PEAP submenu. The items available under this command are shown below. Sets the PEAP authentication type. show Shows the PEAP authentication type. save Saves the configuration to system flash.
  • Page 567: Ws2000>Admin(System.radius.eap.peap)> Set

    13-293 Command Line Interface Reference WS2000>admin(system.radius.eap.peap)> set Description: Sets the PEAP authentication type. Syntax: set auth mschapv2 Sets the authentication type for PEAP to one of MTCHAPv2 Example: set auth gtc admin(system.radius.eap.peap)> show admin(system.radius.eap.peap)> PEAP Auth Type : gtc Related Commands: show Displays the PEAP authentication type.
  • Page 568: Ws2000>Admin(System.radius.eap.peap)> Show

    13-294 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap.peap)> show Description: Shows the PEAP authentication type. Syntax: show Displays the PEAP authentication type. Example: set auth gtc admin(system.radius.eap.peap)> show admin(system.radius.eap.peap)> PEAP Auth Type : gtc Related Commands: Sets the PEAP authentication type.
  • Page 569: System Radius Eap Ttls Commands

    13-295 Command Line Interface Reference 13.58 System RADIUS EAP TTLS Commands WS2000>admin(system.radius.eap)> ttls Description: Displays the TTLS submenu. The items available under this command are shown below. Sets the TTLS authentication type. show Shows the TTLS authentication type. save Saves the configuration to system flash. quit Quits the CLI.
  • Page 570: Ws2000>Admin(System.radius.eap.ttls)> Set

    13-296 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.eap.ttls)> set Description: Sets the TTLS authentication type. Syntax: set auth Sets the authentication type for TTLS to one of , or MSCHAPv2 mschapv2 Example: set auth md5 admin(system.radius.eap.ttls)> show admin(system.radius.eap.ttls)> TTLS Auth Type : md5 Related Commands: show...
  • Page 571: Ws2000>Admin(System.radius.eap.ttls)> Show

    13-297 Command Line Interface Reference WS2000>admin(system.radius.eap.ttls)> show Description: Shows the TTLS authentication type. Syntax: show Displays the TTLS authentication type. Example: set auth md5 admin(system.radius.eap.ttls)> show admin(system.radius.eap.ttls)> TTLS Auth Type : md5 Related Commands: Sets the TTLS authentication type.
  • Page 572: System Radius Ldap Commands

    13-298 WS2000 Wireless Switch System Reference Guide 13.59 System RADIUS LDAP Commands WS2000>admin(system.radius)> ldap Description: Displays the LDAP submenu. The items available under this command are shown below. Sets the LDAP parameters. show Shows the LDAP parameters. save Saves the configuration to system flash. quit Quits the CLI.
  • Page 573: Ws2000>Admin(System.radius.ldap)> Set

    13-299 Command Line Interface Reference WS2000>admin(system.radius.ldap)> set Description: Sets the LDAP parameters. Syntax: set ipadr Sets LDAP server IP address to <ip>. <ip> domain Sets LDAP domain name. Use when using LDAPS or AD agent <domain> port Sets LDAP server port to <port>. <port>...
  • Page 574: Ws2000>Admin(System.radius.ldap)> Show

    13-300 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.ldap)> show Description: Shows the LDAP parameters. Syntax: show Displays the list of LDAP parameters. Example: set ipadr 192.168.42.23 admin(system.radius.ldap)> set port 356 admin(system.radius.ldap)> show all admin(system.radius.ldap)> LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj...
  • Page 575: Ws2000>Admin(System.radius.ldap)> Import

    13-301 Command Line Interface Reference WS2000>admin(system.radius.ldap)> import Description: Imports Secure LDAP certificates. Syntax: import client Imports self certificate <cert-id> <cert-id> cacert Imports the trusted certificate authority certificate <cert-id> <cert-id> Example: admin(system.radius.ldap)> import client LdapClient admin(system.radius.ldap)> import cacert LdapTrusted...
  • Page 576: Ws2000> Admin(System.radius.ldap)> Join

    13-302 WS2000 Wireless Switch System Reference Guide WS2000> admin(system.radius.ldap)> join Description: Joins the device to the A D domain. Syntax: join Joins the WS2000 to the A D domain Example: admin(system.radius.ldap)> join...
  • Page 577: System Radius Policy Commands

    13-303 Command Line Interface Reference 13.60 System RADIUS Policy Commands WS2000>admin(system.radius)> policy Description: Displays the policy submenu. The items available under this command are shown below. Sets the group’s access policy. show Shows the group’s access policy. save Saves the configuration to system flash. quit Quits the CLI.
  • Page 578: Ws2000>Admin(System.radius.policy)> Set

    13-304 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.policy)> set Description: Sets the group’s access to WLANs. Syntax: Gives group <group> access to WLAN with a list of indexes <idx list>. The <group> <idx list> list can be either a single index or several indexes separated by spaces. The group must be already defined.
  • Page 579: Ws2000>Admin(System.radius.policy)> Show

    13-305 Command Line Interface Reference WS2000>admin(system.radius.policy)> show Description: Shows the group’s access policy. Syntax: show Displays the group access settings. Example: set g1 2 3 4 admin(system.radius.policy)> show admin(system.radius.policy)> List of Access Policies : 2 3 4 : No Wlans Related Commands: Sets the group WLAN access settings.
  • Page 580: System Radius Proxy Commands

    13-306 WS2000 Wireless Switch System Reference Guide 13.61 System RADIUS Proxy Commands WS2000>admin(system.radius)> proxy Description: Displays the proxy submenu. The items available under this command are shown below. Adds a proxy realm. Deletes a proxy realm. clearall Removes all proxy server records. Sets the proxy server parameters.
  • Page 581: Ws2000>Admin(System.radius.proxy)> Add

    13-307 Command Line Interface Reference WS2000>admin(system.radius.proxy)> add Description: Adds a proxy realm. Syntax: Add a proxy realm with realm name <realm>, RADIUS server <realm> <ip> <port> <secret> IP address <ip>, port <port>, and shared secret <secret>. Example: add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>...
  • Page 582: Ws2000>Admin(System.radius.proxy)> Del

    13-308 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.proxy)> del Description: Deletes a proxy realm. Syntax: Deletes a proxy server realm with name <realm>. <realm> Example: add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)> show realm admin(system.radius.proxy)> Proxy Realms ------------------------------------------------------------------------------ Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------------ realm1...
  • Page 583: Ws2000>Admin(System.radius.proxy)> Clearall

    13-309 Command Line Interface Reference WS2000>admin(system.radius.proxy)> clearall Description: Clears all the proxy server records. Syntax: clearall Clears all proxy server records Example: admin(system.radius.proxy)> clearall...
  • Page 584: Ws2000>Admin(System.radius.proxy)> Set

    13-310 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius.proxy)> set Description: Sets the proxy server parameters. Syntax: delay Sets the retry delay of the proxy server to <delay> minute ( – <delay> count Sets the retry count of the proxy server to <count> ( –...
  • Page 585: Ws2000>Admin(System.radius.proxy)> Show

    13-311 Command Line Interface Reference WS2000>admin(system.radius.proxy)> show Description: Shows the proxy server parameters. Syntax: show proxy Displays the proxy server parameters. realms Displays proxy server realm information. Example: add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)> show realm admin(system.radius.proxy)> Proxy Realms ------------------------------------------------------------------------------ Suffix RadiusServerIP Port...
  • Page 586: System Redundancy Commands

    13-312 WS2000 Wireless Switch System Reference Guide 13.62 System Redundancy Commands WS2000>admin(system)> redundancy Description: Displays the redundancy submenu. The items available under this command are shown below. Sets redundancy parameters. show Shows redundancy settings. save Saves the configuration to system flash. quit Quits the CLI.
  • Page 587: Ws2000>Admin(System.redundancy)> Set

    13-313 Command Line Interface Reference WS2000>admin(system.redundancy)> set Description: Sets the parameters for redundant switch mode. Syntax: set mode Tells the switch that it is either the (standby) primary primary secondary switch when redundancy is enabled. This parameter can only be set if standby parameter is set to op-state...
  • Page 588: Ws2000>Admin(System.redundancy)> Show

    13-314 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.redundancy)> show Description: Displays the switch redundancy settings. Syntax: show Displays the switch redundancy settings. Example: show all admin(system.redundancy)> redundancy configured mode : primary redundancy operational mode : VRRP daemon not running redundancy operational state : standalone heart beat interval : 3 seconds...
  • Page 589: System Snmp Commands

    13-315 Command Line Interface Reference 13.63 System SNMP Commands WS2000>admin(system)> snmp Description: Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu. save Saves the configuration to system flash.
  • Page 590: System Snmp Access Commands

    13-316 WS2000 Wireless Switch System Reference Guide 13.64 System SNMP Access Commands WS2000>admin(system.snmp)> access Description: Displays the SNMP access menu. The items available under this command are shown below. Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries. show Shows SNMP v3 engine ID.
  • Page 591: Ws2000>Admin(System.snmp.access)> Add

    13-317 Command Line Interface Reference WS2000>admin(system.snmp.access)> add Description: Adds SNMP access entries. Syntax: add acl Adds an entry to the SNMP access control list with <ip1> as the starting IP <ip1> <ip2> address and <ip2> and the ending IP address. v1v2c <comm>...
  • Page 592 13-318 WS2000 Wireless Switch System Reference Guide admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme des changemetoo admin(system.snmp.access)>list v3 2 index username : judy access permission : read/write object identifier : 1.3.6.1 security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm...
  • Page 593: Ws2000>Admin(System.snmp.access)> Delete

    13-319 Command Line Interface Reference WS2000>admin(system.snmp.access)> delete Description: Deletes SNMP access entries. Syntax: delete Deletes entry <idx> from the access control list. <idx> Deletes all entries from the access control list. v1v2c Deletes entry <idx> from the v1/v2 configuration list. <idx>...
  • Page 594 13-320 WS2000 Wireless Switch System Reference Guide admin(system.snmp.access)>list v3 all index username : fred access permission : read/write object identifier : 1.3.6.6 security level : none auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ******** admin(system.snmp.access)>...
  • Page 595: Ws2000>Admin(System.snmp.access)> List

    13-321 Command Line Interface Reference WS2000>admin(system.snmp.access)> list Description: Lists SNMP access entries. Syntax: list Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration. Lists SNMP v3 user definition with index <idx>. <idx> Lists all SNMP v3 user definitions. Example: admin(system.snmp.access)>list acl ----------------------------------------------------------------...
  • Page 596: Ws2000>Admin(System.snmp.access)> Show

    13-322 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: show Shows the SNMP v3 Engine ID. Example: admin(system.snmp.access)>show eid WS2000 snmp v3 engine id : 0000018457D71CDFF86FD8FC admin(system.snmp.access)>...
  • Page 597: System Snmp Traps Commands

    13-323 Command Line Interface Reference 13.65 System SNMP Traps Commands WS2000>admin(system.snmp)> traps Description: Displays the SNMP traps submenu. The items available under this command are shown below. Adds SNMP trap entries. delete Deletes SNMP trap entries. list Lists SNMP trap entries. Sets SNMP trap parameters.
  • Page 598: Ws2000>Admin(System.snmp.traps)> Add

    13-324 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.traps)> add Description: Adds SNMP trap entries. Syntax: add v1v2 <ip> <port> <comm> Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to <port>, the community string set to <comm> (1 to 31 characters), and the SNMP version set to <ip>...
  • Page 599 13-325 Command Line Interface Reference privacy algorithm : des privacy password : ********...
  • Page 600: Ws2000>Admin(System.snmp.traps)> Delete

    13-326 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: delete v1v2c Deletes entry <idx> from the v1v2c access control list. <idx> Deletes all entries from the v1v2c access control list. Deletes entry <idx> from the v3 access control list. <idx>...
  • Page 601: Ws2000>Admin(System.snmp.traps)> List

    13-327 Command Line Interface Reference WS2000>admin(system.snmp.traps)> list Description: Lists SNMP trap entries. Syntax: list v1v2c Lists SNMP v1/v2c access entries. Lists SNMP v3 access entry <idx>. <idx> Lists all SNMP v3 access entries. Example: admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index...
  • Page 602: Ws2000>Admin(System.snmp.traps)> Set

    13-328 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.snmp.traps)> set Description: Sets SNMP trap parameters. Syntax: set cold Enables/disables the configuration changed enable trap. disable Enables/disables the configuration mode. enable disable lowcf Enables/disables the low compact flash memory enable trap. disable port Enables/disables the physical port status enable...
  • Page 603 13-329 Command Line Interface Reference avg-bps Average bit speed in mbps < <value> 0-108.00 wlan,ap,mu pct-nu % not UNICAST > <value> 0-100.00 wlan,ap,mu avg-signal Negative average signal < <value> 0-100.00 wlan,ap,mu avg-retries Average retries > <value> 0-16.00 wlan,ap,mu pct-dropped % dropped packets > <value> 0-100.00 wlan,ap,mu pct-undecrypt...
  • Page 604 13-330 WS2000 Wireless Switch System Reference Guide min packets required for rate trap: 800 denial of service trap rate limit : 10 admin(system.snmp.traps)>set cold enable admin(system.snmp.traps)>set port enable admin(system.snmp.traps)>set dos-attack enable admin(system.snmp.traps)>set mu-unassoc enable admin(system.snmp.traps)>set ap-radar enable admin(system.snmp.traps)>set min-pkt 1000 admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start...
  • Page 605: Ws2000>Admin(System.snmp.traps)> Show

    13-331 Command Line Interface Reference WS2000>admin(system.snmp.traps)> show Description: Shows SNMP trap parameters. Syntax: show trap Shows SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings. Example: admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start : enable snmp config changed : disable low compact flash memory : disable...
  • Page 606 13-332 WS2000 Wireless Switch System Reference Guide SNMP Switch Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable avg bit speed(Mbps) less than : disable...
  • Page 607: System Ssh Commands

    13-333 Command Line Interface Reference 13.66 System SSH Commands WS2000>admin(system)> ssh Description: Displays the secure shell (SSH) submenu. The items available under this command are shown below. Sets SSH parameters show Shows SSH parameters. save Saves the configuration to system flash. Goes to the parent menu.
  • Page 608: Ws2000>Admin(System.ssh)> Set

    13-334 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.ssh)> set Description: Sets secure shell parameters for system access. Syntax: auth-timeout Sets the maximum time <time> ( – seconds) allowed for SSH authentication t <time> 65535 occur before executing a timeout. inactive-timeout Sets the maximum amount of inactive time <time>...
  • Page 609: Ws2000>Admin(System.ssh)> Show

    13-335 Command Line Interface Reference WS2000>admin(system.ssh)> show Description: Shows secure shell timeout parameters. Syntax: show Display the SSH parameter settings. Example: set auth-timeout 60 admin(system.ssh)> set inactiv 2000 admin(system.ssh)> show all admin(system.ssh)> Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)>...
  • Page 610: System User Database Commands

    13-336 WS2000 Wireless Switch System Reference Guide 13.67 System User Database Commands WS2000>admin(system)> userdb Description: Displays the userdb submenu. The items available under this command are shown below. user Goes to the user submenu. group Goes to the group submenu. save Saves the configuration to system flash.
  • Page 611: System User Database Group Commands

    13-337 Command Line Interface Reference 13.68 System User Database Group Commands WS2000>admin(system.userdb)> group Description: Displays the group submenu. The items available under this command are shown below. create Creates a new group. delete Deletes a group. clearall Deletes all the listed groups Adds a user to a group.
  • Page 612: Ws2000>Admin(System.userdb.group)> Add

    13-338 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> add Description: Adds a user to a group. Syntax: Adds the user specified by <userID> to the group <groupID>. The userID must <userID <groupID > > already be defined in the database. User the command from the (system.userdb.users) menu to add a new user.
  • Page 613: Ws2000>Admin(System.userdb.group)> Create

    13-339 Command Line Interface Reference WS2000>admin(system.userdb.group)> create Description: Creates a new group. Syntax: create Creates a new group with the ID <groupID>. The <groupID> can be an <groupID> alphanumeric string. Example: create g1 admin(system.userdb.group)> create g2 admin(system.userdb.group)> create g3 admin(system.userdb.group)> show groups admin(system.userdb.group)>...
  • Page 614: Ws2000>Admin(System.userdb.group)> Delete

    13-340 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> delete Description: Deletes a group from the database. Syntax: delete Deletes the group named <groupID> from the database. A warning will occur if <groupID> there are still users assigned to that group. Example: show group admin(system.userdb.group)>...
  • Page 615: Ws2000>Admin(System.userdb.group)> Clearall

    13-341 Command Line Interface Reference WS2000>admin(system.userdb.group)> clearall Description: Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is associated to the groups. Syntax: clearall Clears all the groups from the group list. Example: admin(system.userdb.group)>show groups List of Group Names...
  • Page 616: Ws2000>Admin(System.userdb.group)> Remove

    13-342 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> remove Description: Removes a user from a group. Syntax: remove Removes user <userID> from the group <groupID>. <userID> <groupID> Example: remove joe g1 admin(system.userdb.group)> show users g1 admin(system.userdb.group)> List of Users of Group fred admin(system.userdb.group)>...
  • Page 617: Ws2000>Admin(System.userdb.group)> Set

    13-343 Command Line Interface Reference WS2000>admin(system.userdb.group)> set Description: Sets the different group parameters. Syntax: set vlan Sets the vlan id of a group. The value is in the range (1-4094). <group> <vlan-id> start- Sets the time when a user belonging to a group with id <group>...
  • Page 618: Ws2000>Admin(System.userdb.group)> Show

    13-344 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.group)> show Description: Shows the existing groups. Syntax: show groups Displays a list of the defined groups. users Displays a list of users in group <groupID>. <groupID> Example: create g1 admin(system.userdb.group)> create g2 admin(system.userdb.group)>...
  • Page 619 13-345 Command Line Interface Reference Related Commands: create Creates a new group. delete Deletes a group. Sets group parameters...
  • Page 620: System User Database User Commands

    13-346 WS2000 Wireless Switch System Reference Guide 13.69 System User Database User Commands WS2000>admin(system.userdb)> user Description: Displays the user submenu. The items available under this command are shown below. Adds a new user to the database. Deletes a user from the database. clearall Removes all User IDs Sets the password for a user.
  • Page 621: Ws2000>Admin(System.userdb.user)> Add

    13-347 Command Line Interface Reference WS2000>admin(system.userdb.user)> add Description: Adds a new user to the database. Syntax: Adds a user to the database with the ID <userID> and password <userID <password> > <password>. Password is limited to 8 alphanumeric characters. Example: add fred fredpass admin(system.userdb.user)>...
  • Page 622: Ws2000>Admin(System.userdb.user)> Del

    13-348 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user)> del Description: Deletes a user from the database. Syntax: Deletes the user with the ID <userID> from the database. <userID> Example: add fred fredpass admin(system.userdb.user)> add joe joepass admin(system.userdb.user)> add sally sallypa admin(system.userdb.user)>...
  • Page 623: Ws2000>Admin(System.userdb.user)> Clearall

    13-349 Command Line Interface Reference WS2000>admin(system.userdb.user)> clearall Description: Clears all the users from the local database. Syntax: clearall Clears all users from the local database Example: admin(system.userdb.user)> clearall admin(system.userdb.user)> admin(system.userdb.user)> show users entries = 0 List of User Ids Guest User No Users...
  • Page 624: Ws2000>Admin(System.userdb.user)> Set

    13-350 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user)> set Description: Sets the password for a user. Syntax: Resets the password for user with <userID> to <newpassword>. <userID <newpassword> > Example: set fred frednew admin(system.userdb.user)> Related Commands: Adds a new user.
  • Page 625: Ws2000>Admin(System.userdb.user)> Show

    13-351 Command Line Interface Reference WS2000>admin(system.userdb.user)> show Description: Shows a list of users and group membership for a particular user. Syntax: show groups Displays the list of groups that a user with <userID> belongs to. <userID> users Displays a list of all defined users in the database. Example: add fred fredpass admin(system.userdb.user)>...
  • Page 626: System User Database User Guest Commands

    13-352 WS2000 Wireless Switch System Reference Guide 13.70 System User Database User Guest commands WS2000>admin(system.userdb.user)> guest Description: Displays the Guest submenu. The items available under this command are shown below. Sets the parameters for guest users. show Shows the list of guest users clear Clears guest users and guest groups.
  • Page 627: Ws2000>Admin(System.userdb.user.guest)> Set

    13-353 Command Line Interface Reference WS2000>admin(system.userdb.user.guest)> set Description: Sets the parameters for guest users. Syntax: guest-user Adds the guest user <guest-user> to the guest user group <guest- <guest- user> group> <guest-group>. start-date Sets the start date for a guest user. This is the date and <guest- <date- user>...
  • Page 628: Ws2000>Admin(System.userdb.user.guest)> Show

    13-354 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.userdb.user.guest)> show Description: Displays information for guest users and guest user groups. Syntax: show guests Displays the list of guest user groups users Displays the list of guest users. Example: admin(system.userdb.user.guest)> show users Guest Username : guest1 Belongs to Group...
  • Page 629: Ws2000>Admin(System.userdb.user.guest)> Clear

    13-355 Command Line Interface Reference WS2000>admin(system.userdb.user.guest)> clear Description: Clears all guest user and guest user groups from the local database. Syntax: clear guest-group Clears the guest group indicated by <guest-group> <guest-group> guest-user Clears the guest user indicated by <guest-user> <guest-user> Example: admin(system.userdb.user.guest)>...
  • Page 630: System Ws2000 Commands

    13-356 WS2000 Wireless Switch System Reference Guide 13.71 System WS2000 Commands WS2000>admin(system)> ws2000) Description: Displays the WS 2000 submenu. The items available under this command are shown below. Adds an administrative user delete Removes an administrative user restart Restarts the WS 2000 Wireless Switch Sets WS 2000 system parameters.
  • Page 631: Ws2000>Admin(System.ws2000)> Add

    13-357 Command Line Interface Reference WS2000>admin(system.ws2000)> add Description: Adds a device that is allowed administrative access to the switch over WLAN. Syntax: administrator Adds the device specified by <IP> as an administrator for this <IP> device. Example: admin(system.ws2000)> add administrator 192.168.0.10 admin(system.ws2000)>...
  • Page 632: Ws2000>Admin(System.ws2000)> Delete

    13-358 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> delete Description: Removes a device that is allowed administrative access to the switch over WLAN. Syntax: delete administrator Removes the device specified by <IP> administrative access <IP> to the switch over WLAN Removes all devices that are allowed administrative access to the switch over WLAN Example:...
  • Page 633: Ws2000>Admin(System.ws2000)> Restart

    13-359 Command Line Interface Reference WS2000>admin(system.ws2000)> restart Description: Restarts the WS 2000 Wireless Switch. Syntax: restart Restarts the switch from the firmware. Example: admin(system.ws2000)>restart Restarting system. WS 2000 Boot Firmware Version 1.5.0.0-160b Copyright(c) Symbol Technologies Inc. 2003. All rights reserved. Press escape key to run boot firmware ..
  • Page 634: Ws2000>Admin(System.ws2000)> Set

    13-360 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> set Description: Sets WS 2000 system parameters. Syntax: set airbeam mode Enables/disables airbeam access. enable disable passwd Sets the airbeam password to <passwd> (1–39 characters). <passwd> applet Enables/disables http applet access from LAN. enable disable Enables/disables http applet access from WAN.
  • Page 635 13-361 Command Line Interface Reference system name : Atlanta1 system location : Atlanta Field Office admin email address : LeoExample@symbol.com system uptime : 0 days 4 hours 33 minutes WS2000 firmware version : 1.5.0.0-200b country code : us applet http access from lan : enable applet http access from wan : disable...
  • Page 636: Ws2000>Admin(System.ws2000)> Show

    13-362 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.ws2000)> show Description: Shows WS 2000 system information. Syntax: show all Shows all of the WS 2000 system information. Example: admin(system.ws2000)>show all system name : Atlanta1 system location : Atlanta Field Office admin email address : LeoExample@symbol.com system uptime : 0 days 4 hours 33 minutes...
  • Page 637: Cf Commands

    13-363 Command Line Interface Reference 13.72 CF commands WS2000> admin(system)> cf Description: Displays the CF submenu. The items available under this command are shown below. Lists the content of the CF card save Saves the configuration to system flash. quit Quits the CLI.
  • Page 638: Ws2000> Admin(System.cf)> Ls

    13-364 WS2000 Wireless Switch System Reference Guide WS2000> admin(system.cf)> ls Description: Displays the CF card’s contents. Syntax: [<directory-name> Lists the contents of the CF card. The <directory-name> parameter is optional. Example: admin(system.cf)> mf12.bin mf_02020200003R.bin admin(system.cf)> admin(system.cf)>...
  • Page 639: Http Commands

    13-365 Command Line Interface Reference 13.73 HTTP commands WS2000> admin(system)> http Description: Displays the http submenu. The items available under this command are shown below. import Imports the Secured HTTP self certificate show Shows all the Secured HTTP certificates. save Saves the configuration to system flash.
  • Page 640: Ws2000> Admin(System.http)> Import

    13-366 WS2000 Wireless Switch System Reference Guide WS2000> admin(system.http)> import Description: Imports Secured HTTP self certificates. Syntax: import self Lists the contents of the CF card. The <directory-name> parameter is <cert-id> optional. Example: admin(system.http)> import self 1...
  • Page 641: Ws2000> Admin(System.http)> Show

    13-367 Command Line Interface Reference WS2000> admin(system.http)> show Description: Displays all Secure HTTP certificates on this device. Syntax: show Lists the contents of the CF card. The <directory-name> parameter is optional. Example: admin(system.http)> show all http self certificate : default admin(system.http)>...
  • Page 642 13-368 WS2000 Wireless Switch System Reference Guide...
  • Page 643: Appendix A: Syslog Messages

    Syslog Messages A.1 Informational Log Entries ................A-2 A.2 Notice Log Entries.
  • Page 644: Informational Log Entries

    A-2 WS2000 Wireless Switch System Reference Guide A.1 Informational Log Entries System Component Debug Level Log Message 802.1X Module LOG_INFO 8021x: 802.1x Authentication success for MU [MAC_ADDR] 802.1X Module LOG_INFO Tried max eap-id requests for MU [MAC_ADDR]. Address Lookup Table LOG_INFO CFG portal exists called with null mac Module...
  • Page 645 System Component Debug Level Log Message Encryption Key Exchange LOG_INFO [Pairwise Transient Key] Unable to get free CC buffer Module Encryption Key Exchange LOG_INFO [Pairwise Transient Key] Group rekey after %u seconds gk_timeout Module RADIUS Module LOG_INFO rcvd access-accept from [IP_ADDR] for [MAC_ADDR] RADIUS Module LOG_INFO rcvd access-reject from [IP_ADDR] for [MAC_ADDR]...
  • Page 646: Notice Log Entries

    A-4 WS2000 Wireless Switch System Reference Guide System Component Debug Level Log Message WIPS module LOG_INFO “Sensor [MAC] is no longer responding, removed” WIPS module LOG_INFO Sensor [MAC] timed out waiting for [command] AP Revert LOG_INFO AP [MAC] Reverting to AP4131 AP Revert LOG_INFO AP [MAC] Reverting to AP4121...
  • Page 647 System Component Debug Level Log Message Encryption Key Exchange LOG_NOTICE [Pairwise Transient Key] Bad version [MAC_ADDR] mu->addr Module Encryption Key Exchange LOG_NOTICE [Pairwise Transient Key] Funny pkt!! [MAC_ADDR] mu->addr Module Encryption Key Exchange LOG_NOTICE [Pairwise Transient Key] IE no match [MAC_ADDR] mu->addr Module Encryption Key Exchange LOG_NOTICE...
  • Page 648: Warning Log Entries

    A-6 WS2000 Wireless Switch System Reference Guide A.3 Warning Log Entries System Component Debug Level Log Message 802.1X Module LOG_WARNING 8021x: MU [MAC_ADDR] in unknown PAE state [[Number]]. 802.1X Module LOG_WARNING 8021x: no rsp from server [IP_ADDR] count: [Number] 802.1X Module LOG_WARNING 8021x:Using backup server [IP_ADDR] 802.1X Module...
  • Page 649 System Component Debug Level Log Message Kerberos Proxy Module LOG_WARNING krb5: error [Number] in krb5_rd_req_decoded) retval Kerberos Proxy Module LOG_WARNING krb5: key generation failure! Kerberos Proxy Module LOG_WARNING krb5: Server name for MU [MAC_ADDR] not known to KDC Kerberos Proxy Module LOG_WARNING krb5: switch auth not done.
  • Page 650 A-8 WS2000 Wireless Switch System Reference Guide System Component Debug Level Log Message RF Port Configuration Module LOG_WARNING Portal [MAC_ADDR] denied adoption in acl prtl_ptr->addr RF Port Configuration Module LOG_WARNING portal [MAC_ADDR] found at idx [Number] RF Port Configuration Module LOG_WARNING portal [MAC_ADDR] not connected &...
  • Page 651: Alert Log Entry

    A.4 Alert Log Entry System Component Debug Level Log Message NTP Client Module LOG_ALERT errno [Number] updating system clock to ntp time errno A.5 Error-Level Log Entries Debug System Component Level Log Message 802.1X Module LOG_ERR Config error! EAP enabled but no valid Access Control List Module LOG_ERR ACL adopt all read failed...
  • Page 652 A-10 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message Address Lookup Table Module LOG_ERR altable: can't read cfg bss radio idx Address Lookup Table Module LOG_ERR altable: can't set bss mac Address Lookup Table Module LOG_ERR altable: can't set bss radio idx Address Lookup Table Module LOG_ERR...
  • Page 653 A-11 Debug System Component Level Log Message Address Lookup Table Module LOG_ERR cfg radio type [Number] not allowed rtype Address Lookup Table Module LOG_ERR rfport list is full Address Lookup Table Module LOG_ERR wlan [Number]: addr1 = [MAC_ADDR] addr2 = [MAC_ADDR] wlan_idx Cell Controller Module LOG_ERR Error [Number] initing sig handlers errno...
  • Page 654 A-12 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message NTP Client Module LOG_ERR ntp:socket bind error. errno=[Number] errno NTP Client Module LOG_ERR ntp:socket create error. errno=[Number] errno NTP Client Module LOG_ERR ntp:socket recv error. errno=[Number] errno NTP Client Module LOG_ERR ntp:socket send error.
  • Page 655 A-13 Debug System Component Level Log Message Rogue AP Detection Module LOG_ERR Unable to read watched_ssid from cfg Receive Packets Module LOG_ERR rx data frame of unexpected ethernet Receive Packets Module LOG_ERR rxpkts:bad ctl %04x from [[MAC_ADDR]] pkt_ptr->ctl pkt_ptr->src Receive Packets Module LOG_ERR rxpkts:bad dest [[MAC_ADDR]] from [[MAC_ADDR]] pkt_ptr->src pkt_ptr- >dest...
  • Page 656 A-14 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message SIP Module LOG_ERR SIP:Bye received with NULL call id SIP Module LOG_ERR SIP:Status message received with NULL status code SIP Module LOG_ERR SIP:Status message received with NULL call id SIP Module LOG_ERR SIP:Status message received for an invalid call id [identifier]...
  • Page 657 A-15 Debug System Component Level Log Message AP Revert LOG_ERR RF Port [MAC] no free rfp Port Configuration LOG_ERR Port Auto-neg Get failed for port [port idx] Port Configuration LOG_ERR Port Speed Get failed for port [port idx] Port Configuration LOG_ERR Port Duplex Get failed for port [port idx] Port Configuration...
  • Page 658 A-16 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message IP Filter Module LOG_ERR [Function Name]:Could not get Global IP FIlter Table IP Filter Module LOG_ERR [Function Name]: Invalid pointer passed IP Filter Module LOG_ERR [Function Name]: Invalid pointer passed IP Filter Module LOG_ERR [Function Name]: Invalid pointer passed...
  • Page 659 A-17 Debug System Component Level Log Message IP Filter Module LOG_ERR Unable to allocate memory for iterator info IP Filter Module LOG_ERR Could not get total entries from WLAN IP Filter Table IP Filter Module LOG_ERR Could not get total entries from WLAN IP Filter Table IP Filter Module LOG_ERR Config GET/SET error in ccWlanIpFilterPolicyTable...
  • Page 660 A-18 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message IP Filter Module LOG_ERR Config GET/SET error in ccWlanIpFilterPolicyTable IP Filter Module LOG_ERR Row already exists. IP Filter Module LOG_ERR Unable to process set request in ccWlanIpFilterPolicyTable IP Filter Module LOG_ERR Invalidation request rcvd for column [column-number] in...
  • Page 661 A-19 Debug System Component Level Log Message IP Filter Module LOG_ERR [Function Name]:Duplicate filter name in TRUNK IP Filter Table IP Filter Module LOG_ERR Config GET/SET error in ccWanTrunkIpFilterPolicyTable IP Filter Module LOG_ERR Config GET/SET error in ccWanTrunkIpFilterTable IP Filter Module LOG_ERR [Function Name]:Could not get filter policy name required for deletion IP Filter Module...
  • Page 662 A-20 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message IP Filter Module LOG_ERR Invalidation request rcvd for column[column number] in ccWanTrunkIpFilterTable IP Filter Module LOG_ERR problem encountered in [Function Name]: unsupported mode IP Filter Module LOG_ERR Could not get total entries from TRUNK IP Filter Table IP Filter Module LOG_ERR...
  • Page 663 A-21 Debug System Component Level Log Message IP Filter Module LOG_ERR Config GET/SET error in ccIpFilterPolicyTable IP Filter Module LOG_ERR Config GET/SET error in ccIpFilterPolicyTable IP Filter Module LOG_ERR Config GET/SET error in ccIpFilterPolicyTable IP Filter Module LOG_ERR Config GET/SET error in ccIpFilterPolicyTable IP Filter Module LOG_ERR Config GET/SET error in ccIpFilterPolicyTable...
  • Page 664 A-22 WS2000 Wireless Switch System Reference Guide Debug System Component Level Log Message DynDNS module LOG_ERR ERROR while retrieving DynDNS MODE DynDNS module LOG_ERR ERROR adding Interface record...
  • Page 665: Debug-Level Log Entries

    A-23 A.6 Debug-Level Log Entries System Component Debug Level Log Message 802.1X Module LOG_DEBUG Deauthenticating MU [MAC_ADDR] mu_ptr->addr Cell Controlled Module LOG_DEBUG Not catching signal [Number] i EAP Module LOG_DEBUG rcvd [Number] bytes of EAP payload from [MAC_ADDR] EAP Module LOG_DEBUG sending eap-%s to [MAC_ADDR] EAP Module...
  • Page 666 A-24 WS2000 Wireless Switch System Reference Guide System Component Debug Level Log Message NTP Client Module LOG_DEBUG rcvd ntp response from [IP_ADDR] sa.sin_addr.s_addr Encryption Key Exchange LOG_DEBUG [Pairwise Transient Key] recv message #2 [MAC_ADDR] mu->addr Module Encryption Key Exchange LOG_DEBUG [Pairwise Transient Key] recv message #4 [MAC_ADDR] mu->addr Module Encryption Key Exchange...
  • Page 667 A-25 System Component Debug Level Log Message SIP Module LOG_DEBUG SIP:Ack received in invalid state for call id [identifier] SIP Module LOG_DEBUG SIP:Changing the state of the SIP session call id [identifier] to terminated SIP Module LOG_DEBUG SIP:Changing the state of the SIP session call id [identifier] to processed SIP Module LOG_DEBUG SIP:Removing the SIP session call id [identifier]...
  • Page 668 A-26 WS2000 Wireless Switch System Reference Guide System Component Debug Level Log Message Port Configuration LOG_DEBUG Register value received for Port [idx] = [register value] Port Configuration LOG_DEBUG Register value to be set for Port [idx] = [register value] Port Configuration LOG_DEBUG Writing Register values for Wan = [register value] Port Configuration...
  • Page 669: Emergency Log Entries

    A-27 System Component Debug Level Log Message IP Filter Module LOG_DEBUG Protocol mismatch IP Filter Module LOG_DEBUG direction mismatch[incoming/outgoing] IP Filter Module LOG_DEBUG Hash entry pointing to NULL IP Filter Module LOG_DEBUG Packet Source IP [ip address] IP Filter Module LOG_DEBUG Packet Destination IP [ip address] IP Filter Module...
  • Page 670 A-28 WS2000 Wireless Switch System Reference Guide...
  • Page 671 Index Numerics setting defaults ......5-19, 12-15 setting rates ........5-21 1 to 1 NAT .
  • Page 672 Index-2 WS 2000 Wireless Switch System Reference Guide RIP ......... . .4-12 WAN interface .
  • Page 673 Index-3 RADIUS, configuring ......8-5 redirect pages ........8-6 files, exporting and importing settings .
  • Page 674 Index-4 WS 2000 Wireless Switch System Reference Guide hardware configuration ......1-4 source, description ......3-11 MAC addresses POS subnet, configuring .
  • Page 675 Index-5 robust security network (RSN) ......5-13 configuring ........7-20 rogue APs default configuration .
  • Page 676 Index-6 WS 2000 Wireless Switch System Reference Guide defining ........3-2 User Datagram Protocol (UDP) .
  • Page 677 Index-7 anomaly violation ......5-39 excessive violation ......5-39 filtered MUs .
  • Page 678 Index-8 WS 2000 Wireless Switch System Reference Guide...
  • Page 680 MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-103899-01 Revision A March 2008...

Table of Contents