Motorola Wing 5 Manual
Have a look at the manual Motorola Wing 5 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 249 Motorola manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 1107
FIREWALL LOGGING 25 - 11
25.1.9 Manual time change log
The following example displays the manual time change log. The clock is manually set to Jul 25 12:25:33 2011.
Log change in time
rfs7000-37FABE#show clock
2011-07-25 12:25:33 UTC
rfs7000-37FABE#
rfs7000-37FABE#clock set 12:25:33 25 Jul 2011
Jul 25 12:25:33 2011: %[S1]CFGD-6-SYSTEM_CLOCK_RESET: System clock reset, Time: 2011-07-25 12:45:00[S2]
rfs7000-37FABE#show clock
Jul 25 12:45:00 UTC 2011
rfs7000-37FABE#
To generate a time log, logging has to be...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-1106.png "Page 1107
FIREWALL LOGGING 25 - 11
25.1.9 Manual time change log
The following example displays the manual time change log. The clock is manually set to Jul 25 12:25:33 2011.
Log change in time
rfs7000-37FABE#show clock
2011-07-25 12:25:33 UTC
rfs7000-37FABE#
rfs7000-37FABE#clock set 12:25:33 25 Jul 2011
Jul 25 12:25:33 2011: %[S1]CFGD-6-SYSTEM_CLOCK_RESET: System clock reset, Time: 2011-07-25 12:45:00[S2]
rfs7000-37FABE#show clock
Jul 25 12:45:00 UTC 2011
rfs7000-37FABE#
To generate a time log, logging has to be...")
![Page 1113
FIREWALL LOGGING 25 - 17
25.1.14 SSH connection log
A SSH connection is enabled on the wireless controller using factory settings.
Running primary software, version 5.0.0.0-81243X
Alternate software secondary, version 5.2.0.0-048D
Software fallback feature is enabled
System bootup time (via /proc/uptime) was 126.10 92.38
Please press Enter to activate this console. May 19 20:47:33 2010: %DOT11-5-COUNTRY_CODE: Country of operation
configured to in [India]
July 28 20:47:34 2011: %DIAG-6-NEW_LED_STATE:...](http://img.usermanuals.tech/thumb/52/100713/w64_wing-5-manual-1509563222_d-1112.png "Page 1113
FIREWALL LOGGING 25 - 17
25.1.14 SSH connection log
A SSH connection is enabled on the wireless controller using factory settings.
Running primary software, version 5.0.0.0-81243X
Alternate software secondary, version 5.2.0.0-048D
Software fallback feature is enabled
System bootup time (via /proc/uptime) was 126.10 92.38
Please press Enter to activate this console. May 19 20:47:33 2010: %DOT11-5-COUNTRY_CODE: Country of operation
configured to in [India]
July 28 20:47:34 2011: %DIAG-6-NEW_LED_STATE:...")
FIREWALL LOGGING 25 - 15 25.1.12 ICMP Destination log The following example displays an ICMP destination as unreachable when no matching payload is found: July 28 19:57:09 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. July 28 19:57:09 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. To generate an ICMP protocol log, an ACL rule has to be applied and logging has to be enabled. For example, the following commands has to be executed: rfs7000-37FABE(config-ip-acl-test)#permit icmp any any log rule-precedence 20 rfs7000-37FABE(config-ip-acl-test)#
25 - 16 WiNG CLI Reference Guide 25.1.13 ICMP Packet log July 28 20:37:04 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.1.1 Proto:1 ICMP Type:8 ICMP Code:0. July 28 20:37:08 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.2.1 to 172.16.31.196, with Protocol Number:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. To generate an ICMP protocol log, an ACL rule has to be applied and logging has to be enabled: For example, the following commands has to be executed: rfs7000-37FABE(config-ip-acl-test)#permit icmp any any log rule-precedence 20 rfs7000-37FABE(config-ip-acl-test)#
FIREWALL LOGGING 25 - 17 25.1.14 SSH connection log A SSH connection is enabled on the wireless controller using factory settings. Running primary software, version 5.0.0.0-81243X Alternate software secondary, version 5.2.0.0-048D Software fallback feature is enabled System bootup time (via /proc/uptime) was 126.10 92.38 Please press Enter to activate this console. May 19 20:47:33 2010: %DOT11-5-COUNTRY_CODE: Country of operation configured to in [India] July 28 20:47:34 2011: %DIAG-6-NEW_LED_STATE: LED state message AP_LEDS_ON from module DOT11 July 28 20:47:34 2011: KERN: vlan1: add 01:00:5e:00:00:01 mcast address to master interface. July 28 20:47:34 2011: %NSM-4-IFUP: Interface vlan2 is up July 28 20:47:34 2011: KERN: vlan2: add 01:00:5e:00:00:01 mcast address to master interface. July 28 20:47:34 2011: %NSM-4-IFUP: Interface vlan172 is up July 28 20:47:34 2011: KERN: vlan172: add 01:00:5e:00:00:01 mcast address to master interface. July 28 20:47:34 2011: %DAEMON-3-ERR: dhcrelay: interface allocate: vlan1 July 28 20:47:34 2011: %PM-6-PROCSTART: Starting process /usr/sbin/sshd July 28 20:47:34 2011: %DAEMON-3-ERR: dhcrelay: idataplane enabled nterface allocatCCB:21:Firewall enabled e : vlan1 July 28 20:47:34 2011: %DAEMON-3-ERR: dhcrelay: interface allocate : vlan2 July 28 20:47:34 2011: %KERN-4-WARNING: dataplane enabled. July 28 20:47:34 2011: %DATAPLANE-5-FWSTARTUP: Firewall enabled. July 28 20:47:39 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.1.1 Proto:6 Src Port:3327 DstPort:22.
25 - 18 WiNG CLI Reference Guide 25.1.15 Allowed/Dropped Packets Log The following example displays disposition information regarding allow/deny packets: Allow Packets CCB:0:Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.1 Proto:17 Src Port:137 Dst Port:137 CCB:0:Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.1 Proto:17 Src Port:1029 Dst Port:53 CCB:July 28 18:14:3220110: %DATAPLAN:-5-LOGRULEHIT: Matched ACL:ftpuer:aip Rule:1 Ditcposition:Allow hedacket Src MAC: 00-11-25-14-D9-A2> Dst MAC: thertLype:0x0800:Src IP:192.168..102 Dsft IP:192t168.2.1 Proto:1p Src Port:137 Dut Port:137. ser:ip Rule:1 Disposition:Allow Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.1 Proto:17 Src Port:1029 Dst Port:53 Drop/Deny Packets CCB:0:Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.1 Proto:17 Src Port:137 Dst Port:137 July 28 20:41:28 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC: Dst MAC: Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.1 Proto:17 Src Port:137 Dst To generate an allow/deny protocol log, an ACL rule has to be applied and logging has to be enabled. For example, the following commands has to be executed: rfs7000-37FABE(config-ip-acl-test)#permit ip any any log rule-precedence 20 rfs7000-37FABE(config-ip-acl-test)# rfs7000-37FABE(config-ip-acl-test)#deny ip any any log rule-precedence 20 rfs7000-37FABE(config-ip-acl-test)#
APPENDIX A CONTROLLER MANAGED WLAN USE CASE This section describes the activities required to configure a controller managed WLAN. Instructions are provided using the controller CLI. Creating a First Controller managed WLAN Assumptions Design Using the Command Line Interface to Configure the WLAN
A - 2 WiNG CLI Reference Guide A.1 Creating a First Controller Managed WLAN It is assumed you have a RFS4000 wireless controller with the latest build available from Motorola Solutions. It is also assumed you have one AP7131 model access point and one AP650 model access point, both with the latest firmware available from Motorola Solutions. Upon completion, you will have created a WLAN on a RFS4000 model wireless controller using a DHCP server to allocate IP addresses to associated wireless clients. A.1.1 Assumptions Creating a First Controller Managed WLAN Verify the following conditions have been satisfied before attempting the WLAN configuration activities described in this section: 1. It is assumed the wireless controller has the latest firmware version available from Motorola Solutions. 2. It is assumed the AP7131 and AP650 access points also have the latest firmware version available from Motorola Solutions. 3. It is assumed there are no previous configurations on the wireless controller or access point and default factory configurations are running on the devices. 4. It is assumed you have administrative access to the wireless controller and access point CLI. 5. It is assumed the individual administrating the network is a professional network installer. A.1.2 Design Creating a First Controller Managed WLAN This section defines the network design being implemented. Figure A-1Network Design This is a simple deployment scenario, with the access points connected directly to the wireless controller. One wireless controller port is connected to an external network. On the RFS4000 wireless controller, the GE1 interface is connected to an external network. Interfaces GE3 and GE4 are used by the access points.
A - 3 On the external network, the controller is assigned an IP address of 192.168.10.188. The wireless controller acts as a DHCP server for the wireless clients connecting to it, and assigns IP addresses in the range of 172.16.11.11 to 172.16.11.200. The rest of IPs in the range are reserved for devices requiring static IP addresses. A.1.3 Using the Command Line Interface to Configure the WLAN Creating a First Controller Managed WLAN These instructions are for configuring your first WLAN using the controller CLI. Use a serial console cable when connecting to the wireless controller for the first time. Set the following configuration when using the serial connection: Bits per second: 19200 Data Bit: 8 Parity: None Stop Bit: 1 Flow Control: None The steps involved in creating a WLAN on a wireless controller are: 1.Logging Into the Controller for the First Time 2.Creating a RF Domain 3.Creating a Wireless Controller Profile 4.Creating an AP Profile 5.Creating a DHCP Server Policy A.1.3.1 Logging Into the Controller for the First Time Using the Command Line Interface to Configure the WLAN When powering on the wireless controller for the first time, you are prompted to replace the existing administrative password. The credentials for logging into the wireless controller for the first time are: admin Password: motorola Ensure the new password created is strong enough to provide adequate security for the controller managed network. A.1.3.2 Creating a RF Domain Using the Command Line Interface to Configure the WLAN A RF Domain is a collection of configuration settings specific to devices located at the same physical deployment, such as a building or a floor. Create a RF Domain and assign the country code where the devices are deployed. This is a mandatory step, and the devices will not function as intended if this step is omitted. The instructions in this section must be performed from the Global Configuration mode of the wireless controller. To navigate to this mode: RFS4000>enable RFS4000# RFS4000#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RFS4000(config)# Create the RF Domain using the following commands:
A - 4 WiNG CLI Reference Guide RFS4000(config)#rf-domain RFDOMAIN_UseCase1 RFS4000(config-rf-domain-RFDOMAIN_UseCase1)# This command creates a profile with the name RFDOMAIN_UseCase1. Set the country code for the RF Domain. RFS4000(config-rf-domain-RFDOMAIN_UseCase1)#country-code us This sets the country code for this RF Domain. Save this change and exit the RF Domain profile context. RFS4000(config-rf-domain-RFDOMAIN_UseCase1)#commit write RFS4000(config-rf-domain-RFDOMAIN_UseCase1)#exit RFS4000(config)# To define the wireless controller’s physical location, use the same RF Domain configuration. RFS4000(config)#self RFS4000(config-device-03-14-28-57-14-28)# RFS4000(config-device-03-14-28-57-14-28)#use rf-domain RFDOMAIN_UseCase1 Commit the changes and write to the running configuration. Exit this context. RFS4000(config-device-03-14-28-57-14-28)#commit write RFS4000(config-device-03-14-28-57-14-28)#exit RFS4000(config)# A.1.3.3 Creating a Wireless Controller Profile Using the Command Line Interface to Configure the WLAN The first step in creating a WLAN is to configure a profile defining the parameters applied to a wireless controller. To create a profile: RFS4000(config)#profile rfs4000 RFS4000_UseCase1 RFS4000(config-profile-RFS4000_UseCase1)# This creates a profile with the name RFS4000_UseCase1 and moves the cursor into its context. Any configuration made under this profile is available when it’s applied to a device. Configure a VLAN Create the VLAN to use with the WLAN configuration. This can be done using the following commands: RFS4000(config-profile-RFS4000_UseCase1)#interface vlan 2 RFS4000(config-profile-RFS4000_UseCase1-if-vlan2)#ip address 172.16.11.1/24 The above command assigns the IP address 172.16.11.1 with the mask of 255.255.255.0 to VLAN2. Exit the VLAN2 context. RFS4000(config-profile-RFS4000_UseCase1-if-vlan2)#exit RFS4000(config-profile-RFS4000_UseCase1)# The next step is to assign this newly created VLAN to a physical interface. In this case, VLAN 2 is mapped to GE3 and GE4 to support two access points, an AP650 and an AP7131. The AP650 is connected to the gigabit interface GE3 and the AP7131 to the GE4 interface. RFS4000(config-profile-RFS4000_UseCase1)#interface ge 3 RFS4000(config-profile-RFS4000_UseCase1-if-ge3)# Map VLAN 1 to this interface. This assigns the IP address to the selected physical interface. RFS4000(config-profile-RFS4000_UseCase1-if-ge3)#switchport access vlan 2 RFS4000(config-profile-RFS4000_UseCase1-if-ge3)#exit RFS4000(config-profile-RFS4000_UseCase1)# Similarly, map the defined VLAN 1 to the GE4 interface.
A - 5 RFS4000(config-profile-RFS4000_UseCase1)#interface ge 4 RFS4000(config-profile-RFS4000_UseCase1-if-ge4)#switchport access vlan 2 RFS4000(config-profile-RFS4000_UseCase1-if-ge4)#exit RFS4000(config-profile-RFS4000_UseCase1)# Exit the profile and save it. RFS4000(config-profile-RFS4000_UseCase1)#exit RFS4000(config)#commit write Configure the Wireless Controller to use the Profile Before the wireless controller can be further configured, the profile must be applied to the wireless controller. RFS4000(config)#self RFS4000(config-device-03-14-28-57-14-28)# RFS4000(config-device-03-14-28-57-14-28)#use profile RFS4000_UseCase1 RFS4000(config-device-03-14-28-57-14-28)#exit RFS4000(config)#commit write Create a WLAN Use the following commands to create a WLAN: RFS4000(config)#wlan 1 RFS4000(config-wlan-1)# Configure the SSID for the WLAN. This is the value that identifies and helps differentiate this WLAN. RFS4000(config-wlan-1)#ssid WLAN_USECASE_01 Enable the SSID to be broadcast so wireless clients can find it and associate. RFS4000(config-wlan-1)#broadcast-ssid Associate the VLAN to the WLAN and exit. RFS4000(config-wlan-1)#vlan 2 RFS4000(config-wlan-1)#exit Commit the Changes Once these changes have been made, they have to be committed before proceeding. RFS4000(config)#commit write A.1.3.4 Creating an AP Profile Using the Command Line Interface to Configure the WLAN An AP profile provides a method of applying common settings to access points of the same model. The profile significantly reduces the time required to configure access points within a large deployment. For more information, see: Creating an AP650 Profile Creating an AP7131 Profile A.1.3.4.1 Creating an AP650 Profile Creating an AP Profile An AP650’s firmware is updated directly by its associated wireless controller. The process is automatic, and no intervention is required. To create a profile for use with an AP650: RFS4000(config)#profile ap650 AP650_UseCase1 RFS4000(config-profile-AP650_UseCase1)# Assign the access point to be a member of the same VLAN defined in Creating an AP Profile on page A-5. In this section, the VLAN was defined as VLAN 2. Configure the access point to be a member of VLAN 2.
A - 6 WiNG CLI Reference Guide RFS4000(config-profile-AP650_UseCase1)#interface vlan 2 RFS4000(config-profile-AP650_UseCase1-if-vlan2)# Configure this VLAN to use DHCP, so any device that is associated using this access point is automatically assigned a unique IP address. Once completed, exit this context. RFS4000(config-profile-AP650_UseCase1-if-vlan2)#ip address dhcp RFS4000(config-profile-AP650_UseCase1-if-vlan2)#exit The VLAN has to be mapped to a physical interface on the access point. Since the only available physical interface on the AP650 is GE1, this VLAN is mapped to it. RFS4000(config-profile-AP650_UseCase1)#interface ge 1 RFS4000(config-profile-AP650_UseCase1-if-ge1)#switchport access vlan 2 RFS4000(config-profile-AP650_UseCase1-if-ge1)#exit Before a WLAN can be implemented, it has to be mapped to a radio on the access point. An AP650 has 2 radios, in this scenario, both radios are utilized. RFS4000(config-profile-AP650_UseCase1)#interface radio 1 RFS4000(config-profile-AP650_UseCase1-if-radio1)#wlan 1 RFS4000(config-profile-AP650_UseCase1-if-radio1)#exit RFS4000(config-profile-AP650_UseCase1)#interface radio 2 RFS4000(config-profile-AP650_UseCase1-if-radio2)#wlan 1 RFS4000(config-profile-AP650_UseCase1-if-radio2)#exit RFS4000(config-profile-AP650_UseCase1)# Commit the changes made to this profile and exit. RFS4000(config-profile-AP650_UseCase1)#commit write RFS4000(config-profile-AP650_UseCase1)#exit RFS4000(config)# Apply this Profile to the Discovered AP650 Access the discovered access point using the following command. The discovered device’s MAC address is used to access its context. RFS4000(config)#ap650 00-A0-F8-00-00-01 RFS4000(config-device-00-A0-F8-00-00-01)# Assign the AP profile to this AP650 access point. RFS4000(config-device-00-A0-F8-00-00-01)#use profile AP650_UseCase1 RFS4000(config-device-00-A0-F8-00-00-01)#commit write Apply the RF Domain profile to the AP Apply the previously created RF Domain to enable a country code to be assigned to the discovered access point. A discovered access point only works properly if its country code is the country code of its associated wireless controller. RFS4000(config-device-00-A0-F8-00-00-01)#use rf-domain RFDOMAIN_UseCase1 RFS4000(config-device-00-A0-F8-00-00-01)#commit write RFS4000(config-device-00-A0-F8-00-00-01)#exit RFS4000(config)# A.1.3.4.2 Creating an AP7131 Profile Creating an AP Profile To create a profile for use with an AP7131: RFS4000(config)#profile ap7131 AP7131_UseCase1 RFS4000(config-profile-AP7131_UseCase1)# Set the access point to be a member of the same VLAN defined in Creating an AP Profile on page A-5. In this section, the VLAN was defined as VLAN 2. Configure the access point to be a member of the VLAN 2.