72E-67701-01 Rev A March
System Reference
WS 2000 Wireless Switch
Copyright
Patents
Table of Contents
Features
Chapter
Overview
Advanced Configuration
System Administration
Retail Use Cases
Chapter
Appendix A. Sample Configuration File
A Field Office Example
Index
Chapter
WS 2000 Wireless Switch System Reference Guide
Chapter 1. Overview
About this Document
Document Conventions
Management of Access Ports
Wireless LAN WLAN Security
System Overview
Firewall Security
Physical Specifications
Technical Specifications
Hardware Overview
Operating System OS Services
Cell Controller Services
Power Specifications
Environmental Specifications
Gateway Services
802.11a Support
Chapter 2. Features
802.11b Support
Access Ports
Gateway Services
WS 2000 Wireless Switch Firewall
Access Policies
Administration Management
Layer 3 Routing
SNMP Management Support
DHCP Client and Server
Overview
WEP 64 40-bit key
802.1x with RADIUS Authentication
WEP 128 104-bit Key
802.1x with Shared Key Authentication
Kerberos Authentication
Wireless Protected Access WPA
KeyGuard-MCM Support
Installing the Switch
Set up Communication to the Switch
Chapter 3. Getting Started
Getting Started Overview
4. Log in using “admin” as the username and “symbol” as the password
Changing the Administrator Password
1. Select System Configuration -- WS-2000 Access from the left menu
Configuring the Switch
Step 1 Configure the LAN Interface
Security
Network
Defining the Subnets
Address
Step 2 Configure Subnets
Interfaces
The DHCP Configuration
Advanced DHCP Settings
Step 3 Configure the WAN Interface
Communicating with the Outside World
Setting Up Point-to-Point over Ethernet PPPoE Communication
Step 4 Enable Wireless LANs WLANs
Wireless Summary Area
Step 5 Configure WLANs
Access Port Adoption
Step 6 Configure WLAN Security
Setting the Authentication Method
802.1x EAP Authentication
Kerberos Authentication
Setting the Encryption Method
Configuring WEP Encryption
Configuring WPA-TKIP
6. Select either the ASCII Passphrase or 128-bit Key radio button
KeyGuard-MCM
No Encryption
Step 7 Configure Access Ports
Mobile Unit Access Control List ACL
Radio type-This field indicates the wireless protocol that the Access Port follows. The WS 2000 Wireless Switch supports 802.11b and 802.11 a/b dual-radio Access Ports
Step 8 Configure Subnet Access
Placement
Power Level
Name
The Access Overview Table
The Access Exception Area
1. Click in a cell of the table that represents the subnet-to-subnet or subnet-to-WAN relationship to define. All access rules if any are defined appear in the table in the lower-half of the screen
5. Click the Apply button to save changes
Chapter 4. Advanced Configuration
WLAN-How to Configure Advanced Settings
WLAN-Setting Default Access Port Settings
5. Check the Antenna Diversity checkbox to enable Antenna Diversity if the Access Port has an external antenna. Antenna Diversity should only be enabled if the Access Port has two matching external antennas
Beacon Interval
8. Set the beacon values as indicated in the table below
DTIM Period
WLAN-Advanced Access Port Settings
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
WLAN-Advanced Access Port Settings
WS 2000 Wireless Switch 1.0 Date of last Revision March
Beacon Interval
9. Set the beacon values as indicated in the table below
DTIM Period
Gateway-How to Configure Network Address Translation NAT
2. For each of the addresses, the select the NAT type
Gateway-How to Configure the WS 2000 Firewall
Always On Firewall Filters
Configurable Firewall Filters
SYN Flood Attack Check
Source Routing Check
Winnuke Attack Check
Gateway-How to Configure Static Routes
MIME Flood Attack Check
Defining Routes
Setting the RIP Configuration
No RIP
Security-How to Configure 802.1x EAP Authentication
3. Click the 802.1x EAP Configuration button to display a sub-screen for specific authentication settings
16. Click the Apply button to save changes
Security-How to Configure Kerberos Authentication
Security-How to Specify a Network Time Protocol NTP Server
Chapter 5. System Administration
Switch Settings
WS 2000 Wireless Switch LED Functions
Overview
Changing the Name of the Switch
1. Select System Configuration -- System Settings from the left menu
Location field
Change the Location and Country Settings of the WS
1. Select System Configuration -- System Settings from the left menu
Updating the WS 2000 Wireless Switch’s Firmware
How to Restart the WS 2000 Wireless Switch
1. Select System Configuration -- System Settings from the left menu
Checking for and Downloading Firmware updates
Performing the Firmware Update
System Configuration
Exporting and Importing Wireless Switch Settings
To Import Settings to a Local File
To Import or Export Settings to an FTP Site
To Export Settings to a Local File
How to Restore Default Configuration Settings
2. Select System Configuration -- System Settings from the left menu
3. Set the properties for the port as indicated below
Remote Administration
How to Configure SNMP Traps
Setting the SNMP Version Configuration
Setting Up SNMP v1/v2c Community Definitions
Setting Up SNMP v3 Community Definitions
Setting Up the Access Control List
Setting the Trap Configuration
SNMP Traps
AP Traps
3. Check the traps to enable
MU Traps
Setting the Trap Configuration for SNMP v1/v2c
Configure Administrator Access
Setting the Trap Configuration for SNMP
Configure Management Access
Access Port Statistics
Setup AirBEAM Software Access
Changing the Administrator and Manager Passwords
Statistics and Logs
General Access Port Information
Received and Transmitted Tables
Associated Mobile Units
Subnet Statistics
The Information portion of the Subnet Stats screen displays general information about the subnet
WAN Statistics
Interfaces
Received Field
Description
Transmitted
Description
Setting Up and Viewing the System Log
Viewing the Log on the Switch
Setting Up a Log Server
Chapter 6. Retail Use Cases
Background
The Plan
Configuring the System Settings
Contacting the Wireless Switch
Entering the Basic System Settings
Setting Access Control
Configuring the Subnets
The IP Address Plan
Configuring POS Subnet
Configuring the Printer Subnet
WS 2000 Wireless Switch 1.0 Date of last Revision March
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
Retail Use Cases
Configuring the Cafe Subnet
Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects the cafe patrons to come and go frequently, so she reduces the IP address lease time to 1800 seconds. This means that a DHCP client mobile unit will give up its IP address if it is inactive on the network for more than half an hour. This seems about right for the usage patterns that she expects for the cafe. If she gets complaints, she will bump it to an hour
Configuring the WAN Interface
Configuring Network Address Translation NAT
After she makes this selection a new button appears, labeled 1 to Many Mappings. She selects the 1 to Many Mappings button
Setting Access Port Defaults
Configuring the Access Ports
Inspecting the Firewall
Naming the POS Access Port
Configuring the Printer Access Port
Configuring the Cafe Access Port
Associating the Access Ports to the WLANs
Configuring the WLANs
Configuring the Cafe WLAN
Configuring the Printer WLAN
Configuring the POS WLAN
Setting Subnet Access
For the POS subnet and the Printer subnet, she selects Allow all protocols when going to the WAN, the POS subnet, and the Printer subnet
Testing Connections
Configuring the Clients
Chapter 7. A Field Office Example
Background
Each WS 2000 WLAN has exactly one security policy, where a security policy is defined as a user authentication method and a data encryption method. Because each WLAN can have one and only one security policy, WLAN configuration is usually defined by the security needs of the installation. If two groups of users require different security policies, then they must associate to the WS 2000 through different WLANs. See the Retail Use Case for an example of an installation where different security needs drive the need for separate WLANs
The Plan
Contacting the Wireless Switch
Configuring the System Settings
To begin configuration of the switch, Leo sets up a communication link to the switch. Leo starts with a direct network link between his laptop and the switch, plugging the cable into one of the local, non-WAN, ports. The switch defaults to having all the LAN ports on the first subnet and that subnet having an IP address of 192.168.0.1. So, as far as this connection is concerned, the switch comes up with an initial IP address of 192.168.0.1. He sets his laptop to have an IP address of 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address
Entering the Basic System Settings
Leo launches his web browser and enters “http//192.168.0.1/” as the URL. He logs in using “admin” for the username and “symbol” as the password
Setting Access Control
Leo then changes the switch passwords from the default to something relatively secure, something with letters, numbers, and punctuation marks in it
Configuring the LAN
Configuring the Engineering LAN
He also selects the option This interface is a DHCP server. Choosing this DHCP option means that the switch will pick IP addresses from the Address Assignment Range and assign them to network clients on this subnet, as needed
WS 2000 Wireless Switch 1.0 Date of last Revision March
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
A Field Office Example
Configuring the Sales Subnet
Configuring the WAN
The next step is to set up the network address translations NAT
Setting Up Network Address Translation
The next step is to configure the firewall
Confirm Firewall Configuration
Adopting Access Ports
Leo clicks the Apply button to save his changes
Configuring the WLANs
Security
Leo clicks the OK button to save the 802.1x EAP settings
Configuring the Access Ports
Leo clicks the OK button to save his WPA-TKIP settings, then the Apply button to confirm the WLAN configuration
He does not change the Antenna Diversity setting, Short Preamble setting, the RTS Threshold, or the Beacon Settings. These parameters control some of the broadcast mechanics of an 802.11 communication between mobile units and Access Ports. In most cases, there is no reason to change them. He clicks Apply to save his choices
He clicks the Apply button to save his changes
Leo clicks Apply to save his changes
Leo clicks the Apply button to save the changes for the administration Access Port
Configuring Subnet Access
Installing the Access Ports and Testing
Appendix A. Sample Configuration File
WS2000 Configuration Command Script System Firmware Version
Config menu
WS2000 menu
SNMP ACL configuration delete acl all
SNMP v1/v2c configuration delete v1v2c all
SNMP v1/v2c trap configuration delete v1v2c all
SNMP v3 trap configuration delete v3 all
WLAN 1 configuration set mode 1 enable
WLAN 2 configuration
WLAN 3 configuration set mode 3 disable
Default 802.11 A radio configuration set reg A in/out 149
Default 802.11 B radio configuration set reg B in/out 1
Access Port configuration
LAN configuration network
Port To Subnet Map configuration set port 1 s1
WAN configuration
LAN DHCP configuration network
enc-passwd 8e57
Firewall configuration set syn enable
NAT configuration
Outbound 1-To-Many NAT configuration set outb map s1
Inbound NAT configuration
Subnet map configuration network
Router configuration network
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
Sample Configuration File
WS 2000 Wireless Switch 1.0 Date of last Revision March
Index
example use cases
operating system services
physical specifications
power specifications
See NAT
Routing information Protocol
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
WS 2000 Wireless Switch 1.0 Date of last Revision March
configuring printer
configuring security
