Home » Motorola Manuals » Networking » Motorola WS2000 » Manual Viewer

Motorola WS2000 Reference Guide - Page 32

Setting Up Point-to-Point over Ethernet PPPoE Communication - password

View all Motorola WS2000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 32 highlights

2-8 WS2000 Wireless Switch System Reference Guide when servers in the LAN need to be accessed (addressed) by the outside world. The pop-up window allows the administrator to enter up to eight WAN IP addresses for the switch. • The Subnet Mask is the mask used for the WAN. • The Default Gateway is the address of the device that provides the connection to the WAN (often a cable modem or DSL router). • The two DNS Server fields specify DNS addresses of servers that can translate domain names, such as www.motorola.com, into IP addresses that the network uses when passing information. The Secondary DNS Server acts as a backup to the Primary DNS Server when the primary server is not responding. Setting Up Point-to-Point over Ethernet (PPPoE) Communication PPPoE provides the ability to connect a network of hosts through a simple device to a remote access concentrator. Many DSL providers require that their clients communicate using this protocol. The facility allows the ISP to control access, billing, and type of service provided to clients on a per-user or per-site basis. Check with the network administrator or ISP to determine whether to enable this feature, and, if so, find out the username and password required for authentication. To set up PPP 0ver Ethernet, click on the PPPoE tab under the WAN screen. 1. Check Enable in the PPP over Ethernet area to enable the PPPoE protocol for high-speed connections. 2. Enter the Username and Password required for authentication. The username and password are for the switch's router to use when connecting to the ISP. When the Internet session starts, the ISP authenticates the username. 3. Set the Idle Time in seconds to an appropriate number. This number is the amount of time the PPPoE connection will remain idle before it disconnects. 10000 seconds default idle time is appropriate for most situations. 4. Check Keep Alive to instruct the switch to continue occasional communications over the WAN even when client communications to the WAN are idle. Some ISPs terminate inactive connections, while others do not. In either case, enabling Keep-Alive mode keeps the switch's WAN connection alive, even when there is no traffic. If the ISP drops the connection after reaching the maximum idle time, the switch automatically reestablishes the connection to the ISP. 5. Select the appropriate WAN authentication method from the drop-down menu. Collect this information from the network administrator. Select between None, PAP, CHAP, or PAP or CHAP. CHAP PAP A type of authentication in which the user logging in uses a secret information and some special mathematical operations to calculate a numerical value. The server, the user is logging into, knows the same secret value and performs the same mathematical operations to arrive at a value. If the values match, the user is authorized to access the server. One of the numbers used in the mathematical operation is changed after every log-in. This is to protect the server against an intruder secretly copying a valid authentication session and replaying it later to log in. An identity verification method used to send a username and password over a network to a computer that compares the username and password to a table listing authorized users. This method of authentication is less secure, because the username and password travel as clear text that a hacker could read and use to launch an attack. 6. Click the Apply button to save changes.

Section	Page
WS 2000 Wireless Switch	1
Product Overview	19
1.1 WS2000 Wireless Switch System Reference Guide	20
1.1.1 About this Document	20
1.1.2 Document Conventions	20
1.2 System Overview	21
1.2.1 Management of Access Ports	21
1.3 Hardware Overview	22
1.3.1 Technical Specifications	22
1.3.2 WS 2000 Wireless Switch LED Functions	23
1.4 Software Overview	24
1.4.1 Operating System (OS) Services	24
1.4.2 Cell Controller Services	24
1.4.3 Gateway Services	24
Getting Started	25
2.1 Getting Started with the WS2000 Wireless Switch	26
Step 1: Install the Switch	26
Step 2: Set Up Administrative Communication to the Switch	26
Step 3: Set the Basic Switch Setting	28
Step 4: Configure the LAN Interface	29
Enable Subnet1	29
Step 5: Configure Subnet1	30
Step 6: Configure the WAN Interface	31
Communicating with the Outside World	31
Setting Up Point-to-Point over Ethernet (PPPoE) Communication	32
Step 7: Enable Wireless LANs (WLANs)	33
Wireless Summary Area	33
Step 8: Configure WLAN Security	34
Setting the Authentication Method	34
Setting the Encryption Method	34
Mobile Unit Access Control List (ACL)	35
Step 9: Test Connectivity	35
2.2 Where to Go from Here?	36
LAN/Subnet Configuration	37
3.1 Enabling Subnets for the LAN Interface	38
3.1.1 Defining Subnets	38
3.2 Configuring Subnets	39
3.2.1 The DHCP Configuration	40
3.2.2 Advanced DHCP Settings	41
3.3 Configuring Subnet Access	42
3.3.1 The Access Overview Table	43
3.3.2 The Access Exception Area	43
3.4 Advanced Subnet Access Settings	45
3.5 Bridge Configuration	48
3.6 Virtual LAN (VLAN) Configuration	49
3.7 Configuring IP Filtering	51
3.8 Port Configuration	53
WAN Configuration	55
4.1 Configuring the WAN Interface	56
4.1.1 Configuring WAN IP Information	56
4.1.2 Setting Up Point-to-Point over Ethernet (PPPoE) Communication	57
4.2 Configuring the WS 2000 Firewall	59
4.2.1 Disabling the Firewall	59
4.2.2 Setting the NAT Timeout	59
4.2.3 Configurable Firewall Filters	60
4.3 Configuring Network Address Translation (NAT)	62
4.4 Configuring Static Routes	64
4.4.1 Configuring the Default Gateway Interface	64
4.4.2 Creating User Defined Routes	65
4.4.3 Setting the RIP Configuration	65
4.5 Configuring a Virtual Private Network (VPN)	67
4.5.1 Creating a VPN Tunnel	68
4.5.2 Setting Up VPN Security	69
4.5.3 Configuring Manual Key Exchange	69
4.5.4 Setting Up Automatic Key Exchange	71
4.5.5 Setting Up Internet Key Exchange (IKE)	73
4.5.6 VPN: Frequently Asked Questions	75
4.6 Configuring Content Filtering	79
4.7 Configuring DynDNS	81
4.7.1 Enabling and Configuring DynDNS	81
4.7.2 Updating DynDNS	81
Wireless Configuration	83
5.1 Enabling Wireless LANs (WLANs)	85
5.1.1 WLAN Summary	85
5.1.2 AP Adoption Configuration	86
5.2 Configuring Wireless LANs	88
5.2.1 Configuring Advanced WLAN Settings	88
5.3 Configuring Wireless LAN Security	89
5.3.1 Selecting the Authentication Method	89
5.3.2 Configuring 802.1x EAP Authentication	90
5.3.3 Configuring Kerberos Authentication	92
5.3.4 Setting the Encryption Method	92
5.3.5 Configuring WEP Encryption	93
5.3.6 Configuring WPA/WPA2-TKIP Encryption	93
5.3.7 Configuring WPA2-CCMP (802.11i) Encryption	95
5.3.8 KeyGuard	96
5.3.9 No Encryption	96
5.3.10 IP Filtering	97
5.3.11 Mobile Unit Access Control List (ACL)	97
5.4 Configuring Access Ports	98
5.5 Setting Default Access Port Settings	101
5.5.1 Common Settings to All Radio Types	102
5.5.2 Radio-Specific Settings	104
5.6 Advanced Access Port Settings	105
5.6.1 Radio Settings	106
5.6.2 Antenna Settings	107
5.6.3 Access Port Properties	107
5.6.4 Advanced Properties	107
5.7 Quality of Service Configuration	109
5.7.1 Setting the Bandwidth Share Mode	110
5.7.2 Configuring Voice Prioritization and Multicast Address Settings	111
5.8 Setting Up Port Authentication for AP 300 Access Ports	111
5.9 Rogue Access Point (Port) Detection	112
5.9.1 Setting Up the Detection Method	113
5.9.2 Defining and Maintaining Approved AP List Rules	114
5.9.3 Examine the Approve and Rogue Access Ports	115
5.9.4 Setting SNMP Traps for Rogue APs	118
5.10 Configuring Wirless Intrusion Protection System (WIPS)	119
5.11 Wireless Intrusion Detection System	120
5.11.1 WIDS Configuration	121
5.11.2 Filtered MUs	122
5.12 Smart Scan	123
5.13 Self Healing	124
5.14 Mesh Settings	125
5.14.1 Mesh Base Setting	126
5.14.2 Mesh Client Setting	126
Administrator and User Access	127
6.1 Configuring Administrator Access	128
6.1.1 Selecting the Type of Admin Access	128
6.1.2 Configuring Secure Shell Connection Parameters	129
6.1.3 Admin Authentication and RADIUS Server Authentication Setup	129
6.1.4 Setting Up AirBEAM Software Access	129
6.1.5 Applet Timeout Specification	130
6.1.6 Changing the Administrator Password	130
6.2 Configuring User Authentication	130
6.2.1 Configuring the RADIUS Server	131
6.2.2 Configuring Lightweight Directory Access Protocol (LDAP) Authentication	133
6.2.3 Setting Up a Proxy RADIUS Server	134
6.2.4 Managing the Local User Database	135
6.2.5 Adding New Guest Users Quickly	137
6.2.6 Setting the User Access Policy	138
6.3 Managing Digital Certificates	139
6.3.1 Importing CA Certificates	139
6.3.2 Creating Self Certificates	141
Switch Administration	143
7.1 Overview of Administration Support	144
7.2 Restarting the WS 2000 Wireless Switch	144
7.3 Changing the Name of the Switch	145
7.4 Changing the Location and Country Settings of the WS 2000	145
7.5 Configuring the DNS Server Information	146
7.6 Configuring Switch Redundancy	147
7.6.1 Setting Up Switch Redundancy	148
7.6.2 Redundancy Operations Status	148
7.7 Updating the WS 2000 Wireless Switch’s Firmware	148
7.7.1 Checking for and Downloading Firmware Updates	149
7.7.2 Performing the Firmware Update	149
7.7.3 Formatting a Compact Flash Card	150
7.7.4 Setting Up DHCP Options for Firmware Upload	151
7.8 Exporting and Importing Wireless Switch Settings	152
7.8.1 To Import or Export Settings to an FTP or TFTP Site	152
7.8.2 To Import Settings to a Local File	153
7.8.3 To Export Settings to a Local File	153
7.8.4 Sample Configuration File	153
7.9 Configuring SNMP	162
7.9.1 Setting the SNMP Version Configuration	162
7.9.2 Setting Up the Access Control List	164
7.9.3 Setting the Trap Configuration	165
7.9.4 Setting the Trap Configuration for SNMP v1/v2c	165
7.9.5 Setting the Trap Configuration for SNMP V3	165
7.9.6 Selecting Traps	166
7.9.7 Setting RF Traps	168
7.10 Specifying a Network Time Protocol (NTP) Server	169
7.11 Setting Up and Viewing the System Log	171
7.11.1 Viewing the Log on the Switch	171
7.11.2 Setting Up a Log Server	171
7.12 Commands to unmount a CF card	172
Configuring HotSpot	173
8.1 Overview	174
8.1.1 Requirements	174
8.2 Configuring Hotspot	174
8.2.1 Enabling Hotspot on a WLAN	175
8.2.2 Set Hotspot Configuration	176
8.2.3 Setting the User Access Policy	179
8.2.4 Defining the Hotspot State of a Mobile Unit	179
8.2.5 Handling log-in and redirection	180
8.2.6 Authentication (RADIUS)	180
8.2.7 Accounting (RADIUS)	180
Using DDNS	183
9.1 Overview	184
9.2 Enabling DDNS	184
9.3 Updating DNS Entries using DDNS	185
9.3.1 Updating DNS Entries for a Single Subnets	185
9.3.2 Updating DNS Entries for All Active Subnets	187
Trunking VLANs Through the WAN Port	189
10.1 Overview	190
10.1.1 Assigning VLAN Tags to Packets	190
10.1.2 Installation Considerations and Default VLAN Settings	190
10.2 Configuring VLAN Trunking	191
10.2.1 Mapping WLANs to VLANs	192
Status & Statistics	193
11.1 WAN Statistics	194
11.2 Subnet Statistics	195
11.2.1 Subnet Lease stats	195
11.2.2 Subnet Stats	197
11.2.3 STP Stats	198
11.3 Wireless LAN Statistics	200
11.3.1 Displaying WLAN Summary Information	200
11.3.2 Getting Statistics for a Particular WLAN	202
11.3.3 General WLAN Information	203
11.4 Access Port Statistics	204
11.4.1 Access Port Statistics Summary Screen	204
11.4.2 Detailed Information About a Particular Access Port	205
11.4.3 General Access Port Information	206
11.6 Mesh Statistics	209
11.6.1 Mesh Base Connections	209
11.6.2 Mesh Client Connections	209
11.7 View Statistics in Graphic Form	210
WS 2000 Use Cases	213
12.1 Retail Use Case	215
12.1.1 A Retail Example	215
12.2 The Plan	215
12.3 Contacting the Wireless Switch	216
12.3.1 Entering the Basic System Settings	217
12.3.2 Setting Access Control	218
12.3.3 The IP Address Plan	219
12.4 Configuring POS Subnet	220
12.5 Configuring the Printer Subnet	221
12.6 Configuring the Cafe Subnet	223
12.7 Configuring the WAN Interface	224
12.8 Configuring Network Address Translation (NAT)	225
12.9 Inspecting the Firewall	226
12.10 Configuring the Access Ports	227
12.10.1 Setting Access Port Defaults	227
12.10.2 Naming the POS Access Port	229
12.10.3 Configuring the Printer Access Port	229
12.10.4 Configuring the Cafe Access Port	230
12.10.5 Associating the Access Ports to the WLANs	231
12.11 Configuring the Cafe WLAN	231
12.12 Configuring the Printer WLAN	233
12.13 Configuring the POS WLAN	236
12.14 Configuring Subnet Access	239
12.15 Configuring the Clients	241
12.15.1 Testing Connections	241
12.16 Field Office Use Case	242
12.16.1 A Field Office Example	242
12.17 The Plan	242
12.18 Configuring the System Settings	243
12.18.1 Contacting the Wireless Switch	243
12.18.2 Entering the Basic System Settings	245
12.18.3 Setting Access Control	246
12.19 Configuring the LAN	247
12.19.1 Configuring the Engineering LAN	248
12.19.2 Configuring the Sales Subnet	250
12.20 Configuring the WAN Interface	252
12.21 Configuring the WAN Interface	253
12.21.1 Setting Up Network Address Translation	253
12.22 Confirm Firewall Configuration	254
12.23 Adopting Access Ports	255
12.24 Configuring the WLANs	257
12.24.1 Security	258
12.25 Configuring the Access Ports	261
12.26 Configuring Subnet Access	266
12.27 Configuring the VPN	269
12.28 Installing the Access Ports and Testing	272
Command Line Interface Reference	275
13.1 Admin and Common Commands	283
13.2 Network Commands	292
13.3 Network AP Commands	293
13.4 Network AP Default Commands	306
13.5 Network AP Test Commands	311
13.6 Network AP Selfheal commands	313
13.7 Network AP Denyap commands	319
13.8 Network AP Smartscan commands	323
13.9 Network AP Mesh commands	327
13.10 Network DCHP Commands	334
13.11 Network Firewall Commands	337
13.12 Network Firewall Policy Commands	341
13.13 Network Firewall Policy Inbound Commands	343
13.14 Network Firewall Policy Outbound Commands	350
13.15 Network Firewall Submap Commands	357
13.16 Network LAN Commands	363
13.17 Network LAN DHCP Commands	366
13.18 Network LAN Bridge commands	374
13.19 Network QoS Commands	377
13.20 Network Router Commands	381
13.21 Network VLAN Commands	387
13.22 Network VLAN Trunk Commands	390
13.23 Network WAN Commands	394
13.24 Network WAN App Commands	398
13.25 Network WAN NAT Commands	404
13.26 Network WAN VPN Commands	410
13.27 Network WAN VPN Cmgr Commands	421
13.28 Network WLAN Commands	434
13.29 Network WLAN Rogue AP Commands	444
13.30 Network WLAN Rogue AP Approved AP List Commands	447
13.31 Network WLAN Rogue AP List Commands	452
13.32 Network WLAN Rogue AP Locate Commands	459
13.33 Network WLAN Rogue AP MU Scan Commands	462
13.34 Network WLAN Rogue AP Rule List Commands	465
13.35 Network WLAN Enhanced Rogue AP Commands	470
13.36 Network WLAN MU Probe Commands	473
13.37 Network WLAN Hotspot Commands	476
13.38 Network WLAN Hotspot RADIUS commands	481
13.39 Network WLAN Hotstpot White-list Commands	485
13.40 Network WLAN WLAN IP Fiter Policy Commands	489
13.41 Network Port Commands	494
13.42 Network IP Filter Commands	497
13.43 Network WIPS Command	501
13.44 Network WIPS Default commands	508
13.45 Network WIDS Commands	511
13.46 Status and Statistics Commands	517
13.47 Statistics RF Commands	520
13.48 System Commands	525
13.49 System Authentication Commands	528
13.50 System Authentication RADIUS Commands	531
13.51 System Configuration Commands	534
13.52 System Logs Commands	544
13.53 System NTP Commands	550
13.54 System RADIUS Commands	555
13.55 System RADIUS Client Commands	558
13.56 System RADIUS EAP Commands	562
13.57 System RADIUS EAP PEAP Commands	566
13.58 System RADIUS EAP TTLS Commands	569
13.59 System RADIUS LDAP Commands	572
13.60 System RADIUS Policy Commands	577
13.61 System RADIUS Proxy Commands	580
13.62 System Redundancy Commands	586
13.63 System SNMP Commands	589
13.64 System SNMP Access Commands	590
13.65 System SNMP Traps Commands	597
13.66 System SSH Commands	607
13.67 System User Database Commands	610
13.68 System User Database Group Commands	611
13.69 System User Database User Commands	620
13.70 System User Database User Guest commands	626
13.71 System WS2000 Commands	630
13.72 CF commands	637
13.73 HTTP commands	639
Syslog Messages	643
A.1 Informational Log Entries	644
A.2 Notice Log Entries	646
A.3 Warning Log Entries	648
A.4 Alert Log Entry	651
A.5 Error-Level Log Entries	651
A.6 Debug-Level Log Entries	665
A.7 Emergency Log Entries	669
Index	671
Numerics	671
A	671
B	672
C	672
D	672
E	672
F	673
G	673
H	673
I	673
K	673
L	673
M	674
N	674
O	674
P	674
Q	674
R	674
S	675
T	676
U	676
V	676

Match case Limit results 1 per page

2-8

WS2000 Wireless Switch System Reference Guide

when servers in the LAN need to be accessed (addressed) by the outside world. The pop-up window

allows the administrator to enter up to eight WAN IP addresses for the switch.

• The

Subnet Mask

is the mask used for the WAN.

• The

Default Gateway

is the address of the device that provides the connection to the WAN (often

a cable modem or DSL router).

•

The two DNS Server fields specify DNS addresses of servers that can translate domain names, such

as www.motorola.com, into IP addresses that the network uses when passing information. The

Secondary DNS Server

acts as a backup to the

Primary DNS Server

when the primary server is

not responding.

Setting Up Point-to-Point over Ethernet (PPPoE) Communication

PPPoE provides the ability to connect a network of hosts through a simple device to a remote access

concentrator. Many DSL providers require that their clients communicate using this protocol. The facility

allows the ISP to control access, billing, and type of service provided to clients on a per-user or per-site basis.

Check with the network administrator or ISP to determine whether to enable this feature, and, if so, find out

the username and password required for authentication.

To set up PPP 0ver Ethernet, click on the

PPPoE

tab under the WAN screen.

1. Check

Enable

in the PPP over Ethernet area to enable the PPPoE protocol for high-speed connections.

Enter the

Username

and

Password

required for authentication. The username and password are for

the switch’s router to use when connecting to the ISP. When the Internet session starts, the ISP

authenticates the username.

Set the

Idle Time

in seconds to an appropriate number. This number is the amount of time the PPPoE

connection will remain idle before it disconnects. 10000 seconds default idle time is appropriate for most

situations.

4. Check

Keep Alive

to instruct the switch to continue occasional communications over the WAN even

when client communications to the WAN are idle. Some ISPs terminate inactive connections, while

others do not. In either case, enabling Keep-Alive mode keeps the switch’s WAN connection alive, even

when there is no traffic. If the ISP drops the connection after reaching the maximum idle time, the switch

automatically reestablishes the connection to the ISP.

Select the appropriate WAN authentication method from the drop-down menu. Collect this information

from the network administrator. Select between

None

PAP

CHAP

, or

PAP or CHAP

Click the

Apply

button to save changes.

CHAP

A type of authentication in which the user logging in uses a secret information and some special

mathematical operations to calculate a numerical value. The server, the user is logging into, knows

the same secret value and performs the same mathematical operations to arrive at a value. If the

values match, the user is authorized to access the server. One of the numbers used in the

mathematical operation is changed after every log-in. This is to protect the server against an intruder

secretly copying a valid authentication session and replaying it later to log in.

PAP

An identity verification method used to send a username and password over a network to a computer

that compares the username and password to a table listing authorized users. This method of

authentication is less secure, because the username and password travel as clear text that a hacker

could read and use to launch an attack.