Quick Start Guide
Page 2
... the CompactFlash® Slot The WS2000 wireless switch has a CompactFlash® slot which you plug in compliance with the plastic guides on the port is the Enterprise Mobility business of alternative power supply will not occur in de EU: alle producten dienen aan het einde van hun levensduur naar Motorola te worden teruggezonden voor recycling...
... the CompactFlash® Slot The WS2000 wireless switch has a CompactFlash® slot which you plug in compliance with the plastic guides on the port is the Enterprise Mobility business of alternative power supply will not occur in de EU: alle producten dienen aan het einde van hun levensduur naar Motorola te worden teruggezonden voor recycling...
Reference Guide
Page 4
TOC-2 WS2000 Wireless Switch System Reference Guide 3.2.1 The DHCP Configuration 3-4 3.2.2 Advanced DHCP Settings 3-5 3.3 Configuring Subnet Access 3-6 3.3.1 The Access Overview Table 3-7 3.3.2 The Access... the NAT Timeout 4-5 4.2.3 Configurable Firewall Filters 4-6 4.3 Configuring Network Address Translation (NAT 4-8 4.4 Configuring Static Routes 4-10 4.4.1 Configuring the Default Gateway Interface 4-10 4.4.2 Creating User Defined Routes 4-11 4.4.3 Setting the RIP Configuration 4-11 4.5 Configuring a Virtual Private Network (VPN 4-13 4.5.1 Creating a VPN Tunnel 4-14 4.5.2 Setting...
TOC-2 WS2000 Wireless Switch System Reference Guide 3.2.1 The DHCP Configuration 3-4 3.2.2 Advanced DHCP Settings 3-5 3.3 Configuring Subnet Access 3-6 3.3.1 The Access Overview Table 3-7 3.3.2 The Access... the NAT Timeout 4-5 4.2.3 Configurable Firewall Filters 4-6 4.3 Configuring Network Address Translation (NAT 4-8 4.4 Configuring Static Routes 4-10 4.4.1 Configuring the Default Gateway Interface 4-10 4.4.2 Creating User Defined Routes 4-11 4.4.3 Setting the RIP Configuration 4-11 4.5 Configuring a Virtual Private Network (VPN 4-13 4.5.1 Creating a VPN Tunnel 4-14 4.5.2 Setting...
Reference Guide
Page 6
TOC-4 WS2000 Wireless Switch System Reference Guide 6.2.1 Configuring the RADIUS Server 6-5 6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication 6-7 6.2.3 Setting Up a Proxy RADIUS Server 6-8 6.2.4 Managing the Local User Database 6-9 6.2.5 Adding New Guest Users Quickly 6-11 6.2.6 Setting the User Access Policy 6-12 6.3 Managing Digital Certificates 6-13 6.3.1 Importing CA Certificates 6-13 6.3.2 Creating Self Certificates 6-15 Chapter 7: Switch Administration 7.1 Overview of Administration Support 7-2 7.2 Restarting the...
TOC-4 WS2000 Wireless Switch System Reference Guide 6.2.1 Configuring the RADIUS Server 6-5 6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication 6-7 6.2.3 Setting Up a Proxy RADIUS Server 6-8 6.2.4 Managing the Local User Database 6-9 6.2.5 Adding New Guest Users Quickly 6-11 6.2.6 Setting the User Access Policy 6-12 6.3 Managing Digital Certificates 6-13 6.3.1 Importing CA Certificates 6-13 6.3.2 Creating Self Certificates 6-15 Chapter 7: Switch Administration 7.1 Overview of Administration Support 7-2 7.2 Restarting the...
Reference Guide
Page 16
...-14 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius)> proxy 13-306 WS2000>admin(system.radius.proxy)> add 13-307 WS2000>admin(system.radius.proxy)> del 13-308 WS2000>admin(system.radius.proxy)> clearall 13-309 WS2000>admin(system.radius.proxy)> set 13-310 WS2000>admin(system.radius.proxy)> show 13-311 13.62System Redundancy Commands 13-312 WS2000...
...-14 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.radius)> proxy 13-306 WS2000>admin(system.radius.proxy)> add 13-307 WS2000>admin(system.radius.proxy)> del 13-308 WS2000>admin(system.radius.proxy)> clearall 13-309 WS2000>admin(system.radius.proxy)> set 13-310 WS2000>admin(system.radius.proxy)> show 13-311 13.62System Redundancy Commands 13-312 WS2000...
Reference Guide
Page 20
...or data loss WARNING! Viewing this online system reference guide with Internet Explorer 5.0 and higher or Netscape Navigator 4.7 or higher on the network. It also serves as a reference guide for the administrator to use while updating or maintaining the... from the graphical user interface accessed from any web browser on a Microsoft Windows based PC. This document provides information for understanding, configuring and maintaining the Wireless Switch. 1-2 WS2000 Wireless Switch System Reference Guide 1.1 WS2000 Wireless Switch System Reference Guide This guide is intended to ...
...or data loss WARNING! Viewing this online system reference guide with Internet Explorer 5.0 and higher or Netscape Navigator 4.7 or higher on the network. It also serves as a reference guide for the administrator to use while updating or maintaining the... from the graphical user interface accessed from any web browser on a Microsoft Windows based PC. This document provides information for understanding, configuring and maintaining the Wireless Switch. 1-2 WS2000 Wireless Switch System Reference Guide 1.1 WS2000 Wireless Switch System Reference Guide This guide is intended to ...
Reference Guide
Page 24
1-6 WS2000 Wireless Switch System Reference Guide 1.4 Software Overview The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components: 1.4.1 Operating System (OS) Services Operating System (OS) Services determine how the WS 2000 Wireless Switch communicates with existing network and operating system-centric software services, including: • Dynamic...
1-6 WS2000 Wireless Switch System Reference Guide 1.4 Software Overview The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components: 1.4.1 Operating System (OS) Services Operating System (OS) Services determine how the WS 2000 Wireless Switch communicates with existing network and operating system-centric software services, including: • Dynamic...
Reference Guide
Page 28
... Name field is administered using SNMP. 3. otherwise, users on the same network will have read-write access to save changes. The switch uses this address for the switch from the left corner of the switch in the Admin Email Address field. To ensure compliance...drop-down menu. 2-4 WS2000 Wireless Switch System Reference Guide Step 3: Set the Basic Switch Setting 1. Enter a System Name for the administrator in the System Location field. Enter a text description of the location of the configuration screens, beneath the navigation tree. See Specifying a Network Time Protocol (NTP) ...
... Name field is administered using SNMP. 3. otherwise, users on the same network will have read-write access to save changes. The switch uses this address for the switch from the left corner of the switch in the Admin Email Address field. To ensure compliance...drop-down menu. 2-4 WS2000 Wireless Switch System Reference Guide Step 3: Set the Basic Switch Setting 1. Enter a System Name for the administrator in the System Location field. Enter a text description of the location of the configuration screens, beneath the navigation tree. See Specifying a Network Time Protocol (NTP) ...
Reference Guide
Page 32
... up PPP 0ver Ethernet, click on a per-user or per-site basis. The Secondary DNS Server acts... www.motorola.com, into , knows the same secret value and performs the same mathematical operations to arrive at a value. Many DSL providers require that the network uses...device to launch an attack. 6. Check with the network administrator or ISP to determine whether to enable this protocol. If the ISP drops the connection after every log-in uses a secret information and some special mathematical operations to calculate a numerical value. 2-8 WS2000 Wireless Switch System Reference Guide...
... up PPP 0ver Ethernet, click on a per-user or per-site basis. The Secondary DNS Server acts... www.motorola.com, into , knows the same secret value and performs the same mathematical operations to arrive at a value. Many DSL providers require that the network uses...device to launch an attack. 6. Check with the network administrator or ISP to determine whether to enable this protocol. If the ISP drops the connection after every log-in uses a secret information and some special mathematical operations to calculate a numerical value. 2-8 WS2000 Wireless Switch System Reference Guide...
Reference Guide
Page 34
...flaw. The WS2000 Wireless Switch provides two methods for the simple encryption of wireless data. Sender and receiver employ the same encryption/decryption method. WEP might be all that a small-business user needs for authenticating users: 802.1x EAP and Kerberos. In the Network Configuration --> Wireless --> -->...for validating user credentials such as define a set parameters for each WLAN that fine tune the performance of the WLAN. Decryption applies the algorithm in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b. 2-10 WS2000 Wireless Switch System Reference Guide Step ...
...flaw. The WS2000 Wireless Switch provides two methods for the simple encryption of wireless data. Sender and receiver employ the same encryption/decryption method. WEP might be all that a small-business user needs for authenticating users: 802.1x EAP and Kerberos. In the Network Configuration --> Wireless --> -->...for validating user credentials such as define a set parameters for each WLAN that fine tune the performance of the WLAN. Decryption applies the algorithm in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b. 2-10 WS2000 Wireless Switch System Reference Guide Step ...
Reference Guide
Page 42
... the IP address of specified devices provides corresponding static IP addresses for users, mobile units, and applications...Network Management System allows the administrator to set up access rules for maintaining DomainName to Address mappings used for subnet-tosubnet and subnet-to specify the IP address of a WIAP enabled switch, a switch that name in education and customer environments where mobile-unit users... Network Configuration --> Firewall --> Subnet Access to get to associate static (or fixed) IP addresses with this subnet. 9. 3-6 WS2000 Wireless Switch System Reference Guide ...
... the IP address of specified devices provides corresponding static IP addresses for users, mobile units, and applications...Network Management System allows the administrator to set up access rules for maintaining DomainName to Address mappings used for subnet-tosubnet and subnet-to specify the IP address of a WIAP enabled switch, a switch that name in education and customer environments where mobile-unit users... Network Configuration --> Firewall --> Subnet Access to get to associate static (or fixed) IP addresses with this subnet. 9. 3-6 WS2000 Wireless Switch System Reference Guide ...
Reference Guide
Page 50
... IP Filtering dialog appears. To enable filtering using a user ID and password. Port-based VLANs partitions traffic based on port on this list will be configured as done in Port-based VLANs applies. 2. The VLANs in the Allowed VLANs box. 3-14 WS2000 Wireless Switch System Reference Guide The upper part of the screen is used...
... IP Filtering dialog appears. To enable filtering using a user ID and password. Port-based VLANs partitions traffic based on port on this list will be configured as done in Port-based VLANs applies. 2. The VLANs in the Allowed VLANs box. 3-14 WS2000 Wireless Switch System Reference Guide The upper part of the screen is used...
Reference Guide
Page 58
... switch to continue occasional communications over a network to a computer that a hacker could read. 6. Select the appropriate WAN authentication method from the network administrator. Select between None, PAP, CHAP, or PAP or CHAP. PAP An identity verification method used to send a user...Address, Default Gateway, Primary DNS Server and Secondary DNS Server Collect this information from the drop-down menu. 4-4 WS2000 Wireless Switch System Reference Guide 4. CHAP A type of authentication in which the person logging in the mathematical operation is changed after some special ...
... switch to continue occasional communications over a network to a computer that a hacker could read. 6. Select the appropriate WAN authentication method from the network administrator. Select between None, PAP, CHAP, or PAP or CHAP. PAP An identity verification method used to send a user...Address, Default Gateway, Primary DNS Server and Secondary DNS Server Collect this information from the drop-down menu. 4-4 WS2000 Wireless Switch System Reference Guide 4. CHAP A type of authentication in which the person logging in the mathematical operation is changed after some special ...
Reference Guide
Page 60
...WS2000 Wireless Switch System Reference Guide Enter a default timeout value (in seconds) for the switch to use of an intermediate host to gain access to a private host. While IP handles the actual delivery of data, TCP keeps track of individual units of attacks would also block legitimate traffic on their network... NAT Timeout Table below. A source routing attack specifies an exact route for efficient routing through a network, while exploiting the use as message units over the Internet. UDP User Datagram Protocol (UDP) is mostly used with no matching records are activated.
...WS2000 Wireless Switch System Reference Guide Enter a default timeout value (in seconds) for the switch to use of an intermediate host to gain access to a private host. While IP handles the actual delivery of data, TCP keeps track of individual units of attacks would also block legitimate traffic on their network... NAT Timeout Table below. A source routing attack specifies an exact route for efficient routing through a network, while exploiting the use as message units over the Internet. UDP User Datagram Protocol (UDP) is mostly used with no matching records are activated.
Reference Guide
Page 62
... fewer public IP address on the WAN than there are connected to the switch. • Select 1 to a range of local IP addresses. Generally NAT allows a single device such as a router to act as an agent between the WAN IP ...private (local) network addresses to one network to a single local (subnet) IP address. This screen displays the IP addresses specified in which users require dedicated IP addresses or when publicfacing servers are users on the Network Configuration --> Routing screen). 3. 4-8 WS2000 Wireless Switch System Reference Guide 4.3 Configuring Network Address Translation ...
... fewer public IP address on the WAN than there are connected to the switch. • Select 1 to a range of local IP addresses. Generally NAT allows a single device such as a router to act as an agent between the WAN IP ...private (local) network addresses to one network to a single local (subnet) IP address. This screen displays the IP addresses specified in which users require dedicated IP addresses or when publicfacing servers are users on the Network Configuration --> Routing screen). 3. 4-8 WS2000 Wireless Switch System Reference Guide 4.3 Configuring Network Address Translation ...
Reference Guide
Page 74
...DES encryption algorithm, which requires 192-bit (48-character hexadecimal) keys. 4-20 WS2000 Wireless Switch System Reference Guide 3. Select this item if the local ID type is the IP address specified...or UFQDN are selected, specify the data (either the qualified domain name or the user name) in the IKE Authentication Passphrase field. The Phase I protocols of the ...and IKE aggressive mode refers to create and import certificates into the system. 8. See Managing Digital Certificates to the aggressive exchange. Choose the authentication mode to be used during authentication...
...DES encryption algorithm, which requires 192-bit (48-character hexadecimal) keys. 4-20 WS2000 Wireless Switch System Reference Guide 3. Select this item if the local ID type is the IP address specified...or UFQDN are selected, specify the data (either the qualified domain name or the user name) in the IKE Authentication Passphrase field. The Phase I protocols of the ...and IKE aggressive mode refers to create and import certificates into the system. 8. See Managing Digital Certificates to the aggressive exchange. Choose the authentication mode to be used during authentication...
Reference Guide
Page 80
...recipient to save changes made on port 21. EXPN (Expand) This command asks the receiver to the FTP server. 5. 4-26 WS2000 Wireless Switch System Reference Guide SAML (Send and Mail) This command initiates a mail transaction where mail data is sent to -host file transport. Specify the ... the specified argument identifies a user. Directory List Blocks requests to retrieve a directory listing sent from the client across the switch's WAN port to the FTP server. Passive Operation Blocks passive mode FTP requests sent from the client across the switch's WAN port to confirm that...
...recipient to save changes made on port 21. EXPN (Expand) This command asks the receiver to the FTP server. 5. 4-26 WS2000 Wireless Switch System Reference Guide SAML (Send and Mail) This command initiates a mail transaction where mail data is sent to -host file transport. Specify the ... the specified argument identifies a user. Directory List Blocks requests to retrieve a directory listing sent from the client across the switch's WAN port to the FTP server. Passive Operation Blocks passive mode FTP requests sent from the client across the switch's WAN port to confirm that...
Reference Guide
Page 86
... using the shared secret key. This change will affect several other screens and the interface will see when accessing the wireless network. The current settings for the associated Subnet and adopted Access Ports are adopted in conjunction with each WLAN can help ... STAs via a secure channel that users will change the name of any wireless encryption or authentication is presumed to have been delivered to connect. The required secret, shared key is enabled for the WLAN. 5-4 WS2000 Wireless Switch System Reference Guide The screen also displays the following configuration...
... using the shared secret key. This change will affect several other screens and the interface will see when accessing the wireless network. The current settings for the associated Subnet and adopted Access Ports are adopted in conjunction with each WLAN can help ... STAs via a secure channel that users will change the name of any wireless encryption or authentication is presumed to have been delivered to connect. The required secret, shared key is enabled for the WLAN. 5-4 WS2000 Wireless Switch System Reference Guide The screen also displays the following configuration...
Reference Guide
Page 90
The WS 2000 Wireless Switch provides two methods for validating user credentials such as a failover server if the switch cannot successfully contact the primary server. 4. EAP provides effective authentication with or without IEEE ...and sometimes, secret-key information. 5-8 WS2000 Wireless Switch System Reference Guide The authentication method sets a challenge-response procedure for authenticating users: 802.1x EAP and Kerberos. The administrator can confirm the appropriate primary and secondary port numbers. On the Network Configuration --> Wireless --> --> Security screen, select the...
The WS 2000 Wireless Switch provides two methods for validating user credentials such as a failover server if the switch cannot successfully contact the primary server. 4. EAP provides effective authentication with or without IEEE ...and sometimes, secret-key information. 5-8 WS2000 Wireless Switch System Reference Guide The authentication method sets a challenge-response procedure for authenticating users: 802.1x EAP and Kerberos. The administrator can confirm the appropriate primary and secondary port numbers. On the Network Configuration --> Wireless --> --> Security screen, select the...
Reference Guide
Page 92
...ticket granting service, whereby an authorized user is granted a ticket that NTP is enabled (go to System Configuration --> NTP Servers from the left menu). Make sure that is encrypted with the switch. The WS 2000 Wireless Switch provides four methods for the Kerberos configuration...and KeyGuard methods use Kerberos to prove their identity to a server (and vice versa) across an insecure network connection. 5-10 WS2000 Wireless Switch System Reference Guide 18.Click the Ok button to save changes. 5.3.3 Configuring Kerberos Authentication Kerberos provides a strong authentication method ...
...ticket granting service, whereby an authorized user is granted a ticket that NTP is enabled (go to System Configuration --> NTP Servers from the left menu). Make sure that is encrypted with the switch. The WS 2000 Wireless Switch provides four methods for the Kerberos configuration...and KeyGuard methods use Kerberos to prove their identity to a server (and vice versa) across an insecure network connection. 5-10 WS2000 Wireless Switch System Reference Guide 18.Click the Ok button to save changes. 5.3.3 Configuring Kerberos Authentication Kerberos provides a strong authentication method ...
Reference Guide
Page 94
... Two Tunneling Protocol (L2TP). If ASCII Passphrase is Temporal Key Integrity Protocol (TKIP). 5-12 WS2000 Wireless Switch System Reference Guide networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by using WPA2 in conjunction with a re-keying mechanism...To use WPA2 encryption in seconds for broadcasting encryption-key changes to a numeric value. 9. WPA/WPA2 also provides strong user authentication that uses a shared, secret key for relaxed security. Specify a time period in conjunction with Temporal Key Integrity ...
... Two Tunneling Protocol (L2TP). If ASCII Passphrase is Temporal Key Integrity Protocol (TKIP). 5-12 WS2000 Wireless Switch System Reference Guide networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by using WPA2 in conjunction with a re-keying mechanism...To use WPA2 encryption in seconds for broadcasting encryption-key changes to a numeric value. 9. WPA/WPA2 also provides strong user authentication that uses a shared, secret key for relaxed security. Specify a time period in conjunction with Temporal Key Integrity ...