Home > Motorola > Wireless > Motorola Wing 5 Manual

Motorola Wing 5 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Motorola Wing 5 Manual. The Motorola manuals for Wireless are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 1101

    Page 1101 FIREWALL LOGGING 25 - 5 25.1.3 UDP packets log In both DHCP release and DHCP renew scenarios, the destination port 67 is logged. DHCP Release Jul 25 11:57:43 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:172.16.31.196 Proto:17 Src Port:68 Dst Port:67. DHCP Renew Jul 25 11:58:48 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800... 
    FIREWALL LOGGING 25 - 5
25.1.3 UDP packets log
In both DHCP release and DHCP renew scenarios, the destination port 67 is logged. 
DHCP Release
Jul 25 11:57:43 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet  Src 
MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:172.16.31.196 
Proto:17 Src Port:68 Dst Port:67.
DHCP Renew
Jul 25 11:58:48 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet  Src 
MAC: Dst MAC: Ethertype:0x0800...

    Page 1102

    Page 1102 25 - 6 WiNG CLI Reference Guide 25.1.4 ICMP type logs The example below displays an ICMP Type as 13 and an ICMP Code as 0: Jul 25 12:00:00 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.1.103 Proto:1 ICMP Type:13 ICMP Code:0. The below example displays an ICMP Type as 15 and an ICMP Code as 0: Jul 25 12:00:07 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet... 
    25 - 6 WiNG CLI Reference Guide
25.1.4 ICMP type logs
The example below displays an ICMP Type as 13 and an ICMP Code as 0:
Jul 25 12:00:00 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet  Src 
MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.1.103 
Proto:1 ICMP Type:13 ICMP Code:0.
The below example displays an ICMP Type as 15 and an ICMP Code as 0:
Jul 25 12:00:07 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet...

    Page 1103

    Page 1103 FIREWALL LOGGING 25 - 7 25.1.5 ICMP type logs The following example displays an ICMP Type as 3 and a Code as 3: Jul 25 12:03:00 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. Module name is DATAPLANE Syslog Severity level is 5 Log ID is ICMPPKTDROP Log Message is Dropping ICMP Packet The following example displays an ICMP Type as 4 and a Code as 0: Jul 25... 
    FIREWALL LOGGING 25 - 7
25.1.5 ICMP type logs
The following example displays an ICMP Type as 3 and a Code as 3:
Jul 25 12:03:00 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with 
ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error.
Module name is DATAPLANE
Syslog Severity level is 5
Log ID is ICMPPKTDROP
Log Message is Dropping ICMP Packet
The following example displays an ICMP Type as 4 and a Code as 0: 
Jul 25...

    Page 1104

    Page 1104 25 - 8 WiNG CLI Reference Guide 25.1.6 Raw IP Protocol logs The following example displays a TCP header length as less than 20 bytes: Jul 25 12:11:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6. Module name is DATAPLANE Syslog Severity level is 4 Log ID is DOSATTACK Log Message is INVALID PACKET Jul 25 12:12:00 2011: %DATAPLANE-5-MALFORMEDIP:... 
    25 - 8 WiNG CLI Reference Guide
25.1.6   Raw IP Protocol logs
The following example displays a TCP header length as less than 20 bytes:
Jul 25 12:11:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET:  TCP header length less than 20 bytes : Src IP : 
192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6.
Module name is DATAPLANE
Syslog Severity level is 4
Log ID is DOSATTACK
Log Message is INVALID PACKET
Jul 25 12:12:00 2011: %DATAPLANE-5-MALFORMEDIP:...

    Page 1105

    Page 1105 FIREWALL LOGGING 25 - 9 25.1.7 Raw IP Protocol logs The following example displays TCP without data: Jul 25 12:16:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6. Jul 25 12:16:55 2011: %DATAPLANE-5-MALFORMEDIP: Dropping IPv4 Packet from 192.168.2.102 to 192.168.1.104 Protocol Number: 6. Reason: malformed TCP header. To generate a raw IP protocol log,... 
    FIREWALL LOGGING 25 - 9
25.1.7  Raw IP Protocol logs
The following example displays TCP without data:
Jul 25 12:16:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET:  TCP header length less than 20 bytes : Src IP : 
192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6.
Jul 25 12:16:55 2011: %DATAPLANE-5-MALFORMEDIP: Dropping IPv4 Packet from 192.168.2.102 to 192.168.1.104 
Protocol Number: 6. Reason: malformed TCP header.
To generate a raw IP protocol log,...

    Page 1106

    Page 1106 25 - 10 WiNG CLI Reference Guide 25.1.8 Firewall startup log The following example displays an enabled firewall. A firewall enabled message is displayed in bold. System bootup time (via /proc/uptime) was 93.42 42.52 Please press Enter to activate this console. May 19 20:10:09 2010: %NSM-4-IFUP: Interface vlan2 is up Jul 25 12:25:09 2011: KERN: vlan2: add 01:00:5e:00:00:01 mcast address to master interface. Jul 25 12:25:09 2011: %NSM-4-IFUP: Interface vlan172 is up Jul 25 12:25:09 2011: KERN: vlan172: add... 
    25 - 10 WiNG CLI Reference Guide
25.1.8 Firewall startup log
The following example displays an enabled firewall. A firewall enabled message is displayed in bold.
System bootup time (via /proc/uptime) was 93.42 42.52
Please press Enter to activate this console. May 19 20:10:09 2010: %NSM-4-IFUP: Interface vlan2 is up
Jul 25 12:25:09 2011: KERN: vlan2: add 01:00:5e:00:00:01 mcast address to master interface.
Jul 25 12:25:09 2011: %NSM-4-IFUP: Interface vlan172 is up
Jul 25 12:25:09 2011: KERN: vlan172: add...

    Page 1107

    Page 1107 FIREWALL LOGGING 25 - 11 25.1.9 Manual time change log The following example displays the manual time change log. The clock is manually set to Jul 25 12:25:33 2011. Log change in time rfs7000-37FABE#show clock 2011-07-25 12:25:33 UTC rfs7000-37FABE# rfs7000-37FABE#clock set 12:25:33 25 Jul 2011 Jul 25 12:25:33 2011: %[S1]CFGD-6-SYSTEM_CLOCK_RESET: System clock reset, Time: 2011-07-25 12:45:00[S2] rfs7000-37FABE#show clock Jul 25 12:45:00 UTC 2011 rfs7000-37FABE# To generate a time log, logging has to be... 
    FIREWALL LOGGING 25 - 11
25.1.9 Manual time change log
The following example displays the manual time change log. The clock is manually set to Jul 25 12:25:33 2011.
Log change in time 
rfs7000-37FABE#show clock
2011-07-25 12:25:33 UTC
rfs7000-37FABE#
rfs7000-37FABE#clock set 12:25:33 25 Jul 2011
Jul 25 12:25:33 2011: %[S1]CFGD-6-SYSTEM_CLOCK_RESET: System clock reset, Time: 2011-07-25 12:45:00[S2]
rfs7000-37FABE#show clock
Jul 25 12:45:00 UTC 2011
rfs7000-37FABE#
To generate a time log, logging has to be...

    Page 1108

    Page 1108 25 - 12 WiNG CLI Reference Guide 25.1.10 Firewall ruleset log The following example displays the log changes as ‘ACL_ATTACHED_ALTERED’ when an ACL Rule is applied/removed on WLAN, VLAN, GE, and PORT-CHANNEL: IP ACL IN on WLAN Attach July 28 12:48:40 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to wlan ICSA-testing is getting altered USER: The user who is doing the change session: means the session id of the user - one user can have multiple sessions running, so this explains... 
    25 - 12 WiNG CLI Reference Guide
25.1.10 Firewall ruleset log
The following example displays the log changes as ‘ACL_ATTACHED_ALTERED’ when an ACL Rule is applied/removed on 
WLAN, VLAN, GE, and PORT-CHANNEL:
IP ACL IN   on WLAN Attach
July 28 12:48:40 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to wlan ICSA-testing is 
getting altered
USER: The user who is doing the change
session: means the session id of the user - one user can have multiple sessions running, so this explains...

    Page 1109

    Page 1109 FIREWALL LOGGING 25 - 13 IP ACL on GE Port Remove July 28 12:49:20 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Attach July 28 12:49:22 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Remove July 28 12:49:24 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. IP ACL on Port-Channel... 
    FIREWALL LOGGING 25 - 13
IP ACL on GE Port Remove 
July 28 12:49:20 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is 
getting altered.
MAC ACL on GE Port Attach 
July 28 12:49:22 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is 
getting altered.
MAC ACL on GE Port Remove
July 28 12:49:24 2011:  %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is 
getting altered.
IP ACL on Port-Channel...

    Page 1110

    Page 1110 25 - 14 WiNG CLI Reference Guide 25.1.11 TCP Reset Packets log For any change in the TCP configuration, a TCP reset log is generated. The following example displays the initial TCP packets permitted before the session timedout: July 28 20:31:26 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.102 Proto:6 Src Port:3318 Dst Port:21. July 28 20:31:31 2011: %DATAPLANE-5-LOGRULEHIT: Matched... 
    25 - 14 WiNG CLI Reference Guide
25.1.11 TCP Reset Packets log
For any change in the TCP configuration, a TCP reset log is generated. The following example displays the initial TCP 
packets permitted before the session timedout:  
July 28 20:31:26 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet  Src 
MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.102 
Proto:6 Src Port:3318 Dst Port:21.
July 28 20:31:31 2011: %DATAPLANE-5-LOGRULEHIT: Matched...
    Start reading Motorola Wing 5 Manual
    All Motorola manuals