User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
IX
ES520 Bridge: Glossary
ATM
Asynchronous Transfer Mode—a technology for transferring data over a network in
packets or cells of a fixed size.
BGP
Border Gateway Protocol—a protocol, defined by RFC 1771, for interautonomous sys-
tem routing; the interdomain routing protocol used by TCP/IP.
BPM
In FIPS, bypass mode—state in which cleartext is allowed to pass on an encrypted
interface.
bridge A network device that connects two networks or two segments of the same network.
Bridge Refer to
Fortress Secure Bridge
and
Fortress Secure Wireless Bridge.
Bridge GUI
The browser-based graphical user interface through which a Fortress Bridge is config-
ured and managed, locally or remotely.
BSS
Basic Service Set—the primary collection of entities associated in a wireless network, as
defined in the IEEE 802.11 standard.
CAC
Common Access Card—a United States Department of Defense (DoD) smartcard issued
as standard identification for active duty military personnel, reserve personnel, civilian
employees, and eligible contractor personnel.
CCITT
Comite Consultatif Internationale de Telegraphie et Telephonie, former name of the
ITU-T.
CLI
command-line interface—a user interface in which the user enters textual commands
on a single line on the monitor screen.
client
In client-server architecture, an application that relies on another, shared application
(server) to perform some of its functions, typically for an end-user device.
Client Refer to
Fortress Secure Client
.
Controller Refer to
Fortress Controller
.
controller device See Fortress controller device
Controller GUI
The browser-based graphical user interface through which the Fortress Controller is
configured and managed, locally or remotely.
Crypto Officer password
A FIPS-defined term—sometimes,
Crypto password
—the a
dministrator password
in For-
tress devices operating in
FIPS
mode.
Data Link Layer Refer to
DLC
.
dBi
decibels over isotropic—a unit of measure of RF antenna gain: the power emitted by an
antenna in its direction of strongest RF emission divided by the power that would be
transmitted by an isotropic antenna emitting the same total power.
dBm
decibels referenced to milliwatts—an absolute (non-relative) unit of power measure-
ment that indicates the ratio, in decibels (dB), of measured power referenced to one
milliwatt (mW)
DES
Data Encryption Standard—formerly, a FIPS-approved NIST standard for data encryp-
tion using 64 bits (56-bit encryption, 8 parity bits). NIST withdrew its FIPS-approval for
DES on May 19, 2005.
device authentication
In Fortress Technologies products, a means of controlling network access at the level of
individual devices, tracking them via their generated Device IDs and providing controls
to explicitly allow and disallow them on the network; one of the factors in Fortress’s
Multi-factor Authentication™.
Device ID
In Fortress Technologies products, a 16-digit hexadecimal value generated for and
unique to each Fortress Bridge, Controller or MSP Secure Client device on the Fortress-
secured network. Device IDs are used for
device authentication
and are neither modifi-
able nor transferable.