WS5100 Series SwitchSystem Reference Guide
viii WS5100 Series Switch System Reference Guide Notational ConventionsThe following additional notational conventions are used in this document:• I
4-26 WS5100 Series Switch System Reference Guide 9. Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-27 server on the wired side of the switch. All other packet types are blocked until the authentication server (typically, a RADIUS s
4-28 WS5100 Series Switch System Reference Guide across an insecure network connection. Once a MU and server prove their identity, they can encrypt
Network Setup 4-29 9. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if someth
4-30 WS5100 Series Switch System Reference Guide login.html. The client is now redirected to the Login.htm web page of the hotspot instead of landin
Network Setup 4-31 1. Select Network > Wireless LANs from the main menu tree. Select an existing WLAN from those displayed within the Configurati
4-32 WS5100 Series Switch System Reference Guide 4. Refer to the Allow List field, and enter any IP address (for internal or external Web sites) tha
Network Setup 4-33 2. Select the Hotspot button from within the Authentication field. Ensure External is selected from within the This WLAN’s Web Pa
4-34 WS5100 Series Switch System Reference Guide 5. Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-35 4. Select the Hotspot button from within the Authentication field. Ensure Advanced is selected from within the This WLAN’s Web Pa
OverviewThe switch provides a centralized management solution for wireless networking components across the wired network infrastructure. The switc
4-36 WS5100 Series Switch System Reference Guide g. Once the location and settings for the advanced hotspot configuration have been defined, click t
Network Setup 4-37 3. Click the Edit button.4. Select either the EAP 802.1x, Hotspot or Dynamic MAC ACL button from within the Authentication field.
4-38 WS5100 Series Switch System Reference Guide 7. Refer to the Accounting field and define the following credentials for a primary and secondary R
Network Setup 4-39 Configuring Motorola Specific Radius Server User Privilege ValuesThe following recommended Radius Server user privilege settings
4-40 WS5100 Series Switch System Reference Guide Configuring WEP 64Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wirel
Network Setup 4-41 6. Use the Key #1-4 areas to specify key numbers.The key can be either a hexadecimal or ASCII. For WEP 64 (40-bit key), the keys
4-42 WS5100 Series Switch System Reference Guide 5. Specify a 4 to 32 character Pass Key and click the Generate button. The pass key can be any alph
Network Setup 4-43 Configuring WPA/WPA2 using TKIP and CCMPWi-Fi Protected Access (WPA) is a robust encryption scheme specified in the IEEE Wireless
4-44 WS5100 Series Switch System Reference Guide 5. Select the Broadcast Key Rotation checkbox to enable the broadcasting of encryption-key changes
Network Setup 4-45 8. Optionally select one of the following from within the Fast Roaming (8021x only) field. 9. Refer to the Status field for the c
1-2 WS5100 Series Switch System Reference Guide 1.1.1 Physical SpecificationsThe physical dimensions and operating parameters of the WS5100 Series S
4-46 WS5100 Series Switch System Reference Guide 2. Click the Statistics tab.3. Refer to the following details displayed within the table:4. To view
Network Setup 4-47 5. To view WLAN statistics in a graphical format, select a WLAN and click the Graph button. For more information, see Viewing WLA
4-48 WS5100 Series Switch System Reference Guide 5. Refer to the The Information field for the following information:6. Refer to the Traffic field f
Network Setup 4-49 8. Refer to the Errors field for the following information:9. Refer to the Status field for the current state of the requests mad
4-50 WS5100 Series Switch System Reference Guide 2. Click the Graph button. The WLAN Statistics screen displays for the select port. The WLAN Statis
Network Setup 4-51 3. Select any of the above listed parameters by clicking on the checkbox associated with it. 4. Click the Close button to exit th
4-52 WS5100 Series Switch System Reference Guide 6. Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-53 4. Click the Apply button to save all changes to the VLAN assignments.5. Click the Revert button to undo any changes and revert b
4-54 WS5100 Series Switch System Reference Guide 3. Click the Edit button to display a screen used to modify the WMM parameters. For more informatio
Network Setup 4-55 4. Select the QoS Mappings button to revise the existing mappings of access category to 802.1p and DSCP to access category settin
Overview 1-3 1.1.2.1 Start Up1.1.2.2 Primary1.1.2.3 Standby1.1.2.4 Error Codes1.1.3 10/100/1000 Port Status LED CodesA WS5100 Series Switch has two
4-56 WS5100 Series Switch System Reference Guide 4.5.4.1 Editing WMM SettingsUse the WMM Edit screen to modify the existing Access Category settings
Network Setup 4-57 5. Select the Admission Control checkbox (enabled for only Voice and Video access categories) to define (limit) the number of MUs
4-58 WS5100 Series Switch System Reference Guide 2. Click the Status tab. The Status screen displays the following read-only device information for
Network Setup 4-59 4. Highlight a MU from those listed and click the Disconnect button to remove the MU from the list of currently associated device
4-60 WS5100 Series Switch System Reference Guide 5. Click the Refresh button to update the MU Statistics to their latest values.6. Refer to the Stat
Network Setup 4-61 2. Click the Statistics tab. 3. Select the Last 30s checkbox to display MU statistics as gathered over the last 30 seconds.4. Sel
4-62 WS5100 Series Switch System Reference Guide 7. Click the Graph button to launch a graph with pictorial information about the selected MU in a g
Network Setup 4-63 4. Refer to the Information field for the following information:5. Refer to the Traffic field for the following information: 6. R
4-64 WS5100 Series Switch System Reference Guide 4.6.2.2 View a MU Statistics GraphThe MU Statistics tab has an option for displaying detailed MU st
Network Setup 4-65 The Access Ports screen consists of the following tabs:• Configuring Access Port Radios• Viewing AP Statistics• Configuring WLAN
1-4 WS5100 Series Switch System Reference Guide 1.2 Software OverviewThe switch includes a robust set of features.This section provides an overview
4-66 WS5100 Series Switch System Reference Guide 4. Refer to the Properties field for the following5. Click the Edit button to launch a screen used
Network Setup 4-67 channels and moves the radio to the channel where it is least likely to have interference from the other radios. Use the Export o
4-68 WS5100 Series Switch System Reference Guide 7. Click OK to save the changes and return to the previous screen.Port AuthenticationTo configure t
Network Setup 4-69 settings as well as a set of advanced properties in case its transmit and receive capabilities need to be adjusted. To edit a rad
4-70 WS5100 Series Switch System Reference Guide 8. From within the Radio Settings field, define the Placement of the access port as either Indoors
Network Setup 4-71 Short Preambles only If using an 802.11bg radio, select this checkbox for the radio to transmit using a short preamble. Short pre
4-72 WS5100 Series Switch System Reference Guide 13.Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-73 Supported Rates allow an 802.11 network to specify the data rate it supports. When a MU attempts to join the network, it checks t
4-74 WS5100 Series Switch System Reference Guide 3. Click the Add button to display at screen containing settings for adding a radio4. Enter the dev
Network Setup 4-75 2. Click the Statistics tab.3. To select the time frame for the radio statistics, select either Last 30s or Last Hr above the sta
Overview 1-5 1.2.1.1 Installation FeatureThe upgrade/downgrade of the switch can be performed at boot time using one of the following methods:•Web U
4-76 WS5100 Series Switch System Reference Guide 5. Select a radio from those displayed and click the Details button for additional radio informatio
Network Setup 4-77 6. Refer to the RF Status field for the following information:7. Refer to the Errors field for the following information:8. Click
4-78 WS5100 Series Switch System Reference Guide 3. Select a radio index from the table displayed in the Statistics screen and click the Graph butto
Network Setup 4-79 4. Select a radio from the table to view WLAN assignment information. The WLAN Assignment tab is divided into two fields; Select
4-80 WS5100 Series Switch System Reference Guide 2. Click the WLAN Assignment tab.3. Select a radio from the table and click the Edit button. The Se
Network Setup 4-81 3. Select a radio and click the Edit button to modify its properties. For more information, see Editing WMM Settings on page 4-81
4-82 WS5100 Series Switch System Reference Guide 4. Enter a number between 0 and 15 for the AIFSN value for the selected radio.The AIFSN value is th
Network Setup 4-83 2. Click the Configuration tab.3. Refer to the following information as displayed within the Configuration tab:4. To modify a rad
4-84 WS5100 Series Switch System Reference Guide 4.8.1.1 Editing Default Radio Adoption SettingsUse the Edit screen to dedicate a target radio as a
Network Setup 4-85 8. Select a channel for communications between the access port and MUs in the Desired Channel field. The selection of a channel d
1-6 WS5100 Series Switch System Reference Guide • RAM tests, Real Time Clock tests, etc. 3. Manufacturing Diagnostics – Manufacturing diagnostics ar
4-86 WS5100 Series Switch System Reference Guide 12.Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-87 14.Click Cancel to close the dialog without committing updates to the running configuration.Configuring Rate SettingsUse the Rate
4-88 WS5100 Series Switch System Reference Guide 4.8.2 Configuring Layer 3 Access Port AdoptionThe configuration activity required for adopting acce
Network Setup 4-89 2. Click the WLAN Assignment tab.The Assigned WLANs tab displays two fields: Select Radios/BSS and Select/Change Assigned WLANs.3
4-90 WS5100 Series Switch System Reference Guide 6. Click Apply to save the changes made within the screen.7. Click Revert to cancel the changes mad
Network Setup 4-91 4. To modify the properties of WMM Adoption Settings, select a radio and click the Edit button. For more information, see Editing
4-92 WS5100 Series Switch System Reference Guide 5. Enter a number between 0 and 65535 for the Transmit Ops value. The Transmit Ops value is the max
Network Setup 4-93 2. Click the Adopted AP tab. 3. Refer to the Adopted AP screen for the following information:4. Click the Export button to export
4-94 WS5100 Series Switch System Reference Guide 1. Select Network > Access Port Status from the main menu tree.2. Click the Unadopted AP tab. Th
Network Setup 4-95 3. Select an available index and click the Adopt button to display a screen wherein the properties of a new radio can be added fo
Overview 1-7 • Up to 12 switch redundancy members supported per group. Each member is capable of tracking statistics for the entire group in additio
4-96 WS5100 Series Switch System Reference Guide
Switch ServicesThis chapter describes the following Services main menu information used to configure the switch.• Displaying the Services Interface•
5-2 WS5100 Series Switch System Reference Guide 5.1 Displaying the Services InterfaceRefer to the Services main menu interface to review a summary d
Switch Services 5-3 5.2 DHCP Server SettingsThe DHCP Server Settings section contains the following activities:• Configuring the Switch DHCP Server•
5-4 WS5100 Series Switch System Reference Guide are expected to renew them to continue to use the addresses. Once a lease has expired, the client to
Switch Services 5-5 6. Click the Edit button to modify the properties displayed on an existing DHCP pool. For more information, see Editing the Prop
5-6 WS5100 Series Switch System Reference Guide machine.•A m-mixed is a mixed node that uses broadcasted queries to find a node, and failing that, q
Switch Services 5-7 2. Click the Add button at the bottom of the screen. 3. Enter the name of the IP pool from which IP addresses can be issued to c
5-8 WS5100 Series Switch System Reference Guide 7. From the Network field, use the Associated Interface drop-down menu to define the switch interfac
Switch Services 5-9 2. Highlight an existing pool name from within either the Configuration or Host Pool tab and click the Options Setup button at t
1-8 WS5100 Series Switch System Reference Guide • Self Healing• Wireless Capacity• AP and MU Load Balancing• Wireless Roaming• Power Save Polling• Q
5-10 WS5100 Series Switch System Reference Guide 2. Highlight an existing pool name from within either the Configuration or Host Pool tabs and click
Switch Services 5-11 5.2.2 Viewing the Attributes of Existing Host PoolsRefer to the Host Pool tab within the DHCP Server screen to view how the hos
5-12 WS5100 Series Switch System Reference Guide 6. Click the Add button to create a new DHCP pool. For more information, see Adding a New DHCP Pool
Switch Services 5-13 5.2.4 Configuring DHCP Server Relay InformationRefer to the Relay tab to view the current DHCP Relay configurations for availab
5-14 WS5100 Series Switch System Reference Guide 2. Click the Relay tab. 3. Refer to the Interface field for the names of the interfaces available t
Switch Services 5-15 d. Click Cancel to close the dialog without committing updates to the running configuration. 5.2.5 Viewing DHCP Server StatusTh
5-16 WS5100 Series Switch System Reference Guide 3. Refer to the contents of the Status tab for the following: 4. To delete an entry from the list,
Switch Services 5-17 2. Select the Configuration tab. 3. An ACL Id must be created before it is selectable from any of the drop-down menus. Refer to
5-18 WS5100 Series Switch System Reference Guide 5. Click Apply to save any changes to the screen. Navigating away from the screen without clicking
Switch Services 5-19 3. Click the Add button.4. Enter a Key ID between 1-65534. The Key ID is a Key abbreviation allowing the switch to reference mu
Overview 1-9 destination IP address and/or TCP/UDP port number. Rate limiting allows the definition of two rates: a guaranteed minimum bandwidth and
5-20 WS5100 Series Switch System Reference Guide 2. Select the NTP Neighbor tab. 3. Refer to the following information (as displayed within the NTP
Switch Services 5-21 5.3.4 Adding an NTP NeighborTo add a new NTP peer or server neighbor configuration to those available to the switch for synchro
5-22 WS5100 Series Switch System Reference Guide 9. Use the NTP Version drop-down menu to select the version of SNTP to use with this configuration
Switch Services 5-23 2. Select the NTP Associations tab. 3. Refer to the following SNTP Association data for each SNTP association displayed: 4. Sel
5-24 WS5100 Series Switch System Reference Guide 5.3.6 Viewing SNTP StatusRefer to the SNTP Status tab to display performance (status) information r
Switch Services 5-25 5.4 Configuring Switch Redundancy Configuration and network monitoring are two tasks a network administrator faces as a network
5-26 WS5100 Series Switch System Reference Guide running on WS1, by duplicating the commands and sending them to the group over the virtual connecti
Switch Services 5-27 context). For information on licensing rules impacting redundancy group members, see Redundancy Group License Aggregation Rules
5-28 WS5100 Series Switch System Reference Guide 3. Refer to the History field to view the current state of the redundancy group.4. Click Apply to s
Switch Services 5-29 2. Select the Status tab. 3. Refer to the Status field to assess the current state of the redundancy group. Redundancy state is
© 2007 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a regi
1-10 WS5100 Series Switch System Reference Guide on the Motorola Web site) for a use case on hotspot deployment. For information on configuring a ho
5-30 WS5100 Series Switch System Reference Guide 4. The Apply and Revert buttons are unavailable for use with the Status screen, as there are no edi
Switch Services 5-31 2. Select the Member tab.3. Refer to the following information within the Member tab:4. Select a row, and click the Details but
5-32 WS5100 Series Switch System Reference Guide 6. Click the Add button to add a member to the redundancy group. The redundancy group should be dis
Switch Services 5-33 5. Refer to the Status field.The Status is the current state of the requests made from the applet. Requests are any “SET/GET” o
5-34 WS5100 Series Switch System Reference Guide 5.4.2.2 Adding a Redundancy Group MemberUse the Add screen as the means to add a new member (by add
Switch Services 5-35 • Whenever the cluster protocol is disabled, a member switch forgets the learned cluster license as well as peer information ne
5-36 WS5100 Series Switch System Reference Guide DHCP and ARP are tunneled through the home switch. The IP address for the MU is assigned from the V
Switch Services 5-37 To configure Layer 3 Mobility for the switch:1. Select Services > Layer 3 Mobility from the main menu tree.The Layer 3 Mobil
5-38 WS5100 Series Switch System Reference Guide 5.5.2 Defining the Layer 3 Peer ListThe Layer 3 Peer List contains the IP addresses MUs are using t
Switch Services 5-39 5.5.3 Reviewing Layer 3 Peer List StatisticsWhen a MU roams to a current switch on the same layer 3 network, it sends a L2-ROAM
Overview 1-11 • Self Healing Actions — When an AP fails, actions are taken on the neighbor APs to do self-healing. Detector APsConfigure an AP in ei
5-40 WS5100 Series Switch System Reference Guide 3. Refer to the following information within the Peer Statistics tab:4. Click the Clear Statistics
Switch Services 5-41 2. Select the MU Status tab. 3. Refer to the following information within the MU Status tab: 5.6 Configuring GRE TunnelsTunneli
5-42 WS5100 Series Switch System Reference Guide • Assigning priority to different types of traffic• Assigning security levels to different types of
Switch Services 5-43 GRE tunneling allows desktop protocols to take advantage of the enhanced route selection capabilities of IP. With GRE Tunneling
5-44 WS5100 Series Switch System Reference Guide 3. Highlight an existing tunnel and click the Edit button to modify the properties of the tunnel. F
Switch Services 5-45 4. Click OK to save the contents of the screen and return to the main GRE Tunnels screen.5. Click Cancel to exit the screen wit
5-46 WS5100 Series Switch System Reference Guide 4. Click OK to save the contents of the screen and return to the main GRE Tunnels screen.5. Click C
Switch Services 5-47 3. Refer to the Interference Avoidance field to define the following settings: 4. Click the Apply button to save the changes ma
5-48 WS5100 Series Switch System Reference Guide 3. Refer to the following information as displayed within the Neighbor Recovery screen. 4. Highligh
Switch Services 5-49 3. Select an existing neighbor and click the Edit button. The radio index and description for the current radio display in the
1-12 WS5100 Series Switch System Reference Guide MU Balancing Across Multiple APsAs per the 802.11 standard, AP and MU association is a process cond
5-50 WS5100 Series Switch System Reference Guide 5.8 Configuring Switch DiscoverySwitch discovery enables the SNMP discovery (location) of Motorola
Switch Services 5-51 2. Refer to the following information within the Discovery Profiles tab to discern whether an existing profile can be used as i
5-52 WS5100 Series Switch System Reference Guide If SNMP v3 is used with a discovering profile, a V3 Authentication screen displays.The User Name an
Switch Services 5-53 4. Refer to the Status field for an update of the edit process.The Status is the current state of the requests made from the ap
5-54 WS5100 Series Switch System Reference Guide 3. Refer to the following information within the Saved Devices screen to discern whether a located
Switch SecurityThis chapter describes the security mechanisms available to the switch. This chapter includes the following:• Displaying the Main Se
6-2 WS5100 Series Switch System Reference Guide To view main menu security information:1. Select Security from the main menu tree.2. Refer to the fo
Switch Security 6-3 6.2 AP Intrusion DetectionUse the Internet Protocol sub-menu to view and configure network related IP information. The Internet
6-4 WS5100 Series Switch System Reference Guide 3. Enable AP assisted scanning and timeout intervals as required.4. Refer to the MU Assisted Scan fi
Switch Security 6-5 6.2.1.1 Adding or Editing an Allowed APTo add a new range or modify the address range used to designate devices as Allowed APs:1
Overview 1-13 L3 RoamingL3 roaming works with switches in the mobility domain to exchange mobility related control information. This includes IP add
6-6 WS5100 Series Switch System Reference Guide 6.2.2 Approved APs (Reported by APs)Those access points detected and approved for operation within t
Switch Security 6-7 6.2.3 Unapproved APs (Reported by APs)Use the Unapproved APs (Reported by APs) tab to review access points detected by associate
6-8 WS5100 Series Switch System Reference Guide 4. The Number of Unapproved APs is simply the sum of all of Unapproved Radio MAC Addresses detected.
Switch Security 6-9 3. The Unapproved APs (Reported by MUs) table displays the following information:4. The Number of Unapproved APs is simply the s
6-10 WS5100 Series Switch System Reference Guide 2. Click the Configuration tab. The MU Intrusion Detection tab consists of the following two fields
Switch Security 6-11 6. Click on Revert to rollback to the previous configuration.6.3.2 Viewing Filtered MUsPeriodically check the Filtered MUs tab
6-12 WS5100 Series Switch System Reference Guide 3. Select a detected MU and click the Delete button to remove it from the list of MUs you are track
Switch Security 6-13 The Filters field contains the following read-only information:3. Refer to the Associated WLANs field for following4. If the pr
6-14 WS5100 Series Switch System Reference Guide 7. Click the Memberships button to display a screen wherein a selected index can be added to one or
Switch Security 6-15 10.Click Cancel to close the dialog without committing updates to the running configuration.6.4.2 Adding a new Wireless FilterU
1-14 WS5100 Series Switch System Reference Guide When multiple BSSID's are enabled, you cannot tell by snooping the air whether any pair of bea
6-16 WS5100 Series Switch System Reference Guide 6.4.3 Associating an ACL with WLANUse the Membership screen to define a name for the ACL index and
Switch Security 6-17 6.5.1 ACL OverviewAn ACL contains an ordered list of Access Control Entries (ACEs). Each ACE specifies an action and a set of c
6-18 WS5100 Series Switch System Reference Guide A session is computed based on the following:• Source IP address• Destination IP address• Source Po
Switch Security 6-19 6.5.1.3 Wireless LAN ACLsWireless LAN ACLs filter/mark packets based on the wireless LAN from which they arrive rather than fil
6-20 WS5100 Series Switch System Reference Guide 6.5.2 Configuring an ACLConfigure an ACL to enforce privilege separation and determine appropriate
Switch Security 6-21 To create a new ACL:1. Select Security > ACLs from the main menu tree.2. Click on the Configuration tab to view the list of
6-22 WS5100 Series Switch System Reference Guide 3. Click the Add button within the Associated Rules field. 4. Use the Precedence field to enter a p
Switch Security 6-23 6.5.2.3 Editing an Existing RuleAs network and access permission requirements change, existing ACL rules need to be modified to
6-24 WS5100 Series Switch System Reference Guide 6.5.3 Attaching an ACLUse the Attach-L2/L3 screen to view and assign the ACL to a physical interfac
Switch Security 6-25 2. Click on the Attach tab.3. Click on the Add button.4. Use the Interface drop-down menu to select the interface to configure
Overview 1-15 disconnect. With QoS, the VoIP conversation (a real-time session), receives priority, maintaining a high level of voice quality. The v
6-26 WS5100 Series Switch System Reference Guide 3. Refer to the following information as displayed within the Attach -WLAN tab: 4. Select a WLAN (
Switch Security 6-27 8. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if some
6-28 WS5100 Series Switch System Reference Guide 4. Select an interface and click the Delete button to delete the ACL interface from the switch.5. C
Switch Security 6-29 3. Refer to the following information as displayed within the Dynamic Translation tab. 4. Select an existing NAT configuration
6-30 WS5100 Series Switch System Reference Guide 6. Click the Add button to display screen to create a new NAT configuration and add it to the list
Switch Security 6-31 10.Click Cancel to close the dialog without committing updates to the running configuration. 6.6.2 Defining Static NAT Translat
6-32 WS5100 Series Switch System Reference Guide 3. Refer to the following information as displayed within the Static Translation tab. 4. Select an
Switch Security 6-33 3. Click the Add button.4. Define the NAT Type from the drop-down menu. Options include:• Inside - The set of networks that are
6-34 WS5100 Series Switch System Reference Guide 13.Click Cancel to close the dialog without committing updates to the running configuration. 6.6.3
Switch Security 6-35 6. If modifying an existing interface is not a valid option, consider configuring a new interface. To define a new NAT interfac
1-16 WS5100 Series Switch System Reference Guide flow having UPSD enabled. After the AP acknowledges the trigger frame, it transmits the frames in i
6-36 WS5100 Series Switch System Reference Guide . 3. Refer to the following information to assess the validity and total NAT translation configurat
Switch Security 6-37 6.7.1 Defining the IKE ConfigurationRefer to the Configuration tab to enable (or disable) IKE and define the IKE identity (for
6-38 WS5100 Series Switch System Reference Guide 6. Refer to the Pre-shared Keys field to review the following information: 7. Highlight an existing
Switch Security 6-39 • A priority value (1 through 65,543, with 1 as highest priority permitted) • An authentication scheme ensure the credentials o
6-40 WS5100 Series Switch System Reference Guide 3. Refer to the values displayed within the IKE Policies tab to determine if an existing policy req
Switch Security 6-41 6. If the properties of an existing policy are no longer relevant and cannot be edited to be useful, click the Add button to de
6-42 WS5100 Series Switch System Reference Guide b. Refer to the Status field for the current state of the requests made from applet. This field dis
Switch Security 6-43 4. Select an index and click the Details button to display a more robust set of statistics for the selected index. Use this inf
6-44 WS5100 Series Switch System Reference Guide security parameters in the Crypto Maps at both peers. Allows you to specify a lifetime for the IPSe
Switch Security 6-45 • Viewing IPSec Security Associations6.8.1 Defining the IPSec ConfigurationUse the IPSec VPN Configuration screen to view the a
Overview 1-17 • When packets are received on the GRE tunnel interface by the switch, the switch decapsulates the GRE header and forwards the IP pack
6-46 WS5100 Series Switch System Reference Guide 4. Refer to the Transform Sets field to view the following data: 5. Select a IPSec VPN transform se
Switch Security 6-47 4. Revise the following information as required to render the existing transform set useful. 5. Refer to the Status field for t
6-48 WS5100 Series Switch System Reference Guide 3. Click the Add button. 4. Define the following information as required for the new transform set.
Switch Security 6-49 6.8.2 Defining the IPSec VPN Remote ConfigurationUse the IPSec VPN Remote tab to configure the DNS and/or WINS Servers used to
6-50 WS5100 Series Switch System Reference Guide 5. Click the Edit button (within the IP Range tab) to modify the range of existing IP addresses dis
Switch Security 6-51 2. Click the Authentication tab.3. Define whether the IPSec VPN user authentication is conducted using a Radius Server (by sele
6-52 WS5100 Series Switch System Reference Guide 7. Select an existing server and click the Delete button to remove it from list of available Radius
Switch Security 6-53 access, specify a fewer number of Crypto Maps (referring to large identity sections) instead of specifying a large number of Cr
6-54 WS5100 Series Switch System Reference Guide 4. Select an existing Crypto Map and click the Edit button to modify the Crypto Map’s attributes. I
Switch Security 6-55 b. Assign the Crypto Map a Name to differentiate from others with similar configurations.c. Use the None, Domain Name or Host N
1-18 WS5100 Series Switch System Reference Guide 1.2.5 Security FeaturesThe switch security can be classified into wireless security and wired secur
6-56 WS5100 Series Switch System Reference Guide 2. Click the Crypto Maps tab and select Peers. 3. Refer to the read-only information displayed with
Switch Security 6-57 a. Define the Seq # /Name for the new peer. The lower the number, the higher the priority among Crypto Maps.b. Enter the name o
6-58 WS5100 Series Switch System Reference Guide 6. If a new Crypto Map manual security association requires creation, click the Add button.a. Defin
Switch Security 6-59 1. Select Security > IPSec VPN from the main menu tree.2. Click the Crypto Maps tab and select Transform Sets. 3. Refer to t
6-60 WS5100 Series Switch System Reference Guide a. Define the Seq #/Name. The lower the number, the higher the priority among Crypto Maps.b. Enter
Switch Security 6-61 Crypto Map configuration. Also, adding new peers through the use of new sequence numbers and reassigning the Crypto Map does no
6-62 WS5100 Series Switch System Reference Guide 4. If necessary, select a security association from those displayed and click the Delete button to
Switch Security 6-63 • TTLS and MSCHAPv2• PEAP and GTC• PEAP and MSCHAPv2Apart from EAP authentication, the switch allows enforcement of User based
6-64 WS5100 Series Switch System Reference Guide 6.9.1.2 Authentication of Terminal/Management User(s)The local Radius server can be used to authent
Switch Security 6-65 authentication source if a user does not exist in the local Server’s database, since the primary method has rejected the authen
Overview 1-19 WPAWPA is designed for use with an 802.1X authentication server, which distributes different keys to each user; however, it can also b
6-66 WS5100 Series Switch System Reference Guide 6.9.3.1 Radius Client ConfigurationA Radius client implements a client/server mechanism enabling th
Switch Security 6-67 To configure Radius proxy server support:1. Select Security > Radius Server from the main menu.2. Ensure the Configuration t
6-68 WS5100 Series Switch System Reference Guide 1. Select Security > Radius Server from the main menu.2. Select the Authentication tab. 3. Refer
Switch Security 6-69 4. Refer to the LDAP Server Details field to define the attributes of the primary and secondary Radius LDAP servers providing a
6-70 WS5100 Series Switch System Reference Guide To define the Radius user permissions for switch access:1. Select Security > Radius Server from
Switch Security 6-71 7. To create a new user for use with the local Radius server, click the Add button and provide the following information. a. Re
6-72 WS5100 Series Switch System Reference Guide 2. Select the Groups tab. 3. Refer to the displayed user groups to assess the following read-only a
Switch Security 6-73 6. To modify the attributes of an existing group, select the group from the list of groups displayed and click the Edit button.
6-74 WS5100 Series Switch System Reference Guide 2. Select the Accounting Logs tab. 3. Refer to the following information as displayed within the Ac
Switch Security 6-75 Server Certificates are issued to Web Servers and used to authenticate Web Servers to Web browsers while establishing a Secure
ContentsChapter 1. Overview1.1 Hardware Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-20 WS5100 Series Switch System Reference Guide uses the MAC address of the MU as both the username and password (this configuration is also expect
6-76 WS5100 Series Switch System Reference Guide 3. Click the Certificate Wizard button to create a self signed certificate, upload an external serv
Switch Security 6-77 Using the Wizard to Create a New CertificateTo generate a new self-signed certificate or prepare a certificate request which ca
6-78 WS5100 Series Switch System Reference Guide Select a trustpoint for the new certificate• Use existing trustpoint - Select an existing trustpoin
Switch Security 6-79 If generating a new self-signed certificate (as selected in page 2 of the wizard), the wizard continues the installation. Use t
6-80 WS5100 Series Switch System Reference Guide 5. Select the Enroll the trustpoint checkbox to enroll the certificate request with the CA. 6. Clic
Switch Security 6-81 1. Select the Delete Operations radio button in the wizard and click the Next button. The next page of the wizard is used to de
6-82 WS5100 Series Switch System Reference Guide 2. Select the Keys tab. The Keys tab displays the following:3. Highlight a Key from the table and c
Switch Security 6-83 3. Click the Add button at the bottom of the screen. 4. Enter a Key Label in the space provided to specify a name for the new k
6-84 WS5100 Series Switch System Reference Guide 8. Use the Using drop down-menu to configure whether the log file transfer will be sent using FTP o
Switch ManagementThis chapter describes the Management Access main menu items used to configure the switch. This chapter contains following content:
Overview 1-21 If no response is received from the EAPOL start message, or if the authentication attempt is not successful, the AP300 continues to tr
7-2 WS5100 Series Switch System Reference Guide To display the main Management screen:1. Select Management Access from the main menu tree. 2. Refer
Switch Management 7-3 1. Select Management Access > Access Control from the main menu tree. 2. Refer to the Management Settings field to enable o
7-4 WS5100 Series Switch System Reference Guide 3. Click the Apply button to save changes made to the screen since the last saved configuration.4. C
Switch Management 7-5 7.3.1 Configuring SNMP v1/v2 AccessSNMP version 2 (SNMPv2) is an evolution of the SNMPv1. The Get, GetNext, and Set operations
7-6 WS5100 Series Switch System Reference Guide 7.3.1.1 Editing an Existing SNMP v1/v2 Community NameThe Edit screen allows the user to modify a com
Switch Management 7-7 To review existing SNMP v3 definitions:1. Select Management Access > SNMP Access from the main menu tree.2. Select the V3
7-8 WS5100 Series Switch System Reference Guide 4. Highlight an existing v3 entry and click the Edit button to modify the password for the Auth Prot
Switch Management 7-9 7.3.3 Accessing SNMP v2/v3 StatisticsRefer to the Statistics screen for a read-only overview of SNMP V2/V3 events and their cu
7-10 WS5100 Series Switch System Reference Guide Usm StatisticsDisplays SNMP v3 events specific to Usm. The User-based Security Model (USM) decrypts
Switch Management 7-11 7.4 Configuring SNMP TrapsUse the SNMP Trap Configuration screen to enable or disable trap generation individually or by func
1-22 WS5100 Series Switch System Reference Guide as intruding MUs try to find network vulnerabilities. Basic forms of this behavior can be monitored
7-12 WS5100 Series Switch System Reference Guide 4. Select an individual trap, by expanding the node in the tree view, to view a high-level descript
Switch Management 7-13 8. Highlight a sub-menu header (such as Redundancy or Update Server) and click the Enable all sub-items button to enable the
7-14 WS5100 Series Switch System Reference Guide 4. Select a threshold and click the Edit button to display a screen wherein threshold settings for
Switch Management 7-15 7.4.2.1 Wireless Trap Threshold ValuesThe table below lists the Wireless Trap threshold values for the switch:# Threshold Nam
7-16 WS5100 Series Switch System Reference Guide 7.5 Configuring SNMP Trap ReceiversRefer to the Trap Receivers screen to review the attributes of e
Switch Management 7-17 4. Highlight an existing Trap Receiver and click the Delete button to remove the Trap Receiver from the list of available des
7-18 WS5100 Series Switch System Reference Guide 6. Click OK to save and add the changes to the running configuration and close the dialog.7. Refer
Switch Management 7-19 • Privileges – This frame displays the privileges assigned to different type of user.3. Select the user (Admin, Operator or u
7-20 WS5100 Series Switch System Reference Guide 5. Select the role you want to assign to the new user from the options provided in the Associated R
Switch Management 7-21 5. Select the role to assign to the user from the options provided in the Associated Roles field. Select one or more of the f
Overview 1-23 SNMP Trap on discoveryAn SNMP trap is sent for each detected and Rogue AP. Rogue APs are only detected, and notification is provided v
7-22 WS5100 Series Switch System Reference Guide 7.6.1.3 Creating a Guest Admin and Guest UserOptionally, create a guest administrator for the purpo
Switch Management 7-23 5. Assign the guest-admin WebUser Administrator access. When the guest-admin user logs in, they are redirected to a Guest Use
7-24 WS5100 Series Switch System Reference Guide 2. Click on the Authentication tab. 3. Refer to the Authentication methods field for the following:
Switch Management 7-25 7. Select a Radius server from the table and click the Edit button to modify how the authentication method is used. For more
7-26 WS5100 Series Switch System Reference Guide 5. Refer to the Status field for the current state of the requests made from applet. This field dis
Switch Management 7-27 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if so
7-28 WS5100 Series Switch System Reference Guide
DiagnosticsThis chapter describes the various diagnostic features available to monitor switch performance. It consists of the following sections:• D
8-2 WS5100 Series Switch System Reference Guide 8.1.1 Switch EnvironmentUse the Environment screen to view and modify the switch diagnostic interval
Diagnostics 8-3 5. Use the Temperature Sensors field to monitor the CPU and system temperatures. This information is extremely useful in assessing i
1-24 WS5100 Series Switch System Reference Guide • Site-Site VPN — For example, a company branching office traffic to another branch office traffic
8-4 WS5100 Series Switch System Reference Guide 8.1.3 Switch Memory AllocationUse the Memory screen to assess the CPU’s load over the last 1, 5, and
Diagnostics 8-5 2. Select the Disk tab.3. This Disk tab displays the status of the various disks on the switch. Each section displays the following
8-6 WS5100 Series Switch System Reference Guide 2. Select the Processes tab3. The Processes tab has 2 fields:• General• Processes by highest memory
Diagnostics 8-7 2. Select the Other Resources tab.The Other Resources tab displays the memory allocation of Packet Buffer, IP Route Cache and File D
8-8 WS5100 Series Switch System Reference Guide 2. Select the Log Options tab. 3. Select the Enable Logging Module checkbox to enable the switch to
Diagnostics 8-9 9. Click the Revert button to move the display back to the last saved configuration.8.2.2 File ManagementUse the File Mgt screen to
8-10 WS5100 Series Switch System Reference Guide 5. Highlight a file from the list of log files available within the File Mgt tab and click the View
Diagnostics 8-11 3. Refer to the following for information on the elements that can be viewed within a log file:4. Refer to the Status field for the
8-12 WS5100 Series Switch System Reference Guide 2. Select a target log file to transfer and click the Transfer File button. 3. Use the From drop-do
Diagnostics 8-13 To view the core snapshots available on the switch:1. Select Diagnostics > Core Snapshots from the main menu tree. 2. Refer to t
Switch Web UI Access and Image UpgradesThe content of this chapter is segregated amongst the following:• Accessing the Switch Web UI• Switch Passwo
8-14 WS5100 Series Switch System Reference Guide 2. Select a target file, and select the Transfer Files button. 3. Use the From drop-down menu to sp
Diagnostics 8-15 To review the current Panic Snapshots on the switch:1. Select Diagnostics > Panic Snapshots from the main menu. 2. Refer to the
8-16 WS5100 Series Switch System Reference Guide 8.4.1 Viewing Panic DetailsUse the View facility to review the entire contents of a panic snapshot
Diagnostics 8-17 8. If Server has been selected as the source, enter the IP Address of destination server or system receiving the target panic file.
8-18 WS5100 Series Switch System Reference Guide • What kinds of message should be seen.4. Select the Send log message to a file checkbox if you wis
Diagnostics 8-19 To view the switch’s existing ping configuration:1. Select Diagnostics > Ping from the main menu. 2. Refer to the following info
8-20 WS5100 Series Switch System Reference Guide 8.6.1 Modifying the Configuration of an Existing Ping TestThe properties of an existing ping tests
Diagnostics 8-21 2. Click the Add button at the bottom of the Configuration tab. 3. Enter the following information to define the properties of the
8-22 WS5100 Series Switch System Reference Guide 8.6.3 Viewing Ping StatisticsRefer to the Ping Statistics tab for an overview of the overall succes
Diagnostics 8-23 Average RTT Displays the average round trip time for ping packets transmitted between the switch and its destination IP address. Us
2-2 WS5100 Series Switch System Reference Guide 2.1.2 Connecting to the Switch Web UITo display the Web UI, launch a Web browser on a computer with
8-24 WS5100 Series Switch System Reference Guide
Appendix A Customer SupportMotorola’s Enterprise Mobility Support CenterIf you have a problem with your equipment, contact Enterprise Mobility suppo
A-2 WS5100 Series System Reference Guide
MOTOROLA INC.1303 E. ALGONQUIN ROADSCHAUMBURG, IL 60196http://www.motorola.com72E-100957-01 Revision AJune 2007
Switch Web UI Access and Image Upgrades of firmware running on the switch, quickly assess the last 5 alarms generated by the switch, view the status o
2-4 WS5100 Series Switch System Reference Guide 2.3 Upgrading the Switch ImageThe switch ships with a factory installed firmware image with the full
Switch Web UI Access and Image Upgrades 3. From the WS5100 running either 1.4.x or 2.x, create a configuration and save it on the switch.WS5100# save
TOC-2 WS5100 Series Switch System Reference Guide3.4.2 Enabling Global Settings for the Failover Image. . . . . . . . . . . . . . . . . . . . . . .
2-6 WS5100 Series Switch System Reference Guide For the static case (where the URLs for the configuration and image files are not supplied by DHCP),
Switch Web UI Access and Image Upgrades After this configuration update, any switch reboot with DHCP enabled on the RON port will trigger an auto inst
2-8 WS5100 Series Switch System Reference Guide 3. Select the AP Installation main menu item.4. From the IP Address field, enter a new IP address (i
Switch Web UI Access and Image Upgrades 6. Select the Special Functions main menu item.7. Select the Firmware Update Menu-[F3] menu item8. Select the
2-10 WS5100 Series Switch System Reference Guide
Switch InformationThis chapter describes the Switch main menu information used to configure the switch. This chapter consists of the following sect
3-2 WS5100 Series Switch System Reference Guide 3.1.1 Viewing the Switch ConfigurationThe system prompts you to enter the correct country code after
Switch Information 3-3 4. Refer the System field to view or define the following information: 5. Click the Restart button to reboot the switch. The
3-4 WS5100 Series Switch System Reference Guide 8. Click the Reset Password button to display a screen to reset you password to a new value. Enter t
Switch Information 3-5 The Dashboard screen displays the current health of the switch and is divided into the following fields:•Alarms• Ports• Envir
TOC-35.2.5 Viewing DHCP Server Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-6 WS5100 Series Switch System Reference Guide 2. Refer to the Ports field for link, speed, duplex, POE Status of each physical port on the front p
Switch Information 3-7 3. Refer to the Switch Statistics area for the following read-only information about associated MUs:4. Refer to the Traffic s
3-8 WS5100 Series Switch System Reference Guide 3.2 Viewing Switch Port InformationThe Port screen displays the configuration, runtime status and st
Switch Information 3-9 3. Select a port and click the Edit button to modify the port configuration. For additional information, see Editing the Por
3-10 WS5100 Series Switch System Reference Guide Read-only details about the port’s cabling connection also display within the Edit screen. This in
Switch Information 3-11 2. Select the Runtime tab to display the following read-only information:3.2.3 Viewing the Ports StatisticsThe Statistics s
3-12 WS5100 Series Switch System Reference Guide 2. Select the Statistics tab. 3. Refer to the Statistics tab to display the following read-only inf
Switch Information 3-13 3.2.3.1 Detailed Port StatisticsTo view detailed statistics for a port: 1. Select a port from the table displayed within the
3-14 WS5100 Series Switch System Reference Guide 4. The Status is the current state of the requests made from the applet. Requests are any “SET/GET”
Switch Information 3-15 The Interface Statistics screen displays for the selected port. The screen provides the option to view statistics for the fo
TOC-4 WS5100 Series Switch System Reference Guide6.6.2 Defining Static NAT Translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-16 WS5100 Series Switch System Reference Guide 3.3 Viewing Switch ConfigurationsUse the Configurations screen to review the configuration files av
Switch Information 3-17 2. To view the entire contents of a config file in detail, select a config file by selecting a row from the table and click
3-18 WS5100 Series Switch System Reference Guide 3. The Main screen displays the contents of the configuration file. Use the up and down navigation
Switch Information 3-19 3. Select the Copy this file as the system startup config checkbox to use this configuration file as the switch configuratio
3-20 WS5100 Series Switch System Reference Guide 3. Refer to the Target field to specify the details of the target file.4. Click the Transfer button
Switch Information 3-21 To view the firmware files available to the switch: 1. Select Switch > Firmware from the main menu tree.2. Refer to the f
3-22 WS5100 Series Switch System Reference Guide 2. Click the Edit button. The Firmware screen displays the current firmware version and whether thi
Switch Information 3-23 3.4.3 Updating the Switch FirmwareUse the Update screen to update the firmware version currently used by the switch. 1. Sele
3-24 WS5100 Series Switch System Reference Guide 12.Refer to the Status field for the current state of the requests made from the applet. Requests a
Switch Information 3-25 3. Refer to the Cluster Configuration field to enable and define the configuration for automatic cluster file updates. 4. Re
TOC-58.1.5 Switch Memory Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-26 WS5100 Series Switch System Reference Guide 3.6 Viewing the Switch Alarm LogUse the Alarm Log screen as an initial snapshot for alarm log infor
Switch Information 3-27 5. Select an alarm and click the Details button to display an alarm description along with the solution and possible causes.
3-28 WS5100 Series Switch System Reference Guide 3. Refer to the fields within the Details screen for the following information: 4. Click OK to use
Switch Information 3-29 2. Refer to the Install License field for the following information:3. Click the Install button to install the selected lice
3-30 WS5100 Series Switch System Reference Guide 2. Enter the filter criteria as per the options provided in the Filter Option zone. 3. The fields i
Network SetupThis chapter describes the Network Setup menu information used to configure the switch. This chapter consists of the following section
4-2 WS5100 Series Switch System Reference Guide To view the switch’s Network configuration:1. Select Network from the main menu tree. 2. Refer to th
Network Setup 4-3 4.2 Viewing Network IP InformationUse the Internet Protocol screen to view and configure network associated IP details. The Intern
4-4 WS5100 Series Switch System Reference Guide 3. The Domain Name System tab displays DNS details in a tabular format. 4. Select an IP Address from
Network Setup 4-5 1. Click the Global Settings button in the main Domain Network System screen.A Configuration screen displays allowing you to edit
TOC-6 WS5100 Series Switch System Reference Guide
4-6 WS5100 Series Switch System Reference Guide 3. The read-only IP Forwarding tab displays the current status between VLANs. To toggle the status
Network Setup 4-7 4. Select an entry and click the Delete button to remove the selected entry from the IP forwarding table.5. Click the Add button t
4-8 WS5100 Series Switch System Reference Guide 6. Click OK to use the changes to the running configuration and close the dialog.7. Click Cancel to
Network Setup 4-9 4.3 Viewing and Configuring Layer 2 Virtual LANsA virtual LAN (VLAN) is similar to a Local Area Network (LAN), however devices do
4-10 WS5100 Series Switch System Reference Guide Select a record from the table and click the Edit button to modify the record. For more information
Network Setup 4-11 4.3.1 Editing the Details of an Existing VLANTo revise the configuration of an existing VLAN:1. Select Network > Virtual LANs
4-12 WS5100 Series Switch System Reference Guide 6. Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-13 The following configuration details display in the table:3. Select a record from the table and click the Edit button to modify th
4-14 WS5100 Series Switch System Reference Guide 6. Select an interface as click the Startup button to invoke the selected interface the next time t
Network Setup 4-15 2. Select the Configuration tab and click the Edit button.The screen displays with the name of the VLAN in the upper left-hand si
About This GuideIntroductionThis guide provides information about using the WS5100 Series Switch. Documentation SetThe documentation set for the WS5
4-16 WS5100 Series Switch System Reference Guide 2. Select the Statistics tab.3. Refer to the following details as displayed within the Statistics t
Network Setup 4-17 3. Click the Details button to view packet level statistics of any user defined interface. For more information, see Viewing Virt
4-18 WS5100 Series Switch System Reference Guide 2. Click the Details button.3. The Interface Statistics screen displays with the following content:
Network Setup 4-19 4. The Status is the current state of requests made from the applet. Requests are any “SET/GET” operation from the applet. The St
4-20 WS5100 Series Switch System Reference Guide 4. Refer to the Status field for the current state of the requests made from applet. This field dis
Network Setup 4-21 updates to a WLAN’s description and their current authentication and encryption schemes. Be careful to properly map BSS WLANs and
4-22 WS5100 Series Switch System Reference Guide 3. Click the Edit button to display a screen where WLAN information, encryption and authentication
Network Setup 4-23 4. Click the Edit button.The Wireless LANs Edit screen is divided into the following user-configurable fields:• Configuration• Au
4-24 WS5100 Series Switch System Reference Guide 6. Refer to the Authentication field to select amongst the following options:7. Refer to the Encryp
Network Setup 4-25 8. Refer to the Advanced field for the following information:WPA-WPA2-TKIP Use the WPA-TKIP radio button to enable Wi-Fi Protecte
Commentaires sur ces manuels