Reference Guide
Page 5
...IP Filtering 5-15 5.3.11 Mobile Unit Access Control List (ACL 5-15 5.4 Configuring Access Ports 5-16 5.5 Setting Default Access Port Settings 5-19 5.5.1 Common Settings to All Radio Types 5-20 5.5.2 Radio-Specific Settings 5-22 5.6 Advanced ...Setting SNMP Traps for Rogue APs 5-36 5.10 Configuring Wirless Intrusion Protection System (WIPS 5-37 5.11 Wireless Intrusion Detection System 5-38 5.11.1 WIDS Configuration 5-39 5.11.2 Filtered MUs 5-40 5.12 Smart Scan... 6.1.5 Applet Timeout Specification 6-4 6.1.6 Changing the Administrator Password 6-4 6.2 Configuring User Authentication 6-4
...IP Filtering 5-15 5.3.11 Mobile Unit Access Control List (ACL 5-15 5.4 Configuring Access Ports 5-16 5.5 Setting Default Access Port Settings 5-19 5.5.1 Common Settings to All Radio Types 5-20 5.5.2 Radio-Specific Settings 5-22 5.6 Advanced ...Setting SNMP Traps for Rogue APs 5-36 5.10 Configuring Wirless Intrusion Protection System (WIPS 5-37 5.11 Wireless Intrusion Detection System 5-38 5.11.1 WIDS Configuration 5-39 5.11.2 Filtered MUs 5-40 5.12 Smart Scan... 6.1.5 Applet Timeout Specification 6-4 6.1.6 Changing the Administrator Password 6-4 6.2 Configuring User Authentication 6-4
Reference Guide
Page 32
...authentication session and replaying it disconnects. 10000 seconds default idle time is less secure, because the username and password travel as clear text that their clients communicate...password are idle. This number is not responding. 2-8 WS2000 Wireless Switch System Reference Guide when servers in the PPP over Ethernet (PPPoE) Communication PPPoE provides the ability to connect a network of hosts through a simple device... mode keeps the switch's WAN connection alive, even when there is authorized to launch an attack. 6. The Secondary DNS Server acts as www.motorola.com, into ,...
...authentication session and replaying it disconnects. 10000 seconds default idle time is less secure, because the username and password travel as clear text that their clients communicate...password are idle. This number is not responding. 2-8 WS2000 Wireless Switch System Reference Guide when servers in the PPP over Ethernet (PPPoE) Communication PPPoE provides the ability to connect a network of hosts through a simple device... mode keeps the switch's WAN connection alive, even when there is authorized to launch an attack. 6. The Secondary DNS Server acts as www.motorola.com, into ,...
Reference Guide
Page 34
... alter its original form. In the Network Configuration --> Wireless --> --> --> Security screen, the administrator can set the type and level of security for the simple encryption of rules that fine tune the performance of a wired LAN. The WS2000 Wireless Switch provides two methods for less than a...default setting (No Authentication) is a security protocol specified in reverse to restore the data to that require more security are at risk from a WEP flaw. The administrator can set the user authentication method and the encryption method, as well as username, password,...
... alter its original form. In the Network Configuration --> Wireless --> --> --> Security screen, the administrator can set the type and level of security for the simple encryption of rules that fine tune the performance of a wired LAN. The WS2000 Wireless Switch provides two methods for less than a...default setting (No Authentication) is a security protocol specified in reverse to restore the data to that require more security are at risk from a WEP flaw. The administrator can set the user authentication method and the encryption method, as well as username, password,...
Reference Guide
Page 50
...the starting and ending values with the RADIUS server using IP, check the Enable IP Filtering check box. To enable filtering using a user ID and password. Set the appropriate filter and click Ok to close the dialog. 7. The IP Filtering dialog appears. The port is mapped to a subnet and ...VLAN type to be one from control information provided by the RADIUS server. If the VLAN Type is User Based, then the Default VLAN ID must be created. 1. 3-14 WS2000 Wireless Switch System Reference Guide The upper part of the screen is used for packets that do not have the VLAN tag inserted.
...the starting and ending values with the RADIUS server using IP, check the Enable IP Filtering check box. To enable filtering using a user ID and password. Set the appropriate filter and click Ok to close the dialog. 7. The IP Filtering dialog appears. The port is mapped to a subnet and ...VLAN type to be one from control information provided by the RADIUS server. If the VLAN Type is User Based, then the Default VLAN ID must be created. 1. 3-14 WS2000 Wireless Switch System Reference Guide The upper part of the screen is used for packets that do not have the VLAN tag inserted.
Reference Guide
Page 57
...with the network administrator or ISP to determine whether to enable this protocol. The 10000 second default idle time is not responding. 4.1.2 Setting Up Point-to-Point over Ethernet area to enable the PPPoE protocol for the switch's router to use to address the WS 2000 Wireless Switch. •...; Click the More IP Addresses button to specify additional static IP addresses for most situations. WAN Configuration 4-3 • The IP Address refers to the IP address that their clients communicate using this feature, and, if so, find out the username and password ...
...with the network administrator or ISP to determine whether to enable this protocol. The 10000 second default idle time is not responding. 4.1.2 Setting Up Point-to-Point over Ethernet area to enable the PPPoE protocol for the switch's router to use to address the WS 2000 Wireless Switch. •...; Click the More IP Addresses button to specify additional static IP addresses for most situations. WAN Configuration 4-3 • The IP Address refers to the IP address that their clients communicate using this feature, and, if so, find out the username and password ...
Reference Guide
Page 58
... as clear text that compares the user name and password to access the server. This method of the numbers in . Once connected, the PPPoE State section will display the provided IP Address, Default Gateway, Primary DNS Server and Secondary DNS Server If the ...switch to continue occasional communications over a network to come up with a number value. In either case, enabling Keep-Alive mode keeps the switch's WAN connection alive, even when there is no traffic. 4-4 WS2000 Wireless Switch System Reference Guide 4. PAP An identity verification method used to send a user name and password...
... as clear text that compares the user name and password to access the server. This method of the numbers in . Once connected, the PPPoE State section will display the provided IP Address, Default Gateway, Primary DNS Server and Secondary DNS Server If the ...switch to continue occasional communications over a network to come up with a number value. In either case, enabling Keep-Alive mode keeps the switch's WAN connection alive, even when there is no traffic. 4-4 WS2000 Wireless Switch System Reference Guide 4. PAP An identity verification method used to send a user name and password...
Reference Guide
Page 112
To use the default username click the In the Username field, specify a 802.1x username for all AP 300 Access Ports adopted by the switch. 5-30 WS2000 Wireless Switch System Reference Guide To set up Port Authentication for all adopted AP 300 Access Ports: 1.
To use the default username click the In the Username field, specify a 802.1x username for all AP 300 Access Ports adopted by the switch. 5-30 WS2000 Wireless Switch System Reference Guide To set up Port Authentication for all adopted AP 300 Access Ports: 1.
Reference Guide
Page 128
6-2 WS2000 Wireless Switch System Reference Guide 6.1 Configuring Administrator Access The WS 2000 Network Management System allows users to log in to the WS 2000 Wireless Switch. The WS2000 Access screen is used to configure the access and related parameters for the WS 2000 Wireless Switch. By default, any settings within the WS 2000 Network Management System. NOTE: When connected to allow or disallow specific...
6-2 WS2000 Wireless Switch System Reference Guide 6.1 Configuring Administrator Access The WS 2000 Network Management System allows users to log in to the WS 2000 Wireless Switch. The WS2000 Access screen is used to configure the access and related parameters for the WS 2000 Wireless Switch. By default, any settings within the WS 2000 Network Management System. NOTE: When connected to allow or disallow specific...
Reference Guide
Page 129
...management tools that maximize the availability, security and effectiveness of a wireless network. NOTE: If all the checkboxes in this situation occurs accidentally, you can be entered in the SSH Client Inactivity Timeout field. If this section are two methods available for Admin Authentication area. The default is , using the standard admin password...). • Select the RADIUS radio button to the switch. To enable AirBEAM access, check the Enable AirBEAM checkbox. 2. The only way the device can then be able...
...management tools that maximize the availability, security and effectiveness of a wireless network. NOTE: If all the checkboxes in this situation occurs accidentally, you can be entered in the SSH Client Inactivity Timeout field. If this section are two methods available for Admin Authentication area. The default is , using the standard admin password...). • Select the RADIUS radio button to the switch. To enable AirBEAM access, check the Enable AirBEAM checkbox. 2. The only way the device can then be able...
Reference Guide
Page 132
This information is selected, specify a Default Auth Type for each host or subnet that will...Certificates). 6. To create a server certificate, select the Self Certificates screen from the Certificate Mgmt menu. 6-6 WS2000 Wireless Switch System Reference Guide 4. Netmask This field contains the netmask (subnet mask) of the subnet or host that CA...and MSCHAP-V2. • Message Digest 5 (MD5) is a protocol where the user sends an identifier and password pair to use on Microsoft's challenge/response authentication protocol. 5. It is an encrypted authentication method based on the ...
This information is selected, specify a Default Auth Type for each host or subnet that will...Certificates). 6. To create a server certificate, select the Self Certificates screen from the Certificate Mgmt menu. 6-6 WS2000 Wireless Switch System Reference Guide 4. Netmask This field contains the netmask (subnet mask) of the subnet or host that CA...and MSCHAP-V2. • Message Digest 5 (MD5) is a protocol where the user sends an identifier and password pair to use on Microsoft's challenge/response authentication protocol. 5. It is an encrypted authentication method based on the ...
Reference Guide
Page 133
...from an active subnet on this screen are only available when LDAP or LDAPS is the point in this screen. Password Attribute Enter the password attribute used by your LDAP server. The base object is set as a data source. Group Attribute Specify the group... filters used to provide information about the external LDAP server. Select [User Authentication] --> RADIUS Server --> LDAP The fields on the switch. The default port is used by your LDAP server. Administrator and User Access 6-7 6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication When the ...
...from an active subnet on this screen are only available when LDAP or LDAPS is the point in this screen. Password Attribute Enter the password attribute used by your LDAP server. The base object is set as a data source. Group Attribute Specify the group... filters used to provide information about the external LDAP server. Select [User Authentication] --> RADIUS Server --> LDAP The fields on the switch. The default port is used by your LDAP server. Administrator and User Access 6-7 6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication When the ...
Reference Guide
Page 135
... Authentication] --> User Database to save changes. Each user that is created is assigned their own password and is used to Local. To add a new group, click the Add button and enter the...name of the group in the new blank field in the local RADIUS server's database. The default port is used for user authentication. NOTE: If you are added. The information in the ... shared secret to LDAP, the proxy server will not be successful when performing the authentication. 6.2.4 Managing the Local User Database The User Database screen is associated with the RADIUS proxy server. 4. Although...
... Authentication] --> User Database to save changes. Each user that is created is assigned their own password and is used to Local. To add a new group, click the Add button and enter the...name of the group in the new blank field in the local RADIUS server's database. The default port is used for user authentication. NOTE: If you are added. The information in the ... shared secret to LDAP, the proxy server will not be successful when performing the authentication. 6.2.4 Managing the Local User Database The User Database screen is associated with the RADIUS proxy server. 4. Although...
Reference Guide
Page 163
... remote device to retrieve switch information, while read /write community string also allows a remote device to modify settings. Switch Administration 7-21 retrieve information, while a read /write access also allows a remote device to modify switch settings....the OIDs (SNMP parameters) in the SNMP Management Information Base (MIB) file. Type in the OID cell of a user security level and a user password. 1. If a custom OID is very...community. Either use the OID (Object Identifier) pull-down menu to select the default OID or type in an OID number into the field. (The format is...
... remote device to retrieve switch information, while read /write community string also allows a remote device to modify settings. Switch Administration 7-21 retrieve information, while a read /write access also allows a remote device to modify switch settings....the OIDs (SNMP parameters) in the SNMP Management Information Base (MIB) file. Type in the OID cell of a user security level and a user password. 1. If a custom OID is very...community. Either use the OID (Object Identifier) pull-down menu to select the default OID or type in an OID number into the field. (The format is...
Reference Guide
Page 171
...server IP address for the administrator password. To view the log or set up a log server, select System Configuration --> Logs from the Logging Level drop-down menu. Switch Administration 7-29 7.11 Setting Up and Viewing the System Log The WS 2000 Network Management System keeps a log of the ...level and events with the lowest numbers representing the most recent events that are retained on the switch. The switch has a modest of amount of the events that are logged by default), and then decodes the messages into eight levels (0 through 7), with levels lower than the ...
...server IP address for the administrator password. To view the log or set up a log server, select System Configuration --> Logs from the Logging Level drop-down menu. Switch Administration 7-29 7.11 Setting Up and Viewing the System Log The WS 2000 Network Management System keeps a log of the ...level and events with the lowest numbers representing the most recent events that are retained on the switch. The switch has a modest of amount of the events that are logged by default), and then decodes the messages into eight levels (0 through 7), with levels lower than the ...
Reference Guide
Page 191
... VLAN tag inserted. Use the pull-down menu to open the VLAN Configuration screen. 1. Enter the Default VLAN ID to be configured as done in this MU and User ID information combination. The VLANs in Port-based...switch. If the VLAN Type is User Based, then the Default VLAN ID must be one of the IDs assigned to a single VLAN. When entering multiple VLAN IDs, separate each enabled Subnet, enter the VLAN ID. 5. Select Network Configuration --> VLAN to select a VLAN Type for Wireless..., separate the starting and ending values with the RADIUS server using a user ID and password.
... VLAN tag inserted. Use the pull-down menu to open the VLAN Configuration screen. 1. Enter the Default VLAN ID to be configured as done in this MU and User ID information combination. The VLANs in Port-based...switch. If the VLAN Type is User Based, then the Default VLAN ID must be one of the IDs assigned to a single VLAN. When entering multiple VLAN IDs, separate each enabled Subnet, enter the VLAN ID. 5. Select Network Configuration --> VLAN to select a VLAN Type for Wireless..., separate the starting and ending values with the RADIUS server using a user ID and password.
Reference Guide
Page 396
...default gateway IP address to (1-39 characters). Enables or disables PPPoE. Enables or disables PPPoE keepalive. Example: admin(network.wan)>set dhcp enable admin(network.wan)>set dgw 192.168.122.25 admin(network.wan)>set pppoe mode enable admin(network.wan)>set pppoe type chap admin(network... indicates the number of the following values: none, pap/chap, pap, or chap. Sets the PPPoE password to . 13-122 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> set dhcp dgw dns enable / disable ipadr mask mode pppoe mode idle ka enable / disable passwd...
...default gateway IP address to (1-39 characters). Enables or disables PPPoE. Enables or disables PPPoE keepalive. Example: admin(network.wan)>set dhcp enable admin(network.wan)>set dgw 192.168.122.25 admin(network.wan)>set pppoe mode enable admin(network.wan)>set pppoe type chap admin(network... indicates the number of the following values: none, pap/chap, pap, or chap. Sets the PPPoE password to . 13-122 WS2000 Wireless Switch System Reference Guide WS2000>admin(network.wan)> set dhcp dgw dns enable / disable ipadr mask mode pppoe mode idle ka enable / disable passwd...
Reference Guide
Page 397
Command Line Interface Reference 13-123 WS2000>admin(network.wan)> show pppoe pppoe mode pppoe keepalive mode pppoe authentication type pppoe idle time pppoe user name pppoe password : enable : disable : chap : 600 : JohnDoe : ******** Example: admin(network.wan)>show ip 3 wan interface ip address network mask default gateway dhcp mode primary dns server secondary dns server : enable : 0.0.0.0 : 0.0.0.0 : 192...
Command Line Interface Reference 13-123 WS2000>admin(network.wan)> show pppoe pppoe mode pppoe keepalive mode pppoe authentication type pppoe idle time pppoe user name pppoe password : enable : disable : chap : 600 : JohnDoe : ******** Example: admin(network.wan)>show ip 3 wan interface ip address network mask default gateway dhcp mode primary dns server secondary dns server : enable : 0.0.0.0 : 0.0.0.0 : 192...
Reference Guide
Page 532
... a proxy server. The default port is 1812. Example: admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set Description: Sets the RADIUS proxy server authentication parameters. auth-server- 13-258 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication.radius...
... a proxy server. The default port is 1812. Example: admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set Description: Sets the RADIUS proxy server authentication parameters. auth-server- 13-258 WS2000 Wireless Switch System Reference Guide WS2000>admin(system.authentication.radius...
Reference Guide
Page 673
...description 3-8 G gateway services 1-6 General Routing Encapsulation (GRE 3-9, 3-11, 3-16 Generic Token Card (GTC) authentication 6-5, 6-6 graphs, displaying statistics in AirBEAM name and password 6-3 default name 6-2 procedure 2-3 log, system 7-29 remote ID 4-23 location variable changing 7-3 entering 2-4 log enable logging to CF card 7-30 system server, setup 7-29 ... 12-35 configuring interface 2-5 enabling Subnet1 2-5 Layer 3 VLANs 3-14, 10-3 LED functions 1-5 Lightweight Directory Access Protocol (LDAP), configuring . . . 6-7 local area network, see LAN local ID vs.
...description 3-8 G gateway services 1-6 General Routing Encapsulation (GRE 3-9, 3-11, 3-16 Generic Token Card (GTC) authentication 6-5, 6-6 graphs, displaying statistics in AirBEAM name and password 6-3 default name 6-2 procedure 2-3 log, system 7-29 remote ID 4-23 location variable changing 7-3 entering 2-4 log enable logging to CF card 7-30 system server, setup 7-29 ... 12-35 configuring interface 2-5 enabling Subnet1 2-5 Layer 3 VLANs 3-14, 10-3 LED functions 1-5 Lightweight Directory Access Protocol (LDAP), configuring . . . 6-7 local area network, see LAN local ID vs.
Reference Guide
Page 674
... 11-15 WLAN 11-11 Index-4 WS 2000 Wireless Switch System Reference Guide M MAC addresses description 5-17 ...PEAP) authentication 6-5 proxy configuration, setting up 12-41 Network Address Translation, see NAT network traps 7-25 NTP server, specifying 7-27 O operating system services 1-6 P PAP authentication 2-8, 4-4 passwords AirBEAM 6-3 changing for 8-5 LDAP settings 6-7 local user ... hotspot accounting 8-8 authentication 8-8 configuring for administrator 6-4 default 6-2 entering 2-3 settings 7-22 placement, radio 5-20 Point-to Many 4-8 configuring 4-8, 12-13 forward vs.
... 11-15 WLAN 11-11 Index-4 WS 2000 Wireless Switch System Reference Guide M MAC addresses description 5-17 ...PEAP) authentication 6-5 proxy configuration, setting up 12-41 Network Address Translation, see NAT network traps 7-25 NTP server, specifying 7-27 O operating system services 1-6 P PAP authentication 2-8, 4-4 passwords AirBEAM 6-3 changing for 8-5 LDAP settings 6-7 local user ... hotspot accounting 8-8 authentication 8-8 configuring for administrator 6-4 default 6-2 entering 2-3 settings 7-22 placement, radio 5-20 Point-to Many 4-8 configuring 4-8, 12-13 forward vs.