WS5100 Series Switch
Motorola, Inc. All rights reserved
Contents
Network Setup
Switch Services
Switch Security
TOC-3
Switch Management
Diagnostics
TOC-5
TOC-6WS5100 Series Switch System Reference Guide
Document Conventions
Introduction
Documentation Set
Notational Conventions
Overview
Hardware Overview
Physical Specifications
Power Cord Specifications
Power Protection
System Status LED Codes
Error Codes
Start Up
Primary
Standby
Software Overview
Infrastructure Features
Switch includes the following Infrastructure features
Installation Feature
Configuration Management
Text Based Configuration
Licensing Support
Serviceability
Tracing / Logging
Process Monitor
Hardware Abstraction Layer and Drivers
Wireless Switching
Password Recovery
Switch includes the following wireless switching features
Secure Network Time Protocol Sntp
Rate Limiting
Physical Layer Features 802.11a
802.11bg
Proxy-ARP
HotSpot / IP Redirect
IDM Identity Driven Management
Voice Prioritization
Self Healing
Currently voice support implies the following
Neighbor Configuration
Wireless Capacity
Detector APs
Self Healing Actions
MU Balancing Across Multiple APs
AP Balancing Across Multiple Switches
Wireless Roaming
Interswitch Layer 2 Roaming
MU Move Command
L3 Roaming
Fast Roaming
Power Save Polling
2.12 QoS
802.11e QoS
802.1p Support
Wireless Layer 2 Switching
Data QoS
Dcscp to AC Mapping
Automatic Channel Selection
Wired Switching
Switch includes the following wired switching features
Dhcp Servers
Ddns
Management Features
WS5100 switch supports 32 Wlans
Vlan Enhancements
Interface Management
Switch includes the following wired security features
Security Features
Encryption and Authentication
MU Authentication
Keyguard-WEP
Kerberos
802.1x EAP
Switch-to-Wired
5.7 802.1x Authentication
Secure Beacon
MU to MU Allow
Change Username/Password after AP Adoption
Reset Username/Password to Factory Defaults
Lldp is always enabled and cannot be disabled
Ieee 802.1AB Lldp
RF scan by Access Port on all channels
Rogue AP Detection
Rogue AP Report
Snmp Trap on discovery
Authorized AP Lists
Certificate Management
Access Port Support
5.14 NAT
Web UI Requirements
Accessing the Switch Web UI
Content of this chapter is segregated amongst the following
Connecting to the Switch Web UI
Switch Password Recovery
Switch Web UI Access and Image Upgrades
Upgrading the Switch Image
Upgrading the Switch Image from 1.4.x or 2.x to Version
Auto Installation
Configuring Auto Install via the CLI
Enables are set using the autoinstall feature command
Downgrading the Switch Image
AP-4131 Access Point to Access Port Conversion
Enables are cleared using the no autoinstall feature
Whenever a string is blank it is shown as --not-set
Select the AP Installation main menu item
Select the Special Functions main menu item
10WS5100 Series Switch System Reference Guide
Viewing the Switch Interface
It consists of the following two tabs
Viewing the Switch Configuration
Troubleshooting
Time Displays the time of day used by the switch Time Zone
Incorrectly could render your switch as operating illegally
System Name
Viewing Dashboard Details
Severity Last Occurrence Message # Occurrences
Viewing Switch Statistics
Name
Status
Speed
Utilization issues negatively impacting performance
Avg Signal
Number of MUs
Associated Number of APs
Viewing Switch Port Information
Viewing the Port Configuration
Duplex Displays the port as either half or full duplex
Editing the Port Configuration
Modified
Viewing the Ports Runtime Status
Ethernet ports have a maximum MTU setting
Viewing the Ports Statistics
Name Displays the ports current name MAC Address
Oper Status
Packets In Error
Indication of a network problem
Network issues
Different port could be required
Detailed Port Statistics
Viewing the Port Statistics Graph
Output Unicast
Output Packets
With interface is saturated
Switch Information
Viewing Switch Configurations
Size Bytes
Viewing the Detailed Contents of a Config File
Editing a Config File
Main screen displays the contents of the configuration file
Transferring a Config File
Path
Viewing Switch Firmware Information
Password
Editing the Switch Firmware
Enabling Global Settings for the Failover Image
Updating the Switch Firmware
If using TFTP, use tftp//ipaddress/path/filename
Boot of the switch
Configuring Automatic Updates
Enable
Setting
Password Enter the password required to access the server
File Name With
Protocol
Viewing the Switch Alarm Log
View By
View All
Index
Viewing Alarm Log Details
Viewing Switch Licenses
Solution
Description
Possible Causes
How to use the Filter Option
30WS5100 Series Switch System Reference Guide
Network Setup
Displaying the Network Interface
Resolution Entries
Switch Virtual
Wireless LANs
DNS Servers
Configuring DNS
Access Ports
Viewing Network IP Information
Select the Domain Network System tab
Configuring Global Settings
Adding an IP Address for a DNS Server
Obsolete addresses are periodically removed
Server IP Address
Configuring IP Forwarding
Following details display in the table
Active
Adding a New Static Route
Route Metric
Viewing Address Resolution
Select the Address Resolution tab
Typically a Vlan
Type
Viewing and Configuring Layer 2 Virtual LANs
Trunk
Mode It can be either Access or Trunk
Ethernet 1 or ethernet
Editing the Details of an Existing Vlan
Is selected, the Allowed VLANs field is unavailable
Mode drop-down menu
Configuring Switch Virtual Interfaces
Configuring the Virtual Interface
Following configuration details display in the table
Name Displays the name of the virtual interface
Displays the Vlan ID associated with the interface
Up or not Down
Adding a Virtual Interface
Modifying a Virtual Interface
To add a new virtual interface
To modify an existing virtual interface
Viewing Virtual Interface Statistics
Packets, etc
Viewing Virtual Interface Statistics
Only hard-coded at the factory and cannot be modified
Viewing the Virtual Interface Statistics Graph
Click Close to close the dialog
Viewing and Configuring Switch WLANs
Configuring WLANs
Enabled
4094. The default Vlan ID is
Authentication
Modify the WLAN’s current authentication scheme
Editing the Wlan Configuration
Value used is unique
Intended function of the Wlan
No Authentication
Tunnel
802.1X EAP
Kerberos
Refer to the Advanced field for the following information
Configuring Authentication Types
Configuring 802.1x EAP
MU Max Retries
Configuring Kerboros
MU Timeout
28WS5100 Series Switch System Reference Guide
Configuring Hotspots
Switch Hotspot Redirection
Configuring an Internal Hotspot
Title Text
Header Text
Footer Text
Small Logo URL
Descriptive Text
Configuring External Hotspot
Main Logo URL
Failed Page URL
Login Page URL
Need to provide correct login information to access the Web
Configuring Advanced Hotspot
34WS5100 Series Switch System Reference Guide
Network Setup
Configuring Dynamic MAC ACL
Configuring External Radius Server Support
Address Authentication data source Radius Port
Authentication data source. The default port is
Secret Secondary Radius server Server Timeout
Radius Server
Motorola user privilege values User login source
Configuring Different Encryption Types
Configuring the User Login Sources
Configuring WEP
Configuring WEP 128 / KeyGuard
Key 1011121314 2021222324 3031323334 4041424344
Key
Default hexadecimal keys for WEP 128 and KeyGuard include
Use the Key #1-4areas to specify key numbers
Configuring WPA/WPA2 using Tkip and Ccmp
Bit Key
Ascii Passphrase
From entering the 256-bit key each time keys are generated
Pre-Authentication
Viewing Wlan Statistics
PMK Caching
Opportunistic Key
That may have similar characteristics
Ssid is the Service Set ID Ssid for the selected Wlan
Last 30s
Last Hr
Viewing Wlan Statistics in Detail
Refer to the RF Status field for the following information
Refer to the Errors field for the following information
Viewing Wlan Statistics in a Graphical Format
50WS5100 Series Switch System Reference Guide
Viewing Wlan Switch Statistics
Click the VLAN/Tunnel Assignment tab
Edit button on the Configuration tab within the WLANs
Viewing VLAN/Tunnel Assignments
Configuring WMM
WMM enabled
Access
Four Access Category types are
Background Optimized for background traffic
Access Category to
Category Network traffic Dscp to Access
Category Network traffic
Generic QoS GQoS application programming interface API
Editing WMM Settings
Read-only and cannot be modified within this screen
Viewing Associated MU Details
Viewing MU Status
CW Minimum
CW Maximum
Power Save
This address is burned into the ROM of the MU
Ready
Interoperating with
Displays of the Wlan the MU is currently associated with
Similar configurations
Viewing MU Details
Viewing MU Statistics
Configuration
Selected MU from the access port
Possible network or hardware problems
Address is hard coded at the factory and cannot be modified
Viewing MU Statistics in Detail
Refer to the Traffic field for the following information
Hard-coded at the factory and cannot be modified
Viewing Access Port Information
View a MU Statistics Graph
Name Displays a user assigned name for the radio
Configuring Access Port Radios
Access Ports screen consists of the following tabs
Refer to the Properties field for the following
Configuring an AP’s Global Settings
Configuring Layer 3 Access Port Adoption on
Click the Configure Port Authentication button
Port Authentication
Editing AP Settings
Network Setup
Maximum MUs
MUs that can associate to a radio is
RTS Threshold
Beacon Interval
Dtim Periods
Configuring Rate Settings
Self Healing Offset
Adding APs
Viewing AP Statistics
Differentiate the radio from other device radios
Average Mbps
Packets that are sent and received
RF Util
Was encountered on the configured channel
Viewing AP Statistics in Detail
Viewing AP Statistics in Graphical Format
Statistic for the last hour
Configuring Wlan Assignment
Click the Wlan Assignment tab
Its intended coverage area or function
Configurations
Editing a Wlan Assignment
From the description field in the Radio Configuration screen
Identifier such as 1/4, 1/3, etc
Editing WMM Settings
To view existing Radio Configuration information
Viewing Access Port Adoption Defaults
Configuring AP Adoption Defaults
Options include Indoor or Outdoor. Default is Indoor
Channel. Default is random
Power dBm
Defaults are 20 dBM for 802.11bg and 17 dBm for 802.11a
Editing Default Radio Adoption Settings
Stations that can associate to a radio are
Transmission path
Dtim Period
Configuring Rate Settings
Configuring Layer 3 Access Port Adoption
Assigned WLANs tab displays two fields Select Radios/BSS
Select/Change Assigned WLANs
Access Category reflects the radios intended network traffic
Cannot be modified
Higher priority traffic
Editing Access Port Adoption WMM Settings
To edit the existing WMM settings
Viewing Access Port Status
Viewing Adopted Access Ports
Viewing Unadopted Access Ports
Unadopted AP tab displays the following information
Network Setup
96WS5100 Series Switch System Reference Guide
Switch Services
Displaying the Services Interface
To display a Services Summary
Dhcp Servers
NTP Time
For information on configuring GRE tunneling, see
Dhcp Server Settings
Configuring the Switch Dhcp Server
Pool Name
Editing the Properties of an Existing Dhcp Pool
Lease Time
Ddhhmm
Domain
Adding a New Dhcp Pool
Click the Add button at the bottom of the screen
Configuring Dhcp Global Options
Configuring Dhcp Server Ddns Values
10WS5100 Series Switch System Reference Guide
Viewing the Attributes of Existing Host Pools
Can be assigned
Hardware Address
Client Name
Configuring Excluded IP Address Information
Configuring Dhcp Server Relay Information
14WS5100 Series Switch System Reference Guide
Viewing Dhcp Server Status
Refer to the contents of the Status tab for the following
Configuring Secure NTP
Defining the Sntp Configuration
Refer to the Other Settings field to define the following
Adding a New Sntp Symmetric Key
Defining a Sntp Neighbor Configuration
When adding or editing an NTP neighbor
Hostname
Support
Neighbor Type
Adding an NTP Neighbor
Viewing Sntp Associations
Select the NTP Associations tab
Viewing Sntp Status
Leap
Transmissions are synchronized
Found in some workstations
Root Dispersion
Configuring Switch Redundancy
Root delay
26WS5100 Series Switch System Reference Guide
Redundancy Switch
Redundancy ID
Mode
Discovery Period
Reviewing Redundancy Status
Redundancy Group License Aggregation Rules on
Configuring Redundancy Group Membership
Values
Do not match this switch’s parameters
Not Seen The member is no more seen by this switch
Displaying Redundancy Member Details
Module
Complimentary with this switch’s version?
Updates Sent
Updates Received
Adoption Capacity
Redundancy Group License Aggregation Rules
Adding a Redundancy Group Member
Configuring Layer 3 Mobility
Layer 3 Mobility
36WS5100 Series Switch System Reference Guide
Switch Services
Defining the Layer 3 Peer List
Reviewing Layer 3 Peer List Statistics
Select the Peer Statistics tab
Reviewing Layer 3 MU Status
Configuring GRE Tunnels
Assigning priority to different types of traffic
Destinations IP
To configure GRE tunnelling on the switch
Source IP
Interface IP
Disabled
Editing the Properties of a GRE Tunnel
Adding a New GRE Tunnel
Configuring Self Healing
Select the Enable Neighbor Recovery checkbox
Configuring Self Healing Neighbor Details
Select the Neighbor Details tab
Editing the Properties of a Neighbor
Switch Services
Configuring Switch Discovery
Configuring Discovery Profiles
Profile Name
To be located
Start IP Address
Network devices is conducted
Adding a New Discovery Profile
Viewing Discovered Switches
Assigned using the Switch Configuration screen
Different profile for the switch discovery process
Discovery profile and launching a new search
New search
Switch Security
Displaying the Main Security Interface
Wireless Filters
Detection
Certificates
Trustpoints
AP Intrusion Detection
Enabling and Configuring AP Detection
To configure AP Detection
Timeout
Unapproved AP
Refresh Time
BSS MAC Address
Adding or Editing an Allowed AP
Any MAC Address
Specific MAC
Address Particular index
Approved APs Reported by APs
To review the attributes of allowed APs
Unapproved APs Reported by APs
Therefore interpreted as a threat on the network
Address to a new Allowed AP index
Dbm
Essid to a new Allowed AP index
Unapproved APs Reported by MUs
Seconds Detecting AP
Configuring MU Intrusion Detection
To configure MU intrusion detection
MU Intrusion Detection
As a threat
Switch columns
Contents of the MUs that have been filtered thus far
Violation Type
Mobile Unit
Identifier
Click on Revert to rollback to the previous configuration
Viewing Filtered MUs
Configuring Wireless Filters
Filters field contains the following read-only information
Refer to the Associated WLANs field for following
Editing an Existing Wireless Filter
Adding a new Wireless Filter
Enter the a hex value for the Starting MAC address
Configuring ACLs
Associating an ACL with Wlan
Switch supports the following ACLs to filter traffic
ACL Overview
Router ACLs
For more information, see
Port ACLs
Precedence Order
Wireless LAN ACLs
ACL Actions
Configuring an ACL
Adding a New ACL
Adding a New ACL Rule
22WS5100 Series Switch System Reference Guide
Editing an Existing Rule
Adding a New ACL Configuration
Attaching an ACL
Eth1
Eth2
Attaching an ACL on a Wlan Interface/Port
Click on the Attach tab Click on the Add button
Adding a New ACL Wlan Configuration
Displays the IP ACL configured
Displays the MAC ACL configured
Direction
Reviewing ACL Statistics
Click on the Dynamic Translation tab
Configuring NAT Information
Defining Dynamic NAT Translations
Anywhere on the Internet
LAN over the switch managed network
Access List
Type Displays the NAT type as either
Adding a New Dynamic NAT Configuration
Defining Static NAT Translations
Click the Static Translation tab
Adding a New Static NAT Configuration
Click on the Static Translation tab
Switch Security
Configuring NAT Interfaces
Available from the drop-down menu for use as the interface
Viewing NAT Status
Configuring IKE Settings
Inside-Global
World
Inside Local
Defining the IKE Configuration
Click the Configurations tab
Setting IKE Policies
Aggressive Mode
Peer IP Address
Peers
Switch Security
SHA The default value
Default value
Priority
Highest priority value
Secret without transmitting it to one another
Include
Options include
Viewing SA Statistics
Configuring IPSec VPN
Configure a Dhcp Sever to give public IP address
Configure security associations parameters
Defining the IPSec Configuration
Editing an Existing Transform Set
Transport
AH Authentication
Adding a New Transform Set
ESP Encryption
Tunnel or Transport
Scheme Include None No AH authentication is used
Defining the IPSec VPN Remote Configuration
Click the IP Range tab to view the following information
Configuring Ipsec VPN Authentication
Click the Authentication tab
Default port is
Port
Shared Secret
Configuring Crypto Maps
Priority / Seq
Crypto Map Entries
Click the Crypto Maps tab and select Crypto Map Entries
Mode Config
ACL ID
Crypto Map Peers
Click the Crypto Maps tab and select Peers
Priority / Seq #
Higher the priority
Peer Name
Set for protecting the data flow
Crypto Map Manual SAs
Transform Set
Crypto Map Transform Sets
Protecting the data flow
Crypto Map Interfaces
Index from others with similar configurations
Viewing IPSec Security Associations
Configuring the Radius Server
Setting up Radius on the switch entails the following
Radius Overview
TLS and MD5 Ttls and PAP
User Database
Ttls and MSCHAPv2 Peap and GTC Peap and MSCHAPv2
Using the Switch’s Radius Server Versus an External Radius
Defining the Radius Configuration
Radius Client Configuration
Radius Proxy Server Configuration
Configuring Radius Authentication and Accounting
EAP and Auth Type Specify the EAP type for the Radius server
Configuring Radius Users
Cert Trustpoint
CA Cert Trustpoint
Activity is detected
Their Radius privileges expire
User
Guest User
Configuring Radius User Groups
Select the Groups tab
Guest Group
Configured WLANs
Time of access
Viewing Radius Accounting Logs
Available WLANs
Creating Server Certificates
Select the Accounting Logs tab
Automatically once they reach their limit
Size
Using Trustpoints to Configure Certificates
Certificate was issued
City L
Within the State/Prov stated
Creating a Server / CA Root Certificate
Using the Wizard to Create a New Certificate
Key for you new certificate
78WS5100 Series Switch System Reference Guide
Organization Unit
City
Organization
Requests
Using the Wizard Delete Operation
To use the wizard to delete trustpoint properties
Configuring Trustpoint Associated Keys
Click the Next button to complete the trustpoint removal
Key Label
Adding a New Key
Select the Keys tab Keys tab displays the following
Transferring Keys
84WS5100 Series Switch System Reference Guide
Switch Management
Displaying the Management Access Interface
Log Output
Configuring Access Control
To configure access control settings on the switch
Enable Telnet
Network. This setting is enabled by default
Long as the Enable Telnet option remains enabled
Enable Snmp Retries
Configuring Snmp Access
360 is associated with the SSH-Server
Community Name
Configuring Snmp v1/v2 Access
Access Control
Configuring Snmp v3 Access
Editing an Existing Snmp v1/v2 Community Name
Unique SNMPv3 usernames and passwords include
User Name
Editing a Snmp v3 Authentication and Privacy Password
Select Management Access Snmp Access from the main menu tree
V2/V3 Metrics
Accessing Snmp v2/v3 Statistics
Read-Only errors
Usm Statistics Values
To configure Snmp trap definitions
Configuring Snmp Traps
Enabling Trap Configuration
Wireless
Redundancy
Miscellaneous
Mobility
Configuring Trap Thresholds
To configure Snmp trap threshold values
Threshold Name
Generation
14WS5100 Series Switch System Reference Guide
Wireless Trap Threshold Values
Radio Range Wlan Range Wireless Units
Configuring Snmp Trap Receivers
To configure the attributes of Snmp trap receivers
To add a new Snmp trap receiver
Editing Snmp Trap Receivers
Adding Snmp Trap Receivers
Configuring Management Users
Configuring Local Users
Creating a New Local User
Modifying an Existing Local User
Redundancy/clustering and control access
Provides read-only permissions
Creating a Guest Admin and Guest User
Configuring Switch Authentication
Assign the guest-admin WebUser Administrator access
Not a DNS name
Assignment is from 1
Modifying the Properties of an Existing Radius Server
Modify the following Radius Server attributes as necessary
Adding a New Radius Server
Address Not a DNS name Radius Server Port
Is from 1
Session. The available range is between 0
Switch Management
28WS5100 Series Switch System Reference Guide
Diagnostics
Displaying the Main Diagnostic Interface
Switch Environment
CPU Performance
Switch Memory Allocation
Switch Disk Allocation
Buffer
Usage
Switch Memory Processes
Other Switch Resources
Select the Other Resources tab
Configuring System Logging
Log Options
8WS5100 Series Switch System Reference Guide
File Management
Log level
Made, they have been accounted for
Date
Viewing the Entire Contents of Individual Log Files
Transferring Log Files
Reviewing Core Snapshots
File extension is always .core for core files
Troubleshooting issues
Transferring Core Snapshots
Reviewing Panic Snapshots
Select a target file, and select the Transfer Files button
Panic actually occurred
Remaining nine are renamed so the newest can be saved as
Size Displays the size of the panic file in bytes Created
Viewing Panic Details
Transferring Panic Files
Select Diagnostics Applet Debugging from the main menu
Debugging the Applet
Configuring a Ping
Timeout sec
Not received by the switch from its target device
Time between the switch and its connected device
New ping test is required
Adding a New Ping Test
Modifying the Configuration of an Existing Ping Test
Timeoutsec
Within the Configuration tab
Between the switch and its connected device
Test Name
Test description to convey the overall function of the test
Viewing Ping Statistics
Average RTT
Last Response
24WS5100 Series Switch System Reference Guide
General Information
Motorola’s Enterprise Mobility Support Center
Customer Support Web Site
2WS5100 Series System Reference Guide
Page
Motorola INC