Professional Documents
Culture Documents
Table of Contents
Automatic Installation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 23
Command File Options .......................................................................... 23 Command File Description .................................................................... 24 Command File Example ......................................................................... 24
CLI Commands - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 57
Common Commands .............................................................................. 58 System Context ...................................................................................... 62 Configuration (Cfg) Context .................................................................. 65 Access Control List (ACL) Context ....................................................... 69 Access Port (APort) Context .................................................................. 70 Access Port Policy (APPolicy) Context ................................................. 74 Chassis Context ...................................................................................... 79 Classification Group (CG) Context ........................................................ 80 Classifier Context (CE) .......................................................................... 82 Ethernet Port Context ............................................................................. 85
Table of Contents
Ethernet Policy (EtherPolicy) Context ...................................................87 Event Context .........................................................................................90 FTP Context ............................................................................................93 Host Context ...........................................................................................93 KDC Context ..........................................................................................95 Network Policy Context .........................................................................98 Policy Object Context ...........................................................................100 RADIUS Context ..................................................................................103 Security Policy Context ........................................................................104 SNMP Context ......................................................................................106 SSH (Secure Shell) Context .................................................................108 SSL (Secure Sockets Layer) Context ...................................................109 Standby (Failover) Context ..................................................................110 Switch Policy Context ..........................................................................112 Telnet Context ......................................................................................116 User Context .........................................................................................117 WLAN Context .....................................................................................119
Antennas and Power - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123 MU Disassociation Error Codes - - - - - - - - - - - - - - - - - - - - - - - - - 127 Network Events- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129
Table of Contents
Table of Contents
The Wireless Switch provides a centralized management solution for wireless networking components across the wired network infrastructure. Unlike traditional wireless network infrastructures that reside at the edge of a network, the Wireless Switch uses centralized, policy-based management for all devices on the wireless network. The Wireless Switch connects to the network via Ethernet through a Layer 2 Switch or Hub. The Access Ports are connected to a POE-enabled hub which is connected to a Layer 2 Switch or Hub on the network. The Wireless Switch functions as the center of the wireless network. The Access Ports function as radio antennas at the edge of the network transmitting 802.11 packets to the Wireless Switch for management and routing. All of the system configuration and intelligence for the wireless network resides in the Wireless Switch. The Wireless Switch uses Access Ports to bridge data from the associated wireless devices to the Wireless Switch. The Wireless Switch applies appropriate policies to the data packets before routing them to their destinations. Data packets destined for devices on the wired network are processed by the Wireless Switch where appropriate policies are applied before they are encapsulated and sent to their destination. Access Port configuration is managed by the Wireless Switch through the Graphical User Interface (GUI) or the Command Line Interface (CLI). The WLAN Switch applies changes to a single Access Port, a group of Access Ports or all Access Ports on the system. This model streamlines management of a large wireless system and allows for network management features such as Quality of Service (QoS), Virtual WLANs and packet forwarding.
Management Features
Policy-based Centralized Management. Secure Browser Based Management Console Command Line Interface (CLI ) accessible through Telnet, through the Serial Port, or through a Secure Shell (SSH) application (refer to the CLI Command Reference for more information). CLI Service Mode lets you capture system status information and send it to Symbol personnel for use in problem resolution.
Emergency Override lets you define an Emergency Switch Policy, and to activate it when required without system interruption. A Kerberos Principal File can update the Wireless Switch Internal KDC. SNMP v2 support. TFTP Upload and Download of Access Port Firmware and Configuration Files. Each Access Port can support Multiple WLANs. Access Point (AP 3020/21 and AP4021)conversion to Access Ports. System Redundancy with Auto Revert. CPU Temperature and Fan Monitoring
Security Features
Remote administrator login Authentication via external RADIUS server Central MAC Address based Access Control List WEP 40/128 KeyGuard Mobile Computing Mode (MCM) Wi-Fi Protected Access (WPA) with Temporal Key Integrity Protocol (TKIP) Optional Broadcast Key Rotation improves the security of Broadcast traffic On Board (KDC) Kerberos v5 on WNMP EAP/TLS on 802.1x VLAN Segregation No Serial Interface on the Access Ports prevents tampering Multiple ESSID/BSSID supported on AP 100, 200, and AP 4121 Access Point conversions Secure Beacon MU-to-MU disallow or drop
Networking Features
Quality of Service (QoS) support - 802.1p - DiffServ (Advanced TOS) - Tx Opportunity - Bandwidth Allocation - Congestion Management Customizable Classifiers and Classification Groups (packet filters) Support for VLANs and Virtual WLANs IP Redirection Ethernet Load Balancing Automatic Channel Selection (ACS) the Wireless Switch determines the best radio frequency or channel for Access Port performance DHCP Option 60 support
Hardware Overview
Symbols Wireless Switch 5000 Series comprises two types of hardware, a Wireless Switch and a set of Access Ports. A Wireless Switch is a rack mountable device that manages all inbound and outbound traffic on the wireless network, and provides security, network services, and system management applications. Unlike traditional wireless infrastructure devices that reside at the edge of a network, the Wireless Switch uses centralized, Policy-based management to apply sets of rules or actions to all devices on the wireless network. This is done by collecting the management "intelligence" from individual access points and moving the collected intelligence into the centralized Wireless Switch. The access points are then replaced by "dumb" radio antennas known as Access Ports. Access Ports (APs) are 48V Power-over-Ethernet devices that are connected (by Ethernet cable) to the Wireless Switch. An Access Port receives 802.11x data from Mobile Units; it then forwards this data to the Wireless Switch, which applies the appropriate policies and then routes the packets to their destinations. Depending on the model an AP support as many as four WLANs.
Access Ports do not have software/firmware at factory-delivery. Once the Access Port is powered on and cleared for the network, the Wireless Switch passes the Access Port a small firmware file, making installation and upgrades of firmware automatic and transparent.
Physical Specifications
Width Height Depth Weight Max Power Consumption Operating Temperature Operating Humidity 48.1 cm / 18.93 in. (with mounting brackets) 4.29 cm / 16.89 in. (without mounting brackets) 4.39 cm / 1.73 in. 40.46 cm / 15.93 in. 6.25 kg / 13.75 lbs. 100 VAC, 50/60 Hz, 3A 240 VAC, 50/60 Hz, 1.5A 10C - 35C / 50F - 95F 5% - 85% without condensation
Power Cord Specifications A power cord is not supplied with the device. Use only a correctly rated power cord thats certified, as appropriate, for the country of operation. Power Protection If possible, use a circuit that is dedicated to data processing equipment. Commercial electrical contractors are familiar with wiring for data processing equipment and can help with the load balancing of these circuits. Install surge protection. Be sure to use a surge protection device between the electricity source and the WS 5100. Install an Uninterruptible Power Supply (UPS). A UPS provides continuous power during a power outage. Some UPS devices have integral surge protection. UPS equipment requires periodic maintenance to ensure reliability. A UPS of the proper capacity for the data processing equipment must be purchased.
Wireless Switch Overview WS 5000 Series System Reference - 5
Cable Requirements To connect the WS 5100 to the LAN and the WLAN, youll need two Category 6 Ethernet cables (not supplied), one for each of the two Ethernet ports on the front panel of the device. To connect the WS 5100 to a computer thats running a serial terminal emulator program (the configuration computer), you need the console cable thats supplied with the device. Youll use the terminal emulator program to access the switchs Command Line Interface (CLI) through which youll perform initial configuration as described in the WS 5100 Installation Guide.
Error Codes
Event POST failed (critical error) Software initialization failed Top LED Red blinking Amber solid Off Bottom LED Red blinking
Event
Top LED
Country code not configured. Note: During first time setup, the LEDs Amber solid will remain in this state until the country code is configured. No access ports have been adopted Primary inactive or failed Blue blinking Amber blinking
There are two indicators for the RJ-45 ports: upper left (amber/green) for link rate and upper right (green) for link activity.
LED Off Upper left Green steady Amber steady Off Upper right Green steady Green blinking State Meaning 10 Mbps link rate 100 Mbps link rate 1 Gigabit link rate The port isnt linked The port is linked The port is linked and active
Conversion to Access Ports makes unavailable the following Access Point features:
Software Overview
Switch Policy Switch Policy
Ethernet Port Policy Ethernet Port Policy Access Port Policy Wireless LANs (WLANs) Security Policy Access Port Policy
Security Policy
The WS 5100 uses sets of rules, or policies, to configure itself, the Wireless LAN (WLAN), the Access Ports that it adopts, and to integrate the wired LANs and VLANs. The Policy-based management architecture lets a network administrator create a Class Of Service (CoS) by defining network access, type of WLAN security, and Quality Of Service (QoS) for a group of users. The principal policies are displayed above and described below: A Switch Policy acts as a container for all the other policies, and contains an adoption list that controls the types of Access Ports (APs) that can be adopted. The Ethernet Port Policy configures the WS 5100s Ethernet ports, and associates multiple WLANs with multiple LANs or VLANs. There are two Ethernet ports on WS 5000 Series switches. By convention, port 1 (the left port on the front of the switch) connects to the wireless LAN, and port 2 connects to the wired LAN. An Access Port Policy defines Access Port configuration details such as the APs beacon interval, RTS threshold, its set of supported data rates, and so on. The APPolicy is also responsible for adding WLANs to the AP and for attaching a Security Policy, Access Control List, and Network Policy (or packet filter) to each AP. A WLAN Policy defines attributes that are applied to Mobile Units on a portion of the wireless LAN, attributes such as ESSID, beacon rate, DTIM interval, and so on. A Security Policy defines the authentication and encryption methods that are used to secure communication between the WS 5100, through its Access Ports, and on to the Mobile Units. Each WLAN can have a different Security Policy associated with it. A Network Policy is a packet filter. It prioritizes packets as theyre sent across the wireless network, and can reject packets altogether. Use you the Network Policy to implement Quality of Service and Types of Service protocols.
Following the firmware image download, the Access Port sends a configuration request packet from the MAC address of each of its radios. The configuration request informs the switch of the radio capabilities, including the radio MAC address, radio type, radio serial number, and whether the radio is equipped with an internal or external antenna. The switch then checks the Adoption List for policies and configures the radios accordingly. The power, channel (or if Automatic Channel Selection is enableda set of legal channels), BSSID and ESSIDs, and data rates are configured.
Map WLANs on a one-to-one basis, configuring Wireless Switch policies such as:
Most Access Ports support multiple BSSs (see Access Port Features on page 1-19). MUs sense each unique BSS as a separate radio signal. Access Ports with multiple BSSs solve performance and security issues by isolating broadcast traffic on a specific BSS rather than sending broadcasts to all BSSs. This enables MUs to save battery power by sensing only for their specific BSS rather than all traffic. An Access Port with multiple BSSs provides the same functionality as four single-BSS Access Points and requires less time for installation and configuration. Network administrators add WLANs to BSSs. The BSSIDs are mapped to ESSIDs by default. However, the network administrator can optionally change default settings. The network administrator can map each BSSID to multiple ESSIDs, so that the radios on Access Ports support multiple WLANs. As the RF traffic changes over time or the MU roams the location, the MU searches for Access Ports that have a matching ESSID. The MU associates with an Access Port with the same ESSID to synchronize communication. As the MU roams from coverage area to coverage area, it switches Access Ports. The MU switches between Access Ports when the MU analyzes the reception quality at a location and decides to communicate with another Access Port based on the best signal strength and lowest MU load distribution.
The AP 100, AP 200, AP 300 and AP 4121 Access Ports support multiple ESSIDs.
On-Board KDC
The WLAN Switch has an on-board Key Distribution Center (KDC) or Kerberos authentication server. Properly configured, the Wireless Switch provides a secure means for authenticating users/clients associated to a WLAN or ESS with the Kerberos security policy applied. The on-board KDC can be configured to use up to three Network Time Protocol servers (NTPs). A separate WLAN Switch with an on-board KDC can be configured as a Slave KDC to support the Master KDC in case of a Master KDC failure.
Standby Management
Failover or Standby Management enables the Network Administrator to significantly reduce the chance of a disruption in service to WLANs and associated MUs by placing one or more additional Wireless Switches as backup to a Primary Wireless Switch if it fails. After configuring a Primary and Standby Wireless Switch, the Primary Wireless Switch issues a Discovery packet on each configured interface. Assuming there is a properly configured Standby Wireless Switch, the Standby receives the Discover packet and starts sending heartbeats to the Primary. This establishes connectivity between the Primary and the Standby. The Primary Wireless Switch executes various internal monitors, in addition to any necessary to communicate with the Standby Wireless Switch. If heartbeats fail after being properly established, then this is considered a failover event by the Standby Wireless Switch, and the Standby Wireless Switch assumes the duties of the Primary Wireless Switch and adopts all the Access Ports. The Standby Wireless Switch sends an administrative alertSNMP trap, etc.to the administrator that a failover event has taken place.
Event Manager
An event notification system monitors an administrator-configured set of events in network performance. The Wireless Switch uses the Event Notification manager to log and collect application and system events on remote or local system log (Syslog) collectors or servers.
Events are conditions that the network administrator wants to be notified about. The network administrator can configure the Wireless Switch to send Event Notifications using SNMP to an SNMP trap server, to the Wireless Switch local log, or to a Syslog server. The network administrator chooses which events to be notified about and the appropriate severity level.
Quality of Service
QoS is used to give a user or an application relative precedence or priority over another. QoS applies in the case of congestion that may occur from excessive traffic or different data rates and link speeds10Mbps Ethernet, 100 Mbps Ethernet, 11Mbps Wireless, and so onthat exist in the same network. If there is enough bandwidth for all users and applications (unlikely because excessive bandwidth comes at a very high cost), then applying QoS has very little value. When total bandwidth is shared by different users and applications, QoS is required to provide policy enforcement for mission-critical applications and/or users that have critical bandwidth requirements.
Different Dimensions of QoS
Different methods of QoS are applied for distinction between users and applications. The two main categories are:
A network shared by different users such as in a revenue-based, shared office building or a public hotspot is implemented with Service Level Agreements (SLA) based on how much each group of users pay for bandwidth. In this case, one or all points of aggregation, such as the Wireless Switch and some high-end Routers or policy managers, can allocate different percentages of the total bandwidth to different groups of users through the use of Queues. Bandwidth Allocation can also be further divided and applied to different applications again using Queues.
A network or a portion of the allocated bandwidth can be shared by different applications, and one applicationfor example, voice communication can be more latency sensitive or more mission-critical than others. In this case, a priority is assigned to the traffic type by adding the appropriate QoS marking or tags to network traffic to provide higher precedence while the data is passed through points of aggregationRouters, Wireless Switch, and Gatewaysand the medium of transfer.
Application QoS via Packet Marking.
Packet Filtering Packet filtering is a decision to allow or discard packets matching certain criteria defined by Classification Groups (CG) on an output packet port. Classification Groups on an output port are defined with allow decisions, discard decisions or a combination of both. A CG defined with allow decision is associated with a priority number in the range of 0 7, seven being the highest priority.
Weighted Fair Queuing (WFQ) Weighted Fair Queuing (WFQ) enables a mechanism on the Wireless Switch that uses up to eight queues to store datanetwork packetsand prioritize RF transmission to and from MUs depending on the data type. Once data is classified as voice or data, WFQ stores the packets, assuming the network traffic demands that the data be queued, by data type, then transmits the packets at a rate specified by the WFQ allocation percentage setting. WFQ uses one queue for each classification group, up to eight queues total, and one queue for all other data. For example, if the network has only one classification group for VoIP and no others, then WFQ automatically uses 2 queues: one for VoIP and the other for all other datadata not defined in a classification group. Each additional classification group uses another queue and keeps one queue open for all other data. The allocation setting determines the percentage of available network bandwidth for data from a classification group. For example, if the WFQ allocation for VoIP data is set to 80%, then four packets of VoIP data are sent for every one packet of other data during periods of network congestion. WFQ is implemented for the different types of traffic on the same ESSID and Access Port (AP) as well as between different ESSIDs on the same AP. This implementation shares voice and non-voice traffic across different network paths, thereby balancing the traffic load. A large volume of non-voice traffic on one ESSID doesnt starve voice traffic on another ESSID on the same AP. WFQ is enabled and disabled in a network output policy.
local to the Wireless Switch, this SNMP server provides the network device information. It processes information requests from the SNMP manager via the management station using SNMP.
the storage area for network-management information. It consists of collections of managed objects, such as SNMP parameters and events. These objects describe the state of a particular network device.
application which enables protected access to the switch over the CLI. All configuration and management functions can be performed through the CLI. The command line interface also contains a Service Mode that allows customers to capture system status information and send it to Symbol engineers if required for problem resolution. Graphical User Interface (GUI) The Wireless Switch also provides graphical user interface (GUI) that can be accessed securely from any web browser on the network. The GUI provides tools that configure and maintain the wireless system. It also provides real time graphs displaying system load and traffic on the wireless network.
This software update procedure ensures the WS 5100 Wireless Switch is updated to the latest software version 1.4.0.0-0xxR.sys.img. To restore the Wireless Switch to the current running configuration, save the running configuration that supports the image to be loaded on the Wireless Switch. With the following current versions, perform the indicated actions:
Current Wireless Switch Software Version 1.4.0.0-0xxR.sys.img 1.3.0.0-0xxR.sys.img 1.2.0.39.sys.img 1.1.4.30.sys.img 1.1.3.20.sys.img 1.1.1.16.sys.img 1.0.0.15.sys.img Another version of software not listed To Update to 1.4.0.xx Do nothing the Wireless Switch software version is up to date Proceed to upgrading to software version 1.4.0.xx0xxR.sys.img Proceed to upgrading to software version 1.4.0.xx0xxR.sys.img Proceed to upgrading to software version 1.4.0.xx0xxR.sys.img Proceed to upgrading from 1.1.1.16 and above. Refer to documentation included with version 1.1.1.16 Wireless Switch. Proceed to upgrading from 1.1.1.16 and above. Refer to documentation included with version 1.1.1.16 Wireless Switch. Upgrade first to 1.1.1.16 Contact your Symbol Support representative
Login to the Wireless Switch with administrator rights and use the CLI command show system to display the current Wireless Switch software version.
WS5000>show system System Name Descriptions Software Ver. Licensed to Copyright Serial Number Number of Licenses Max Access Port Max Mobile Clients Active Switch Policy Emergency Switch Policy Switch Uptime : WS5000 : WS 5000 Wireless Network : 1.4.xx.xx : Symbol Technologies : Copyright (c) 2000-2004. All rights reserved. : 00A0F854042A : 0 : 0 : 4096 : Default Wireless Switch Policy : Not defined : 00d:00h:03m
Update Requirements
Before beginning the update process, verify that the updated image file has been downloaded and is available on the local file system of a TFTP server. The required upgrade file is:
Installing the Software System Image WS 5000 Series System Reference - 15
WS5000_1.4.0.0-0xxR.sys.img
A default configuration file is also included on the system CD but is not necessary for the upgrade The default configuration file contains the Wireless Switch factory configuration. Save a copy of the current running configuration file. It is not necessary to delete the current running configuration file. If the upgrade file is not on the TFTP server, then copy the file from the software directory on the WS 5000 Wireless Switch system CD. Refer to Uploading Files to the Local TFTP Server on page 1-17 for directions on copying the WS 5000 Wireless Switch configuration and system upgrade file to the TFTP server.
At the system prompt, create a backup of the system configuration (this is the site-specific configuration) file.
WS5000> save configuration siteconfig
Verify the site specific configuration file was saved. In the example, siteconfig.cfg is the file name.
WS5000> directory Date & Time Feb 12 08:33 Feb 14 10:13 Feb 12 01:40 Feb 15 14:55 Bytes 14982 13535582 6452 15462 File Name WS5000Defaults_v1.4.0.xx.cfg WS5000_v1.4.0.xx.sys.img cmd_template.sym siteconfig.cfg
Copy the site specific configuration file from the Wireless Switch to the TFTP server.
WS5000>copy system tftp
The system prompts for the file name to download from the Wireless Switch.
Enter File Name to be copied to TFTP : siteconfig.cfg IP address of the TFTP server : xxx.xxx.xx.xx Copying from system to tftp... File: siteconfig.cfg copied successfully to xxx.xxx.xx.xx
1 2
Login to the Wireless Switch using a Telnet application or through the console port.
At the system prompt, remove the configuration file WS5000_v1.3.0.xx.cfg, if present. If the file is not present, then proceed to Saving and Copying the Current Running Configuration.
WS5000> delete WS5000Defaults_v1.3.0.xx.cfg Removing WS5000Defaults_v1.3.0.xx.cfg.... done. WS5000>
At the system prompt, remove the system image file WS5000_v1.3.0.xx.sys.img or WS5000_v1.2.0.39.sys.img.
WS5000> delete WS5000_v1.3.0.xx.30.sys.img Removing WS5000_v1.1.4.30.sys.img.... done. WS5000>
Insert the CD into the computers CD-ROM drive. If the CD does not launch automatically, use Windows Explorer and double click on ws_5000.exe. The update system image and configuration files are located in the software directory on the WS 5000 Wireless Switch system CD.
When the program launches, click Configuration and Image Files on the menu. Copy the file WS5000_v1.3.0.0-0xxR.sys.img to the TFTP server's local file system.
2 3
Login to the Wireless Switch with the default login user name and password.
userid: admin password: Retrieving user and system information... Setting user permissions flags.. Checking KDC access permissions... Welcome... System information... System Name Descriptions Software Ver. Licensed to Copyright Serial Number : WS5000 : WS 5000 Wireless Network : 1.1.4.30f : Symbol Technologies : Copyright (c) 2000-2004. All rights reserved. : xxxxxxxxxxxx
Number of Licenses Max Access Port Max Mobile Clients Active Switch Policy Switch Uptime WS5000>
At the system prompt, copy the system image file that was downloaded from WS 5000 Wireless Switch system CD to a TFTP server.
WS5000>copy tftp system
The system prompts for the file name to download from the TFTP server. Enter the new system image file name:
Enter the File Name to be copied from TFTP server : WS5000_v1.3.0.0-0xxR.sys.img IP address of the TFTP server : xxx.xxx.xx.xx Copying from tftp to system... File: WS5000_v1.3.0.0-0xxR.sys.img copied successfully from xxx.xxx.xx.xx Verifying imagefile Valid imagefile, completing verification. WS5000>
The new system image is updated and the system reboots. This reboot may take several minutes; all connections to the Wireless Switch are terminated.
Restoring system image and configuration from WS5000_v1.3.0.0-0xxR.sys.img It might take a few minutes....... Cleaning up system files... Done! Saving Wireless Network Management Configuration ... Done. Restoring Wireless Network Management System... Resetting the Wireless System... Shutting down running processes ... Resetting the Switch ... Starting Wireless Switch 5000 ... Configuring ethernet ports ... Verifying database entries...
Database verification complete. Launching auto-configuration procedure... Waiting for DHCP lease file to be created... DHCP lease file found. Begin parsing DHCP lease file... Results: --------------------------TFTP Server : Command File: --------------------------TFTP server option not found. Exiting auto-configuration...
Login to the Wireless Switch and verify the upgrade was successful.
user name:cli WS-5000 Wireless Switch... userid:admin password: Setting user permissions flags.. Checking KDC access permissions... Welcome... System information... System Name Descriptions Switch Location Software Ver. Licensed to Copyright Serial Number Number of Licenses Max Access Port Max Mobile Clients Active Switch Policy Emergency Switch Policy Switch Uptime WS5000> : WS5000 : WS 5000 Wireless Network : : 1.3.0.0-0xxR : Symbol Technologies : Copyright (c) 2000-2004. All rights reserved. : xxxxxxxxxxxx : 0 : 0 : 4096 : Default Wireless Switch Policy : Not defined : 00d:00h:12m
Open a SSH or Telnet connection to the Wireless Switch or use the console port, and login to Command Line Interface (CLI). After logging in, the screen displays the upgraded system software version number.
Use the copy command to copy the saved running site configuration file to the Wireless Switch.
WS5000>copy tftp system
Restore the saved customer configuration file. In the example siteconfig.cfg is the saved customer configuration file.
WS5000> restore configuration siteconfig.cfg
Copyright Serial Number Number of Licenses Max Access Port Max Mobile Clients Active Switch Policy Emergency Switch Policy Switch Uptime Unassigned Access Ports
: Copyright (c) 2000-2004. All rights reserved. : xxxxxxxxxxxx : 0 : 0 : 4096 : Default Wireless Switch Policy : Not defined : 00d:00h:02m :
5 6
After several minutes the system resets and loads the saved customer site configuration file. Verify the customer site specific file is present on the switch.
Date & Time May 12 May 14 May 12 08:33 10:13 01:40 Bytes 14982 13535582 6452 15462 File Name WS5000Defaults_v1.3.0.0-0xxR.cfg WS5000_v1.3.0.0-0xxR.sys.img cmd_template.sym siteconfig.cfg
May 15 14:55
Automatic Installation
To perform an automatic configuration the Wireless Switch requires these components: An external TFTP server. When a Kerberos authentication database is installed on the Wireless Switch, an external system that can generate a Wireless Switch-compatible Kerberos database file. A Command file: This is an ASCII text format file that contains site-specific settings for the Wireless Switch. The name of the file is obtained via DHCP and stored in the returned DHCP lease file. Once extracted from the lease file, the configuration file is downloaded, parsed and the Wireless Switch is configured accordingly. The file ends with a .sym suffix or it can't be accepted and parsed. This command file can also contain the CLI commands to configure the switch.
The command-file option specifies a valid file name for an ASCII text format file that exists on the TFTP server and contains site-specific settings for the wireless switch. The command file (see Command File Example on page 1-24) directs the switch to perform the following types of remote configuration options: Load a new wireless switch configuration file Reconfigure the Ethernet IP, DNS, Gateway, and DHCP settings on the switch Set SNMP community strings Reconfigure the master and slave Kerberos settings. Manually or automatically update Kerberos user database entries, with automatic propagation to the slave KDC, if present Enable or disable Hot Standby mode on the switch Optionally provide status and error logging of the automatic configuration operations Reconfiguration of Primary and Standby settings Reconfiguration of Master and Slave Kerberos settings Manual or automated update of Kerberos user database entries, with automatic propagation to the slave KDC if present
Automatic Installation Command Event Logging Automatic Installation Command File TFTP Server Automatic Installation Command File Network
WS 5000 Series System Reference - 23
Syntax
Option <option> Value <value> Description #comment
When the system parses this file, it ignores any option that it does not understand. The Wireless Switch keeps the current configuration for that specific option unchanged. The following lines are considered equivalent.
#<option> <value> <option> #<value> <option> #some comment
All values of the command file are case insensitive except for SNMP community strings, domain names, realms, and filenames. The system converts the hostname value into lowercase even when specified using a combination of lower/upper case. The command file option items do have to be in any sequential order. A template of the command file is available and located on the WS 5000 Wireless Switch system CD included with the Wireless Switch called cmd_template.sym. Copy this file to a local host computer, then edit, save and rename it to serve as a command file (the .sym extension is required for the command file to be recognized by the Wireless Switch). Save the file to the system used to configure the Wireless Switch. Use the CLI copy tftp command (from the Wireless Switch CLI prompt; see WS5000> copy tftp in the CLI Command Reference) to copy the command file from the host computer to the Wireless Switch. The command file example shows the configuration of most options.
Example:
############################################################################# # # Copyright (c) 2003, Symbol Technologies, Inc. # All rights reserved. # # cmd_template.sym file # # This is a template file to illustrate the format of auto configuration command files. # The command file must end with the .sym extension and contain options to
Automatic Installation
# perform switch configuration. The format of the file is as follows: # # # # Each line is composed of an option name and its value. All options are # case sensitive. # # When this file is parsed, any option that is not found or has no value is ignored, # which means that the switch will keep the current configuration for this option # unchanged. The following lines are considered equivalent. # # # # # ############################################################################# ############################################################################# # SECTION: Special Options AutoConfigLog # ############################################################################# #on/off: Log errors and events to CmdProcErrors.txt #Default is 'on'. ############################################################################# # SECTION: Files to download TFTPServer ImageFile ConfigFile KerberosFile #tftp server where files are located #image file (.sys.img) #configuration file (.cfg) #kerberos username/passwd (.krb) # # ############################################################################# #<option> <option> <option> <value> #<value> #some comment <option> <value> #comment
############################################################################# # SECTION: General Network Configuration and Standby Management # # DNS configuration # Eth1DNSServer1 Eth1DNSServer2 Eth2DNSServer1 Eth2DNSServer2 # # Switch configuration # Eth1SubnetMask Eth2SubnetMask Eth1Domain Eth2Domain Eth1DHCP Eth2DHCP #subnet mask #subnet mask #domain name #domain name #on/off #on/off #dns server #dns server #dns server #dns server #############################################################################
Automatic Installation
Gateway #
#default gateway
# Primary IP configuration # HostnamePrimary Eth1PrimaryIP Eth2PrimaryIP # # Standby IP configuration # HostnameStandby Eth1StandbyIP Eth2StandbyIP # # Enable or disable the standby management # StandbyMgt #on/off # ############################################################################# # SECTION: Kerberos Configuration # # NTP server configuration # NTPServer1 NTPServer2 NTPServer3 # # Kerberos Master and Slave configuration # KDCRealm KDCInterface # # Add a remote backup master # (excluding the main Master/Primary & Slave/Standby from above) # KDCBackupHostname KDCBackupIP # # NOTE: All Security Policies which are configured for Kerberos Authentication # # # ############################################################################# # SECTION: SNMP Configuration # # SNMP community attributes # ############################################################################# will automatically be populated with the Master/Slave/Remote servers IP addresses if present in this file. KDCBackupDomain #Hostname of the backup slave #Domain of the backup slave #IP address of backup slave #kerberos realm #Interface on which KDC is configured (1 or 2) #NTP server 1 #NTP server 2 #NTP server 3 ############################################################################# #Hostname of standby CC #ip address of standby CC #ip address of standby CC #Hostname of primary CC #ip address of primary CC #ip address of primary CC
Automatic Installation
# SNMPCommunity1 SNMPCommunity1IP SNMPCommunity1Perm SNMPCommunity2 SNMPCommunity2IP SNMPCommunity2Perm SNMPCommunity3 SNMPCommunity3IP SNMPCommunity3Perm SNMPCommunity4 SNMPCommunity4IP SNMPCommunity4Perm # # SNMP Traps # SNMPCommunity1Trap SNMPCommunity1TrapIP SNMPCommunity2Trap SNMPCommunity2TrapIP SNMPCommunity3Trap SNMPCommunity3TrapIP SNMPCommunity4Trap SNMPCommunity4TrapIP #SNMP community trap #SNMP community trap IP #SNMP community trap #SNMP community trap IP #SNMP community trap #SNMP community trap IP #SNMP community trap #SNMP community trap IP # #SNMP community name #IP address for the community #RO/RW: Access permissions #SNMP community name #IP address for the community #RO/RW: Access permissions #SNMP community name #IP address for the community #RO/RW: Access permissions #SNMP community name #IP address for the community #RO/RW: Access permissions
############################################################################# # SECTION: SYSLOG Configuration # # Syslog severities # # Name #----------# Emergency # Alert # Critical # Error # Warning # Notice # Info # Debug # # Syslog host 1 # SysLogHostname1 SysLogIP1 SysLogSev1 # # Syslog host 2 #Hostname of syslog collector #IP address of syslog collector #Enter a list of severity numbers #separated by white spaces EX: 2 3 6 8 Number -------1 2 3 4 5 6 7 8 #############################################################################
Automatic Installation
# SysLogHostname2 SysLogIP2 SysLogSev2 #Hostname of syslog collector #IP address of syslog collector #Enter a list of severity numbers #separated by white spaces EX: 2 3 6 8
Event Logging
The service option is a setting to turn on or off the logging feature, which pushes auto-installation event messages to a log file named CmdProcErrors.txt. This error log file is automatically generated in the same directory as the system image/configuration/command files if logging is turned on. These log messages are generated when events such as firmware/configuration upgrades/downgrades occur, and/or the command file contains errors such as improper syntax, files that are not present on specified TFTP server, etc.
Section Service Option AutoConfig Logging Value <on|off> Notes This selection allows the user to enable or disable the use of the logging facility. The default is on.
Files to Download
ImageFile
Automatic Installation
Option
Value
Notes This is the name of a Wireless Switch configuration. This file is downloaded automatically from a specified TFTP server or though the CLI copy command. If the file is not found, or if there were errors during the TFTP download, the installation software will abort the configuration immediately and exit. This is considered a fatal error and any locally specific configurations should not be applied as well since they can be interrelated to the general configuration settings. The IP address of the WS will also remain unchanged. The file name is case sensitive. This is the name of a Kerberos username/password (Kerberos MIT DB file format) file and it is used to configure the primary Kerberos database of the on board KDC server. The database is completely flushed before the new principals are added. If an error occurs during the file downloading or processing, the installation software logs an error message and skips the Kerberos configuration. The installation software tries to find the file in the Wireless Switch. If it is not there, it logs an error message and continues. Once a Kerberos DB .krb file is provided for download and installation, this new file replaces the current database file. There is no automatic attempt to save the previous copy of this file on the master KDC. The file name is case sensitive.
Files to Download
KDCSlaveIP
<xxx.xxx.xxx>
<server name> <Slave KDC server name> <KDC realm name> <KDC domain name>
{CREATEMASTER: Creates a master Kerberos} {REMOVEMASTER: Removes the masterKerberos} {CREATEMASTERSLAVE: Creates a master Kerberos and adds a slave Kerberos}
Automatic Installation
Option
Value
Notes These 2 actions require the definition of the Kerberos realm, slave hostname, slave IP options named KDCRealm, KDCSlaveHostname, KDCSlaveIP.
{ADDSLAVE: Adds a slave to the master} {DELETESLAVE: Delete a slave from the master} {NOACTION: Default action. Nothing will be done}
These are the subnet masks for both interfaces. If the user specifies the IP address for the interface without specifying the subnet mask, an error is logged and the install of the selected interface network configuration does not completed.
Automatic Installation
Section
Notes Indicates whether the switch should use DHCP on any one of the interfaces. If DHCP is ON for an interface, all IP settings provided in the command file will be ignored and the interface will be configured to run the DHCP client. The DHCP can only be enabled on a single interface at this time. In requests to the DHCP server, the switch sends option 60 and the octets for the string WS5000. To use this feature, configure the DHCP server to handle the option, namely, either to ignore the octets or to allocate an address in a scope of addresses and offer the address. In accordance with the standard for DHCP Option 60, servers that respond should only use DHCP Option 43 to return vendor-specific information to the client. This is the default gateway for the box. There should be only one value since the Wireless Switch currently does not allow gateway settings per interface. If this option is not specified, the DHCP settings will be kept. Host names defined for the primary and Standby switches. The host name is case sensitive. These are the IP addresses of the primary and the standby switch respectively. If they are not specified in the command file, the DHCP settings will be kept. When an image upgrade is performed, it will not change the existing Ethernet configuration. The Ethernet configuration in this command file is the last to be performed and should override the existing configuration. Indicates whether Standby management is enabled. If it is enabled, then installation software queries the database for the number of licenses. If the switch is able to acquire a license, it may become a primary. If no license is available, it can only be considered as a standby unit.
Gateway
<ip_address>
StandbyMgt
<on | off>
Automatic Installation
Automatic Installation
This guide is intended for use by the administrator responsible for the initial configuration of the system. It also serves as a reference for configuring and modifying most common system settings. Most Wireless Switch and Access Port configurations are accomplished through the use of a Graphical User Interface via a WEB browser, through SNMP commands or the Command Line Interface (CLI) from a telnet connection, through the Wireless Switch console port, or a secure shell (SSH) application. System configuration sections are broken down by Graphical User interface (GUI), Command Line Interface (CLI), and Simple Network Management Protocol (SNMP) system configuration. Not all areas of the system can be configured solely by the GUI, CLI, or SNMP. Where a specific system configuration is only accomplished through a specific interface, that information is clearly pointed out at the beginning of the configuration process. For information on advanced system settings, refer to the CLI Command Reference. To login to the WS 5000 standard graphical user interface, follow these steps:
1 2 3
Set Master KDC information (see Setting Master KDC Information on page 34).
Set the Kerberos Time Synchronization. Use of an NTP server is optional (see Setting Kerberos Time Synchronization on page 34). Create a Kerberos WLAN (see Creating a Kerberos WLAN on page 35).
4 5
Create Kerberos User Accounts, including user name, password, and ticket life (in minutes) (see Creating Kerberos User Accounts on page 36). Set Slave KDC information (optional) (see Setting Slave KDC Information on page 37).
At the Graphical User Interface main window, click System Settings > Kerberos > Configuration, then click KDC.
The Kerberos Configuration dialog box appears.
Select Master from the drop-down list. By default, ethernet1 is selected as the interface of the Wireless Switch that connects to the wireless traffic. Enter the Kerberos Realm where the KDC resides. A Domain Name (the Domain and Realm name are the same) must be assigned to the Ethernet port prior to assigning a realm name to the KDC. Click Save to complete the Master KDC setup.
At the Graphical User Interface main window, click System Settings > Kerberos > Configuration, then click NTP.
The KDC Time Configuration dialog box appears. Enter the IP addresses for the Preferred Time Server, the First Alternate Time Server, and the Second Alternate Time Server (if available).
At the Graphical User Interface main window, highlight System Settings > Kerberos > Administration, then click WLAN.
The Kerberos WLAN Administration dialog box appears. Select Create to create a new Kerberos WLAN.
When the WLAN Wizard, Create a New WLAN window appears, enter the information needed to create a WLAN (at a minimum enter the WLAN name), then follow the instructions on the subsequent screens to create your WLAN. Click the Help button for more information. When the WLAN Wizard WLAN Created Successfully window appears select Finish, to complete the Kerberos WLAN creation process.
At the Graphical User Interface main window, click System Settings > Kerberos > Administration, then click Users.
Enter the user name, realm, ticket life (in minutes), and password. Re-enter the password in the Confirm field and click Save to save the kerberos user account information.
At the Graphical User Interface main window, click System Settings > Kerberos > Configuration, then click Slave.
3 4
Enter the Hostname, IP Address, and Domain for Kerberos authentication. Click Add to set the Slave KDC information.
The next part configures the Master KDC to recognize the Slave KDC.
1
At the Graphical User Interface main window, click System Settings > Kerberos > Configuration, then click Slave. The Kerberos Configuration dialog box, already shown, appears.
Select the Slave KDC from the list on the left side of the dialog box. Enter the hostname, IP address, and domain of the Master KDC server. Click Add to complete adding the Slave to the Master KDC.
2 3 4
4 5
Enter a name for the new Ethernet Port Policy and complete the applicable fields. Click Next to continue and follow the instructions on the subsequent screens. On the final screen, click Finish to complete creating the Ethernet Port policy.
4 5
Select an Ethernet Policy from the list and click Edit. The system will launch the Ethernet Policy Wizard. Follow the Wizards instructions. On the final screen, clicck Finish to save the modified Ethernet Port policy.
Configuring VLANs
A WLAN to VLAN association is created in the Ethernet Port Policy. Create a new Ethernet Port Policy or modify an existing Ethernet Port Policy. Configure the Ethernet ports on the Wireless Switch to support one or more of the available VLANs for WLAN to VLAN association. A WLAN to VLAN association is created in the Ethernet Port Policy.
1
The recommended Ethernet port configuration in the Wireless Switch has Ethernet Ports one and two on different subnets with Ethernet Port one supporting the WLAN infrastructure (Access Ports and associated MUs). Always map the primary VLAN ID to Ethernet Port two in this configuration.
2 3
Enter a name for the new Ethernet Port Policy and complete the applicable fields. Follow the Wizards instructions on the subsequent screens. On the final screen, click Finish to save the Ethernet Policy just created.
Select Use an existing Access Port Policy as a template if desired. Enter a name for the new Access Port Policy, complete the applicable fields, and click Next. Follow the instructions on the Wizards subsequent screens. On the final screen, click Finish to save the policy and exit the wizard.
Click Existing Policy. The system launches the Access Port Policy Manager.
4 5
Select an Access Port Policy from the list and click Edit. The system launches the Access Port Policy Wizard, already shown In the final screen, click Finish to complete creating the Access Port policy. The system returns to the Access Port Policy Manager window and displays the modified Access Port Policy and WLAN.
WLANs
Creating a WLAN
1 2 3
Select Use an existing WLAN as a template if desired. Enter a name for the new WLAN, complete the applicable fields, and click Next. Following the instructions on the Wizards subsequent screens. On the final screen, click Finish to save the new WLAN and exit the wizard.
Modifying a WLAN
1 2
4 5
Select a WLAN from the list and click Edit. The system launches the WLAN Wizard. Click Next to modify the selected WLAN and following the insrtructions on the Wizards screens On the final screen, click Finish to complete updating the WLAN. The system returns to the WLAN Manager window and displays the modified WLAN properties.
Network Policies
Creating a Network Policy
1 2
Click New Policy. The system launches Create a New Network Policy Wizard
4 5
Select Use an existing Network Policy as a template if desired, supply a Name, click Next and follow the instructions on the subsequent screens. On the final screen, click Finish.
Select Use an existing Output Policy as a template if desired. Enter a name for the new Output policy and, if desired, a description. Click Next to continue and follow the instructions on the subsequent screens. In the final screen, click Finish to return to the system main window.
Select Use an existing Input Policy as a template if desired. Enter a name for the new Input Policy and, if desired, a description. Click Next to continue and follow the instructions on the subsequent screens. In the final screen, click Finish to return to the system main window.
Select a Network Policy from the list and click Edit. The system launches the Network Policy Wizard, already described. Follow the Wizards instructions.
Security Policies
Creating a Security Policy
1 2 3
The Security Policy Wizard appears. Follow the instructions in the Wizards screens.
Select a Security Policy from the list and click Edit. The system launches the Security Policy Wizard. Follow the instructions on the subsequent screens and click Finish on the final screen.
WS 5000 Series System Reference - 47
Classifiers
Creating a Classifier
1 2 3 4
Type a Name and, optionally, a Description. If needed, click Use an existing Classifier as a template and select a classifier from the list to create a new Classifier. Click Next. Follow the instructions on the subsequent screens and click Finish on the final screen.
Select a Classifier from the list and click Edit. The system launches the Classifier Wizard. Follow the instructions on the subsequent screens and click Finish on the final screen.
Classification Groups
Creating a Classification Group
1 2
Click Classification Group. The system launches the Classification Group Manager.
Select a Classification Group from the list and click Edit. The system launches the Classification Group Wizard.
Supply a Name, Description, Templates, click Next, and follow the instructions on the subsequent screen. Click Finish on the final screen.
2 3 4
Select Network. Click Classification Group. The system launches the Classification Group Manager. Select from the list of available Classification Groups (displayed on the left side of the window) and click Edit. The system launches the Classification Group Wizard. Follow the Wizards instructions.
From the WS 5000 Wireless Switch main window, click the Properties button.
From the Wireless Switch Policy Manager screen select the proper Country for the location of this Wireless Switch. Once a country is specified, the None option is no longer available.
The default Auto (once) Channel selection configures Access Ports upon start up to select the best channel as determined by the Automatic Channel Selection (ACS) engine. The ACS engine automatically determines the optimum channel based on available channels. Administrators can
customize the ACS process by clicking Automatic Channel Selection Settings and reserving those channels that the ACS engine will not consider available when assigning automatic channel settings to Access Ports. Because the ACS engine evaluates every channel defined for the country selected, process times can be improved by reserving channels not likely to be used. For example, if a WS 5000 should only use 802.11b channels 1, 6, and 11, administrators can reserve channels 2-5, 7-10, and 12-14. The ACS process then only has to evaluate three channels instead of 14. The Channel settings Auto (once) and Auto differ in that Auto (once) forces Access Ports to request channel assignments from ACS only at initial start up and adoption. Specifying Auto forces Access Ports to request channel assignments every time they need to reestablish a connection. Use Auto (once) in relatively stable environments where radio reception is not likely to change significantly. Use Auto in dynamically changing environments where radio reception is likely to vary significantly over time. The following table with the available Countries and their country codes is useful when setting the country code from the CLI.
Country Argentina Asia Pacific Australia Austria Bahrain Belarus Belgium Brazil Bulgaria Canada Chile China Columbia Costa Rica Croatia Czech Rep. Denmark Ecuador Estonia Finland France Germany Greece Guatemala Hong Kong Hungary Code AR AP AU AT BH BL BE BR BG CA CL CN CO CR HR CZ DK EC EE FI FR DE GR GT HK HU Country Mexico Morocco Netherlands New Zealand Norway Oman Panama Peru Philippines Poland Portugal Qatar R&TTE Romania Russian Federation Saudi Arabia Singapore Slovak Republic Slovenia South Africa South Korea Spain Sweden Switzerland Taiwan Thailand Code MX MA NL NZ NO OM PA PE PH PL PT QA RO RO RU SA SG SK SI ZA KR ES SE CH TW TH
Country Iceland India Indonesia Ireland Israel Italy Japan Jordan Kuwait Latvia Liechtenstein Lithuania Luxembourg Malaysia
Code IS IN ID IE IL IT JP JO KW LV LI LT LU MY
Code TR AE UA UK US UY VE
The system launches the Wireless Switch Policy Wizard. Select Use an existing Wireless Switch Policy as a template if desired. Enter a name for the new Wireless Switch Policy and complete the applicable fields. Click Next. Follow the instructions on the Wizards subsequent screens.
6 7
Select Country, Channel, Power Level for Access Ports, and the Ethernet Port Policy. Create a New Ethernet Port Policy if desired. Select Emergency to configure the policy as the Emergency Switch Policy. Click Next and follow the instructions on the subsequent screens.
Select the Emergency icon (signified by to activate the Emergency Switch Policy.
After clicking the icon, a dialog window prompts for confirmation click OK.
To revert the switch to the last active switch policy, click the emergency switch policy icon at the bottom of the main window.
CLI Commands
This chapter describes the commands that are defined by the WS 5100 Command Line Interface (CLI). You can access the CLI by running a terminal emulation program on a computer thats connected to the serial port at the front of the switch, or by using telnet to access the switch over the network.
Contexts
You invoke CLI commands within particular contexts. Contexts are hierarchical in a manner similar to directories in a traditional hierarchical file system: Contexts contain other contexts. When you log into the switch, youre placed at the System contextthis is the top of the context hierarchy. To enter a subcontext, you type its name. The only subcontext of the Service context is the Configure context. To get there from Service, you could type configure at the CLI prompt, but, as a convenience, the Configure context can also be accessed by typing cfg:
WS5000> cfg WS5000.(Cfg)>
As shown above, the CLI prompt changes to indicate the current context. Ignore the parentheses in the promptthey dont mean anything. Most of the switch configuration is performed in subcontexts of the Configuration context. For example, to drop into the WLAN subcontext you type wlan from the Configuration context:
WS5000.(Cfg)> wlan WS5000.(Cfg).wlan>
You cant go up and over when navigating the CLIconstructions such as .. context or ../context dont work.
Instances
Most contexts contain instances of themselves. An instance is a set of configuration values thats identified by name. Some contexts have pre-defined instances, but, in general, you have to create
CLI Commands
the instances yourself. To create an instance, you use the add command and supply a name. For example, here we create a WLAN instance:
WS5000.(Cfg)> wlan WS5000.(Cfg).wlan> add myWLAN WS5000.(Cfg).wlan.[myWLAN]>
When you create an instance, you drop into that instances context. As shown here, the prompt places the name of the instance context in brackets. Once youre in the instance context, you can use the commands that are defined there to configure the instance.
If an instance name (or other parameter) contains whitespace, you must enclose the name in quotes:
WS5000.(Cfg)> spol "Default Switch Policy" WS5000.(Cfg).SPolicy.[Default Switch Policy]>
To abort an unresponsive command, type <ctrl>-c (i.e. hold down the control key and type c).
1 Common Commands
The following commands are defined in all (or most) contexts.
?
Displays a list of available commands. Same as help. You can also pass ? as the last argument to any command to see an expanded help description. For example, to list all of the arguments that a contexts set command recognizes, type set ?.
..
Changes the current context to the next higher level. Same as end.
bye
Exits the command line interface and returns to the login screen. Same as logout.
clear
Clears the screen.
CLI Commands
description
Adds a descriptive string to the switch (for the System and Configuration contexts), or to a specific context instance. The description string is displayed when you invoke the show command.
Syntax:
description <text>
Parameters:
text
The descriptive text that you want to add to the switch or context instance.
emergencyMode
Enables or disables the Emergency Switch Policy (ESP). This is a Switch Policy that you can activate (enable) at any time in case of an emergency. When you deactivate (disable) the ESP, the previous Switch Policy is reactivated. To set the emergency policy, use the set emergencyPolicy command; see WS5000.(Cfg)> set emergencyPolicy on page 67.
Syntax:
emergencyMode <enable | disable>
end
Changes the current context to the next higher level. Same as ...
exit
Returns you to the System context.
help
Displays a list of available commands. Same as ?.
history
Displays the last 100 commands that were executed in the current context. Each context keeps its own list.
CLI Commands
<instance_name>
When called from a context that contains instances, a reference to an existing instance name drops you into the context for that instance. To get a list of instances, invoke show.
Syntax:
<instance_name>
Example:
WS5000.(Cfg).APPolicy> show Available Access Port Policies: 1. Default Access Port Policy. 2. myAPPolicy. WS5000.(Cfg).APPolicy> myAPPolicy WS5000.(Cfg).APPolicy.[myAPPolicy]>
logout
Exits the command line interface and returns to the login screen. Same as bye.
name
In the System and Configuration contexts, name sets the name of the system. The system name is used as the CLI prompt. In an instance context, name sets the name of the instance.
Syntax:
name <name>
Parameters:
name
The name that you want to give to the system or to a context instance.
policy
Most policy contexts that contain instances define the policy command. policy drops you into the named instance. This is the same as typing the instance name by itself, as described in <instance_name>, above.
Syntax:
policy <instance_name>
show
There are a number of ways to invoke the show command: Invoked without any arguments, show displays information about the current context. If the current context contains instances, then show (usually) displays a list of these instances. Invoked with the component argument, it displays information about that component. Invoked with both the component and the instance_name argument, it displays information about the named instance within the component. This only applies to components that are contexts that contain instances. For example:
WS5000> show appolicy "myAPPolicy"
CLI Commands
Invoked with just the instance_name argument, the component argument defaults to the current context. Again, this only works when the current context contains instances. For example:
WS5000.(Cfg).APPolicy> show "myAPPolicy"
Syntax:
show [component] [instance_name]
Parameters:
component Valid component instance_name
arguments vary from one context to the next. However, all contexts support some number of context components. See the table, below.
The name of an instance of component, or of the current context when component is omitted. Context Components The gamut of context components are listed below. Not all contexts implement all of the component arguments listed here.
Component aPort acl apPolicy ce cg chassis ethernet etherPolicy event ftp host kdc np po radius securityPolicy service snmpstatus ssh standby switchPolicy syslog telnet users vlan wlan Context
Access Port (APort) Context on page 70 Access Control List (ACL) Context on page 69 Access Port Policy (APPolicy) Context on page 74 Classifier Context (CE) on page 82 Classification Group (CG) Context on page 80 Chassis Context on page 79 Ethernet Port Context on page 85 Ethernet Policy (EtherPolicy) Context on page 87 Event Context on page 90 FTP Context on page 93 Host Context on page 93 KDC Context on page 95 Network Policy Context on page 98 Policy Object Context on page 100 RADIUS Context on page 103 Security Policy Context on page 104 Service Mode on page 117 SNMP Context on page 106 SSH (Secure Shell) Context on page 108 Standby (Failover) Context on page 110 Switch Policy Context on page 112 Syslog Context on page 91 Telnet Context on page 116 User Context on page 117 VLAN Context on page 116 WLAN Context on page 119
WS 5000 Series System Reference - 61
CLI Commands
show system
Displays system informationsystem name, description, maximum number of concurrent AP adoptions, active Switch Policy name, and so on. The same information is displayed regardless of your context. Most, but not all, contexts support the show system command.
2 System Context
WS5000> cfg
Synonym of configure.
WS5000> configure
Drops into the Configuration context. See Configuration (Cfg) Context on page 65.
WS5000> copy
Copies a file from the WS 5100 to a (T)FTP server, or from a (T)FTP server to the WS 5100. Youre prompted to supply the name of the file that you want to copy and the IP address of the (T)FTP server. The TFTP and FTP versions of the command are described separately, below.
IMPORTANT DO NOT USE THIS COMMAND FOR FILES LARGER THAN 32MB.
For TFTP: TFTP can be used to transfer *.sys.img, *.cfg, and *.sym files.
Syntax:
copy <source> <destination>
Parameters:
source
The source of the file. Must be either system (i.e the WS 5100) or tftp.
destination
CLI Commands
For FTP: FTP can be used to transfer .krb, .sys.img, .cfg, and .sym files.
Syntax:
copy <source> <destination> [ -u <ftp_user> ] [ -m <ftp_mode> ]
Parameters:
source
The source of the file. Must be either system (i.e the WS 5100) or the address and pathname of the FTP server (e.g. ftp://<ipAddress/path/[file_name]). If you dont supply a filename, youll be prompted for one. Youll be prompted to supply a password, as well.
destination
The FTP transfer mode, either ascii or binary. The default is binary.
WS5000> delete
Deletes the specified image or config file from the WS 5100. Use directory to list the files that can be deleted.
delete <filename>
Parameters:
filename
WS5000> directory
Lists the image and configuration files that are stored on the WS 5100.
Example:
WS5000> directory Date & Time Jan 2 Dec 27 16:43 2004 Bytes File Name
WS5000> install
Configures the switchs failover role as Primary or Standby, or installs Kerberos settings.
Syntax:
install <option> <filename>
Parameters:
option
One of: primary. Configures the switch to act as Primary, and applies all settings specified in the filename command file (.sym). If the command file is not specified, install uses the
CLI Commands
default command.sym file. If the default command file is missing, the current configuration isnt changed. standby. Configures the switch to act as Standby, and applies all settings as described for the primary parameter value. kerberos. Updates the Kerberos principals from the settings in the filename file (.krb).
filename
WS5000> ping
Sends ICMP ECHO_REQUEST packets to a network host.
Syntax:
ping <switches> <host>
Parameters:
switches
The name or IP address of the host to which the request packets are sent.
WS5000> restore
Restores the specified system image and/or configuration, and then resets and reboots the system.
Syntax:
restore <type> <filename>
Parameters:
type
The image or configuration that you want to restore. One of: system. Restores the system image and configuration from filename. configuration. Restores the system configuration from filename. standby. Restores the standby configuration from filename.
filename
The filename to which the configuration is saved. The .cfg extension is automatically appended.
WS5000> service
Drops into Service Mode. Youre prompted to supply the Service Mode password; the default is password. See Service Mode on page 117.
CLI Commands
WS5000> show
Shows the settings for the specified system component. show supports all of the context components listed in the table in show on page 60. Other components are listed in the table below.
Syntax:
show [<component> [name]]
Parameters: component allConfig channelInfo configAccess https interfaces mu ntpServers snmpClients sysAlerts sysLog system time trapHosts Meaning
Displays all configuration details. Displays a list of country codes and the channels each country supports. Tells you if you can use telnet and/or SNMP to configure the system and the KDC. Displays WS 5000 applet protocol, one of http (nonsecure), https (secure), or none (no access). Displays adopted Access Port info and lists the switchs Ethernet ports. Displays MU details. Displays NTP server information. Displays SNMP client and community list. Displays the contents of the local system event log. See Event Context on page 90. Displays the contents of the remote system event log, as maintained by the Syslog server. See Event Context on page 90 Displays general system information. Displays the current date and time. Displays the SNMP trap-host list.
The commands that drop you into a policy context are listed in the table under show on page 60. You can drop into an instance context by supplying, as an additional argument, the name of the instance. The rest of this section describes the Configuration contexts other commands.
WS5000.(Cfg)> copy
CLI Commands
WS5000.(Cfg)> date
Sets the time and date.
Syntax:
date <time> <timezone> <daylight_savings>
Parameters:
time
Expressed as [yyyy][mm][dd]hhmm[.ss]
timezone
Expressed as [-12.00, +13.00] where 0.00 is Greenwich Mean Time. Note that the + must be included for positive timezone values.
daylight_savings
A value in the range [0, 5] that represents a specific daylight savings type:
Value 0 1 2 3 4 5 Meaning
delete Same as WS5000> delete on page 63. description Same as description on page 59. directory Same as WS5000> directory on page 63. install Same as WS5000> install on page 63. name Same as WS5000> ping on page 64. ping Same as WS5000> ping on page 64. remove Same as ws5000> remove on page 60.
WS5000.(Cfg)> reset
Resets the WS 5100.
WS5000.(Cfg)> restore
WS5000.(Cfg)> runACS
Runs Automatic Channel Selection on all adopted Access Ports.
WS5000.(Cfg)> save
CLI Commands
Parameters:
Value 0 1 2 3 4 5 Meaning
Parameters:
name
The name of the Switch Policy that will assume the ESP role.
In order to update the license key, the WS 5100 must be configured as a primary switch. See WS5000.(Cfg).standby> set mode on page 111.
Syntax:
set licenseKey <key>
Parameters:
key
CLI Commands
Parameters:
string
Parameters:
timezone
A value in the range [-12.00, +13.00] where 0.00 is Greenwich Mean Time. Note that the + must be included for positive timezone values. Same as WS5000> show on page 65.
WS5000.(Cfg)> show
WS5000.(Cfg)> shutdown
Gracefully shuts down the WS 5100. Youre prompted to confirm the action. After youve shut down the switch, wait for the CLI to tell you when its safe to power down.
NOTE
After you shut down your WS 5100, the only way to bring it back up is to power cycle (power it down and then power it back up).
CLI Commands
WS5000.(Cfg).ACL> add
Adds a new ACL, gives it a name, and drops into its instance context.
Syntax:
add <name>
Parameters:
name
WS5000.(Cfg).ACL> remove
Removes the named ACL.
Syntax:
remove <name>
Parameters:
name
CLI Commands
arguments
Description
Changes the name assigned to the ACL. Adds a device (or range of devices) to the allow or deny adoption list. Redefines an existing ACL entry. You can switch between allow and deny, or reset the address range. You cant do both at the same time. Removes a device from the ACL. If the MAC address identifies the beginning of an device range, the entire range is removed from the ACL. Sets the default adoption action for this ACL. This is the action thats taken if a candidate device doesnt appear in any of the ACLs adoption lists.
remItem
MAC
defaultAction
allow | deny
For brevity, converted Access Points are referred to as Access Ports throughout this documentation.
CLI Commands
WS5000.(Cfg).APort> add
Creates a new Access Port instance (or two, for dual-radio APs). The first argument is the AP type. The rest of the arguments depend on the AP type.
Syntax:
add add add add add AP100 <MAC> <name> [location] AP200 <MAC> <a_name> <a_MAC> [b_name] AP300 <MAC> <g_name> <g_MAC> [a_name] AP3020-3021 <MAC> <name> [location] AP4121 <MAC> <name> [location]
Parameters:
MAC
For dual-radio APs, you must supply the MAC of (at least) the APs first radio. The MAC of the second radio is optional. The a_name, b_name, and g_name arguments refer to the 802.11x radio types.
name, a_name, b_name, g_name
Unique names that you give to the Access Port and/or its radios. The a_name, b_name, and g_name arguments refer to the 802.11x radio types. For single-radio APs, you only need to supply one name. For dual-radio APs, the name for the second radio is optional.
location
WS5000.(Cfg).APort> port
Drops into the named Access Port instance.
Syntax:
port
<name>
Parameters:
name
Selects the Access Port instance by name. Until you give an Access Port a name, its known by the space-separated concatenation of its device MAC address and its 802.11 type (A or B), all enclosed in quotes:
"xx:xx:xx:xx:xx:xx [A | B]"
For example:
"00:A0:B0:C0:D0:E0 [A]"
NOTE
The system never needs to automatically assign a name to an 802.11g or a frequency-hopping (FH) radio since youre compelled to supply names for these radios when you add their Access Port instances.
For a list of Access Port names, invoke the show accessPorts command.
CLI Commands
WS5000.(Cfg).APort> remove
Removes the named Access Port. For a list of Access Port names, invoke the show accessPorts command.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).APort> show
Shows the Access Port configuration values.
Syntax:
show [component]
Displays a list of Access Port instances. Displays a list of country codes and the channels each country supports. Display a list of Access Port instances and lists the available Ethernet ports.
np, po, standby, switchPolicy, wlan
WS5000.(Cfg).APort.[name]> reset
Resets the Access Port or its radio, depending on the value of the argument.
Syntax:
reset <ap | radio>
Parameters:
ap
Resets the Acces Port that contains this radio thats represented by this instance.
radio
CLI Commands
WS5000.(Cfg).APort.[name]> set
Configure an Access Port device attribute. The set of attributes depends on the AP model, as shown in the table, below
Syntax:
set <attribute> <value>
Parameters:
attribute clearVLanTags description diversity
none text
value
All AP Models
Description
Clears the VLAN tag register. Access Port description string. Access Port diversity antenna setting:
full: The AP dynamically chooses the antenna with the strongest signal. primary: Use this AP as a Primary antenna. secondary: Use this AP as a Secondary antenna.
ccaMode ccaThreshold
0 | 1 | 2 | 3 0 to 31
Sets the Access Ports CCA mode. Sets the Clear Channel Assessment threshold. This is the maximum level of traffic that the AP will accept and still consider the channel to be clear. 0 means no traffic; 31 means jam-packed. Access Port location description. Access Port name. Access Port policy thats applied to this Access Port. See Access Port Policy (APPolicy) Context on page 74. Enable/disable Access Port information gathering. When enabled, the Access Port reports is throughput in packets-per-second, and the amount of time its been adopted by the switch. You can view the statistics by invoking the show command with no argument. The ID of the VLAN that this Access Port is to be part of.
AP 30 20 -30 21 only
enable | disable
Frequency-hopping maximum dwell time. Frequency-hopping hop sequence. maxChannels is the maximum number of channels (as allowed by the country setting) divided by three. Frequency-hopping hop set.
hopSet
1 | 2 | 3
CLI Commands
attribute channel
value
All models except AP 3020-3021 channelNumber | auto-once | auto-always | random
Description
Access Port transmit channel. This can be a specific channel number, or one of the following: auto-once: The AP uses Automatic Channel Selection (ACS) the first time its adopted by the switch, and then sticks to that channel thereafter. auto-always: The AP uses ACS every time its adopted. random: The AP chooses a random channel every time it's adopted. The amount by which associated Mobile Units are told to adjust (increase) their power. Although this is a drain on MU batteries, it can help improve signal fidelity. The adjustment is in positive, integral dB. Access Port transmission power in milliWatts.
muPower
offset
4 - 20 (dBm)
integer
A P 3 00 o n ly
The power correction (increase) due to the APs (isotropic) antenna; in dB (dBi). Tells the AP that its being used indoors (true) or outdoors (false). Tells the Access Port to pretend that radar has been discovered. Assigns a username to this AP. The name is for information only.
true | false
none
name
WS5000.(Cfg).APort.[MAC]> show
WS5000.(Cfg).APPolicy> add
Creates and names a new Access Port policy instance. To drop into an Access Port policy instance context, use the policy command.
Syntax:
add <name>
Parameters:
name
CLI Commands
WS5000.(Cfg).APPolicy> policy
Drops into the named Access Port policy instance.
Syntax:
policy <name>
Parameters:
name
WS5000.(Cfg).APPolicy> remove
Removes the named Access Port policy.
Syntax:
remove <name>
Parameters:
name
BSS/ESS combination
4 BSS to 4 ESS 1 BSS to 16 ESS 4 BSS to 16 ESS 4 BSS to 16 ESS 4 BSS to 16 ESS 1 BSS to 1 ESS The AP 300 802.11a radio uses the same mapping as the AP 300 802.11g. Thus, theres only one entry for the two AP 300 radios.
CLI Commands
Parameters:
radioType
A list of frequency values, in Mbps. The list of candidate frequencies depends on the radio type, as shown in the following table. You can set multiple basic rates by passing a list of frequencies, e.g.:
set B basicrates 1 2 11
CLI Commands
WS5000.(Cfg).APPolicy.[Name]> set np
Assigns the Network Policy thats associated with the combination of this Access Port Policy and WLAN.
Syntax:
set np <np_name> <wlan_name>
Parameters:
name
Parameters:
radioType, rates
CLI Commands
Not all Map contexts support all of these attributes. For example, it doesnt make sense to set the Primary WLAN for an AP radio that only supports one WLAN (such as is the case with frequency-hopping radios). The four Map contexts and the radios that use each mapping are listed below.
Map Radio
When you drop into a Map context, the CLI prompt changes to reflect which context youre in:
WS5000.(Cfg).APPolicy.[AP0].Map.[4BSS-4ESS] WS5000.(Cfg).APPolicy.[AP0].Map.[1BSS-16ESS] WS5000.(Cfg).APPolicy.[AP0].Map.[4BSS-16ESS] WS5000.(Cfg).APPolicy.[AP0].Map.[1BSS-1ESS]
WS5000.(Cfg).APPolicy.[Name].Map.[map]> select
Assigns a WLAN to the Map.
Syntax:
select <wlan_name>
Parameters:
wlan_name
Parameters:
bssid
CLI Commands
WS5000.(Cfg).APPolicy.[Name].Map.[map]> set bw
Sets the guaranteed bandwidth thats assigned to a WLAN.
Syntax:
set bw <bandwidth> <wlan_name>
Parameters:
bandwidth
The percentage of bandwidth assigned to the WLAN. Valid percentages are in the range [5, 100].
wlan_name
The total bandwidth for all WLANs within a Map must equal 100.
Parameters:
wlan_name
7 Chassis Context
The Chassis context displays and manages CPU and system temperature.
Parameters:
threshold
The temperature threshold is expressed in degrees centigrade and must fall in the range [0, 105]. The notification is only sent when the temperature rises from below to above the threshold temperatureit isnt sent when the temperature drops from above to below the threshold.
IMPORTANT THE SYSTEM AUTOMATICALLY SHUTS DOWN IF THE CPU OR SYSTEM TEMPERATURE RISES ABOVE 105 DEGREES.
CLI Commands
WS5000.(Cfg).Chassis> show
Displays a table of temperature and fan speed statistics.
Example:
WS5000.(Cfg).Chassis> show Description ----------CPU Temperature System Temperature System Fan (rpm) CPU Fan (rpm) Curr Value ---------34 C 36 C OFF 21093 Max Value --------36 C 38 C 675000 Min Value --------33 C 32 C 9782 Notify Value -----------45 C 45 C None None
Under normal circumstances, both the system and the CPU should hover around 36 degrees. The Max Value and Min Value readings are the maximum and minimum temperature since the WS 5100 was last booted. Currently, you cant install a notification for fan speed.
Parameters:
name
WS5000.(Cfg).CG> cg
Drops into the context for a Classification Group instance.
Syntax:
cg <name>
Parameters:
name
CLI Commands
WS5000.(Cfg).CG> remove
Removes a Classification Group instance.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).CG> show
Displays information about a system component or named context instance.
Syntax:
show [component]
Meaning
WS5000.(Cfg).CG.[Name]> set
Performs an operation on the Classification Group instance.
Syntax:
set <op> <value>
value
Meaning
Sets the name of the Classification Group. Adds the named Classifier instance to the CG. Removes the named Classifier instance from the CG. Associates an action with a Classifier (ce_name) thats been added to the CG.. See below.
Action Values: If you set action to allow, packets that pass the Classifier are allowed to continue and theyre marked as being part of this Classification Group instance (this will be important when we bump up a level to Input and Output Policies). Packets that dont pass the evaluation are not immediately thrown awaytheyre allowed or denied according to the default action defined in the Input or Output Policy that uses this CG. If you set action to deny, packets that pass the Classifier are thrown away. Packets that dont pass are allowed to continue (again, with no CG marking).
WS 5000 Series System Reference - 81
CLI Commands
WS5000.(Cfg).CG.[Name]> show
Displays information about this Classification Group instance.
Syntax:
show [component]
Meaning
WS5000.(Cfg).CE> add
Creates and names a Classifier instance, and drops into the instances context.
Syntax:
add <name>
Parameters:
name
WS5000.(Cfg).CE> ce
Drops into the context for the named Classifier instance.
Syntax:
ce <name>
Parameters:
name
CLI Commands
WS5000.(Cfg).CE> remove
Removes a Classifier instance.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).CE> show
Shows Classifier details.
Syntax:
show [component]
none
CLI Commands
WS5000.(Cfg).CE.[Name]> addMC
Adds a new matching criterion to the Classifier.
Syntax:
addMC <criterion> <value> <subnet_mask> [end_port]
Parameters:.
criterion and value
The packet attribute name (case-sensitive!) and the value to which its compared. Valid attributes and associated values are listed in the table, below.
subnet_mask
The MAC address of the device that sent the packet. The value is a MAC address in the usual form. The MAC address of the device to which the packet is being sent. The value is a MAC address in the usual form. Ethernet type values, as defined by RFC 1700. Values are hex numbers in the range [0, FFFF]. The ID of the VLAN to/from which the packet is being sent/has been received. The value is a number. Relative priority value. The value is a number in the range [0, 7]. Ethernet protocol. The value is a (decimal) number in the range [0, 254]. Type of Service identifier. The value is a number in the range [0, 63]. The IP address and subnet mask of the device whence the packet emerged. The subnet mask is passed as a second argument (subnet_mask). Both arguments are dot-separated IP addresses. The IP address and subnet mask of the device to which the packet is being sent. The subnet mask is passed as a second argument (subnet_mask). Both arguments are dot-separated IP addresses. The Ethernet port number, on the originating device, through which the packet was sent. You can declare a specific port (as a decimal number), or a range of ports by supplying a second port number as the end_port argument. Valid port numbers are in the range [0, 65535]. The Ethernet port number, on the recipient device, to which the packet is being sent. You can declare a specific port (as a decimal number), or a range of ports by supplying a second port number as the end_port argument. Valid port numbers are in the range [0, 65535]. Multicast mask. The value is a MAC address thats used to mask the range of recipients of a broadcast packet.
IPdestination
sourceport
destinationport
MCMask
CLI Commands
WS5100_VPN.(Cfg).CE.[Name]> removeMC
Removes the matching criterion for the named attribute
Syntax:
removeMC <criterion>
Parameters:
criterion
WS5100_VPN.(Cfg).CE.[Name]> setMC
Set the value of an existing matching criterion.
Syntax:
setMC <attribute> <value> [subnet_mask] [end_port]
Parameters:
attribute, value, subnet_mask, end_port
WS5000.(Cfg).CE.[Name]> show
Shows details for this Classifier instance.
Syntax:
show [component]
none
mc
Displays details of this Classifier instance. Displays the Classifiers matching criteria.
WS5000.(Cfg).Ethernet> ping
Sends ICMP ECHO_REQUEST packets to a host.
Syntax:
ping <hostIP>
Parameters:
hostIP
The name or IP address of the host to which the request packets are sent.
CLI Commands
WS5000.(Cfg).Ethernet> port
Drops into an Ethernet port instance.
Syntax:
port <port_number>
Parameters:
port_number
WS5000.(Cfg).Ethernet> show
Displays Ethernet port details.
Syntax:
show [component]
Displays a list of Ethernet port instances. Shows adopted Access Port info and lists the switchs Ethernet ports
WS5000.(Cfg).Ethernet.[N]> ipAddress
Assigns an IP address to this Ethernet port instance.
Syntax:
ipAddress <IP_address> <net_mask>
Parameters:
IP_address
CLI Commands
WS5000.(Cfg).Ethernet.[N]> set
Sets an attribute of this Ethernet port instance.
Syntax:
set <attribute> [<value>]
Parameters:: attribute cfgMode value Auto | 10_Half | 10_Full | 100_Half | 100_Full enable | disable
IP_address
Meaning
Sets the Ethernet port mode. Enables/disables the DHCP client for this port. Sets the IP address of the gateway. Sets the port to be non-trunked. Sets the port to be a trunked. Sets the primary VLAN ID. The port automatically becomes trunked. Clears the VLAN tag register.
none none
1 - 4095
none
WS5000.(Cfg).Ethernet.[N]> show
Displays Ethernet port details.
Syntax:
show [component]
Displays information about this Ethernet port. Display a list of Access Port instances and lists the available Ethernet ports.
Parameters:
name
CLI Commands
WS5000.(Cfg).EtherPolicy> policy
Drops into the context for the named Ethernet Policy instance.
Syntax:
policy <name>
Parameters:
name
WS5000.(Cfg).EtherPolicy> remove
Removes an Ethernet Policy instance.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).EtherPolicy> show
Displays Ethernet Policy information.
Syntax:
show [component]
WS5000.(Cfg).EtherPolicy.[Name]> add
Creates and adds a VLAN to this Ethernet Policy instance.
Syntax:
add <vlan_ID> <NIC>
Parameters:
vlan_ID
The number thats assigned to this VLAN. Valid VLAN ID numbers are in the range [1, 4095].
NIC
CLI Commands
WS5000.(Cfg).EtherPolicy.[Name]> remove
Removes a VLAN from this Ethernet Policy instance.
Syntax:
remove <vlan_id>
Parameters:
vlan_id
The ID number of the VLAN thats to be removed. For a list of VLAN IDs, invoke show vlan.
WS5000.(Cfg).EtherPolicy.[Name]> set
Sets an attribute of this Ethernet Policy instance.
Syntax:
set <attribute> <value>
Sets the rest of the network NIC. This is the NIC that connects WS 5100 to the wired network. Adds a description string to the Ethernet Policy instance.
WS5000.(Cfg).EtherPolicy.[Name]> show
Shows Ethernet Policy details.
Syntax:
show [component]
WS5000.(Cfg).EtherPolicy.[Name]> vlan
Drops into the context of the VLAN identified by VLAN ID.
Syntax:
vlan <vlan_ID>
Parameters:
vlan_ID
The ID of the VLAN. For a list of VLAN IDs, invoke show vlan.
CLI Commands
12 Event Context
The Event context lets you register for notification of specific system events. To see a list of the system events that you can monitor, go to the Event context and type show:
WS5000.(Cfg).Event> show Num Events --- -----1 License number change 2 Clock change 3 Packet discard [wrong NIC] 4 Packet discard [wrong VLAN] 5 AP adopt failure [general] 6 AP adopt failure [policy disallow] etc... Local Log --------Enabled Enabled Enabled Enabled Enabled Enabled SNMP Trap --------Disabled Disabled Disabled Disabled Enabled Enabled Syslog Severity --------------Disabled Disabled Disabled Disabled Disabled Disabled
You can ask to have an SNMP trap thrown when a specific event occurs.
WS5000.(Cfg).Event> ping
Sends ICMP ECHO_REQUEST packets to a network host.
Syntax:
ping <switches> <host>
Parameters:
switches
The name or IP address of the host to which the request packets are sent.
CLI Commands
WS5000.(Cfg).Event> set
Lets you ask for event notifications, and sets the severity of events that are sent to the Syslog.
Syntax:
set <event> <target> <<enable | severity> | disable> set all <localLog | snmpTrap | syslog> <<enable | severity> | disable> set all default
Parameters:
event
Describes the event that youre interested in. Either all or a number in the range [1, 69]. Use the show command for a list of available events.
target
Enables and disables recording of the event. If your target is syslog, then you can pass a severity value rather than simply enableing the event.
severity
Events that are sent to the Syslog are tagged with a severity, one of emerg(ency), alert, crit(ical), err(or), info, notice, and warning. If you enable an event without a severity, it assumes a default severity setting.
all <localLog | snmpTrap | syslog> The first set all form of the command lets you send or repress all events to/from the specified
target.
all default
This form of the command resets all events to their factory defaults.
WS5000.(Cfg).Event> show
Displays Event information.
Parameters: component none Meaning
WS5000.(Cfg).Event> syslog
Drops into the Syslog subcontext, described below.
12.1
Syslog Context
The Syslog context is a subcontext of Event. The commands in the Syslog context let you configure and control the remote event logging service. The remote service sends system logging information to a remote host, which must have a message logging daemon running. The remote host is set through the add command. To tailor the types of messages that the Syslog will be sent, use the set command. All syslog messages are in RFC 3164 message format.
CLI Commands
WS5000.(Cfg).Event.Syslog> add
Adds a Syslog host.
Syntax:
add <host_name> <IP_address> [domain]
Parameters:
host_name
WS5000.(Cfg).Syslog> remove
Removes a Syslog host.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).Syslog> sets
Sets the types of messages that are sent to the Syslog.
Syntax:
set <host> <severity> <enable | disable>
Parameters:
host
Specifies a type of message. The value is one of emerg(ency), alert, crit(ical), err(or), info, notice, warning, or all. If the final argument is enable, messages of the specified type are sent to the Syslog; if its disable, the messages arent sent.
WS5000.(Cfg).Syslog> show
Displays information about the Syslog service.
Syntax:
show <component>
CLI Commands
WS5000.(Cfg).Event.Syslog> start
Starts the Syslog service.
WS5000.(Cfg).Event.Syslog> stop
Stops the Syslog service.
13 FTP Context
WS5000.(Cfg).FTP> enable
Enables the FTP server.
WS5000.(Cfg).FTP> disable
Disables the FTP server.
WS5000.(Cfg).FTP> show
Displays the state of the FTP server.
14 Host Context
The Host context collects the various hosts that are declared in other contexts.
WS5000.(Cfg).Host> add
Adds a new host to the system.
Syntax:
add host <name> <IP_address> [domain]
Parameters:
name
CLI Commands
WS5000.(Cfg).Host> edit
Drops into a Host instance context.
Syntax:
edit <host>
Parameters:
host
WS5000.(Cfg).Host> ping
Sends ICMP ECHO_REQUEST packets to a network host.
Syntax:
ping <switches> <host>
Parameters:
switches
The name or IP address of the host to which the request packets are sent.
WS5000.(Cfg).Host> remove
Removes a host from the host list.
Syntax:
remove <host>
Parameters:
host
WS5000.(Cfg).Syslog> show
Displays host information.
Syntax:
show <component>
CLI Commands
WS5000.(Cfg).Host.[host]> ping
Sends ICMP ECHO_REQUEST packets to a network host.
Syntax:
ping <switches> <host>
Parameters:
switches
WS5000.(Cfg).Host.[host]> set
Configures a host.
Syntax:
set <attribute> <value>
WS5000.(Cfg).Host.[host]> show
Shows host configuration details.
15 KDC Context
The WS 5100 contains a Kerberos Key Distribution Center. The KDC context lets you configure the local KDC as a Master or Slave.
Parameters:
name
CLI Commands
Parameters:
mu
WS5000.(Cfg).KDC> dump
Writes the KDC database to a file.
Syntax:
dump <filename>
Parameters:
filename
Name of the file to which the database is written. The .krb extension is automatically appended.
CLI Commands
Parameters:
realm
Parameters:
ntp_number
Parameters:
realm
The Ethernet port (1 or 2) through which the Slave will communicate with the Master.
CLI Commands
WS5000.(Cfg).KDC> show
Shows KDC details.
Syntax:
show [attribute]
Displays all KDC information. Displays KDC communication access permissions. Displays the IP addresses of the three NTP servers. Displays a list of active KDC users (MUs).
WS5000.(Cfg).KDC> synchronize
Copies the Master KDC database to the Slave KDC.
Syntax:
synchronize <slave_name> <slave_ip> <slave_domain>
Parameters:
slave_name
WS5000.(Cfg).NP> add
Creates and adds a Network Policy instance.
Syntax:
add <name>
Parameters:
name
CLI Commands
WS5000.(Cfg).NP> np
Drops into the context for a specific Network Policy instance.
Syntax:
np <name>
Parameters:
name
WS5000.(Cfg).NP> remove
Removes a Network Policy instance.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).NP> show
Shows Network Policy details.
Syntax:
show [component]
Meaning
value
Meaning
Sets the name of the Network Policy. Adds the named Policy Object as the inbound policy. If the value is remove, the policy is removed.
CLI Commands
attribute outboundPolicy
value
name | remove
Meaning
Adds the named Policy Object as the outbound policy. If the value is remove, the policy is removed.
WS5000.(Cfg).NP.[Name]> show
See WS5000.(Cfg).NP> show on page 99.
Parameters:
name
WS5000.(Cfg).PO> po
Drops into the context for a specific Policy Object instance.
Syntax:
po <name>
Parameters:
name
WS5000.(Cfg).PO> remove
Removes a Policy Object instance.
Syntax:
remove <name>
Parameters:
name
CLI Commands
WS5000.(Cfg).PO> show
Shows Policy Object details.
Syntax:
show [component]
Meaning
value
Meaning
Adds the named Classification Group to the Policy Object. Sets the default action for this Policy Object. Sets the name of this Policy Object instance. Removes the named Classification Group from the Policy Object.
Parameters:
cg_name
CLI Commands
Parameters:
cg_name
Parameters:
type
Parameters:
bandwidth
Parameters:
bits
WS5000.(Cfg).PO.[Name]> show
Same as WS5000.(Cfg).PO> show on page 101.
CLI Commands
18 RADIUS Context
The RADIUS context you identify your RADIUS server and set the switch-side parameters that are used during RADIUS authentication. The RADIUS server is always remote; the wireless switch doesnt provide an on-board instance. You cant configure the RADIUS server through the tools provided by the wireless switch. Most importantly, while you can identify the RADIUS server that you want the switch to use, this affection will be for naught unless the RADIUS server has added the switch to itself as a client.
Parameters:
connection
Meaning
Identifies the RADIUS server by name or IP address. The other three attributes can be set here, as well Sets the port number of the RADIUS server. Specifies the number of times a Mobile Unit can try to authenticate itself during the reauthentication phase. The default is 5 attempts. Specifies the time interval, in seconds, after which Mobile Units are forced to reauthenticate with the RADIUS server. Valid values are in the range seconds; the default is 3600 seconds (1 hour).
0 - 65535 1 - 10
timeout
30, 65535
WS5000.(Cfg).FTP> show
Displays the WS 5100s RADIUS settings.
CLI Commands
Parameters:
name
WS5000.(Cfg).securityPolicy> policy
Drops into the context for the named Security Policy instance.
Syntax:
policy <name>
Parameters:
name
WS5000.(Cfg).securityPolicy> remove
Removes the named Security Policy instance.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).securityPolicy> show
Lists the available Security Policy instances.
WEP comes in a choice of 40- or 128-bit encryption, and lets you define and choose from four different keys.
CLI Commands
If encryption is set to open, then theres no authentication. In PSK, the same key is used for authentication and encryption.
Uses a Kerberos server for mobile unit authentication. You can specify an external server or use the switchs on-board server. To use the on-board server, you must first configure the switch to be a Kerberos Master (see WS5000.(Cfg).KDC> set master on page 97). Kerberos only supports KeyGuard and WEP encryption.
802.1x EAP. Authentication is performed by an external Remote Authentication Dial-In User Service (RADIUS) server. The RADIUS server must be accessible to the switch.
A single Security Policy can accept more than one method (of each), thus providing wider support for MUs that use expect different security methods. However, the Security Policy is only as strong as its weakest method.
WS5000.(Cfg).securityPolicy.[Name]> set
Sets an attribute of the Security policy instance. The tables, below, divide the settings into topical groups.
Syntax:
set <attribute> <value>
Parameters:
General Settings
attribute description name value
string name
Meaning
Adds a description string to the Security policy instance. Sets the name of the Security policy instance.
Sets the PSK key. An ASCII key must be between 8 and 63 characters long. A hex key must be 64 characters.
CLI Commands
WEP Settings
attribute activeWepKey
key_index
value
Meaning
Sets the active WEP key string, identified by key index. Valid key_index values are [0, 3]. Sets the WEP key string for the given key index. Valid key_index values are [1, 4]. The key_string argument must be enclosed in quotes (*********).
wepKey
key_index key_string
Kerberos Settings
attribute kerberos value Meaning
Sets the active WEP key string, identified by key index. Valid key_index values are [0, 3].
key_index key_string
wepKey
Sets the WEP key string for the given key index. Valid key_index values are [1, 4]. The key_string argument must be enclosed in quotes (*********).
WS5000.(Cfg).securityPolicy.[Name]> show
Displays the attributes of this Security policy instance.
Syntax:
show
20 SNMP Context
The SNMP context provides commands that configure the SNMP system and that control the activity of the SNMP daemon.
CLI Commands
Parameters:
permission
The access permission of the SNMP community. Either ro for read-only, or rw for read-write.
client_ip
Parameters:
host_ip
The name of the SNMP community the trap host belongs to.
CLI Commands
Parameters:
host_ip
Optional port number to which traps are sent. The default is 162.
WS5000.(Cfg).SNMP> show
Shows SNMP details.
Syntax:
show [attribute]
Lists the SNMP v2 clients. Displays SNMP status information. Lists the hosts to which this switch sends traps.
WS5000.(Cfg).SSH> set
Configures the SSH daemon.
Syntax:
set <attribute> <value>
Enables or disables the SSH daemon. Configures the daemon to accept SSH V1 and SSH V2 client connections (V1/V2), or to only accept SSH V2 (V2). SSH V2 is more secure than SSH V1.
CLI Commands
attribute port
value
Meaning
22 | 1025 - 65535
Sets the port through which SSH connections are accepted. By default, the SSH port is set to 22.
WS5000.(Cfg).SSH> show
Displays connection configuration and session information.
Syntax:
set <attribute> <value>
Displays SSH configuration and session information. Displays telnet configuration and session information. See Telnet Context on page 116
example:
https://192.0.0.1
disable turns off SSL client authentication. To access the applet, a client must use http. For
example:
http://192.0.0.1
WS5000.(Cfg).SSL> show
Displays the Web servers accessibility setting:
WS5000.(Cfg).SSL> show Web based configuration (Applet) access by : https.
CLI Commands
Syntax:
set autorevert <enable | disable>
Syntax:
set arDelay <delay>
Parameters:
delay
CLI Commands
NOTE
Syntax:
set heartbeat <enable | disable> <NIC>
Parameters:
NIC
Syntax:
set mac <port> <NIC>
Parameters:
port
Either the MAC address of the port, or auto for automatic discovery.
NIC
Syntax:
set mode <option>
You must call disable before setting the switchs failover role. You must call disable before setting the switchs failover role.
Reverts the switch to its original role. enable Adds the switch to the standby system. Same as the enable command. disable Removes the switch from the standby system. Same as the disable command. WS5000.(Cfg).standby> show
Displays Standby details for this switch.
CLI Commands
WS5000.(Cfg).SPolicy> add
Creates and adds a new Switch Policy instance.
Syntax:
add <name>
Parameters:
name
WS5000.(Cfg).SPolicy> policy
Drops into the context for the named Switch policy instance.
Syntax:
policy <name>
Parameters:
name
WS5000.(Cfg).SPolicy> remove
Removes the named Switch Policy instance.
Syntax:
remove <name>
Parameters:
name
CLI Commands
WS5000.(Cfg).SPolicy> show
Displays Switch Policy details.
Syntax:
show [component]
Displays a list of Switch Policy instances. Displays a list of country codes and the channels each country supports. Display a list of Access Port instances and lists the available Ethernet ports.
CLI Commands
Parameters:
radio
The radio type that this list applies to. One of A, B, G, or FH (case-insensitive).
start_MAC, end_MAC
Identifies the Access Ports that are part of this list entry. If end_MAC is excluded, the entry consists of the AP identified by start_MAC; otherwise, the entry contains all APs between start_MAC and end_MAC.
app_name
Removes the entry from the list. To remove an address range, you need only supply the starting address.
traps <enable | disable>
If the default action is deny, you can ask to have the apAdoptFail SNMP trap sent when an unknown AP asks to be adopted. Pass enable to ask for the trap, and disable to ask that the trap not be sent. By default the trap is sent.
WS5000.(Cfg).SPolicy.[Name]> set
Configures the Switch Policy.Adds or removes an Access Port policy to or from the Switch Policy.
Syntax:
set <attribute> <value> [remove]
value
Meaning
WS5000.(Cfg).SPolicy.[Name]> set adoptionList on page 114 Adds or removes the named Access Port Policy to/from the Switch Policys list of AP Policies. Sets the default channel. The set of candidate channel numbers depends on the country code setting.
CLI Commands
attribute countryCode
value
ISO_3166_code
Meaning
Sets the country code. The switch wont adopt Access Ports until the country is set.
IMPORTANT ITS THE RESPONSIBILITY OF THE SWITCH OWNER TO CORRECTLY SET THE COUNTRY CODE; AN INCORRECT COUNTRY SETTING CAN CAUSE THE SWITCH TO USE ILLEGAL BROADCAST SETTINGS.
dsCoexistence
enable | disable
FH/DS coexistence. With coexistence enabled, you let the Access Port divide the frequency spectrum such that Frequency-Hopping (FH) devices use one portion, and Direct-Sequence (DS) devices use the other. NOTE FH/DS co-existence isn't legal in all countries. The dsCoexistence attribute is always turned off in these countries. Arbitrary descriptive string. Sets the Switch Policys active Ethernet Policy Sets the Switch Policys name. Valid power settings are in the range [4, 20].
<4-20> <A | B | G> Sets the power, in milliWatts, for the specified 802.11x radio type.
WS5000.(Cfg).SPolicy.[Name]> show
Displays Switch Policy details.
Syntax:
show [component]
Displays information about this Switch Policy instance. Displays a list of country codes and the channels each country supports. Display a list of Access Port instances and lists the available Ethernet ports.
switchPolicy
CLI Commands
WS5000.(Cfg).SPolicy.[Name].Restricted.[Radio]> add
Adds a channel to the list of restricted channels.
Syntax:
add channel [ description ]
Parameters:
channel
The channel that you want to restrict. The set of valid channel numbers depends on the country setting and radio type.
description
WS5000.(Cfg).SPolicy.[Name].Restricted.[Radio]> remove
Removes a channel from the list of restricted channels, thus making it available for use during Automatic Channel Selection.
Syntax:
remove channel
Parameters:
channel
The channel that you want to unrestrict. The set of valid channel numbers depends on the country setting and radio type.
WS5000.(Cfg).[Name].Restricted.[Radio]> show
Displays restricted channel details.
Syntax:
show [component]
Displays the list of restricted channels. Displays a list of country codes and the channels each country supports.
25 Telnet Context
You can use telnet to access the CLI and to configure the on-board KDC. The Telnet context provides commands that let you allow and disallow telnet access.
CLI Commands
WS5000.(Cfg).Telnet> show
Display telnet details.
Syntax:
show <attribute>
Displays statistics about the current telnet session. Displays the permissibility of configuring the system and the KDC through telnet and SNMP:
WS5000.(Cfg).Telnet> show configAccess Configuration Access restriction details: Telnet access (CLI) : System access via SNMP : KDC configuration over telnet console : KDC configuration through SNMP :
ssh
Displays information about the ssh configuration. See SSH (Secure Shell) Context on page 108.
26 User Context
WS5000.(Cfg).User> add
Adds a new user to the switch. Youre prompted to provide and then confirm the new users password.
Syntax:
add <user_name>
Parameters:
user_name
The name (login) of the new user. The name can be 6 to 20 characters long.
WS5000.(Cfg).User> remove
Removes an existing user from the switch.
Syntax:
remove <user_name>
Parameters:
user_name
CLI Commands
WS5000.(Cfg).User> show
Displays a list of the current users, or info for a particular user.
Syntax:
show user [<user_name>]
Parameters:
user_name
If supplied, shows info about the designated user. If not supplied, displays a list of the current users.
WS5000.(Cfg).User> user
Drops into the context for the specified user instance.
Syntax:
user <user_name>
Parameters:
user_name
The user.
Parameters:
subsystemN
The subsystem that the user is allowed to configure. One or more of all, default, system, policy, security, and SNMP.
WS5000.(Cfg).User.[Name]> deny
Sets the list of subsystems that the user is not allowed to configure.
Syntax:
deny <subsystem1> [<subsystem2>] [...]
Parameters:
subsystemN
The subsystem that the user is not allowed to configure. One or more of all, default, system, policy, security, and SNMP.
WS5000.(Cfg).User.[Name]> password
Sets the users password. Youre prompted to provide and then confirm the users new password.
Syntax:
password
CLI Commands
WS5000.(Cfg).User.[Name]> show
Same as WS5000.(Cfg).User> show on page 118.
27 WLAN Context
WS5000.(Cfg).WLAN> add
Creates and adds a new WLAN instance.
Syntax:
add <name> <essid>
Parameters:
name
WS5000.(Cfg).WLAN> remove
Removes an existing WLAN instance.
Syntax:
remove <name>
Parameters:
name
WS5000.(Cfg).WLAN> show
Displays information thats pertinent to the WLAN context.
Syntax:
show [<component>]
WS5000.(Cfg).WLAN> wlan
Drops into the context of an existing WLAN instance.
Syntax:
wlan <name | index>
Parameters:
name
The index (starting with 1) of the WLAN instance in the list of all instances.
CLI Commands WS 5000 Series System Reference - 119
Parameters:
new_name
WS5000.(Cfg).WLAN.[Name]> set
Sets the value of an attribute of this WLAN instance.
Syntax:
set <attribute> <value>
value
Meaning
Sets the WLANs Access Control List. See Access Control List (ACL) Context on page 69 Enable or disable anonymous ESSID association.
[, ...]>
Sets the WLANs BSS basic rate set; values are in Mbps. You can set multiple basic rates by passing more than one setting separated by whitespace or commas, e.g.:
set basicrates 1 2 11
20 - 1000
IP_address description
1 - 20
essid name
Sets the beacon interval, in milliseconds. Sets the IP address of the WLANs default route. Sets the WLAN instances informational description. Sets the DTIM interval, as a multiple of the beacon interval (the beacon attribute). Sets the ESSID. Sets the Kerberos authentication name. Sets the maximum number of Mobile Units that may be asssociated through this WLAN. Enable or disable the WLANs Access Control List. Enable or disable mu-to-mu (ad hoc) communication. enable means that ad hoc communication is not allowed; disable means that it is. Sets the name of the WLAN instance.
CLI Commands
name
name
value
Meaning
Sets the netmask for this WLAN. preamble short | long Sets the type of RF preamble. rtsThreshold 1 - 2047 The RTS threshold packet size, in octets. security_policy_name security Sets the Security policy thats applied to this WLAN. supportedRates <1 | 2 | 5.5 | 11 [, ...]> Sets the transmission rates that are supported on | this WLAN, in Mbps. You can set multiple rates by
<none>
WS5000.(Cfg).WLAN.[Name]> show
Same as WS5000.(Cfg).WLAN> show on page 119.
CLI Commands
CLI Commands
Use this table to determine the correct power settings for International use when using external antennas with the AP 100 802.11b Access Port, Model CCRF-5020-10-WW. For US (FCC) all Symbol Technologies, certified antennas can be used on the maximum power level setting.
Max Power Setting Antenna Type 1 2 3 4 3 Dipole Indoor/Outdoor Omni Directional Heavy-duty Indoor/Outdoor 65 H-Plane Directional Panel Indoor/Outdoor 65 H-Plane Diversity Directional Panel Heavy Duty, High Gain Outdoor Mast Mount Also valid at Power setting: 2 with 25ft cable ML-1499-25JK-01 1 with 100ft cable ML-1499-100JK-01
Comments
1 1 3 3 4
Low Profile Ceiling Mount Omni Directional Low Profile Dual Integrated Diversity Omni Directional High gain Indoor/Outdoor 60 H-Plane Directional Panel High gain Indoor/Outdoor 120 H-Plane Directional Panel Heavy-duty Outdoor 35 High-gain Directional Yagi Also valid at Power setting: 3 with 50 ft cable ML-1499-50JK-01 2 with 100 ft cable ML-1499-100JK-01 Also valid at Power setting: 3 with 50 ft cable, 2 with 100 ft cable Use with 100ft cable ML-1499-100JK-01
ML-2499-BPNA3-01
Heavy-duty Indoor/Outdoor 35 High-gain Directional Panel Heavy Duty 10 Directional High Gain Parabolic Dish
ML-2499-BPDA1-01
Use this table to determine the correct European Union power settings for the AP 200 802.11a/b Access Port, Model CCRF-5030-100-WW (external antenna 802.11a radio only), CCRF-5030-200-WW (external antenna 802.11a/b radio), CCRF-5030-210-WW.
Additional Cable Length in Feet Max Authorized Power Settings 0 Any Any 6 Any Any 10 Any Any 25 Any Any 50 Any Any 100 Any Any
Antenna Model
ML-2499-APA2-01 ML-2499-HPA3-01
Antenna Model ML-2499-PNAHD-01 ML-2499-7PNA2-01 ML-2499-BMMA1-01 ML-2499-SD3-01 ML-2499-SDD1-01 ML-2499-12PNA2-01 ML-2499-11PNA2-01 ML-2499-BYGA2-01 ML-2499-BPNA3-01 ML-2499-BPDA1-01 Internal Antenna
Antenna Type/Pattern Hi-gain in/outdoor Panel Directional Panel Directional Hi-gain in/outdoor Dipole Omni-Directional Patch Omni-Directional Patch w/diversity Omni-Directional Panel Directional Panel Directional In/Outdoor Yagi Directional In/Outdoor Panel Directional Outdoor Parabolic Dish Directional Omni Directional
Additional Cable Length in Feet Max Authorized Power Settings Any Any Any Any Any 2, 3, 4, 5 2, 3, 4, 5 3, 4, 5 2, 3, 4, 5 5 Any 5 GHz Any Any Any Any Any Any Any 2, 3, 4, 5 Any 5 Any Any Any Any Any Any 2, 3, 4, 5 Any 3, 4, 5 2, 3, 4, 5 5 Any Any Any Any Any Any Any Any 3, 4, 5 2, 3, 4, 5 5 Any Any Any Any Any Any Any Any Any Any 4, 5 Any Any Any Any Any Any Any Any Any Any 4, 5 Any
Use this table to determine the correct Japanese power settings for the AP 200 802.11a/b Access Port, Model CCRF-5030-100-WW (external antenna 802.11a radio only), CCRF-5030-200-WW (external antenna 802.11a/b radio), CCRF-5030-210-WW.
Additional Cable Length in Feet Max Authorized Power Settings 0 Any Any Any Any None 2, 3, 4 Any Any Any 2, 3, 4 2, 3, 4 None Any 5 GHz ML-5299-APA1-01 Omni-directional Any N/A Any Any Any Any 6 Any Any Any Any None Any Any Any Any 2, 3, 4 2, 3, 4 None N/A 10 Any Any Any Any 3, 4 Any Any Any Any Any Any 4 N/A 25 Any Any Any Any 2, 3, 4 Any Any Any Any Any Any 4 N/A 50 Any Any Any Any Any Any Any Any Any Any Any 3, 4 N/A 100 Any Any Any Any Any Any Any Any Any Any Any 2, 3, 4 N/A
Antenna Model
ML-2499-APA2-01 ML-2499-HPA3-01 ML-2499-PNAHD-01 ML-2499-7PNA2-01 ML-2499-BMMA1-01 ML-2499-SD3-01 ML-2499-SDD1-01 ML-2499-12PNA2-01 ML-2499-11PNA2-01 ML-2499-BYGA2-01 ML-2499-BPNA3-01 ML-2499-BPDA1-01 Internal Antenna
Flexible Rubber Dipole Omni-Directional Hi-gain Dipole Omni-directional Hi-gain in/outdoor Panel Directional Panel Directional Hi-gain in/outdoor Dipole Omni-Directional Patch Omni-Directional Patch w/diversity Omni-Directional Panel Directional Panel Directional In/Outdoor Yagi Directional In/Outdoor Panel Directional Outdoor Parabolic Dish Directional Omni Directional
Additional Cable Length in Feet Max Authorized Power Settings Any None Any N/A N/A N/A Any None N/A Any None N/A Any None N/A Any 1 N/A
Use this table to determine the correct United States power settings for the AP 200 802.11a/b Access Port, Model CCRF-5030-100-WW (external antenna 802.11a radio only), CCRF-5030-200-WW (external antenna 802.11a/b radio), CCRF-5030-210-WW. (All Symbol Technologies certified antennas can be used on the maximum power level setting.)
Additional Cable Length in Feet Max Authorized Power Settings 0 2, 3, 4, 5 3, 4, 5 3, 4, 5 3, 4, 5 6 2, 3, 4, 5 3, 4, 5 3, 4, 5 3, 4, 5 Any Any 2, 3, 4, 5 4, 5 4, 5 None None None N/A 5 GHz ML-5299-APA1-01 ML-5299-HPA1-01 ML-5299-WPNA1-01 Internal Omni-directional Hi-gain Dipole Panel Omni-directional Omni-Directional Any Any N/A Any N/A N/A N/A N/A Any Any N/A N/A Any Any N/A N/A Any Any N/A N/A Any Any N/A N/A 10 2, 3, 4, 5 3, 4, 5 3, 4, 5 3, 4, 5 Any Any 2, 3, 4, 5 4, 5 4, 5 None None None N/A 25 2, 3, 4, 5 3, 4, 5 3, 4, 5 3, 4, 5 Any Any 2, 3, 4, 5 4, 5 4, 5 None None None N/A 50 Any 3, 4, 5 3, 4, 5 3, 4, 5 Any Any Any 3, 4, 5 3, 4, 5 None None None N/A 100 Any 2, 3, 4, 5 2, 3, 4, 5 2, 3, 4, 5 Any Any Any 3, 4, 5 3, 4, 5 5 5 None N/A
Antenna Model
ML-2499-APA2-01 ML-2499-HPA3-01 ML-2499-PNAHD-01 ML-2499-7PNA2-01 ML-2499-BMMA1-01 ML-2499-SD3-01 ML-2499-SDD1-01 ML-2499-12PNA2-01 ML-2499-11PNA2-01 ML-2499-BYGA2-01 ML-2499-BPNA3-01 ML-2499-BPDA1-01 Internal Antenna
Flexible Rubber Dipole Omni-Directional Hi-gain Dipole Omni-directional Hi-gain in/outdoor Panel Directional Panel Directional
Hi-gain in/outdoor Dipole Omni-Directional 2, 3, 4, 5 Patch Omni-Directional Patch w/diversity Omni-Directional Panel Directional Panel Directional In/Outdoor Yagi Directional In/Outdoor Panel Directional Outdoor Parabolic Dish Directional Omni Directional Any 2, 3, 4, 5 4, 5 4, 5 None None None Any
Value 0 1. 3. 4. 5. 6. 7. 8. 9. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 44.
802.11 or Symbol/WPA Reason Code REASON_CODE_80211_SUCCESS REASON_CODE_80211_UNSPECIFIED_ERROR DISASSOCIATION_REASON_CODE_STATION_LEAVING_ESS DISASSOCIATION_REASON_CODE_INACTIVITY DISASSOCIATION_REASON_CODE_STATION_LIMIT_EXCEEDED DISASSOCIATION_REASON_CODE_CLASS_2_PKT_FROM_NON_AUTH DISASSOCIATION_REASON_CODE_CLASS_3_PKT_FROM_NON_ASSOC DISASSOCIATION_REASON_CODE_STATION_LEAVING_BSS DISASSOCIATION_REASON_CODE_STATION_NOT_AUTHENTICATED DISASSOCIATION_REASON_CODE_INVALID_INFORMATION_ELEMENT DISASSOCIATION_REASON_CODE_MIC_FAILURE DISASSOCIATION_REASON_CODE_4WAY_HANDSHAKE_TIMEOUT DISASSOCIATION_REASON_CODE_GROUP_KEY_UPDATE_TIMEOUT DISASSOCIATION_REASON_CODE_4WAY_IE_DIFFERENCE DISASSOCIATION_REASON_CODE_MULTICAST_CIPHER_INVALID DISASSOCIATION_REASON_CODE_UNICAST_CIPHER_INVALID DISASSOCIATION_REASON_CODE_AKMP_NOT_VALID DISASSOCIATION_REASON_CODE_UNSUPPORTED_RSNE_VERSION DISASSOCIATION_REASON_CODE_INVALID_RSNE_CAPABILITIES DISASSOCIATION_REASON_CODE_8021X_AUTHENTICATION_FAILED DISASSOCIATION_REASON_CODE_PSP_TX_PKT_BUFFER_EXCEEDED
Description Reserved internally to indicate success Unspecified Reason Deauthenticated because sending station has left or is leaving IBSS or ESS Disassociated due to inactivity Disassociated because AP is unable to handle all currently associated stations Class 2 frame received from non-authenticated station Class 3 frame received from non-associated station Disassociated because sending station has left or is leaving BSS Station requesting re-association is not authenticated with responding station Invalid Information Element Michael MIC failure 4-Way Handshake timeout Group key update timeout Information element in 4-Way Handshake different from Re-associated request/Proberesponse/Beacon Multicast Cipher is not valid Unicast Cipher is not valid AKMP is not valid Unsupported RSN IE version Invalid RSN IE Capabilities IEEE 802.1X Authentication failed Symbol defined (non 802.11 standard) code. The Wireless Switch has exceeded its time limit in attempting to deliver buffered PSP frames to the Mobile Unit without receiving a single 802.11 PS Poll or NULL data frame. The Wireless Switch begins the timer when it sets the Mobile Units bit in the TIM section of the 802.11 beacon frame for the BSS. The time limit is at least 15 seconds. The Mobile Unit is probably gone (or may be faulty). Symbol defined (non 802.11 standard) codes. The Wireless Switch has exceeded its retry limit in attempting to deliver a 802.1x EAP message to the Mobile Unit without receiving a single 802.11 ACK. The retry limit varies according to traffic type but is at least 64 times. The Mobile Unit is either gone or has incorrect 802.1x EAP authentication settings.
77.
DISASSOCIATION_REASON_CODE_TRANSMIT_RETRIES_EXCEEDED
Network Events
ID 0. 1. 2.
Event License number change Clock change Packet discard [wrong NIC]
Message Changed license level from <XX> license number Access Ports to <YY> number Access Ports. \n The Wireless Switch clock was changed <XX>/ <YY> seconds.\n Discarded Packet: Wrong NIC <XX> <XX> vs <YY> from Access Port ZZ.
Parameters XX = previous license number (an integer) YY = new license number (an integer) XX = + or YY = offset in seconds (an integer) XX = Ethernet Port that received the packet = 1 or 2 YY = Ethernet Port the Access Port was adopted from = 1 or 2 ZZ = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port
3.
Discarded Packet: Wrong VLAN <XX> <XX> vs <YY> from XX = VLAN that received the packet (an integer) Access Port <ZZ>. YY = VLAN the Access Port was adopted from (an integer) ZZ = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port. Adoption <XX> failed. The MAC address has been used by XX = MAC (xx:xx:xx:xx:xx:xx) address of the radio or an existing Access Port.\n Access Port. Access Port Policy prevented Port with MAC <XX> from being adopted.\n XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port.
4. 5. 6 7. 8. 9. 10.
AP adopt failure [general] AP adopt failure [policy disallow] AP adopt failure [acl disallow] AP adopt failure [limit exceeded] AP adopt failure [license disallow] AP adopt failure [no image] AP status [offline]
This event and message is currently not configured. It will Not Applicable be configured in the next service release. Access Port <XX> was not adopted because maximum limit has been reached. License denied Access Port <XX> adoption. Maximum Access Ports allowed with current license = <YY>.\n XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port. XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port. YY = License Level (integer )
Access Port with MAC <XX> can not be adopted because XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port no valid Firmware Image file can be found.\n Access Port <XX> with MAC address <YY> is unavailable. XX = Name (string) of the Access Port <YY> = MAC(xx:xx:xx:xx:xx:xx) address of the Access Port Taking Access Port <XX> with MAC address <YY> offline. XX = Name (string) of the Access Port <YY> = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port
11.
AP status [alert]
Access Port <XX> with MAC address <YY> is in Alert status due to country not set. Access Port <XX> with MAC address <YY> is in Alert status.
XX = Access Port name (string) YY = Access Port MAC (xx:xx:xx:xx:xx:xx)Address XX = Access Port name (string) <YY> = Access Port MAC (xx:xx:xx:xx:xx:xx)Address XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port XX = Access Port name (string) YY = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port
12.
AP status [adopted]
Adopted an Access Port <XX>. Radio <XX> with Mac <YY> is adopted.\n
Network Events
ID 13.
Message Radio <XX> with MAC <YY> was reset. Reset the Access Port <XX>.
Parameters XX = Name (string) of the radio YY = MAC (xx:xx:xx:xx:xx:xx) address of the radio XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port XX = Name (string) of the Radio YY = MAC (xx:xx:xx:xx:xx:xx) address of the Radio XX (integer ) = Number of Mobile Units associated to this Access Port XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port
AP config failed [wrong ESS] AP max MU count reached AP detected Device msg dropped [info] debug Device msg dropped [loadme]
Radio <XX> <YY> no ESS - configuration FAIL.\n MUs for this RF Port are over margin: <XX>. Detected a new Access Port <XX>.
Dropping DeviceInfo message from <XX> whose parent is XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port <YY>.\n YY = MAC (xx:xx:xx:xx:xx:xx) address of the Wireless Switch this Access Port is adopted to Dropping Loadme message from <XX> whose parent is <YY>.\n Ethernet Port <XX> is connected. Ethernet port <XX> disconnected.\n XX = MAC (xx:xx:xx:xx:xx:xx) address of the Access Port YY = MAC (xx:xx:xx:xx:xx:xx) address of the Wireless Switch this Access Port is adopted to XX = Ethernet Port number 1 or 2 XX = Ethernet Port number 1 or 2 XX = Mobile Unit MAC (xx:xx:xx:xx:xx:xx)address XX = Wireless Client MAC (xx:xx:xx:xx:xx:xx) address <YY> = Reason Code number ( integer) XX = MAC (xx:xx:xx:xx:xx:xx) address of the mobile unit YY = Name (string) of the Access Port XX = Name (string) of the mobile unit YY = MAC (xx:xx:xx:xx:xx:xx) address of the mobile unit ZZ = Name (string)of the Access Port the Mobile Unit roamed from XX = Name (string) of the mobile unit YY = MAC (xx:xx:xx:xx:xx:xx) address of the mobile unit ZZ = Reason ( integer) Code number XX = MAC (xx:xx:xx:xx:xx:xx) address of the Mobile Unit XX = MAC (xx:xx:xx:xx:xx:xx) address of the Mobile Unit YY = EAP (integer) Type (see Appendix C, 802.11 Mobile Unit Disassociation Reason Codes) ZZ = number (integer) of minutes [MAC address of MU][MAC xx:xx:xx:xx:xx of Radius server][port on Radius server][radius error code]
18.
MU assoc failed [ACL violation] ACL denied MU (XX) association. MU assoc failed MU status [associated] MU status [roamed] Access port refused MU <XX> association. Error <YY>. Mobile Unit <XX> was associated to Access Port <YY>. Mobile Unit <XX> with MAC <YY> roamed from Access Port <ZZ> to (Name of the Access Port the Mobile Unit roamed to).
25.
MU status [disassociated]
Mobile Unit <XX> with MAC address <YY> was disassociated. Reason Code <ZZ>
26. 27.
MU <XX> failed to authenticate with RADIUS Server. Mobile Unit <XX> successfully authenticated with EAP Type <YY>, authentication valid for <ZZ> minutes
28. 29.
"MU %s failed to authenticate with the KDC at %d.%d.%d.%d:%d : %s (Error code %d)."
"MU at (%s) failed authentication via Kerberos. [Error [MAC address of MU][ radius error code] code %d]" [MAC address of MU][ ][# of minutes this authentication "Mobile Unit with MAC \"%s\" successfully authenticated is valid for] via Kerberos - authentication expires in %d minutes." "MU %02x:%02x:%02x:%02x:%02x:%02x has high decrypt failure rate" "MU %02x:%02x:%02x:%02x:%02x:%02x has high replay failure rate" "MIC validation failed for MU %s on ESS '%s'." [MAC address of MU (in 6 octets)] [MAC address of MU (in 6 octets)] [MAC address of MU][ESS-ID this MU is associated with]
MU TKIP [decrypt failure] MU TKIP [replay failure] MU TKIP [MIC error] WLAN auth success
"WLAN %s (ESS %s) successfully authenticated with KDC [WLAN name][ESSID] ][MAC xx:xx:xx:xx:xx of KDC at %d.%d.%d.%d:%d" server][port on KDC server]
Network Events
Event WLAN auth failed WLAN max MU count reached Mgt user auth failed [radius]
Message
Parameters
"WLAN %s (ESS %s) could not be authenticated with KDC [WLAN name][ESSID] ][MAC xx:xx:xx:xx:xx of KDC at %d.%d.%d.%d:%d after %d attempts - still trying..." server][port on KDC server][number of attempts] ACL denied MU (%s) association." GUI/CLI User userid Authentication Failure: "User userid rejected by Radius server RADIUS server hostname/IP address.\n" NOT USED User userid authenticated locally.\n userid = string "User userid successfully authenticated by Radius server RADIUS server hostname/IP address = string RADIUS server hostname/IP address.\n" "Radius server %s is unreachable.\n" "Adding KDC User:[%s] time:[%ld]" "Changed KDC User:[%s] time:[%ld]" "Removed KDC USER:[%s] Time:[%ld]" "Replaced KDC DB:Modified Locally" "Replaced KDC DB:Modified by SEMM" "KDC Propgation fails on host (%s)." "KDC Propgation fails !" [host-name] [name of WLAN][ESSID] [radius server name] [user name][timestamp] [user name][timestamp] [user name][timestamp] [MAC address of MU] userid = string RADIUS server hostname/IP address = string
37. 38.
39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52.
Radius server timeout KDC user [added] KDC user [changed] KDC user [deleted] KDC DB replaced KDC propagation failure
WPA counter-measures [active] "Began WPA counter-measures for WLAN %s (ESS %s)" Primary lost heartbeat Standby active Primary internal failure [reset] Standby internal failure [reset] Standby auto-revert Primary auto-revert Auto channel select error Primary lost heartbeat(s) Fail-over took place, Standby machine is now in Active state "Primary internal failure, Resetting" "Standby internal failure, Resetting" Standby Auto Reverting Primary Auto Reverting
"ACS failed to find a valid channel, err %d.\n" "ACS failed [Channel#] to find a valid channel. Reusing existing channel %d.\n" MAC address of the Access Port = xx:xx:xx:xx:xx:xx ACS success. Setting Radio MAC address of the AP to Channel = integer channel.\n Emergency Switch Policy Emergency Switch Policy is activated.\n Emergency Switch Policy = string Emergency Switch Policy = string [previous de-activated policy name]
53. 54.
Emergency Policy [deactivated] Emergency Switch Policy Emergency Switch Policy is deactivated,.\n "Emergency Switch Policy %s is deactivated.\n"
55.
Low flash space on switch-alert Found disk=percent disk spaced used USED disk-space percent disk spaced used = decimal (xx.xx) - VACUUMing Database in 5 secs to free-up space
Network Events
ID 56.
Event Miscellaneous debug events KerberosWlanAuthOperation:: OnStart() RADIO_TYPE_FH != pRadio->GetType() NULL == pCountry->GetFHInfo() CWlan::KerberosClientAuth()
Message
Parameters
Internal Failure, out of ethernet buffers" "The license key on a WS-Lite cannot be upgraded." "WSLiteValidation:FAILURE:%s is invalid %d-port license [XML error string(if any)][number of radios (APs) in-use] for WS-Lite\n" "EtherPortManager::EnsureNoCollisions(FOUND [string containing explanation of collision in policy] PROBLEM: %s)\n" "Etherport policies \"%s\" and \"%s\" are on the same subnet(%d). " [policy name] [policy name] "Began authentication process for WLAN %s (ESS %s) with KDC %lu.%lu.%lu.%lu..." [WLAN name][ESSID string][KDC MAC] "Mobile Unit \"%s\" successfully authenticated with %s" (+) ", authentication valid for %d minutes" (or) ", no re-authentication period set" [MAC of MU][EAP type][# of minutes] "No valid channel for 802.11%s radio. Adoption is denied.\n" [type of radio (A or B or FH)] "No valid country info for 802.11%s radio. Adoption is denied.\n" [type of radio (A or B or FH)] "Began authentication process for WLAN %s (ESS %s) with KDC '%s'... [name of WLAN][ESSID][KDC Server Hostname] "End WPA counter-measures for WLAN %s (ESS %s)" [name of WLAN][ESSID]
ID 0. 1. 2.
Event License number change Clock change Packet discard [wrong NIC]
Description
A license key was entered changing the number of Access Port This event can only occur by entering a license key. this wireless switch can adopt. The date/time setting was changed on the Wireless Switch When an Access Port is adopted, the Wireless Switch remembers which Ethernet Port the Access Port was adopted from. The Wireless Switch will only accept data from that Access Port through the Ethernet Port which it was adopted from. If the Wireless Switch receives data from that Access Port on another Ethernet Port, it will be discarded. This event can only occur by changing the date/time. The Access Port may have been removed and reconnected to another part of the network that is connected to the other Ethernet port of the Wireless Switch. Or, the Access Ports logical connection to the network has changed, causing it to be connected to the other Ethernet port of the Wireless Switch. If this is intentional, the Access Port must first be removed from the Wireless Switch and readopted through the new Ethernet port. If this is unintentional, reconnect the Access Port to the Ethernet port that it was adopted through. The Access Port may have been removed and reconnected to another part of the network that is connected to the other Ethernet port of the Wireless Switch. Or, the Access Ports logical connection to the network has changed, causing it to be connected to the other Ethernet port of the Wireless Switch. If this is intentional, the Access Port must first be removed from the Wireless Switch and readopted through the new Ethernet port. If this is unintentional, reconnect the Access Port to the Ethernet port that it was adopted through. Confirm that there are actually two Access Ports with the same MAC address and contact Symbol customer support.
3.
If an Ethernet Port is configured for 802.1q trunking, when an Access Port is adopted, the Wireless Switch remembers which VLAN the Access Port was adopted from. The Wireless Switch will only accept data from that Access Port through the VLAN which it was adopted from. If the Wireless Switch receives data from that Access Port on another VLAN, it will be discarded.
4.
An Access Ports request to be adopted has been rejected because there is already another Access Port with the same MAC address currently active on the Wireless Switch.
Network Events
ID 5.
Description An Access Ports request to be adopted has been rejected because the Wireless Switch Policy is configured to deny adoption of Access Ports.
Possible Course of Action If the Wireless Switch is to adopt this Access Port, either manually adopt it by including it in the Include List of the Adoption List or by configuring the Wireless Switch Policy to Allow Adoption of Access Ports. If the Wireless Switch is to adopt this Access Port, remove the Access Port from the Exclude List of the Adoption List. You have more AP devices than you have licenses for. Either remove the APs or purchase more licenses. You have more AP devices than you have licenses for. Either remove the APs or purchase more licenses.
6 7. 8. 9.
AP adopt failure [acl The Access Ports request for adoption was rejected because disallow] the Access Port is in the Exclude List of the Adoption List. AP adopt failure [limit exceeded] AP adopt failure [license disallow] AP adopt failure [no image] AP status [offline] AP status [alert] We ran out of licenses or (unlikely) we ran out of memory to create a Radio-object. We ran out of licenses and could not adopt this AP.
It appears the switch does not have a valid AP image firmware From your Symbol WS500 Applet interface go to System file to download onto the AP. Settings > Firmware Management > Available Images and make sure you have an image for that model of AP. This Access Port has been unavailable for a long time. The status of this Access Port has changed to Unavailable. The status of this Access Port has changed to Alert. The status of this Access Port has changed to Alert. .Unavailable means that the Wireless Switch has not been able to communicate with this Access Port for more than 10 seconds. The country setting for the Wireless Switch Policy has to be set to something other than None before an Access Port can be adopted. Until then, all Access Ports will be at Alert status. The Access Port needs attention. Look for other Event Notification messages for details.
10. 11.
AP status [adopted] AP status [reset] AP config failed [wrong ESS] There are no in-use WLANs configured on this switch. This Access Port will be Alert status until it is configured with an Access Port Policy with a valid WLAN. If the WLAN is using Kerberos security, check that the WLAN is authenticated by the KDC. When the limit has been reached, the Access Port will not allow any additional Mobile Units to associate.
An Access Port has reached the maximum limit of 128 Mobile Units which can associate to a single Access Port. A new Access Port was detected.
Device msg dropped We received a DEVICEINFO message from an AP (telling us You may have multiple Primary and Active WS5000s on the [info] about the APs configuration) but the AP claims to have another same physical subnet. Either remove the extra WS5000s or switch as a Parent. configure them for Hot Standby operation. Device msg dropped We received a LOADME request from an AP (a WSAP-50xx) but You may have multiple Primary and Active WS 5000s on the [loadme] the AP claims to have another switch as a Parent. same physical subnet. Either remove the extra WS 5000s or configure them for Hot Standby operation. Ether port connected A previously disconnected Ethernet port was re-connected. Ether port disconnected MU assoc failed [ACL violation] MU assoc failed A previously connected Ethernet port was disconnected. If you see excessive amounts of this message you may have a cable or switch hardware problem. See above.
18.
This Mobile Unit was rejected as it requested to associate to the If this is not intentional check your Access Control List and make sure this MAC address is not rejected by policy. WLAN with an Access Control List. The error codes are listed in the table below 802.11 reason codes. This message cannot be due to REASON CODE 80211 STATION LIMIT EXCEEDED A Mobile Unit associated to an Access Port. A Mobile Unit roamed from to another Access Port. A Mobile Unit disassociated from an Access Port. None
Network Events
Event MU EAP auth failed MU EAP auth success MU Kerberos auth failed MU Kerberos auth success MU TKIP [decrypt failure] MU TKIP [replay failure]
Description A Mobile Unit EAP authentication request failed. A Mobile Unit EAP authentication request succeeded. A Mobile Unit Kerberos authentication request failed A Mobile Unit Kerberos authentication request succeeded. The switch has encountered high levels of sequential decrypt failures with this MU. The switch has encountered high levels of sequential decrypt failures with this MU.
MU TKIP [MIC error] This MU has failed a MIC encryption, this could potentially be an attempt to break security, if this is detected twice within 60 seconds the switch will implement the WPA countermeasures. WLAN auth success WLAN auth failed WLAN max MU count reached This is an incorrect message, it was not really the ACL that denied association it was that we exceeded the 802.11 limit (REASON CODE 80211 STATION LIMIT EXCEEDED)
36.
Mgt user auth failed Management user not authenticated on the Wireless Switch [radius] local user database. Management user not authenticated on the remote RADIUS server database. Mgt user auth rejected Mgt user auth success [radius] [UNUSED] Management user successfully authenticates on the wireless switch local user database. Management user successfully authenticates on the remote RADIUS user database. Check you r Radius Server configuration on the WS 5000.
37. 38.
Radius server timeout KDC user [added] KDC user [changed] KDC user [deleted] KDC DB replaced KDC propagation failure WPA counter-measures [active] Primary lost heartbeat The Primary Wireless Switch in Standby mode did not receive monitoring heartbeats from the Standby Wireless Switch. Host name is unknown
The WS5000 will be down for a short length of time and then come back and re-associate MUs If this event occurs but failover does not occur, then there is possible congestion on the network causing the heartbeats to be lost. Also, look for other events prior to the lost heartbeats that might indicate a problem, such as Ethernet port disconnected. A failover has occurred.
46.
47.
Standby active
The Standby Wireless Switch has changed its state from Monitoring to Active.
Network Events
Event Primary internal failure [reset] Standby internal failure [reset] Standby auto-revert
Description
The Standby Wireless Switch is auto-reverted from Active to Monitoring. This event is reported by the Standby Wireless Switch. The Primary wireless switch is auto-reverted from Halted to Connected. This event is reported by the Primary wireless switch. Misleading text, its the Channel# not an error that is in the string The Emergency Switch Policy is activated. The Emergency Switch Policy is deactivated. The used disk space exceeds 80%. This will be reported approximately every five hours. Case ASEVENT_EVENT_PSD_REBOOT_NOBDOS KerberosWlanAuthOperation::OnStart() RADIO_TYPE_FH != pRadio->GetType() NULL == pCountry->GetFHInfo() CWlan::KerberosClientAuth() Remove any unused policies, ACLs, user names, files, etc. Switch will need to re-boot and should do so within 120 seconds
51.
Primary auto-revert
Auto channel select error Emergency Policy [active] Emergency Policy [deactivated] Low flash space on switch-alert Miscellaneous debug events
Network Events
Network Events