Motorola RFS7000 Series Installation Guide

RFS7000 Series RF SwitchSystem Reference Guide

x RFS7000 Series Switch System Reference GuideLayer 3 Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Network Setup4-14 Use the Switch Virtual Interfaces screen to view and configure VLAN interfaces. This screen contains two tabs supporting the followi

Network Setup4-15 The Associated Secondary IP Addresses field displays additional IP and subnet resources available, but designated as secondary and n

Network Setup4-16 5. Provide a Description for the VLAN, representative of the VLAN’s intended operation within the switch managed network.6. The Prim

Network Setup4-17 2. Select the Configuration tab and click the Edit button.The screen displays with the name of the VLAN displayed in the upper left-

Network Setup4-18 2. Select the Statistics tab.3. Refer to the following to assess the network throughput of existing virtual interfaces:Name Displays

Network Setup4-19 3. Click the Details button to view packet level statistics of any user defined interface. For more information, see Viewing Virtual

Network Setup4-20 4.4.2.1 Viewing Virtual Interface StatisticsTo view detailed virtual interface statistics: 1. Select a virtual interface from the St

Network Setup4-21 4. The Status is the current state of requests made from the applet. Requests are any “SET/GET” operation from the applet. The Statu

Network Setup4-22 4. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something

Network Setup4-23 4.5 Viewing and Configuring Switch WLANsA wireless LAN (WLAN) is a local area network (LAN) without wires. WLANs transfer data throu

Table of Contents xiReviewing ACL Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-31Configuring NAT Info

Network Setup4-24 The Configuration tab displays the following details:Index Displays the WLAN’s numerical identifier. The WLAN index range is from 1

Network Setup4-25 3. Click the Edit button to display a screen where WLAN information, encryption and authentication settings can be viewed or changed

Network Setup4-26 Manual Mapping of WLANsUse this option (its selected by default) for custom WLAN to Radio mappings. When Advanced Configuration is d

Network Setup4-27 4.5.1.1 Editing the WLAN ConfigurationSecurity measures for the switch and its WLANs are critical. Use the available switch security

Network Setup4-28 The Wireless LANs Edit screen is divided into the following user-configurable fields:• Configuration• Authentication• Encryption• Ad

Network Setup4-29 6. Refer to the Authentication field to select amongst the following options:7. Refer to the Encryption field to select amongst the

Network Setup4-30 8. Refer to the Advanced field for the following information:WPA2-CCMP WPA2 is a newer 802.11i standard that provides even stronger

Network Setup4-31 9. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something

Network Setup4-32 pool representative of the WLAN. The switch tracks the number of MUs per VLAN, and assigns the least used/loaded VLAN to the MU. Thi

Network Setup4-33 10. Click OK to use the changes to the running configuration and close the dialog.11. Click Cancel to close the dialog without commi

xii RFS7000 Series Switch System Reference GuideConfiguring Enhanced Beacons and Probes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Network Setup4-34 The 802.1x EAP screen displays. 5. Configure the Advanced field as required to define MU timeout and retry information for the authe

Network Setup4-35 5. Click the Config button to the right of the Kerberos checkbox. The Kerberos screen displays.6. Specify a case-sensitive Realm Nam

Network Setup4-36 2. External Web-pages3. Customized internal Web page (using the Advanced feature in hotspot configuration) When a user visits a publ

Network Setup4-37 3. Select the Hotspot button from within the Authentication field. The Radius Config... button on the bottom of the screen becomes e

Network Setup4-38 3. Select the Hotspot button from within the Authentication field. Ensure Internal is selected from within the This WLAN’s Web Pages

Network Setup4-39 5. Refer to the Allow List field, and enter any IP address (for internal or external Web sites) accessed by the Hotspot user without

Network Setup4-40 3. Select the Hotspot button from within the Authentication field. Ensure External is selected from within the This WLAN’s Web Pages

Network Setup4-41 5. Refer to the Allow List field, and enter any IP address (for internal or external Web sites) that may be accessed by the Hotspot

Network Setup4-42 Ensure Advanced is selected from within the This WLAN’s Web Pages are of the drop-down menu.5. Once the properties of the advanced h

Network Setup4-43 f. Specify the appropriate Path to the hotspot configuration on the local system disk or server. g. Once the location and settings f

Table of Contents xiiiReviewing Panic Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17Viewing Pani

Network Setup4-44 To configure an external Radius Server for EAP 802.1x, Hotspot or Dynamic MAC ACL WLAN support: 1. Select Network > Wireless LANs

Network Setup4-45 The Radius Configuration screen contains tabs for defining both the Radius and NAC server settings. For a NAC overview, see Configur

Network Setup4-46 7. Refer to the Accounting field and define the following credentials for a primary and secondary Radius Server. 8. Select the Re-au

Network Setup4-47 11. Click Cancel to revert back to the last saved configuration and move back to the Network > Wireless LANs > Edit screen.Con

Network Setup4-48 6. Select the NAC tab to configure NAC support.7. Refer to the Server field and define the following credentials for a primary and s

Network Setup4-49 8. Refer to the Accounting field and define the following credentials for a primary and secondary NAC Server. 9. Select the Re-authe

Network Setup4-50 4.5.1.4 Configuring Different Encryption TypesTo configure the WLAN data encryption options available on the switch, refer to the fo

Network Setup4-51 6. Use the Key #1-4 areas to specify keys.The key can be either a hexadecimal or ASCII string. For WEP 64 (40-bit key), the keys are

Network Setup4-52 5. Specify a 4 to 32 character Pass Key and click the Generate button. The pass key can be any alphanumeric string. The switch and M

Network Setup4-53 WPA's encryption method is Temporal Key Integrity Protocol (TKIP). TKIP addresses WEP’s weaknesses with a re-keying mechanism,

xiv RFS7000 Series Switch System Reference Guide

Network Setup4-54 Only broadcast key changes when required to reduce the transmissions of sensitive key information. This value is enabled by default.

Network Setup4-55 10. Click OK to use the changes to the running configuration and close the dialog.11. Click Cancel to close the dialog without commi

Network Setup4-56 4. To view WLAN statistics in greater detail, select a WLAN and click the Statistics button. For more information, see Viewing WLAN

Network Setup4-57 3. Select a WLAN from the table displayed in the Statistics screen and click the Details button.The Details screen displays the WLAN

Network Setup4-58 5. Refer to the Traffic field for the following information (both received and transmitted):6. Refer to the RF Status field for the

Network Setup4-59 8. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something

Network Setup4-60 • Undecr Pkts• RXPkts per sec• RX Tput (Mbps)• Avg Retries• Avg SNR (dB)• # Radios 3. Select any of the above listed parameters by c

Network Setup4-61 3. Select a WLAN from the table displayed in the Statistics screen and click the Switch Statistics button.4. Refer to the Packet Rat

Network Setup4-62 1. Select Network > Wireless LANs from the main menu tree.2. Click the WMM tab.The WMM tab displays the following information:Idx

Network Setup4-63 3. Click the Edit button to display a screen used to modify existing WMM parameters. For more information, see Editing WMM Setting o

OverviewThe RFS7000 switch is a centralized management solution for wireless networking. It connects to non-legacy access ports through L2 or L3 (L2

Network Setup4-64 5. Click OK to save the updates to the QoS mappings.6. Select Cancel to close the screen without updating the configuration.DSCP to

Network Setup4-65 4.5.3.1 Editing WMM SettingUse the WMM Edit screen to modify existing Access Category settings for the WLAN selected within the WMM

Network Setup4-66 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something

Network Setup4-67 • Conduct a NAC check for MU's connecting to the WLAN as well as perform an additional exclude function, by attaching an exclud

Network Setup4-68 4.5.4.1 Adding an Include List to a WLANTo add a device to a WLAN’s include list configuration:1. Select Network > Wireless LANs

Network Setup4-69 7. Refer to the Status field. It displays the current state of the requests made from the applet. Requests are any “SET/GET” operati

Network Setup4-70 4.5.5 Configuring the NAC Exclusion ListThe switch provides a means to bypass NAC for 802.1x devices without a NAC agent. For Motoro

Network Setup4-71 and 64 MAC entries maximum per list. For more information, see Configuring Devices on the Exclude List on page 4-71.5. The Configure

Network Setup4-72 3. Click on the Add button within the List Configuration field.4. The List Name displays the read-only name of the list for which yo

Network Setup4-73 3. Select a item from the Exclude List’s List Name field and click the Edit button (within the Configured WLANs field). 4. Map the s

Overview1-2 Access ports do not have software or firmware upon initial receipt from the factory. When the access port is first powered on and cleared

Network Setup4-74 2. Add a host entry to the include list. This adds a specified MAC entry/MAC range into the client’s include list.RFS7000(config-wir

Network Setup4-75 RFS7000(config-wireless)#wlan 1 nac-server secondary radius-key my secret-2RFS7000(config-wireless)#3. MUs not NAC authenticated use

Network Setup4-76 4.6 Viewing Associated MUsThe Mobile Units screen displays read-only device information for MUs interoperating with the switch manag

Network Setup4-77 3. Click the Details button to launch a screen with additional information about the selected MU. For more information, see Viewing

Network Setup4-78 3. Select a MU from the table in the Status screen and click the Details button. 4. Refer to the following read-only MU’s transmit a

Network Setup4-79 5. Click the Refresh button to update the MU Statistics to their latest values.6. Refer to the Status field for the current state of

Network Setup4-80 3. Select the Last 30s checkbox to display MU statistics gathered over the last 30 seconds. This option is helpful for assessing MU

Network Setup4-81 3. Select a MU from the table displayed in the Statistics screen and click the Details button. The Details screen displays statistic

Network Setup4-82 5. Refer to the Traffic field for the following information: 6. Refer to the RF Status field for the following information:7. Refer

Network Setup4-83 3. Select a MU from the table displayed in the Statistics screen and click the Graph button. 4. Select a checkbox to display that me

Overview1-3 1.1.1.3 Cabling RequirementsThe RFS7000 has four RJ-45 Gigabit Ethernet ports, four Gigabit SFP (fiber) ports, one out-of-band management

Network Setup4-84 4.7 Viewing Access Port Radio InformationThe Access Port Radios screen displays a high-level overview of the APs created for use wit

Network Setup4-85 2. Click the Configuration tab. 3. Refer to the table for the following information:Index Displays the numerical index (device ident

Network Setup4-86 4. Select a radio index and refer to the Properties field for the following5. Click the Edit button to launch a screen used to confi

Network Setup4-87 1. Select Network > Access Port Radios from the main menu tree. 2. Click the Configuration tab.3. Click the Global Settings butto

Network Setup4-88 5. Enter the 802.1x Username assigned to the access port.6. Enter the 802.1x Password (for the corresponding username) providing aut

Network Setup4-89 3. Select a radio to edit from the table.4. Click the Edit button to display a screen containing settings for the selected radio.5.

Network Setup4-90 10. From within the Radio Settings field, define the Placement of the access port as either Indoors or Outdoors. An access port can

Network Setup4-91 Adoption Preference IDDisplays the preference ID of the switch.The value can be set between 1 and 65535. To define the radios as pre

Network Setup4-92 15. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somethin

Network Setup4-93 Supported rates allow an 802.11 network to specify the data rate it supports. When a MU attempts to join the network, it checks the

Overview1-4 1.1.2 System Status LED CodesThe RFS7000 has four vertically-stacked LEDs on its front panel. Each of the switch’s Gigabit Ethernet ports

Network Setup4-94 3. Click the Add button to display a screen containing settings for adding a new radio4. Enter the device MAC Address (the physical

Network Setup4-95 2. Click the Statistics tab.3. To define the time frame for the radio statistics, select either Last 30s or Last Hr above the statis

Network Setup4-96 5. Select a radio from those displayed and click the Details button for additional radio information. For more information, see View

Network Setup4-97 5. Refer to the Traffic field for the following information:6. Refer to the RF Status field for the following information:MAC Addres

Network Setup4-98 7. Refer to the Errors field for the following information:8. Refer to the Status field for the current state of the requests made f

Network Setup4-99 3. Select a radio index from the table displayed in the Statistics screen and click the Graph button. 4. Select a checkbox to displa

Network Setup4-100 4. Select a radio from the table to view WLAN assignment information. The WLAN Assignment tab is divided into two fields; Select Ra

Network Setup4-101 2. Click the WLAN Assignment tab.3. Select a radio from the table and click the Edit button. The Select Radio/BSS field displays th

Network Setup4-102 WMM information displays per radio with the following information: 3. Use the Filter Options facility (by clicking the Show Filter

Network Setup4-103 4.7.4.1 Editing WMM SettingsUse the Edit screen to modify a WMM profile's properties (AIFSN, Tx Op, Cw Min and CW Max). Modify

Overview1-5 Switch Status (Redundant System) Fan LED Temperature Status LED System Status 1 LED System Status 2 LED EventOff Off Power offGreen Solid

Network Setup4-104 The CW Maximum is combined with the CW Minimum to define the Contention Window. From this range, a random number is selected for th

Network Setup4-105 4.8 Viewing Access Port Adoption DefaultsUse the Access Port Adoption Defaults screen to configure radio adoption settings, assign

Network Setup4-106 2. Select the Configuration tab.3. Refer to the following information as displayed within the Configuration tab:Type Displays wheth

Network Setup4-107 4. To modify a radio’s adoption defaults, select a radio and click the Edit button. For more information, see Editing Default Radio

Network Setup4-108 4. Click the Edit button to display a screen to change the radio adoption default values for the selected radio type (either 802.11

Network Setup4-109 9. Within the Radio Settings field, configure the Placement of the radio as either Indoors or Outdoors (using the Placement drop-do

Network Setup4-110 Short Preambles only If using a 802.11bg radio, select this checkbox for the radio to transmit using a short preamble. Short preamb

Network Setup4-111 14. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somethi

Network Setup4-112 Supported Rates allow an 802.11 network to specify the data rate it supports. When a station attempts to join the network, it check

Network Setup4-113 3. The system administrator programs these options into the DHCP server. 4. If the access port finds the list, it sends a unidirect

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc.

Overview1-6 1.1.2.2 RJ-45 Gigabit Ethernet LEDs RJ-45 Port Speed LED RJ-45 Port Status LED 1.1.2.3 SFP Gigabit Ethernet LEDsPort Speed LED EventOff 10

Network Setup4-114 2. Click the WLAN Assignment tab.The WLAN Assignment tab displays two fields: Select Radios/BSS and Select/Change Assigned WLANs.3.

Network Setup4-115 6. Click Apply to save the changes made within the screen.7. Click Revert to cancel the changes made and revert back to the last sa

Network Setup4-116 4. To modify the properties of WMM Adoption Settings, select a radio and click the Edit button. For more information, see Editing A

Network Setup4-117 The Transmit Ops value is the maximum duration a device can transmit after obtaining a transmit opportunity. For Higher-priority tr

Network Setup4-118 2. Click the Adopted AP tab. 3. Refer to the Adopted AP screen for the following information:4. Click the Export button to export t

Network Setup4-119 5. Click the Convert to Sensor button to convert the selected adopted AP to a sensor that can be used with the Wireless Intrusion P

Network Setup4-120 3. Select an available index and click the Adopt button to display a screen wherein the properties of a new radio can be added for

Network Setup4-121 • Common Spanning (CST) – MST runs a single spanning tree instance (called the Common Spanning Tree) that interconnects all the bri

Network Setup4-122 4.10.1 Configuring a Bridge Use the Bridge tab to configure the Bridge. This window displays bridge configuration details for the s

Network Setup4-123 4. Refer to the General Configuration field for the followingMST Revision Level Assign a MST revision level number to the MST regio

Overview1-7 SFP Port Speed LEDSFP Port Status LED1.1.2.4 Out of Band Management Port LEDsOut of Band Management Port Speed LEDOut of Band Management P

Network Setup4-124 CIST Bridge HelloTime Set the CIST Hello Time (in seconds). After the defined interval all bridges in a bridged LAN exchange BPDUs.

Network Setup4-125 4.10.2 Viewing and Configuring Bridge Instance DetailsThe Bride Instance tab displays the number of MST instance created and VLANS

Network Setup4-126 2. Select the Bridge Instance tab.3. Click the Add button. 4. Enter a value between 1 and 15 as the Instance ID.5. Click OK to save

Network Setup4-127 2. Select the Port tabThe Port tab displays the following information (ensure you scroll to the right to view the numerous port var

Network Setup4-128 OperPort PortFast Bpdu FilterDisplays a portfast BPDU filter for the oper port. The Spanning Tree Protocol sends BPDUs from all por

Network Setup4-129 3. Select an Id and click the Edit button to revise the selected MST port configuration. For more information, see Editing a MST Po

Network Setup4-130 4.10.3.1 Editing a MST Port ConfigurationTo edit and reconfigure MSTP Port parameters. 1. Select a row from the port table and clic

Network Setup4-131 2. Click on OK button to save and commit the new configuration.3. Click Cancel to disregard the changes and revert back to the prev

Network Setup4-132 2. Select the PortInstance tab.The Port Instance table displays the following:3. If necessary, select a CIST Index from the table a

Network Setup4-133 4.10.4.1 Editing a Port Instance ConfigurationTo edit and reconfigure Port Instance parameters.1. Select a row from the port table

Overview1-8 • Management Features• Security Features• Access Port Support1.2.1 Infrastructure FeaturesThe switch includes the following Infrastructure

Network Setup4-134

Switch ServicesThis chapter describes the Services main menu information available for the following switch configuration activities.• Displaying th

Switch Services5-2 5.1 Displaying the Services InterfaceRefer to the Services main menu interface to review a summary describing the availability of s

Switch Services5-3 Redundancy Service Displays whether Redundancy is currently enabled or disabled. One or more switches can be configured as members

Switch Services5-4 5.2 DHCP Server SettingsThe DHCP Server Settings screen displays tabs supporting the following configuration activities:• Configuri

Switch Services5-5 The DHCP Server screen displays with the Configuration tab displayed. 2. Select the Enable DHCP Server checkbox to enable the switc

Switch Services5-6 8. Click the Add button to create a new DHCP pool. For more information, see Adding a New DHCP Pool on page 5-7. 9. Click the Optio

Switch Services5-7 • Infinite - If selected, the client can use the assigned address indefinitely.• Actual Interval - Select this checkbox to manually

Switch Services5-8 2. Click the Add button at the bottom of the screen. 3. Enter the name of the IP pool from which IP addresses can be issued to clie

Switch Services5-9 Additionally, define the network IP Address and Subnet Mask used for DHCP discovery and requests between the DHCP Server and DHCP c

Overview1-9 1.2.1.3 Configuration ManagementThe system supports redundant storage of configuration files to protect against corruption during a write

Switch Services5-10 4. Name the option as appropriate, assign a Code (numerical identifier) and use the Typ e drop-down options to specify a value of

Switch Services5-11 5. Use the Automatic Update drop-down menu to specify whether the automatic update feature is on or off. Select Server update to e

Switch Services5-12 4. Click the Edit button to modify the properties displayed on an existing DHCP pool. For more information, see Editing the Proper

Switch Services5-13 2. Click the Excluded tab. The Excluded tab displays “fixed” IP addresses statically assigned and unavailable for assignment with

Switch Services5-14 In the illustration above, a DHCP relay address has been configured on subnet 2 (The CLI equivalent is “ip helper-address <subn

Switch Services5-15 3. Refer to the Interfaces field for the names of the interfaces available to route information between the DHCP Server and DHCP c

Switch Services5-16 assignable IP addresses. DNS is a service, which maintains a database to map a given name to an IP address used for communication

Switch Services5-17 2. Click the Bindings tab. 3. Refer to the contents of the Bindings tab for the following: 4. Click the Export button to display a

Switch Services5-18 5.2.7 Reviewing DHCP Dynamic Bindings Dynamic DHCP bindings automatically map a hardware address to an IP address from a pool of a

Switch Services5-19 5.2.8 Configuring DHCP User ClassThe DHCP server assigns IP addresses to clients based on user class option names. Clients with a

Overview1-10 The log message format is similar to the format used by syslog messages (RFC 3164). Log messages include message severity, source (facili

Switch Services5-20 5.2.8.1 Adding a New DHCP User Class NameA DHCP user class name can be configured with a maximum of 8 user class option values. To

Switch Services5-21 3. Select an existing DHCP user class from the list and click the Edit button from the User Class Name field.a. The User Class Nam

Switch Services5-22 5.2.9 Configuring DHCP Pool ClassThe DHCP server can associate multiple classes to each pool. Each class in a pool is assigned an

Switch Services5-23 5.2.9.1 Editing an Existing DHCP Pool Class NameThe Edit Pool Class Configuration dialog is used to edit the association of a DHCP

Switch Services5-24 4. Use the Pool Name field to define a new pool name. Enter the pool name created using Adding a New DHCP Pool on page 5-7.5. Use

Switch Services5-25 2. Select the Configuration tab. 3. Refer to the Access Group field to define ACL IDs. An ACL ID must be created before it is sele

Switch Services5-26 5. Click Apply to save changes to the screen. Navigating away from the screen without clicking the Apply button results in all the

Switch Services5-27 2. Select the Symmetric Keys tab. 3. Refer to the Symmetric Key screen to view the following information. 4. Select an existing Ke

Switch Services5-28 2. Select the Symmetric Key tab. 3. Click the Add button.4. Enter a Key ID between 1-65534. The Key ID is a abbreviation allowing

Switch Services5-29 2. Select the NTP Neighbor tab. 3. Refer to the following information (as displayed within the NTP Neighbor tab) to assess whether

Overview1-11 • The switch can be configured to provide NTP services to NTP clients.• The switch can provide NTP support for user authentication.• Secu

Switch Services5-30 6. Click the Add button to define a new peer or server configuration that can be added to the existing configurations displayed wi

Switch Services5-31 (and switch) must be on the same subnet. NTP broadcasts reduce configuration complexity since both the switch and its NTP resource

Switch Services5-32 2. Select the NTP Associations tab. 3. Refer to the following SNTP Association data for each SNTP association displayed: Address D

Switch Services5-33 4. Select an existing NTP association and click the Details button to display additional information useful in discerning whether

Switch Services5-34 5.3.6 Viewing NTP StatusRefer to the NTP Status tab to display performance (status) information relative to the switch’s current N

Switch Services5-35 5.4 Configuring Switch Redundancy Configuration and network monitoring are two tasks a network administrator faces as a network gr

Switch Services5-36 switches at the same time. This is done by the cluster-protocol running on WS1, by duplicating the commands and sending them to th

Switch Services5-37 To view status and membership data and define a redundancy group configuration, refer to the following:• Reviewing Redundancy Stat

Switch Services5-38 Heartbeat Period The Heartbeat Period is the interval heartbeat messages are sent. Heartbeat messages discover the existence and s

Switch Services5-39 3. Refer to the History field to view the current state of the redundancy group.4. Click Apply to save any changes to the screen.

Overview1-12 The switch can be discovered using one of the following mechanisms:•DHCP• Switch fully qualified domain name (FQDN)• Static IP addresses

Switch Services5-40 3. Refer to the Status field to assess the current state of the redundancy group. Redundancy state is Displays the state of the re

Switch Services5-41 4. The Apply and Revert buttons are unavailable for use with the Status screen, as there are no editable parameters to save or rev

Switch Services5-42 2. Select the Member tab.3. Refer to the following information within the Member tab:IP Address Displays the IP addresses of the s

Switch Services5-43 4. Select a row, and click the Details button to display additional details for this member. For more information, see Displaying

Switch Services5-44 Status Displays the current status of this group member. This status could have the following values:• Configured - The member is

Switch Services5-45 5. Refer to the Status field.The Status is the current state of the requests made from the applet. Requests are any “SET/GET” oper

Switch Services5-46 • Do not allow different port speed/duplex settings on members. Each members should have the settings.• In a redundancy group of t

Switch Services5-47 and ARP are tunneled through the home switch. The IP address for the MU is assigned from the VLAN to which the MU belongs (as dete

Switch Services5-48 The Layer 3 Mobility screen appears with the Configuration tab displayed. 2. Select the Use Default Management Interface checkbox

Switch Services5-49 5.5.2 Defining the Layer 3 Peer ListThe Layer 3 Peer List contains the IP addresses MUs are using to roam amongst various subnets.

Overview1-13 1.2.2.3 Proxy-ARPProxy ARP is provided for MU's in PSP mode whose IP address is known. The WLAN generates an ARP reply on behalf of

Switch Services5-50 Enter the IP addresses in the area provided and click the OK button to add the addresses to the list displayed within the Peer Lis

Switch Services5-51 4. Click the Clear Statistics button to remove the data displayed for the selected peer IP address.5.5.4 Reviewing Layer 3 MU Stat

Switch Services5-52 2. Select the MU Status tab. 3. Refer to the following information within the MU Status tab: MU MAC Displays the factory hardcoded

Switch Services5-53 5.6 Configuring Self HealingThe switch supports a feature called Self Healing that enables radios to take corrective action when o

Switch Services5-54 4. Click the Apply button to save the changes made within this screen. Clicking Apply overwrites the previous configuration.5. Cli

Switch Services5-55 4. Highlight an existing neighbor and click the Edit button to launch a screen designed to modify the self healing action and/or n

Switch Services5-56 3. Select an existing neighbor and click the Edit button. The radio index and description display in the upper right corner of the

Switch Services5-57 5.7 Configuring Switch DiscoverySwitch discovery enables the SNMP discovery (location) of devices. To discover devices in the spec

Switch Services5-58 2. Refer to the following information within the Discovery Profiles tab to discern whether an existing profile can be used as is,

Switch Services5-59 If SNMP v3 is used with a discovering profile, a V3 Authentication screen displays. The User Name and Password are required to mat

Overview1-14 1.2.2.5 IDM (Identity Driven Management) Radius authentication is performed for all protocols using a Radius-based authentication scheme

Switch Services5-60 4. Refer to the Status field for an update of the edit process.The Status is the current state of the requests made from the apple

Switch Services5-61 3. Refer to the following within the Recently Found Devices tab to discern whether a located device should be deleted from the lis

Switch Services5-62 5.8 Configuring SOLE SupportThe switch has the ability to use Smart Opportunistic Location Engine (SOLE) adapters to assist in the

Switch Services5-63 The Enabled column displays a green checkmark next to the SOLE adapter once enabled. A Red X defines the adapter as disabled.3. Cl

Switch Services5-64 5.8.3 Reviewing SOLE StatisticsPeriodically review SOLE statistics to determine the extent of the message traffic transmitted and

Switch SecurityThis chapter describes the security mechanisms available to the switch. This chapter describes the following security configuration a

Switch Security6-2 6.1 Displaying the Main Security InterfaceRefer to main Security interface for a high level overview of device intrusion and switch

Switch Security6-3 2. Refer to the following information to discern if configuration changes are warranted: The Apply and Revert buttons are greyed ou

Switch Security6-4 6.2 AP Intrusion DetectionUse the Access Point Detection menu options to view and configure network related IP information. The Acc

Switch Security6-5 4. Refer to the MU Assisted Scan field to enable associated MUs to assist in the detection of access points. 5. Click the Apply but

Overview1-15 Detector APsConfigure an AP in either – Data mode (the regular mode) or Detector mode.In Detector mode, the AP scans all channels at a co

Switch Security6-6 6.2.1.1 Adding or Editing an Allowed APTo add a new range or modify the address range used to designate devices as Allowed APs:1. S

Switch Security6-7 6.2.2 Approved APs (Reported by APs)Those access points detected and approved for operation within the switch managed network can b

Switch Security6-8 5. Click on the Export button to export the contents of the table to a Comma Separated Values file (CSV).6.2.3 Unapproved APs (Repo

Switch Security6-9 4. The Number of Unapproved APs is simply the sum of all of Unapproved Radio MAC Addresses detected. 5. If a Radio MAC address is l

Switch Security6-10 3. The Unapproved APs (Reported by MUs) table displays the following information:4. The Number of Unapproved APs is simply the sum

Switch Security6-11 2. Click the Configuration tab. 3. Within the Collection Settings field, set the Detection Window interval (in seconds) the switch

Switch Security6-12 5. When using the Frames with known bad ESSIDs violation parameter it is necessary to enter a list of known bad ESSIDs for the vio

Switch Security6-13 3. Select a detected MU and click the Delete button to remove it from the list of MUs you are tracking as potential threats within

Switch Security6-14 6.4 Configuring Wireless FiltersUse filters to either allow or deny a MAC address (or groups of MAC addresses) from associating wi

Switch Security6-15 3. Refer to the Associated WLANs field for following4. If the properties of an existing filter are close to your needs but still r

About this GuideIntroductionThis guide provides information about using the RFS7000 Series RF Switch. Documentation SetThe documentation set for the R

Overview1-16 MU Balancing Across Multiple APsAs per the 802.11 standard, AP and MU association is a process conducted independently of the switch. 802

Switch Security6-16 The user can modify an ACL Index (numerical identifier) for the ACL, and edit the starting an ending MAC address range for the dev

Switch Security6-17 Define an Index (numerical identifier) for the ACL and the starting and ending MAC address range for devices allowed/denied access

Switch Security6-18 4. Select the box to the right of each WLAN you want associated with the ACL.Selecting a WLAN maps it the MAC address range and al

Switch Security6-19 6.5 ACL ConfigurationAn Access Control List (ACL) is a sequential collection of permit and deny conditions that apply to switch da

Switch Security6-20 For more information, see:• Router ACLs• Port ACLs• Wireless LAN ACLs• ACL Actions6.5.1.1 Router ACLsRouter ACLs are applied to La

Switch Security6-21 6.5.1.2 Port ACLsThe switch supports Port ACLs on physical interfaces and inbound traffic only. The following Port ACLs are suppor

Switch Security6-22 6.5.1.5 Precedence OrderThe rules within an ACL are applied to packets based on their precedence values. Every rule has a unique p

Switch Security6-23 The ACLs field displays the list of ACLs currently associated with the switch. An ACL contains an ordered list of ACEs. Each ACE s

Switch Security6-24 3. Click on the Add button.4. Select an ACL Type from the drop-down menu. The following options are available:• Standard IP List –

Switch Security6-25 3. Click the Add button within the Associated Rules field. 4. Use the Precedence field to enter a precedence (priority) value betw

Overview1-17 PMKs among themselves. This allows an MU to roam to an AP that it has not previously visited and reuse a PMK from another AP to skip the

Switch Security6-26 9. If the selected Protocol is tcp or udp, click the Protocol Options button to configure the source and destination Port. 10. Use

Switch Security6-27 The rules within an ACL are applied to packets based on their precedence value. Rules with lower precedence are always applied fir

Switch Security6-28 2. Click the Attach-L2/L3 tab.3. Refer to the following information as displayed within the Attach - L2/L3 tab:4. Select an interf

Switch Security6-29 3. Click on the Add button.4. Use the Interface drop-down menu to select the interface to configure on the switch. Available optio

Switch Security6-30 6.5.4 Attaching an ACL on a WLAN Interface/PortUse the Attach-WLAN tab to view and assign an ACL to a WLAN on the switch. By defau

Switch Security6-31 6.5.4.1 Adding or Editing a New ACL WLAN ConfigurationAfter creating an ACL, it can be applied to one or more WLANs on the switch.

Switch Security6-32 2. Click the Statistics tab.3. Refer to the following information as displayed within the Statistics tab:4. Select an interface an

Switch Security6-33 6.6 Configuring NAT InformationNetwork Address Translation (NAT) provides the translation of an Internet Protocol (IP) address wit

Switch Security6-34 2. Click on the Dynamic Translation tab. 3. Refer to the following information as displayed within the Dynamic Translation tab. Ty

Switch Security6-35 4. Select an existing NAT configuration and click the Edit button to modify the settings of this existing NAT configuration. The f

Overview1-18 802.11e QoS 802.11e enables real-time audio and video streams to be assigned a higher priority over regular data. The switch supports the

Switch Security6-36 back to the specific internal private class IP address in order to reach the LAN over the switch managed network. 6. Use the Acces

Switch Security6-37 3. Refer to the following information as displayed within the Static Translation tab. 4. Select an existing NAT configuration and

Switch Security6-38 6.6.2.1 Adding a New Static NAT ConfigurationIf the existing NAT configurations displayed with the Configuration prove unsuitable

Switch Security6-39 9. Enter the Global Address to assign to a host in the outside network. This should be interpreted as a secure address.10. Display

Switch Security6-40 3. Refer to the following information as displayed within the Interface tab: 4. To Edit an existing interface, select it from the

Switch Security6-41 6.6.4 Viewing NAT StatusUse the Status tab to review the NAT translations configured thus far for the switch. The Status tab displ

Switch Security6-42 6.7 Configuring IKE SettingsIKE (also known as ISAKMP) is the negotiation protocol enabling two hosts to agree on how to build an

Switch Security6-43 2. Click the Configurations tab.During IKE negotiations, peers must identify themselves to one another. Thus, the configuration yo

Switch Security6-44 8. Select an existing entry and click the Delete button to remove it.9. If the properties of an existing peer IP address, key and

Switch Security6-45 A IKE policy matches when they have the same encryption, hash, authentication and Diffie-Hellman settings. The SA lifetime must al

Overview1-19 1.2.2.14 Automatic Channel SelectionAutomatic channel selection works as follows:1. When a new AP is adopted, it scans each channel. Howe

Switch Security6-46 4. Highlight an existing policy and click the Edit button to revise the policy’s existing priority, encryption scheme, hash value,

Switch Security6-47 a. Configure a set of attributes for the new IKE policy: b. Refer to the Status field for the current state of the requests made f

Switch Security6-48 2. Click the SA Statistics tab.3. Refer to the information displayed within SA Statistics tab to discern the following: Index Disp

Switch Security6-49 4. Select an index and click the Details button to display a more robust set of statistics for the selected index. Use this inform

Switch Security6-50 security association, allows encryption keys to change during IPSec sessions and permits Certification Authority (CA) support for

Switch Security6-51 6.8.1 Defining the IPSec ConfigurationUse the IPSec VPN Configuration tab to view the attributes of existing VPN tunnels and modif

Switch Security6-52 4. Refer to the Transform Sets field to view the following data: 5. Select an IPSec VPN transform set (by its index) and click the

Switch Security6-53 4. Revise the following information as required to render the existing transform set useful. Name The name is read-only and cannot

Switch Security6-54 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somethi

Switch Security6-55 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somethi

Overview1-20 • Unicast From Mobile Unit – Frames are decrypted, converted from 802.11 to 802.3 and switched to the wired side of the VLAN dynamically

Switch Security6-56 2. Click the Remote tab.3. Refer to the Configuration field to define the following: 4. Click the IP Range tab to view the followi

Switch Security6-57 7. To add a new range of IP addresses, click the Add button (within the IP Range tab) and define the range in the fields provided.

Switch Security6-58 radio button) or if no authentication is used for credential verification (by selecting the No Authentication radio button).4. Ent

Switch Security6-59 10. Click the Add button to display a screen used to add a new User and Password. Enter a User Name and Password and confirm. Clic

Switch Security6-60 2. Click the Crypto Maps tab.The Crypto Maps screen is divided into 5 tabs, each serving a different function in the overall Crypt

Switch Security6-61 4. Select an existing Crypto Map and click the Edit button to modify the Crypto Map’s attributes. If an entire Crypto Map requires

Switch Security6-62 c. Use the None, Domain Name or Host Name radio buttons to select and enter the fully qualified domain or host name of the host ex

Switch Security6-63 2. Click the Crypto Maps tab and select Peers. 3. Refer to the read-only information displayed within the Peers tab to determine w

Switch Security6-64 6. If a new peer requires creation, click the Add button. a. Define the Seq # /Name for the new peer. b. Enter the name of the IKE

Switch Security6-65 3. Refer to the read-only information displayed within the Manual SAs tab to determine whether a Crypto Map with a manually define

Overview1-21 1.2.3 Wired SwitchingThe switch includes the following wired switching features:• DHCP Servers • DDNS • VLAN Enhancements• Interface Mana

Switch Security6-66 d. Use the ACL ID drop-down menu to permit a Crypto Map data flow using the permissions within the selected ACL.e. Select either t

Switch Security6-67 3. Refer to the read-only information displayed within the Transform Sets tab to determine whether a Crypto Map transform set requ

Switch Security6-68 2. Click the Crypto Maps tab and select Interfaces. 3. Refer to the following read-only information displayed within the Interface

Switch Security6-69 6.8.5 Viewing IPSec Security AssociationsRefer to the IPSec SAs tab to review the various security associations (SAs) between the

Switch Security6-70 4. Use the page navigation facility (found on top of the table next to the Show Filtering Options link) to view the list of securi

Switch Security6-71 6.9 Configuring the Radius ServerRemote Authentication Dial-In User Service (Radius) is a client/server protocol and software enab

Switch Security6-72 • PEAP and GTC• PEAP and MSCHAPv2Apart from EAP authentication, the switch allows the enforcement of user-based policies. User-bas

Switch Security6-73 6.9.1.2 Authentication of Terminal/Management User(s)The local Radius server can be used to authenticate users. A normal user (wit

Switch Security6-74 authentication source if a user does not exist in the local Server’s database, since the primary method has rejected the authentic

Switch Security6-75 7. Click the Revert button to cancel any changes made within the Global Settings field and revert back to the last saved configura

Overview1-22 1.2.3.4 Interface Management The switch permits a physical interface to Auto Negotiate, Full Duplex or Half Duplex. The switch also allow

Switch Security6-76 6.9.3.2 Radius Proxy Server ConfigurationThe switch can send Radius requests to a properly configured proxy Radius server. A user&

Switch Security6-77 6.9.4 Configuring Radius Authentication and AccountingDeploy one or more Radius servers to configure user authentication, EAP type

Switch Security6-78 4. Refer to the LDAP Server Details field to define the primary and secondary Radius LDAP server configuration providing access to

Switch Security6-79 6. Click the Revert button to cancel any changes made within the screen and revert back to the last saved configuration.6.9.5 Conf

Switch Security6-80 If the group assignment is insufficient, use the Edit or Add functions to modify/create users or modify their existing group assig

Switch Security6-81 a. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somethi

Switch Security6-82 6.9.6 Configuring Radius User GroupsThe Groups tab displays a list of all groups in the local Radius server's database. The g

Switch Security6-83 4. Refer to the WLANs Assigned area of the Groups tab to review which switch WLANs are available for use with configured groups.5.

Switch Security6-84 a. Refer to the Status field for the current state of requests made from applet. This field displays error messages if something g

Switch Security6-85 6.9.7 Viewing Radius Accounting LogsAccounting logs contain information about the use of remote access services by users. This inf

Overview1-23 • Certificate Management1.2.5.1 Encryption and AuthenticationWEP Wired Equivalent Privacy (WEP) is an encryption scheme used to secure wi

Switch Security6-86 6.10 Creating Server CertificatesUse the Server Certificates screen to view existing self-signed certificate values. The values di

Switch Security6-87 2. Select the Trustpoints tab.A panel (on the far left of the screen) displays currently enrolled trustpoints.The Server Certifica

Switch Security6-88 3. Click the Certificate Wizard button to create a self signed certificate, upload an external server certificate (and/or a root c

Switch Security6-89 Using the Wizard to Create a New CertificateTo generate a new self-signed certificate or prepare a certificate request:1. Select t

Switch Security6-90 Select a trustpoint for the new certificate.• Use existing trustpoint - Select an existing trustpoint from the drop-down menu.• Cr

Switch Security6-91 If generating a new self-signed certificate (as selected in page 2 of the wizard), the wizard continues the installation. Use the

Switch Security6-92 7. Select the Enroll the trustpoint checkbox to enroll the certificate request with the CA. 8. Click Next to proceed with the cert

Switch Security6-93 11. Click the Next button to continue preparing the certificate request.Using the Wizard Delete OperationThe wizard can also be us

Switch Security6-94 6.10.2 Configuring Trustpoint Associated KeysTrustpoint keys allow a user to use different Rivest, Shamir, an Adelman (RSA) key pa

Switch Security6-95 6.10.2.1 Adding a New KeyIf none of the keys listed within the Keys tab are suitable for use with a certificate, consider creating

Overview1-24 802.1x EAP802.1x EAP is the most secure authentication mechanism for wireless networks and includes EAP-TLS, EAP-TTLS and PEAP. The switc

Switch Security6-96 The drop-down menu contains the log files listed within the Server Certificate screen.6. Use the To drop-down menu to define wheth

Switch Security6-97 When enabling an Enhanced Beacon, the switch allows adopted access ports to periodically scan for rogue APs on different channels

Switch Security6-98 4. Use Scan Interval value to enter the interval used by the radio between scans. The radio scans each channel for the defined int

Switch Security6-99 9. Click Apply to save changes to the screen. Navigating away from the screen without clicking the Apply button results in changes

Switch Security6-100 4. Define a Window Time (from 10 to 60 seconds) to set an interval used by the AP to record MU probe requests. The MU radio probe

Switch Security6-101 2. Select the Beacons Found tab.3. Refer to the following information as displayed within the Beacons Found tab. 4. Click the Cle

Switch Security6-102 6.11.4 Reviewing the Probes Report Refer to the Probes Found tab to view the enhanced Probe report created by the switch. The tab

Switch ManagementThis chapter describes the Management Access main menu items used to configure the switch. This chapter consists of the following s

Switch Management7-2 7.1 Displaying the Management Access InterfaceRefer to the main Management Access interface for a high-level overview of the curr

Switch Management7-3 7.2 Configuring Access ControlRefer to the Access Control screen to allow/deny management access to the switch using the differen

Overview1-25 When you initially switch packets on an out-of-the-box AP300 port, it immediately attempts to authenticate using 802.1x. Since 802.1x sup

Switch Management7-4 3. Click the Apply button to save changes made to the screen since the last saved configuration.RetriesDefine the number of retri

Switch Management7-5 4. Click the Revert button to revert the screen back to its last saved configuration. Changes made since the contents of the scre

Switch Management7-6 1. Select Management Access > SNMP Access > v1/v2 from the main menu tree. 2. Refer to the Community Name and Access Contro

Switch Management7-7 2. Select an existing Community Name from those listed and click the Edit button. 3. Modify the Community Name used to associate

Switch Management7-8 2. Select the V3 tab from within the SNMP Access screen. 3. Refer to the fields within the V3 screen for the following informatio

Switch Management7-9 7.3.2.1 Editing a SNMP v3 Authentication and Privacy PasswordThe Edit screen enables the user to modify the password required to

Switch Management7-10 2. Select the Statistics tab from within the SNMP Access screen.3. Refer to the following read-only statistics displayed within

Switch Management7-11 7.4 Configuring SNMP TrapsUse the SNMP Trap Configuration screen to enable or disable individual traps or by functional trap gro

Switch Management7-12 Redundancy Displays a list of sub-items (trap options) specific to the Redundancy (clustering) configuration option. Select an i

Switch Management7-13 5. Click the Expand All Items button to display the sub-items within each trap category. Use this item to display every trap tha

iv RFS7000 Series Switch System Reference GuideNotational ConventionsThe following additional notational conventions are used in this document:•Italic

Overview1-26 1.2.5.9 Rogue AP DetectionThe switch supports the following rogue AP detection mechanisms:• Motorola RFMS Support• RF scan by Access Port

Switch Management7-14 2. Click the Wireless Statistics Thresholds tab. 3. Refer to the following information for thresholds descriptions, conditions,

Switch Management7-15 4. Select a threshold and click the Edit button to display a screen wherein threshold settings for the MU, AP and WLAN can be mo

Switch Management7-16 2 Throughput Greater than A decimal number greater than 0.00 and less than or equal to 100000.00A decimal number greater than 0.

Switch Management7-17 7.5 Configuring SNMP Trap ReceiversRefer to the Trap Receivers screen to review the attributes of existing SNMP trap receivers (

Switch Management7-18 Remove Trap Receivers as needed if the destination address information is no longer available on the system.5. Click the Add but

Switch Management7-19 7.5.2 Adding SNMP Trap ReceiversThe SNMP Add screen is designed to create a new SNMP trap receiver. Use the Add screen to create

Switch Management7-20 7.6 Configuring Management UsersRefer to the Users screen to view the administrative privileges assigned to different switch use

Switch Management7-21 4. Click on the Edit button to modify the associated roles and access modes of the selected user. By default, the switch has two

Switch Management7-22 6. Select the access modes to assign to the new user from the options provided in the Access Modes panel. Select one or more of

Switch Management7-23 4. Enter the new authentication password for the user in the Password field and reconfirm within the Confirm Password field.5. S

Overview1-27 Authorized AP Lists Configure a list of authorized access ports based on their MAC addresses. The switch evaluates the APs against the co

Switch Management7-24 7.6.1.3 Creating a Guest Admin and Guest UserOptionally, create a guest administrator for creating guest users with specific use

Switch Management7-25 6. Add guest users by name, start date and time, expiry date and time and user group.7. Optionally, click the Generate button t

Switch Management7-26 2. Select the Authentication tab. 3. Refer to the Authentication methods field to set a preferred and alternative authentication

Switch Management7-27 7. Select a Radius server from the table and click the Edit button to modify how the authentication method is used. For more inf

Switch Management7-28 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somet

Switch Management7-29 5. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if somet

Switch Management7-30

DiagnosticsThis chapter describes the various diagnostic features available for monitoring switch performance. This chapter consists of the followin

Diagnostics8-2 8.1 Displaying the Main Diagnostic InterfaceUse the main diagnostic screen to monitor the following switch features:• Switch Environmen

Diagnostics8-3 3. The Environment displays the following fields:• Settings• Temperature Sensors•Fans4. In the Settings field, select the Enable Diagno

Overview1-28 • Site-Site VPN — For example, a company branching office traffic to another branch office traffic with an unsecured link between the two

Diagnostics8-4 2. Select the CPU tab. 3. The CPU screen consists of 2 fields:• Load Limits•CPU Usage4. The Load Limits field displays the maximum CPU

Diagnostics8-5 8.1.3 Switch Memory AllocationUse the Memory tab to periodically assess the switch’s CPU load. 1. Select Diagnostics from the main tree

Diagnostics8-6 5. The Buffers field displays buffer usage information. It consists of a table with the following information:6. Click the Apply button

Diagnostics8-7 8.1.5 Switch Memory ProcessesThe Processes tab displays the number of processes in use and percentage of memory usage limit per process

Diagnostics8-8 8.1.6 Other Switch ResourcesThe Other Resources tab displays the memory allocation of Packet Buffer, IP Route Cache and File Descriptor

Diagnostics8-9 8.2 Configuring System LoggingUse the System Logging screen for logging system events. Its important to log individual switch events to

Diagnostics8-10 6. Select the Enable Logging to Syslog Server checkbox to enable the switch to log system events send them to an external syslog serve

Diagnostics8-11 2. Select the File Mgmt tab. 3. The File Mgmt tab displays existing log files. Refer to the following for log file details:4. Highligh

Diagnostics8-12 7. Click the Transfer Files button to display a sub-screen wherein log files can be sent to an external location (defined by you) usin

Diagnostics8-13 4. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something g

Overview1-29 • TCP Bad Sequence number Apart from detecting the above attacks, the firewall also performs sanity checks on every packet. These sanity

Diagnostics8-14 8.2.2.2 Transferring Log Files If a system log contains data that may require archiving, consider using the Transfer Files screen to e

Diagnostics8-15 8.3 Reviewing Core SnapshotsUse the Core Snapshots screen to view the core snapshots (system events and process failures with a .core

Diagnostics8-16 8.3.1 Transferring Core SnapshotsUse the Transfer screen to define a source for transferring core snapshot files to a secure location

Diagnostics8-17 8.4 Reviewing Panic SnapshotsRefer to the Panic Snapshots screen for an overview of the panic files available. Typically, panic files

Diagnostics8-18 6. Click the Transfer button to open the transfer dialogue to transfer the file to another location. For more information, see Transfe

Diagnostics8-19 6. Provide the name of the file to be transferred to the location specified within the File field. 7. If Server has been selected as t

Diagnostics8-20 • Send log message to a file.• Use SNMP v2 only.• Message severity.• What kinds of messages should be seen.3. Select the Send log mess

Diagnostics8-21 1. Select Diagnostics > Ping from the main menu. 2. Refer to the following information displayed within the Configuration tab: 3. T

Diagnostics8-22 8.6.1 Modifying the Configuration of an Existing Ping TestThe properties of an existing ping tests can be modified to ping an existing

Diagnostics8-23 8.6.2 Adding a New Ping TestIf the attributes of an existing ping test do not satisfy the requirements of a new connection test, and y

Overview1-30 1.2.5.16 NACThere is an increasing proliferation of insecure devices (laptops, mobile computers, PDA, smart-phones) accessing WiFi networ

Diagnostics8-24 4. Click OK to save and add the changes to the running configuration and close the dialog.5. Refer to the Status field for the current

Diagnostics8-25 Min RTT Displays the quickest round trip time for ping packets transmitted from the switch to its destination IP address. This may ref

Diagnostics8-26

Appendix ACustomer SupportMotorola’s Enterprise Mobility Support CenterIf you have a problem with your equipment, contact Enterprise Mobility support

A - 2 RFS7000 Series Switch System Reference Guide

Appendix BAdaptive APB.1 Adaptive AP OverviewAn adaptive AP (AAP) is an AP-51XX access point that can adopt like an AP300 (L3). The management of an A

B - 2 RFS7000 Series Switch System Reference GuideB.1.1 Where to Go From HereRefer to the following for a further understanding of AAP operation:• “B.

Appendix B: Adaptive AP B - 3B.1.3 Types of Adaptive APsTwo low priced AP-5131 SKU configurations are being introduced allowing customers to take adva

B - 4 RFS7000 Series Switch System Reference GuideB.1.5 Switch DiscoveryFor an AP-51XX to function as an AAP (regardless of mode), it needs to connect

Appendix B: Adaptive AP B - 5** The AP-51xx uses an encryption key to hash passphrases and security keys. To obtain the encryption passphrase, configu

Switch Web UI Access& Image Upgrades2.1 Accessing the Switch Web UI2.1.1 Web UI RequirementsThe switch Web UI is accessed using Internet Explore

B - 6 RFS7000 Series Switch System Reference GuideB.1.7 Adaptive AP WLAN TopologyAn AAP can be deployed in the following WLAN topologies: • Extended W

Appendix B: Adaptive AP B - 7B.1.11 Remote Site Survivability (RSS)RSS can be used to turn off RF activity on an AAP if it loses adoption (connection)

B - 8 RFS7000 Series Switch System Reference GuideB.2 Supported Adaptive AP TopologiesThe following AAP topologies are supported with the RFS7000:• “B

Appendix B: Adaptive AP B - 9B.2.1 Topology Deployment ConsiderationsWhen reviewing the AAP topologies describes in the section, be cognizant of the f

B - 10 RFS7000 Series Switch System Reference GuideB.2.4 Extended VLAN with Mesh NetworkingMesh networking is an extension of the existing wired netwo

Appendix B: Adaptive AP B - 11To avoid a lengthy broken connection with the switch, Motorola recommends generating an SNMP trap when the AAP loses ado

B - 12 RFS7000 Series Switch System Reference GuideB.4.1 Adaptive AP ConfigurationAn AAP can be manually adopted by the switch, adopted using a config

Appendix B: Adaptive AP B - 135. Select the Enable AP-Switch Tunnel option to allow AAP configuration data to reach a switch using a secure VPN tunnel

B - 14 RFS7000 Series Switch System Reference Guide3. Ensure the Adopt unconfigured radios automatically option is NOT selected.When disabled, there i

Appendix B: Adaptive AP B - 15 NOTE Additionally, a WLAN can be defined as independent using the "wlan <index> independent" command fr

Installing the System Iamge2-2 2.1.2 Connecting to the Switch Web UITo display the Web UI, launch a Web browser on a computer with the capability of a

B - 16 RFS7000 Series Switch System Reference GuideOnce an AAP is adopted by the switch, it displays within the switch Access Port Radios screen (unde

Appendix B: Adaptive AP B - 17B.4.4. Sample Switch Configuration File for IPSec and Independent WLANThe following constitutes a sample RFS7000 switch

B - 18 RFS7000 Series Switch System Reference Guide!ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh no servic

Appendix B: Adaptive AP B - 19radio 1 rss enable radio add 2 00-15-70-00-79-30 11a aap5131 radio 2 bss 1 5 radio 2 bss 2 1 radio 2 bss 3 2 radio 2 cha

B - 20 RFS7000 Series Switch System Reference Guideswitchport trunk allowed vlan add 1-9,100,110,120,130,140,150,160,170, switchport trunk allowed vla

MOTOROLA INC.1303 E. ALGONQUIN ROADSCHAUMBURG, IL 60196http://www.motorola.com72E-103889-01 Revision AJanuary 2008

Switch Web UI Access & Image Upgrades2-3 switch, view the status of the switch’s Ethernet connections and view switch CPU and memory utilization s

Installing the System Iamge2-4

Switch InformationThis chapter describes the Switch main menu information used to configure the RFS7000. This chapter consists of the following sect

ContentsChapter 1. OverviewHardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Ph

Switch Information3-2 Refer to the switch configuration tab for:• Viewing the Switch Configuration• Viewing Switch Statistics 3.1.1 Viewing the Switch

Switch Information3-3 2. Select the Configuration tab 3. The system prompts the user for the correct Country code after the first login.A warning mess

Switch Information3-4 5. Click the Restart button to reboot the switch. The switch itself does not include a hardware feature for this purpose. 6. Cli

Switch Information3-5 The Dashboard screen displays the current health of the switch and is divided into the following fields: •Alarms• Ports• Environ

Switch Information3-6 1. Refer to the Alarms field for details of all the unacknowledged alarms generated during the past 48 hours. The alarms are cla

Switch Information3-7 2. Click the Switch Statistics tab at the top of the Switch screen.3. Refer to the following read-only information about associa

Switch Information3-8 6. Refer to the Errors field for the following read-only packet error and loss information for associated access ports and radio

Switch Information3-9 2. Select the Configuration tab to display the following read-only information: 3. Select a port and click the Edit button to mo

Switch Information3-10 3.2.1.1 Editing the Port ConfigurationTo modify the port configuration:1. Select a port from the table displayed within the Con

Switch Information3-11 Read-only details about the port’s cabling connection also display within the Edit screen. This information should be used to h

vi RFS7000 Series Switch System Reference GuidePower Save Polling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Switch Information3-12 3.2.3 Viewing the Ports StatisticsThe Statistics tab displays read-only statistics for uplink and downlink ports. Use this info

Switch Information3-13 4. Select a port and click on Details button to see the detailed port statistics. For more information, refer to Detailed Port

Switch Information3-14 4. The Status is the current state of the requests made from the applet. Requests are any “SET/GET” operation from the applet.

Switch Information3-15 3.2.3.2 Viewing the Port Statistics GraphThe switch continuously collects data for port statistics. Even when the port statisti

Switch Information3-16 4. Click on the Close button to exit the screen without saving changes.3.3 Viewing Switch ConfigurationsUse the Configurations

Switch Information3-17 2. To view the entire contents of a config file (in detail), select a config file (by highlighting a row from the table) and cl

Switch Information3-18 2. Click the View button to see the contents of the selected configuration file. 3. The Main screen displays the contents of th

Switch Information3-19 To transfer the contents of a configuration file:1. Click the Transfer Files button on the bottom of the Configuration screen.

Switch Information3-20 4. Refer to the Status field for the current state of the requests made from the applet. Requests are any “SET/GET” operation f

Switch Information3-21 3.4 Viewing Switch Firmware InformationThe switch can store two software versions. Information about the two versions displays

Table of Contents viiViewing the Ports Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-12Detailed Port Stati

Switch Information3-22 3. Refer to the Patch field for a listing of those Patches available to the switch. The name and version of each patch file is

Switch Information3-23 This firmware version will now be invoked after the next reboot of the switch.5. Refer to the Status field for the current stat

Switch Information3-24 a. Use FTP to get the firmware update from a File Transfer Protocol (FTP) server. A user account must be established on the FTP

Switch Information3-25 3.5 Switch File ManagementUse the File Management screen to transfer configuration file to and from the switch and review the f

Switch Information3-26 2. Refer to the Source field to specify the details of the source file.3.5.1.1 Transferring a file from Wireless Switch to Wire

Switch Information3-27 3.5.1.2 Transferring a file from a Wireless Switch to a ServerTo transfer a file from the switch to a Server:1. Refer to the So

Switch Information3-28 2. Provide the name of the File.3. Use the Using drop-down menu to configure whether the file transfer is conducted using FTP,

Switch Information3-29 3.5.2 Viewing FilesUse the File System tab to review the files available to the switch. The switch maintains the following file

Switch Information3-30 4. Select CF, USB1 or USB2 and click the Format button (enabled only if the CF or USB are connected to the switch) to check if

Switch Information3-31 2. Refer to the Switch Configuration field to enable and define the configuration for automatic configuration file updates. If

viii RFS7000 Series Switch System Reference GuideConfiguring Authentication Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-33Conf

Switch Information3-32 4. Refer to the Firmware field to enable and define the configuration for automatic firmware updates. If enabled, the located (

Switch Information3-33 1. Select Switch > Alarm Log from the main menu tree. 2. Select either of the two available filter options to view alarm log

Switch Information3-34 4. Select an alarm and click the Details button to display an alarm description along with a system proposed solution and possi

Switch Information3-35 2. Select an alarm and click the Details button. 3. Refer to the Alarm Details and Alarm Message for the following information:

Switch Information3-36 3.8 Viewing Switch Licenses Use the Licenses screen to install and add a new licenses on the switch.To install a new license:1.

Switch Information3-37 3.9 How to use the Filter OptionUse the Filter Option to sort the display details of screen that employ the filtering option as

Switch Information3-38

Network SetupThis chapter describes the Network Setup menu information used to configure the switch. This chapter consists of the following switch N

Network Setup4-2 4.1 Displaying the Network InterfaceThe main Network interface displays a high-level overview of the configuration (default or otherw

Network Setup4-3 2. Refer to the following information to discern if configuration changes are warranted: The Apply and Cancel buttons are greyed out

Table of Contents ixViewing Access Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-117Viewing Adopte

Network Setup4-4 4.2 Viewing Network IP InformationUse the Internet Protocol screen to view and configure network associated IP details. The Internet

Network Setup4-5 4. Select an IP Address from the table and click the Delete button to remove the selected entry from the list.5. Click the Add button

Network Setup4-6 2. Select the Domain Look Up checkbox to enable the switch to query domain name servers to resolve domain names to IP addresses. 3. E

Network Setup4-7 4. Select an entry and click the Delete button to remove the selected entry from the IP forwarding table.5. Click the Add button to c

Network Setup4-8 2. In the Destination Subnet field, enter an IP address to route packets to a specific destination address.3. Enter a subnet mask for

Network Setup4-9 4. Click the Clear button to remove the selected ARP entry if no longer usable.4.3 Viewing and Configuring Layer 2 Virtual LANsA virt

Network Setup4-10 2. Select a record from the table and click the Edit button to modify the record. For more information, see Editing the Details of a

Network Setup4-11 5. Use the Edit screen to modify the following:6. Refer to the Status field for the current state of the requests made from applet.

Network Setup4-12 VLAN details display within the VLANs by Port tab. 3. Refer to the following information as displayed within the VLANs by Port tab:

Network Setup4-13 3. Highlight an existing VLAN and click the Edit button. The system displays a Port VLAN Change Warning message. Be advised, changin