Symbol WS 2000 User guide
WS 2000 Wireless Switch
System Reference
WS 2000 Wireless Switch Version 1.0
72E-67701-01
Rev A
March 2004
www.symbol.com
Copyright
Copyright © 2004 by Symbol Technologies, Inc. All rights reserved. No part of this
publication may be modified or adapted in any way, for any purposes without permission in
writing from Symbol Technologies, Inc. (Symbol). The material in this manual is subject to
change without notice. Symbol reserves the right to make changes to any product to
improve reliability, function, or design. No license is granted, either expressly or by
implication, estoppels, or otherwise under any Symbol Technologies, Inc., intellectual
property rights. An implied license only exists for equipment, circuits and subsystems
contained in Symbol products. Symbol and the Symbol logo are registered trademarks of
Symbol Technologies, Inc.
Patents
This product is covered by one or more of the following U.S. and foreign Patents: U.S.
Patent No. 4,593,186; 4,603,262; 4,607,156; 4,652,750; 4,673,805; 4,736,095; 4,758,717;
4,760,248; 4,806,742; 4,816,660; 4,845,350; 4,896,026; 4,897,532; 4,923,281; 4,933,538;
4,992,717; 5,015,833; 5,017,765; 5,021,641; 5,029,183; 5,047,617; 5,103,461; 5,113,445;
5,130,520; 5,140,144; 5,142,550; 5,149,950; 5,157,687; 5,168,148; 5,168,149; 5,180,904;
5,216,232; 5,229,591; 5,230,088; 5,235,167; 5,243,655; 5,247,162; 5,250,791; 5,250,792;
5,260,553; 5,262,627; 5,262,628; 5,266,787; 5,278,398; 5,280,162; 5,280,163; 5,280,164;
5,280,498; 5,304,786; 5,304,788; 5,306,900; 5,324,924; 5,337,361; 5,367,151; 5,373,148;
5,378,882; 5,396,053; 5,396,055; 5,399,846; 5,408,081; 5,410,139; 5,410,140; 5,412,198;
5,418,812; 5,420,411; 5,436,440; 5,444,231; 5,449,891; 5,449,893; 5,468,949; 5,471,042;
5,478,998; 5,479,000; 5,479,002; 5,479,441; 5,504,322; 5,519,577; 5,528,621; 5,532,469;
5,543,610; 5,545,889; 5,552,592; 5,557,093; 5,578,810; 5,581,070; 5,589,679; 5,589,680;
5,608,202; 5,612,531; 5,619,028; 5,627,359; 5,637,852; 5,664,229; 5,668,803; 5,675,139;
5,693,929; 5,698,835; 5,705,800; 5,714,746; 5,723,851; 5,734,152; 5,734,153; 5,742,043;
5,745,794; 5,754,587; 5,762,516; 5,763,863; 5,767,500; 5,789,728; 5,789,731; 5,808,287;
5,811,785; 5,811,787; 5,815,811; 5,821,519; 5,821,520; 5,823,812; 5,828,050; 5,848,064;
5,850,078; 5,861,615; 5,874,720; 5,875,415; 5,900,617; 5,902,989; 5,907,146; 5,912,450;
5,914,478; 5,917,173; 5,920,059; 5,923,025; 5,929,420; 5,945,658; 5,945,659; 5,946,194;
5,959,285; 6,002,918; 6,021,947; 6,029,894: 6,031,830; 6,036,098; 6,047,892; 6,050,491;
6,053,413; 6,056,200; 6,065,678; 6,067,297; 6,082,621; 6,084,528; 6,088,482; 6,092,725;
6,101,483; 6,102,293; 6,104,620; 6,114,712; 6,115,678; 6,119,944; 6,123,265; 6,131,814;
6,138,180; 6,142,379; 6,172,478; 6,176,428; 6,178,426; 6,186,400; 6,188,681; 6,209,788;
6,209,789; 6,216,951; 6,220,514; 6,243,447; 6,244,513; 6,247,647; 6,308,061 6,250,551;
6,295,031; 6,308,061; 6,308,892; 6,321,990; 6,328,213; 6,330,244; 6,336,587; 6,340,114;
6,340,115; 6,340,119; 6,348,773; D305,885; D341,584; D344,501; D359,483; D362,453;
D363,700; D363,918; D370,478; D383,124; D391,250; D405,077; D406,581; D414,171;
D414,172; D418,500; D419,548; D423,468; D424,035; D430,158; D430,159; D431,562;
D436,104.
Invention No. 55,358; 62,539; 69,060; 69,187 (Taiwan); No. 1,601,796; 1,907,875;
1,955,269 (Japan); European Patent 367,299; 414,281; 367,300; 367,298; UK 2,072,832;
France 81/03938; Italy 1,138,713 (3/02)
WS 2000 Wireless Switch System Reference Guide
Table of Contents
Chapter 1. Overview............................................................................................6
WS 2000 Wireless Switch System Reference Guide....................................................6
About this Document.............................................................................................6
Document Conventions.........................................................................................6
System Overview...........................................................................................................7
Management of Access Ports................................................................................7
Hardware Overview.......................................................................................................8
Technical Specifications........................................................................................8
Software Overview ........................................................................................................9
Operating System (OS) Services ..........................................................................9
Cell Controller Services.........................................................................................9
Gateway Services................................................................................................10
Chapter 2. Features ..........................................................................................11
802.11a Support..........................................................................................................11
802.11b Support..........................................................................................................11
Access Ports................................................................................................................12
Gateway Services........................................................................................................13
Network Address Translation (NAT)....................................................................13
WS 2000 Wireless Switch Firewall......................................................................13
DHCP Client and Server......................................................................................14
Layer 3 Routing ...........................................................................................................14
Overview..............................................................................................................14
SNMP Management Support.......................................................................................14
WEP 64 (40-bit key) ....................................................................................................15
WEP 128 (104-bit Key)................................................................................................15
802.1x with RADIUS Authentication............................................................................15
802.1x with Shared Key Authentication.......................................................................16
Kerberos Authentication..............................................................................................16
KeyGuard-MCM Support.............................................................................................17
Wireless Protected Access (WPA)..............................................................................17
Chapter 3. Getting Started ................................................................................18
Getting Started Overview ............................................................................................18
Installing the Switch.............................................................................................18
Set up Communication to the Switch ..................................................................18
Changing the Administrator Password................................................................20
Configuring the Switch.........................................................................................21
Step 1: Configure the LAN Interface ...........................................................................21
Defining the Subnets...........................................................................................22
Step 2: Configure Subnets ..........................................................................................23
The DHCP Configuration.....................................................................................24
Step 3: Configure the WAN Interface..........................................................................26
Communicating with the Outside World..............................................................26
Setting Up Point-to-Point over Ethernet (PPPoE) Communication.....................27
Step 4: Enable Wireless LANs (WLANs).....................................................................28
Wireless Summary Area......................................................................................29
Access Port Adoption..........................................................................................30
Step 5: Configure WLANs ...........................................................................................30
Step 6: Configure WLAN Security...............................................................................31
Setting the Authentication Method ......................................................................32
Setting the Encryption Method ............................................................................33
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 3
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
WS 2000 Wireless Switch System Reference Guide
Mobile Unit Access Control List (ACL) ................................................................37
Step 7: Configure Access Ports...................................................................................37
Step 8: Configure Subnet Access ...............................................................................39
The Access Overview Table................................................................................40
The Access Exception Area ................................................................................40
Chapter 4. Advanced Configuration..................................................................43
WLAN—How to Configure Advanced Settings............................................................43
WLAN—Setting Default Access Port Settings.............................................................44
WLAN—Advanced Access Port Settings....................................................................47
Gateway—How to Configure Network Address Translation (NAT).............................50
Gateway—How to Configure the WS 2000 Firewall ...................................................52
Always On Firewall Filters...................................................................................52
Configurable Firewall Filters................................................................................53
Gateway—How to Configure Static Routes ................................................................54
Defining Routes...................................................................................................55
Setting the RIP Configuration..............................................................................55
Security—How to Configure 802.1x EAP Authentication............................................56
Security—How to Configure Kerberos Authentication ................................................59
Security—How to Specify a Network Time Protocol (NTP) Server.............................60
Chapter 5. System Administration.....................................................................61
Overview......................................................................................................................61
Switch Settings............................................................................................................61
WS 2000 Wireless Switch LED Functions...........................................................61
Changing the Name of the Switch.......................................................................62
Change the Location and Country Settings of the WS 2000...............................63
How to Restart the WS 2000 Wireless Switch ....................................................64
Updating the WS 2000 Wireless Switch’s Firmware...........................................64
System Configuration..................................................................................................66
Exporting and Importing Wireless Switch Settings..............................................66
How to Restore Default Configuration Settings...................................................68
Restoring Default Configuration Settings Using the Command Line Interface...69
Remote Administration................................................................................................70
How to Configure SNMP Traps...........................................................................70
Configure Administrator Access..........................................................................75
Statistics and Logs ......................................................................................................77
Access Port Statistics..........................................................................................77
Subnet Statistics..................................................................................................80
WAN Statistics.....................................................................................................82
Setting Up and Viewing the System Log.............................................................84
Chapter 6. Retail Use Cases.............................................................................86
Background..................................................................................................................86
The Plan ......................................................................................................................87
Configuring the System Settings.................................................................................88
Configuring the Subnets..............................................................................................91
Configuring the WAN Interface....................................................................................97
Configuring Network Address Translation (NAT)........................................................98
Inspecting the Firewall...............................................................................................100
Configuring the Access Ports....................................................................................100
Configuring the WLANs.............................................................................................105
Configuring the Printer WLAN...........................................................................106
Configuring the POS WLAN..............................................................................107
Setting Subnet Access ..............................................................................................108
Configuring the Clients......................................................................................110
Testing Connections..................................................................................................110
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 4
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
WS 2000 Wireless Switch System Reference Guide
Chapter 7. A Field Office Example..................................................................111
Background................................................................................................................111
The Plan ....................................................................................................................112
Configuring the System Settings...............................................................................113
Setting Access Control......................................................................................115
Configuring the LAN..................................................................................................117
Configuring the WAN.................................................................................................121
Setting Up Network Address Translation ..................................................................123
Confirm Firewall Configuration..................................................................................125
Adopting Access Ports ..............................................................................................125
Configuring the WLANs.............................................................................................127
Configuring the Access Ports....................................................................................130
Configuring Subnet Access.......................................................................................135
Installing the Access Ports and Testing ....................................................................136
Appendix A. Sample Configuration File.............................................................137
Index 147
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 5
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
WS 2000 Wireless Switch System Reference Guide
Chapter 1. Overview
WS 2000 Wireless Switch System Reference Guide
This guide is intended to support administrators responsible for understanding, configuring
and maintaining the Wireless Switch. This document provides information for the system
administrator to use during the initial setup and configuration of the system. It also serves as
a reference guide for the administrator to use while updating or maintaining the system.
About this Document
We recommend viewing this online system reference guide with Internet Explorer 5.0 and
higher or Netscape Navigator 4.7 or higher on a Microsoft Windows based PC. Viewing
this document under other configurations may produce undesirable results.
Document Conventions
Notes
Notes are displayed in blue italic text and indicate a tip or requirement. Warning Warnings
are displayed in red italic text and indicate a loss of data or potential injury. GUI Screen text
Indicates monitor screen dialog / output from the graphical user interface accessed from any
web browser on the network.
Warnings
Warnings are displayed in red italic text and indicate a loss of data or potential injury.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 6
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
System Overview
GUI Screen text
Indicates monitor screen dialog / output from the graphical user interface accessed from any
web browser on the network.
System Overview
The WS 2000 Wireless Switch provides a low-cost, feature-rich wireless switch for sites
with one to six Access Ports. The WS 2000 Wireless Switch works at the center of a
network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and
wired networks. The switch sits on the network. Wireless Access Ports connect to one of the
six available ports on the switch and the external wired network (WAN) connects to a single
10/100 Mbit/sec. WAN port.
Mobile units (MUs) associate with the switch via an Access Port. Once an MU contacts the
switch, the switch cell controller services attempt to authenticate the device for access to the
network.
The WS 2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch.
Management of Access Ports
This wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless
traffic. Four of these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE)
support for devices that require power from the Ethernet connection (such as Access Ports).
Administrators can configure the six ports to communicate with a private LAN or with an
Access Port for a wireless LAN (WLAN). The switch provides three extended service set
identifiers (ESSIDs) for each Access Port connected to the switch.
Firewall Security
The LAN and Access Ports are placed behind a user configurable firewall that provides
stateful packet inspection. The wireless switch performs network address translation (NAT)
on packets passing to and from the WAN port. This combination provides enhanced
security by monitoring communication with the wired network.
Wireless LAN (WLAN) Security
Administrators can configure security settings independently for each ESSID. Security
settings and protocols available with this switch include:
• Kerberos
• WEP-40
• WEP-128
• 802.1x with RADIUS
• 802.1x with Shared Key
• KeyGuard-MCM
• WPA
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 7
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Hardware Overview
Hardware Overview
The WS 2000 Wireless Switch provides a fully integrated solution for managing every
aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can
connect directly to a cable or DSL modem, and can also connect to other wide area
networks through a Layer 2/3 device (such as a switch or router). It includes the following
features:
• One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other
Layer 2/3 network device.
• Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af “Power over
Ethernet” (PoE) support; the other two do not provide power.
• Each port has two LEDs, one indicating the speed of the transmission (10 or 100
Mbit/sec.), the other indicating whether there is activity on the port. The four LAN ports
with PoE have a third LED that indicates whether power is being delivered over the line
to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED
explanation for more information on the meaning of the different state of the LEDs.)
• A DB-9 serial port for direct access to the command-line interface from a PC. Use
Symbol’s Null-Modem cable (Part No. 25-632878-0) for the best fitting connection.
• A CompactFlash slot that provides AirBeam™ support.
Technical Specifications
Physical Specifications
• Width: 203 mm
• Height: 38 mm
• Depth: 286 mm
• Weight: 0.64 kg
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 8
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Software Overview
Power Specifications
• Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A
• Operating Voltage: 48 VDC
• Operating Current: 1A
• Peak Current: 1.6A
Environmental Specifications
• Operating Temperature: 0ºC to 40ºC
• Storage Temperature: -40ºC to 70ºC
• Operating Humidity: 10% to 85% Non-condensing
• Storage Humidity: 10% to 85% Non-condensing
• Operating Altitude: 2.4 km
• Storage Altitude: 4.6 km
Software Overview
The WS 2000 Wireless Switch software provides a fully integrated solution for managing
every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the
following components:
Operating System (OS) Services
OS Services determine how the WS 2000 Wireless Switch communicates with existing
network and operating system-centric software services, including:
• Dynamic Host Configuration Protocol (DHCP)
• Telnet and File Transfer Protocol (FTP/TFTP) servers
• The Simple Network Time Protocol (SNTP) client, used to keep switch time
synchronized for Kerberos authentication
Cell Controller Services
The Cell Controller provides the ongoing communication between mobile units (MUs) on
the Wireless LAN (WLAN) and the wired network. Cell Controller services perform the
following:
• Initialize the Access Ports
• Maintain contact with Access Ports by sending a synchronized electronic “heartbeat” at
regular intervals
• Track MUs when they roam from one location to another
• Manage security schemes based on system configuration
• Maintain system statistics
• Store policies and Access Port information
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 9
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Software Overview
Gateway Services
Gateway services provide interconnectivity between the Cell Controller and the wired
network, and include the following:
• System management through a web-based Graphical User Interface (GUI) and SNMP
• 802.1x RADIUS client
• Security, including Secure Sockets Layer (SSL) and Firewall
• Network Address Translation (NAT), DHCP services, and Layer 3 Routing
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 10
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
802.11a Support
Chapter 2. Features
802.11a Support
802.11 is a family of specifications for wireless local area networks (WLANs) developed by
a working group of the Institute of Electrical and Electronics Engineers (IEEE). The four
current specifications include: 802.11, 802.11a, 802.11b, and 802.11g. All four use the
Ethernet protocol and carrier sense multiple access with collision avoidance (CSMA/CA)
for path sharing, which allows a number of network users to pass packets on the network
simultaneously.
The 802.11a specification applies to wireless systems, and is used in access hubs and other
network components. 802.11a operates at radio frequencies between 5 GHz and 6 GHz,
using a modulation scheme that provides for data speeds of 6, 9, 12, 18, 22, 24, 36, 48, and
54 Mbps.
The WS 2000 Wireless Switch fully supports the 802.11a specification for association with
Symbol’s suite of compatible Access Ports and mobile units (MUs).
Specifically, the WS 2000 Wireless Switch supports the following features:
• Management frames: Part of a network packet, management frames provide hardware-
and software-specific information shared between the WS 2000 Wireless Switch,
Access Ports, and MUs to keep the network operating smoothly.
• Beacon and DTIM: A uniframe (single-direction) system packet broadcast by the WS
2000 Wireless Switch to keep the network synchronized. A beacon Includes the Net_ID
(ESSID), the Access Port address, the broadcast destination addresses, a time stamp, a
DTIM (Delivery Traffic Indicator Maps) and the TIM (Traffic Indicator Message)
• Roaming Updates: Provides information to the Access Ports when an MU roams from
one Access Port to another
• Power Save Polling (PSP): Helps extend battery life by allowing the radio in an Access
Port or MU to idle when not active.
• Voice Prioritization: The WS 2000 Wireless Switch uses a combination of data
classifiers, classification groups, and network input and output policies to prioritize
voice data.
• Rate Scaling: This feature seeks to connect MUs to the WS 2000 Wireless Switch (via
Access Port) at the highest possible rate, automatically scaling to a lower rate when
network traffic demands. As signal clarity increases, speed builds to an optimal rate.
• TX power setting: Optimizes the output power for any environment.
802.11b Support
802.11 is a family of specifications for wireless local area networks (WLANs) developed by
a working group of the Institute of Electrical and Electronics Engineers (IEEE). The four
current specifications include: 802.11, 802.11a, 802.11b, and 802.11g. All four use the
Ethernet protocol and provide carrier sense multiple access with collision avoidance
(CSMA/CA) for path sharing, which allows a number of network users to pass packets on
the network simultaneously.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 11
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Access Ports
The 802.11b standard, also called Wi-Fi (Wireless Fidelity), is backward compatible with
802.11. 802.11b uses complimentary code keying (CCK) modulation to provide higher data
speeds (up to 11 Mbps) with less multipath-propagation interference. 802.11b operates at
the 2.4 to 2.5 GHz range.
The WS 2000 Wireless Switch fully supports the 802.11b specification for association with
Symbol’s suite of compatible Access Ports and mobile units (MUs).
Specifically, the WS 2000 Wireless Switch supports the following features:
• Management frames: Part of a network packet, management frames provide hardware-
and software-specific information shared between the WS 2000 Wireless Switch,
Access Ports, and MUs to keep the network operating smoothly.
• Beacon and DTIM: A uniframe (single-direction) system packet broadcast by the WS
2000 Wireless Switch to keep the network synchronized. A beacon Includes the Net_ID
(ESSID), the Access Port address, the Broadcast destination addresses, a time stamp, a
DTIM (Delivery Traffic Indicator Maps) and the TIM (Traffic Indicator Message).
• Roaming Updates: Provides information to the Access Ports when an MU roams from
one Access Port to another.
• Power Save Polling (PSP): Helps extend battery life by allowing the radio in an Access
Port or MU to idle when not active.
• Voice Prioritization: The WS 2000 Wireless Switch uses a combination of data
classifiers, classification groups, and network input and output policies to prioritize
voice data.
• Rate Scaling: This feature seeks to connect MUs to the WS 2000 Wireless Switch (via
Access Port) at the highest possible rate, automatically scaling to a lower rate when
network traffic demands. As signal clarity increases, speed builds to an optimal rate.
• TX power setting: Optimizes the output power for any environment.
Access Ports
Access Ports are the Symbol devices that pick up wireless transmissions and translate them
into Ethernet frames that are sent to the wireless switch for processing and routing. The
packets destined for wireless networks are sent back to the Access Ports where they are
transmitted.
Access Ports may be connected directly to the WS 2000 Wireless Switch or through a PoE
(Power over Ethernet) hub connected to the WS 2000. Up to six Access Ports can be
connected to this wireless switch.
When an Access Port is attached to a switch, it sends out a “boot me” packet as a broadcast
message. This packet specifies the hardware model of the port and its MAC address. When
the WS 2000 Wireless Switch receives a “boot me” packet, it uploads the appropriate
firmware for the Access Port. Once complete, the Access Port becomes active.
For an Access Port to be adopted by the WS 2000 Wireless Switch, three things must be
configured:
1. The Country field in the System Settings screen must be set.
2. The Access Port’s MAC address must be set as one of the addresses that can be adopted
by one of the enabled WLANs. (see Step 4)
3. A WLAN that can adopt Access Port must be associated with an enabled subnet. (see
Step 5)
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 12
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Gateway Services
Gateway Services
Network Address Translation (NAT)
NAT provides the translation of an Internet Protocol (IP) address within one network to a
different, known IP address within another network. One network is designated the private
network, while the other is the public. NAT provides a layer of security by translating local,
private network addresses to one or more global, public IP addresses through a corporate
firewall. The translation process provides an opportunity to authenticate outgoing or
incoming requests or match these requests to a previous request. NAT allows a company to
use a single IP address to communicate with the Internet community.
The WS 2000 Wireless Switch provides service, or forward, and reverse NAT translation on
packets to and from the WAN and is fully compliant with RFC 1631.
WS 2000 Wireless provides network administrators with the following implementation
options:
• Mapping up to 8 public IP addresses to private IP address ranges.
• Client IP addresses on the private side have IP addresses translated to ports or IP
addresses on the WAN. Administrators can configure connections to originate from
either end.
• One-to-one mapping with a private IP address or a range of private IP addresses.
• Private side IP address can belong to any of the private side subnets.
• Ranges can be specified from each of the private side subnets.
WS 2000 Wireless Switch Firewall
The firewall includes a proprietary CyberDefense Engine to protect internal networks from
known Internet attacks, including FTP Bounce, MIME Flood, IP Spoofing, Land Attack,
Ping of Death, Reassembly, SYN Flooding, and Winnuke. It also provides additional
protection by performing the following checks: source routing, IP unaligned timestamp, and
sequence number prediction.
Firewall features include:
Stateful Inspection Engine
The firewall inspects incoming packets based on security policies before processing them in
higher-level protocols. This feature significantly boosts performance, as packets do not
require copying from the operating system to user space for inspection.
Access Policies
Access policies define how network services, including source and destination IP addresses,
range or subnet IP address, ports, and access time windows, work. Administrators organize
the user community in different user groups and define access policies on per user group
basis.
Administration Management
Administrators change access policies locally or remotely, using the web-based user
interface (UI) or by modifying text-based configuration files.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 13
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Layer 3 Routing
DHCP Client and Server
The WS 2000 Wireless Switch can act as a DHCP client on the WAN and each of its three
subnets. It also act as an independent DHCP server on each of the three subnets.
Layer 3 Routing
Overview
The WS 2000 Wireless Switch provides Layer 3 routing support to the Network Address
Translation (NAT) and Firewall modules. Layer 3 refers to a network layer that selects
routes and quality of service based on knowing the address of the neighboring nodes in the
network. This routing provides recognition and forwards incoming messages to the
Transport layer for local host domains.
Routing Information Protocol (RIP) Support
Layer 3 supports RIP, a widely used protocol for managing router information within a self-
contained network or a group of networked LANs.
Using RIP, the WS 2000 Wireless Switch sends a routing table with information containing
all the hosts it is configured to identify to the closest LAN host. The LAN host passes the
information on to the next closest LAN host until all hosts within the network have the
same knowledge of routing paths, a condition referred to as network convergence. Network
components distribute routing table information at preset intervals to maintain convergence.
To route a packet to a specified destination, each host with a router in the network uses the
routing table information to determine the destination host location.
SNMP Management Support
Simple Network Management Protocol (SNMP) is the protocol governing network
management and the monitoring of network devices and their functions. SNMP defines the
method for obtaining information about network operating characteristics and lets
administrators change parameters for routers and gateways.
SNMP uses the Management Information Base (MIB), or formal description of a set of
network objects that represent the switch components, to facilitate network management in
any wireless network environment.
SNMP management features include:
• Allowing gets, or the ability to retrieve data from a remote host given its host name and
authentication information
• Allowing sets, or the ability to modify information on a remote host
• A web-based user interface (UI) for viewing traps, which network entities use to signal
abnormal conditions to management stations. Administrators define trap conditions in
the MIB.
The WS 2000 Wireless Switch provides management support for SNMP versions 1, 2, and
3.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 14
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
WEP 64 (40-bit key)
WEP 64 (40-bit key)
Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to
encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000
Wireless Switch. The administrator configures mobile units (MUs) and the WS 2000
Wireless Switch to use the same key.
WEP encrypts the wireless transmissions, but still allows communication among compatible
wireless LAN clients and MUs from third-party manufacturers that are 802.11b certified.
40-bit Shared Key requires encryption be set up in one of the following ways:
• String: For use only with other Symbol Technologies wireless LAN devices, an
encryption string is a case-sensitive string of characters between 6 and 30 characters
long.
• Shared keys: Hexadecimal keys are sequences of hexadecimal digits arranged into four
keys. A hexadecimal digit could be a letter from A to F or a number from 0 to 9. This
type of encryption is compatible with equipment from other manufacturers that use Wi-
Fi certified 40-bit encryption.
WEP 128 (104-bit Key)
Wired Equivalency Privacy (WEP) uses a key, or string of case-sensitive characters, to
encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000
Wireless Switch. The administrator configures the MU and switch to use the same key. 104-
bit Shared Key provides a higher level of security than the 40-bit Shared Key option and
uses a more complicated encryption scheme.
WEP encrypts the wireless transmissions, but still allows communication among compatible
wireless LAN clients and MUs from third-party manufacturers that are 802.11b certified.
WEP 128 requires encryption be set up in one of the following ways:
• String: For use only with other Symbol Technologies wireless LAN devices, an
encryption string is a case-sensitive string of characters between 6 and 30 characters
long.
• Shared keys: Hexadecimal keys are sequences of hexadecimal digits arranged into four
keys. A hexadecimal digit could be a letter from A to F or a number from 0 to 9.
802.1x with RADIUS Authentication
RADIUS is a client/server protocol and software that enables remote access servers to
communicate with a central server to authenticate RADIUS-enabled mobile units (MUs)
and authorize their access to the requested system or service.
When an MU authenticates with a WS 2000 Wireless Switch through an Access Port, the
switch initially performs RADIUS authentication, even though the RADIUS server exists as
a separate entity on the wired LAN. This RADIUS server maintains user profiles in a
central database that all remote servers can share. This centralized location provides better
security by using a policy-based implementation through a single administered network
point.
The RADIUS server on the wired LAN communicates with the WS 2000 Wireless Switch
RADIUS client, passing authentication information from the MU. A successful negotiation
authenticates the MU.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 15
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
802.1x with Shared Key Authentication
The pair-wise master keys (PMK) generated by this negotiation are used to generate keys
used in MAC encryption. In the absence of a RADIUS server, 802.1x is used in a pre-
shared key configuration. Administrators configure the master key statically through the
configuration or the key is obtained through negotiation from an external RADIUS server in
compliance with 802.1x.
The WS 2000 Wireless Switch uses the Remote Authentication Dial-In User Service
(RADIUS) to authenticate 802.1x-enabled MUs.
802.1x with Shared Key Authentication
Shared key authentication, part of the Wired Equivalency Privacy (WEP) algorithm,
provides a basic means of data encryption to improve data security for a Wireless LAN
(WLAN). The shared key algorithm performs data encryption and decryption. A wireless
device with a valid shared key is allowed to associate with the WS 2000 Wireless Switch
and access services on the wired LAN.
Using shared key authentication, an administrator configures mobile units (MUs) and the
WS 2000 Wireless Switch to share the same key. The MU authenticates by presenting the
key to a WS 2000 Wireless Switch. The switch examines the key, and uses it to perform a
checksum, or error-checking operation, by comparing the key to one on the switch. The MU
accesses network services only when the key passes the checksum process.
The WS 2000 Wireless Switch uses shared key authentication when there is no RADIUS
server on the wired LAN.
Kerberos Authentication
The Kerberos authentication service protocol (specified in RFC 1510) provides a secure
means for authenticating users/clients in a wireless network environment.
With Kerberos, a client (generally either a user, a service, or a user requesting any number
of network services) within the Kerberos Realm sends a request for a ticket to the Key
Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client,
encrypts it using the Ticket Granting Server’s (TGS) secret key, and sends the encrypted
TGT back to the client. In addition to the TGT, the KDC simultaneously sends a session
key (SK1) encrypted with the client’s password to the client. The client then attempts to
decrypt the session key using its password. If the client successfully decrypts the session
key (i.e., if the client gave the correct password), it keeps the decrypted session key, which
indicates proof of the client’s identity. The TGT permits the client to obtain additional
tickets (TK-TS) which give permission for specific network services (any application or
service) for the allotted time identified in the TK-TS. The requesting and granting of these
additional tickets is user-transparent. Once the session tickets expire, the client must re-
authenticate to continue using network services.
The KDC operates in a Master or a Slave capacity. The Master KDC maintains the master
database file that contains all of the user authentication information. This information
includes the user’s name, password, and authorization level. This authorization level
determines what network services the user has access to.
The Slave KDC acts in a backup capacity to the Master KDC. Database information
propagates from the Master KDC to the Slave at regular intervals. If the Master KDC fails,
the Slave KDC resumes ticket granting services until the problem causing the Master KDC
to fail is resolved. The Slave KDC has no database administration privileges, which are
reserved for the Master KDC.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 16
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
KeyGuard-MCM Support
When a Kerberos-enabled mobile unit (MU) authenticates with WS 2000 Wireless through
an Access Port, the switch initially performs Kerberos authentication, even though the
Kerberos server exists as a separate entity on the wired LAN. On initial request from a
Kerberos-enabled MU, the WS 2000 Wireless Switch acts as a proxy to the external KDC.
The switch passes initial Kerberos authentication information to the external KDC until the
MU authenticates in the manner described in this section. Once authenticated, the user
maintains access to the wired network for the allotted time provided by the session ticket
(TK-TS).
Once an administrator enables Kerberos on a device, the device must pass authentication
before wireless access via the device is permitted to the wired LAN.
KeyGuard-MCM Support
KeyGuard-MCM (Mobile Computing Mode) is Symbol Technologies’ security
enhancement algorithm based on the Temporal Key Integrity Protocol (TKIP) from the
forthcoming IEEE 802.11i standard. KeyGuard-MCM provides an enhanced solution for
protecting data transfer over a Wireless LAN (WLAN) by using a proprietary algorithm to
encrypt, decrypt, and transmit network packets.
KeyGuard-MCM leverages existing WEP encryption hardware by providing per-packet key
mixing, a message integrity check, and a re-keying mechanism, which changes the security
key set by the administrator when KeyGuard-MCM recognizes a potential compromise of
network security.
KeyGuard-MCM works with all Symbol Technologies’ mobile units that support 128-bit
WEP. KeyGuard-MCM is fully compatible with other network security protocols, including
RADIUS and Kerberos.
The WS 2000 Wireless Switch fully supports KeyGuard-MCM.
Wireless Protected Access (WPA)
WEP uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets
transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The
administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to use the
same key.
WPA specifies the use of the TKIP, and optionally, 802.1x for encryption.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 17
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Getting Started Overview
Chapter 3. Getting Started
Getting Started Overview
Installing the Switch
To install the WS 2000 Wireless Switch hardware, follow the directions in the WS 2000
Wireless Switch Quick Installation Guide found in the box with the switch and on the CD-
ROM that is distributed with the switch. These instructions describe how to:
• Select a site (desk, wall, or rack) for the switch
• Install the switch using the appropriate accessories for the selected location
• Connect devices to WAN and LAN ports (using standard CAT5 cables)
• Interpret the port LEDs on the front of the switch
Note: Access Ports must be connected to the LAN ports of the wireless
switch to enable configuration of the Access Port related settings.
Set up Communication to the Switch
Before the configuration process can begin, a link with the wireless switch needs to be
established:
1. Connect a computer to the switch (in any one of the LAN ports) using a standard CAT5
cable.
2. Set up the computer for TCP/IP DHCP network addressing.
3. Start up Internet Explorer (with Microsoft’s Java Virtual Machine installed) and type in
the following IP address in the address field: 192.168.0.1
Note: For optimum compatibility use Microsoft’s Java Virtual Machine,
and be sure to disable the Sun Microsystems’ JRE. If Microsoft’s Java
Virtual Machine is unavailable, please use Sun Microsystems’ JRE
version 1.3 for best.
The following screen is displayed.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 18
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Getting Started Overview
4. Log in using “admin” as the username and “symbol” as the password.
5. If the login is successful, the following prompt will be displayed.
Enter a new admin password in both fields, and click the Update Password Now
button.
6. Once the admin password has been updated, the System Settings screen is displayed.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 19
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Getting Started Overview
7. Enter a System Name for the wireless switch. The specified name appears in the
lower-left corner of the configuration screens, beneath the navigation tree. This name
can be a useful reminder if multiple Symbol wireless switches are installed.
8. Enter a text description of the location of the switch in the System Location field.
This text is used as a reminder to the network administrator and is also used to set the
location variable if the switch is administered using SNMP.
9. Enter an email address for the administrator in the Admin Email Address field. The
switch will use this address for sending SNMP-related and other administration-related
messages to the administrator.
10. Select the Country for the switch from the drop-down menu. Selecting the correct
country is extremely important. Each country has its own regulatory restrictions
concerning electromagnetic emissions and the maximum RF signal strength that can be
transmitted by Access Ports. To ensure compliance with national and local laws, be sure
to set this field accurately.
11. Click Apply to save changes. Unapplied changes are lost if the administrator navigates
to a different screen.
Changing the Administrator Password
The password information set at the factory is the same for all WS 2000 Network Switches.
For security reasons, it is important to change the switch’s admin password as soon as
possible.
1. Select System Configuration --> WS-2000 Access from the left menu.
2. Click the Change Admin Password button. A sub-screen will appear.
3. Enter the current admin password (“symbol” if it hasn’t been changed previously), as
well as a new password (limited to 11 characters in length). Enter the new password a
second time in the field provided.
4. Click Update Password Now to set the new password.
Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved 20
WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004
Other manuals for WS 2000
4
Table of contents
Other Symbol Switch manuals
Symbol
Symbol WS5000 Series User manual
Symbol
Symbol WS5100 Series User manual
Symbol
Symbol WS5100 Series Instruction Manual
Symbol
Symbol WS5000 Series User manual
Symbol
Symbol ES3000 User manual
Symbol
Symbol WS 2000 Quick guide
Symbol
Symbol WS 2000 User guide
Symbol
Symbol WS5000 Series User manual
Symbol
Symbol WS5000 Series User manual
Symbol
Symbol WS 2000 User guide
