72E-67701-01 Rev A March
System Reference
WS 2000 Wireless Switch
Patents
Copyright
Overview
Table of Contents
Features
Chapter
Chapter
Advanced Configuration
System Administration
Retail Use Cases
Chapter
Appendix A. Sample Configuration File
A Field Office Example
Index
Document Conventions
WS 2000 Wireless Switch System Reference Guide
Chapter 1. Overview
About this Document
Firewall Security
Management of Access Ports
Wireless LAN WLAN Security
System Overview
Physical Specifications
Technical Specifications
Hardware Overview
Environmental Specifications
Operating System OS Services
Cell Controller Services
Power Specifications
Gateway Services
802.11a Support
Chapter 2. Features
802.11b Support
Access Ports
Administration Management
Gateway Services
WS 2000 Wireless Switch Firewall
Access Policies
Overview
Layer 3 Routing
SNMP Management Support
DHCP Client and Server
WEP 64 40-bit key
802.1x with RADIUS Authentication
WEP 128 104-bit Key
Kerberos Authentication
802.1x with Shared Key Authentication
KeyGuard-MCM Support
Wireless Protected Access WPA
Getting Started Overview
Installing the Switch
Set up Communication to the Switch
Chapter 3. Getting Started
4. Log in using “admin” as the username and “symbol” as the password
1. Select System Configuration -- WS-2000 Access from the left menu
Changing the Administrator Password
Configuring the Switch
Step 1 Configure the LAN Interface
Security
Network
Defining the Subnets
Address
Interfaces
Step 2 Configure Subnets
The DHCP Configuration
Advanced DHCP Settings
Communicating with the Outside World
Step 3 Configure the WAN Interface
Setting Up Point-to-Point over Ethernet PPPoE Communication
Step 4 Enable Wireless LANs WLANs
Wireless Summary Area
Access Port Adoption
Step 5 Configure WLANs
Step 6 Configure WLAN Security
802.1x EAP Authentication
Setting the Authentication Method
Kerberos Authentication
Setting the Encryption Method
Configuring WEP Encryption
Configuring WPA-TKIP
6. Select either the ASCII Passphrase or 128-bit Key radio button
No Encryption
KeyGuard-MCM
Mobile Unit Access Control List ACL
Step 7 Configure Access Ports
Radio type-This field indicates the wireless protocol that the Access Port follows. The WS 2000 Wireless Switch supports 802.11b and 802.11 a/b dual-radio Access Ports
Name
Step 8 Configure Subnet Access
Placement
Power Level
The Access Exception Area
The Access Overview Table
1. Click in a cell of the table that represents the subnet-to-subnet or subnet-to-WAN relationship to define. All access rules if any are defined appear in the table in the lower-half of the screen
5. Click the Apply button to save changes
WLAN-How to Configure Advanced Settings
Chapter 4. Advanced Configuration
WLAN-Setting Default Access Port Settings
5. Check the Antenna Diversity checkbox to enable Antenna Diversity if the Access Port has an external antenna. Antenna Diversity should only be enabled if the Access Port has two matching external antennas
Beacon Interval
8. Set the beacon values as indicated in the table below
DTIM Period
WLAN-Advanced Access Port Settings
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
WLAN-Advanced Access Port Settings
WS 2000 Wireless Switch 1.0 Date of last Revision March
Beacon Interval
9. Set the beacon values as indicated in the table below
DTIM Period
Gateway-How to Configure Network Address Translation NAT
2. For each of the addresses, the select the NAT type
Always On Firewall Filters
Gateway-How to Configure the WS 2000 Firewall
Winnuke Attack Check
Configurable Firewall Filters
SYN Flood Attack Check
Source Routing Check
MIME Flood Attack Check
Gateway-How to Configure Static Routes
Defining Routes
Setting the RIP Configuration
No RIP
Security-How to Configure 802.1x EAP Authentication
3. Click the 802.1x EAP Configuration button to display a sub-screen for specific authentication settings
16. Click the Apply button to save changes
Security-How to Configure Kerberos Authentication
Security-How to Specify a Network Time Protocol NTP Server
Overview
Chapter 5. System Administration
Switch Settings
WS 2000 Wireless Switch LED Functions
1. Select System Configuration -- System Settings from the left menu
Changing the Name of the Switch
Location field
Change the Location and Country Settings of the WS
1. Select System Configuration -- System Settings from the left menu
Updating the WS 2000 Wireless Switch’s Firmware
How to Restart the WS 2000 Wireless Switch
1. Select System Configuration -- System Settings from the left menu
Performing the Firmware Update
Checking for and Downloading Firmware updates
Exporting and Importing Wireless Switch Settings
System Configuration
To Import Settings to a Local File
To Import or Export Settings to an FTP Site
To Export Settings to a Local File
2. Select System Configuration -- System Settings from the left menu
How to Restore Default Configuration Settings
3. Set the properties for the port as indicated below
Setting Up SNMP v1/v2c Community Definitions
Remote Administration
How to Configure SNMP Traps
Setting the SNMP Version Configuration
Setting Up SNMP v3 Community Definitions
Setting the Trap Configuration
Setting Up the Access Control List
MU Traps
SNMP Traps
AP Traps
3. Check the traps to enable
Setting the Trap Configuration for SNMP v1/v2c
Setting the Trap Configuration for SNMP
Configure Administrator Access
Configure Management Access
Statistics and Logs
Access Port Statistics
Setup AirBEAM Software Access
Changing the Administrator and Manager Passwords
General Access Port Information
Associated Mobile Units
Received and Transmitted Tables
Subnet Statistics
The Information portion of the Subnet Stats screen displays general information about the subnet
Interfaces
WAN Statistics
Description
Received Field
Description
Transmitted
Viewing the Log on the Switch
Setting Up and Viewing the System Log
Setting Up a Log Server
Background
Chapter 6. Retail Use Cases
The Plan
Contacting the Wireless Switch
Configuring the System Settings
Entering the Basic System Settings
Setting Access Control
The IP Address Plan
Configuring the Subnets
Configuring POS Subnet
Configuring the Printer Subnet
WS 2000 Wireless Switch 1.0 Date of last Revision March
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
Retail Use Cases
Configuring the Cafe Subnet
Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects the cafe patrons to come and go frequently, so she reduces the IP address lease time to 1800 seconds. This means that a DHCP client mobile unit will give up its IP address if it is inactive on the network for more than half an hour. This seems about right for the usage patterns that she expects for the cafe. If she gets complaints, she will bump it to an hour
Configuring the WAN Interface
Configuring Network Address Translation NAT
After she makes this selection a new button appears, labeled 1 to Many Mappings. She selects the 1 to Many Mappings button
Setting Access Port Defaults
Configuring the Access Ports
Inspecting the Firewall
Naming the POS Access Port
Configuring the Printer Access Port
Configuring the Cafe Access Port
Associating the Access Ports to the WLANs
Configuring the Cafe WLAN
Configuring the WLANs
Configuring the Printer WLAN
Configuring the POS WLAN
Setting Subnet Access
For the POS subnet and the Printer subnet, she selects Allow all protocols when going to the WAN, the POS subnet, and the Printer subnet
Configuring the Clients
Testing Connections
Background
Chapter 7. A Field Office Example
The Plan
Each WS 2000 WLAN has exactly one security policy, where a security policy is defined as a user authentication method and a data encryption method. Because each WLAN can have one and only one security policy, WLAN configuration is usually defined by the security needs of the installation. If two groups of users require different security policies, then they must associate to the WS 2000 through different WLANs. See the Retail Use Case for an example of an installation where different security needs drive the need for separate WLANs
Contacting the Wireless Switch
Configuring the System Settings
To begin configuration of the switch, Leo sets up a communication link to the switch. Leo starts with a direct network link between his laptop and the switch, plugging the cable into one of the local, non-WAN, ports. The switch defaults to having all the LAN ports on the first subnet and that subnet having an IP address of 192.168.0.1. So, as far as this connection is concerned, the switch comes up with an initial IP address of 192.168.0.1. He sets his laptop to have an IP address of 192.168.0.2 and a netmask of 255.255.255.0. He also sets the gateway IP address to be 192.168.0.1, the WS 2000’s IP address
Leo launches his web browser and enters “http//192.168.0.1/” as the URL. He logs in using “admin” for the username and “symbol” as the password
Entering the Basic System Settings
Setting Access Control
Leo then changes the switch passwords from the default to something relatively secure, something with letters, numbers, and punctuation marks in it
Configuring the Engineering LAN
Configuring the LAN
He also selects the option This interface is a DHCP server. Choosing this DHCP option means that the switch will pick IP addresses from the Address Assignment Range and assign them to network clients on this subnet, as needed
WS 2000 Wireless Switch 1.0 Date of last Revision March
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
A Field Office Example
Configuring the Sales Subnet
Configuring the WAN
The next step is to set up the network address translations NAT
Setting Up Network Address Translation
The next step is to configure the firewall
Adopting Access Ports
Confirm Firewall Configuration
Leo clicks the Apply button to save his changes
Configuring the WLANs
Security
Leo clicks the OK button to save the 802.1x EAP settings
Leo clicks the OK button to save his WPA-TKIP settings, then the Apply button to confirm the WLAN configuration
Configuring the Access Ports
He does not change the Antenna Diversity setting, Short Preamble setting, the RTS Threshold, or the Beacon Settings. These parameters control some of the broadcast mechanics of an 802.11 communication between mobile units and Access Ports. In most cases, there is no reason to change them. He clicks Apply to save his choices
He clicks the Apply button to save his changes
Leo clicks Apply to save his changes
Leo clicks the Apply button to save the changes for the administration Access Port
Configuring Subnet Access
Installing the Access Ports and Testing
WS2000 menu
Appendix A. Sample Configuration File
WS2000 Configuration Command Script System Firmware Version
Config menu
SNMP v3 trap configuration delete v3 all
SNMP ACL configuration delete acl all
SNMP v1/v2c configuration delete v1v2c all
SNMP v1/v2c trap configuration delete v1v2c all
WLAN 2 configuration
WLAN 1 configuration set mode 1 enable
WLAN 3 configuration set mode 3 disable
Default 802.11 A radio configuration set reg A in/out 149
Port To Subnet Map configuration set port 1 s1
Default 802.11 B radio configuration set reg B in/out 1
Access Port configuration
LAN configuration network
WAN configuration
LAN DHCP configuration network
enc-passwd 8e57
NAT configuration
Firewall configuration set syn enable
Router configuration network
Outbound 1-To-Many NAT configuration set outb map s1
Inbound NAT configuration
Subnet map configuration network
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
Sample Configuration File
WS 2000 Wireless Switch 1.0 Date of last Revision March
example use cases
Index
See NAT
operating system services
physical specifications
power specifications
Routing information Protocol
configuring security
Copyright 2004 Symbol Technologies, Inc. All Rights Reserved
WS 2000 Wireless Switch 1.0 Date of last Revision March
configuring printer