WS 2000 Wireless Switch System Reference WS 2000 Wireless Switch Version 1.0 72E-67701-01 Rev A March 2004 www.symbol.com
Software Overview Gateway Services Gateway services provide interconnectivity between the Cell Controller and the wired network, and include the follo
Retail Use Cases Inspecting the Firewall Clarisa selects the Firewall item in the left menu. Each of the checkbox items represents a type of attack th
Retail Use Cases All of the Access Ports will be indoors, so she specifies Placement as Indoors. She leaves Channel set to one and will reset each Acc
Retail Use Cases In the Access Port Properties section, Clarisa enters a new name for the Access Port and a brief description of its permanent locati
Retail Use Cases She clicks the Apply button to save her changes. Configuring the Cafe Access Port Finally, she names the third Access Port “Cafe AP”
Retail Use Cases Again, she clicks the Apply button to save her changes. Associating the Access Ports to the WLANs Now Clarisa selects the Wireless i
Retail Use Cases Clarisa clicks the Apply button to save her choices. Configuring the WLANs Configuring the Cafe WLAN Clarisa clicks the “+” to the l
Retail Use Cases She clicks the Apply button to save her choices. Clarisa goes to the left menu and clicks the “+” to the left of the Cafe WLAN node.
Retail Use Cases Clarisa clicks the Apply button to confirm her choices. Clarisa clicks the “+” to the left of the Printer WLAN menu item and selects
Retail Use Cases she will configure all of the mobile units on this WLAN with the correct ESSID, so she disallows this option, potentially keeping a c
Retail Use Cases For the POS subnet and the Printer subnet, she selects Allow all protocols when going to the WAN, the POS subnet, and the Printer su
802.11a Support Chapter 2. Features 802.11a Support 802.11 is a family of specifications for wireless local area networks (WLANs) developed by a work
Retail Use Cases Configuring the Clients Clarisa has now finished configuring the switch. Next, she configures the wired clients. Going to each device
A Field Office Example Chapter 7. A Field Office Example Background Leo is the network administrator, system administrator, and IT professional for a
A Field Office Example The Plan Each WS 2000 WLAN has exactly one security policy, where a security policy is defined as a user authentication method
A Field Office Example Configuring the System Settings Contacting the Wireless Switch To begin configuration of the switch, Leo sets up a communicati
A Field Office Example Leo launches his web browser and enters “http://192.168.0.1/” as the URL. He logs in using “admin” for the username and “symbo
A Field Office Example Setting Access Control Leo then clicks the WS 2000 Access node in the left menu. This controls which subnet can be used to rec
A Field Office Example Leo then changes the switch passwords from the default to something relatively secure, something with letters, numbers, and pu
A Field Office Example Configuring the LAN Leo clicks the “+” to the left of Network Configuration in the left menu. It expands and he selects the LAN
A Field Office Example He also selects the option This interface is a DHCP server. Choosing this DHCP option means that the switch will pick IP addre
A Field Office Example There is no reason to set up static DHCP mappings now. These would permanently lease an IP address to a client with a specific
Access Ports The 802.11b standard, also called Wi-Fi (Wireless Fidelity), is backward compatible with 802.11. 802.11b uses complimentary code keying (
A Field Office Example Configuring the Sales Subnet The sales and marketing subnet is configured exactly the same way as the engineering subnet, thoug
A Field Office Example Again, Leo fills out the advanced DHCP screen as he did for the two previous subnets. Leo clicks the OK button on the Advanced
A Field Office Example Leo has three addresses for this switch. He plans to use one address for the traffic from each of the subnets. He selects the
A Field Office Example Setting Up Network Address Translation After entering the IP addresses for the WAN interface, Leo clicks the “+” left of the WA
A Field Office Example Leo clicks any of the NAT Ranges button to the right of the IP addresses. The 1 to Many Outbound Mappings window displays. Leo
A Field Office Example Confirm Firewall Configuration After setting the NAT ranges, Leo selects Firewall under WAN in the left menu. The WS 2000 displ
A Field Office Example He goes to the section labeled Access Port Adoption List and deselects the check boxes to the right of the row in which the MAC
A Field Office Example Configuring the WLANs Leo has specified which Access Ports go with which wireless LANs (WLANs). Now, he needs to name and confi
A Field Office Example Security The next step is to set security for the engineering WLAN. He selects the “+” to the left of EngWLAN in the left menu
A Field Office Example Leo clicks the OK button to save the 802.1x EAP settings. Leo then clicks the WPA-TKIP Settings button. WPA-TKIP constantly ch
Gateway Services Gateway Services Network Address Translation (NAT) NAT provides the translation of an Internet Protocol (IP) address within one netwo
A Field Office Example Leo clicks the OK button to save his WPA-TKIP settings, then the Apply button to confirm the WLAN configuration. This complete
A Field Office Example He does not change the Antenna Diversity setting, Short Preamble setting, the RTS Threshold, or the Beacon Settings. These para
A Field Office Example He sets the channel at 36, and notes the number. Access Ports channels should be separated as much as practical to minimize in
A Field Office Example Leo clicks the Apply button to save the configuration for this Access Port. Leo then selects the third Access Port in the lef
A Field Office Example Leo clicks the Apply button to save the changes for the administration Access Port. Since all of the Access Ports are 802.11a
A Field Office Example Configuring Subnet Access Leo selects the Subnet Access item in the left menu. The subnet access defaults to the configuration
A Field Office Example He could then enter the user-based or protocol-based restrictions in the EngSN --> WAN section. Since Leo does not need to
Sample Configuration File Appendix A. Sample Configuration File All of the configuration settings for the WS 2000 Wireless Switch can be saved to a co
Sample Configuration File / system ntp // NTP menu set mode disable set server 1 0.0.0.0 set server 2 0.0.0.0 set server 3 0.0.0.0 set port 1 123 set
Sample Configuration File // WLAN 1 configuration set mode 1 enable set ess 1 101 set enc 1 none set auth 1 none set wep-mcm index 1 1 set wep-mcm enc
Layer 3 Routing DHCP Client and Server The WS 2000 Wireless Switch can act as a DHCP client on the WAN and each of its three subnets. It also act as a
Sample Configuration File set enc 2 none set auth 2 none set wep-mcm index 2 1 set wep-mcm enc-key 2 1 c2767fe55c0a564f90f50a3989 set wep-mcm enc-key
Sample Configuration File set wep-mcm enc-key 3 1 c2767fe55c0a564f90f50a3989 set wep-mcm enc-key 3 2 f2464fd56c3a667fa0c53a09b9 set wep-mcm enc-key 3
Sample Configuration File set beacon intvl A 100 set rts A 2341 set dtim A 10 set short-pre A enable set primary A 1 // Default 802.11 B radio config
Sample Configuration File / // LAN DHCP configuration network lan dhcp set mode 1 server set dgw 1 192.168.0.1 set dns 1 1 192.168.0.1 set dns 1 2 19
Sample Configuration File set mode 6 disable set ipadr 6 0.0.0.0 set mode 7 disable set ipadr 7 0.0.0.0 set mode 8 disable set ipadr 8 0.0.0.0 / netwo
Sample Configuration File set inb mode 7 disable set inb ip 7 0.0.0.0 set type 8 none set outb ip 8 0.0.0.0 set inb mode 8 disable set inb ip 8 0.0.0.
Sample Configuration File Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 146 WS 2000 Wireless Switch: 1.0 Date of last Revision: M
Index Index SYN flood... 53 104-bit shared key... 15 Winnuke...
Index setting up communication... 18 dimensions, physical ... 8 interfaces, subnets...
Index technical... 8 defining routes... 55 stateful inspection engine...
WEP 64 (40-bit key) WEP 64 (40-bit key) Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to encrypt and decrypt dat
Index 802.1x EAP authentication... 32 advanced settings... 43, 47 configuring...
802.1x with Shared Key Authentication The pair-wise master keys (PMK) generated by this negotiation are used to generate keys used in MAC encryption.
KeyGuard-MCM Support When a Kerberos-enabled mobile unit (MU) authenticates with WS 2000 Wireless through an Access Port, the switch initially perform
Getting Started Overview Chapter 3. Getting Started Getting Started Overview Installing the Switch To install the WS 2000 Wireless Switch hardware, f
Getting Started Overview 4. Log in using “admin” as the username and “symbol” as the password. 5. If the login is successful, the following prompt
Copyright Copyright © 2004 by Symbol Technologies, Inc. All rights reserved. No part of this publication may be modified or adapted in any way, for an
Getting Started Overview 7. Enter a System Name for the wireless switch. The specified name appears in the lower-left corner of the configuration scr
Step 1: Configure the LAN Interface Configuring the Switch Once the switch is installed, perform the rest of the basic configuration and setup process
Step 1: Configure the LAN Interface Defining the Subnets Select LAN under the Network Configuration group from the left menu. Use the LAN configuratio
Step 2: Configure Subnets Field Description Interfaces The Interfaces field displays which of the six physical LAN ports are associated with the subne
Step 2: Configure Subnets 3. Set the Network Mask for the IP address. A network mask uses a series of four numbers that are expressed in dot notation,
Step 2: Configure Subnets Advanced DHCP Settings 1. Click the Advanced DHCP Server button to display a sub-screen to further customize IP address all
Step 3: Configure the WAN Interface 5. Use the Static Mappings table to associate static (or fixed) IP addresses with MAC addresses of specific wirele
Step 3: Configure the WAN Interface • The host router or switch on the WAN is communicating with the WS 2000 Wireless Switch using DHCP. • The switc
Step 4: Enable Wireless LANs (WLANs) 4. Check Keep Alive to instruct the switch to continue occasional communications over the WAN even when client co
Step 4: Enable Wireless LANs (WLANs) Wireless Summary Area The top portion of the window displays a summary of the WLANs that are currently defined.
WS 2000 Wireless Switch System Reference Guide Table of Contents Chapter 1. Overview...
Step 5: Configure WLANs Access Port Adoption Use this list to adopt detected Access Ports and to assign them to a particular WLAN. The switch can adop
Step 6: Configure WLAN Security Within the WLAN window, the administrator changes both standard and advanced configuration features of the WLAN. Fiel
Step 6: Configure WLAN Security Setting the Authentication Method The authentication method sets a challenge-response procedure for validating user c
Step 6: Configure WLAN Security Kerberos Authentication secret-key cryptography. Using this protocol, a client can prove its identity to a server (and
Step 6: Configure WLAN Security 4. When finished, click the OK button to close this screen. 5. Specify a Pass Key and click the Generate button. Th
Step 6: Configure WLAN Security 3. Check the Broadcast Key Rotation checkbox to enable or disable the broadcasting of encryption-key changes to mobil
Step 6: Configure WLAN Security KeyGuard-MCM KeyGuard-MCM is a proprietary encryption method developed by Symbol Technologies. KeyGuard is Symbol’s en
Step 7: Configure Access Ports Mobile Unit Access Control List (ACL) Use this list to specify which mobile units can or cannot gain access to the WLA
Step 7: Configure Access Ports • Radio type—This field indicates the wireless protocol that the Access Port follows. The WS 2000 Wireless Switch supp
Step 8: Configure Subnet Access 6. From this screen, the administrator can change several pieces of information about each Access Port. Field Descr
WS 2000 Wireless Switch System Reference Guide Mobile Unit Access Control List (ACL) ...3
Step 8: Configure Subnet Access The Access Overview Table In the overview table, each of the rectangles represents a subnet association. The three po
Step 8: Configure Subnet Access 1. Click in a cell of the table that represents the subnet-to-subnet (or subnet-to-WAN) relationship to define. All a
Step 8: Configure Subnet Access • Select a transport type from the Transport column’s pulldown menu. The available transports are: Transport Descr
WLAN—How to Configure Advanced Settings Chapter 4. Advanced Configuration WLAN—How to Configure Advanced Settings The lower section of the WLAN scre
WLAN—Setting Default Access Port Settings 5. Use the Multicast Address 1 and Multicast Address 2 to specify one or two MAC addresses to be used for mu
WLAN—Setting Default Access Port Settings 5. Check the Antenna Diversity checkbox to enable Antenna Diversity if the Access Port has an external anten
WLAN—Setting Default Access Port Settings 8. Set the beacon values as indicated in the table below. Beacon Interval A beacon is a packet broadcast b
WLAN—Advanced Access Port Settings Primary WLAN Set the Primary WLAN field when the 802.11a broadcast protocol is used. When a WLAN is associated with
WLAN—Advanced Access Port Settings The advanced Access Port settings are found at the bottom of the screen. For most installations, the default settin
WLAN—Advanced Access Port Settings 8. Set the Access Port beacon settings by clicking on the Beacon Settings button. The following window appears.
WS 2000 Wireless Switch System Reference Guide Chapter 7. A Field Office Example...111
Gateway—How to Configure Network Address Translation (NAT) Primary WLAN Set the Primary WLAN field when the 802.11a broadcast protocol is used. When a
Gateway—How to Configure Network Address Translation (NAT) This screen displays the IP addresses specified in the WAN screen (Network Configuration --
Gateway—How to Configure the WS 2000 Firewall Gateway—How to Configure the WS 2000 Firewall The WS 2000 Wireless Switch provides a secure firewall / N
Gateway—How to Configure the WS 2000 Firewall Configurable Firewall Filters The administrator can enabled or disabled the following filters. By defau
Gateway—How to Configure Static Routes MIME Flood Attack Check A MIME flood attack uses an improperly formatted MIME header in “sendmail” to cause a
Gateway—How to Configure Static Routes Defining Routes The User Defined and RIP Routes area of the screen allows the administrator to view, add or del
Security—How to Configure 802.1x EAP Authentication RIP v2 (v1 compat) RIP version 2 (compatible with version 1) is an extension of RIP v1’s capabilit
Security—How to Configure 802.1x EAP Authentication 3. Click the 802.1x EAP Configuration button to display a sub-screen for specific authentication s
Security—How to Configure 802.1x EAP Authentication 6. Set the maximum number of retries (Max. Retries) for a client to successfully reauthenticate a
Security—How to Configure Kerberos Authentication Security—How to Configure Kerberos Authentication Kerberos provides strong authentication method for
WS 2000 Wireless Switch System Reference Guide Chapter 1. Overview WS 2000 Wireless Switch System Reference Guide This guide is intended to support
Security—How to Specify a Network Time Protocol (NTP) Server Security—How to Specify a Network Time Protocol (NTP) Server Network Time Protocol (NTP)
System Administration Chapter 5. System Administration Overview The WS 2000 Network Management System provides several screens for administering the
System Administration Location Description Lower LED This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) sup
System Administration Change the Location and Country Settings of the WS 2000 When the administrator first logs into the WS 2000 Network Management Sy
System Administration How to Restart the WS 2000 Wireless Switch During the normal course of operations, the administrator might need to restart or re
System Administration Checking for and Downloading Firmware updates The switch administrator should check for firmware updates for the WS 2000 Wireles
System Administration 6. Specify whether the site is on the WAN or is on one of the subnets associated with the switch by selecting the appropriate c
System Administration To Import or Export Settings to an FTP Site Use the following procedure for exporting the switch’s configuration settings. 1.
System Administration How to Restore Default Configuration Settings Although it should not be necessary during the normal course of operations, the ad
System Administration Restoring Default Configuration Settings Using the Command Line Interface Although it should not be necessary during the normal
System Overview GUI Screen text Indicates monitor screen dialog / output from the graphical user interface accessed from any web browser on the networ
System Administration Remote Administration How to Configure SNMP Traps The Simple Network Management Protocol (SNMP) facilitates the exchange of mana
System Administration 1. To create a new community definition, click the Add button in the SNMP v1/v2c Community Configuration area. 2. Specify a s
System Administration Setting Up the Access Control List To set up the Access Control list as specified by a range of IP addresses, click the SNMP Acc
System Administration SNMP Traps MU Traps AP Traps 3. Check the traps to enable. Trap Category Trap Name Generates a Trap when… SNMP Traps
System Administration Trap Trap Name Generates a Trap when… Category MU Traps MU associated An MU becomes associated with one of the switch’s Wire
System Administration Setting the Trap Configuration for SNMP V3 To set the trap notification destination for the SNMP v3 servers, add one or more ent
System Administration Configure Management Access The WS 2000 Network Management System runs from a standard Web browser. Any individual on an enable
System Administration Setup AirBEAM Software Access Symbol’s AirBEAM software suite is a comprehensive set of mobility management tools that maximize
System Administration There are four areas on the screen. The Information area shows general information about the Access Port. The Received and Tran
System Administration Received and Transmitted Tables The Received and Transmitted areas of the screen display statistics for the cumulative Access P
Hardware Overview Hardware Overview The WS 2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless
System Administration The Received and Transmitted portions of the screen display statistics for the cumulative packets, bytes, and errors received an
System Administration The Information portion of the Subnet Stats screen displays general information about the subnet. • The HW address is the Med
System Administration Transmitted Field Description TX Errors The total number of errors including dropped data packets, buffer overruns, and carrier
System Administration The Information portion of the WAN Stats screen displays general information about the WAN. Much of this information is generate
System Administration Transmitted Field Description TX Overruns The total number of buffer overruns (when packets are sent faster than the WAN interfa
System Administration Setting Up a Log Server To keep a complete history of the events that are logged by the switch, the administrator needs to set u
Retail Use Cases Chapter 6. Retail Use Cases Background In the past, CCC clothing stores have used POS terminals with a 10BaseT Ethernet connection t
Retail Use Cases The Plan Clarisa is the employee assigned to implement the new network in San Jose. She needs three very different security policies.
Retail Use Cases Configuring the System Settings Contacting the Wireless Switch Clarisa sets up a direct network link between her laptop and the swi
Retail Use Cases Clarisa starts her web browser and enters “http://192.168.0.1/” as the URL. The WS 2000 sends a login page to her browser. She log
Software Overview Power Specifications • Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A • Operating Voltage: 48 VDC • Operating Current: 1A •
Retail Use Cases Setting Access Control In the WS 2000 Access screen, Clarisa controls which network interfaces can be used to reconfigure the WS
Retail Use Cases Clarisa clicks the Apply button to save her changes. Clarisa leaves the rest of the System Configuration screens for now, moves to t
Retail Use Cases And for each subnet: 192.168.**.1 The subnet itself 192.168.**.2 to 192.168.**.10 Static IP addresses 192.168.**.11 to 192.168.**.2
Retail Use Cases The Default Gateway is already set to the subnet address. This is the IP address to which the DHCP clients on this subnet will forwa
Retail Use Cases After entering the Address Assignment Range, Clarisa clicks Advanced DHCP Server. Copyright © 2004 Symbol Technologies, Inc. All Rig
Retail Use Cases Clarisa enters the DNS server IP addresses and leaves the Default Gateway and DHCP Lease Time at their defaults. She clicks Ok in th
Retail Use Cases Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects th
Retail Use Cases Clarisa clicks the Ok button in the Advanced DHCP Server window, then on the Apply button in the subnet screen to save her choices.
Retail Use Cases If corporate had not paid their ISP for a static IP address for each store, she would have selected the This interface is a DHCP Cli
Retail Use Cases After she makes this selection a new button appears, labeled 1 to Many Mappings. She selects the 1 to Many Mappings button: If Clar
Kommentare zu diesen Handbüchern