Configuring NAT Interfaces | Motorola WS5100 specs

6-34WS5100 Series Switch System Reference Guide

13.Click Cancel to close the dialog without committing updates to the running configuration.

6.6.3 Configuring NAT Interfaces

The NAT Interface is the VLAN used to route switch data traffic between the source and destination address locations within the switch-managed network. Any of the default VLANs is available as the NAT interface, in addition to any other VLANs you may have created. In addition to selecting the VLAN, specify the Inside or Outside NAT type.

To view and configure a NAT interface:

1.Select Security > NAT from the main menu tree.

2.Click on the Interfaces tab.

3. Refer to the following information as displayed within the Interface tab:

Interface	Displays the particular VLAN used as the inside or outside NAT type. All defined VLANs are
	available from the drop-down menu for use as the interface.
Type	Displays the NAT type as either:

•Inside - The set of switch-managed networks subject to translation. These are the internal addresses you are trying to prevent from being exposed to the outside world.

•Outside - All other addresses. Usually these are valid addresses located on the Internet. Outside addresses pose no risk if exposed over a publicly accessible network.

4.To Edit an existing interface, select it from the list of available interfaces and click the Edit button.

An Edit Interface screen displays allowing the user to modify the VLAN and interface type (inside or outside) used.

5.If an interface is obsolete or of no use to the NAT translation process, select it and click the Delete button to remove it from the list of interfaces available

Image 258

Motorola WS5100 manual Configuring NAT Interfaces, Available from the drop-down menu for use as the interface

Contents

WS5100 Series Switch Motorola, Inc. All rights reserved Contents Network Setup Switch Services Switch Security TOC-3 Switch Management Diagnostics TOC-5 TOC-6WS5100 Series Switch System Reference Guide Introduction Documentation SetDocument Conventions Notational Conventions Overview Hardware Overview Power Protection Physical SpecificationsPower Cord Specifications System Status LED Codes Primary Error CodesStart Up Standby Infrastructure Features Switch includes the following Infrastructure featuresSoftware Overview Text Based Configuration Installation FeatureConfiguration Management Licensing Support Process Monitor ServiceabilityTracing / Logging Hardware Abstraction Layer and Drivers Switch includes the following wireless switching features Wireless SwitchingPassword Recovery Secure Network Time Protocol Sntp Physical Layer Features 802.11a 802.11bgRate Limiting Proxy-ARP HotSpot / IP Redirect Self Healing IDM Identity Driven ManagementVoice Prioritization Currently voice support implies the following Detector APs Neighbor ConfigurationWireless Capacity Self Healing Actions AP Balancing Across Multiple Switches Wireless RoamingMU Balancing Across Multiple APs L3 Roaming Interswitch Layer 2 RoamingMU Move Command Fast Roaming 802.11e QoS Power Save Polling2.12 QoS 802.1p Support Dcscp to AC Mapping Wireless Layer 2 SwitchingData QoS Automatic Channel Selection Dhcp Servers Wired SwitchingSwitch includes the following wired switching features Ddns Vlan Enhancements Management FeaturesWS5100 switch supports 32 Wlans Interface Management Security Features Encryption and AuthenticationSwitch includes the following wired security features Kerberos MU AuthenticationKeyguard-WEP 802.1x EAP Secure Beacon Switch-to-Wired5.7 802.1x Authentication MU to MU Allow Lldp is always enabled and cannot be disabled Change Username/Password after AP AdoptionReset Username/Password to Factory Defaults Ieee 802.1AB Lldp RF scan by Access Port on all channels Rogue AP Detection Snmp Trap on discovery Authorized AP ListsRogue AP Report Access Port Support 5.14 NATCertificate Management Accessing the Switch Web UI Content of this chapter is segregated amongst the followingWeb UI Requirements Connecting to the Switch Web UI Switch Password Recovery Switch Web UI Access and Image Upgrades Upgrading the Switch Image Upgrading the Switch Image from 1.4.x or 2.x to Version Auto Installation Configuring Auto Install via the CLI Enables are set using the autoinstall feature command Enables are cleared using the no autoinstall feature Downgrading the Switch ImageAP-4131 Access Point to Access Port Conversion Whenever a string is blank it is shown as --not-set Select the AP Installation main menu item Select the Special Functions main menu item 10WS5100 Series Switch System Reference Guide Viewing the Switch Interface It consists of the following two tabs Viewing the Switch Configuration Incorrectly could render your switch as operating illegally TroubleshootingTime Displays the time of day used by the switch Time Zone System Name Viewing Dashboard Details Severity Last Occurrence Message # Occurrences Status Viewing Switch StatisticsName Speed Number of MUs Utilization issues negatively impacting performanceAvg Signal Associated Number of APs Viewing Switch Port Information Viewing the Port Configuration Editing the Port Configuration ModifiedDuplex Displays the port as either half or full duplex Viewing the Ports Runtime Status Name Displays the ports current name MAC Address Ethernet ports have a maximum MTU settingViewing the Ports Statistics Oper Status Network issues Packets In ErrorIndication of a network problem Different port could be required Detailed Port Statistics Output Packets Viewing the Port Statistics GraphOutput Unicast With interface is saturated Switch Information Viewing Switch Configurations Size Bytes Viewing the Detailed Contents of a Config File Editing a Config File Main screen displays the contents of the configuration file Transferring a Config File Viewing Switch Firmware Information PasswordPath Editing the Switch Firmware Enabling Global Settings for the Failover Image Updating the Switch Firmware If using TFTP, use tftp//ipaddress/path/filename Configuring Automatic Updates EnableBoot of the switch File Name With SettingPassword Enter the password required to access the server Protocol View All Viewing the Switch Alarm LogView By Index Viewing Alarm Log Details Description Viewing Switch LicensesSolution Possible Causes How to use the Filter Option 30WS5100 Series Switch System Reference Guide Network Setup Displaying the Network Interface Wireless LANs Resolution EntriesSwitch Virtual DNS Servers Viewing Network IP Information Configuring DNSAccess Ports Select the Domain Network System tab Obsolete addresses are periodically removed Configuring Global SettingsAdding an IP Address for a DNS Server Server IP Address Configuring IP Forwarding Following details display in the table Adding a New Static Route Route MetricActive Typically a Vlan Viewing Address ResolutionSelect the Address Resolution tab Type Viewing and Configuring Layer 2 Virtual LANs Mode It can be either Access or Trunk Ethernet 1 or ethernetTrunk Editing the Details of an Existing Vlan Is selected, the Allowed VLANs field is unavailable Configuring Switch Virtual Interfaces Configuring the Virtual InterfaceMode drop-down menu Displays the Vlan ID associated with the interface Following configuration details display in the tableName Displays the name of the virtual interface Up or not Down To add a new virtual interface Adding a Virtual InterfaceModifying a Virtual Interface To modify an existing virtual interface Viewing Virtual Interface Statistics Packets, etc Viewing Virtual Interface Statistics Only hard-coded at the factory and cannot be modified Viewing the Virtual Interface Statistics Graph Viewing and Configuring Switch WLANs Configuring WLANsClick Close to close the dialog Authentication Enabled4094. The default Vlan ID is Modify the WLAN’s current authentication scheme Editing the Wlan Configuration Value used is unique Intended function of the Wlan 802.1X EAP No AuthenticationTunnel Kerberos Refer to the Advanced field for the following information Configuring Authentication Types Configuring 802.1x EAP Configuring Kerboros MU TimeoutMU Max Retries 28WS5100 Series Switch System Reference Guide Configuring Hotspots Switch Hotspot Redirection Configuring an Internal Hotspot Footer Text Title TextHeader Text Small Logo URL Configuring External Hotspot Main Logo URLDescriptive Text Login Page URL Need to provide correct login information to access the WebFailed Page URL Configuring Advanced Hotspot 34WS5100 Series Switch System Reference Guide Network Setup Configuring Dynamic MAC ACL Configuring External Radius Server Support Secret Secondary Radius server Server Timeout Address Authentication data source Radius PortAuthentication data source. The default port is Radius Server Motorola user privilege values User login source Configuring Different Encryption Types Configuring the User Login Sources Configuring WEP Configuring WEP 128 / KeyGuard Key 1011121314 2021222324 3031323334 4041424344 Default hexadecimal keys for WEP 128 and KeyGuard include Use the Key #1-4areas to specify key numbersKey Configuring WPA/WPA2 using Tkip and Ccmp Ascii Passphrase From entering the 256-bit key each time keys are generatedBit Key PMK Caching Pre-AuthenticationViewing Wlan Statistics Opportunistic Key Last 30s That may have similar characteristicsSsid is the Service Set ID Ssid for the selected Wlan Last Hr Viewing Wlan Statistics in Detail Refer to the RF Status field for the following information Refer to the Errors field for the following information Viewing Wlan Statistics in a Graphical Format 50WS5100 Series Switch System Reference Guide Viewing Wlan Switch Statistics Edit button on the Configuration tab within the WLANs Viewing VLAN/Tunnel AssignmentsClick the VLAN/Tunnel Assignment tab Configuring WMM Four Access Category types are WMM enabledAccess Background Optimized for background traffic Category Network traffic Access Category toCategory Network traffic Dscp to Access Generic QoS GQoS application programming interface API Editing WMM Settings Read-only and cannot be modified within this screen CW Minimum Viewing Associated MU DetailsViewing MU Status CW Maximum Ready Power SaveThis address is burned into the ROM of the MU Interoperating with Similar configurations Viewing MU DetailsDisplays of the Wlan the MU is currently associated with Viewing MU Statistics Possible network or hardware problems ConfigurationSelected MU from the access port Address is hard coded at the factory and cannot be modified Viewing MU Statistics in Detail Refer to the Traffic field for the following information Hard-coded at the factory and cannot be modified Viewing Access Port Information View a MU Statistics Graph Configuring Access Port Radios Access Ports screen consists of the following tabsName Displays a user assigned name for the radio Refer to the Properties field for the following Configuring an AP’s Global Settings Configuring Layer 3 Access Port Adoption on Port Authentication Editing AP SettingsClick the Configure Port Authentication button Network Setup Maximum MUs MUs that can associate to a radio is RTS Threshold Beacon Interval Configuring Rate Settings Self Healing OffsetDtim Periods Adding APs Viewing AP Statistics Packets that are sent and received Differentiate the radio from other device radiosAverage Mbps RF Util Was encountered on the configured channel Viewing AP Statistics in Detail Viewing AP Statistics in Graphical Format Statistic for the last hour Configuring Wlan Assignment Click the Wlan Assignment tab Configurations Editing a Wlan AssignmentIts intended coverage area or function From the description field in the Radio Configuration screen Identifier such as 1/4, 1/3, etc Editing WMM Settings Viewing Access Port Adoption Defaults Configuring AP Adoption DefaultsTo view existing Radio Configuration information Power dBm Options include Indoor or Outdoor. Default is IndoorChannel. Default is random Defaults are 20 dBM for 802.11bg and 17 dBm for 802.11a Editing Default Radio Adoption Settings Stations that can associate to a radio are Transmission path Dtim Period Configuring Rate Settings Configuring Layer 3 Access Port Adoption Assigned WLANs tab displays two fields Select Radios/BSS Select/Change Assigned WLANs Access Category reflects the radios intended network traffic Cannot be modified Editing Access Port Adoption WMM Settings To edit the existing WMM settingsHigher priority traffic Viewing Access Port Status Viewing Adopted Access Ports Viewing Unadopted Access Ports Unadopted AP tab displays the following information Network Setup 96WS5100 Series Switch System Reference Guide Switch Services Dhcp Servers Displaying the Services InterfaceTo display a Services Summary NTP Time Dhcp Server Settings Configuring the Switch Dhcp ServerFor information on configuring GRE tunneling, see Pool Name Ddhhmm Editing the Properties of an Existing Dhcp PoolLease Time Domain Adding a New Dhcp Pool Click the Add button at the bottom of the screen Configuring Dhcp Global Options Configuring Dhcp Server Ddns Values 10WS5100 Series Switch System Reference Guide Hardware Address Viewing the Attributes of Existing Host PoolsCan be assigned Client Name Configuring Excluded IP Address Information Configuring Dhcp Server Relay Information 14WS5100 Series Switch System Reference Guide Viewing Dhcp Server Status Configuring Secure NTP Defining the Sntp ConfigurationRefer to the contents of the Status tab for the following Refer to the Other Settings field to define the following Adding a New Sntp Symmetric Key Defining a Sntp Neighbor Configuration Support When adding or editing an NTP neighborHostname Neighbor Type Adding an NTP Neighbor Viewing Sntp Associations Select the NTP Associations tab Transmissions are synchronized Viewing Sntp StatusLeap Found in some workstations Configuring Switch Redundancy Root delayRoot Dispersion 26WS5100 Series Switch System Reference Guide Mode Redundancy SwitchRedundancy ID Discovery Period Reviewing Redundancy Status Redundancy Group License Aggregation Rules on Configuring Redundancy Group Membership Do not match this switch’s parameters Not Seen The member is no more seen by this switchValues Displaying Redundancy Member Details Module Updates Received Complimentary with this switch’s version?Updates Sent Adoption Capacity Redundancy Group License Aggregation Rules Adding a Redundancy Group Member Configuring Layer 3 Mobility Layer 3 Mobility 36WS5100 Series Switch System Reference Guide Switch Services Defining the Layer 3 Peer List Reviewing Layer 3 Peer List Statistics Select the Peer Statistics tab Reviewing Layer 3 MU Status Configuring GRE Tunnels Assigning priority to different types of traffic To configure GRE tunnelling on the switch Source IPDestinations IP Disabled Editing the Properties of a GRE TunnelInterface IP Adding a New GRE Tunnel Configuring Self Healing Select the Enable Neighbor Recovery checkbox Configuring Self Healing Neighbor Details Select the Neighbor Details tab Editing the Properties of a Neighbor Switch Services Configuring Switch Discovery Configuring Discovery Profiles Start IP Address Profile NameTo be located Network devices is conducted Adding a New Discovery Profile Viewing Discovered Switches Discovery profile and launching a new search Assigned using the Switch Configuration screenDifferent profile for the switch discovery process New search Switch Security Displaying the Main Security Interface Certificates Wireless FiltersDetection Trustpoints Enabling and Configuring AP Detection To configure AP DetectionAP Intrusion Detection Refresh Time TimeoutUnapproved AP BSS MAC Address Specific MAC Adding or Editing an Allowed APAny MAC Address Address Particular index Approved APs Reported by APs To review the attributes of allowed APs Address to a new Allowed AP index Unapproved APs Reported by APsTherefore interpreted as a threat on the network Dbm Unapproved APs Reported by MUs Seconds Detecting APEssid to a new Allowed AP index MU Intrusion Detection Configuring MU Intrusion DetectionTo configure MU intrusion detection As a threat Violation Type Switch columnsContents of the MUs that have been filtered thus far Mobile Unit Click on Revert to rollback to the previous configuration Viewing Filtered MUsIdentifier Configuring Wireless Filters Filters field contains the following read-only information Refer to the Associated WLANs field for following Editing an Existing Wireless Filter Adding a new Wireless Filter Enter the a hex value for the Starting MAC address Configuring ACLs Associating an ACL with Wlan Router ACLs Switch supports the following ACLs to filter trafficACL Overview For more information, see Port ACLs Wireless LAN ACLs ACL ActionsPrecedence Order Configuring an ACL Adding a New ACL Adding a New ACL Rule 22WS5100 Series Switch System Reference Guide Editing an Existing Rule Eth1 Adding a New ACL ConfigurationAttaching an ACL Eth2 Attaching an ACL on a Wlan Interface/Port Click on the Attach tab Click on the Add button Displays the MAC ACL configured Adding a New ACL Wlan ConfigurationDisplays the IP ACL configured Direction Reviewing ACL Statistics Configuring NAT Information Defining Dynamic NAT TranslationsClick on the Dynamic Translation tab Access List Anywhere on the InternetLAN over the switch managed network Type Displays the NAT type as either Adding a New Dynamic NAT Configuration Defining Static NAT Translations Click the Static Translation tab Adding a New Static NAT Configuration Click on the Static Translation tab Switch Security Configuring NAT Interfaces Available from the drop-down menu for use as the interface Viewing NAT Status World Configuring IKE SettingsInside-Global Inside Local Defining the IKE Configuration Click the Configurations tab Peer IP Address Setting IKE PoliciesAggressive Mode Peers Switch Security Priority SHA The default valueDefault value Highest priority value Include Options includeSecret without transmitting it to one another Viewing SA Statistics Configuring IPSec VPN Configure a Dhcp Sever to give public IP address Configure security associations parameters Defining the IPSec Configuration Editing an Existing Transform Set Transport ESP Encryption AH AuthenticationAdding a New Transform Set Tunnel or Transport Scheme Include None No AH authentication is used Defining the IPSec VPN Remote Configuration Click the IP Range tab to view the following information Configuring Ipsec VPN Authentication Port Click the Authentication tabDefault port is Shared Secret Configuring Crypto Maps Crypto Map Entries Click the Crypto Maps tab and select Crypto Map EntriesPriority / Seq Mode Config ACL ID Crypto Map Peers Higher the priority Click the Crypto Maps tab and select PeersPriority / Seq # Peer Name Crypto Map Manual SAs Transform SetSet for protecting the data flow Crypto Map Transform Sets Protecting the data flow Crypto Map Interfaces Index from others with similar configurations Viewing IPSec Security Associations Radius Overview Configuring the Radius ServerSetting up Radius on the switch entails the following TLS and MD5 Ttls and PAP User Database Ttls and MSCHAPv2 Peap and GTC Peap and MSCHAPv2 Using the Switch’s Radius Server Versus an External Radius Defining the Radius Configuration Radius Client Configuration Radius Proxy Server Configuration Configuring Radius Authentication and Accounting EAP and Auth Type Specify the EAP type for the Radius server CA Cert Trustpoint Configuring Radius UsersCert Trustpoint Activity is detected User Guest UserTheir Radius privileges expire Configuring Radius User Groups Select the Groups tab Guest Group Viewing Radius Accounting Logs Configured WLANsTime of access Available WLANs Automatically once they reach their limit Creating Server CertificatesSelect the Accounting Logs tab Size City L Using Trustpoints to Configure CertificatesCertificate was issued Within the State/Prov stated Creating a Server / CA Root Certificate Using the Wizard to Create a New Certificate Key for you new certificate 78WS5100 Series Switch System Reference Guide City OrganizationOrganization Unit Using the Wizard Delete Operation To use the wizard to delete trustpoint propertiesRequests Configuring Trustpoint Associated Keys Click the Next button to complete the trustpoint removal Adding a New Key Select the Keys tab Keys tab displays the followingKey Label Transferring Keys 84WS5100 Series Switch System Reference Guide Switch Management Displaying the Management Access Interface Configuring Access Control To configure access control settings on the switchLog Output Long as the Enable Telnet option remains enabled Enable TelnetNetwork. This setting is enabled by default Enable Snmp Retries Configuring Snmp Access 360 is associated with the SSH-Server Configuring Snmp v1/v2 Access Access ControlCommunity Name Configuring Snmp v3 Access Editing an Existing Snmp v1/v2 Community Name Unique SNMPv3 usernames and passwords include User Name Editing a Snmp v3 Authentication and Privacy Password Select Management Access Snmp Access from the main menu tree Accessing Snmp v2/v3 Statistics Read-Only errorsV2/V3 Metrics Usm Statistics Values Configuring Snmp Traps Enabling Trap ConfigurationTo configure Snmp trap definitions Miscellaneous WirelessRedundancy Mobility Threshold Name Configuring Trap ThresholdsTo configure Snmp trap threshold values Generation 14WS5100 Series Switch System Reference Guide Wireless Trap Threshold Values Radio Range Wlan Range Wireless Units Configuring Snmp Trap Receivers To configure the attributes of Snmp trap receivers Editing Snmp Trap Receivers Adding Snmp Trap ReceiversTo add a new Snmp trap receiver Configuring Management Users Configuring Local Users Creating a New Local User Modifying an Existing Local User Redundancy/clustering and control access Provides read-only permissions Creating a Guest Admin and Guest User Configuring Switch Authentication Assign the guest-admin WebUser Administrator access Not a DNS name Assignment is from 1 Modifying the Properties of an Existing Radius Server Modify the following Radius Server attributes as necessary Is from 1 Adding a New Radius ServerAddress Not a DNS name Radius Server Port Session. The available range is between 0 Switch Management 28WS5100 Series Switch System Reference Guide Diagnostics Displaying the Main Diagnostic Interface Switch Environment CPU Performance Buffer Switch Memory AllocationSwitch Disk Allocation Usage Switch Memory Processes Other Switch Resources Configuring System Logging Log OptionsSelect the Other Resources tab 8WS5100 Series Switch System Reference Guide Made, they have been accounted for File ManagementLog level Date Viewing the Entire Contents of Individual Log Files Transferring Log Files Reviewing Core Snapshots Troubleshooting issues Transferring Core SnapshotsFile extension is always .core for core files Reviewing Panic Snapshots Select a target file, and select the Transfer Files button Remaining nine are renamed so the newest can be saved as Size Displays the size of the panic file in bytes CreatedPanic actually occurred Viewing Panic Details Transferring Panic Files Select Diagnostics Applet Debugging from the main menu Debugging the Applet Configuring a Ping Time between the switch and its connected device Timeout secNot received by the switch from its target device New ping test is required Modifying the Configuration of an Existing Ping Test TimeoutsecAdding a New Ping Test Test Name Within the Configuration tabBetween the switch and its connected device Test description to convey the overall function of the test Viewing Ping Statistics Average RTT Last Response 24WS5100 Series Switch System Reference Guide Motorola’s Enterprise Mobility Support Center Customer Support Web SiteGeneral Information 2WS5100 Series System Reference Guide Page Motorola INC