WS5100 Series Switch
Motorola, Inc. All rights reserved
Contents
Network Setup
Switch Services
Switch Security
TOC-3
Switch Management
Diagnostics
TOC-5
TOC-6WS5100 Series Switch System Reference Guide
Introduction
Documentation Set
Document Conventions
Notational Conventions
Overview
Hardware Overview
Power Protection
Physical Specifications
Power Cord Specifications
System Status LED Codes
Primary
Error Codes
Start Up
Standby
Infrastructure Features
Switch includes the following Infrastructure features
Software Overview
Text Based Configuration
Installation Feature
Configuration Management
Licensing Support
Process Monitor
Serviceability
Tracing / Logging
Hardware Abstraction Layer and Drivers
Switch includes the following wireless switching features
Wireless Switching
Password Recovery
Secure Network Time Protocol Sntp
Physical Layer Features 802.11a
802.11bg
Rate Limiting
Proxy-ARP
HotSpot / IP Redirect
Self Healing
IDM Identity Driven Management
Voice Prioritization
Currently voice support implies the following
Detector APs
Neighbor Configuration
Wireless Capacity
Self Healing Actions
AP Balancing Across Multiple Switches
Wireless Roaming
MU Balancing Across Multiple APs
L3 Roaming
Interswitch Layer 2 Roaming
MU Move Command
Fast Roaming
802.11e QoS
Power Save Polling
2.12 QoS
802.1p Support
Dcscp to AC Mapping
Wireless Layer 2 Switching
Data QoS
Automatic Channel Selection
Dhcp Servers
Wired Switching
Switch includes the following wired switching features
Ddns
Vlan Enhancements
Management Features
WS5100 switch supports 32 Wlans
Interface Management
Security Features
Encryption and Authentication
Switch includes the following wired security features
Kerberos
MU Authentication
Keyguard-WEP
802.1x EAP
Secure Beacon
Switch-to-Wired
5.7 802.1x Authentication
MU to MU Allow
Lldp is always enabled and cannot be disabled
Change Username/Password after AP Adoption
Reset Username/Password to Factory Defaults
Ieee 802.1AB Lldp
RF scan by Access Port on all channels
Rogue AP Detection
Snmp Trap on discovery
Authorized AP Lists
Rogue AP Report
Access Port Support
5.14 NAT
Certificate Management
Accessing the Switch Web UI
Content of this chapter is segregated amongst the following
Web UI Requirements
Connecting to the Switch Web UI
Switch Password Recovery
Switch Web UI Access and Image Upgrades
Upgrading the Switch Image
Upgrading the Switch Image from 1.4.x or 2.x to Version
Auto Installation
Configuring Auto Install via the CLI
Enables are set using the autoinstall feature command
Enables are cleared using the no autoinstall feature
Downgrading the Switch Image
AP-4131 Access Point to Access Port Conversion
Whenever a string is blank it is shown as --not-set
Select the AP Installation main menu item
Select the Special Functions main menu item
10WS5100 Series Switch System Reference Guide
Viewing the Switch Interface
It consists of the following two tabs
Viewing the Switch Configuration
Incorrectly could render your switch as operating illegally
Troubleshooting
Time Displays the time of day used by the switch Time Zone
System Name
Viewing Dashboard Details
Severity Last Occurrence Message # Occurrences
Status
Viewing Switch Statistics
Name
Speed
Number of MUs
Utilization issues negatively impacting performance
Avg Signal
Associated Number of APs
Viewing Switch Port Information
Viewing the Port Configuration
Editing the Port Configuration
Modified
Duplex Displays the port as either half or full duplex
Viewing the Ports Runtime Status
Name Displays the ports current name MAC Address
Ethernet ports have a maximum MTU setting
Viewing the Ports Statistics
Oper Status
Network issues
Packets In Error
Indication of a network problem
Different port could be required
Detailed Port Statistics
Output Packets
Viewing the Port Statistics Graph
Output Unicast
With interface is saturated
Switch Information
Viewing Switch Configurations
Size Bytes
Viewing the Detailed Contents of a Config File
Editing a Config File
Main screen displays the contents of the configuration file
Transferring a Config File
Viewing Switch Firmware Information
Password
Path
Editing the Switch Firmware
Enabling Global Settings for the Failover Image
Updating the Switch Firmware
If using TFTP, use tftp//ipaddress/path/filename
Configuring Automatic Updates
Enable
Boot of the switch
File Name With
Setting
Password Enter the password required to access the server
Protocol
View All
Viewing the Switch Alarm Log
View By
Index
Viewing Alarm Log Details
Description
Viewing Switch Licenses
Solution
Possible Causes
How to use the Filter Option
30WS5100 Series Switch System Reference Guide
Network Setup
Displaying the Network Interface
Wireless LANs
Resolution Entries
Switch Virtual
DNS Servers
Viewing Network IP Information
Configuring DNS
Access Ports
Select the Domain Network System tab
Obsolete addresses are periodically removed
Configuring Global Settings
Adding an IP Address for a DNS Server
Server IP Address
Configuring IP Forwarding
Following details display in the table
Adding a New Static Route
Route Metric
Active
Typically a Vlan
Viewing Address Resolution
Select the Address Resolution tab
Type
Viewing and Configuring Layer 2 Virtual LANs
Mode It can be either Access or Trunk
Ethernet 1 or ethernet
Trunk
Editing the Details of an Existing Vlan
Is selected, the Allowed VLANs field is unavailable
Configuring Switch Virtual Interfaces
Configuring the Virtual Interface
Mode drop-down menu
Displays the Vlan ID associated with the interface
Following configuration details display in the table
Name Displays the name of the virtual interface
Up or not Down
To add a new virtual interface
Adding a Virtual Interface
Modifying a Virtual Interface
To modify an existing virtual interface
Viewing Virtual Interface Statistics
Packets, etc
Viewing Virtual Interface Statistics
Only hard-coded at the factory and cannot be modified
Viewing the Virtual Interface Statistics Graph
Viewing and Configuring Switch WLANs
Configuring WLANs
Click Close to close the dialog
Authentication
Enabled
4094. The default Vlan ID is
Modify the WLAN’s current authentication scheme
Editing the Wlan Configuration
Value used is unique
Intended function of the Wlan
802.1X EAP
No Authentication
Tunnel
Kerberos
Refer to the Advanced field for the following information
Configuring Authentication Types
Configuring 802.1x EAP
Configuring Kerboros
MU Timeout
MU Max Retries
28WS5100 Series Switch System Reference Guide
Configuring Hotspots
Switch Hotspot Redirection
Configuring an Internal Hotspot
Footer Text
Title Text
Header Text
Small Logo URL
Configuring External Hotspot
Main Logo URL
Descriptive Text
Login Page URL
Need to provide correct login information to access the Web
Failed Page URL
Configuring Advanced Hotspot
34WS5100 Series Switch System Reference Guide
Network Setup
Configuring Dynamic MAC ACL
Configuring External Radius Server Support
Secret Secondary Radius server Server Timeout
Address Authentication data source Radius Port
Authentication data source. The default port is
Radius Server
Motorola user privilege values User login source
Configuring Different Encryption Types
Configuring the User Login Sources
Configuring WEP
Configuring WEP 128 / KeyGuard
Key 1011121314 2021222324 3031323334 4041424344
Default hexadecimal keys for WEP 128 and KeyGuard include
Use the Key #1-4areas to specify key numbers
Key
Configuring WPA/WPA2 using Tkip and Ccmp
Ascii Passphrase
From entering the 256-bit key each time keys are generated
Bit Key
PMK Caching
Pre-Authentication
Viewing Wlan Statistics
Opportunistic Key
Last 30s
That may have similar characteristics
Ssid is the Service Set ID Ssid for the selected Wlan
Last Hr
Viewing Wlan Statistics in Detail
Refer to the RF Status field for the following information
Refer to the Errors field for the following information
Viewing Wlan Statistics in a Graphical Format
50WS5100 Series Switch System Reference Guide
Viewing Wlan Switch Statistics
Edit button on the Configuration tab within the WLANs
Viewing VLAN/Tunnel Assignments
Click the VLAN/Tunnel Assignment tab
Configuring WMM
Four Access Category types are
WMM enabled
Access
Background Optimized for background traffic
Category Network traffic
Access Category to
Category Network traffic Dscp to Access
Generic QoS GQoS application programming interface API
Editing WMM Settings
Read-only and cannot be modified within this screen
CW Minimum
Viewing Associated MU Details
Viewing MU Status
CW Maximum
Ready
Power Save
This address is burned into the ROM of the MU
Interoperating with
Similar configurations
Viewing MU Details
Displays of the Wlan the MU is currently associated with
Viewing MU Statistics
Possible network or hardware problems
Configuration
Selected MU from the access port
Address is hard coded at the factory and cannot be modified
Viewing MU Statistics in Detail
Refer to the Traffic field for the following information
Hard-coded at the factory and cannot be modified
Viewing Access Port Information
View a MU Statistics Graph
Configuring Access Port Radios
Access Ports screen consists of the following tabs
Name Displays a user assigned name for the radio
Refer to the Properties field for the following
Configuring an AP’s Global Settings
Configuring Layer 3 Access Port Adoption on
Port Authentication
Editing AP Settings
Click the Configure Port Authentication button
Network Setup
Maximum MUs
MUs that can associate to a radio is
RTS Threshold
Beacon Interval
Configuring Rate Settings
Self Healing Offset
Dtim Periods
Adding APs
Viewing AP Statistics
Packets that are sent and received
Differentiate the radio from other device radios
Average Mbps
RF Util
Was encountered on the configured channel
Viewing AP Statistics in Detail
Viewing AP Statistics in Graphical Format
Statistic for the last hour
Configuring Wlan Assignment
Click the Wlan Assignment tab
Configurations
Editing a Wlan Assignment
Its intended coverage area or function
From the description field in the Radio Configuration screen
Identifier such as 1/4, 1/3, etc
Editing WMM Settings
Viewing Access Port Adoption Defaults
Configuring AP Adoption Defaults
To view existing Radio Configuration information
Power dBm
Options include Indoor or Outdoor. Default is Indoor
Channel. Default is random
Defaults are 20 dBM for 802.11bg and 17 dBm for 802.11a
Editing Default Radio Adoption Settings
Stations that can associate to a radio are
Transmission path
Dtim Period
Configuring Rate Settings
Configuring Layer 3 Access Port Adoption
Assigned WLANs tab displays two fields Select Radios/BSS
Select/Change Assigned WLANs
Access Category reflects the radios intended network traffic
Cannot be modified
Editing Access Port Adoption WMM Settings
To edit the existing WMM settings
Higher priority traffic
Viewing Access Port Status
Viewing Adopted Access Ports
Viewing Unadopted Access Ports
Unadopted AP tab displays the following information
Network Setup
96WS5100 Series Switch System Reference Guide
Switch Services
Dhcp Servers
Displaying the Services Interface
To display a Services Summary
NTP Time
Dhcp Server Settings
Configuring the Switch Dhcp Server
For information on configuring GRE tunneling, see
Pool Name
Ddhhmm
Editing the Properties of an Existing Dhcp Pool
Lease Time
Domain
Adding a New Dhcp Pool
Click the Add button at the bottom of the screen
Configuring Dhcp Global Options
Configuring Dhcp Server Ddns Values
10WS5100 Series Switch System Reference Guide
Hardware Address
Viewing the Attributes of Existing Host Pools
Can be assigned
Client Name
Configuring Excluded IP Address Information
Configuring Dhcp Server Relay Information
14WS5100 Series Switch System Reference Guide
Viewing Dhcp Server Status
Configuring Secure NTP
Defining the Sntp Configuration
Refer to the contents of the Status tab for the following
Refer to the Other Settings field to define the following
Adding a New Sntp Symmetric Key
Defining a Sntp Neighbor Configuration
Support
When adding or editing an NTP neighbor
Hostname
Neighbor Type
Adding an NTP Neighbor
Viewing Sntp Associations
Select the NTP Associations tab
Transmissions are synchronized
Viewing Sntp Status
Leap
Found in some workstations
Configuring Switch Redundancy
Root delay
Root Dispersion
26WS5100 Series Switch System Reference Guide
Mode
Redundancy Switch
Redundancy ID
Discovery Period
Reviewing Redundancy Status
Redundancy Group License Aggregation Rules on
Configuring Redundancy Group Membership
Do not match this switch’s parameters
Not Seen The member is no more seen by this switch
Values
Displaying Redundancy Member Details
Module
Updates Received
Complimentary with this switch’s version?
Updates Sent
Adoption Capacity
Redundancy Group License Aggregation Rules
Adding a Redundancy Group Member
Configuring Layer 3 Mobility
Layer 3 Mobility
36WS5100 Series Switch System Reference Guide
Switch Services
Defining the Layer 3 Peer List
Reviewing Layer 3 Peer List Statistics
Select the Peer Statistics tab
Reviewing Layer 3 MU Status
Configuring GRE Tunnels
Assigning priority to different types of traffic
To configure GRE tunnelling on the switch
Source IP
Destinations IP
Disabled
Editing the Properties of a GRE Tunnel
Interface IP
Adding a New GRE Tunnel
Configuring Self Healing
Select the Enable Neighbor Recovery checkbox
Configuring Self Healing Neighbor Details
Select the Neighbor Details tab
Editing the Properties of a Neighbor
Switch Services
Configuring Switch Discovery
Configuring Discovery Profiles
Start IP Address
Profile Name
To be located
Network devices is conducted
Adding a New Discovery Profile
Viewing Discovered Switches
Discovery profile and launching a new search
Assigned using the Switch Configuration screen
Different profile for the switch discovery process
New search
Switch Security
Displaying the Main Security Interface
Certificates
Wireless Filters
Detection
Trustpoints
Enabling and Configuring AP Detection
To configure AP Detection
AP Intrusion Detection
Refresh Time
Timeout
Unapproved AP
BSS MAC Address
Specific MAC
Adding or Editing an Allowed AP
Any MAC Address
Address Particular index
Approved APs Reported by APs
To review the attributes of allowed APs
Address to a new Allowed AP index
Unapproved APs Reported by APs
Therefore interpreted as a threat on the network
Dbm
Unapproved APs Reported by MUs
Seconds Detecting AP
Essid to a new Allowed AP index
MU Intrusion Detection
Configuring MU Intrusion Detection
To configure MU intrusion detection
As a threat
Violation Type
Switch columns
Contents of the MUs that have been filtered thus far
Mobile Unit
Click on Revert to rollback to the previous configuration
Viewing Filtered MUs
Identifier
Configuring Wireless Filters
Filters field contains the following read-only information
Refer to the Associated WLANs field for following
Editing an Existing Wireless Filter
Adding a new Wireless Filter
Enter the a hex value for the Starting MAC address
Configuring ACLs
Associating an ACL with Wlan
Router ACLs
Switch supports the following ACLs to filter traffic
ACL Overview
For more information, see
Port ACLs
Wireless LAN ACLs
ACL Actions
Precedence Order
Configuring an ACL
Adding a New ACL
Adding a New ACL Rule
22WS5100 Series Switch System Reference Guide
Editing an Existing Rule
Eth1
Adding a New ACL Configuration
Attaching an ACL
Eth2
Attaching an ACL on a Wlan Interface/Port
Click on the Attach tab Click on the Add button
Displays the MAC ACL configured
Adding a New ACL Wlan Configuration
Displays the IP ACL configured
Direction
Reviewing ACL Statistics
Configuring NAT Information
Defining Dynamic NAT Translations
Click on the Dynamic Translation tab
Access List
Anywhere on the Internet
LAN over the switch managed network
Type Displays the NAT type as either
Adding a New Dynamic NAT Configuration
Defining Static NAT Translations
Click the Static Translation tab
Adding a New Static NAT Configuration
Click on the Static Translation tab
Switch Security
Configuring NAT Interfaces
Available from the drop-down menu for use as the interface
Viewing NAT Status
World
Configuring IKE Settings
Inside-Global
Inside Local
Defining the IKE Configuration
Click the Configurations tab
Peer IP Address
Setting IKE Policies
Aggressive Mode
Peers
Switch Security
Priority
SHA The default value
Default value
Highest priority value
Include
Options include
Secret without transmitting it to one another
Viewing SA Statistics
Configuring IPSec VPN
Configure a Dhcp Sever to give public IP address
Configure security associations parameters
Defining the IPSec Configuration
Editing an Existing Transform Set
Transport
ESP Encryption
AH Authentication
Adding a New Transform Set
Tunnel or Transport
Scheme Include None No AH authentication is used
Defining the IPSec VPN Remote Configuration
Click the IP Range tab to view the following information
Configuring Ipsec VPN Authentication
Port
Click the Authentication tab
Default port is
Shared Secret
Configuring Crypto Maps
Crypto Map Entries
Click the Crypto Maps tab and select Crypto Map Entries
Priority / Seq
Mode Config
ACL ID
Crypto Map Peers
Higher the priority
Click the Crypto Maps tab and select Peers
Priority / Seq #
Peer Name
Crypto Map Manual SAs
Transform Set
Set for protecting the data flow
Crypto Map Transform Sets
Protecting the data flow
Crypto Map Interfaces
Index from others with similar configurations
Viewing IPSec Security Associations
Radius Overview
Configuring the Radius Server
Setting up Radius on the switch entails the following
TLS and MD5 Ttls and PAP
User Database
Ttls and MSCHAPv2 Peap and GTC Peap and MSCHAPv2
Using the Switch’s Radius Server Versus an External Radius
Defining the Radius Configuration
Radius Client Configuration
Radius Proxy Server Configuration
Configuring Radius Authentication and Accounting
EAP and Auth Type Specify the EAP type for the Radius server
CA Cert Trustpoint
Configuring Radius Users
Cert Trustpoint
Activity is detected
User
Guest User
Their Radius privileges expire
Configuring Radius User Groups
Select the Groups tab
Guest Group
Viewing Radius Accounting Logs
Configured WLANs
Time of access
Available WLANs
Automatically once they reach their limit
Creating Server Certificates
Select the Accounting Logs tab
Size
City L
Using Trustpoints to Configure Certificates
Certificate was issued
Within the State/Prov stated
Creating a Server / CA Root Certificate
Using the Wizard to Create a New Certificate
Key for you new certificate
78WS5100 Series Switch System Reference Guide
City
Organization
Organization Unit
Using the Wizard Delete Operation
To use the wizard to delete trustpoint properties
Requests
Configuring Trustpoint Associated Keys
Click the Next button to complete the trustpoint removal
Adding a New Key
Select the Keys tab Keys tab displays the following
Key Label
Transferring Keys
84WS5100 Series Switch System Reference Guide
Switch Management
Displaying the Management Access Interface
Configuring Access Control
To configure access control settings on the switch
Log Output
Long as the Enable Telnet option remains enabled
Enable Telnet
Network. This setting is enabled by default
Enable Snmp Retries
Configuring Snmp Access
360 is associated with the SSH-Server
Configuring Snmp v1/v2 Access
Access Control
Community Name
Configuring Snmp v3 Access
Editing an Existing Snmp v1/v2 Community Name
Unique SNMPv3 usernames and passwords include
User Name
Editing a Snmp v3 Authentication and Privacy Password
Select Management Access Snmp Access from the main menu tree
Accessing Snmp v2/v3 Statistics
Read-Only errors
V2/V3 Metrics
Usm Statistics Values
Configuring Snmp Traps
Enabling Trap Configuration
To configure Snmp trap definitions
Miscellaneous
Wireless
Redundancy
Mobility
Threshold Name
Configuring Trap Thresholds
To configure Snmp trap threshold values
Generation
14WS5100 Series Switch System Reference Guide
Wireless Trap Threshold Values
Radio Range Wlan Range Wireless Units
Configuring Snmp Trap Receivers
To configure the attributes of Snmp trap receivers
Editing Snmp Trap Receivers
Adding Snmp Trap Receivers
To add a new Snmp trap receiver
Configuring Management Users
Configuring Local Users
Creating a New Local User
Modifying an Existing Local User
Redundancy/clustering and control access
Provides read-only permissions
Creating a Guest Admin and Guest User
Configuring Switch Authentication
Assign the guest-admin WebUser Administrator access
Not a DNS name
Assignment is from 1
Modifying the Properties of an Existing Radius Server
Modify the following Radius Server attributes as necessary
Is from 1
Adding a New Radius Server
Address Not a DNS name Radius Server Port
Session. The available range is between 0
Switch Management
28WS5100 Series Switch System Reference Guide
Diagnostics
Displaying the Main Diagnostic Interface
Switch Environment
CPU Performance
Buffer
Switch Memory Allocation
Switch Disk Allocation
Usage
Switch Memory Processes
Other Switch Resources
Configuring System Logging
Log Options
Select the Other Resources tab
8WS5100 Series Switch System Reference Guide
Made, they have been accounted for
File Management
Log level
Date
Viewing the Entire Contents of Individual Log Files
Transferring Log Files
Reviewing Core Snapshots
Troubleshooting issues
Transferring Core Snapshots
File extension is always .core for core files
Reviewing Panic Snapshots
Select a target file, and select the Transfer Files button
Remaining nine are renamed so the newest can be saved as
Size Displays the size of the panic file in bytes Created
Panic actually occurred
Viewing Panic Details
Transferring Panic Files
Select Diagnostics Applet Debugging from the main menu
Debugging the Applet
Configuring a Ping
Time between the switch and its connected device
Timeout sec
Not received by the switch from its target device
New ping test is required
Modifying the Configuration of an Existing Ping Test
Timeoutsec
Adding a New Ping Test
Test Name
Within the Configuration tab
Between the switch and its connected device
Test description to convey the overall function of the test
Viewing Ping Statistics
Average RTT
Last Response
24WS5100 Series Switch System Reference Guide
Motorola’s Enterprise Mobility Support Center
Customer Support Web Site
General Information
2WS5100 Series System Reference Guide
Page
Motorola INC