Symbol WS 2000 - Manual

Hardware Overview Hardware Overview The WS 2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks t...

Software Overview Power Specifications • Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A • Operating Voltage: 48 VDC • Operating Current: 1A • Peak Current: 1.6A Environmental Specifications • Operating Temperature: 0ºC to 40ºC • Storage Temperature: -40ºC to 70ºC • Operating Humidity: 10% to 85...

Software Overview Gateway Services Gateway services provide interconnectivity between the Cell Controller and the wired network, and include the following: • System management through a web-based Graphical User Interface (GUI) and SNMP • 802.1x RADIUS client • Security, including Secure Sockets Laye...

802.11a Support Chapter 2. Features 802.11a Support 802.11 is a family of specifications for wireless local area networks (WLANs) developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). The four current specifications include: 802.11, 802.11a, 802.11b, and 802.1...

Access Ports The 802.11b standard, also called Wi-Fi (Wireless Fidelity), is backward compatible with 802.11. 802.11b uses complimentary code keying (CCK) modulation to provide higher data speeds (up to 11 Mbps) with less multipath-propagation interference. 802.11b operates at the 2.4 to 2.5 GHz ran...

Gateway Services Gateway Services Network Address Translation (NAT) NAT provides the translation of an Internet Protocol (IP) address within one network to a different, known IP address within another network. One network is designated the private network, while the other is the public. NAT provides...

Layer 3 Routing DHCP Client and Server The WS 2000 Wireless Switch can act as a DHCP client on the WAN and each of its three subnets. It also act as an independent DHCP server on each of the three subnets. Layer 3 Routing Overview The WS 2000 Wireless Switch provides Layer 3 routing support to the N...

WEP 64 (40-bit key) WEP 64 (40-bit key) Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The administrator configures mobile units (MUs) and the WS 2000 Wire...

802.1x with Shared Key Authentication The pair-wise master keys (PMK) generated by this negotiation are used to generate keys used in MAC encryption. In the absence of a RADIUS server, 802.1x is used in a pre-shared key configuration. Administrators configure the master key statically through the co...

KeyGuard-MCM Support When a Kerberos-enabled mobile unit (MU) authenticates with WS 2000 Wireless through an Access Port, the switch initially performs Kerberos authentication, even though the Kerberos server exists as a separate entity on the wired LAN. On initial request from a Kerberos-enabled MU...

Getting Started Overview Chapter 3. Getting Started Getting Started Overview Installing the Switch To install the WS 2000 Wireless Switch hardware, follow the directions in the WS 2000 Wireless Switch Quick Installation Guide found in the box with the switch and on the CD- ROM that is distributed wi...

Getting Started Overview 4. Log in using “ admin ” as the username and “ symbol ” as the password. 5. If the login is successful, the following prompt will be displayed. Enter a new admin password in both fields, and click the Update Password Now button. 6. Once the admin password has been updated, ...

Getting Started Overview 7. Enter a System Name for the wireless switch. The specified name appears in the lower-left corner of the configuration screens, beneath the navigation tree. This name can be a useful reminder if multiple Symbol wireless switches are installed. 8. Enter a text description o...

Step 1: Configure the LAN Interface Configuring the Switch Once the switch is installed, perform the rest of the basic configuration and setup process as indicated in the following procedures. The links go to pages that have detailed information about the particular configuration step. The left menu...

Step 1: Configure the LAN Interface Defining the Subnets Select LAN under the Network Configuration group from the left menu. Use the LAN configuration screen to view a summary of physical-port addresses and Wireless LANs (WLANs) associated with the three supported subnets, and to enable or disable ...

Step 2: Configure Subnets Field Description Interfaces The Interfaces field displays which of the six physical LAN ports are associated with the subnet. The possible ports are: P1 (port 1), P2, P3, P4, P5, and P6 (from left to right facing the front of the switch). The administrator assigns a port t...

Step 2: Configure Subnets 3. Set the Network Mask for the IP address . A network mask uses a series of four numbers that are expressed in dot notation, similar to an IP number. For example, 255.255.255.0 is a network mask. Select a port or WLAN from the Interfaces drop-down menu to associate it with...

Step 2: Configure Subnets Advanced DHCP Settings 1. Click the Advanced DHCP Server button to display a sub-screen to further customize IP address allocation (on right). 2. Specify the address of a Primary DNS server . The Internet Server Provider (ISP) or a network administrator can provide this add...

Step 3: Configure the WAN Interface 5. Use the Static Mappings table to associate static (or fixed) IP addresses with MAC addresses of specific wireless devices. Every wireless, 802.11x-standard device has a unique Media Access Control (MAC) address. This address is the device’s hard-coded hardware ...

Step 4: Enable Wireless LANs (WLANs) Wireless Summary Area The top portion of the window displays a summary of the WLANs that are currently defined. This is the screen in which the administrator can enable or disable a WLAN. At first, three WLANs will be listed WLAN1, WLAN2, and WLAN3; however, only...

Step 5: Configure WLANs Access Port Adoption Use this list to adopt detected Access Ports and to assign them to a particular WLAN. The switch can adopt up to six Access Ports at a time, but the list of allowed Access-Port addresses (displayed in this area) can exceed six in number. A dual-radio 802....

Step 6: Configure WLAN Security Within the WLAN window, the administrator changes both standard and advanced configuration features of the WLAN. Field Description Name Rename the WLAN in this field, if desired. Character spaces are allowed. This change affects several other screens and the interface...

Step 6: Configure WLAN Security Setting the Authentication Method The authentication method sets a challenge-response procedure for validating user credentials such as username, password, and sometimes secret-key information. The WS 2000 Wireless Switch provides two methods for authenticating users:...

Step 6: Configure WLAN Security Kerberos Authentication secret-key cryptography. Using this protocol, a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server use Kerberos to prove their identity, they can encrypt all communication...

Step 6: Configure WLAN Security 4. When finished, click the OK button to close this screen. 5. Specify a Pass Key and click the Generate button. The pass key can be any alphanumeric string. The switch, other proprietary routers, and Symbol cards in mobile units (MUs) use an algorithm to convert an A...

Step 6: Configure WLAN Security 3. Check the Broadcast Key Rotation checkbox to enable or disable the broadcasting of encryption-key changes to mobile units. 4. Specify a time period in seconds for broadcasting encryption-key changes to mobile units. Set key broadcasts to a shorter time interval (at...

Step 6: Configure WLAN Security KeyGuard-MCM KeyGuard-MCM is a proprietary encryption method developed by Symbol Technologies. KeyGuard is Symbol’s enhancement to WEP encryption and can work with any WEP device. This encryption method rotates WEP keys for devices that support the method. This encryp...

Step 7: Configure Access Ports Mobile Unit Access Control List (ACL) Use this list to specify which mobile units can or cannot gain access to the WLAN. The list employs an adoption rule for allowing or denying specific mobile units by way of exception. 1. Select Allow or Deny from the pull-down list...

Step 7: Configure Access Ports • Radio type —This field indicates the wireless protocol that the Access Port follows. The WS 2000 Wireless Switch supports 802.11b and 802.11 a/b dual-radio Access Ports. • Physical port —This field specifies the physical LAN port on the switch to which the Access Por...

Step 8: Configure Subnet Access 6. From this screen, the administrator can change several pieces of information about each Access Port. Field Description Name Administrators can change the names of the Access Ports from Access Port# to something much more descriptive so that they can easily identify...

Step 8: Configure Subnet Access The Access Overview Table In the overview table, each of the rectangles represents a subnet association. The three possible colors indicate the current access level, as defined, for each subnet association. Color Access Type Description Green Full Access No protocol e...

WLAN—How to Configure Advanced Settings Chapter 4. Advanced Configuration WLAN—How to Configure Advanced Settings The lower section of the WLAN screen provides several settings that the administrator might need to modify; however, the default settings are usually sufficient for most installations. 1...

WLAN—Setting Default Access Port Settings 5. Use the Multicast Address 1 and Multicast Address 2 to specify one or two MAC addresses to be used for multicast applications. Some VoIP devices make use of multicast addresses. This mechanism ensures that the multicast packets for these devices are not d...

WLAN—Setting Default Access Port Settings 5. Check the Antenna Diversity checkbox to enable Antenna Diversity if the Access Port has an external antenna. Antenna Diversity should only be enabled if the Access Port has two matching external antennas. 6. Check the Support Short Preamble checkbox to al...

WLAN—Setting Default Access Port Settings 8. Set the beacon values as indicated in the table below. Beacon Interval A beacon is a packet broadcast by the adopted access ports to keep the network synchronized. Included in a beacon is information such as the WLAN service area, the access-port address,...

WLAN—Advanced Access Port Settings Primary WLAN Set the Primary WLAN field when the 802.11a broadcast protocol is used. When a WLAN is associated with a 801.11a broadcaster only one ESSID can be broadcast from the Access Port (even though three are supported by the switch) . This field specifies whi...

WLAN—Advanced Access Port Settings 8. Set the Access Port beacon settings by clicking on the Beacon Settings button. The following window appears. 9. Set the beacon values as indicated in the table below. Beacon Interval A beacon is a packet broadcast by the adopted access ports to keep the network ...

Gateway—How to Configure Network Address Translation (NAT) Primary WLAN Set the Primary WLAN field when the 802.11a broadcast protocol is used. When a WLAN is associated with a 801.11a broadcaster only one ESSID can be broadcast from the Access Port (even though three are supported by the switch) . ...

Gateway—How to Configure the WS 2000 Firewall Gateway—How to Configure the WS 2000 Firewall The WS 2000 Wireless Switch provides a secure firewall / Network Address Translation (NAT) solution for the WAN uplink. The firewall includes a proprietary CyberDefense Engine to protect internal networks fro...

Gateway—How to Configure the WS 2000 Firewall Configurable Firewall Filters The administrator can enabled or disabled the following filters. By default, all these filters are activated. If it reasonable to turn off the filters if one of the following things is true: • The switch is on a completely i...

Gateway—How to Configure Static Routes MIME Flood Attack Check A MIME flood attack uses an improperly formatted MIME header in “sendmail” to cause a buffer overflow on the destination host. • Use the Max Header Length field to set the maximum allowable header length. Set this value to be at least 25...

Gateway—How to Configure Static Routes Defining Routes The User Defined and RIP Routes area of the screen allows the administrator to view, add or delete internal static (dedicated) routes, and to enable or disable routes that are generated using the Routing Information Protocol (RIP). If RIP is ena...

Security—How to Configure 802.1x EAP Authentication RIP v2 (v1 compat) RIP version 2 (compatible with version 1) is an extension of RIP v1’s capabilities, but it is still compatible with RIP version 1. RIP version 2 increases the amount of packet information to provide the a simple authentication me...

Security—How to Configure 802.1x EAP Authentication 3. Click the 802.1x EAP Configuration button to display a sub-screen for specific authentication settings. 4. Check the Enable Reauthentication check box to enable this authentication method. 5. Set the EAP reauthentication period to match the appr...

Security—How to Configure Kerberos Authentication Security—How to Configure Kerberos Authentication Kerberos provides strong authentication method for client/server applications by using secret-key cryptography. Using this protocol, a client can prove its identity to a server (and vice versa) across...

System Administration Chapter 5. System Administration Overview The WS 2000 Network Management System provides several screens for administering the switch and monitoring activity on the switch. From the interface the administrator can: • Change the general system settings, such as the name of the s...

System Administration Location Description Lower LED This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) support to devices (such as Access Ports). The LED has several states: ! OFF — A non-power device (or no device) is connected; no power is being delivered...

System Administration Change the Location and Country Settings of the WS 2000 When the administrator first logs into the WS 2000 Network Management System, the System Settings screen appears. One of the fields in this screen is the Country field. This field is set to the country in which the switch ...

System Administration How to Restart the WS 2000 Wireless Switch During the normal course of operations, the administrator might need to restart or reset the switch. For example, changing certain configuration settings can require restarting the switch for those settings to take effect. 1. Select Sy...

System Administration Checking for and Downloading Firmware updates The switch administrator should check for firmware updates for the WS 2000 Wireless Switch on a monthly basis, as follows: 1. Select System Configuration --> Firmware Update or Network Configuration --> System Settings from th...

System Administration 6. Specify whether the site is on the WAN or is on one of the subnets associated with the switch by selecting the appropriate choice from the drop-down menu to the right of the radio button. 7. Specify the IP address or domain name of the system that has the update file. 8. Spe...

System Administration To Import or Export Settings to an FTP Site Use the following procedure for exporting the switch’s configuration settings. 1. Specify the name of the log Filename to be written to or read from the FTP server. 2. Specify the Server IP address of the FTP server to which the log f...

System Administration How to Restore Default Configuration Settings Although it should not be necessary during the normal course of operations, the administrator might need to return to the default configuration settings of the switch. To do so, see the directions below: 1. Consider saving the curre...

System Administration Restoring Default Configuration Settings Using the Command Line Interface Although it should not be necessary during the normal course of operations, the administrator might need to restore the default configuration settings of the switch. This procedure is typically performed ...

System Administration Remote Administration How to Configure SNMP Traps The Simple Network Management Protocol (SNMP) facilitates the exchange of management information between network devices. SNMP allows an administrator to manage network performance, find and solve network problems, and plan for ...

System Administration 1. To create a new community definition, click the Add button in the SNMP v1/v2c Community Configuration area. 2. Specify a site-appropriate name for the community. 3. Use the OID (Object Identifier) pull-down list to select either All or Custom . If All is selection, the commu...

System Administration Setting Up the Access Control List To set up the Access Control list as specified by a range of IP addresses, click the SNMP Access Control button at the bottom of the SNMP Access screen. The SNMP Access Control screen appears: 1. Click the Add button to create a new entry in t...

System Administration SNMP Traps MU Traps AP Traps 3. Check the traps to enable. Trap Category Trap Name Generates a Trap when… SNMP Traps Cold Start The switch’s router reinitializes while transmitting, possibly altering the agent’s configuration or protocol entity implementation. SNMP ACL violatio...

System Administration Trap Trap Name Generates a Trap when… Category MU Traps MU associated An MU becomes associated with one of the switch’s Wireless Local Area Networks (WLANs). MU unassociated An MU becomes unassociated with (or gets dropped from) one of the switch’s WLANs. MU denied association ...

System Administration Setting the Trap Configuration for SNMP V3 To set the trap notification destination for the SNMP v3 servers, add one or more entries to SNMP v3 Trap Configuration table. 1. Click the Add button to add a new entry to the table. 2. Specify a Destination IP addresses for the syste...

System Administration Configure Management Access The WS 2000 Network Management System runs from a standard Web browser. Any individual on an enabled subnet or over the WAN can access the log screen by specifying one of the IP addresses associated with the user interface. The WS 2000 Access screen ...

System Administration Setup AirBEAM Software Access Symbol’s AirBEAM software suite is a comprehensive set of mobility management tools that maximize the availability, security and effectiveness of a wireless network. The fields in this section of the screen allow the administrator to enable access ...

System Administration There are four areas on the screen. The Information area shows general information about the Access Port. The Received and Transmitted areas of the screen display statistics for the cumulative packets, bytes, and errors received and transmitted through the Access Port. The Asso...

System Administration Received and Transmitted Tables The Received and Transmitted areas of the screen display statistics for the cumulative Access Port statistics, since the Access Port was last adopted or the switch was last rebooted . Received Field Description RX Packets Total number of data pac...

System Administration The Received and Transmitted portions of the screen display statistics for the cumulative packets, bytes, and errors received and transmitted through the access port for the associated mobile unit since it last gained access to the switch-managed network . Field Description WLA...

System Administration The Information portion of the Subnet Stats screen displays general information about the subnet. • The HW address is the Media Access Control (MAC) address of the switch’s WAN port, which is set at the factory. • The IP addresses displayed here for the subnet connection are se...

System Administration Transmitted Field Description TX Errors The total number of errors including dropped data packets, buffer overruns, and carrier errors that fail on outbound traffic TX Dropped The number of data packets that fail to get sent from the subnet TX Overruns The total number of buffe...

System Administration Transmitted Field Description TX Overruns The total number of buffer overruns (when packets are sent faster than the WAN interface can handle them) TX Carrier The total number of TCP/IP data carrier errors received Setting Up and Viewing the System Log The WS 2000 Network Manag...

System Administration Setting Up a Log Server To keep a complete history of the events that are logged by the switch, the administrator needs to set up an external system log on a server. The server listens for incoming switch-generated syslog messages on a UDP port (514 by default), and then decode...

Retail Use Cases Chapter 6. Retail Use Cases Background In the past, CCC clothing stores have used POS terminals with a 10BaseT Ethernet connection to an in-house server. Management has decided to install wireless networking in the stores. Wireless point of sale (POS) terminals and printers will all...

Retail Use Cases The Plan Clarisa is the employee assigned to implement the new network in San Jose. She needs three very different security policies. Wireless security policies are part of a WLAN configuration, so she will need three different WLANs. • WLAN #1: Confidential information, such as cre...

Retail Use Cases Configuring the System Settings Contacting the Wireless Switch Clarisa sets up a direct network link between her laptop and the switch, plugging the cable into one of the local, non-WAN, ports. The switch defaults to having all the LAN ports on the first subnet and that subnet havin...

Retail Use Cases Clarisa starts her web browser and enters “http://192.168.0.1/” as the URL. The WS 2000 sends a login page to her browser. She logs in using “admin” for the username and “symbol” as the password. Entering the Basic System Settings Clarisa selects System Settings in the left menu, lo...

Retail Use Cases Setting Access Control In the WS 2000 Access screen, Clarisa controls which network interfaces can be used to reconfigure the WS 2000 switch. She is currently using HTTP access on port 80 over the LAN, so she leaves that on. She wants to be able to manage the switch from corporate h...

Retail Use Cases Clarisa clicks the Apply button to save her changes. Clarisa leaves the rest of the System Configuration screens for now, moves to the left menu, and clicks the “+” to the left of Network Configuration so that she can begin to define the subnets. Configuring the Subnets The IP Addre...

Retail Use Cases And for each subnet: 192.168.**.1 The subnet itself 192.168.**.2 to 192.168.**.10 Static IP addresses 192.168.**.11 to 192.168.**.254 DHCP-supplied IP addresses on the subnet With this plan, she can begin to configure the individual subnets Configuring POS Subnet Clarisa selects the...

Retail Use Cases The Default Gateway is already set to the subnet address. This is the IP address to which the DHCP clients on this subnet will forward their outbound traffic. Clarisa fills in the DNS Server addresses that corporate has specified. This will also be supplied to the DHCP clients. The ...

Retail Use Cases After entering the Address Assignment Range , Clarisa clicks Advanced DHCP Server . Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 94 WS 2000 Wireless Switch : 1.0 Date of last Revision: March 2004

Retail Use Cases Clarisa enters the DNS server IP addresses and leaves the Default Gateway and DHCP Lease Time at their defaults. She clicks Ok in the Advanced DHCP Server window and then Apply in the Subnet window to save her changes. Now Clarisa will configure the Cafe subnet. Configuring the Cafe...

Retail Use Cases Clarisa clicks Advanced DHCP Server and enters the DNS server IP addresses. The Default Gateway is fine. However, Clarisa expects the cafe patrons to come and go frequently, so she reduces the IP address lease time to 1800 seconds. This means that a DHCP client mobile unit will give...

Retail Use Cases Clarisa clicks the Ok button in the Advanced DHCP Server window, then on the Apply button in the subnet screen to save her choices. The subnets are now configured. Next Clarisa configures the WAN interface. Configuring the WAN Interface Now Clarisa selects the WAN node in the left m...

Retail Use Cases If corporate had not paid their ISP for a static IP address for each store, she would have selected the This interface is a DHCP Client option and the WAN configuration information would have been assigned by the ISP each time they connected to the Internet. Clarisa clicks the Apply...

Retail Use Cases After she makes this selection a new button appears, labeled 1 to Many Mappings . She selects the 1 to Many Mappings button: If Clarisa had more than one static IP address, she would have been able to assign several to the WAN interface. This screen is used to choose how the interna...

Retail Use Cases Inspecting the Firewall Clarisa selects the Firewall item in the left menu. Each of the checkbox items represents a type of attack the WS 2000 can filter out. She checks to see that all of the options are enabled. Clarisa clicks the Apply button to confirm that all attacks listed wi...

Retail Use Cases All of the Access Ports will be indoors, so she specifies Placement as Indoors. She leaves Channel set to one and will reset each Access Port to a different 802.11b channel later. She sets the power level to 100mW, the maximum level allowed in the US. She leaves the Slowest Supporte...

Retail Use Cases In the Access Port Properties section, Clarisa enters a new name for the Access Port and a brief description of its permanent location. In the Advanced Access Port Properties section, Clarisa sets the Channel to 3. She knows that the store uses cordless phones that transmit on chann...

Retail Use Cases She clicks the Apply button to save her changes. Configuring the Cafe Access Port Finally, she names the third Access Port “Cafe AP” and sets Channel to 9. In this case she makes sure Support Short Preamble is not selected. There are two preambles in use in the wireless world, an ol...

Retail Use Cases Again, she clicks the Apply button to save her changes. Associating the Access Ports to the WLANs Now Clarisa selects the Wireless item in the left menu. This screen indicates which Access Ports are associated with which WLANs. First Clarisa looks in the Summary section of the scree...

Retail Use Cases Clarisa clicks the Apply button to save her choices. Configuring the WLANs Configuring the Cafe WLAN Clarisa clicks the “+” to the left of the Wireless menu item in the left menu. She selects the third WLAN. This is the WLAN that she plans to use for the cafe WLAN. The WLAN name is ...

Retail Use Cases She clicks the Apply button to save her choices. Clarisa goes to the left menu and clicks the “+” to the left of the Cafe WLAN node. A menu item labeled Cafe Security appears and Clarisa selects it. She confirms that the Cafe Security screen shows that no authentication and no encry...

Retail Use Cases Clarisa clicks the Apply button to confirm her choices. Clarisa clicks the “+” to the left of the Printer WLAN menu item and selects the Printer Security item. In the screen that displays, Clarisa selects no authentication. She enters the MAC numbers of the wireless printers in the ...

Retail Use Cases she will configure all of the mobile units on this WLAN with the correct ESSID, so she disallows this option, potentially keeping a cafe customer out of the POS WLAN. The options for Multicast Addresses are designed for compatibility with some VoIP phones. Clarisa does not know if t...

Retail Use Cases For the POS subnet and the Printer subnet, she selects Allow all protocols when going to the WAN, the POS subnet, and the Printer subnet. After specifying all of the subnet access rules, she clicks the Apply button to save her changes. Copyright © 2004 Symbol Technologies, Inc. All ...

Retail Use Cases Configuring the Clients Clarisa has now finished configuring the switch. Next, she configures the wired clients. Going to each device, she gives it the IP address and other networking information that it will need to communicate with the switch: Client IP Address Subnet Mask Gateway...

A Field Office Example Chapter 7. A Field Office Example Background Leo is the network administrator, system administrator, and IT professional for a field office with 60 employees. The users include sales people, sales engineers, office administration and customer support people. All of the sales p...

A Field Office Example Leo launches his web browser and enters “http://192.168.0.1/” as the URL. He logs in using “admin” for the username and “symbol” as the password. Entering the Basic System Settings Leo clicks the “+” to the left of System Configuration in the left menu, then selects System Set...

A Field Office Example Setting Access Control Leo then clicks the WS 2000 Access node in the left menu. This controls which subnet can be used to reconfigure the WS 2000 switch and how that reconfiguration can be accomplished. Leo will be inside the LAN, so he leaves on all means of reconfiguring fr...

A Field Office Example Leo then changes the switch passwords from the default to something relatively secure, something with letters, numbers, and punctuation marks in it. Leo clicks the Update Password Now button to register the password change, then on the Apply button in the WS 2000 Access screen...

A Field Office Example Configuring the LAN Leo clicks the “+” to the left of Network Configuration in the left menu. It expands and he selects the LAN item. This screen shows the subnets, their IP addresses, and the network interfaces (the 10/100BaseT ports and the WLANs) that are currently associat...

A Field Office Example There is no reason to set up static DHCP mappings now. These would permanently lease an IP address to a client with a specific MAC address. Leo clicks the OK button on the Advanced DHCP Server window, then the Apply button on the subnet window. Copyright © 2004 Symbol Technolo...

A Field Office Example Configuring the Sales Subnet The sales and marketing subnet is configured exactly the same way as the engineering subnet, though with a different name and a different IP address range. Leo selects the Advanced DHCP Server button and follows the same procedures as he did for th...

A Field Office Example Again, Leo fills out the advanced DHCP screen as he did for the two previous subnets. Leo clicks the OK button on the Advanced DHCP Server window, then the Apply button on the subnet window. The next step is to configure the WAN interface. Configuring the WAN Next Leo configur...

A Field Office Example Leo has three addresses for this switch. He plans to use one address for the traffic from each of the subnets. He selects the More IP Addresses button and enters the other two IP addresses: He clicks Ok button in the address window, then the Apply button on the WAN window to s...

A Field Office Example Setting Up Network Address Translation After entering the IP addresses for the WAN interface, Leo clicks the “+” left of the WAN item in the left menu to expand it. He then selects the NAT item. The WS 2000 displays the three IP addresses he entered when configuring the WAN. E...

A Field Office Example Leo clicks any of the NAT Ranges button to the right of the IP addresses. The 1 to Many Outbound Mappings window displays. Leo uses the pull-down menu to set the outbound IP address for each subnet. These are the same as the inbound IP addresses that he specified when he confi...

A Field Office Example Confirm Firewall Configuration After setting the NAT ranges, Leo selects Firewall under WAN in the left menu. The WS 2000 displays a series of Firewall Filters, all of which are currently enabled. Leo examines the list and sees no reason to turn off any of the filters. He clic...

A Field Office Example Security The next step is to set security for the engineering WLAN. He selects the “+” to the left of EngWLAN in the left menu to display the EngWLAN Security item. Leo selects that item and the security screen appears. Leo selects 802.1x EAP as the authentication method and W...

A Field Office Example Leo clicks the OK button to save the 802.1x EAP settings. Leo then clicks the WPA-TKIP Settings button. WPA-TKIP constantly changes keys, but requires an initial key, known to both ends of the communication. If Leo was not using 802.1X EAP user authentication, that initial key...

A Field Office Example He does not change the Antenna Diversity setting, Short Preamble setting, the RTS Threshold , or the Beacon Settings . These parameters control some of the broadcast mechanics of an 802.11 communication between mobile units and Access Ports. In most cases, there is no reason t...

A Field Office Example Leo clicks the Apply button to save the configuration for this Access Port. Leo then selects the third Access Port in the left menu. This will be the sales and marketing Access Port. Leo configures it similarly, but uses channel 60. Leo clicks Apply to save his changes. To avo...

A Field Office Example Leo clicks the Apply button to save the changes for the administration Access Port. Since all of the Access Ports are 802.11a Access Ports, Leo assigned the channels to minimize cross-channel interference. The channel assignments are listed in the table below: Access Port Chan...

A Field Office Example Configuring Subnet Access Leo selects the Subnet Access item in the left menu. The subnet access defaults to the configuration that Leo prefers. Every subnet has access to every other subnet and access to the WAN. Leo clicks the Apply button to confirm this configuration. If L...

A Field Office Example He could then enter the user-based or protocol-based restrictions in the EngSN --> WAN section. Since Leo does not need to make any changes, there is nothing more to be done. Installing the Access Ports and Testing The switch is now configured! Leo connects the switch’s WAN...

Sample Configuration File Appendix A. Sample Configuration File All of the configuration settings for the WS 2000 Wireless Switch can be saved to a configuration file, and then either imported back into the same switch or transferred to another switch. Below is a sample configuration file that has b...

Sample Configuration File / system ntp // NTP menu set mode disable set server 1 0.0.0.0 set server 2 0.0.0.0 set server 3 0.0.0.0 set port 1 123 set port 2 123 set port 3 123 / system snmp access // SNMP ACL configuration delete acl all // SNMP v1/v2c configuration delete v1v2c all add v1v2c public...

Index Index SYN flood ........................................ 53 104-bit shared key ................................ 15 Winnuke ........................................... 53 40-bit shared key .................................. 15 authentication 802.11a specification support ............... 11 RADI...

Index setting up communication ................ 18 dimensions, physical .............................. 8 interfaces, subnets ................................ 82 downloads, firmware ............................ 65 IP unaligned timestamp check ............. 53 EAP authentication Kerberos authenticatio...