Motorola RFS6000 - Wireless RF Switch Guide d'installation

MMotorola RFS Series Wireless LAN SwitchesWiNG System Reference Guide

TOC-6 Motorola RF Switch System Reference Guide8.2 Configuring System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-14 Motorola RF Switch System Reference Guide 5. Change VLAN port designations as required.6. Click OK to use the changes to the running configurat

Network Setup 4-15 The following configuration details display in the table:3. Select a record from the table and click the Edit button to modify t

4-16 Motorola RF Switch System Reference Guide 5. Click the Add button to add a new configuration to the switch virtual interface. For more informat

Network Setup 4-17 9. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if someth

4-18 Motorola RF Switch System Reference Guide 8. Use the Secondary IP Addresses field to define/modify additional IP addresses to associate with VL

Network Setup 4-19 3. Click the Details button to view packet level statistics of any user defined interface. For more information, see Viewing Virt

4-20 Motorola RF Switch System Reference Guide 3. The Interface Statistics screen displays with the following content: Name Displays the title of th

Network Setup 4-21 4. The Status is the current state of requests made from the applet. Requests are any “SET/GET” operation from the applet. The St

4-22 Motorola RF Switch System Reference Guide 4. Refer to the Status field for the current state of the requests made from applet. This field displ

Network Setup 4-23 updates to a WLAN’s description and their current authentication and encryption schemes. Be careful to properly map BSS WLANs and

TOC-7Appendix C TroubleshootingC.1 General Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-24 Motorola RF Switch System Reference Guide 3. Click the Edit button to display a screen where WLAN information, encryption and authentication se

Network Setup 4-25 MU Proxy ARP handlingEnables Proxy ARP handling for MUs. Proxy ARP is provided for MU’s in PSP mode whose IP address is known. Th

4-26 Motorola RF Switch System Reference Guide 4.5.1.1 Editing the WLAN ConfigurationSecurity measures for the switch and its WLANs are critical. Us

Network Setup 4-27 The Wireless LANs Edit screen is divided into the following user-configurable fields:• Configuration• Authentication• Encryption•

4-28 Motorola RF Switch System Reference Guide Independent Mode (AAP Only)Determines whether the WLAN is functioning as an independent or extended W

Network Setup 4-29 6. Refer to the Authentication field to select amongst the following options:7. Refer to the Encryption field to select amongst t

4-30 Motorola RF Switch System Reference Guide 8. Refer to the Advanced field for the following information:Accounting ModeIf using a Syslog server

Network Setup 4-31 9. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if someth

4-32 Motorola RF Switch System Reference Guide 6. Configure the Multiple VLAN Mapping for WLAN table as required to add or remove multiple VLANS for

Network Setup 4-33 4.5.1.3 Configuring Authentication TypesRefer to the following to configure the WLAN authentication options available on the swit

TOC-8 Motorola RF Switch System Reference GuideD.7.1 Unauthorized Access Point Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-34 Motorola RF Switch System Reference Guide 5. Define MU timeout and retry information for the authentication server.6. Refer to the Status field

Network Setup 4-35 6. Specify a case-sensitive Realm Name. The realm name is the name domain/realm name of the KDC Server. A realm name functions si

4-36 Motorola RF Switch System Reference Guide 2. External Web-pages3. Customized internal Web page (using the Advanced feature in hotspot configura

Network Setup 4-37 see Configuring an Advanced Hotspot on page 4-43. Configuring an Internal HotspotUsing the Internal option means the user develop

4-38 Motorola RF Switch System Reference Guide 4. Click the Login tab and enter the title, header, footer Small Logo URL, Main Logo URL and Descript

Network Setup 4-39 5. Click the Welcome tab and enter the title, header, footer Small Logo URL, Main Logo URL and Descriptive Text you would like to

4-40 Motorola RF Switch System Reference Guide 7. Refer to the Allow List field, and enter any IP address (for internal or external Web sites) that

Network Setup 4-41 4. Refer to the External Web Pages field and provide the Login, Welcome and Failed Page URLs used by the external Web server to s

4-42 Motorola RF Switch System Reference Guide 5. Refer to the Allow List field, and enter any IP address (for internal or external Web sites) that

Network Setup 4-43 Configuring an Advanced HotspotA customer may wish to use advanced Web content (XML, Flash) but might not have (or would not want

OverviewA Motorola RF Switch is a centralized management solution for wireless networking. It connects to non-legacy Access Ports through Layer 2 or

4-44 Motorola RF Switch System Reference Guide 5. Once the properties of the advanced hotspot have been defined, the file can be installed on the s

Network Setup 4-45 6. Ensure Advanced is selected from within the This WLAN’s Web Pages are of the drop-down menu.Define the advanced hotspot config

4-46 Motorola RF Switch System Reference Guide ca trust-point ESELABserver trust-point ESELABgroup "Guests"guest-group enablepolicy vlan 7

Network Setup 4-47 RFS6000#dir flash:/hotspot/wlan2/Directory of flash:/hotspot/wlan2/-rw- 6383 Wed Sep 24 12:44:09 2008 header_bg.png-rw-

4-48 Motorola RF Switch System Reference Guide Failed PageThe failed page is presented to users who fail authentication or enter incorrect login inf

Network Setup 4-49 • Middle Dash delimiter: The 12 digit MAC Address is in a format separated in the middle by a dash.7. Click OK to use the changes

4-50 Motorola RF Switch System Reference Guide The Radius Configuration screen contains tabs for defining both the Radius and NAC server settings. F

Network Setup 4-51 7. Refer to the Accounting field and define the following credentials for a primary and secondary Radius Server. 8. Select the Re

4-52 Motorola RF Switch System Reference Guide 11.Click Cancel to revert back to the last saved configuration and move back to the Network > Wire

Network Setup 4-53 3. Specify multiple access sources by using different values. The privilege values can be ORed and specified once. For example, i

1-2 Motorola RF Switch Systen Reference 1.1 Hardware OverviewThe RFS6000 and RFS7000 are rack-mountable devices that manage all inbound and outboun

4-54 Motorola RF Switch System Reference Guide 7. Refer to the Server field and define the following credentials for a primary and secondary NAC ser

Network Setup 4-55 8. Refer to the Accounting field and define the following credentials for a primary and secondary NAC Server. 9. Select the Re-au

4-56 Motorola RF Switch System Reference Guide • Configuring WEP 64• Configuring WEP 128 / KeyGuard• Configuring WPA/WPA2 using TKIP and CCMPConfigu

Network Setup 4-57 6. Use the Key #1-4 areas to specify key numbers.The key can be either a hexadecimal or ASCII. For WEP 64 (40-bit key), the keys

4-58 Motorola RF Switch System Reference Guide 5. Specify a 4 to 32 character Pass Key and click the Generate button. The pass key can be any alphan

Network Setup 4-59 Configuring WPA/WPA2 using TKIP and CCMPWi-Fi Protected Access (WPA) is a robust encryption scheme specified in the IEEE Wireless

4-60 Motorola RF Switch System Reference Guide 5. Select the Broadcast Key Rotation checkbox to enable periodically changing the broadcast key for t

Network Setup 4-61 9. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if someth

4-62 Motorola RF Switch System Reference Guide 3. Refer to the following details displayed within the table:4. To view WLAN statistics in greater de

Network Setup 4-63 3. Select a WLAN from the table displayed in the Statistics screen. and click the Details button. The Details screen displays the

Overview 1-3 1.1.1.1 Power ProtectionTo best protect the switch from unexpected power surges or other power-related problems, ensure the switch inst

4-64 Motorola RF Switch System Reference Guide 5. Refer to the Traffic field for the following information (both received and transmitted):6. Refer

Network Setup 4-65 4.5.2.2 Viewing WLAN Statistics in a Graphical FormatThe switch Web UI continuously collects WLAN statistics even when the graph

4-66 Motorola RF Switch System Reference Guide • Avg Retries• Avg SNR (dB)• # Radios 3. Select any of the above listed parameters by clicking on the

Network Setup 4-67 rate, then perhaps the switch is not adequately positioned or configured to support the MUs within that WLAN. 5. Refer to the Ret

4-68 Motorola RF Switch System Reference Guide 3. Click the Edit button to display a screen used to modify the WMM parameters. For more information,

Network Setup 4-69 With a drastic increase in bandwidth absorbing network traffic (VOIP, multimedia etc.), the importance of data prioritization is

4-70 Motorola RF Switch System Reference Guide 4.5.3.1 Editing WMM SettingsWLAN WMM configuration affects your upstream traffic parameters. Use Conf

Network Setup 4-71 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if someth

4-72 Motorola RF Switch System Reference Guide • Conduct a NAC check for MU's connecting to the WLAN as well as perform an additional exclude f

Network Setup 4-73 8. To delete any list configuration for a particular device, select the row from the List Configuration section and click on the

1-4 Motorola RF Switch Systen Reference • Licensing Support• Configuration Management• Diagnostics• Serviceability• Tracing / Logging• Process Monit

4-74 Motorola RF Switch System Reference Guide 4. Enter the Host Name for the device you wish to add.5. Enter a valid MAC Address of the device you

Network Setup 4-75 4.5.5 Configuring the NAC Exclusion ListThe switch provides a means to bypass NAC for 802.1x devices without a NAC agent. For Mot

4-76 Motorola RF Switch System Reference Guide entries maximum per list. For more information, see Configuring Devices on the Exclude List on page 4

Network Setup 4-77 4. The List Name displays the read-only name of the list for which you wish to add more devices. 5. Enter the Host Name for the

4-78 Motorola RF Switch System Reference Guide 4. Map the selected list item with as many WLANs as needed (be selecting the WLAN’s checkbox). Use th

Network Setup 4-79 2. Add a host entry to the include list. This adds a specified MAC entry/MAC range into the client’s include list.RF Switch(confi

4-80 Motorola RF Switch System Reference Guide RF Switch(config-wireless) #wlan 1 nac-server secondary 192.168.1.20RF Switch(config-wireless) #d. Co

Network Setup 4-81 4.6 Viewing Associated MU DetailsThe Mobile Units screen displays read-only device information for MUs interoperating with the sw

4-82 Motorola RF Switch System Reference Guide 3. Click the Details button to launch a screen with additional information about the selected MU. For

Network Setup 4-83 4. Refer to the following read-only MU’s transmit and receive statistics:.MAC Address Displays the Hardware or Media Access Contr

Overview 1-5 • Software – CPU load, memory usage, etc.• Environmental – CPU and air temperature, fans speed, etc.2. Out-of-service Diagnostics – Out

4-84 Motorola RF Switch System Reference Guide 5. Click the Refresh button to update the MU Statistics to their latest values.6. Refer to the Status

Network Setup 4-85 4. When using clustering and the Cluster GUI feature is enabled a drop-down menu will be available to select which cluster member

4-86 Motorola RF Switch System Reference Guide 4.6.3 Viewing MU StatisticsThe Statistics screen displays read-only statistics for each MU. Use this

Network Setup 4-87 6. Click the Details button to launch a screen with additional information about the selected MU. For more information, see Viewi

4-88 Motorola RF Switch System Reference Guide 5. Refer to the Traffic field for the following information: 6. Refer to the RF Status field for the

Network Setup 4-89 1. Select a Network > Mobile Units from the main menu tree.2. Click the Statistics tab.3. Select a MU from the table displayed

4-90 Motorola RF Switch System Reference Guide 4. Select a call index from those displayed and select the Details button for additional information.

Network Setup 4-91 • Configuring Access Point Radio Bandwidth• Configuring Radio Groups for MU Load Balancing• Viewing Active Calls (VCAC) Statistic

4-92 Motorola RF Switch System Reference Guide 4. Refer to the Properties field for the following5. Click the Edit button to launch a screen used to

Network Setup 4-93 6. Click the Delete button to remove a radio. However, before a radio can be removed, the radio’s BSS mapping must be removed.7.

1-6 Motorola RF Switch Systen Reference 1.2.1.9 RedundancyUsing the switch redundancy, up to 12 switches can be configured in a redundancy group (an

4-94 Motorola RF Switch System Reference Guide 4. Set an Adoption Preference ID value between 1 and 65535.To define a radio as preferred, the Access

Network Setup 4-95 7. Check the Use Default Values option checkbox to set the Username and Password to factory default values. The Access Port can g

4-96 Motorola RF Switch System Reference Guide 5. The Switch field displays the IP address of the cluster member associated with each Access Port ra

Network Setup 4-97 11.The following read only information is displayed:12.To add the radio to a Radio Group enter the Group ID for the radio group y

4-98 Motorola RF Switch System Reference Guide 17.In most cases, the default settings for the Advanced Properties are sufficient. If needed, additio

Network Setup 4-99 RTS ThresholdSpecify a Request To Send (RTS) threshold (in bytes) for use by the WLAN's adopted Access Ports.RTS is a transm

4-100 Motorola RF Switch System Reference Guide 18.When the Voice Call Admission Control is enabled in the Global Settings, the Admission Control Se

Network Setup 4-101 1. Click the Rate Settings button within the radio edit screen to launch a new screen with rate setting information.2. Check the

4-102 Motorola RF Switch System Reference Guide 4. Enter the device AP MAC Address (the physical MAC address of the radio). Ensure this address is

Network Setup 4-103 4. Select the AP Mesh button at the bottom of the Configuration screen.Base Bridge Select the Base Bridge checkbox to allow the

Overview 1-7 • Rate Limiting• Proxy-ARP• HotSpot / IP Redirect• IDM (Identity Driven Management)• Voice Prioritization• Self Healing• Wireless Capac

4-104 Motorola RF Switch System Reference Guide 5. Select OK to save the changes to the AP’s mesh configuration, or select Cancel to revert to the p

Network Setup 4-105 3. To select the time frame for the radio statistics, select either Last 30s or Last Hr above the statistics table.• Select the

4-106 Motorola RF Switch System Reference Guide 5. Select a radio from those displayed and click the Details button for additional radio information

Network Setup 4-107 5. Refer to the Traffic field for the following information:6. Refer to the RF Status field for the following information:7. Ref

4-108 Motorola RF Switch System Reference Guide 10.Click Cancel to close the dialog without committing updates to the running configuration.4.7.2.2

Network Setup 4-109 The WLAN Assignment tab is divided into two fields; Select Radios and Assigned WLANs.4. Refer to the Select Radios field for the

4-110 Motorola RF Switch System Reference Guide 3. Select a radio from the table and click the Edit button. The Select Radio/BSS field displays the

Network Setup 4-111 WMM information displays per radio with the following information: 3. Use the Filter Options facility (by clicking the Show Filt

4-112 Motorola RF Switch System Reference Guide 4. Select a radio and click the Edit button to modify its properties. For more information, see Edit

Network Setup 4-113 7. Enter a value between 0 and 15 for the Extended Contention Window maximum (ECW Max) value.The ECW Max is combined with the EC

© 2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a regi

1-8 Motorola RF Switch Systen Reference • Maintain local WLAN's for specific applications - WLANs created and supported locally can be concurre

4-114 Motorola RF Switch System Reference Guide 4.7.6 Configuring Radio Groups for MU Load BalancingIn order to do MU load balancing, radios must be

Network Setup 4-115 4.7.6.1 Viewing Access Point Radio GroupsRefer to the Groups tab to view the Group ID and Index associated with each radio when

4-116 Motorola RF Switch System Reference Guide 3. The following statistics are displayed:4.7.8 Viewing Mesh StatisticsTo view Mesh Statistics:1. Se

Network Setup 4-117 2. Click the Mesh Statistics tab.3. The following statistics are displayed:Mesh Index Displays the numerical identifier assigned

4-118 Motorola RF Switch System Reference Guide 4. Select a mesh index from amongst those displayed and select the Details button for additional (mo

Network Setup 4-119 4.7.9.3 Viewing Smart RF InformationTo view Smart RF information:1. Select Network > Access Port Radios from the main menu tr

4-120 Motorola RF Switch System Reference Guide 4. To view the details of individual radio Smart RF information, select a radio from the list and cl

Network Setup 4-121 6. The Neighbor Details section allows you to select detected neighbor radios and view the following information:4.7.9.4 Editing

4-122 Motorola RF Switch System Reference Guide 4. The Properties section displays the following information:5. The Radio Rescuer Settings section a

Network Setup 4-123 7. Click OK to use the changes to the running configuration and close the dialog.8. Click Cancel to close the dialog without com

Overview 1-9 address of switch). Thus, the MU does not awaken to send ARP replies (increasing MU battery life and conserving wireless bandwidth).If

4-124 Motorola RF Switch System Reference Guide 4. Click the Check All Boxes option in the Smart RF Global Settings dialogue to check every box in t

Network Setup 4-125 7. The Monitoring/Recovery Configuration section contains the following configuration items:8. The Diagnostic Configuration sect

4-126 Motorola RF Switch System Reference Guide 10.Once the settings have been configured, click the Run Calibration button to start a Smart RF cali

Network Setup 4-127 4.7.10 Voice StatisticsTo view Voice Statistics:1. Select Network > Access Port Radios from the main menu tree.2. Click the V

4-128 Motorola RF Switch System Reference Guide 4. Selecting a radio from the table will display the following details of individual calls:4.8 Viewi

Network Setup 4-129 4.8.1 Configuring AP Adoption DefaultsThe Configuration tab displays the current radio adoption configuration including radio ty

4-130 Motorola RF Switch System Reference Guide 4. To modify a radio’s adoption defaults, select a radio and click the Edit button. For more informa

Network Setup 4-131 The Properties field displays the Model family for the selected Access Port. The Model is read only and cannot be modified. The

4-132 Motorola RF Switch System Reference Guide can be a specific channel, Random, or ACS. Random assigns each radio a random channel. ACS (Automati

Network Setup 4-133 RTS Threshold Specify a Request To Send (RTS) threshold (in bytes) for use by the WLAN's adopted Access Ports.RTS is a tran

1-10 Motorola RF Switch Systen Reference 1.2.2.7 Voice PrioritizationThe switch has the capability of having its QoS policy configured to prioritize

4-134 Motorola RF Switch System Reference Guide 14.In the Max Admitted MUs for Voice Traffic field, specify the maximum number of MUs allowed to con

Network Setup 4-135 Supported Rates allow an 802.11 network to specify the data rate it supports. When a station attempts to join the network, it ch

4-136 Motorola RF Switch System Reference Guide 4.8.2 Configuring Layer 3 Access Port AdoptionThe configuration activity required for adopting Acces

Network Setup 4-137 The Assigned WLANs tab displays two fields: Select Radios/BSS and Select/Change Assigned WLANs.3. With the Select Radios/BSS fie

4-138 Motorola RF Switch System Reference Guide 6. Click Apply to save the changes made within the screen.7. Click Revert to cancel the changes made

Network Setup 4-139 4. To modify the properties of WMM Adoption Settings, select a radio and click the Edit button. For more information, see Editin

4-140 Motorola RF Switch System Reference Guide 4.9 Configuring Access Ports Use the Access Port screen to view device hardware address and software

Network Setup 4-141 4. When using clustering and the Cluster GUI feature is enabled, a pulldown menu will be availble to select which cluster member

4-142 Motorola RF Switch System Reference Guide • Use of encryption and authentication• Vendor identification of all devices• Total data transferred

Network Setup 4-143 3. Select an available index and click the Adopt button to display a screen wherein the properties of a new radio can be added f

Overview 1-11 Self Healing ActionsIf AP1 detects AP2 and AP3 as its neighbors, you can assign failure actions to AP2 and AP3 whenever AP1 fails. Ass

4-144 Motorola RF Switch System Reference Guide 3. Refer to the Configuration field to define the following information: 4. Specify the global defau

Network Setup 4-145 3. Enter a Default Pre-Shared Secret used for Secure WiSPe authentication. The shared secret must be between 8 and 64 character

4-146 Motorola RF Switch System Reference Guide 4.9.5 Configuring Adaptive AP FirmwareRefer to the AP Firmware tab to view the Access Port and Adapt

Network Setup 4-147 2. View the firmware information displayed per Adaptive AP type with the following data: 3. To add a new AP firmware image, clic

4-148 Motorola RF Switch System Reference Guide 4.9.5.2 Editing an Existing AP Firmware ImageTo modify the AP Firmware Image settings:1. Select Netw

Network Setup 4-149 on the VLAN to instance mapping), region name and revision-level. If you need to have two bridges in the same region, the two br

4-150 Motorola RF Switch System Reference Guide 4. Refer to the General Configuration field for the followingMax Hop Count Displays the maximum allo

Network Setup 4-151 4.10.2 Viewing and Configuring Bridge Instance DetailsThe Bride Instance tab displays the number of MSTP instance created and VL

4-152 Motorola RF Switch System Reference Guide The Bridge Instance tab displays the following:3. Select an ID and click the Delete button to remove

Network Setup 4-153 4. Enter a value between 1 and 15 as the Instance ID.5. Click OK to save and commit the changes. 6. The Bridge Instance tab with

1-12 Motorola RF Switch Systen Reference AP Balancing Across Multiple SwitchesAt adoption, the AP solicits and receives multiple adoption responses

4-154 Motorola RF Switch System Reference Guide The Port tab displays the following information (ensure you scroll to the right to view the numerous

Network Setup 4-155 AdminPort PortFast Bpdu GuardDisplays the whether BPDU Guard is currently enabled for this port. When set for a bridge, all port

4-156 Motorola RF Switch System Reference Guide 3. Select an Id and click the Edit button to revise the selected MSTP port configuration. 4.10.3.1 E

Network Setup 4-157 2. Click on OK button to save and commit the new configuration.3. Click Cancel to disregard the changes and revert back to the p

4-158 Motorola RF Switch System Reference Guide The Port Instance table displays the following:3. If necessary, select a CIST Index from the table a

Network Setup 4-159 4.10.4.1 Editing a Port Instance ConfigurationTo edit and reconfigure Port Instance parameters.1. Select a row from the port tab

4-160 Motorola RF Switch System Reference Guide • One router periodically broadcasts IGMP query messages onto a link• Hosts respond to the query mes

Network Setup 4-161 6. Review to the following to discern whether an existing snoop configuration requires revision. 7. Optionally, select a VLAN In

4-162 Motorola RF Switch System Reference Guide To view and potentially modify an IGMP snooping querier configuration:1. Select Network > IGMP Sn

Network Setup 4-163 4. Select Apply to save the changes to the Igmp Snoop Querier Global Config options.5. Optionally, select a VLAN Index from amon

Overview 1-13 MU Move CommandAs a value added proprietary feature between Motorola infrastructure products and Motorola MUs, a move command has been

4-164 Motorola RF Switch System Reference Guide 6. Select OK to save the edits to the configuration. Selecting Cancel reverts the configuration to i

Switch ServicesThis chapter describes the Services main menu information available for the following switch configuration activities.: • Displaying

5-2 Motorola RF Switch System Reference 5.1 Displaying the Services InterfaceRefer to the Services main menu interface to review a summary describin

Switch Services 5-3 5.2 DHCP Server SettingsThe DHCP Server Settings section contains the following activities:• Configuring the Switch DHCP Server•

5-4 Motorola RF Switch System Reference 5.2.1 Configuring the Switch DHCP ServerThe switch contains an internal Dynamic Host Configuration Protocol

Switch Services 5-5 5. Refer to the following as displayed within Network Pool field. 6. Click the Edit button to modify the properties displayed on

5-6 Motorola RF Switch System Reference •A p-peer (peer-to-peer node) uses directed calls to communicate with a known NetBIOS name server, such as a

Switch Services 5-7 3. Enter the name of the IP pool from which IP addresses can be issued to client requests on this interface.4. Provide the Domai

5-8 Motorola RF Switch System Reference 7. From the Network field, use the Associated Interface drop-down menu to define the switch interface is use

Switch Services 5-9 3. Click the Insert button to display an editable field wherein the name and value of the DHCP option can be added.4. Name the o

1-14 Motorola RF Switch Systen Reference disconnect. With QoS, a VoIP conversation (a real-time session), receives priority, maintaining a high leve

5-10 Motorola RF Switch System Reference 3. Enter a Domain Name which represents the forward zone in the DNS server. For example test.net. 4. Define

Switch Services 5-11 3. Refer to the following information to assess whether the existing group of DHCP pools is sufficient:4. Click the Edit button

5-12 Motorola RF Switch System Reference 5.2.3 Configuring Excluded IP Address InformationThe DHCP Server may have some IP addresses unavailable whe

Switch Services 5-13 5.2.4 Configuring the DHCP Server RelayRefer to the Relay tab to view the current DHCP Relay configurations for available switc

5-14 Motorola RF Switch System Reference 3. Refer to the Interfaces field for the names of the interfaces available to route information between the

Switch Services 5-15 a. Use the Interface drop-down menu to assign the interface used for the DHCP relay. As VLANs are added to the switch, the numb

5-16 Motorola RF Switch System Reference 3. Refer to the contents of the DDNS Bindings tab for the following information:4. Click the Export button

Switch Services 5-17 3. Refer to the contents of the Bindings tab for the following information:4. Click the Export button to display a screen used

5-18 Motorola RF Switch System Reference 3. Refer to the contents of the Dynamic Bindings tab for the following: 4. Select an address from those dis

Switch Services 5-19 5.2.8 Configuring the DHCP User ClassThe DHCP server assigns IP addresses to clients based on user class option names. Clients

Overview 1-15 with UPSD enabled. After the AP acknowledges the trigger frame, it transmits the frames in its UPSD power save buffer addressed to the

5-20 Motorola RF Switch System Reference 3. Click the Add button from the User Class Name field. The DHCP server groups clients based on user class

Switch Services 5-21 c. Select the Multiple User Class Option checkbox to enable multiple option values for the user class. This allows the user cla

5-22 Motorola RF Switch System Reference 6. Click the Add button create a new pool class name. For more information, see Adding a New DHCP Pool Clas

Switch Services 5-23 4. Use the Pool Name field to define a new pool name. Enter the pool name created using Adding a New DHCP Pool on page 5-6.5. U

5-24 Motorola RF Switch System Reference 5.3 Configuring Secure NTPSecure Network Time Protocol (SNTP) is central for networks that rely on their sw

Switch Services 5-25 3. An ACL Id must be created before it is selectable from any of the drop-down menus. Refer to the Access Group field to define

5-26 Motorola RF Switch System Reference 5. Click Apply to save changes to the screen. Navigating away from the screen without clicking the Apply bu

Switch Services 5-27 4. Select an existing key and click the Delete button to permanently remove it from the list of Key IDs.5. Click the Add button

5-28 Motorola RF Switch System Reference Refer to the NTP Neighbor tab to assess the switch’s existing configurations (both peer and server) and, if

Switch Services 5-29 5. Select an existing entry and click the Delete button to remove it from the table. 6. Click the Add button to define a new pe

1-16 Motorola RF Switch Systen Reference switches. This ensures a VLAN MU association is maintained even while the MU roams amongst cluster members.

5-30 Motorola RF Switch System Reference on the same subnet. NTP broadcasts reduce configuration complexity since both the switch and its NTP resour

Switch Services 5-31 5.3.5 Viewing NTP AssociationsThe interaction between the switch and a SNTP server constitutes an association. SNTP association

5-32 Motorola RF Switch System Reference Delay (sec) Displays the round-trip delay (in seconds) for SNTP broadcasts between the SNTP server and the

Switch Services 5-33 5.3.6 Viewing NTP StatusRefer to the NTP Status tab to display performance (status) information relative to the switch’s curren

5-34 Motorola RF Switch System Reference 5.4 Configuring Switch Redundancy and ClusteringConfiguration and network monitoring are two tasks a networ

Switch Services 5-35 on the other switches at the same time. This is done by the cluster-protocol running on WS1, by duplicating the commands and se

5-36 Motorola RF Switch System Reference 5.4.1 Configuring Redundancy SettingsTo configure switch redundancy:1. Select Services > Redundancy from

Switch Services 5-37 Heartbeat PeriodThe Heartbeat Period is the interval heartbeat messages are sent. Heartbeat messages discover the existence and

5-38 Motorola RF Switch System Reference 3. To enable Dynamic AP Load Balancing, check the Enable Dynamic AP Load Balancing option and define the pa

Switch Services 5-39 5.4.2 Reviewing Redundancy StatusThe switch is capable of displaying the status of the collective membership of the cluster. Us

Overview 1-17 Multiple IP addresses for a single VLAN allow the configuration of multiple IP addresses, each belonging to different subnet. Class co

5-40 Motorola RF Switch System Reference AAP Licenses Displays the number of Adaptive APs that can be adopted in the redundancy group. This value is

Switch Services 5-41 4. The Apply and Revert buttons are unavailable for use with the Status screen, as there are no editable parameters to save or

5-42 Motorola RF Switch System Reference 5.4.3 Configuring Redundancy Group MembershipThe redundancy group should be disabled to conduct an Add/Dele

Switch Services 5-43 4. Select a row, and click the Details button to display additional details for this member. For more information, see Displayi

5-44 Motorola RF Switch System Reference 4. Refer to the following redundancy member information: IP Address Displays the IP addresses of the membe

Switch Services 5-45 5. Refer to the Status field.The Status is the current state of the requests made from the applet. Requests are any “SET/GET” o

5-46 Motorola RF Switch System Reference 7. Click Cancel to close the dialog without committing updates to the running configuration.5.4.4 Redundanc

Switch Services 5-47 2. Configure redundancy settings using the Command Line Interface or the using the Web UI as described in Configuring Redundanc

5-48 Motorola RF Switch System Reference 5.5 Layer 3 MobilityRefer to the following sections to configure Layer 3 Mobility:• Configuring Layer 3 Mob

Switch Services 5-49 • A full mesh of GRE tunnels can be established between mobility peers. Each tunnel is between a pair of switches and can handl

About This GuideIntroductionThis guide provides information about using the following Motorola switches and version numbers:• RFS6000 4.0• RFS7000 4

1-18 Motorola RF Switch Systen Reference • Heat map support for RF deployment• Secure guest access with specific permission intervals• Switch discov

5-50 Motorola RF Switch System Reference 5. Refer to the table of WLANs and select the checkboxes of those WLANs you wish to enable Layer 3 mobility

Switch Services 5-51 4. Select an IP address from those displayed and click the Delete button to remove the address from the list available for MU L

5-52 Motorola RF Switch System Reference 3. Refer to the following information within the Peer Statistics tab:Peer IP Displays the IP addresses of t

Switch Services 5-53 4. Click the Clear Statistics button to remove the data displayed for the selected peer IP address.5.5.4 Reviewing Layer 3 MU S

5-54 Motorola RF Switch System Reference one goes down. The neighbor radios do not have to be of the same type. Therefore, an 11bg radio can be the

Switch Services 5-55 5.6.1 Configuring Self Healing Neighbor Details The Neighbor Details page displays all the radios configured on the switch and

5-56 Motorola RF Switch System Reference 4. Highlight an existing neighbor and click the Edit button to launch a screen designed to modify the self

Switch Services 5-57 6. Select a radio and click <- Remove to move the radio from the Neighbor Radios list to the Available Radios list. 7. Refer

5-58 Motorola RF Switch System Reference 2. Refer to the following information within the Discovery Profiles tab to discern whether an existing prof

Switch Services 5-59 credentials must be verified before the switch displays discovered devices within the Recently Found Devices table.If SNMP v2 i

Overview 1-19 WPAWPA is designed for use with an 802.1X authentication server, which distributes different keys to each user. However, it can also b

5-60 Motorola RF Switch System Reference 3. Define the following parameters for the new switch discovery profile: 4. Refer to the Status field for a

Switch Services 5-61 3. Refer to the following within the Recently Found Devices screen to discern whether a located device should be deleted from t

5-62 Motorola RF Switch System Reference 4. If a discovered switch is of no interest, select it from amongst the discovered devices displayed and cl

Switch Services 5-63 5.8 Locationing5.8.1 RTLS OverviewThe Motorola Real Time Locationing System (RTLS) is a wireless radio frequency solution that

5-64 Motorola RF Switch System Reference SOLE is capable of receiving input of location from external 3rd party location engines such as Aeroscout,

Switch Services 5-65 5. Define the Dimensions used to define the site size:6. The AP Information section displays the following information about AP

5-66 Motorola RF Switch System Reference 2. Select the Site tab.3. Click the Add button 4. Provide the AP’s MAC address and X, Y, and Z coordinates.

Switch Services 5-67 5. Click the Apply button to save the MU Locate Interval value.6. Click the Revert button to cancel any changes made within MU

5-68 Motorola RF Switch System Reference 2. Select the Aeroscout tab.3. Check the Enable checkbox to globally enable Aeroscout RTLS support on the s

Switch Services 5-69 If the onboard SOLE engine is enabled to locate Aeroscout tags the following information will be displayed for each located MU:

1-20 Motorola RF Switch Systen Reference uses the MAC address of the MU as both the username and password (this configuration is also expected on th

5-70 Motorola RF Switch System Reference 4. Enter the Multicast MAC Address used for all Ekahau tags to send updates via multicast to the MAC addres

Switch SecurityThis chapter describes the security mechanisms available to the switch. This chapter describes the following security configuration

6-2 Motorola RF Switch System Reference Guide 2. Refer to the following information to discern if configuration changes are warranted: The Apply and

Switch Security 6-3 • Enabling and Configuring AP Detection• Approved APs• Unapproved APs (AP Reported)• Unapproved APs (MU Reported)• AP Containmen

6-4 Motorola RF Switch System Reference Guide 4. Refer to the MU Assisted Scan field to enable associated MUs to assist in the detection of Access P

Switch Security 6-5 10.Click the Add button to display a screen used to enter device information for a new AP added to the Allowed AP list. For more

6-6 Motorola RF Switch System Reference Guide 7. Refer to the Status field for the current state of the requests made from applet. This field displa

Switch Security 6-7 5. Click on the Export button to export the contents of the table to a Comma Separated Values file (CSV).6.2.3 Unapproved APs (A

6-8 Motorola RF Switch System Reference Guide 4. The Number of Unapproved APs is simply the sum of all of Unapproved Radio MAC Addresses detected. 5

Switch Security 6-9 4. The Number of Unapproved APs is simply the sum of all of Unapproved Radio MAC Addresses detected. 5. Click the Export button

Overview 1-21 Change Username/Password after AP AdoptionOnce the AP300 is adopted using 802.1x authentication (say default username/password) OR usi

6-10 Motorola RF Switch System Reference Guide 7. To remove an AP from the rogue AP table, select that AP and click the Delete button.6.3 MU Intrusi

Switch Security 6-11 4. Refer to the Violation Parameters field to define threshold values that trigger an alarm: 5. When using the Frames with know

6-12 Motorola RF Switch System Reference Guide 6.3.2 Viewing Filtered MUsPeriodically check the Filtered MUs tab to review MUs filtered by the switc

Switch Security 6-13 3. Select a detected MU and click the Delete button to remove it from the list of MUs you are tracking as potential threats wit

6-14 Motorola RF Switch System Reference Guide applied ACLs to verify the packet has the required permissions to be forwarded, based on the criteria

Switch Security 6-15 6.4.1.1 Router ACLsRouter ACLs are applied to Layer 3 or VLAN interfaces. If an ACL is already applied in a particular directio

6-16 Motorola RF Switch System Reference Guide • Extended IP ACL— Uses a source IP address, destination IP address and IP protocol type as basic mat

Switch Security 6-17 In general, a Wireless-LAN ACL can be used to filter wireless to wireless, wireless to wired and wired to wireless traffic. Typ

6-18 Motorola RF Switch System Reference Guide 6.4.2 Configuring the FirewallConfigure the Firewall to create either standard/extended ip or extende

Switch Security 6-19 6.4.2.1 Adding a New ACLWhen a packet is received by the switch, the switch compares the packet against the ACL to verify the p

1-22 Motorola RF Switch Systen Reference RF scan by Access Port on one channelThis process requires an Access Port to assist in Rogue AP detection.

6-20 Motorola RF Switch System Reference Guide 4. Click the Add button within the Associated Rules field. 5. Use the Precedence field to enter a pre

Switch Security 6-21 6.4.2.3 Editing an Existing RuleAs network and access permission requirements change, existing ACL rules need to be modified to

6-22 Motorola RF Switch System Reference Guide 10.From the Filters field, enter the Source Address where the packets are sourced.11.Select a Source

Switch Security 6-23 4. Refer to the following information as displayed within the Attach-WLAN tab: 5. Select a WLAN (by row) and click Edit to mod

6-24 Motorola RF Switch System Reference Guide 6.4.4 Attaching an ACL Layer 2/Layer 3 ConfigurationUse the Attach-L2/L3 screen to view and assign th

Switch Security 6-25 2. Click the Security Policy tab.3. Click the Attach-L2/L3 tab.4. Click the Add button.5. Use the Interface drop-down menu to s

6-26 Motorola RF Switch System Reference Guide 3. Click the Attach Role tab.4. Refer to the following information as displayed within the Attach Rol

Switch Security 6-27 4. Click the Add button.5. Select a Role Name from the drop-down menu. Role Names can be added in the Configuration > Role t

6-28 Motorola RF Switch System Reference Guide 3. Click the Role tab.4. Role configuration screen displays the following information:5. To create a

Switch Security 6-29 1. Select Security > Wireless Firewall from the main tree menu.2. Click the Configuration tab.3. Click the Role tab.4. Click

Overview 1-23 allowed. If the action is to mark, the packet is tagged for priority. The switch supports the following types of ACLs:• IP Standard AC

6-30 Motorola RF Switch System Reference Guide 6. Refer to the Status field for the state of the requests made from applet. This field displays erro

Switch Security 6-31 be selected from those available and edited or deleted. Additionally, a new filter can be added if an existing filter does not

6-32 Motorola RF Switch System Reference Guide 7. Click the Add button to create a new filter. For more information, see Adding a new Wireless Filte

Switch Security 6-33 9. To associate a zone with the ACL select a Zone ID from the drop-down menu. Zone numbers range from 1 to 48. Creating zones a

6-34 Motorola RF Switch System Reference Guide 7. Enter the a hex value for the Ending MAC address. Enter the same Starting MAC address within the E

Switch Security 6-35 6. Select the box to the right of each WLAN you want associated with the ACL. Selecting a WLAN maps it the MAC address range an

6-36 Motorola RF Switch System Reference Guide 4. The L2 tab contains the following information:Interface Name Displays the interface associated wit

Switch Security 6-37 6.4.11.1 Port Level ConfigurationTo configure new Layer 2 firewall rules:1. Select Security > Wireless Firewall from the mai

6-38 Motorola RF Switch System Reference Guide 6. Refer to the Status field for the state of the requests made from applet. This field displays erro

Switch Security 6-39 WLAN Index Displays the WLAN index number. This number is configured on the wireless LAN configuration page.Broadcast Storm Thr

1-24 Motorola RF Switch Systen Reference 1.2.5.11 NATNetwork Address Translation (NAT) is supported for packets routed by the switch. The following

6-40 Motorola RF Switch System Reference Guide 5. If the properties of an existing WLAN firewall setting fulfill to your needs but still require mod

Switch Security 6-41 5. To create a new WLAN Firewall rule configure the following information:6. Refer to the Status field for the state of the req

6-42 Motorola RF Switch System Reference Guide 2. Click the Configuration tab.3. Click the DoS Attack tab.4. The DoS Attack tab contains the followi

Switch Security 6-43 5. To enable a Denial of Service Attack filter, select a disabled rule from the table and click the Enable button.The Check Ena

6-44 Motorola RF Switch System Reference Guide 4. Select the Syslog logging levels for each of the following log types:ARP Log The ARP Log field dis

Switch Security 6-45 5. When all logging options have been modified, click the Apply button to commit those changes to the switch.6. To undo any cha

6-46 Motorola RF Switch System Reference Guide 5. Select an interface and click the Details button to display a more robust set of statistics for th

Switch Security 6-47 6.4.15.3 Viewing Role Based Firewall StatisticsThe Role Based Firewall statistics information displays a list of mobile units a

6-48 Motorola RF Switch System Reference Guide 6.5 Configuring NAT InformationNetwork Address Translation NAT provides the translation of an Interne

Switch Security 6-49 3. Refer to the following information as displayed within the Dynamic Translation tab. 4. Select an existing NAT configuration

Switch Web UI Access and Image UpgradesThe content of this chapter is segregated amongst the following: • Accessing the Switch Web UI• Switch Passw

6-50 Motorola RF Switch System Reference Guide 6. Click the Add button to display a screen to create a new NAT configuration and add it to the list

Switch Security 6-51 9. Click OK to use the changes to the running configuration and close the dialog.10.Click Cancel to close the dialog without co

6-52 Motorola RF Switch System Reference Guide 3. Refer to the following information as displayed within the Static Translation tab. 4. Select an ex

Switch Security 6-53 3. Click the Add button.4. Define the NAT Type from the drop-down menu. Options include:• Inside - The set of networks subject

6-54 Motorola RF Switch System Reference Guide 13.Click Cancel to close the dialog without committing updates to the running configuration. 6.5.3 Co

Switch Security 6-55 6. If modifying an existing interface is not a valid option, consider configuring a new interface. To define a new NAT interfac

6-56 Motorola RF Switch System Reference Guide 2. Click on the Status tab. 3. Refer to the following to assess the validity and total NAT translatio

Switch Security 6-57 6.6 Configuring IKE SettingsIKE (also known as ISAKMP) is the negotiation protocol enabling two hosts to agree on how to build

6-58 Motorola RF Switch System Reference Guide During IKE negotiations, peers must identify themselves to one another. Thus, the configuration you d

Switch Security 6-59 9. If the properties of an existing peer IP address, key and aggressive mode designation are no longer relevant and cannot be e

2-2 Motorola RF Switch System Reference To display the switch Web UI:1. Point the browser to the IP address assigned to the wired Ethernet port (por

6-60 Motorola RF Switch System Reference Guide A IKE policy matches when they have the same encryption, hash, authentication and Diffie-Hellman sett

Switch Security 6-61 4. Highlight an existing policy and click the Edit button to revise the policy’s existing encryption scheme, hash value, authen

6-62 Motorola RF Switch System Reference Guide 6. If the properties of an existing policy are no longer relevant and cannot be edited to be useful,

Switch Security 6-63 b. Refer to the Status field for the state of the requests made from applet. This field displays error messages if something go

6-64 Motorola RF Switch System Reference Guide 4. Select an index and click the Details button to display a more robust set of statistics for the se

Switch Security 6-65 With manually established security associations, there is no negotiation with the peer. Both sides must specify the same transf

6-66 Motorola RF Switch System Reference Guide 2. Click the Configuration tab.3. Refer to the Configuration field to define the following:4. Refer t

Switch Security 6-67 5. Select an IPSec VPN transform set (by its index) and click the Edit button to modify its properties. For more information, s

6-68 Motorola RF Switch System Reference Guide 4. Revise the following information as required to render the existing transform set useful. 5. Refer

Switch Security 6-69 4. Define the following information as required for the new transform set. 5. Refer to the Status field for the current state o

Switch Web UI Access and Image Upgrades 2.2 Switch Password RecoveryThe switch has a means of restoring its password to its default value. Doing so al

6-70 Motorola RF Switch System Reference Guide 6.7.2 Defining the IPSec VPN Remote ConfigurationUse the IPSec VPN Remote tab to configure the DNS an

Switch Security 6-71 5. Click the Edit button (within the IP Range tab) to modify the range of existing IP addresses displayed.6. Select an IP addre

6-72 Motorola RF Switch System Reference Guide 2. Select the Authentication tab.3. Define whether IPSec VPN user authentication is conducted using a

Switch Security 6-73 8. If you require a new Radius Server be configured, click the Add button. Set this server’s designation as a primary or second

6-74 Motorola RF Switch System Reference Guide 2. Click the Crypto Maps tab and select Crypto Map Entries.3. Review the following Crypto Map attribu

Switch Security 6-75 6. Click the Add button to define the attributes of a new Crypto Map. a. Assign a Seq # (sequence number) to distinguish one Cr

6-76 Motorola RF Switch System Reference Guide l. Refer to the Peers (add choices) field and use the Add and Delete functions as necessary to add or

Switch Security 6-77 a. Define the Seq # /Name for the new peer. b. Enter the name of the IKE Peer used with the Crypto Map to build an IPSec securi

6-78 Motorola RF Switch System Reference Guide 4. If a Crypto Map with a manual security association requires revision, select it from amongst those

Switch Security 6-79 f. Define the In AH SPI and Auth Keys or In Esp and Cipher Keys depending on which option has been selected.g. Use the Transfor

viii Motorola RF Switch System Reference Notational ConventionsThe following additional notational conventions are used in this document:• Italics

2-4 Motorola RF Switch System Reference 2.3 Upgrading the Switch ImageThe switch ships with a factory installed firmware image with the full feature

6-80 Motorola RF Switch System Reference Guide a. Select the Seq #/Name. b. Enter the name of the Transform set used with the Crypto Map.7. Click OK

Switch Security 6-81 3. Refer to the following read-only information displayed within the Interfaces tab.4. Click the Assign Interface button to ass

6-82 Motorola RF Switch System Reference Guide 3. Refer to the following security association data:4. Use the page navigation facility (found on top

Switch Security 6-83 6.8 Configuring the Radius ServerRemote Authentication Dial-In User Service (Radius) is a client/server protocol and software e

6-84 Motorola RF Switch System Reference Guide Apart from EAP authentication, the switch allows the enforcement of user-based policies. User-based p

Switch Security 6-85 6.8.1.3 Access PolicyAccess policies are defined for a group created in the local database. Each user is authorized based on th

6-86 Motorola RF Switch System Reference Guide 6.8.3 Defining the Radius ConfigurationTo configure Radius support on the switch:1. Select Security &

Switch Security 6-87 6.8.3.1 Radius Client ConfigurationA Radius client implements a client/server mechanism enabling the switch to communicate with

6-88 Motorola RF Switch System Reference Guide To configure Radius proxy server support:1. Select Security > Radius Server from the main menu.2.

Switch Security 6-89 To define the Radius authentication and accounting configuration:1. Select Security > Radius Server from the main menu.2. Se

Switch Web UI Access and Image Upgrades • image file URL • expected image version To set default to no, and the URLs and the version default to "

6-90 Motorola RF Switch System Reference Guide 4. Refer to the LDAP Server Details field to define the primary and secondary Radius LDAP server conf

Switch Security 6-91 6.8.5 Configuring Radius UsersRefer to the Users tab to view the current set of users and groups assigned for the Radius server

6-92 Motorola RF Switch System Reference Guide Modify the existing user’s guest designation, password, expiry date and group assignments as required

Switch Security 6-93 a. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if some

6-94 Motorola RF Switch System Reference Guide 3. Refer to the user groups listed to review the following read-only attributes for each group: 4. Re

Switch Security 6-95 5. Refer to the Time of access in days field to assess the intervals (which days) the group has been assigned access to the swi

6-96 Motorola RF Switch System Reference Guide 8. To create a new group, click the Add button and provide the following information. 9. Refer to the

Switch Security 6-97 6.8.7 Viewing Radius Accounting LogsAccounting logs contain information about the use of remote access services by users. This

6-98 Motorola RF Switch System Reference Guide • upload an external certificate• delete a server certificate and/or root certificate of a trustpoint

Switch Security 6-99 The Server Certificate and CA Root Certificate tabs display read-only credentials for the certificates in use by the switch. A

2-6 Motorola RF Switch System Reference 2.5 AP-4131 Access Point to Access Port ConversionTo convert an AP-4131 fat Access Point to a thin AP-4131 A

6-100 Motorola RF Switch System Reference Guide 2. Click the Certificate Wizard button on the bottom of the screen.3. Use this wizard for:• Creatin

Switch Security 6-101 .The second page of the wizard contains three editable fields, Select Certificate Operation, Select a Trustpoint, and Specify

6-102 Motorola RF Switch System Reference Guide Select a trustpoint for the new certificate.• Use existing trustpoint - Select an existing trustpoin

Switch Security 6-103 3. Select the Configure the trustpoint checkbox to enable the new self signed certificate configured as a trustpoint. 4. Selec

6-104 Motorola RF Switch System Reference Guide 7. Select the Enroll the trustpoint checkbox to enroll the certificate request with the CA. 8. Click

Switch Security 6-105 10.Check the Save the certificate request option to save the certificate request to an external server.and provide the server

6-106 Motorola RF Switch System Reference Guide 2. Select and use the Delete trustpoint and all certificates inside it drop-down menu to define the

Switch Security 6-107 The Keys tab displays the following:3. Highlight a Key from the table and click the Delete button to delete it from the switch

6-108 Motorola RF Switch System Reference Guide 4. Enter a Key Label in the space provided to specify a name for the new key pair.5. Define the Key

Switch Security 6-109 The drop-down menu contains the log files listed within the Server Certificate screen.6. Use the To drop-down menu to define w

Switch Web UI Access and Image Upgrades 5. Reset the AP if you changed the AP's IP address, buy displaying the System Summary and selecting the R

6-110 Motorola RF Switch System Reference Guide When enabling an Enhanced Beacon, the switch allows adopted Access Ports to periodically scan for ro

Switch Security 6-111 5. Use the Scan Time value to enter the duration of the scan. The radio scans each channel for the defined interval. The defau

6-112 Motorola RF Switch System Reference Guide 9. Click Apply to save changes to the screen. Navigating away from the screen without clicking the A

Switch Security 6-113 9. 802.11a AP300 Radios: Click the Enable all button to allow an AP’s 802.11a radio to receive MU probe requests and forward t

6-114 Motorola RF Switch System Reference Guide 4. Select the Clear Report button to clear the statistic counters and begin a new data calculation.6

Switch ManagementThis chapter describes the Management Access main menu items used to configure the switch. This chapter consists of the following s

7-2 Motorola RF Switch System Reference Guide 2. Refer to the Current Status field to review the following read-only information: 7.2 Configuring A

Switch Management 7-3 2. Refer to the Management Settings field to enable or disable the following switch interfaces:Secure Management (on Manageme

7-4 Motorola RF Switch System Reference Guide 3. Click the Apply button to save changes made to the screen since the last saved configuration.4. Cli

Switch Management 7-5 7.3.1 Configuring SNMP v1/v2 AccessSNMP version 2 (SNMPv2) is an evolution of SNMPv1. The Get, GetNext, and Set operations use

2-8 Motorola RF Switch System Reference

7-6 Motorola RF Switch System Reference Guide 3. Highlight an existing entry and click the Edit button to modify the properties of an existing SNMP

Switch Management 7-7 1. Select Management Access > SNMP Access from the main menu tree.2. Select the V3 tab from within the SNMP Access screen.

7-8 Motorola RF Switch System Reference Guide 7.3.2.1 Editing a SNMP v3 Authentication and Privacy PasswordThe Edit screen enables the user to modif

Switch Management 7-9 3. Define the following vales as required to define how SNMP Access messages are received:7.3.4 Accessing SNMP v2/v3 Statisti

7-10 Motorola RF Switch System Reference Guide 3. Refer to the following read-only statistics displayed within the SNMP Access Statistics screen:7.4

Switch Management 7-11 • Enabling Trap Configuration• Configuring Trap Thresholds7.4.1 Enabling Trap ConfigurationIf unsure whether to enable a spec

7-12 Motorola RF Switch System Reference Guide 4. Select an individual trap, by expanding the node in the tree view, to view a high-level descriptio

Switch Management 7-13 7. Highlight a specific trap and click the Disable button to disable the item as an active SNMP trap. The items previously en

7-14 Motorola RF Switch System Reference Guide 3. Check the Enable SMTP box to enable the outgoing mail server on the switch. In order to use E-mail

Switch Management 7-15 3. Refer to the following information for thresholds descriptions, conditions, editable threshold values and units of measur

Switch InformationThis chapter describes the Switch main menu information used to configure the switch. This chapter consists of the following sect

7-16 Motorola RF Switch System Reference Guide 4. Select a threshold and click the Edit button to display a screen wherein threshold settings for th

Switch Management 7-17 7.4.2.1 Wireless Trap Threshold ValuesThe table below lists the Wireless Trap threshold values for the switch:# Threshold Nam

7-18 Motorola RF Switch System Reference Guide 7.5 Configuring SNMP Trap ReceiversRefer to the Trap Receivers screen to review the attributes of exi

Switch Management 7-19 5. Click the Add button to display a sub-screen used to assign a new Trap Receiver IP Address, Port Number and v2c or v3 desi

7-20 Motorola RF Switch System Reference Guide 3. Create a new (non DNS name) destination IP Address for the new trap receiver to be used for recei

Switch Management 7-21 The Local User window consists of 2 fields:• Users – Displays the users currently authorized to use the switch. By default,

7-22 Motorola RF Switch System Reference Guide 3. Enter the login name for the user in the Username field. Ensure this name is practical and identif

Switch Management 7-23 6. Select the access modes to assign to the new user from the options provided in the Access Modes panel. Select one or more

7-24 Motorola RF Switch System Reference Guide 6. Select the access modes you want to assign to the user from the options provided in the Access Mod

Switch Management 7-25 7.6.1.3 Creating a Guest Admin and Guest UserOptionally, create a guest administrator for creating guest users with specific

3-2 Motorola RF Switch System Reference 3.1.1 Setting the Switch Country CodeWhen initially logging into the system, the switch requests that you en

7-26 Motorola RF Switch System Reference Guide 7. Optionally, click the Generate button to automatically create a username and password for each gue

Switch Management 7-27 5. Click the Revert button to rollback to the previous authentication configuration.6. Refer to the bottom half of the Authen

7-28 Motorola RF Switch System Reference Guide 4. Modify the following Radius Server attributes as necessary: 5. Refer to the Status field for the

Switch Management 7-29 1. Select Management Access > Users from the main menu tree.The Users screen displays.2. Select the Authentication tab. 3.

7-30 Motorola RF Switch System Reference Guide Vendor IDRadius VSAsThere are two radius VSAs used for management user authentication.Vendor ID The M

DiagnosticsThis chapter describes the various diagnostic features available for monitoring switch performance. This chapter consists of the followin

8-2 Motorola RF Switch System Reference Guide 8.1.1 Switch EnvironmentUse the Environment tab to view and modify the switch diagnostic interval, tem

Diagnostics 8-3 5. Use the Temperature Sensors field to monitor the CPU and system temperatures. This information is extremely useful in assessing i

8-4 Motorola RF Switch System Reference Guide 6. Click the Apply button to commit and apply the changes. 7. Click the Revert button to revert back t

Diagnostics 8-5 8.1.4 Switch Disk AllocationThe Disk tab contains parameters related to the various disk partitions on the switch. It also displays

Switch Information 3-3 4. Click the Restart button to reboot the switch. The switch itself does not include a hardware reset feature. 5. Click the

8-6 Motorola RF Switch System Reference Guide 3. The Processes tab has two fields:• General• Processes by highest memory consumption4. Refer to the

Diagnostics 8-7 Keep the Cache allocation in line with cache expectations required within the switch managed network.3. Define the maximum limit for

8-8 Motorola RF Switch System Reference Guide 3. Select the Enable Logging Module checkbox to enable the switch to log system events to a user defin

Diagnostics 8-9 8. Click Apply to save the changes made to the screen. This will overwrite the previous configuration.9. Click the Revert button to

8-10 Motorola RF Switch System Reference Guide 5. Highlight a file from the list of log files available within the File Mgt tab and click the View b

Diagnostics 8-11 4. Refer to the following for information on the elements that can be viewed within a log file:Timestamp Displays the date, year an

8-12 Motorola RF Switch System Reference Guide 5. Refer to the Status field for the current state of the requests made from applet. This field displ

Diagnostics 8-13 9. If Server has been selected as the source, enter the IP Address of the destination server or system receiving the log file. Ensu

8-14 Motorola RF Switch System Reference Guide 2. Refer to the following table headings within the Core Snapshots screen:3. Select a target file and

Diagnostics 8-15 14.If a problem condition is discovered during the file transfer, click the Abort button to terminate the transfer.15.Click the C

3-4 Motorola RF Switch System Reference Enter the new password within the Password and Confirm Password fields and click OK.8. Click the Revert butt

8-16 Motorola RF Switch System Reference Guide 4. Select a target panic file and click the Delete button to remove the file. 5. Select a target pani

Diagnostics 8-17 9. If Server has been selected as the source, enter the User ID credentials required to send the file to the target location. The U

8-18 Motorola RF Switch System Reference Guide • What kinds of message should be seen.3. Select the Send log message to a file checkbox if you wish

Diagnostics 8-19 2. Refer to the following information displayed within the Configuration tab:3. To edit the properties of an existing ping test, s

8-20 Motorola RF Switch System Reference Guide 1. Select Diagnostics > Ping from the main menu.2. Highlight an existing ping test within the Conf

Diagnostics 8-21 1. Select Diagnostics > Ping from the main menu.2. Click the Add button at the bottom of the Configuration tab. 3. Enter the fol

8-22 Motorola RF Switch System Reference Guide 8.6.3 Viewing Ping StatisticsRefer to the Statistics tab for an overview of the overall success of th

Diagnostics 8-23 Average RTT Displays the average round trip time for ping packets transmitted between the switch and its destination IP address. Us

8-24 Motorola RF Switch System Reference Guide

Appendix ACustomer SupportMotorola’s Enterprise Mobility Support CenterIf you have a problem with your equipment, contact Enterprise Mobility suppor

Switch Information 3-5 3.1.3.1 RFS6000 Switch DashboardThe Dashboard screen displays the current health of the switch and is divided into fields rep

A-2 Motorola RF Switch System Reference Guide

Appendix B Adaptive APB.1 Adaptive AP OverviewAn adaptive AP (AAP) is an Access Point that can adopt like an AP300 (Layer 3). The management of an A

B-2 Motorola RF Switch System Reference Guide • Licensing• Switch Discovery• Securing a Configuration Channel Between Switch and AP• Adaptive AP WLA

B-3 A dependent mode AP cannot be converted into a standalone AP-5131 through a firmware change. Refer to the AP-5131 Hardware/ Software Compatibil

B-4 Motorola RF Switch System Reference Guide B.1.5.2 Manual Adoption ConfigurationA manual switch adoption of an AAP can be conducted using:• Stat

B-5 • Independent WLANs - Independent WLANs are local to an AAP and can be configured from the switch. You must specify a WLAN as independent to st

B-6 Motorola RF Switch System Reference Guide B.1.12 Adaptive Mesh SupportAn AAP can extend an AP51x1's existing mesh functionality to a switc

B-7 Client Bridge Back Haul WLAN Configuration:RFS7000(config-wireless)#wlan 1 enableRFS7000(config-wireless)#wlan 1 ssid meshWlanRFS7000(config-wi

B-8 Motorola RF Switch System Reference Guide B.2 Supported Adaptive AP TopologiesThe following AAP topologies are supported:• Extended WLANs Only•

B-9 B.2.2 Extended WLANs OnlyAn extended WLAN configuration forces all MU traffic through the switch. No wireless traffic is locally bridged by th

ContentsChapter 1.Overview1.1 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-6 Motorola RF Switch System Reference Apart from the sections mentioned above, it also displays the following status:1. Refer to the Alarms field

B-10 Motorola RF Switch System Reference Guide After the AP downloads a configuration file from the switch, it obtains the version number of the ima

B-11 radio basis. WLANs can be assigned to a radio as done today for an AP300 model Access Port. Optionally, configure WLANs as independent and ass

B-12 Motorola RF Switch System Reference Guide 2. Select the Auto Discovery Enable checkbox. Enabling auto discovery will allow the AAP to be detect

B-13 2. Export the AAP’s configuration to a secure location.Either import the configuration manually to other APs or the same AP later (if you elec

B-14 Motorola RF Switch System Reference Guide 3. Ensure the Adopt unconfigured radios automatically option is NOT selected.When disabled, there is

B-15 Once an AAP is adopted by the switch, it displays within the switch Access Port Radios screen (under the Network parent menu item) as an AP-51

B-16 Motorola RF Switch System Reference Guide B.4.4 Sample Switch Configuration File for IPSec and Independent WLANThe following constitutes a samp

B-17 xyxyxyxxyxyxyx!wireless no adopt-unconf-radio enable manual-wlan-mapping enable wlan 1 enable wlan 1 ssid qs5-ccmp wlan 1 vlan 200 wlan 1 encr

B-18 Motorola RF Switch System Reference Guide radio 4 channel-power indoor 48 4 radio 4 rss enable radio 4 client-bridge bridge-select-mode auto ra

B-19 !!!interface vlan1 ip address dhcp!To attach a Crypto Map to a VLAN Interface!crypto map AAP-CRYPTOMAP!sole!ip route 157.235.0.0/16 157.235.92

Switch Information 3-7 3. The Environment section displays the CPU temperature. It displays the valid threshold range set by the user.4. The CPU/Mem

B-20 Motorola RF Switch System Reference Guide

Appendix C Troubleshooting InformationThis appendix provides basic troubleshooting information and workarounds to known conditions the user may enco

C-2 Motorola RF Switch System Reference Guide C.1.1.1 Switch Does Not Boot UpThe Motorola RF Series Switch does not boot up to a username prompt via

C-3 C.1.1.4 Web UI is Sluggish, Does Not Refresh Properly, or Does Not RespondWhen configuring the switch, it is easy to overlook the fact that the

C-4 Motorola RF Switch System Reference Guide C.1.2 Access Port IssuesThis section describes various issues related to Access Ports within theMotoro

C-5 C.1.2.2 Access Ports are Not RespondingAccess Ports are not responding. The table below provides suggestions to troubleshoot this issue.C.1.2.3

C-6 Motorola RF Switch System Reference Guide C.1.3.2 MUs Cannot Associate and/or Authenticate with Access PortsMUs cannot associate and/or authenti

C-7 The table below provides suggestions to troubleshoot this issue. C.1.4.2 Excessive Memory LeakExcessive memory leak. The table below provides s

C-8 Motorola RF Switch System Reference Guide C.2.2 Not able to SNMP WALK for a GET• Check whether the MIB browser has IP connectivity to the SNMP a

C-9 To access the Motorola RF Series Switch using password recovery: 1. Connect a terminal (or PC running terminal emulation software) to the seria

3-8 Motorola RF Switch System Reference 1. Refer to the Alarms field for details of all the unacknowledged alarms generated during the past 48 hours

C-10 Motorola RF Switch System Reference Guide • Add a Radius client in AAA context• Ensure that key password in AAA/EAP context is set to the key u

C-11 C.3.2.8 VPN Authentication using onboard RADIUS server failsEnsure the following have been attempted:• Ensure that the VPN user is present in

C-12 Motorola RF Switch System Reference Guide • If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not send a

C-13 3. Ensure that "network policy" and "Ethernet port" set to the LAN is correct.C.5.2.2 How to block the request from host o

C-14 Motorola RF Switch System Reference Guide

Appendix D “How To” TutorialsThis appendix provides “How To” style tutorials for many of the more important features supported by the switch: • Ado

D-2 Motorola RF Switch System Reference Guide • Administrators can launch the AirDefense UI from within RFMS• The AirDefense Enterprise server can f

D-3 • A Windows XP workstation is available with Microsoft Internet Explorer or Mozilla Firefox to perform Web UI configurationD.1.2.2 ComponentsTh

D-4 Motorola RF Switch System Reference Guide To convert the AP300s into sensors:1. From the switch menu tree select Network > Access Port.2. Sel

D-5 5. Select the Configuration tab then click Global Settings in the bottom right-hand side of the screen.6. Enter the Primary WIPS Server Address

Switch Information 3-9 3.1.4 Viewing Switch StatisticsThe Switch Statistics tab displays an overview of the recent network traffic and RF status for

D-6 Motorola RF Switch System Reference Guide A confirmation screen displays the following message: Converting the AP will UNADOPT all its radios. D

D-7 3. Highlight the sensor MAC address to convert back to an AP, then select the Revert to AP button.A Do you really want to revert selected Senso

D-8 Motorola RF Switch System Reference Guide D.1.3 RF Switch Running ConfigurationThe following is the running configuration on the RFS6000 switch

D-9 snmp-server user snmptrap v3 encrypted auth md5 0xe3e4b0c4acafa27f6a23ad77d69ac182snmp-server user snmpmanager v3 encrypted auth md5 0xe3e4b0c4

D-10 Motorola RF Switch System Reference Guide wlan 3 enable wlan 3 description MOTO-VOICE wlan 3 ssid MOTO-VOICE wlan 3 vlan 80 wlan 3 encryption-

D-11 radio add 6 00-15-70-B2-FD-D0 11bg ap300 radio 6 description AP300-3-BG radio 6 bss 1 1 radio 6 bss 2 2 radio 6 bss 3 3 radio 6 channel-power

D-12 Motorola RF Switch System Reference Guide !radius-server local authentication eap-auth-type all nas 192.168.10.0/24 key 0 ESELAB!radius-server

D-13 interface vlan1 no ip address shutdown!interface vlan10 management description SERVICES ip address 192.168.10.14/24!interface vlan70 descripti

D-14 Motorola RF Switch System Reference Guide D.2.1 Wi-Fi Location DeterminationTo provide 802.11 locationing, the integrated RTLS engine uses a si

D-15 The computed X/Y coordinate and zone for each client can be viewed directly on the RF Switch using CLI or Web-UI or exported to a third-party

3-10 Motorola RF Switch System Reference 5. The RF Status section displays the following read-only RF radio signal information for associated APs an

D-16 Motorola RF Switch System Reference Guide D.2.4 Defining an Integrated WLAN RTLS ConfigurationThis section provides the following RFS7000 tasks

D-17 • A Windows XP workstation is available with Microsoft Internet Explorer or Mozilla Firefox to perform Web UI configurationD.2.4.2 ComponentsT

D-18 Motorola RF Switch System Reference Guide Defining the Site Name and DimensionsFor a listing of the radio, switch and Ethernet switch configura

D-19 1. From the switch menu tree select Services > RTLS.2. Provide a Name and Description for the site as well as the site’s Length, Width, Hei

D-20 Motorola RF Switch System Reference Guide Defining the AP InformationThe following steps demonstrate how to define AP location using the switch

D-21 2. Verify the location site AP configuration by issuing the show rtls site command.RFS7000# show rtls siteSwitch Web UI ConfigurationThe follo

D-22 Motorola RF Switch System Reference Guide 3. Enter the APs MAC address and X,Y, Z Coordinates. Click OK. 4. Repeat for each additional AP.Once

D-23 Defining Zone PerimetersThe following steps demonstrate how to name and define the perimeter of three zones at the site:1. In the RTLS configu

D-24 Motorola RF Switch System Reference Guide 3. Define the name for zone 2 by issuing a zone command.Syntax: zone <zone-id> <name>RFS7

D-25 7. Verify location site zone information and configuration by issuing a show rtls zone detail command.Zone Config:Index : 1Name[01] : O

Switch Information 3-11 3.2 Viewing Switch Port InformationThe Port screen displays configuration, runtime status and statistics of the ports on the

D-26 Motorola RF Switch System Reference Guide 5. View client location by issuing a show rtls tags command. This command displays each clients X,Y c

D-27 Location information for each associated MU (including X,Y coordinates and zone) display in the Located MU's table.D.2.5 Baseline Configu

D-28 Motorola RF Switch System Reference Guide service prompt crash-info!username "admin" password 1 b6b6ccabdb85763872c7fbdf436ec2ed86bf9

D-29 service radiuslicense AP fc781051ebf9d99ced010a4dab46a63a760c66f54b1c496da322d3cd41d046777fbed80f433b68ea!

D-30 Motorola RF Switch System Reference Guide radio 3 on-channel-scan radio 3 adoption-pref-id 200 radio add 4 00-15-70-B2-FD-CF 11bg ap300 radio

D-31 radio 8 adoption-pref-id 200 no ap-ip default-ap switch-ip ap-detection enable! smart-rf radio 1 radio-mac 00-15-70-7E-27-6C radio 2 radio-

D-32 Motorola RF Switch System Reference Guide no ip address! interface up1 descript

D-33 site name Acme Inc. site description Acme Inc. San Jose CA site dimension length 80 width 60 height 18 ap 00-15-70-D5-DA-FB coordinates x 10

D-34 Motorola RF Switch System Reference Guide spanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!inter

D-35 !interface GigabitEthernet1/0/11!interface GigabitEthernet1/0/12 description AP300-1 switchport access vlan 11 switchport mode access spanning

3-12 Motorola RF Switch System Reference 3. Select a port and click the Edit button to modify the port configuration. For additional information, s

D-36 Motorola RF Switch System Reference Guide !interface GigabitEthernet1/0/21!interface GigabitEthernet1/0/22!interface GigabitEthernet1/0/23!inte

D-37 line vty 5 15 login!ntp clock-period 36028926ntp server 192.168.0.5 preferendD.3 MU to MU DisallowThe MU to MU disallow feature allows the RF

D-38 Motorola RF Switch System Reference Guide D.3.1 Defining an MU to MU Disallow ConfigurationThe following sections outline the requirements, com

D-39 To disable MU to MU communications:1. From the switch menu tree select Network > Wireless LANs.2. Select the Configuration tab.3. Select an

D-40 Motorola RF Switch System Reference Guide 4. Change the default MU to MU Traffic option from Allow Packets to Drop Packets. This will disable M

D-41 username "admin" password 1 b6b6ccabdb85763872c7fbdf436ec2ed86bf931eusername "admin" privilege superuserusername "op

D-42 Motorola RF Switch System Reference Guide license AP fc781051ebf9d99ced010a4dab46a63a760c66f54b1c496da322d3cd41d046777fbed80f433b68ea!wireless

D-43 radio 1 adoption-pref-id 100 radio add 2 00-15-70-78-F5-23 11bg ap300 radio 2 description AP300-1-BG radio 2 bss 1 1 radio 2 bss 2 2 radio 2

D-44 Motorola RF Switch System Reference Guide radio 7 on-channel-scan radio add 8 00-15-70-D5-DA-CE 11bg ap300 radio 8 description AP300-4-BG radi

D-45 interface ge3 switchport access vlan 10!interface ge4 switchport access vlan 10!interface ge5 switchport access vlan 10!interface ge6 switchpo

Switch Information 3-13 2. Click the Edit button.A Port Change Warning screen displays, stating any change to the port setting could disrupt access

D-46 Motorola RF Switch System Reference Guide !rtls rfid espi sole!ip route 0.0.0.0/0 192.168.10.1!ntp server 192.168.10.5 preferline con 0line vty

D-47 Secure Beacon Frame ExampleWith certain applications (such as a hotspot uses guest access), it may be desirable to mask the SSID name to make

D-48 Motorola RF Switch System Reference Guide D.4.1.1 RequirementsThe following requirements must be met prior to attempting this configuration:•

D-49 3. Highlight a SSID to modify and select Edit.4. Select the Secure Beacon checkbox. This disables the SSID advertised in the beacon. Click OK.

D-50 Motorola RF Switch System Reference Guide version 1.2!!aaa authentication login default local noneservice prompt crash-info!username "admi

D-51 ip telnetno service pm sys-restarttimezone America/New_Yorkservice radiuslicense AP fc781051ebf9d99ced010a4dab46a63a760c66f54b1c496da322d3cd41

D-52 Motorola RF Switch System Reference Guide radio 1 description AP300-1-A radio 1 bss 1 1 radio 1 channel-power indoor 36 15 radio 1 on-channel-

D-53 radio 6 adoption-pref-id 100 radio add 7 00-15-70-D5-DA-CE 11a ap300 radio 7 description AP300-4-A radio 7 channel-power indoor 48 17 radio 7

D-54 Motorola RF Switch System Reference Guide !interface ge2 switchport access vlan 10!interface ge3 switchport access vlan 10!interface ge4 switch

D-55 description GUEST ip address 192.168.70.14/24!!!rtls rfid espi sole!ip route 0.0.0.0/0 192.168.10.1!ntp server 192.168.10.5 preferline con 0l

3-14 Motorola RF Switch System Reference Read-only details about the port’s cabling connection also display within the Edit screen. This information

D-56 Motorola RF Switch System Reference Guide Management restrictions can be applied to meet specific company policies or industry requirements man

D-57 • One or more RF Switches are installed and operational on the network • One or more AP300 Access Ports configured and adopted by the switch •

D-58 Motorola RF Switch System Reference Guide 1. From the switch menu tree select Network > Switch Virtual Interface.2. Select the Configuration

D-59 7. Select the Secure Management (on Management VLAN only) checkbox then click Apply.8. Select Save (from the lower left-hand corner) to apply

D-60 Motorola RF Switch System Reference Guide The RF Switch has a standard IP ACL applied to interface vlan10 which permits IP access from the Serv

D-61 6. From back in the Configuration tab, select the ACL created in steps 3 and 47. Click Add under the Associated Rules field.8. Within the Add

D-62 Motorola RF Switch System Reference Guide 12.Select the IP ACL you created previously. Click OK.13.Select Save (from the lower left-hand corner

D-63 Switch Web UI ConfigurationThe following demonstrates how to disable insecure telnet, HTTP and SNMPv2 management interfaces:1. From the switch

D-64 Motorola RF Switch System Reference Guide • If Radius authentication is used, associated role information is supplied to the Radius server, exc

D-65 Access modes can be assigned to management user accounts to restrict the management interfaces a user can access. As with associated roles, a

Switch Information 3-15 2. Select the Runtime tab to display the following read-only information: 3.2.3 Reviewing Port StatisticsThe Statistics tab

D-66 Motorola RF Switch System Reference Guide 5. Within the Associated Roles field, deselect the Monitor role and select WebUser Administrator. 6.

D-67 Associated role information is forwarded to the RF Switch from the Radius server as a vendor specific attribute. One or more associated roles

D-68 Motorola RF Switch System Reference Guide 3. Set the Preferred method to radius. Click Add.4. Enter the Radius Server IP Address and Radius sha

D-69 ! configuration of RFS6000 version 3.3.0.0-029R!version 1.2!!aaa authentication login default radius localservice prompt crash-info!username &

D-70 Motorola RF Switch System Reference Guide snmp-server user snmptrap v3 encrypted auth md5 0xe3e4b0c4acafa27f6a23ad77d69ac182snmp-server user sn

D-71 wlan 3 description MOTO-VOICE wlan 3 ssid MOTO-VOICE wlan 3 vlan 80 wlan 3 encryption-type tkip wlan 3 dot11i phrase 0 motovoicetest wlan 3 d

D-72 Motorola RF Switch System Reference Guide radio 6 description AP300-3-BG radio 6 bss 1 1 radio 6 bss 2 2 radio 6 bss 3 3 radio 6 channel-power

D-73 nas 192.168.10.0/24 key 0 ESELAB!radius-server local!!interface ge1 switchport access vlan 10!interface ge2 switchport access vlan 10!interfa

D-74 Motorola RF Switch System Reference Guide !interface vlan10 management description SERVICES ip address 192.168.10.14/24 ip access-group 1 in!in

D-75 D.6.1 Shared SecretsEncryption and authentication is provided by defining an 8 to 64 character shared secret on the RF Switch for each AP300 p

TOC-2 Motorola RF Switch System Reference Guide3.4.3 Updating the Switch Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-16 Motorola RF Switch System Reference 3. Refer to the Statistics tab to display the following read-only information:4. Select a port and click o

D-76 Motorola RF Switch System Reference Guide and control frames. If pre staging mode is not enabled for the AP300, the AP300 does not have the cor

D-77 D.6.5.2 ComponentsThe information in this section is based on the following Motorola hardware and software versions:• 1 RFS6000 model switch•

D-78 Motorola RF Switch System Reference Guide 3. Highlight and select the AP300s then click Edit.4. Check the Secure Mode and Pre Staging Mode opti

D-79 7. Highlight and select the radios to reset.8. Select Tools and Reset.9. Select Reset entire Access Port. This resets adopted AP300s. During

D-80 Motorola RF Switch System Reference Guide 12.Highlight and select the AP300s then select Edit. 13.Un-check the Pre Staging Mode option and sele

D-81 • A default pre shared secret be defined on the RF Switch. This configures the shared secret on all AP300s added to the RF Switch• A new AP300

D-82 Motorola RF Switch System Reference Guide 3. In the Default Pre Shared Secret field enter the new shared secret to be applied to new AP300s add

D-83 7. In the AP MAC Address field enter the MAC address for the new AP.8. Set the AP Type to AP300. 9. Enable the 802.11a and 802.11bg radios an

D-84 Motorola RF Switch System Reference Guide 12.Highlight and select the newly added AP300. Click Edit. 13.Select the Secure Mode and Pre Staging

D-85 15.From the switch menu tree select Network > Access Port.16.Select the WISPe tab.17.Highlight and select the newly added AP300. Click Edi

Switch Information 3-17 3. The Interface Statistics screen displays. This screen displays the following statistics for the selected port:Name Displa

D-86 Motorola RF Switch System Reference Guide D.6.6 RF Switch Running ConfigurationThe following shows the running configuration of the RFS6000 swi

D-87 snmp-server user snmptrap v3 encrypted auth md5 0xe3e4b0c4acafa27f6a23ad77d69ac182snmp-server user snmpmanager v3 encrypted auth md5 0xe3e4b0c

D-88 Motorola RF Switch System Reference Guide wlan 2 radius accounting server primary 192.168.10.14 wlan 2 radius accounting server primary radius

D-89 radio 5 description AP300-3-A radio 5 bss 1 1 radio 5 channel-power indoor 44 15 radio 5 on-channel-scan radio 5 adoption-pref-id 100 radio a

D-90 Motorola RF Switch System Reference Guide radio 1 radio-mac 00-15-70-7E-27-6C radio 2 radio-mac 00-15-70-7E-3F-1C radio 3 radio-mac 00-15-7

D-91 interface ge8switchport access vlan 10!interface me1 no ip address!interface up1 description Uplink switchport mode trunk switchport trunk nat

D-92 Motorola RF Switch System Reference Guide endD.7 Wireless IDSThreats to WLANs are numerous and are potentially devastating to business and day

D-93 D.7.1 Unauthorized Access Point DetectionUnauthorized AP detection is a feature directly integrated into the RF Switch. When enabled, it allow

D-94 Motorola RF Switch System Reference Guide D.7.2 Unauthorized Access Point ContainmentAPs categorized as unapproved represent a potential threat

D-95 Wireless Intrusion Detection ViolationsAs shown in table above, the RF Switch can detect numerous violations, each with a configurable thresho

3-18 Motorola RF Switch System Reference 4. The Status is the current state of the requests made from the applet. Requests are any “SET/GET” operati

D-96 Motorola RF Switch System Reference Guide • Multiple Detection Technologies - Provides accurate and comprehensive detection by applying multipl

D-97 • 5 AP300 model Access PortsD.7.6.3 Unauthorized AP DetectionAs shown in the figure below, a switch is deployed at a site with four AP300s. Th

D-98 Motorola RF Switch System Reference Guide 4. Within the Network > Access Port Radio > Configuration screen, refer to the Properties field

D-99 7. Select the Enable to checkbox globally enable unauthorized AP detection on the switch. Click Apply. 8. From the switch menu tree select Se

D-100 Motorola RF Switch System Reference Guide D.7.6.4 Unauthorized AP ContainmentUnauthorized AP containment can be enabled on the RF Switch to pr

D-101 3. Select the Enable Containment checkbox. Select Apply.4. Select the Unapproved APs (AP Reported) tab.5. To contain an unauthorized AP, sele

D-102 Motorola RF Switch System Reference Guide 7. Select Save (from the lower left-hand corner) to apply the changes.D.7.6.5 Mobile Unit Intrusion

D-103 3. In the Detection Window field, specify the detection window interval (in seconds) the RF Switch uses to scan for violations. In this exam

D-104 Motorola RF Switch System Reference Guide Any MUs violating an event are listed in the table.7. Select Save (from the lower left-hand corner)

D-105 1. From the switch menu tree select Management Access > SNMP Trap Receivers.2. Select Add. 3. Go to Management Access > SNMP Traps.4. E

Switch Information 3-19 • Input Bytes• Input Pkts Dropped• Output Pkts Total• Output Pkts Error• Input Pkts Total• Input Pkts Error• Output Pkts NUC

D-106 Motorola RF Switch System Reference Guide 8. In the All Traps tree, locate Wireless > AP Detection, then select the Unapproved AP detected

D-107 14.From within the Configuration tab, select the Allow Traps to be generated option then click Apply.15.Select Save (from the lower left-hand

D-108 Motorola RF Switch System Reference Guide D.7.6.7 RF Switch Running ConfigurationThe following is the running configuration on the RFS6000 swi

D-109 snmp-server sysname RFS6000snmp-server manager v2snmp-server manager v3snmp-server user snmptrap v3 encrypted auth md5 0xe3e4b0c4acafa27f6a23

D-110 Motorola RF Switch System Reference Guide wlan 1 dot11i preauthentication wlan 2 enable wlan 2 description MOTO-GUEST wlan 2 ssid MOTO-GUEST

D-111 radio 4 bss 3 3 radio 4 channel-power indoor 6 18 radio 4 on-channel-scan radio 4 short-preamble radio 4 adoption-pref-id 200 radio add 5 00

D-112 Motorola RF Switch System Reference Guide smart-rf radio 1 radio-mac 00-15-70-7E-27-6C radio 2 radio-mac 00-15-70-7E-3F-1C radio 3 radio-m

D-113 !interface me1 no ip address!interface up1 description Uplink switchport mode trunk switchport trunk native vlan 10 switchport trunk native t

D-114 Motorola RF Switch System Reference Guide D.8 Wireless FiltersWireless filters can be applied to specific WLANs to grant or deny access to MUs

D-115 • One (or more) WLAN profiles are configured and assigned to adopted radios• A Windows XP workstation is available with Microsoft Internet Ex

3-20 Motorola RF Switch System Reference The PoE Global Configuration section displays the following power information.If you have modified the Pow

D-116 Motorola RF Switch System Reference Guide 2. Select Add. 3. Enter 1 in the MU-ACL Index field. 4. In the Starting MAC and Ending MAC fields e

D-117 6. Highlight the MU-ACL created in steps 3-5 and select Memberships.7. Check the WLAN index number(s) to associate the MAC-ACL with. In this

D-118 Motorola RF Switch System Reference Guide As illustrated in the figure above, wireless filtering is deployed on a voice WLAN named MOTO-VOICE

D-119 2. Select Add. 3. Enter 1 in the MU-ACL Index field. 4. In the Starting MAC field enter the first MAC address in the range. In the Ending MA

D-120 Motorola RF Switch System Reference Guide 6. Highlight the MU-ACL created in steps 3-5 and select Memberships.7. Check the WLAN index number(s

D-121 !!aaa authentication login default local noneservice prompt crash-info!username "admin" password 1 b6b6ccabdb85763872c7fbdf436ec2ed

D-122 Motorola RF Switch System Reference Guide ip sship telnetno service pm sys-restarttimezone America/New_Yorkservice radiuslicense AP fc781051eb

D-123 radio 1 description AP300-1-A radio 1 bss 1 1 radio 1 channel-power indoor 36 15 radio 1 on-channel-scan radio 1 adoption-pref-id 100 radio

D-124 Motorola RF Switch System Reference Guide radio 6 adoption-pref-id 100 radio add 7 00-15-70-D5-DA-CE 11a ap300 radio 7 description AP300-4-A

D-125 interface ge1 switchport access vlan 10!interface ge2 switchport access vlan 10!interface ge3 switchport access vlan 10!interface ge4 switchp

Switch Information 3-21 3.2.5 Editing Port PoE SettingsTo modify the PoE settings for a port:1. Select a port to edit from the table.2. Click the Ed

D-126 Motorola RF Switch System Reference Guide !interface vlan70 description GUEST ip address 192.168.70.14/24!!!rtls rfid espi sole!ip route 0.0.0

D-127 D.9.1 Applications802.11i with AES should be considered for new WLAN applications, as it represents the strongest encryption scheme available

D-128 Motorola RF Switch System Reference Guide D.9.3.2 ComponentsThe information in this section is based on the following Motorola hardware and so

D-129 3. Highlight an unused WLAN in the table and select Edit.4. Enter an ESSID and Description.

D-130 Motorola RF Switch System Reference Guide 5. Specify one or more VLAN IDs.Optionally enable Dynamic Assignment to enable dynamic VLAN assignme

D-131 10.Enter the RADIUS Server Address and RADIUS Shared Secret. 11.Select the Re-authentication option then select OK.

D-132 Motorola RF Switch System Reference Guide 12.From back at the Network > Wireless LANs > Configuration screen, highlight (select) the new

D-133 Switch Web UI ConfigurationTo configure 802.11i with pre-shared keys on a RF Switch:1. From the menu tree select Network > Wireless LANs.

D-134 Motorola RF Switch System Reference Guide 4. Enter an ESSID name and Description. 5. Specify one or more VLAN IDs.6. In the Encryption field e

D-135 8. In the ASCII Passphrase field, enter the strong passphrase used for device authentication. Select OK to save the updates.9. From back at t

3-22 Motorola RF Switch System Reference 3.3 Viewing Switch ConfigurationsUse the Configurations screen to review the configuration files available

D-136 Motorola RF Switch System Reference Guide !!spanning-tree mst configuration name My Name!crypto pki trustpoint ESELAB subject-name "rfs60

D-137 wireless secure-wispe-default-secret 0 defaultS adoption-pref-id 100 no adopt-unconf-radio enable manual-wlan-mapping enable wlan 1 enable wl

D-138 Motorola RF Switch System Reference Guide radio 1 adoption-pref-id 100 radio add 2 00-15-70-78-F5-23 11bg ap300 radio 2 description AP300-1-B

D-139 radio add 7 00-15-70-D5-DA-CE 11a ap300 radio 7 description AP300-4-A radio 7 bss 1 1 radio 7 channel-power indoor 48 17 radio 7 on-channel-

D-140 Motorola RF Switch System Reference Guide !radius-server local authentication eap-auth-type all nas 192.168.10.0/24 key 0 ESELAB!radius-server

D-141 switchport trunk allowed vlan none switchport trunk allowed vlan add 10,12,40,70,80,!interface vlan1 no ip address shutdown!interface vlan10

D-142 Motorola RF Switch System Reference Guide

MOTOROLA INC.1303 E. ALGONQUIN ROADSCHAUMBURG, IL 60196http://www.motorola.com72E-124690-01 Revision AMay 2009

Switch Information 3-23 2. To view the contents of a config file in detail, select a config file by selecting a row from the table and click the Vie

3-24 Motorola RF Switch System Reference Use the up and down navigation facilities on the right-hand side of the screen to view the entire page.3. T

Switch Information 3-25 2. Refer to the Source field to define the location and address information for the source config file. 3. Refer to the Targ

TOC-34.8.2 Configuring Layer 3 Access Port Adoption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3-26 Motorola RF Switch System Reference To view the firmware files available to the switch: 1. Select Switch > Firmware from the main menu tree.

Switch Information 3-27 6. Click on the Update Firmware button to update the firmware file loaded onto the switch. For more information, see Updatin

3-28 Motorola RF Switch System Reference 4. Refer to the Status field for the current state of the requests made from the applet. Requests are any “

Switch Information 3-29 8. Enter the password for FTP server login in the Password field.9. Enter the complete file path for the file that contains

3-30 Motorola RF Switch System Reference 2. Refer to the Source field to specify the details of the source file.3.5.1.1 Transferring a file from Wi

Switch Information 3-31 2. Use the Browse button to locate a target file for the file transfer. 3. Use the To drop-down menu (within the Target fiel

3-32 Motorola RF Switch System Reference 1. Refer to the Source field to specify the source file. Use the From drop-down menu and select Wireless Sw

Switch Information 3-33 2. Provide the name of the File.3. Use the Using drop-down menu to configure whether the file transfer is conducted using F

3-34 Motorola RF Switch System Reference • USB 2Transfer files between the switch and the server from any one of the above mentioned locations. Sinc

Switch Information 3-35 3.6 Configuring Automatic UpdatesUse the Automatic Updates screen to enable a facility that will poll a server address (you

TOC-4 Motorola RF Switch System Reference Guide5.6.1 Configuring Self Healing Neighbor Details. . . . . . . . . . . . . . . . . . . . . . . . . . .

3-36 Motorola RF Switch System Reference 3. Refer to the Redundancy Configuration field to enable and define the configuration for automatic cluster

Switch Information 3-37 5. Select the Start Update button to begin the file updates for the enabled switch configuration, cluster configuration or f

3-38 Motorola RF Switch System Reference 4. Refer to the table within the Alarm Log screen for the following information: 5. Select an alarm and cli

Switch Information 3-39 3. Refer to the Alarm Details and Alarm Message for the following information: 4. Click Close to exit the dialog.3.8 Viewing

3-40 Motorola RF Switch System Reference 4. Refer to the Feature Licenses table for the following license specific information:5. Select a license f

Switch Information 3-41 3.9 How to use the Filter OptionUse the Filter Option to sort the display details of screen that employ the filtering option

3-42 Motorola RF Switch System Reference

Network SetupThis chapter describes the Network Setup menu information used to configure the switch. This chapter consists of the following switch

4-2 Motorola RF Switch System Reference Guide 4.1 Displaying the Network InterfaceThe main Network interface displays a high-level overview of the c

Network Setup 4-3 2. Refer to the following information to discern if configuration changes are warranted: The Apply and Cancel buttons are greyed

TOC-56.7.1 Defining the IPSec Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-4 Motorola RF Switch System Reference Guide 4.2 Viewing Network IP InformationUse the Internet Protocol screen to view and configure network assoc

Network Setup 4-5 5. Click the Add button to display a screen used to add another domain name server. For more information, see Adding an IP Address

4-6 Motorola RF Switch System Reference Guide 2. Select the Domain Look Up checkbox to enable the switch to query domain name servers to resolve dom

Network Setup 4-7 4. Select an entry and click the Delete button to remove the selected entry from the IP forwarding table.5. Click the Add button

4-8 Motorola RF Switch System Reference Guide 2. In the Destination Subnet field, enter an IP address to route packets to a specific destination add

Network Setup 4-9 3. Refer to the Address Resolution table for the following information:4. Click the Clear button to remove the selected AP entry i

4-10 Motorola RF Switch System Reference Guide 4.3 Viewing and Configuring Layer 2 Virtual LANsA virtual LAN (VLAN) is similar to a Local Area Netwo

Network Setup 4-11 3. Select a record from the table and click the Edit button to modify the record. For more information, see Editing the Details o

4-12 Motorola RF Switch System Reference Guide 5. Use the Edit screen to modify the following:6. Refer to the Status field for the current state of

Network Setup 4-13 3. Highlight an existing VLAN and click the Edit button. The system displays a Port VLAN Change Warning message. Be advised, chan