The WS5100 would intermittently come under extreme load for 5-30 minutes, so much load that ultimately the entire wireless network would collapse as the Access Ports started experiencing watchdog resets and would just continually reboot themselves. This problem would come and go throughout the day or night, we could go 12 hours without an issue and then go the next 12 hours with issues every 30 minutes. The problem was affecting both the primary and secondary WS5100 so I eliminated the hardware almost out of the gate. I have first hand experience running v3.3.5.0-002R software on a large number of WS5100s and have never had an issue with that software release so I really didn’t suspect the software. This wireless solution had been in place for more than 18 months without any major issues or problems. The local engineers reported that there had been no changes, no new devices. So what was causing this problem? I immediately suspected an external catalyst but how would I find it?

As with most highly technical problems it wasn’t until I could get my hands on some packet traces and I had time to dissect those packet traces that I could start to fully understand and comprehend what was actually going on.

Topology

A pair of Motorola WS5100 Wireless LAN Switches with 30 AP300 running software release v3.3.5.0-002R in a cluster configuration with one running as primary and the other running as secondary. The network was comprised of a single Cisco Catalyst 4500 with around ten individual Cisco Catalyst 2960S switches at the edge each trunked to the core in a simple hub and spoke design. The entire network was one single flat VLAN. The WS5100s were attached to the Cisco Catalyst 4500 via a single 1Gbs interface, one arm router style. The peak number of wireless devices was around 200, the total number of MAC addresses on the network was around 525 (this includes the wireless devices).

Symptoms

The initial problem report centered around poor wireless performance and sure enough I quickly found 30-40% packet loss while just trying to ping the WS5100. When I finally got logged into the WS5100 I could see that the CPU was running at 100%. The SYSLOG data showed me that the APs were rebooting because of watchdog timeouts. PTRG was showing me that here was a huge traffic surge being received from the WS5100. I quickly realized that the traffic spikes in the graph correspond to events that users were experiencing problems.

Packet Traces

I directed the team to setup a SPAN port to capture the traffic that was flowing between the WS5100 and the Cisco Catalyst 4500 switch. This would provide me a better idea of what was actually on the wire and might provide a clue as to what was transpiring. The team setup Wireshark to continually capture to disk using a 100MB file size and allowing the file to wrap 10 times for a total of 1GB of captured data. The next time the problem occurred I was alerted within 15 minutes by the help desk and users but I found that we missed the start of the event. There was so much traffic Wireshark only had the past 3 minutes available on disk so we had to increase the filesize to 300MB and the number of wrap files to 25 giving us a total capacity of 7.5GB. That configuration would eventually allow me to capture the initial events along with the time needed to get to the laptop and copy the data before it was overwritten. While I waited for the problem to occur I took to setting up SWATCH to alert myself and the team when the problem started so we could quickly gather all the data points during the start of the event.

Using the data from the packet traces we were able to identify and locate two HP desktops that were apparently intermittently flooding the network with ICMPv6 Multicast Listener Reports.

We removed those HP desktops from the network and everything has been stable since.

Analysis

Here’s the current working theory which I believe is fairly accurate. The HP desktops were intermittently flooding the network with ICMPv6 Multicast Listener Reports. Those packets were reaching the WS5100 and because the network at this location is a single flat VLAN the WS5100 needs to bridge those packets over to the wireless network. It does this by encapsulating them in MiNT in a fashion very similar to CAPWAP  or LWAPP. The issue here is the number of packets and the number of access points or access ports. In this case we had 30 APs connected to the WS5100 so let’s do some rough math;

41,000 ICMPv6 Multicast packets * 2 HP desktops = 82,000 packets * 30 APs = 2,460,000 packets

This explains the huge amount of traffic the WS5100 is transmitting. For every ICMPv6 Multicast packet (or broadcast packet for that matter) received by the WS5100, it needs to encapsulate and send a copy of that packet to each and every AP. If there are 30 APs then the WS5100 needs to copy each and every packet 30 times. Now multiply that by the number of ICMPv6 packets that were being received by the WS5100 and you have a recipe for disaster.

A quick search of Google will reveal a number of well documented issues with Intel NICs.

The HP desktops turned out to be HP ProDesk 600 G1s running Windows 7 SP1 with Intel I217-LM NICs driver v12.10.30.5890 with sleep and WoL enabled.

Summary

There were a few lessons learned here;

1. The days of the single flat network are gone. It’s very important to follow best practice when designing and deploying both wired and wireless infrastructures. In this case if the wireless infrastructure had dedicated VLANs both for the wireless client traffic and for the AP traffic this problem would have never impacted the WS5100. It may have impacted the Cisco Catalyst 4500 somewhat but it wouldn’t have caused the complete collapse of the wireless infrastructure. Unfortunately in this case everything was on VLAN 1, wired clients, APs, wireless clients, servers, IP phone systems, routers, everything.
2. The filtering of IPv6 along with Multicast and broadcast traffic from the wireless infrastructure is especially important. I posted back in September 2013 how to filter IPv6, multicast and broadcast packets from a Motorola RFS7000, the same applies to the WS5100. Unless you are leveraging IPv6  in your infrastructure, or have some special multicast applications you should definitely look into filtering this traffic from your wireless network.
3. Validate those desktop and laptop images, especially the NIC drivers and WNIC drivers. In the early days of 802.1x I can remember documenting a long list of driver versions and Microsoft hotfixes required for Microsoft Windows XP (pre SP2) in order to get 802.1x authentication (Zero Wireless Configuration) to work properly.

Conclusion

Wireshark saved this network engineer’s holiday – Thanks!

Cheers!

Note: This is a series of posts made under the Network Engineer in Retail 30 Days of Peak, this is post number 27 of 30. All the posts can be viewed from the 30in30 tag.

Here’s an example of WiNG 5.4 forwarding a client to an external captive portal;

"GET /?hs_server=172.16.1.10?Qv=it_qpmjdz=BVQ@bbb_qpmjdz=@dmjfou_njou=532778335@dmjfou_nbd=ED.:C.:D.13.EE.C9@ttj e=VSCBO_HVFTU_XJGJ@bq_nbd=C5.D8.::.33.32.:9 HTTP/1.0" 200 6040 "-" "CaptiveNetworkSupport-305 wispr"

Here’s an example of WiNG 5.5 forwarding a client to an external captive portal;

“GET /?hs_server=172.16.1.10&Qv=it_qpmjdz=BVQ@bbb_qpmjdz=@dmjfou_njou=23:45:9571@dmjfou_nbd=F1.C6.3E.53.:F.:9@ttje=Vscbo _Hvftu_XjGj@bq_nbd=95.35.9E.2:.49.6D HTTP/1.0" 200 6040 "-" "CaptiveNetworkSupport-306.3.1 wispr"

If you look at the URL you’ll notice that the WiNG 5.4 software release utilizes “?” as the variable separator while the WiNG 5.5 software release utilizes “&” as the variable separator.

The Javascript on the captive portal was parsing the URL by splitting it using the “?” value.  I could have just changed the value to a “&” but that would have broken the WS2000s and older RFS 4000s that were using the same webpage and Javascript. As a work around I created an additional path, aup.acme.com/wing55, copied all the files and images into that directory and then editted the Javascript in that folder only. I then reconfigured all the RFS 4000s running WiNG 5.5 to use the new path, example; “http://aup.acme.org/wing55/” and left the remaining devices using “http://aup.acme.org/”.

Cheers!

Reference;
http://www.michaelfmcnamara.com/files/motorola/WiNG5_Captive_Portal_Design_Guide_June_2011.pdf

Nov 20 18:21:59 2014: LED state message WIOS_LED_NO_COUNTRY_0_24G from module DOT11 : %DIAG-6-NEW_LED_STATE:
Nov 20 18:21:59 2014: LED state message RADIO_ALL_LED_OFF from module DOT11 : %DIAG-6-NEW_LED_STATE:
Nov 20 18:21:59 2014: Radio 'ap650-981XXX:R1' changing state from 'Initializing' to 'Off(no country-code)' : %RADIO-5-RADIO_STATE_CHANGE: ff(no country-code)'
Nov 20 18:21:49 2014: RFS-4000 : %AP-6-ADOPTED: Access Point('ap650-981XXX'/'AP650'/5C-0E-8B-98-XX-XX) at rf-domain:'default' adopted and configured. Radios: Count=1, Bss: 5C-0E-8B-31-XX-XX|

I finally realized that the AP650s I had were US models and not WW models. I was able to take an AP300 (WSAP-5110-100-WW) and configure it to connect to the RFS 4000 via DHCP option 189 and ultimately solve the puzzle around the captive portal issue (future blog post).

You can't adopt an AP-0650-60010-US Access Port to a RFS 4K in GB, you need the AP-0650-60010-WW Access Port to do that – SO MUCH TIME LOST!

— Michael McNamara (@mfMcNamara) November 20, 2014

Cheers!

I originally calculated that the broadcast and multicast traffic was accounting for between 40Kbps and 60Kbps of traffic on our wireless network. However, looking at the traffic graphs right after the change I was shocked at the delta. I performed the change just before noon and you can see a delta of Mbps not Kbps. I would estimate that the changes are saving us 5Mbps of traffic to/from our wireless network.

That’s a lot of needless background noise that ultimately leads to airtime issues which eventually results in retransmissions, delayed packets, jitter and packet loss which can severely impact application performance.

Over the past few weeks I’ve been working to deploy some filters on our Motorola RFS 7000 Wireless LAN Switches  (v4.4.2) so I thought I would share them as a best practice in any medium to large scale wireless deployment. If you only have 10 APs then you probably don’t need to worry about filtering the broadcast and multicast traffic. If you have 500 APs then you definitely need to be paying attention to all the needless noise being generated on your wireless network. In the example below I also took the opportunity to block IPv6 frames since we’re still utilizing only IPv4 on our wireless networks.

enable
config t

firewall enable

no firewall stateful-packet-inspection l2

mac access-list extended ARP-ALLOW-ACL
deny any any type ipv6 rule-precedence 10
permit any any type arp rule-precedence 20
permit any any type ip rule-precedence 30

ip access-list extended WLAN-FILTER-BCMC-ACL
permit udp any any range 67 68 rule-precedence 10
deny udp any range 137 138 any range 137 138 rule-precedence 20
deny udp any eq 17500 any eq 17500 rule-precedence 40
deny ip any host 255.255.255.255 rule-precedence 50
deny ip any 224.0.0.0/4 rule-precedence 60
permit ip any any rule-precedence 70

wlan-acl <wlan idx> WLAN-FILTER-BCMC-ACL in
wlan-acl <wlan idx> ARP-ALLOW-ACL in
wlan-acl <wlan idx> WLAN-FILTER-BCMC-ACL out
wlan-acl <wlan idx> ARP-ALLOW-ACL out

You’ll notice that the firewall needs to be enabled. And you need to verify that Layer 2 inspection is disabled.

If you are utilizing VRRP you may need to enable ARP trust on the interfaces relieving the VRRP packets, if you don’t you may see errors such as the following;

sw-wireless.store.acme.org*#Sep 12 11:27:00 2013: %DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting ethernet header and inner arp header :Ethernet Src Mac: 00-21-62-E3-XX-XX, Ethernet Dst Mac: 00-15-70-82-XX-XX, ARP Src Mac: 00-00-5E-00-01-C8, ARP Dst Mac: 00-15-70-82-XX-XX, ARP Src IP: 10.1.255.1, ARP Target IP: 10.1.255.19

sw-wireless.store.acme.org*#Sep 12 11:27:25 2013: %DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting ethernet header and inner arp header :Ethernet Src Mac: 00-21-62-E3-XX-XX, Ethernet Dst Mac: 00-15-70-82-XX-XX, ARP Src Mac: 00-00-5E-00-01-C8, ARP Dst Mac: 00-15-70-82-XX-XX, ARP Src IP: 10.1.255.1, ARP Target IP: 10.1.255.19

sw-wireless.store.acme.org*#Sep 12 11:27:48 2013: %DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting ethernet header and inner arp header :Ethernet Src Mac: 00-21-62-E3-XX-XX, Ethernet Dst Mac: 00-15-70-82-XX-XX, ARP Src Mac: 00-00-5E-00-01-C8, ARP Dst Mac: 00-15-70-82-XX-XX, ARP Src IP: 10.1.255.1, ARP Target IP: 10.1.255.19

Just enable ARP trust on the interface connected to the routers/switches running VRRP;

enable
config t

interface ge1
ip arp trust
exit

Cheers!

• MotorolaRFS.RFS7000 (RFS7000)
• MotorolaRFS.RFS6000 (RFS6000)
• MotorolaRFS.RFS4000 (RFS4000)
• MotorolaAP.AP7131 (AP7161)
• MotorolaAP.AP7131 (AP7131)
• MotorolaAP.AP650 (AP650)
• MotorolaAP.AP621 (AP621)
• MotorolaAP.AP6521 (AP6521)
• MotorolaAP.AP6532 (AP6532)
• MotorolaAP.AP6511 (AP6511)

The APs will try to associate via a Layer 2 broadcast with a controller, if they fail to adopt via Layer 2 they will issue a a DHCP request with the vendor class IDs listed above.

This is really helpful in your IPAM or DHCP server, you can define specific pools based on the vendor class to return very specific DHCP options. In this case you would probably want to return DHCP option 189 (string) with the IP address of the wireless LAN switch. You can include multiple IPs separated by commas.

Cheers!

Update: Sunday June 2, 2013 Motorola has responded with the following analysis and explanation of the problem.

The Association Request from the Samsung Galaxy S4 phone has the RRM (Radio Resource Management/802.11k) capability element missing, but the Capabilities Info Bitmap in the Association Request says that the client can do RRM, so there is a mismatch and we deny association in WiNG4.x. In WiNG5.x, the RRM implementation is different and we don’t enforce such a strict check to avoid situations such as these where clients might not be following the 802.11k specification properly. In WiNG 3.x, there is no support for RRM, so there are no such checks enforced.

Thanks to Motorola for providing the quick analysis and explanation. Just to summarize the problem is not present in WiNG 3.x or WiNG 5.x but is definitely present in WiNG 4.x. As for a workaround or fix I’m still waiting to hear if Motorola will issue a patch (software release) or if they will leave it to Samsung and Google to resolve.

Update: Thursday May 30, 2013 It seems that the problem is not evident when the Samsung Galaxy S4 associates with a Motorola WS5100 (v3.3.2.0-010Ri) with AP300s as access ports.

It would seem that the recently released Samsung Galaxy S4 is having difficulty connecting to our public wireless network which is provided by a pair of Motorola RFS 7000 Wireless LAN Switches (v4.4.2.0-001R) with about 24 AP650s (v2.2-1592R). While I’ve personally observed this problem in our office, I’ve also received similar reports from users in our hospitals which are running RFS7000s with either AP300s or AP650s for Access Ports/Points.

Our public wireless network has no authentication or encryption, however, the Samsung Galaxy S4 will display “Authentication error occurred” when it tries to connect. I performed a quick wired packet trace on the captive portal server and found no frames with the associated MAC address of the Galaxy S4 so I setup WireShark with 3 AirPcap adapters, one for each channel in the 802.11b/g  2.4Ghz range, to perform a wireless packet trace.

I was able to observe the Galaxy S4 making repeating probe requests and association requests but every association attempt appears to fail with an Unspecified error. As a reference I also captured my Motorola Droid 3 connecting to our public network for comparison.

WireShark AirPcap Captures

• First run of Samsung Galaxy S4 – failed to connect
• Second run of Samsung Galaxy S4 – failed to connect
• Working run of Motorola Droid 3 – working

Looking at the wireless packet trace I can see where the Galaxy S4 is failing to associate to the network. In frame 341 we can see “Unspecified failure” in the Association Response from the Access Port. I’m not an expert here but I’m going to guess that there’s something in the Association Request that is causing the wireless infrastructure to choke on the response.

Looking at the last wireless packet trace of the working Motorola Droid 3 we can see that it quickly probes, associates and makes a DHCP request without any problems or issues.

My Thoughts

As I’ve mentioned before I’m no expert here but I can see quite a few additional tags in the Association Request from the Samsung Galaxy S4. I’m going to guess that it’s one of these tags that is causing the wireless infrastructure to choke. Looking at the screenshot below you can see all the tags.

I’m hoping some wireless experts can step up here, or perhaps Motorola with an explanation and workaround/fix?

Cheers!

I recently worked up a design using the Motorola AP7131N to provide a semi-public WiFi hotspot for our shared physician session space. The Motorola AP7131 provides dual 802.11a/b/g/n radios along with 2 Ethernet ports and options for a third radio. The traditional fat access point is essentially a router/firewall with all the usual features. In my design the AP7131N is connected directly to a Comcast broadband Internet connection via an SMC 8014. The AP7131 provides a password protected WiFi hotspot and can be managed remotely via a static IP address which greatly helps and speeds any troubleshooting efforts. In locations where you need multiple access points for wireless coverage you can connect the two AP7131Ns via their Eth1 ports and both can be managed from a single AP7131N. We have two of these setups currently deployed and there are plans for another five or six on the project plan. Hopefully this design will serve us well.

There’s also a 3G WAN option should you want a backup to the traditional broadband that’s available in your area – assuming you have 3G coverage wherever you’ll be locating the AP7131N.

From the boot loader you just need to issue the following two commands;

set factory_defaults

reset

Here’s some context around what that might look like on an AP7131/AP7131N;

BootOS (c) 2004-2012 Motorola Solutions, Inc. All rights reserved.
boot image at 0x00040000..good
data bus walking 1's......pass
address bus walking 1's...pass
ddr device test...........pass
clearing ram..............done
copying to ram............done

BootOS (c) 2004-2012 Motorola Solutions, Inc. All rights reserved.
AP71XX version 5.2.13.0-015R
initializing pci
achip:pcc:0x000000ff,prc:0x00000060,fc:0x00000000
pci init done

fpga_sensor_mode 255
hw_type=0, sku=2R/Exp, ps_status=ext-power, pwr_level=2(0xb), mode=auto, af=throughput, at=throughput, radio_slot=0x3

AP7131 BootOS 5.2.13.0-015R (r154473)
FPGA firmware revision 3.27
NOR bootstrap version 3, checksum good
boot> Link up on GE2
set ?
boot                   : Set boot configuration
hhmmss                 : Set RTC time
ddmmyy                 : Set RTC date
nic                    : force NIC link state
factory_defaults       : set switch to factory defaults
boot> set factory_defaults
This operation restores the switch to the same state as it was in when
originally shipped from the factory.  All configurations, licenses, dumps,
keys, etc. will be deleted. Continue [y/n]:y

boot> reset

BootOS (c) 2004-2012 Motorola Solutions, Inc. All rights reserved.
boot image at 0x00040000..good
data bus walking 1's......pass
address bus walking 1's...pass
ddr device test...........pass
clearing ram..............done
copying to ram............done

BootOS (c) 2004-2012 Motorola Solutions, Inc. All rights reserved.
AP71XX version 5.2.13.0-015R
initializing pci
achip:pcc:0x000000ff,prc:0x00000060,fc:0x00000000
pci init done

fpga_sensor_mode 255
hw_type=0, sku=2R/Exp, ps_status=ext-power, pwr_level=2(0xb), mode=auto, af=throughput, at=throughput, radio_slot=0x3
loading linux image 1
...................
Welcome.
restoring /etc2/./ppp
restoring /etc2/./nvram
restoring /etc2/./raddb
restoring /etc2/./stunnel
restoring /etc2/./stunnel/certs
restoring /etc2/./stunnel/private
restoring /etc2/./CertMgr
restoring /etc2/./CertMgr/keys
restoring /etc2/./CertMgr/certs
restoring /etc2/./CertMgr/tmp_keys
restoring /etc2/./CertMgr/tmp_certs
restoring /etc2/./snmpEngine
restoring /etc2/./ppp/hsdpa_apn_set
restoring /etc2/./dhclient.conf
restoring /etc2/./stunnel/current
restoring /etc2/./imish-passwd
restoring /etc2/./dhclient.conf.template
restoring /etc2/./log.conf
restoring /etc2/./smtpnot.conf
restoring /etc2/./system_env_vars
restoring /etc2/./env_vars
restoring /etc2/./nvram/startup-config
restoring /var2/./lib
restoring /var2/./lib/dpd
restoring /var2/./lib/dhcp
restoring /var2/./log
restoring /var2/./run
restoring /var2/./tmp
restoring /var2/./state
restoring /var2/./state/dhcp
restoring /var2/./history
restoring /var2/./run/utmp
restoring /flash/./log
restoring /flash/./cache
restoring /flash/./crashinfo
restoring /flash/./hotspot
restoring /flash/./hotspot/lib
restoring /flash/./hotspot/cgi-bin
restoring /flash/./floorplans
This can take some time, please be patient.

Cheers!

Ethernet Routing Switch 8600 Software Release v7.1.3.2

Avaya has released software v7.1.3.2 for the Ethernet Routing Switch 8600/8800.

• Every 5 seconds, on a timer, the CPU sends the clock time to all the line cards. A timer was created each time a card came online, so when there are multiple IO cards, multiple messages were sent every 5 seconds to all cards. Eventually a lockup resulted, and when it was detected by the CPU, the chassis was reset. (wi00996291)

Please refer to the release notes for all the details.

Motorola RFS7000 WiNG v5.2.21 Software Release

You may also want to review software release 5.2.3 and 5.2.4 before deciding to check out software release 5.2.21 which was intended to resolve several MESH issues with the AP7131.

RFS Controllers with WiNG v5.2.21 can adopt and provision the following 802.11n and legacy Access Points:

Dependent Access Points:

• AP621
• AP650
• Legacy: AP300

Adaptive/ Independent Access Points:

• AP6511
• AP6521
• AP6532
• AP7131 (Including the D-mode SKUs)
• AP7161

You should check over the release notes for all the details.

Cheers!

• RFS7000 v4.4.0.0-034R
• WS5100 v3.3.4.0-002R

I would recommend you review the release notes for v4.4.0.0-034R and v3.3.4.0-002R for all the details.

There were a few points that caught my attention.

• Polycom Certification for AP-650 & AP-7131N. We have successfully completed internal Motorola testing against the Polycom test plan for SVP certification. Expecting to have formal certification in the fear future.
• The AP650 can take up to 2 minutes to download new firmware the first time it is associated to a switch.
• Documentation updated – AP650 is requesting for different DNS alias than AP300.

I searched through the reference guide and found the following regarding the DNS name;

The default DNS name requested by an AP300 is “Symbol-CAPWAP-Address”. Similarly, The default DNS name requested by an AP650 is “WISPE_ADDRESS”. However, since the default name is configurable, it can be set as a factory default to whatever value is needed.

I just recently deployed a RFS7000 installation with approximately 80 AP650s and I can attest that it definitely takes them 2 minutes (I thought it was more like 3-4 minutes) to get going. It appeared to me as though they had to go through an initial upgrade since they rebooted twice before coming online. I’m waiting for the Polycom VIEW certification for this site since we plan on deploying around 120 Avaya 6140 wireless handsets, although we’ll probably deploy them with WMM as opposed to SVP.

Cheers!

In any event if you are ordering/deploying any new AP5131 or AP300s you’ll need to be mindful of this change and ensure that you are running the appropriate software releases and/or you have applied the specific patches.

You can find the release notes concerning the AP5131 right here.

You can find the release notes concerning the AP300 right here.

Cheers!

[poll id=”4″ type=”result”]

There are all sorts of rumors around the street these days… everything from a sale to a complete divestiture of the company and it’s assets. While it appears that it’s still business as usual at Nortel (product is readily available, new software releases are being released, support is still responsive) you have to wonder what’s going on and what the end game might look like.

I’ve personally had Brocade (Foundry), Cisco, HP, and Juniper in to discuss their enterprise product offers around LAN/WAN routing/switching.  We have quite a few small and large projects that are literally in limbo and I’m not sure how much more uncertainty we (I) as a customer can withstand. I’m curious to what people think today about Nortel?

[poll id=”5″]

I’m interested in hearing your comments and/or thoughts?

Cheers!

Our initial tests showed no problems in connecting to our Motorola RFS7000 with AP300 (802.11a/b/g) radios utilizing 802.1x (WPA/TKIP). A few weeks later though we learned we had a problem with the combination and we eventually discovered that the problems revolved around roaming. We noticed that the DWL-160 didn’t want to roam until it had lost complete signal to the AP it was associated to and then only after about 10 – 15 seconds would it roam to another APl. We had a really large project and the time frame was extremely tight so we decided to run out and pick-up a different adapter. So we purchased a Cisco Linksys (WUSB600N) Wireless-N USB Network Adapter with Dual-Band. We decided to simplify our testing environment by removing the Windows XP Embedded (Thin Client) and test on a simple Windows XP SP2 laptop. We also removed the authentication (802.1x) and encryption (WPA/TKIP) and just test using an open network. We quickly noticed that the problem was not only evident at the 2.4Ghz frequency (802.11b/g) but also evident at the 5 Ghz frequency (802.11a). The big surprise came we noticed that the Linksys behaved exactly like the D-Link in that it would not roam which would lead to poor connectivity. We started to peel back the onion and almost immediately found that both products were based on the Ralink Technologies chipset (RT-2870).

We’ve performed multiple wireless packet traces using AirPCAP and WireShark and they don’t show any issues with the wireless access points, however, they do show a lack of probing and some odd behavior by the wireless adapters (STA).

We’re in contact with both Motorola and Ralink Technologies and we have tried Ralink’s reference drivers (1.4.1) along with a beta driver they have provided but we haven’t seen any real improvement. We did find that if you enable “Fast roaming”, which can be found the in the Advanced Properties of the RA utility the STA behaves much better but it’s still a world apart from the roaming performance that we’re accustom to.

Has anyone else seen any issues with either the D-Link DWL-160 or the Linksys WUSB600N in a corporate network with respect to roaming? I can’t imagine that we’re the first folks to stumble upon this issue given that Ralink Technologies chipsets are in all these products.

Cheers!

Motorola has released software v3.3.1 for the WS5100 and v1.3.1 for the RFS7000 Wireless LAN Switches. You can find the release notes for the 3.3.1 (WS5100) software release here. And you can find the release notes for the 1.3.1 (RFS7000) software release here. We’ve been running v1.3 on the RFS7000 for the past few months now with only a few small problems. We hope to start testing the Smart RF feature set that was released in the 1.3 Wi-NG software base very soon. We’re also eager to start testing the AP7131 802.11n Access Port in a few specific locations.

Here’s a quick excerpt from Motorola on v1.3.1 for the RFS7000;

RFS7000 v1.3.1 has the following feature focus: Voice, Security and Resiliency

Voice: Enhancements provide comprehensive WMM Admission control, enabling not only superior voice quality but also optimizations with respect to network usage for voice.

Security: Enhances the built-in IDS capabilities for Ad-Hoc Network Detection and .11n Rogue detection. Provides built-in IPS capabilities via Rogue AP containment for the wireless network.

Resiliency: SMART RF Management that enables the WLAN to automatically and intelligently adapt to changes in the RF environment to eliminate unforseen gaps in coverage.This technology provides dynamic network optimization to ensure user quality of experience at all times by automatic adjustments to channel and power (on detection of RF interference or loss of RF coverage/neighbor recovery).

All the above enable the wireless enterprise by making it easy to deploy, securely and with built-in resiliency and support for voice.
For the Adaptive AP:
• Adaptive AP7131 802.11 a/b/g/n Support ( v3.1.1 )
• Rogue AP detection
• Mesh statistics
• WLAN statistics
• Configurable IPS Sensor on the AP5131( D SKU) in Adaptive mode(ADP-5131 v2.2.1 image)
With the AP300:
• Dynamic Load balancing of AP300s after a primary reverts in a cluster
• Email Notification for critical alarms
• LDAP enhancements
• Cluster GUI for WLANS and APs visualization
• Securing Layer 3 AP and Wireless Switch protocol – Secure WiSPe
• MU Naming
System Enhancements:
• IP v6 Client Support

Cheers!

You can find the release notes for the 3.3 (WS5100) software release here. And you can find the release notes for the 1.3 (RFS7000) software release here.

I hope to provide some feedback in the coming weeks.

Cheers!

The RFS7000 provides 4 10/100/1000 Cu/SFP Ethernet interfaces and can manage up to 256 802.11a/b/g Access Ports. We’ve long struggled managing some of our largest wireless environments where we needed 18 WS5000 switches (each WS5000 would only manage up to 48 802.11a/b/g Access Ports).The old WS5000 also required a one-to-one cold standby for redundancy and high-availability. The RFS7000 supports clustering and N+1 redundancy so we’re going to be using a lot less power and rack space not to mention all the configuration and cabling.

You can find the technical specifications for the RFS7000 here. And you can find the entire Motorola Wireless LAN portfolio here.

Let me provide a small example configuration. You’ll need to connect to the console interface (19200,8,N,1) and configure the Gigabit Ethernet interfaces. The default username is “admin” while the default password is “superuser”.

RFS7000 release 1.2.0.0-040R
Login as 'cli' to access CLI.
sw-wireless.acme.org login: cli

User Access Verification

Username: admin
Password:
Welcome to CLI
RFS7000>enable
RFS7000#config term
Enter configuration commands, one per line.  End with CNTL/Z.

We’ll be using the interface ‘ge1’ as the Layer 2 (AP VLAN) interface and ‘ge2’ will be our Layer 3 interface. We’ll trunk ge2 and leave ge1 as access. We’ll also use VLANS 29-32 in order to bridge our WLANs to our Nortel Ethernet Routing Switch 8600 core. VLAN 23 will be our Layer 2 AP VLAN where the Access Ports will be connected.

RFS7000(config)#interface ge1
RFS7000(config-if )# switchport access vlan 23
RFS7000(config-if)# exit
RFS7000(config)# interface ge2
RFS7000(config-if)# switchport mode trunk
RFS7000(config-if)# switchport trunk native vlan 200
RFS7000(config-if)# switchport trunk native tagged
RFS7000(config-if)# switchport trunk allowed vlan none
RFS7000(config-if)# switchport trunk allowed vlan add 29-32,200

We’ll shutdown VLAN 1 just to be careful, we don’t want any loops.

RFS7000(config)# interface vlan1 no ip address
RFS7000(config)# interface vlan1
RFS7000(config-if)# shutdown

I use VLAN 200 as my management VLAN and place all my network electronics in that VLAN.

RFS7000(config)# interface vlan200
RFS7000(config-if)# management
RFS7000(config-if)# interface vlan200 ip address 10.1.1.40/24
RFS7000(config-if)# exit
RFS7000(config)# ip route 0.0.0.0/0 10.1.1.1

At this point the Motorola RFS7000 should be online and reachable via the network. Let’s configure a single WLAN/ESSID called “PHILLIES” for WPA-TKIP with 802.1x EAP-PEAP authentication to a Microsoft Internet Authentication Server (IAS) so our Windows XP laptop can automatically pass our Windows Active Directory credentials for authentication.

RFS7000(config)#wireless
RFS7000(config-wirless)# manual-wlan-mapping enable
RFS7000(config-wirless)# wlan 1 enable
RFS7000(config-wirless)# wlan 1 description 80211a
RFS7000(config-wirless)# wlan 1 ssid PHILLIES
RFS7000(config-wirless)# wlan 1 vlan 30
RFS7000(config-wirless)# wlan 1 encryption-type tkip
RFS7000(config-wirless)# wlan 1 authentication-type eap
RFS7000(config-wirless)# wlan 1 radius server primary 10.1.1.100
RFS7000(config-wirless)# wlan 1 radius server primary radius-key 0 RaDiUsKeY
RFS7000(config-wirless)# wlan 1 radius server secondary 10.5.1.100
RFS7000(config-wirless)# wlan 1 radius server secondary radius-key 0 RaDiUsKeY
RFS7000(config-wirless)# wlan 1 radius authentication-protocol chap
RFS7000(config-wirless)# exit
RFS7000(config)#

I’m authenticating users against the RADIUS servers at 10.1.1.100 and 10.5.1.100 with the radius key of “RaDiUsKeY” using CHAP as the protocol. Those servers are actually Windows 2003 Domain Controllers running the Internet Authentication Service (IAS).

Since I’m manaully mapping the WLANs I need to make sure I map the WLAN to the default 802.11a radio configuration with the following command. I’ll also set the AP to indoor, the channel selection to ACS and the power to 20mW.

RFS7000(config)#wireless
RFS7000(config-wireless)# radio default-11a bss 1 1
RFS7000(config-wireless)# radio default-11a channel-power indoor acs 20

You’ll obviously need to have the the RADIUS servers setup and you’ll also need Microsoft’s Certificate Server in your Active Directory. The clients will use the trusted root certificate to authenticate the login request from the RADIUS server.

I don’t think there are may people that haven’t figured out how to-do this (it’s really ease) so I’m not going to really go into the topic. If you have questions please feel free to post a comment and I’ll do me best to respond.

That’s a little taste of the RFS700, hopefully you’ll find the information useful.

Cheers!

RFS7000*>
RFS7000*>enable
RFS7000*#service clear ?
all          Remove all core, dump and panic files
aplogs       Remove all local ap log files (does not clear them off the AP)
clitree      Remove clitree.html (created by the save-cli command)
cores        Remove all core files
dumps        Remove all dump files
panics       Remove all kernel panic files
securitymgr  Securitymgr parameters
RFS7000*#>service clear all
RFS7000#

Cheers!

I recently needed to reset one of these access points and thought it would be useful for anyone else looking for information on the subject.

Step 1. Serial up to the AP5131 with 19200-8-N-1

Step 2. Power cycle the AP5131

Step 3. Press the “Escape” key when the AP5131 states “Press escape key to run boot firmware”.

Step 4. From the “boot>” prompt enter “passwd default”.

Step 5. Reset the system by entering “reset system”.

The AP5131 should perform a full reset and end up at the login prompt after it has booted. The default administrator password is “symbol” (case sensitive).

Note: starting with firmware release 1.1.2.0-005R the AP51x1 password was changed to “motorola”.

Upon logging in for the first time the administrator should be prompted to change the password. The default administrator username is “admin”.

Note: the default IP address of the AP5131 is 192.168.0.1 and the DHCP server is enabled in the factory configuration so you should be able to connect your PC to the LAN port and then open a web browser to access the Admin GUI.

Cheers!

We want to locate the following device wireless-laptop.acme.org so we need to start by identifying the IP address of the device. Thanks to Dynamic DNS we can be assured that our DNS servers will have that information.

C:\> nslookup wireless-laptop.acme.org.
Server:         10.1.1.1
Address:        10.1.1.1#53

Name:   wireless-laptop.acme.org
Address: 10.1.195.55

In most circumstances we’d now need to identify the MAC address of the wireless device. We can skip that step since the WS5100 will have the IP address of the client for us to search against.

WS5100# show wireless mobile-unit
Number of mobile-units associated: 23
index   MAC-address       radio type wlan vlan/tunnel  ready  IP-address    last active
  1     00-1B-77-30-DF-80  30    11a  1      vlan 18   Y     10.1.195.57   1 Sec
  2     00-20-E0-1A-0F-E5  58    11a  1      vlan 18   Y     10.1.195.48   20 Sec
  3     00-13-E8-86-DF-F3  30    11a  1      vlan 18   Y     10.1.195.96   0 Sec
  4     00-15-00-32-8C-EC  19    11a  1      vlan 18   Y     10.1.195.31   31 Sec
  5     00-15-00-32-D6-46  29    11a  1      vlan 18   Y     10.1.195.50   16 Sec
  6     00-15-00-32-D3-67  1     11g  2      vlan 17   Y     10.1.194.54   4 Sec
  7     00-A0-F8-D4-46-9C  2     11b  4      vlan 22   Y     10.1.206.53   223 Sec
  8     00-A0-F8-D4-48-FD  1     11b  4      vlan 22   Y     10.1.206.207  215 Sec
  9     00-1B-77-2A-99-05  30    11a  1      vlan 18   Y     10.1.195.55   7 Sec
  10    00-18-DE-7A-76-D0  30    11a  1      vlan 18   Y     10.1.195.67   16 Sec
  11    00-16-6F-1D-F1-B9  1     11g  2      vlan 17   Y     10.1.194.44   6 Sec
  12    00-1B-77-31-11-77  30    11a  1      vlan 18   Y     10.1.195.68   4 Sec
  13    00-90-7A-04-16-5F  1     11b  3      vlan 21   Y     10.1.198.52   11 Sec
  14    00-A0-F8-D6-3C-2A  1     11b  4      vlan 22   Y     10.1.206.70   652 Sec
  15    00-A0-F8-D4-45-A5  2     11b  4      vlan 22   Y     10.1.206.252  170 Sec
  16    00-13-E8-5B-ED-73  30    11a  1      vlan 18   Y     10.1.195.106  4 Sec
  17    00-13-E8-5B-EE-39  30    11a  1      vlan 18   Y     10.1.195.111  23 Sec
  18    00-18-DE-7A-9E-3A  30    11a  1      vlan 18   Y     10.1.195.77   20 Sec
  20    00-90-7A-03-5E-C7  1     11b  3      vlan 21   Y     10.1.198.50   23 Sec
  21    00-13-E8-86-C8-55  30    11a  1      vlan 18   Y     10.1.195.107  5 Sec
  22    00-A0-F8-D4-48-5F  1     11b  4      vlan 22   Y     10.1.206.145  124 Sec
  24    00-13-E8-86-C7-E7  30    11a  1      vlan 18   Y     10.1.195.110  10 Sec
  26    00-1B-77-2A-5C-6C  30    11a  1      vlan 18   Y     10.1.195.81   37 Sec

Note: if you have a lot of mobile units you can use grep;

WS5100# show wireless mobile-unit | grep "10.1.195.55"
   9     00-1B-77-2A-99-05  30    11a  1      vlan 18   Y     10.1.195.55   7 Sec

Now that we have the MU (Mobile Unit) index (the first number on the line) we can get the full details;

WS5100# show wireless mobile-unit 9

MAC: 00-1B-77-2A-99-05, IP Address: 10.1.195.55, Type: 11a, State: data-ready
Radio Config Index: 30, Bssid: 00-15-70-12-1D-78
Wlan: 1, Vlan: vlan 18, Voice: N, Powersave: N, Classification: normal
Encryption Type: tkip (key index: 1) Authentication Type: eap
Last Assoc: 7990 seconds ago, Last Activity: 23 seconds ago, Roam-Count: 18
DHCP state : DHCPNONE AP Scan Support: N
Session Timeout: 100 days 00:00:00  Idle Timeout: 0 days 00:30:00

In the information above we can see that the MU is associated to radio 30, so let’s look at radio 30;

WS5100# show wireless radio 30

Radio: 30, Mac: <00-15-70-11-34-32>, Type: 11a, ap Index: 7, vlan 198
Current Channel: 36 [5180 MHz], Configured Channel: acs
Current Power: 17 dBm, Max ESS: 16, Max BSS: 4, Num Mu: 11
BSS: 00-15-70-12-1D-78, State: normal
Current Data-Rates/Speed:  basic6 9 basic12 18 basic24 36 48 54
Last Adoption: 0 days 20:55:16 ago

Configuration:
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed:  basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM

: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32

It doesn’t look like the Motorola switch shows us the radio description above so we’ll need to use another command to get the description;

WS5100# show wireless radio config 30

Radio: 30, Description: Main Building Lobby, MAC: 00-15-70-11-34-32
Radio Type: 11a, AP Type: ap300
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed:  basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM

: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32

So it looks like the device we’re looking for, wireless-laptop.acme.org (10.1.193.55), is connected to radio 30 (802.11a) which has a description of “Main Building Lobby”. While this will give you an idea of the basic location it doesn’t provide you a specific location. While there are new APIs in the WS5100 and RFS7000 that can provide locationing by means of triangulation between multiple Access Ports, they require external applications and management software.

Obviously you’ll need to make sure that you’ve put descriptive locations on each radio (AP300) through the Motorola console when configuring/installing the APs.

Cheers!

We had a ticket open with Motorola trying to understand why a significant number of our AP300s were rebooting themselves at odd hours during the early morning. Motorola had requested that we provide network traces at the Access Point and Wireless Switch. Surprisingly Motorola came back and pointed out that the payload in some of the Ethernet frames was getting modified between the Wireless Switch and the Access Port.

The fundamental equipment involved in this problem were as follows; Nortel Ethernet Switch 460 (ES 460), Ethernet Switch 470 (ES 470), Ethernet Routing Switch 5520 (ERS 5520), Ethernet Routing Switch 8600 (ERS8600); Motorola Wireless LAN Switch 5100 (WS5100) and Access Ports 300(AP300).

The Motorola WS5100s and AP300s are physically connected over the same Layer 2 Ethernet network. The “Ethernet 1” port on the WS5100 is connected to a Virtual Local Area Network (VLAN) which provides a single broadcast domain for all AP 300s to connect to the WS5100. The “Ethernet 2” port on the WS5100 is used as a trunk interface to bridge between the WLANs (wireless) and VLANs (wired) segments. We essentially have core switches and edge switches (distribution is collapsed down into the core). The core switch can be a single ERS8600 or a pair of ERS8600s (Layer 3) connected via an IST (Inter-Switch Trunk). At the edge we generally deploy ES470(Layer 2) or ERS5520(Layer 2). We have deployed ES460s (PoE) into closets where ES470s are already present to specifically support PoE and the wireless network.

Here is a quick topology of the network with respect to the WS5100s and AP300s.
We recently started deploying the ERS5520s (in place of the ES470s) which directly support PoE allowing us to deploy one less piece of equipment at the edge and also provides one less bridge (hop) to switch through.We have been plagued by a problem that is affecting the Motorola AP300s causing them to randomly reset and re-adopt at different times of the day without warning or cause. In searching for the cause of this problem we’ve documented numerous Ethernet frames being maligned as they travel from the AP300 to the WS5100.

With respect to the examples I’m going to draw the following topology applies;

It should be noted that we do use the ES460s and ERS5520s to remark the 802.1p bits in the Ethernet frame so we can provide some measure of QoS with respect to the Nortel (Spectralink) Wireless LAN phones that we currently have deployed. In essence we mark all Ethernet packets on the “APVLAN” with a QoS level of 4 (“Gold”, BoSS-65530).

Network Trace Analysis

I will refer to the following two trace files;

“ers460side1.pcap” closet ES460 trace
“ers8600side1.pcap” core ERS8600 trace

I tried to merge up the two traces so each trace is synchronous with the other. We’ll focus on packet 3, you can see in the closet ES460 trace that bytes 15 and 16 are 0x20 and 0x12 respectively.

Looking at the other trace you can see that bytes 15 and 16 are different than in the first trace. You can see that the bits in 16 have been shifted to bytes 26.

You can again see the same problem in packet 4;

You can see it again in packets 6, 7, 10, 39, 43, 45, etc.

In the end the problem turned out to be a software/hardware issue with the Nortel Ethernet Routing Switch 8600. If DiffServ was enabled on the Ethernet port that was being mirrored, the mirrored data was somehow getting corrupted in the process of copying the packets. Once we disabled DiffServ on the Ethernet port the problem disappeared. We opened a case with Nortel but were told that it would be handled as an enhancement request, not a correction request (go figure!).

I personally no longer trust either the port mirror or packet capture facilities of the Nortel ERS 8600 and rely on physical taps so there can be no doubt or questions about the validity of the capture data.

We still have issues with our Motorola AP300s rebooting from time to time but they have been much better since Motorola released v2.1.3 software for the WS5000/WS5100s. We are currently working with Motorola to resolve issues in their v3.x software line that is causing our Nortel 2211 (Spectralink) wireless phones to occasionally reboot while idle and roaming.

Cheers!

You’ll need to console up to the physical switch with a null serial cable. I believe the majority of Motorola (Symbol) equipment defaults to 19200-8-N-1. You need to login to the console as the username “restore” with the password of “restoreDefaultPassword”. Here’s an example;

WS5100 login: cli

User Access Verification

Username: restore
Password: restoreDefaultPasword

WARNING: This will wipe out the configuration (except license key) and
user data under "flash:/" and reboot the device
Do you want to continue? (y/n): y

After the switch reboots you’ll need to use the default administrator username and password to log into the switch. They are username “admin” and password “Symbol”. I’ve seen some cases where the password was “symbol”, the difference being the case of the first letter.

Cheers!

The latest release of firmware for the AP300 will first attempt to locate a wireless switch for adoption via a Layer 2 broadcast request. If it’s unable to locate a wireless switch it will make a DHCP request for an IP address. If the DHCP response does not include option 189 (string) it will make a DNS request to try and locate the wireless switch.

There are two ways the Access Port can locate the Wireless LAN Switch (WS5100/RFS7000) in Layer 3 mode;

• DHCP Option
• DNS Query

You can use DHCP and configure option 189 (string) with the IP address of the Motorola Wireless LAN Switch. You should note that you may need to enclose the string in quotation marks depending on your DHCP server software.

You can also create a DNS alias which the AP can use to locate the switch through a DNS query. The default DNS name requested by an AP300 is “Symbol-CAPWAP-Address”.

You might also notice that the AP300 will also support LLDP (802.1ab) if your Ethernet switch supports it.

Cheers!

Update: August 27, 2008
I should point out that you may need to “prime” the AP300 with the latest firmware by connecting it to a WS5100/RFS7000 over a Layer 2 network. If the AP300 has an older firmware it won’t be able to connect up over a Layer 3 network so you may need to connect it over a Layer 2 network first to allow the AP300 to upgrade after which you’ll be able to connect it over a Layer 2/3 network. The AP300 will automatically upgrade once it connects to the WS5100/RFS7000, there’s nothing that needs to be done by the user or administrator. The WS5100/RFS7000 will need to be running v3.x or v1.x respectively.

Cheers!

To access the switch using a password recovery username and password:
1. Connect a terminal (or PC running terminal emulation software) to the serial port on the front of the switch. The switch login screen displays. Use the following CLI command for normal login process:

WS5100 login: cli

2. Enter a password recovery username of “restore” and password recovery password of “restoreDefaultPassword”.

User Access Verification
Username: restore
Password: restoreDefaultPasword
WARNING: This will wipe out the configuration (except license key) and user data under "flash:/" and reboot the device
Do you want to continue? (y/n):y

3. Press Y to delete the current configuration and reset with factory defaults.

Once the switch has complete it’s reboot you should be able to login with the default userID or “admin” and the default password of “symbol”. If you had previously backed up the configuration of the switch you could restore your old configuration.

You’ll be using the CLI interface to perform the upgrade; there will be no need for the web Java GUI until after the upgrade is complete.

[root@madmax ~]# telnet sw16r-wireless.tlh.acme.org
Trying 10.115.255.253...
Connected to sw16r-wireless.tlh.acme.org (10.115.255.253).
Escape character is '^]'.
user name: cli

When prompted for the “user name” use “cli”. When prompted for the “userid” use the default of “admin” and “symbol” as the password.

Symbol Wireless Switch WS 5000 Series.
Please enter your username and password to access the Command Line Interface.

userid: admin
password: *********

Retrieving user and system information...

Setting user permissions flags..
Checking KDC access permissions...

Welcome...

Creating the Event list...
System information...

System Name                  : sw16r-wireless
Description                  : WS5000 Wireless Network
Switch Location              : Data Center
Software Ver.                : 1.4.3.0-012R
Licensed to                  : Symbol Technologies
Copyright                    : Copyright (c) 2000-2005.  All rights reserved.
Serial Number                : 00A0F865B362
Number of Licenses           : 0
Max Access Ports             : 30
Max Mobile Clients           : 4096
Active Switch Policy         : Wireless Switch Policy
Emergency Switch Policy      : Not defined
Switch Uptime                : 35d:23h:41m
# of Unassigned Access Ports : 0

sw16r-wireless>

It’s advised to start out by backing up the switch configuration and then uploading that configuration to the TFTP server on the network. You’ll first need to delete the existing configuration file. (If the switch is a standby switch there is no need to backup the configuration file).

sw16r-wireless> del sw16-wireless.cfg
Removing sw16-wireless.cfg.... done.

sw16r-wireless> save configuration sw16-wireless.cfg
Saving running configuration in: sw16-wireless.cfg

Saving wireless network management configuration...
Configuration saved successfully.

sw16r-wireless> copy sw16-wireless.cfg tftp://10.101.20.1/sw16-wireless-tlh.cfg

Copying 'sw16-wireless-tlh.cfg' from Switch to tftp://10.101.20.1...
File: sw16-wireless-tlh.cfg copied successfully to 10.101.20.1

Once you’ve backed up the switch configuration you need to make room for the new image. Delete all the files from the flash memory. You can use the “dir” command and “del” command.

sw16r-wireless> dir
Date & Time        Bytes  File Name

Mar 29  2005        15480  WS5000Defaults_v1.4.1.0-014R.cfg
Jan 24  10:46    19591051  WS5000_v1.4.3.0-012R.sys.img
Jan 24  10:48       16138  WS5K_v1.4.1.0-014R-Upg.cfg
Oct  3  2005         6517  cmd_template.sym
Oct  3  07:22       17345  sw16-wireless-tlh.cfg

sw16r-wireless> del WS5000Defaults_v1.4.1.0-014R.cfg
Removing WS5000Defaults_v1.4.1.0-014R.cfg.... done.
sw16r-wireless> del WS5000_v1.4.3.0-012R.sys.img
Removing WS5000_v1.4.3.0-012R.sys.img.... done.
sw16r-wireless> del WS5K_v1.4.1.0-014R-Upg.cfg
Removing WS5K_v1.4.1.0-014R-Upg.cfg.... done.
sw16r-wireless> del cmd_template.sym
Removing cmd_template.sym.... done.
sw16r-wireless> del sw16-wireless-tlh.cfg
Removing sw16-wireless-tlh.cfg.... done.

Now you can go ahead and download the new system image and accompanying files via FTP. I’ve already placed the system image on the FTP server. The following files will need to be downloaded from the FTP server (10.101.20.1); WS5000_v2.1.0.0-029R.sys.kdi, dominfo, PreUpgradeScript, WS5k_domfix.cfg. You can confirm that the file gets copied down by listing the directory contents using “dir”.

sw16r-wireless> copy ftp system -u mcnamm
Enter the file name to be copied from FTP server : PreUpgradeScript
IP address of the FTP server : 10.101.20.1
Enter the user password : **********

Copying 'PreUpgradeScript' from ftp://10.101.20.1 to Switch...
Data connection mode : BINARY (Connecting as 'mcnamm')

Status : Transfer completed successfully
19633 bytes received in 0.0098 seconds (2e+03 Kbytes/s)
/bin/dedos: line 69: syntax error near unexpected token `dir'
/bin/dedos: line 69: `dedos -R

sw16r-wireless> copy ftp system -u mcnamm
Enter the file name to be copied from FTP server : dominfo
IP address of the FTP server : 10.101.20.1
Enter the user password : **********

Copying 'dominfo' from ftp://10.101.20.1 to Switch...
Data connection mode : BINARY (Connecting as 'mcnamm')

Status : Transfer completed successfully
48346 bytes received in 0.015 seconds (3.2e+03 Kbytes/s)

sw16r-wireless> copy ftp system -u mcnamm
Enter the file name to be copied from FTP server : WS5k_domfix.cfg
IP address of the FTP server : 10.101.20.1
Enter the user password : **********

Copying 'WS5k_domfix.cfg' from ftp://10.101.20.1 to Switch...
Data connection mode : BINARY (Connecting as 'mcnamm')

Status : Transfer completed successfully
1410387 bytes received in 0.15 seconds (9.5e+03 Kbytes/s)
Verifying configuration file...
Valid configuration file. Completing verification.

sw16r-wireless> copy ftp system -u mcnamm
Enter the file name to be copied from FTP server : WS5000_v2.1.0.0-029R.sys.kdi
IP address of the FTP server : 10.101.20.1
Enter the user password : **********

Copying 'WS5000_v2.1.0.0-029R.sys.kdi' from ftp://10.101.20.1 to Switch...
Data connection mode : BINARY (Connecting as 'mcnamm')

Status : Transfer completed successfully
39661568 bytes received in 22 seconds (1.8e+03 Kbytes/s)

sw16r-wireless> dir
Date & Time        Bytes  File Name

Oct  3  07:28       19633  PreUpgradeScript
Oct  3  07:29    39661568  WS5000_v2.1.0.0-029R.sys.kdi
Oct  3  07:28     1410387  WS5k_domfix.cfg
Oct  3  07:28       48346  dominfo

sw16r-wireless>

The next step is to execute the PreUpgradeScript and check if there is adequate space for the upgrade. You’ll need to enter “service mode” to execute the following commands. You can enter “service mode” by entering the command “service”. The password may either be “password” or the switch admin password.

sw16r-wireless> service
Enter CLI Service Mode password: ********
Enabling CLI Service Mode commands...... done.

SM-sw16r-wireless> launch -c chmod +x /image/PreUpgradeScript

SM-sw16r-wireless> launch -c /image/PreUpgradeScript freemem
PreUpgradeScript : freemem - computing Free memory
DOM firmware upgrade will NOT be performed
Finding out the Free Space Needed ... !!
Total Free Space on the System: 148 (in MB)
OK. Required space to do the upgrade exists .. !!

If you receive the “OK” you can go ahead with the upgrade. It may be necessary (with Wireless LAN Switch 5000s) to run the “PreUpgradeScript freemem” prior to downloading the WS5000_v2.1.0.sys.kdi image. The 5000 switches only have 128Mb of flash space available.

SM-sw16r-wireless> launch -c /image/PreUpgradeScript upgrade
PreUpgradeScript : upgrade - upgrading the system
Deciding on DOM firmware upgrade, based on switch platform
This is a butterfly 1.4.x series switch
This is WS5100 switch, no need for firmware upgrade
Verifying checksum for : dominfo
Checksum verification for dominfo : passed
Showing details of DOM

Model Number______________________: Kouwell DOM
Serial Number_____________________: HyFlash     00004020
Controller Revision Number________: 14/05/02

Able to do Double Word Transfer___: No
Controller buffer size (bytes)____: 512
Transfer Speed____________________: > 10 Mbit/sec
Drive Type________________________: Removable
IORDY Supported___________________: No
Can IORDY be disabled by device___: No
LBA Mode supported________________: Yes
DMA Supported_____________________: No
Number of ECC bytes transferred___: 4
Number of sectors per interrupt___: 1

Number of Cylinders_______________: 980
Number of Heads___________________: 16
Number of Sectors per Track_______: 32

Enter the Image Name: WS5000_v2.1.0.0-029R.sys.kdi
Verifying Image Checksum
Image Checksum Verification Passed
Saving the Configuration before upgrading
Saving wireless network management configuration...
Configuration saved successfully.
Creating the configuration tar
tar: Removing leading / from absolute path names in the archive.
image/upgrade.cfg
Copying the image
Rebooting the system
Shutting down snmpd agent.....done.
Shutting down apache server...done.
Shutting down cell controller.......done.
Shutting down database main thread...done.
Rebooting the switch...
Connection closed by foreign host.

Now you’ll need to wait.; it should take between 5 and 10 minutes for the switch to upgrade and reboot. After the switch has rebooted you can re-establish your telnet session;

[root@linux ~]# telnet sw16r-wireless.tlh.acme.org
Trying 10.115.255.253...
Connected to sw16r-wireless.tlh.acme.org (10.115.255.253).
Escape character is '^]'.
=========== WS5000 Switch ===========

Copyright(c) Symbol Technologies, Inc. 2005.
All rights reserved.

user name: cli

Symbol Wireless Switch WS 5000 Series.
Please enter your username and password to access the Command Line Interface.

userid: admin
password: *********

Retrieving user and system information...

Setting user permissions flags..
Checking KDC access permissions...

Welcome...

Creating the Event list...
System information...

System Name                  : sw16r-wireless
Description                  : WS5000 Wireless Network
Switch Location              : Data Center
Software Ver.                : 2.1.0.0-029R
Licensed to                  : Symbol Technologies
Copyright                    : Copyright (c) 2000-2005.  All rights reserved.
Serial Number                : 00A0F865B362
Number of Licenses           : 0
Max Access Ports             : 30
Max Mobile Clients           : 4096
MU Idle Timeout value        : 1800  seconds
Active Switch Policy         : Wireless Switch Policy
Emergency Switch Policy      : Not defined
Switch Uptime                : 00d:00h:03m
Global RF stats              : Disabled
# of Unassigned Access Ports : 0
CLI AutoInstall Status       : Enabled

sw16r-wireless> copy tftp system
Enter the file name to be copied from TFTP server : WS5000_v2.1.1.0-006R.sys.img
IP address of the TFTP server : 10.101.20.1

Copying 'WS5000_v2.1.1.0-006R.sys.img' from tftp://10.101.20.1 to Switch...
File: WS5000_v2.1.1.0-006R.sys.img copied successfully from 10.101.20.1
Verifying imagefile...
Valid imagefile. Completing verification.

sw16r-wireless> restore system WS5000_v2.1.1.0-006R.sys.img
This command will reset the system and boot up with the new restored image.
Do you want to continue (yes/no)  : yes

Restoring system image and configuration from WS5000_v2.1.1.0-006R.sys.img
It might take a few minutes.......

Saving wireless network management configuration...
Configuration saved successfully.
Stopping Postgres database.. done
Creating Default Configuration file for 2.1.1.0-006R..

Rebooting the switch...

Shutting down dhcp daemon.. done
Shutting down apache server in the SSL mode...done.
Cell controller not running.
Shutting down Postgres....done.
Connection closed by foreign host.

You’re all done.

The only issue I’ve discovered is that you need to re-configure the SNMP community string and TIMEZONE on any upgraded switch.

Enjoy.

First we’ll telnet into the primary switch (sw16-wireless.reh.acme.org) and backup its configuration copying it up to the TFTP server. Second we’ll telnet into the standby switch (sw16r-wireless.reh.acme.org) and then download the primary switch configuration via TFTP and then restore the configuration into the system.

Let’s start with the primary switch;

[root@linux root]# telnet sw16-wireless.reh.acme.org
Trying 10.115.255.12...
Connected to sw16-wireless.reh.acme.org (10.115.255.12).
Escape character is '^]'.

When prompted for the “user name” use “cli”.

user name:cli

Symbol Wireless Switch WS 5000 Series.
Please enter your username and password to access the Command Line Interface.

When prompted for the “userid” use defaults of “admin” and “symbol” for the password.

userid: admin
password: *********

Retrieving user and system information...

Setting user permissions flags..
Checking KDC access permissions...

Welcome...

Creating the Event list...
System information...

System Name                  : sw16-wireless.reh.acme.org
Description                  : WS5000 Wireless Network
Switch Location              : Data Center
Software Ver.                : 1.4.0.0-026R
Licensed to                  : Symbol Technologies
Copyright                    : Copyright (c) 2000-2005.  All rights reserved.
Serial Number                : 00A0F8658FC0
Number of Licenses           : 30
Max Access Ports             : 30
Max Mobile Clients           : 4096
Active Switch Policy         : Wireless Switch Policy
Emergency Switch Policy      : Not defined
Switch Uptime                : 00d:01h:01m
# of Unassigned Access Ports : 0

sw16-wireless.reh.acme.org>

Let’s start out by backing up the switch configuration;

sw16-wireless.reh.acme.org> save configuration sw16-wireless-reh.cfg
Saving running configuration in: sw16-wireless-reh.cfg
Saving wireless network management configuration ...

Let’s make sure the configuration file can be found on the file system;

sw16-wireless.reh.acme.org> dir
Date & Time        Bytes  File Name

Jan 25  18:11       15155  WS5000Defaults_v1.4.0.0-026R.cfg
Jan 25  18:35    18819400  WS5000_v1.4.0.0-026R.sys.img
Jan 25  17:05        6517  cmd_template.sym
Mar 28  12:24       16878  sw16-wireless-reh.cfg

Let’s upload that configuration to the TFTP server (10.101.20.1) on the network;

sw16-wireless-reh.acme.org> copy sw16-wireless-reh.cfg tftp://10.101.20.1/sw16-wireless-reh.cfg
Copying 'sw16-wireless-reh.cfg' from Switch to tftp://10.101.20.1...
File: sw16-wireless-reh.cfg copied successfully to 10.101.20.1
sw16-wireless.reh.acme.org>

The configuration file is now successfully on the TFTP server. We can now turn our attention to the standby switch. Let’s start by telneting into that switch (sw16r-wireless.reh.acme.org);

[root@linux root]# telnet sw16r-wireless.reh.acme.org
Trying 10.115.255.13...
Connected to sw16r-wireless.reh.acme.org (10.115.255.13).
Escape character is '^]'.

user name: cli

Symbol Wireless Switch WS 5000 Series.
Please enter your username and password to access the Command Line Interface.

userid: admin
password: *********

Retrieving user and system information...

Setting user permissions flags..
Checking KDC access permissions...

Welcome...

Creating the Event list...
System information...

System Name                  : sw16r-wireless
Description                  : WS5000 Wireless Network
Switch Location              : Data Center
Software Ver.                : 1.4.0.0-026R
Licensed to                  : Symbol Technologies
Copyright                    : Copyright (c) 2000-2005.  All rights reserved.
Serial Number                : 00A0F8658FC8
Number of Licenses           : 0
Max Access Ports             : 0
Max Mobile Clients           : 4096
Active Switch Policy         : Wireless Switch Policy
Emergency Switch Policy      : Not defined
Switch Uptime                : 00d:00h:11m
# of Unassigned Access Ports : 0

sw16r-wireless>

After we’re logged into the standby switch lets copy the primary switch configuration by TFTP;

sw16r-wireless.reh.acme.org> copy tftp system< Enter the file name to be copied from TFTP server : sw16-wireless-reh.cfg

Copying 'sw16-wireless-reh.cfg' from tftp://10.101.20.1 to Switch...
File: sw16-wireless-reh.cfg copied successfully from 10.101.20.1
Verifying configuration file...
Valid configuration. Completing verification.

Let’s just confirm that the configuration file appears on the file system;

sw16r-wireless.reh.acme.org> dir
Date & Time        Bytes  File Name

Jan 25  15:11       15155  WS5000Defaults_v1.4.0.0-026R.cfg
Jan 25  15:35    18819400  WS5000_v1.4.0.0-026R.sys.img
Jan 25  14:05        6517  cmd_template.sym
Mar 28  01:35       16878  sw16-wireless-reh.cfg

Let’s go ahead and restore the standby switch configuration from the primary switch configuration file;

sw15r-wireless.reh.acme.org> restore standby sw15-wireless-reh.cfg

This command will reset the system and boot up with the new configuration.

Do you want to continue (yes/no)  : yes

Restoring Stand By configuration from sw15-wireless-reh.cfg

Do you want to change Interface 1 static IP address(10.115.254.11)?
Creating the Event list...
Enter (yes/no)  : no
INFO: Static IP address not changed.

Do you want to change Interface 2 static IP address(10.115.255.11)?
Creating the Event list...
Enter (yes/no)  : no
INFO: Static IP address not changed.

Shutting down database main thread...done.
Rebooting the switch...
Connection closed by foreign host.

The standby switch should reboot at this point and should retain its original IP addressing. There is one last step required to make the standby switch a “hot” standby. The standby feature must be configured and enabled on both the primary and standby switches. The order in which you enable the standby feature is critical, so start on the standby switch by issuing the following commands;

sw16r-wireless.reh.acme.org> configure
sw16r-wireless.reh.acme.org.(Cfg)> standby
sw16r-wireless.(Cfg).StandBy> set autorevert enable

Configuring Standby....
Status : Success.

Standby Management:

StandBy mode                         : Standby
Standby Status                       : Disable
State                                : Startup
Failover Reason                      :
Standby Connectivity status          : Not Connected
Standby AutoRevert Mode              : Enable
Standby AutoRevert Delay             : 15 Minutes

Interface (Ethernet) 1
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Enable
Received Heart-Beat               : No

Interface (Ethernet) 2
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Disable
Received Heart-Beat               : No

sw16r-wireless.(Cfg).StandBy> enable

Enabling...
Status : Success.

Standby Management:

StandBy mode                         : Standby
Standby Status                       : Enable
State                                : Startup
Failover Reason                      :
Standby Connectivity status          : Not Connected
Standby AutoRevert Mode              : Enable
Standby AutoRevert Delay             : 15 Minutes

Interface (Ethernet) 1
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Enable
Received Heart-Beat               : No

Interface (Ethernet) 2
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Disable
Received Heart-Beat               : No

With the standby configured properly go ahead and issue the following commands on the primary;

sw16-wireless.reh.acme.org> configure
sw16-wireless.reh.acme.org.(Cfg)> standby
sw16-wireless.reh.acme.org.(Cfg).StandBy> set autorevert enable

Configuring Standby....
Status : Success.

Standby Management:

StandBy mode                         : Primary
Standby Status                       : Disable
State                                : Startup
Failover Reason                      :
Standby Connectivity status          : Not Connected
Standby AutoRevert Mode              : Enable
Standby AutoRevert Delay             : 15 Minutes

Interface (Ethernet) 1
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Enable
Received Heart-Beat               : No

Interface (Ethernet) 2
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Disable
Received Heart-Beat               : No

sw16-wireless.reh.acme.org.(Cfg).StandBy> enable

Enabling...
Status : Success.

Standby Management:

StandBy mode                         : Primary
Standby Status                       : Enable
State                                : Find standby
Failover Reason                      :
Standby Connectivity status          : Not Connected
Standby AutoRevert Mode              : Enable
Standby AutoRevert Delay             : 15 Minutes

Interface (Ethernet) 1
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Enable
Received Heart-Beat               : No

Interface (Ethernet) 2
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Disable
Received Heart-Beat               : No

Then confirm that the primary has connected with the standby switch by issuing the following command and confirm that the “Standby Status” is “Enable” and that the “State” is “Connected”;

sw16-wireless.reh.acme.org.(Cfg).StandBy> show

Standby Management:

StandBy mode                         : Primary
Standby Status                       : Enable
State                                : Connected
Failover Reason                      :
Standby Connectivity status          : Connected
Standby AutoRevert Mode              : Enable
Standby AutoRevert Delay             : 15 Minutes

Interface (Ethernet) 1
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Enable
Received Heart-Beat               : Yes

Interface (Ethernet) 2
----------------------
StandBy Heart-Beat MAC            : Auto Discovery Enabled
Heart-Beat status                 : Disable
Received Heart-Beat               : No

sw16-wireless.reh.acme.org.(Cfg).StandBy>

That’s all folks.

You should connect to the console port a serial cable (null) with 19200,8,N,1.

The example below will configure Ethernet 2 as a trunk port with the management interface in VLAN 200 (10.107.255.199/24) and the default gateway as 10.107.255.1. The order of the commands is very important when you start to trunk the interface.

Please press Enter to activate this console.
WS5100 release 3.0.3.0-003R
Login as 'cli' to access CLI.
WS5100 login: cli

User Access Verification

Username: admin
Password: *********
Welcome to CLI

WS5100>
WS5100> enable
WS5100# configure terminal

WS5100(config)# interface eth2

WS5100(config-if)# switchport mode trunk
WS5100(config-if)# switchport trunk native vlan 200
WS5100(config-if)# switchport trunk native tagged
WS5100(config-if)# switchport trunk allowed vlan none
WS5100(config-if)# switchport trunk allowed vlan add 200
WS5100(config-if)# exit

WS5100(config)#interface vlan 200
WS5100(config-if)# ip address 10.107.255.199/24
WS5100(config-if)# management
WS5100(config-if)# exit

WS5100(config)# interface vlan 1
WS5100(config-if)# no ip address
WS5100(config-if)# shutdown
WS5100(config-if)# exit
WS5100(config)# ip default-gateway 10.107.255.1
WS5100(config)# end
WS5100# write memory

Once you’ve complete those steps you should be able to ping the device. At that point you can connect to the web based console to complete the configuration.

https://10.107.255.199

You should of course substitute the IP addresses above with your own addresses.

Cheers!