Michael McNamara

Motorola has released software v3.3 for the WS5100 and v1.3 for the RFS7000 Wireless LAN Switches. This is v1.3 release of their Wi-NG software for Motorola’s Enterprise-class RF & Wireless Switches.

You can find the release notes for the 3.3 (WS5100) software release here. And you can find the release notes for the 1.3 (RFS7000) software release here.

I hope to provide some feedback in the coming weeks.

Cheers!

We just recently started replacing our legacy Motorola (formerly Symbol) WS5000/WS5100 Wireless LAN Switches with the Motorola RFS 7000 Wireless LAN Switch. I know quite a few organizations have jumped from Motorola over the past few years to Cisco, Aruba, Trapeze and Meru. While Motorola isn’t the easiest company to work with (who is these days) they really understand wireless and they have come through on a number of occasions involving highly technical problems. In short the product works and works well for our needs and fits in our budget. While Motorola may lack some of the bells and whistles of the other vendors mentioned above it’s stability is something we’ve come to enjoy.

The RFS7000 provides 4 10/100/1000 Cu/SFP Ethernet interfaces and can manage up to 256 802.11a/b/g Access Ports. We’ve long struggled managing some of our largest wireless environments where we needed 18 WS5000 switches (each WS5000 would only manage up to 48 802.11a/b/g Access Ports).The old WS5000 also required a one-to-one cold standby for redundancy and high-availability. The RFS7000 supports clustering and N+1 redundancy so we’re going to be using a lot less power and rack space not to mention all the configuration and cabling.

You can find the technical specifications for the RFS7000 here. And you can find the entire Motorola Wireless LAN portfolio here.

Let me provide a small example configuration. You’ll need to connect to the console interface (19200,8,N,1) and configure the Gigabit Ethernet interfaces. The default username is “admin” while the default password is “superuser”.

RFS7000 release 1.2.0.0-040R
Login as 'cli' to access CLI.
sw-wireless.mdc.mlhs.org login: cli

User Access Verification

Username: admin
Password:
Welcome to CLI
RFS7000>enable
RFS7000#config term
Enter configuration commands, one per line.  End with CNTL/Z.

We’ll be using the interface ‘ge1′ as the Layer 2 (AP VLAN) interface and ‘ge2′ will be our Layer 3 interface. We’ll trunk ge2 and leave ge1 as access. We’ll also use VLANS 29-32 in order to bridge our WLANs to our Nortel Ethernet Routing Switch 8600 core. VLAN 23 will be our Layer 2 AP VLAN where the Access Ports will be connected.

RFS7000(config)#interface ge1
RFS7000(config-if )# switchport access vlan 23
RFS7000(config-if)# exit
RFS7000(config)# interface ge2
RFS7000(config-if)# switchport mode trunk
RFS7000(config-if)# switchport trunk native vlan 200
RFS7000(config-if)# switchport trunk native tagged
RFS7000(config-if)# switchport trunk allowed vlan none
RFS7000(config-if)# switchport trunk allowed vlan add 29-32,200

We’ll shutdown VLAN 1 just to be careful, we don’t want any loops.

RFS7000(config)# interface vlan1 no ip address
RFS7000(config)# interface vlan1
RFS7000(config-if)# shutdown

I use VLAN 200 as my management VLAN and place all my network electronics in that VLAN.

RFS7000(config)# interface vlan200
RFS7000(config-if)# management
RFS7000(config-if)# interface vlan200 ip address 10.1.1.40/24
RFS7000(config-if)# exit
RFS7000(config)# ip route 0.0.0.0/0 10.1.1.1

At this point the Motorola RFS7000 should be online and reachable via the network. Let’s configure a single WLAN/ESSID called “PHILLIES” for WPA-TKIP with 802.1x EAP-PEAP authentication to a Microsoft Internet Authentication Server (IAS) so our Windows XP laptop can automatically pass our Windows Active Directory credentials for authentication.

RFS7000(config)#wireless
RFS7000(config-wirless)# manual-wlan-mapping enable
RFS7000(config-wirless)# wlan 1 enable
RFS7000(config-wirless)# wlan 1 description 80211a
RFS7000(config-wirless)# wlan 1 ssid PHILLIES
RFS7000(config-wirless)# wlan 1 vlan 30
RFS7000(config-wirless)# wlan 1 encryption-type tkip
RFS7000(config-wirless)# wlan 1 authentication-type eap
RFS7000(config-wirless)# wlan 1 radius server primary 10.1.1.100
RFS7000(config-wirless)# wlan 1 radius server primary radius-key 0 RaDiUsKeY
RFS7000(config-wirless)# wlan 1 radius server secondary 10.5.1.100
RFS7000(config-wirless)# wlan 1 radius server secondary radius-key 0 RaDiUsKeY
RFS7000(config-wirless)# wlan 1 radius authentication-protocol chap
RFS7000(config-wirless)# exit
RFS7000(config)#

I’m authenticating users against the RADIUS servers at 10.1.1.100 and 10.5.1.100 with the radius key of “RaDiUsKeY” using CHAP as the protocol. Those servers are actually Windows 2003 Domain Controllers running the Internet Authentication Service (IAS).

Since I’m manaully mapping the WLANs I need to make sure I map the WLAN to the default 802.11a radio configuration with the following command. I’ll also set the AP to indoor, the channel selection to ACS and the power to 20mW.

RFS7000(config)#wireless
RFS7000(config-wireless)# radio default-11a bss 1 1
RFS7000(config-wireless)# radio default-11a channel-power indoor acs 20

You’ll obviously need to have the the RADIUS servers setup and you’ll also need Microsoft’s Certificate Server in your Active Directory. The clients will use the trusted root certificate to authenticate the login request from the RADIUS server.

I don’t think there are may people that haven’t figured out how to-do this (it’s really ease) so I’m not going to really go into the topic. If you have questions please feel free to post a comment and I’ll do me best to respond.

That’s a little taste of the RFS700, hopefully you’ll find the information useful.

Cheers!

RFS7000*>
RFS7000*>enable
RFS7000*#service clear ?
all          Remove all core, dump and panic files
aplogs       Remove all local ap log files (does not clear them off the AP)
clitree      Remove clitree.html (created by the save-cli command)
cores        Remove all core files
dumps        Remove all dump files
panics       Remove all kernel panic files
securitymgr  Securitymgr parameters
RFS7000*#>service clear all
RFS7000#

Cheers!

The Motorola AP-5131 is a fully featured 802.11a/b/g wireless network access point that supports MESH networking.

I recently needed to reset one of these access points and thought it would be useful for anyone else looking for information on the subject.

Step 1. Serial up to the AP5131 with 19200-8-N-1

Step 2. Power cycle the AP5131

Step 3. Press the “Escape” key when the AP5131 states “Press escape key to run boot firmware”.

Step 4. From the “boot>” prompt enter “passwd default”.

Step 5. Reset the system by entering “reset system”.

The AP5131 should perform a full reset and end up at the login prompt after it has booted. The default administrator password is “symbol” (case sensitive).

Note: starting with firmware release 1.1.2.0-005R the AP51×1 password was changed to “motorola”.

Upon logging in for the first time the administrator should be prompted to change the password. The default administrator username is “admin”.

Note: the default IP address of the AP5131 is 192.168.0.1 and the DHCP server is enabled in the factory configuration so you should be able to connect your PC to the LAN port and then open a web browser to access the Admin GUI.

Cheers!

We want to locate the following device wireless-laptop.acme.org so we need to start by identifying the IP address of the device. Thanks to Dynamic DNS we can be assured that our DNS servers will have that information.

C:\> nslookup wireless-laptop.acme.org.
Server:         10.1.1.1
Address:        10.1.1.1#53

Name:   wireless-laptop.acme.org
Address: 10.1.195.55

In most circumstances we’d now need to identify the MAC address of the wireless device. We can skip that step since the WS5100 will have the IP address of the client for us to search against.

WS5100# show wireless mobile-unit
Number of mobile-units associated: 23
index   MAC-address       radio type wlan vlan/tunnel  ready  IP-address    last active
  1     00-1B-77-30-DF-80  30    11a  1      vlan 18   Y     10.1.195.57   1 Sec
  2     00-20-E0-1A-0F-E5  58    11a  1      vlan 18   Y     10.1.195.48   20 Sec
  3     00-13-E8-86-DF-F3  30    11a  1      vlan 18   Y     10.1.195.96   0 Sec
  4     00-15-00-32-8C-EC  19    11a  1      vlan 18   Y     10.1.195.31   31 Sec
  5     00-15-00-32-D6-46  29    11a  1      vlan 18   Y     10.1.195.50   16 Sec
  6     00-15-00-32-D3-67  1     11g  2      vlan 17   Y     10.1.194.54   4 Sec
  7     00-A0-F8-D4-46-9C  2     11b  4      vlan 22   Y     10.1.206.53   223 Sec
  8     00-A0-F8-D4-48-FD  1     11b  4      vlan 22   Y     10.1.206.207  215 Sec
  9     00-1B-77-2A-99-05  30    11a  1      vlan 18   Y     10.1.195.55   7 Sec
  10    00-18-DE-7A-76-D0  30    11a  1      vlan 18   Y     10.1.195.67   16 Sec
  11    00-16-6F-1D-F1-B9  1     11g  2      vlan 17   Y     10.1.194.44   6 Sec
  12    00-1B-77-31-11-77  30    11a  1      vlan 18   Y     10.1.195.68   4 Sec
  13    00-90-7A-04-16-5F  1     11b  3      vlan 21   Y     10.1.198.52   11 Sec
  14    00-A0-F8-D6-3C-2A  1     11b  4      vlan 22   Y     10.1.206.70   652 Sec
  15    00-A0-F8-D4-45-A5  2     11b  4      vlan 22   Y     10.1.206.252  170 Sec
  16    00-13-E8-5B-ED-73  30    11a  1      vlan 18   Y     10.1.195.106  4 Sec
  17    00-13-E8-5B-EE-39  30    11a  1      vlan 18   Y     10.1.195.111  23 Sec
  18    00-18-DE-7A-9E-3A  30    11a  1      vlan 18   Y     10.1.195.77   20 Sec
  20    00-90-7A-03-5E-C7  1     11b  3      vlan 21   Y     10.1.198.50   23 Sec
  21    00-13-E8-86-C8-55  30    11a  1      vlan 18   Y     10.1.195.107  5 Sec
  22    00-A0-F8-D4-48-5F  1     11b  4      vlan 22   Y     10.1.206.145  124 Sec
  24    00-13-E8-86-C7-E7  30    11a  1      vlan 18   Y     10.1.195.110  10 Sec
  26    00-1B-77-2A-5C-6C  30    11a  1      vlan 18   Y     10.1.195.81   37 Sec

Note: if you have a lot of mobile units you can use grep;

WS5100# show wireless mobile-unit | grep "10.1.195.55"
   9     00-1B-77-2A-99-05  30    11a  1      vlan 18   Y     10.1.195.55   7 Sec

Now that we have the MU (Mobile Unit) index (the first number on the line) we can get the full details;

WS5100# show wireless mobile-unit 9

MAC: 00-1B-77-2A-99-05, IP Address: 10.1.195.55, Type: 11a, State: data-ready
Radio Config Index: 30, Bssid: 00-15-70-12-1D-78
Wlan: 1, Vlan: vlan 18, Voice: N, Powersave: N, Classification: normal
Encryption Type: tkip (key index: 1) Authentication Type: eap
Last Assoc: 7990 seconds ago, Last Activity: 23 seconds ago, Roam-Count: 18
DHCP state : DHCPNONE AP Scan Support: N
Session Timeout: 100 days 00:00:00  Idle Timeout: 0 days 00:30:00

In the information above we can see that the MU is associated to radio 30, so let’s look at radio 30;

WS5100# show wireless radio 30

Radio: 30, Mac: <00-15-70-11-34-32>, Type: 11a, ap Index: 7, vlan 198
Current Channel: 36 [5180 MHz], Configured Channel: acs
Current Power: 17 dBm, Max ESS: 16, Max BSS: 4, Num Mu: 11
BSS: 00-15-70-12-1D-78, State: normal
Current Data-Rates/Speed:  basic6 9 basic12 18 basic24 36 48 54
Last Adoption: 0 days 20:55:16 ago

Configuration:
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed:  basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32

It doesn’t look like the Motorola switch shows us the radio description above so we’ll need to use another command to get the description;

WS5100# show wireless radio config 30

Radio: 30, Description: Main Building Lobby, MAC: 00-15-70-11-34-32
Radio Type: 11a, AP Type: ap300
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed:  basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32

So it looks like the device we’re looking for, wireless-laptop.acme.org (10.1.193.55), is connected to radio 30 (802.11a) which has a description of “Main Building Lobby”. While this will give you an idea of the basic location it doesn’t provide you a specific location. While there are new APIs in the WS5100 and RFS7000 that can provide locationing by means of triangulation between multiple Access Ports, they require external applications and management software.

Obviously you’ll need to make sure that you’ve put descriptive locations on each radio (AP300) through the Motorola console when configuring/installing the APs.

Cheers!

I thought I would share this story with everyone. We had discovered an issue with Ethernet frames being maligned/corrupted between the Motorola Access Port 300 (AP300) and the Motorola Wireless (WS5100) LAN Switch.

We had a ticket open with Motorola trying to understand why a significant number of our AP300s were rebooting themselves at odd hours during the early morning. Motorola had requested that we provide network traces at the Access Point and Wireless Switch. Surprisingly Motorola came back and pointed out that the payload in some of the Ethernet frames was getting modified between the Wireless Switch and the Access Port.

The fundamental equipment involved in this problem were as follows; Nortel Ethernet Switch 460 (ES 460), Ethernet Switch 470 (ES 470), Ethernet Routing Switch 5520 (ERS 5520), Ethernet Routing Switch 8600 (ERS8600); Motorola Wireless LAN Switch 5100 (WS5100) and Access Ports 300(AP300).

The Motorola WS5100s and AP300s are physically connected over the same Layer 2 Ethernet network. The “Ethernet 1” port on the WS5100 is connected to a Virtual Local Area Network (VLAN) which provides a single broadcast domain for all AP 300s to connect to the WS5100. The “Ethernet 2” port on the WS5100 is used as a trunk interface to bridge between the WLANs (wireless) and VLANs (wired) segments. We essentially have core switches and edge switches (distribution is collapsed down into the core). The core switch can be a single ERS8600 or a pair of ERS8600s (Layer 3) connected via an IST (Inter-Switch Trunk). At the edge we generally deploy ES470(Layer 2) or ERS5520(Layer 2). We have deployed ES460s (PoE) into closets where ES470s are already present to specifically support PoE and the wireless network.

Here is a quick topology of the network with respect to the WS5100s and AP300s.
We recently started deploying the ERS5520s (in place of the ES470s) which directly support PoE allowing us to deploy one less piece of equipment at the edge and also provides one less bridge (hop) to switch through.We have been plagued by a problem that is affecting the Motorola AP300s causing them to randomly reset and re-adopt at different times of the day without warning or cause. In searching for the cause of this problem we’ve documented numerous Ethernet frames being maligned as they travel from the AP300 to the WS5100.

With respect to the examples I’m going to draw the following topology applies;

It should be noted that we do use the ES460s and ERS5520s to remark the 802.1p bits in the Ethernet frame so we can provide some measure of QoS with respect to the Nortel (Spectralink) Wireless LAN phones that we currently have deployed. In essence we mark all Ethernet packets on the “APVLAN” with a QoS level of 4 (“Gold”, BoSS-65530).

Network Trace Analysis

I will refer to the following two trace files;

“ers460side1.pcap” closet ES460 trace
“ers8600side1.pcap” core ERS8600 trace

I tried to merge up the two traces so each trace is synchronous with the other. We’ll focus on packet 3, you can see in the closet ES460 trace that bytes 15 and 16 are 0×20 and 0×12 respectively.

Looking at the other trace you can see that bytes 15 and 16 are different than in the first trace. You can see that the bits in 16 have been shifted to bytes 26.

You can again see the same problem in packet 4;

You can see it again in packets 6, 7, 10, 39, 43, 45, etc.

In the end the problem turned out to be a software/hardware issue with the Nortel Ethernet Routing Switch 8600. If DiffServ was enabled on the Ethernet port that was being mirrored, the mirrored data was somehow getting corrupted in the process of copying the packets. Once we disabled DiffServ on the Ethernet port the problem disappeared. We opened a case with Nortel but were told that it would be handled as an enhancement request, not a correction request (go figure!).

I personally no longer trust either the port mirror or packet capture facilities of the Nortel ERS 8600 and rely on physical taps so there can be no doubt or questions about the validity of the capture data.

We still have issues with our Motorola AP300s rebooting from time to time but they have been much better since Motorola released v2.1.3 software for the WS5000/WS5100s. We are currently working with Motorola to resolve issues in their v3.x software line that is causing our Nortel 2211 (Spectralink) wireless phones to occasionally reboot while idle and roaming.

Cheers!