Viewing NAT Status | Motorola WS5100 guide

Switch Security 6-35

6.If modifying an existing interface is not a valid option, consider configuring a new interface. To define a new NAT interface:

a.Click the Add button from within the Interfaces tab.

b. Use the Interface drop-down menu to select the VLAN used as the communication medium between the switch managed network and its destination (within the insecure outside world).

c. Use the Type drop-down menu to specific the Inside or Outside designation as follows:

d. Inside - The set of switch-managed networks subject to translation. These are the internal addresses you are trying to prevent from being exposed to the outside world.

e. Outside - All other addresses. Usually these are valid addresses located on the Internet. Outside addresses pose no risk if exposed over a publicly accessible network.

f. Refer to the Status field for the current state of the requests made from applet. This field displays

error messages if something goes wrong in the transaction between the applet and the switch.

g. Click OK to use the changes to the running configuration and close the dialog.

h. Click Cancel to close the dialog without committing updates to the running configuration.

6.6.4 Viewing NAT Status

Use the Status tab to review the NAT translations configured thus far for the switch. The Status tab displays the inside and outside local and global IP addresses.

To view and configure a NAT interface:

1.Select Security > NAT from the main menu tree.

2.Click on the Status tab.

Image 259

Motorola WS5100 manual Viewing NAT Status

Contents

WS5100 Series Switch Motorola, Inc. All rights reserved Contents Switch Services Network Setup TOC-3 Switch Security Diagnostics Switch Management TOC-5 TOC-6WS5100 Series Switch System Reference Guide Documentation Set IntroductionDocument Conventions Notational Conventions Hardware Overview Overview System Status LED Codes Physical SpecificationsPower Cord Specifications Power Protection Standby Error CodesStart Up Primary Switch includes the following Infrastructure features Infrastructure FeaturesSoftware Overview Licensing Support Installation FeatureConfiguration Management Text Based Configuration Hardware Abstraction Layer and Drivers ServiceabilityTracing / Logging Process Monitor Secure Network Time Protocol Sntp Wireless SwitchingPassword Recovery Switch includes the following wireless switching features 802.11bg Physical Layer Features 802.11aRate Limiting HotSpot / IP Redirect Proxy-ARP Currently voice support implies the following IDM Identity Driven ManagementVoice Prioritization Self Healing Self Healing Actions Neighbor ConfigurationWireless Capacity Detector APs Wireless Roaming AP Balancing Across Multiple SwitchesMU Balancing Across Multiple APs Fast Roaming Interswitch Layer 2 RoamingMU Move Command L3 Roaming 802.1p Support Power Save Polling2.12 QoS 802.11e QoS Automatic Channel Selection Wireless Layer 2 SwitchingData QoS Dcscp to AC Mapping Ddns Wired SwitchingSwitch includes the following wired switching features Dhcp Servers Interface Management Management FeaturesWS5100 switch supports 32 Wlans Vlan Enhancements Encryption and Authentication Security FeaturesSwitch includes the following wired security features 802.1x EAP MU AuthenticationKeyguard-WEP Kerberos MU to MU Allow Switch-to-Wired5.7 802.1x Authentication Secure Beacon Ieee 802.1AB Lldp Change Username/Password after AP AdoptionReset Username/Password to Factory Defaults Lldp is always enabled and cannot be disabled Rogue AP Detection RF scan by Access Port on all channels Authorized AP Lists Snmp Trap on discoveryRogue AP Report 5.14 NAT Access Port SupportCertificate Management Content of this chapter is segregated amongst the following Accessing the Switch Web UIWeb UI Requirements Connecting to the Switch Web UI Switch Web UI Access and Image Upgrades Switch Password Recovery Upgrading the Switch Image from 1.4.x or 2.x to Version Upgrading the Switch Image Auto Installation Enables are set using the autoinstall feature command Configuring Auto Install via the CLI Whenever a string is blank it is shown as --not-set Downgrading the Switch ImageAP-4131 Access Point to Access Port Conversion Enables are cleared using the no autoinstall feature Select the AP Installation main menu item Select the Special Functions main menu item 10WS5100 Series Switch System Reference Guide It consists of the following two tabs Viewing the Switch Interface Viewing the Switch Configuration System Name TroubleshootingTime Displays the time of day used by the switch Time Zone Incorrectly could render your switch as operating illegally Viewing Dashboard Details Severity Last Occurrence Message # Occurrences Speed Viewing Switch StatisticsName Status Associated Number of APs Utilization issues negatively impacting performanceAvg Signal Number of MUs Viewing the Port Configuration Viewing Switch Port Information Modified Editing the Port ConfigurationDuplex Displays the port as either half or full duplex Viewing the Ports Runtime Status Oper Status Ethernet ports have a maximum MTU settingViewing the Ports Statistics Name Displays the ports current name MAC Address Different port could be required Packets In ErrorIndication of a network problem Network issues Detailed Port Statistics With interface is saturated Viewing the Port Statistics GraphOutput Unicast Output Packets Switch Information Size Bytes Viewing Switch Configurations Viewing the Detailed Contents of a Config File Main screen displays the contents of the configuration file Editing a Config File Transferring a Config File Password Viewing Switch Firmware InformationPath Editing the Switch Firmware Enabling Global Settings for the Failover Image If using TFTP, use tftp//ipaddress/path/filename Updating the Switch Firmware Enable Configuring Automatic UpdatesBoot of the switch Protocol SettingPassword Enter the password required to access the server File Name With Index Viewing the Switch Alarm LogView By View All Viewing Alarm Log Details Possible Causes Viewing Switch LicensesSolution Description How to use the Filter Option 30WS5100 Series Switch System Reference Guide Displaying the Network Interface Network Setup DNS Servers Resolution EntriesSwitch Virtual Wireless LANs Select the Domain Network System tab Configuring DNSAccess Ports Viewing Network IP Information Server IP Address Configuring Global SettingsAdding an IP Address for a DNS Server Obsolete addresses are periodically removed Configuring IP Forwarding Following details display in the table Route Metric Adding a New Static RouteActive Type Viewing Address ResolutionSelect the Address Resolution tab Typically a Vlan Viewing and Configuring Layer 2 Virtual LANs Ethernet 1 or ethernet Mode It can be either Access or TrunkTrunk Is selected, the Allowed VLANs field is unavailable Editing the Details of an Existing Vlan Configuring the Virtual Interface Configuring Switch Virtual InterfacesMode drop-down menu Up or not Down Following configuration details display in the tableName Displays the name of the virtual interface Displays the Vlan ID associated with the interface To modify an existing virtual interface Adding a Virtual InterfaceModifying a Virtual Interface To add a new virtual interface Viewing Virtual Interface Statistics Packets, etc Viewing Virtual Interface Statistics Only hard-coded at the factory and cannot be modified Viewing the Virtual Interface Statistics Graph Configuring WLANs Viewing and Configuring Switch WLANsClick Close to close the dialog Modify the WLAN’s current authentication scheme Enabled4094. The default Vlan ID is Authentication Editing the Wlan Configuration Intended function of the Wlan Value used is unique Kerberos No AuthenticationTunnel 802.1X EAP Refer to the Advanced field for the following information Configuring 802.1x EAP Configuring Authentication Types MU Timeout Configuring KerborosMU Max Retries 28WS5100 Series Switch System Reference Guide Switch Hotspot Redirection Configuring Hotspots Configuring an Internal Hotspot Small Logo URL Title TextHeader Text Footer Text Main Logo URL Configuring External HotspotDescriptive Text Need to provide correct login information to access the Web Login Page URLFailed Page URL 34WS5100 Series Switch System Reference Guide Configuring Advanced Hotspot Network Setup Configuring External Radius Server Support Configuring Dynamic MAC ACL Radius Server Address Authentication data source Radius PortAuthentication data source. The default port is Secret Secondary Radius server Server Timeout Motorola user privilege values User login source Configuring the User Login Sources Configuring Different Encryption Types Configuring WEP Key 1011121314 2021222324 3031323334 4041424344 Configuring WEP 128 / KeyGuard Use the Key #1-4areas to specify key numbers Default hexadecimal keys for WEP 128 and KeyGuard includeKey Configuring WPA/WPA2 using Tkip and Ccmp From entering the 256-bit key each time keys are generated Ascii PassphraseBit Key Opportunistic Key Pre-AuthenticationViewing Wlan Statistics PMK Caching Last Hr That may have similar characteristicsSsid is the Service Set ID Ssid for the selected Wlan Last 30s Viewing Wlan Statistics in Detail Refer to the RF Status field for the following information Viewing Wlan Statistics in a Graphical Format Refer to the Errors field for the following information 50WS5100 Series Switch System Reference Guide Viewing Wlan Switch Statistics Viewing VLAN/Tunnel Assignments Edit button on the Configuration tab within the WLANsClick the VLAN/Tunnel Assignment tab Configuring WMM Background Optimized for background traffic WMM enabledAccess Four Access Category types are Generic QoS GQoS application programming interface API Access Category toCategory Network traffic Dscp to Access Category Network traffic Read-only and cannot be modified within this screen Editing WMM Settings CW Maximum Viewing Associated MU DetailsViewing MU Status CW Minimum Interoperating with Power SaveThis address is burned into the ROM of the MU Ready Viewing MU Details Similar configurationsDisplays of the Wlan the MU is currently associated with Viewing MU Statistics Address is hard coded at the factory and cannot be modified ConfigurationSelected MU from the access port Possible network or hardware problems Viewing MU Statistics in Detail Hard-coded at the factory and cannot be modified Refer to the Traffic field for the following information View a MU Statistics Graph Viewing Access Port Information Access Ports screen consists of the following tabs Configuring Access Port RadiosName Displays a user assigned name for the radio Refer to the Properties field for the following Configuring Layer 3 Access Port Adoption on Configuring an AP’s Global Settings Editing AP Settings Port AuthenticationClick the Configure Port Authentication button Network Setup MUs that can associate to a radio is Maximum MUs Beacon Interval RTS Threshold Self Healing Offset Configuring Rate SettingsDtim Periods Adding APs Viewing AP Statistics RF Util Differentiate the radio from other device radiosAverage Mbps Packets that are sent and received Viewing AP Statistics in Detail Was encountered on the configured channel Statistic for the last hour Viewing AP Statistics in Graphical Format Click the Wlan Assignment tab Configuring Wlan Assignment Editing a Wlan Assignment ConfigurationsIts intended coverage area or function Identifier such as 1/4, 1/3, etc From the description field in the Radio Configuration screen Editing WMM Settings Configuring AP Adoption Defaults Viewing Access Port Adoption DefaultsTo view existing Radio Configuration information Defaults are 20 dBM for 802.11bg and 17 dBm for 802.11a Options include Indoor or Outdoor. Default is IndoorChannel. Default is random Power dBm Editing Default Radio Adoption Settings Stations that can associate to a radio are Dtim Period Transmission path Configuring Rate Settings Configuring Layer 3 Access Port Adoption Select/Change Assigned WLANs Assigned WLANs tab displays two fields Select Radios/BSS Cannot be modified Access Category reflects the radios intended network traffic To edit the existing WMM settings Editing Access Port Adoption WMM SettingsHigher priority traffic Viewing Adopted Access Ports Viewing Access Port Status Viewing Unadopted Access Ports Unadopted AP tab displays the following information Network Setup 96WS5100 Series Switch System Reference Guide Switch Services NTP Time Displaying the Services InterfaceTo display a Services Summary Dhcp Servers Configuring the Switch Dhcp Server Dhcp Server SettingsFor information on configuring GRE tunneling, see Pool Name Domain Editing the Properties of an Existing Dhcp PoolLease Time Ddhhmm Adding a New Dhcp Pool Click the Add button at the bottom of the screen Configuring Dhcp Global Options Configuring Dhcp Server Ddns Values 10WS5100 Series Switch System Reference Guide Client Name Viewing the Attributes of Existing Host PoolsCan be assigned Hardware Address Configuring Excluded IP Address Information Configuring Dhcp Server Relay Information 14WS5100 Series Switch System Reference Guide Viewing Dhcp Server Status Defining the Sntp Configuration Configuring Secure NTPRefer to the contents of the Status tab for the following Refer to the Other Settings field to define the following Adding a New Sntp Symmetric Key Defining a Sntp Neighbor Configuration Neighbor Type When adding or editing an NTP neighborHostname Support Adding an NTP Neighbor Viewing Sntp Associations Select the NTP Associations tab Found in some workstations Viewing Sntp StatusLeap Transmissions are synchronized Root delay Configuring Switch RedundancyRoot Dispersion 26WS5100 Series Switch System Reference Guide Discovery Period Redundancy SwitchRedundancy ID Mode Reviewing Redundancy Status Redundancy Group License Aggregation Rules on Configuring Redundancy Group Membership Not Seen The member is no more seen by this switch Do not match this switch’s parametersValues Module Displaying Redundancy Member Details Adoption Capacity Complimentary with this switch’s version?Updates Sent Updates Received Adding a Redundancy Group Member Redundancy Group License Aggregation Rules Layer 3 Mobility Configuring Layer 3 Mobility 36WS5100 Series Switch System Reference Guide Switch Services Defining the Layer 3 Peer List Select the Peer Statistics tab Reviewing Layer 3 Peer List Statistics Reviewing Layer 3 MU Status Configuring GRE Tunnels Assigning priority to different types of traffic Source IP To configure GRE tunnelling on the switchDestinations IP Editing the Properties of a GRE Tunnel DisabledInterface IP Adding a New GRE Tunnel Select the Enable Neighbor Recovery checkbox Configuring Self Healing Select the Neighbor Details tab Configuring Self Healing Neighbor Details Editing the Properties of a Neighbor Switch Services Configuring Discovery Profiles Configuring Switch Discovery Network devices is conducted Profile NameTo be located Start IP Address Adding a New Discovery Profile Viewing Discovered Switches New search Assigned using the Switch Configuration screenDifferent profile for the switch discovery process Discovery profile and launching a new search Displaying the Main Security Interface Switch Security Trustpoints Wireless FiltersDetection Certificates To configure AP Detection Enabling and Configuring AP DetectionAP Intrusion Detection BSS MAC Address TimeoutUnapproved AP Refresh Time Address Particular index Adding or Editing an Allowed APAny MAC Address Specific MAC To review the attributes of allowed APs Approved APs Reported by APs Dbm Unapproved APs Reported by APsTherefore interpreted as a threat on the network Address to a new Allowed AP index Seconds Detecting AP Unapproved APs Reported by MUsEssid to a new Allowed AP index As a threat Configuring MU Intrusion DetectionTo configure MU intrusion detection MU Intrusion Detection Mobile Unit Switch columnsContents of the MUs that have been filtered thus far Violation Type Viewing Filtered MUs Click on Revert to rollback to the previous configurationIdentifier Configuring Wireless Filters Refer to the Associated WLANs field for following Filters field contains the following read-only information Editing an Existing Wireless Filter Enter the a hex value for the Starting MAC address Adding a new Wireless Filter Associating an ACL with Wlan Configuring ACLs For more information, see Switch supports the following ACLs to filter trafficACL Overview Router ACLs Port ACLs ACL Actions Wireless LAN ACLsPrecedence Order Adding a New ACL Configuring an ACL Adding a New ACL Rule 22WS5100 Series Switch System Reference Guide Editing an Existing Rule Eth2 Adding a New ACL ConfigurationAttaching an ACL Eth1 Click on the Attach tab Click on the Add button Attaching an ACL on a Wlan Interface/Port Direction Adding a New ACL Wlan ConfigurationDisplays the IP ACL configured Displays the MAC ACL configured Reviewing ACL Statistics Defining Dynamic NAT Translations Configuring NAT InformationClick on the Dynamic Translation tab Type Displays the NAT type as either Anywhere on the InternetLAN over the switch managed network Access List Adding a New Dynamic NAT Configuration Click the Static Translation tab Defining Static NAT Translations Click on the Static Translation tab Adding a New Static NAT Configuration Switch Security Available from the drop-down menu for use as the interface Configuring NAT Interfaces Viewing NAT Status Inside Local Configuring IKE SettingsInside-Global World Click the Configurations tab Defining the IKE Configuration Peers Setting IKE PoliciesAggressive Mode Peer IP Address Switch Security Highest priority value SHA The default valueDefault value Priority Options include IncludeSecret without transmitting it to one another Viewing SA Statistics Configure a Dhcp Sever to give public IP address Configuring IPSec VPN Configure security associations parameters Defining the IPSec Configuration Transport Editing an Existing Transform Set Tunnel or Transport AH AuthenticationAdding a New Transform Set ESP Encryption Scheme Include None No AH authentication is used Click the IP Range tab to view the following information Defining the IPSec VPN Remote Configuration Configuring Ipsec VPN Authentication Shared Secret Click the Authentication tabDefault port is Port Configuring Crypto Maps Click the Crypto Maps tab and select Crypto Map Entries Crypto Map EntriesPriority / Seq ACL ID Mode Config Crypto Map Peers Peer Name Click the Crypto Maps tab and select PeersPriority / Seq # Higher the priority Transform Set Crypto Map Manual SAsSet for protecting the data flow Crypto Map Transform Sets Protecting the data flow Crypto Map Interfaces Viewing IPSec Security Associations Index from others with similar configurations TLS and MD5 Ttls and PAP Configuring the Radius ServerSetting up Radius on the switch entails the following Radius Overview Ttls and MSCHAPv2 Peap and GTC Peap and MSCHAPv2 User Database Using the Switch’s Radius Server Versus an External Radius Defining the Radius Configuration Radius Proxy Server Configuration Radius Client Configuration Configuring Radius Authentication and Accounting EAP and Auth Type Specify the EAP type for the Radius server Activity is detected Configuring Radius UsersCert Trustpoint CA Cert Trustpoint Guest User UserTheir Radius privileges expire Configuring Radius User Groups Guest Group Select the Groups tab Available WLANs Configured WLANsTime of access Viewing Radius Accounting Logs Size Creating Server CertificatesSelect the Accounting Logs tab Automatically once they reach their limit Within the State/Prov stated Using Trustpoints to Configure CertificatesCertificate was issued City L Creating a Server / CA Root Certificate Key for you new certificate Using the Wizard to Create a New Certificate 78WS5100 Series Switch System Reference Guide Organization CityOrganization Unit To use the wizard to delete trustpoint properties Using the Wizard Delete OperationRequests Click the Next button to complete the trustpoint removal Configuring Trustpoint Associated Keys Select the Keys tab Keys tab displays the following Adding a New KeyKey Label Transferring Keys 84WS5100 Series Switch System Reference Guide Displaying the Management Access Interface Switch Management To configure access control settings on the switch Configuring Access ControlLog Output Enable Snmp Retries Enable TelnetNetwork. This setting is enabled by default Long as the Enable Telnet option remains enabled 360 is associated with the SSH-Server Configuring Snmp Access Access Control Configuring Snmp v1/v2 AccessCommunity Name Editing an Existing Snmp v1/v2 Community Name Configuring Snmp v3 Access User Name Unique SNMPv3 usernames and passwords include Select Management Access Snmp Access from the main menu tree Editing a Snmp v3 Authentication and Privacy Password Read-Only errors Accessing Snmp v2/v3 StatisticsV2/V3 Metrics Usm Statistics Values Enabling Trap Configuration Configuring Snmp TrapsTo configure Snmp trap definitions Mobility WirelessRedundancy Miscellaneous Generation Configuring Trap ThresholdsTo configure Snmp trap threshold values Threshold Name 14WS5100 Series Switch System Reference Guide Radio Range Wlan Range Wireless Units Wireless Trap Threshold Values To configure the attributes of Snmp trap receivers Configuring Snmp Trap Receivers Adding Snmp Trap Receivers Editing Snmp Trap ReceiversTo add a new Snmp trap receiver Configuring Local Users Configuring Management Users Creating a New Local User Modifying an Existing Local User Provides read-only permissions Redundancy/clustering and control access Creating a Guest Admin and Guest User Assign the guest-admin WebUser Administrator access Configuring Switch Authentication Assignment is from 1 Not a DNS name Modify the following Radius Server attributes as necessary Modifying the Properties of an Existing Radius Server Session. The available range is between 0 Adding a New Radius ServerAddress Not a DNS name Radius Server Port Is from 1 Switch Management 28WS5100 Series Switch System Reference Guide Displaying the Main Diagnostic Interface Diagnostics Switch Environment CPU Performance Usage Switch Memory AllocationSwitch Disk Allocation Buffer Switch Memory Processes Other Switch Resources Log Options Configuring System LoggingSelect the Other Resources tab 8WS5100 Series Switch System Reference Guide Date File ManagementLog level Made, they have been accounted for Viewing the Entire Contents of Individual Log Files Transferring Log Files Reviewing Core Snapshots Transferring Core Snapshots Troubleshooting issuesFile extension is always .core for core files Select a target file, and select the Transfer Files button Reviewing Panic Snapshots Size Displays the size of the panic file in bytes Created Remaining nine are renamed so the newest can be saved asPanic actually occurred Transferring Panic Files Viewing Panic Details Debugging the Applet Select Diagnostics Applet Debugging from the main menu Configuring a Ping New ping test is required Timeout secNot received by the switch from its target device Time between the switch and its connected device Timeoutsec Modifying the Configuration of an Existing Ping TestAdding a New Ping Test Test description to convey the overall function of the test Within the Configuration tabBetween the switch and its connected device Test Name Viewing Ping Statistics Last Response Average RTT 24WS5100 Series Switch System Reference Guide Customer Support Web Site Motorola’s Enterprise Mobility Support CenterGeneral Information 2WS5100 Series System Reference Guide Page Motorola INC