Symbol Technologies WS 2000 User Manual

WS 2000 Wireless Switch

System Reference

WS 2000 Wireless Switch Version 1.0

72E-67701-01

Rev A

March 2004

www.symbol.com

Copyright © 2004 by Symbol Technologies, Inc. All rights reserved. No part of this publication may be modified or adapted in any way, for any purposes without permission in writing from Symbol Technologies, Inc. (Symbol). The material in this manual is subject to change without notice. Symbol reserves the right to make changes to any product to improve reliability, function, or design. No license is granted, either expressly or by implication, estoppels, or otherwise under any Symbol Technologies, Inc., intellectual property rights. An implied license only exists for equipment, circuits and subsystems contained in Symbol products. Symbol and the Symbol logo are registered trademarks of Symbol Technologies, Inc.

Patents

This product is covered by one or more of the following U.S. and foreign Patents: U.S. Patent No. 4,593,186; 4,603,262; 4,607,156; 4,652,750; 4,673,805; 4,736,095; 4,758,717; 4,760,248; 4,806,742; 4,816,660; 4,845,350; 4,896,026; 4,897,532; 4,923,281; 4,933,538; 4,992,717; 5,015,833; 5,017,765; 5,021,641; 5,029,183; 5,047,617; 5,103,461; 5,113,445; 5,130,520; 5,140,144; 5,142,550; 5,149,950; 5,157,687; 5,168,148; 5,168,149; 5,180,904; 5,216,232; 5,229,591; 5,230,088; 5,235,167; 5,243,655; 5,247,162; 5,250,791; 5,250,792; 5,260,553; 5,262,627; 5,262,628; 5,266,787; 5,278,398; 5,280,162; 5,280,163; 5,280,164; 5,280,498; 5,304,786; 5,304,788; 5,306,900; 5,324,924; 5,337,361; 5,367,151; 5,373,148; 5,378,882; 5,396,053; 5,396,055; 5,399,846; 5,408,081; 5,410,139; 5,410,140; 5,412,198; 5,418,812; 5,420,411; 5,436,440; 5,444,231; 5,449,891; 5,449,893; 5,468,949; 5,471,042; 5,478,998; 5,479,000; 5,479,002; 5,479,441; 5,504,322; 5,519,577; 5,528,621; 5,532,469; 5,543,610; 5,545,889; 5,552,592; 5,557,093; 5,578,810; 5,581,070; 5,589,679; 5,589,680; 5,608,202; 5,612,531; 5,619,028; 5,627,359; 5,637,852; 5,664,229; 5,668,803; 5,675,139; 5,693,929; 5,698,835; 5,705,800; 5,714,746; 5,723,851; 5,734,152; 5,734,153; 5,742,043; 5,745,794; 5,754,587; 5,762,516; 5,763,863; 5,767,500; 5,789,728; 5,789,731; 5,808,287; 5,811,785; 5,811,787; 5,815,811; 5,821,519; 5,821,520; 5,823,812; 5,828,050; 5,848,064; 5,850,078; 5,861,615; 5,874,720; 5,875,415; 5,900,617; 5,902,989; 5,907,146; 5,912,450; 5,914,478; 5,917,173; 5,920,059; 5,923,025; 5,929,420; 5,945,658; 5,945,659; 5,946,194; 5,959,285; 6,002,918; 6,021,947; 6,029,894: 6,031,830; 6,036,098; 6,047,892; 6,050,491; 6,053,413; 6,056,200; 6,065,678; 6,067,297; 6,082,621; 6,084,528; 6,088,482; 6,092,725; 6,101,483; 6,102,293; 6,104,620; 6,114,712; 6,115,678; 6,119,944; 6,123,265; 6,131,814; 6,138,180; 6,142,379; 6,172,478; 6,176,428; 6,178,426; 6,186,400; 6,188,681; 6,209,788; 6,209,789; 6,216,951; 6,220,514; 6,243,447; 6,244,513; 6,247,647; 6,308,061 6,250,551; 6,295,031; 6,308,061; 6,308,892; 6,321,990; 6,328,213; 6,330,244; 6,336,587; 6,340,114; 6,340,115; 6,340,119; 6,348,773; D305,885; D341,584; D344,501; D359,483; D362,453; D363,700; D363,918; D370,478; D383,124; D391,250; D405,077; D406,581; D414,171; D414,172; D418,500; D419,548; D423,468; D424,035; D430,158; D430,159; D431,562; D436,104.

Invention No. 55,358; 62,539; 69,060; 69,187 (Taiwan); No. 1,601,796; 1,907,875; 1,955,269 (Japan); European Patent 367,299; 414,281; 367,300; 367,298; UK 2,072,832; France 81/03938; Italy 1,138,713 (3/02)

WS 2000 Wireless Switch System Reference Guide

Table of Contents

Chapter 1.

Overview............................................................................................6

WS 2000 Wireless Switch System Reference Guide....................................................6

About this Document.............................................................................................6

Document Conventions.........................................................................................6

System Overview...........................................................................................................7

Management of Access Ports................................................................................7

Hardware Overview.......................................................................................................8

Technical Specifications........................................................................................8

Software Overview ........................................................................................................9

Operating System (OS) Services ..........................................................................9

Cell Controller Services.........................................................................................9

Gateway Services................................................................................................10

Chapter 2. Features .......................................................................................... 11

802.11a Support..........................................................................................................11

802.11b Support..........................................................................................................11

Access Ports................................................................................................................12

Gateway Services........................................................................................................13

Network Address Translation (NAT)....................................................................13

WS 2000 Wireless Switch Firewall......................................................................13

DHCP Client and Server......................................................................................14

Layer 3 Routing ...........................................................................................................14

Overview..............................................................................................................14

SNMP Management Support.......................................................................................14

WEP 64 (40-bit key) ....................................................................................................15

WEP 128 (104-bit Key)................................................................................................15

802.1x with RADIUS Authentication............................................................................15

802.1x with Shared Key Authentication.......................................................................16

Kerberos Authentication..............................................................................................16

KeyGuard-MCM Support.............................................................................................17

Wireless Protected Access (WPA)..............................................................................17

Chapter 3. Getting Started ................................................................................18

Getting Started Overview ............................................................................................18

Installing the Switch.............................................................................................18

Set up Communication to the Switch ..................................................................18

Changing the Administrator Password................................................................20

Configuring the Switch.........................................................................................21

Step 1: Configure the LAN Interface ...........................................................................21

Defining the Subnets...........................................................................................22

Step 2: Configure Subnets ..........................................................................................23

The DHCP Configuration.....................................................................................24

Step 3: Configure the WAN Interface..........................................................................26

Communicating with the Outside World..............................................................26

Setting Up Point-to-Point over Ethernet (PPPoE) Communication.....................27

Step 4: Enable Wireless LANs (WLANs).....................................................................28

Wireless Summary Area......................................................................................29

Access Port Adoption..........................................................................................30

Step 5: Configure WLANs ...........................................................................................30

Step 6: Configure WLAN Security...............................................................................31

Setting the Authentication Method ......................................................................32

Setting the Encryption Method ............................................................................33

WS 2000 Wireless Switch System Reference Guide

Mobile Unit Access Control List (ACL) ................................................................37

Step 7: Configure Access Ports...................................................................................37

Step 8: Configure Subnet Access ...............................................................................39

The Access Overview Table................................................................................40

The Access Exception Area ................................................................................40

Chapter 4. Advanced Configuration..................................................................43

WLAN—How to Configure Advanced Settings............................................................43

WLAN—Setting Default Access Port Settings.............................................................44

WLAN—Advanced Access Port Settings....................................................................47

Gateway—How to Configure Network Address Translation (NAT).............................50

Gateway—How to Configure the WS 2000 Firewall ...................................................52

Always On Firewall Filters...................................................................................52

Configurable Firewall Filters................................................................................53

Gateway—How to Configure Static Routes ................................................................54

Defining Routes...................................................................................................55

Setting the RIP Configuration..............................................................................55

Security—How to Configure 802.1x EAP Authentication............................................56

Security—How to Configure Kerberos Authentication ................................................59

Security—How to Specify a Network Time Protocol (NTP) Server.............................60

Chapter 5. System Administration.....................................................................61

Overview......................................................................................................................61

Switch Settings............................................................................................................61

WS 2000 Wireless Switch LED Functions...........................................................61

Changing the Name of the Switch.......................................................................62

Change the Location and Country Settings of the WS 2000...............................63

How to Restart the WS 2000 Wireless Switch ....................................................64

Updating the WS 2000 Wireless Switch’s Firmware...........................................64

System Configuration..................................................................................................66

Exporting and Importing Wireless Switch Settings..............................................66

How to Restore Default Configuration Settings...................................................68

Restoring Default Configuration Settings Using the Command Line Interface...69

Remote Administration................................................................................................70

How to Configure SNMP Traps...........................................................................70

Configure Administrator Access..........................................................................75

Statistics and Logs ......................................................................................................77

Access Port Statistics..........................................................................................77

Subnet Statistics..................................................................................................80

WAN Statistics.....................................................................................................82

Setting Up and Viewing the System Log.............................................................84

Chapter 6. Retail Use Cases............................................................................. 86

Background..................................................................................................................86

The Plan ......................................................................................................................87

Configuring the System Settings.................................................................................88

Configuring the Subnets..............................................................................................91

Configuring the WAN Interface....................................................................................97

Configuring Network Address Translation (NAT)........................................................98

Inspecting the Firewall...............................................................................................100

Configuring the Access Ports....................................................................................100

Configuring the WLANs.............................................................................................105

Configuring the Printer WLAN...........................................................................106

Configuring the POS WLAN..............................................................................107

Setting Subnet Access ..............................................................................................108

Configuring the Clients......................................................................................110

Testing Connections..................................................................................................110

WS 2000 Wireless Switch System Reference Guide

Chapter 7. A Field Office Example..................................................................111

Background................................................................................................................111

The Plan ....................................................................................................................112

Configuring the System Settings...............................................................................113

Setting Access Control......................................................................................115

Configuring the LAN..................................................................................................117

Configuring the WAN.................................................................................................121

Setting Up Network Address Translation ..................................................................123

Confirm Firewall Configuration..................................................................................125

Adopting Access Ports ..............................................................................................125

Configuring the WLANs.............................................................................................127

Configuring the Access Ports....................................................................................130

Configuring Subnet Access.......................................................................................135

Installing the Access Ports and Testing ....................................................................136

Appendix A. Sample Configuration File.............................................................137

Index 147

WS 2000 Wireless Switch System Reference Guide

Chapter 1. Overview

WS 2000 Wireless Switch System Reference Guide

This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use during the initial setup and configuration of the system. It also serves as a reference guide for the administrator to use while updating or maintaining the system.

About this Document

We recommend viewing this online system reference guide with Internet Explorer 5.0 and higher or Netscape Navigator 4.7 or higher on a Microsoft Windows based PC. Viewing this document under other configurations may produce undesirable results.

Document Conventions

Notes

Notes are displayed in blue italic text and indicate a tip or requirement. Warning Warnings are displayed in red italic text and indicate a loss of data or potential injury. GUI Screen text Indicates monitor screen dialog / output from the graphical user interface accessed from any web browser on the network.

Warnings

Warnings are displayed in red italic text and indicate a loss of data or potential injury.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

GUI Screen text

Indicates monitor screen dialog / output from the graphical user interface accessed from any web browser on the network.

System Overview

The WS 2000 Wireless Switch provides a low-cost, feature-rich wireless switch for sites with one to six Access Ports. The WS 2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks. The switch sits on the network. Wireless Access Ports connect to one of the six available ports on the switch and the external wired network (WAN) connects to a single 10/100 Mbit/sec. WAN port.

Mobile units (MUs) associate with the switch via an Access Port. Once an MU contacts the switch, the switch cell controller services attempt to authenticate the device for access to the network.

The WS 2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch.

Management of Access Ports

This wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless traffic. Four of these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE) support for devices that require power from the Ethernet connection (such as Access Ports). Administrators can configure the six ports to communicate with a private LAN or with an Access Port for a wireless LAN (WLAN). The switch provides three extended service set identifiers (ESSIDs) for each Access Port connected to the switch.

System Overview

Firewall Security

The LAN and Access Ports are placed behind a user configurable firewall that provides stateful packet inspection. The wireless switch performs network address translation (NAT) on packets passing to and from the WAN port. This combination provides enhanced security by monitoring communication with the wired network.

Wireless LAN (WLAN) Security

Administrators can configure security settings independently for each ESSID. Security settings and protocols available with this switch include:

• Kerberos

• WEP-40

• WEP-128

• 802.1x with RADIUS

• 802.1x with Shared Key

• KeyGuard-MCM

• WPA

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Hardware Overview

The WS 2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or router). It includes the following features:

Hardware Overview

• One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other Layer 2/3 network device.

• Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af “Power over Ethernet” (PoE) support; the other two do not provide power.

• Each port has two LEDs, one indicating the speed of the transmission (10 or 100 Mbit/sec.), the other indicating whether there is activity on the port. The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.)

• A DB-9 serial port for direct access to the command-line interface from a PC. Use Symbol’s Null-Modem cable (Part No. 25-632878-0) for the best fitting connection.

• A CompactFlash slot that provides AirBeam™ support.

Technical Specifications

Physical Specifications

• Width: 203 mm

• Height: 38 mm

• Depth: 286 mm

• Weight: 0.64 kg

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Power Specifications

• Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A

• Operating Voltage: 48 VDC

• Operating Current: 1A

• Peak Current: 1.6A

Environmental Specifications

• Operating Temperature: 0ºC to 40ºC

• Storage Temperature: -40ºC to 70ºC

• Operating Humidity: 10% to 85% Non-condensing

• Storage Humidity: 10% to 85% Non-condensing

• Operating Altitude: 2.4 km

• Storage Altitude: 4.6 km

Software Overview

The WS 2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components:

Operating System (OS) Services

OS Services determine how the WS 2000 Wireless Switch communicates with existing network and operating system-centric software services, including:

• Dynamic Host Configuration Protocol (DHCP)

• Telnet and File Transfer Protocol (FTP/TFTP) servers

• The Simple Network Time Protocol (SNTP) client, used to keep switch time

synchronized for Kerberos authentication

Cell Controller Services

The Cell Controller provides the ongoing communication between mobile units (MUs) on the Wireless LAN (WLAN) and the wired network. Cell Controller services perform the following:

• Initialize the Access Ports

• Maintain contact with Access Ports by sending a synchronized electronic “heartbeat” at

regular intervals

• Track MUs when they roam from one location to another

• Manage security schemes based on system configuration

• Maintain system statistics

• Store policies and Access Port information

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Gateway Services

Gateway services provide interconnectivity between the Cell Controller and the wired network, and include the following:

• System management through a web-based Graphical User Interface (GUI) and SNMP

• 802.1x RADIUS client

• Security, including Secure Sockets Layer (SSL) and Firewall

• Network Address Translation (NAT), DHCP services, and Layer 3 Routing

Software Overview

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Chapter 2. Features

802.11a Support

802.11 is a family of specifications for wireless local area networks (WLANs) developed by

a working group of the Institute of Electrical and Electronics Engineers (IEEE). The four current specifications include: 802.11, 802.11a, 802.11b, and 802.11g. All four use the Ethernet protocol and carrier sense multiple access with collision avoidance (CSMA/CA) for path sharing, which allows a number of network users to pass packets on the network simultaneously.

The 802.11a specification applies to wireless systems, and is used in access hubs and other network components. 802.11a operates at radio frequencies between 5 GHz and 6 GHz, using a modulation scheme that provides for data speeds of 6, 9, 12, 18, 22, 24, 36, 48, and 54 Mbps.

The WS 2000 Wireless Switch fully supports the 802.11a specification for association with Symbol’s suite of compatible Access Ports and mobile units (MUs).

Specifically, the WS 2000 Wireless Switch supports the following features:

• Management frames: Part of a network packet, management frames provide hardware- and software-specific information shared between the WS 2000 Wireless Switch, Access Ports, and MUs to keep the network operating smoothly.

802.11a Support

• Beacon and DTIM: A uniframe (single-direction) system packet broadcast by the WS 2000 Wireless Switch to keep the network synchronized. A beacon Includes the Net_ID (ESSID), the Access Port address, the broadcast destination addresses, a time stamp, a DTIM (Delivery Traffic Indicator Maps) and the TIM (Traffic Indicator Message)

• Roaming Updates: Provides information to the Access Ports when an MU roams from one Access Port to another

• Power Save Polling (PSP): Helps extend battery life by allowing the radio in an Access Port or MU to idle when not active.

• Voice Prioritization: The WS 2000 Wireless Switch uses a combination of data classifiers, classification groups, and network input and output policies to prioritize voice data.

• Rate Scaling: This feature seeks to connect MUs to the WS 2000 Wireless Switch (via Access Port) at the highest possible rate, automatically scaling to a lower rate when network traffic demands. As signal clarity increases, speed builds to an optimal rate.

• TX power setting: Optimizes the output power for any environment.

802.11b Support

802.11 is a family of specifications for wireless local area networks (WLANs) developed by

a working group of the Institute of Electrical and Electronics Engineers (IEEE). The four current specifications include: 802.11, 802.11a, 802.11b, and 802.11g. All four use the Ethernet protocol and provide carrier sense multiple access with collision avoidance (CSMA/CA) for path sharing, which allows a number of network users to pass packets on the network simultaneously.

Access Ports

The 802.11b standard, also called Wi-Fi (Wireless Fidelity), is backward compatible with

802.11. 802.11b uses complimentary code keying (CCK) modulation to provide higher data

speeds (up to 11 Mbps) with less multipath-propagation interference. 802.11b operates at the 2.4 to 2.5 GHz range.

The WS 2000 Wireless Switch fully supports the 802.11b specification for association with Symbol’s suite of compatible Access Ports and mobile units (MUs).

Specifically, the WS 2000 Wireless Switch supports the following features:

• Beacon and DTIM: A uniframe (single-direction) system packet broadcast by the WS 2000 Wireless Switch to keep the network synchronized. A beacon Includes the Net_ID (ESSID), the Access Port address, the Broadcast destination addresses, a time stamp, a DTIM (Delivery Traffic Indicator Maps) and the TIM (Traffic Indicator Message).

• Roaming Updates: Provides information to the Access Ports when an MU roams from one Access Port to another.

• Power Save Polling (PSP): Helps extend battery life by allowing the radio in an Access Port or MU to idle when not active.

• Voice Prioritization: The WS 2000 Wireless Switch uses a combination of data classifiers, classification groups, and network input and output policies to prioritize voice data.

• TX power setting: Optimizes the output power for any environment.

Access Ports

Access Ports are the Symbol devices that pick up wireless transmissions and translate them into Ethernet frames that are sent to the wireless switch for processing and routing. The packets destined for wireless networks are sent back to the Access Ports where they are transmitted.

Access Ports may be connected directly to the WS 2000 Wireless Switch or through a PoE (Power over Ethernet) hub connected to the WS 2000. Up to six Access Ports can be connected to this wireless switch.

When an Access Port is attached to a switch, it sends out a “boot me” packet as a broadcast message. This packet specifies the hardware model of the port and its MAC address. When the WS 2000 Wireless Switch receives a “boot me” packet, it uploads the appropriate firmware for the Access Port. Once complete, the Access Port becomes active.

For an Access Port to be adopted by the WS 2000 Wireless Switch, three things must be configured:

1. The Country field in the System Settings screen must be set.

2. The Access Port’s MAC address must be set as one of the addresses that can be adopted

by one of the enabled WLANs. (see Step 4)

3. A WLAN that can adopt Access Port must be associated with an enabled subnet. (see

Step 5)

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Gateway Services

Network Address Translation (NAT)

NAT provides the translation of an Internet Protocol (IP) address within one network to a different, known IP address within another network. One network is designated the private network, while the other is the public. NAT provides a layer of security by translating local, private network addresses to one or more global, public IP addresses through a corporate firewall. The translation process provides an opportunity to authenticate outgoing or incoming requests or match these requests to a previous request. NAT allows a company to use a single IP address to communicate with the Internet community.

The WS 2000 Wireless Switch provides service, or forward, and reverse NAT translation on packets to and from the WAN and is fully compliant with RFC 1631.

WS 2000 Wireless provides network administrators with the following implementation options:

• Mapping up to 8 public IP addresses to private IP address ranges.

• Client IP addresses on the private side have IP addresses translated to ports or IP

addresses on the WAN. Administrators can configure connections to originate from either end.

Gateway Services

• One-to-one mapping with a private IP address or a range of private IP addresses.

• Private side IP address can belong to any of the private side subnets.

• Ranges can be specified from each of the private side subnets.

WS 2000 Wireless Switch Firewall

The firewall includes a proprietary CyberDefense Engine to protect internal networks from known Internet attacks, including FTP Bounce, MIME Flood, IP Spoofing, Land Attack, Ping of Death, Reassembly, SYN Flooding, and Winnuke. It also provides additional protection by performing the following checks: source routing, IP unaligned timestamp, and sequence number prediction.

Firewall features include:

Stateful Inspection Engine

The firewall inspects incoming packets based on security policies before processing them in higher-level protocols. This feature significantly boosts performance, as packets do not require copying from the operating system to user space for inspection.

Access Policies

Access policies define how network services, including source and destination IP addresses, range or subnet IP address, ports, and access time windows, work. Administrators organize the user community in different user groups and define access policies on per user group basis.

Administration Management

Administrators change access policies locally or remotely, using the web-based user interface (UI) or by modifying text-based configuration files.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

DHCP Client and Server

The WS 2000 Wireless Switch can act as a DHCP client on the WAN and each of its three subnets. It also act as an independent DHCP server on each of the three subnets.

Layer 3 Routing

Overview

The WS 2000 Wireless Switch provides Layer 3 routing support to the Network Address Translation (NAT) and Firewall modules. Layer 3 refers to a network layer that selects routes and quality of service based on knowing the address of the neighboring nodes in the network. This routing provides recognition and forwards incoming messages to the Transport layer for local host domains.

Routing Information Protocol (RIP) Support

Layer 3 supports RIP, a widely used protocol for managing router information within a selfcontained network or a group of networked LANs.

Using RIP, the WS 2000 Wireless Switch sends a routing table with information containing all the hosts it is configured to identify to the closest LAN host. The LAN host passes the information on to the next closest LAN host until all hosts within the network have the same knowledge of routing paths, a condition referred to as network convergence. Network components distribute routing table information at preset intervals to maintain convergence. To route a packet to a specified destination, each host with a router in the network uses the routing table information to determine the destination host location.

Layer 3 Routing

SNMP Management Support

Simple Network Management Protocol (SNMP) is the protocol governing network management and the monitoring of network devices and their functions. SNMP defines the method for obtaining information about network operating characteristics and lets administrators change parameters for routers and gateways.

SNMP uses the Management Information Base (MIB), or formal description of a set of network objects that represent the switch components, to facilitate network management in any wireless network environment.

SNMP management features include:

• Allowing gets, or the ability to retrieve data from a remote host given its host name and authentication information

• Allowing sets, or the ability to modify information on a remote host

• A web-based user interface (UI) for viewing traps, which network entities use to signal

abnormal conditions to management stations. Administrators define trap conditions in the MIB.

The WS 2000 Wireless Switch provides management support for SNMP versions 1, 2, and

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

WEP 64 (40-bit key)

Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to use the same key.

WEP encrypts the wireless transmissions, but still allows communication among compatible wireless LAN clients and MUs from third-party manufacturers that are 802.11b certified.

40-bit Shared Key requires encryption be set up in one of the following ways:

• String: For use only with other Symbol Technologies wireless LAN devices, an encryption string is a case-sensitive string of characters between 6 and 30 characters long.

• Shared keys: Hexadecimal keys are sequences of hexadecimal digits arranged into four keys. A hexadecimal digit could be a letter from A to F or a number from 0 to 9. This type of encryption is compatible with equipment from other manufacturers that use WiFi certified 40-bit encryption.

WEP 128 (104-bit Key)

Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The administrator configures the MU and switch to use the same key. 104bit Shared Key provides a higher level of security than the 40-bit Shared Key option and uses a more complicated encryption scheme.

WEP 64 (40-bit key)

WEP encrypts the wireless transmissions, but still allows communication among compatible wireless LAN clients and MUs from third-party manufacturers that are 802.11b certified.

WEP 128 requires encryption be set up in one of the following ways:

• String: For use only with other Symbol Technologies wireless LAN devices, an encryption string is a case-sensitive string of characters between 6 and 30 characters long.

• Shared keys: Hexadecimal keys are sequences of hexadecimal digits arranged into four keys. A hexadecimal digit could be a letter from A to F or a number from 0 to 9.

802.1x with RADIUS Authentication

RADIUS is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate RADIUS-enabled mobile units (MUs) and authorize their access to the requested system or service.

When an MU authenticates with a WS 2000 Wireless Switch through an Access Port, the switch initially performs RADIUS authentication, even though the RADIUS server exists as a separate entity on the wired LAN. This RADIUS server maintains user profiles in a central database that all remote servers can share. This centralized location provides better security by using a policy-based implementation through a single administered network point.

The RADIUS server on the wired LAN communicates with the WS 2000 Wireless Switch RADIUS client, passing authentication information from the MU. A successful negotiation authenticates the MU.

802.1x with Shared Key Authentication

The pair-wise master keys (PMK) generated by this negotiation are used to generate keys used in MAC encryption. In the absence of a RADIUS server, 802.1x is used in a preshared key configuration. Administrators configure the master key statically through the configuration or the key is obtained through negotiation from an external RADIUS server in compliance with 802.1x.

The WS 2000 Wireless Switch uses the Remote Authentication Dial-In User Service (RADIUS) to authenticate 802.1x-enabled MUs.

802.1x with Shared Key Authentication

Shared key authentication, part of the Wired Equivalency Privacy (WEP) algorithm, provides a basic means of data encryption to improve data security for a Wireless LAN (WLAN). The shared key algorithm performs data encryption and decryption. A wireless device with a valid shared key is allowed to associate with the WS 2000 Wireless Switch and access services on the wired LAN.

Using shared key authentication, an administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to share the same key. The MU authenticates by presenting the key to a WS 2000 Wireless Switch. The switch examines the key, and uses it to perform a checksum, or error-checking operation, by comparing the key to one on the switch. The MU accesses network services only when the key passes the checksum process.

The WS 2000 Wireless Switch uses shared key authentication when there is no RADIUS server on the wired LAN.

Kerberos Authentication

The Kerberos authentication service protocol (specified in RFC 1510) provides a secure means for authenticating users/clients in a wireless network environment.

With Kerberos, a client (generally either a user, a service, or a user requesting any number of network services) within the Kerberos Realm sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the Ticket Granting Server’s (TGS) secret key, and sends the encrypted TGT back to the client. In addition to the TGT, the KDC simultaneously sends a session key (SK1) encrypted with the client’s password to the client. The client then attempts to decrypt the session key using its password. If the client successfully decrypts the session key (i.e., if the client gave the correct password), it keeps the decrypted session key, which indicates proof of the client’s identity. The TGT permits the client to obtain additional tickets (TK-TS) which give permission for specific network services (any application or service) for the allotted time identified in the TK-TS. The requesting and granting of these additional tickets is user-transparent. Once the session tickets expire, the client must reauthenticate to continue using network services.

The KDC operates in a Master or a Slave capacity. The Master KDC maintains the master database file that contains all of the user authentication information. This information includes the user’s name, password, and authorization level. This authorization level determines what network services the user has access to.

The Slave KDC acts in a backup capacity to the Master KDC. Database information propagates from the Master KDC to the Slave at regular intervals. If the Master KDC fails, the Slave KDC resumes ticket granting services until the problem causing the Master KDC to fail is resolved. The Slave KDC has no database administration privileges, which are reserved for the Master KDC.

When a Kerberos-enabled mobile unit (MU) authenticates with WS 2000 Wireless through an Access Port, the switch initially performs Kerberos authentication, even though the Kerberos server exists as a separate entity on the wired LAN. On initial request from a Kerberos-enabled MU, the WS 2000 Wireless Switch acts as a proxy to the external KDC. The switch passes initial Kerberos authentication information to the external KDC until the MU authenticates in the manner described in this section. Once authenticated, the user maintains access to the wired network for the allotted time provided by the session ticket (TK-TS).

Once an administrator enables Kerberos on a device, the device must pass authentication before wireless access via the device is permitted to the wired LAN.

KeyGuard-MCM Support

KeyGuard-MCM (Mobile Computing Mode) is Symbol Technologies’ security enhancement algorithm based on the Temporal Key Integrity Protocol (TKIP) from the forthcoming IEEE 802.11i standard. KeyGuard-MCM provides an enhanced solution for protecting data transfer over a Wireless LAN (WLAN) by using a proprietary algorithm to encrypt, decrypt, and transmit network packets.

KeyGuard-MCM leverages existing WEP encryption hardware by providing per-packet key mixing, a message integrity check, and a re-keying mechanism, which changes the security key set by the administrator when KeyGuard-MCM recognizes a potential compromise of network security.

KeyGuard-MCM Support

KeyGuard-MCM works with all Symbol Technologies’ mobile units that support 128-bit WEP. KeyGuard-MCM is fully compatible with other network security protocols, including RADIUS and Kerberos.

The WS 2000 Wireless Switch fully supports KeyGuard-MCM.

Wireless Protected Access (WPA)

WEP uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to use the same key.

WPA specifies the use of the TKIP, and optionally, 802.1x for encryption.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Chapter 3. Getting Started

Getting Started Overview

Installing the Switch

To install the WS 2000 Wireless Switch hardware, follow the directions in the WS 2000 Wireless Switch Quick Installation Guide found in the box with the switch and on the CD-

ROM that is distributed with the switch. These instructions describe how to:

• Select a site (desk, wall, or rack) for the switch

• Install the switch using the appropriate accessories for the selected location

• Connect devices to WAN and LAN ports (using standard CAT5 cables)

• Interpret the port LEDs on the front of the switch

Note: Access Ports must be connected to the LAN ports of the wireless switch to enable configuration of the Access Port related settings.

Set up Communication to the Switch

Getting Started Overview

Before the configuration process can begin, a link with the wireless switch needs to be established:

1. Connect a computer to the switch (in any one of the LAN ports) using a standard CAT5

cable.

2. Set up the computer for TCP/IP DHCP network addressing.

3. Start up Internet Explorer (with Microsoft’s Java Virtual Machine installed) and type in

the following IP address in the address field: 192.168.0.1

Note: For optimum compatibility use Microsoft’s Java Virtual Machine, and be sure to disable the Sun Microsystems’ JRE. If Microsoft’s Java Virtual Machine is unavailable, please use Sun Microsystems’ JRE version 1.3 for best.

The following screen is displayed.

Getting Started Overview

4. Log in using “admin” as the username and “symbol” as the password.

5. If the login is successful, the following prompt will be displayed.

Enter a new admin password in both fields, and click the Update Password Now button.

6. Once the admin password has been updated, the System Settings screen is displayed.

Getting Started Overview

7. Enter a System Name for the wireless switch. The specified name appears in the

lower-left corner of the configuration screens, beneath the navigation tree. This name can be a useful reminder if multiple Symbol wireless switches are installed.

8. Enter a text description of the location of the switch in the System Location field.

This text is used as a reminder to the network administrator and is also used to set the location variable if the switch is administered using SNMP.

9. Enter an email address for the administrator in the Admin Email Address field. The

switch will use this address for sending SNMP-related and other administration-related messages to the administrator.

10. Select the Country for the switch from the drop-down menu. Selecting the correct

country is extremely important. Each country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted by Access Ports. To ensure compliance with national and local laws, be sure to set this field accurately.

11. Click Apply to save changes. Unapplied changes are lost if the administrator navigates

to a different screen.

Changing the Administrator Password

The password information set at the factory is the same for all WS 2000 Network Switches. For security reasons, it is important to change the switch’s admin password as soon as possible.

1. Select System Configuration --> WS-2000 Access from the left menu.

2. Click the Change Admin Password button. A sub-screen will appear.

3. Enter the current admin password (“symbol” if it hasn’t been changed previously), as

well as a new password (limited to 11 characters in length). Enter the new password a second time in the field provided.

4. Click Update Password Now to set the new password.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Configuring the Switch

Once the switch is installed, perform the rest of the basic configuration and setup process as indicated in the following procedures. The links go to pages that have detailed information about the particular configuration step. The left menu item associated with each procedure is specified to the right of the link

• Step 1: Configure the LAN interface and enable subnets (Network Configuration --> LAN in the left menu)·

• Step 2: Configure subnets (Network Configuration --> LAN --> Subnet)

• Step 3: Configure the WAN Interface (Network Configuration --> WAN)

• Step 4: Enable Wireless LANs (WLANs) (Network Configuration --> Wireless)

• Step 5: Configure WLANs (Network Configuration --> <WLAN name>)

• Step 6: Configure WLAN Security (Network Configuration --> <WLAN name> -->

Security)

• Step 7: Configure Access Ports (Network Configuration --> Access Ports --> <Access Port Name>)

• Step 8: Configure subnet access (Network Configuration --> Subnet Access)

The following advanced setup tasks are optional:

Step 1: Configure the LAN Interface

• Set up the firewall configuration (Network Configuration --> WAN --> Firewall)

• Set up Network Address Translation (NAT) (Network Configuration --> WAN -->

NAT)

• Set up static routing (Network Configuration --> Router) Refer to the two case studies provided with this reference for specific installation examples.

These case studies describe the environment, the desired features, and the configuration selections that were made in two different scenarios.

• Case 1: Small Retail Store (with handheld terminals, wireless printers, wired POS, secured access to in-store server, and public access to WAN)·

• Case 2: Small Branch Office (with 3 WAN IP addresses, VPN passthrough, RADIUS server, and full-access between subnets)

Proceed to: Step 1: Configure the LAN Interface

Step 1: Configure the LAN Interface

The first step of the network configuration process is to figure out the topology of the LAN. The WS 2000 Wireless Switch allows the administrator to enable and configure three different subnets. The administrator can assign a IP address, port associations, DHCP settings, and security settings to each subnet.

This System Reference provides two case studies that demonstrate how requirements for network access and capabilities drive the decisions of how to configure the subnets.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Defining the Subnets

Select LAN under the Network Configuration group from the left menu. Use the LAN configuration screen to view a summary of physical-port addresses and Wireless LANs (WLANs) associated with the three supported subnets, and to enable or disable each configured subnet.

Step 1: Configure the LAN Interface

1. In the LAN screen, the administrator can enable one, two or three subnets. Check the

checkbox to the left of the subnet to enable a subnet. Up to three subnets can be enabled to use the wired and/or wireless connections of the switch-managed LAN. Enable multiple subnets to divide the communications of different business areas or operations. Each enabled subnet shows up in the directory tree in the left column of the configuration screens. Consider disabling a previously configured subnet if its assigned ports are no longer in use, or to consolidate the LAN’s communications on fewer subnets.

2. Click Apply to save changes—all “unapplied” changes are lost when the administrator

moves to a new screen. The rest of the information on this screen is summary information— it is collected from other screens (such as the subnet configuration screens) where the administrator can set the data.

Field Description

Network

Address

Network (subnet) name is a descriptive string that should describe the subnet’s function. The WS 2000 Network Management System uses subnet names throughout the configurations screens.

This IP address allows users from outside the subnet (whether from the WAN or from another subnet from the same switch) to access the right subnet. An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Field Description

Interfaces

The Interfaces field displays which of the six physical LAN ports are associated with the subnet. The possible ports are: P1 (port 1), P2, P3, P4, P5, and P6 (from left to right facing the front of the switch). The administrator assigns a port to a subnet to enable access to the device(s) connected to that port. The administrator can assign a port to only one subnet.

The Interfaces field also lists the WLANs that are associated with the subnet.

Step 2: Configure Subnets

The WS 2000 Network Management System allows the administrator to define and refine the configuration of the enabled subnets. Each of three subnets (short for “subnetworks”) can be configured as an identifiably separate part of the switch-managed Local Area Network (LAN). Each subnet can include some combination of assigned ports and associated Wireless LANs (WLANs).To configure an enabled subnet, select the subnet name from the Network Configuration --> LAN list in the left. The following screen will appear for the selected subnet.

Step 2: Configure Subnets

1. Change the Name of the subnet to use a descriptive name that indicates something

about the subnet. The name can contain seven characters, including spaces and numbers. It will appear in the left menu under the LAN menu item.

2. Set an IP address to be used for the subnet. This is how the switch will refer

specifically to this subnet. This could be a WAN address; but more likely it will be a non-routable address. An IP address uses a series of four numbers that are expressed in dot notation, for example, 194.182.1.1.

3. Set the Network Mask for the IP address. A network mask uses a series of four

numbers that are expressed in dot notation, similar to an IP number. For example,

255.255.255.0 is a network mask. Select a port or WLAN from the Interfaces drop-down menu to associate it with the

subnet. Six LAN ports are available on the switch. Assign from one to six ports to a subnet. Two subnets cannot use the same port. However, multiple ports can be assigned to one subnet.

Three WLANs are available. WLAN assignments are logical designations. Associate from zero to three WLANs with a subnet. Two subnets cannot use the same WLAN. However, multiple WLANs can be associated with one subnet. If two or three WLANs are associated with one subnet, each port dedicated to that subnet can use any of the associated WLANs.

4. Click on the Add button to add it to the Interfaces list.

Note that wireless devices cannot access the switch unless a WLAN is configured and associated with a subnet. (This process is described in Configuring the Wireless LAN.)

The DHCP Configuration

DHCP is a protocol that includes mechanisms for IP address allocation and delivery of hostspecific configuration parameters from a DHCP server to a host. Some of these parameters are IP address, network mask, and gateway. The switch includes internal DHCP server and client features, and the subnet’s interface can use either capability.

Step 2: Configure Subnets

1. Click the appropriate radio button to select one DHCP setting for the subnet’s

interfaces:

• Select This interface does not use DHCP to disable DHCP on this subnet and

specify IP addresses manually.

• Select This interface is a DHCP Client if this subnet obtains IP parameters

from a DHCP server outside the switch.

• Select This interface is a DHCP Server to enable the switch’s DHCP server

features.

2. If This interface is a DHCP Server is the selected option, fill in the Address

Assignment Range fields. These fields allow the administrator to assign a range of IP addresses to devices as they connect.

3. Set the Advanced Settings, if necessary.

4. Click the Apply button to save all changes.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Advanced DHCP Settings

Step 2: Configure Subnets

1. Click the Advanced DHCP Server button to display a sub-screen to further

customize IP address allocation (on right).

2. Specify the address of a Primary DNS server. The Internet Server Provider (ISP) or a

network administrator can provide this address. A DNS server translates a domain name, such as www.symbol.com, into an IP address that networks can use.

3. Specify the address of a Secondary DNS server if one is available.

4. Specify a DHCP Lease Time period in seconds for available IP addresses. The DHCP

server grants an IP address for as long as it remains in active use. The lease time is the number of seconds that an IP address is reserved for re-connection after its last use. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses. This is useful, for example, in education and customer environments where mobile-unit users change frequently. Use longer leases if there are fewer users.

5. Use the Static Mappings table to associate static (or fixed) IP addresses with MAC

addresses of specific wireless devices. Every wireless, 802.11x-standard device has a unique Media Access Control (MAC) address. This address is the device’s hard-coded hardware number (shown on the bottom or back). An example of a MAC address is 00:09:5B:45:9B:07.

This MAC table of specified devices provides corresponding static IP addresses for users, mobile units, and applications that may prefer or require such access.

Step 3: Configure the WAN Interface

A Wide Area Network (WAN) is a widely dispersed telecommunications network. In a corporate environment, the WAN port might connect to a larger corporate network. For a small business, the WAN port might connect to a DSL or cable modem to access the Internet.

The administrator needs to enter the WAN configuration information. The WS 2000 Wireless Switch includes one WAN port. In order to set up communications with the outside world, select Network Configuration --> WAN from the left menu. The following WAN configuration page appears.

Step 3: Configure the WAN Interface

Communicating with the Outside World

1. Use the Enable WAN Interface checkbox to enable a connection between the switch

and a larger network or the outside world through the WAN port, check the Enable WAN Interface checkbox.

2. Check This interface is a DHCP Client checkbox to enable Dynamic Host

Configuration Protocol (DHCP) for the WAN connection. If This interface is DHCP Client is checked, the switch is limited to one WAN IP address. This choice is required when:

Step 3: Configure the WAN Interface

• The host router or switch on the WAN is communicating with the WS 2000 Wireless Switch using DHCP.

• The switch is interfacing with an Internet Service Provider (ISP) that uses DHCP addressing.

Note: This setting is independent from the DHCP settings for the switch’s internal subnets.

3. It is not necessary to specify the IP Address or any of the other fields on the top section of this form when the WS 2000 wireless switch is set as a DHCP Client. The network host (router, switch, or modem) will provide these values each time it makes a connection with the wireless switch.

4. If the DHCP setting is not checked, fill in the information in this area. To find out the information to enter into these fields, contact the network administrator or the ISP that provided the cable modem or DSL router. All the fields below take standard IP addresses of the form xxx.xxx.xxx.xxx.

• The IP Address refers to the IP address that the outside world will use to address

the WS 2000 Wireless Switch.

• Click the More IP Addresses button to specify additional static IP addresses for

the switch. Additional IP addresses are required when users within the LAN need dedicated IP addresses, or when servers in the LAN need to be accessed (addressed) by the outside world. The pop-up window allows the administrator to enter up to eight WAN IP addresses for the switch.

• The Subnet Mask is the mask used for the WAN.

• The Default Gateway is the address of the device that provides the connection to

the WAN (often a cable modem or DSL router).

• The two DNS Server fields specify DNS addresses of servers that can translate

domain names, such as www.symbol.com, into IP addresses that the network uses when passing information. The Secondary DNS Server acts as a backup to the

Primary DNS Server, when the primary server is not responding.

Setting Up Point-to-Point over Ethernet (PPPoE) Communication

PPPoE provides the ability to connect a network of hosts through a simple device to a remote access concentrator. Many DSL providers require that their clients communicate using this protocol. The facility allows the ISP to control access, billing, and type of service provided to clients on a per-user or per-site basis. Check with the network administrator or ISP to determine whether to enable this feature, and, if so, find out the username and password required for authentication.

1. Check Enable in the PPP over Ethernet area to enable the PPPoE protocol for high- speed connections.

2. Enter the Username and Password required for authentication. The username and password is for the switch’s router to use when connecting to the ISP. When the Internet session starts, the ISP authenticates the username.

3. Set the Idle Time to an appropriate number. This number is the amount of time the PPPoE connection will be idle before it disconnects. The 10000 second (default idle time) is appropriate for most situations.

Step 4: Enable Wireless LANs (WLANs)

4. Check Keep Alive to instruct the switch to continue occasional communications over the WAN even when client communications to the WAN are idle. Some ISPs terminate inactive connections, while others do not. In either case, enabling Keep-Alive mode keeps the switch’s WAN connection alive, even when there is no traffic. If the ISP drops the connection after so much idle time, the switch automatically reestablishes the connection to the ISP.

5. Select the appropriate WAN authentication method from the drop-down menu. Collect this information from the network administrator. Select between None, PAP, CHAP, or PAP or CHAP.

CHAP

PAP

A type of authentication in which the person logging in uses secret information and some special mathematical operations to come up with a number value. The server he or she is logging into knows the same secret value and performs the same mathematical operations. If the results match, the person is authorized to access the server. One of the numbers in the mathematical operation is changed after every log-in, to protect against an intruder secretly copying a valid authentication session and replaying it later to log in.

An identity verification method used to send a user name and password over a network to a computer that compares the user name and password to a table listing authorized users. This method of authentication is less secure, because the user name and password travel as clear text that a hacker could read.

6. Click the Apply button to save changes.

Step 4: Enable Wireless LANs (WLANs)

The WS 2000 Wireless Switch works either in a wired or wireless environment; however, the power of the switch is associated with its support of wireless networks. In order to use the wireless features of the switch, the administrator needs to enable one, two or three wireless LANs (WLANs).

To start the WLAN configuration process, select the Network Configuration --> Wireless item from the left menu. The following Wireless summary screen appears.

Step 4: Enable Wireless LANs (WLANs)

Wireless Summary Area

The top portion of the window displays a summary of the WLANs that are currently defined. This is the screen in which the administrator can enable or disable a WLAN. At first, three WLANs will be listed WLAN1, WLAN2, and WLAN3; however, only WLAN1 will be enabled.

1. To enable either WLAN2 or WLAN3 check the appropriate checkboxes to the left of the WLAN name. When the administrator enables one of the WLANs, the name of an enabled WLAN shows up as an item on the list of WLANs that reside under Wireless in the left menu (after clicking the Apply button). When an administrator disables a WLAN, it disappears from the menu tree. A WLAN cannot be fully configured unless it is enabled.

2. Assign the enabled WLANs descriptive names. The administrator can change the Name of any of the WLANs in this field. This change will affect several other screens and the interface will change the name in the left menu tree.

3. By default, the switch assigns consecutive Extended Service Set Identification (ESSIDs). This is the name that users will see when accessing the wireless network. The ESSID can be given any recognizable alphanumeric string up to 32 characters in length.

4. An icon of a lock will appear under the Security heading if any wireless encryption or authentication is enabled for the WLAN.

The current settings for the associated Subnet and adopted Access Ports are also displayed on this screen; however, the screen associated with each WLAN (under Network Configuration --> Wireless) is where the settings and rules for adopting Access Ports can be modified.

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Access Port Adoption

Use this list to adopt detected Access Ports and to assign them to a particular WLAN. The switch can adopt up to six Access Ports at a time, but the list of allowed Access-Port addresses (displayed in this area) can exceed six in number. A dual-radio 802.11a/b Access Port counts as one Access Port with respect to the maximum allowed; however, each radio will be listed as a separate Access Port.

This adoption list identifies each Access Port by its Media Access Control (MAC) address. This address is the Access Port’s hard-coded hardware number that is printed on the bottom of the device. An example of a MAC address is 00:09:5B:45:9B:07.

1. To adopt an access port, click the Add button to add a new criteria line to the table.

2. Specify the following fields:

Field Description

Start MAC

This field contains the lowest value in a range of MAC addresses that will use this particular adoption criteria. To specify a single MAC address instead of a range, enter it in this field and leave the End MAC field blank.

Step 5: Configure WLANs

End MAC

WLAN columns

This field contains that highest number in a range of MAC addresses that will use this particular adoption criteria. If this value is empty, the Access Port adopted by this criteria must match the Start MAC field exactly.

The next one to three columns have the same names as the WLANs that are enabled in the upper portion of the screen. Click on the checkbox for a specific WLAN to associate the Access Ports that match the MAC address range with the checked WLANs.

Note: The default setting for the switch has both the Start MAC and End

MAC addresses set to “ANY”, and all enabled WLANs checked. This

setting allows all the WLANs to adopt any Access Port that it detects, automatically.

3. Click the Apply button to save changes.

Step 5: Configure WLANs

The Network Configuration --> Wireless window (covered in Step 4) is where WLANs are enabled; however, the Network Configuration --> Wireless --> <WLAN name> screen is where the administrator configures each WLAN, once it is enabled. The screen is titled with the name of the WLAN.

+ 120 hidden pages

Symbol Technologies WS 2000 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

WS 2000 Wireless Switch System Reference Guide

Chapter 1. Overview

About this Document

Document Conventions

System Overview

Management of Access Ports

Firewall Security

Wireless LAN (WLAN) Security

Hardware Overview

Technical Specifications

Physical Specifications

Power Specifications

Environmental Specifications

Software Overview

Operating System (OS) Services

Cell Controller Services

Gateway Services

Chapter 2. Features

802.11a Support

802.11b Support

Access Ports

Gateway Services

Network Address Translation (NAT)

WS 2000 Wireless Switch Firewall

Stateful Inspection Engine

Access Policies

Administration Management

DHCP Client and Server

Layer 3 Routing

Overview

Routing Information Protocol (RIP) Support

SNMP Management Support

WEP 64 (40-bit key)

WEP 128 (104-bit Key)

802.1x with RADIUS Authentication

802.1x with Shared Key Authentication

Kerberos Authentication

KeyGuard-MCM Support

Wireless Protected Access (WPA)

Chapter 3. Getting Started

Getting Started Overview

Installing the Switch

Set up Communication to the Switch

Changing the Administrator Password

Configuring the Switch

Step 1: Configure the LAN Interface

Defining the Subnets

Step 2: Configure Subnets

The DHCP Configuration

Advanced DHCP Settings

Step 3: Configure the WAN Interface

Communicating with the Outside World

Setting Up Point-to-Point over Ethernet (PPPoE) Communication

Step 4: Enable Wireless LANs (WLANs)

Wireless Summary Area

Access Port Adoption

Step 5: Configure WLANs