User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
X
ES520 Bridge: Glossary
DHCP
Dynamic Host Configuration Protocol—an Internet protocol describing a method for
flexibly assigning device IP addresses from a defined pool of available addresses as
each networked device comes online, through a client-server architecture. DHCP is an
alternative to a network of fixed IP addresses.
Diffie-Hellman key establishment
A protocol by which two parties with no prior knowledge of one another can agree upon
a shared secret key for symmetric key encryption of data over an insecure channel.
Also,
Diffie-Hellman-Merkle key establishment
;
exponential key exchange
.
DLC
Data Link Control—the second lowest network layer in the OSI Model, also referred to
as the
Data Link Layer
,
OSI Layer 2
or simply
Layer 2
. The DLC layer contains two sub-
layers: the MAC and LLC layers.
DMZ
Demilitarized Zone—in IT, a computer (or subnet) located between the private LAN and
a public network, usually the Internet.
DNS
Domain Name System
,
Server
or
Service
—a system or network service, defined in the
TCP/IP Internet Protocol Suite, that translates between textual domain and host names
and numerical IP addresses.
DoD Department of Defense—the United States military.
EAP
Extensible Authentication Protocol—defined by RFC 2284, a general protocol for user
authentication. EAP is implemented by a number of authentication services, including
RADIUS.
EAP-MD5
An EAP security algorithm developed by RSA Security® that uses a 128-bit generated
number string to verify the authenticity of data transfers.
EAP-TLS
EAP-Transport Layer Security—a Point-to-Point Protocol (PPP) extension supporting
mutual authentication, integrity-protected cipher suite negotiation, and key exchange
between two endpoints, within PPP.
EAP-TTLS
EAP-Tunneled TLS—An EAP-TLS protocol developed by Funk and Certicom that uses
TLS to establish a secure connection between a client and server.
ES300 The Fortress hardware model identifier of the
Secure Bridge
.
ES520 The Fortress hardware model identifier of the
Secure Wireless Bridge
.
failover
A device or system configuration in which two, identical components are installed for a
given function so that if one of them fails the redundant component can carry on oper-
ations without substantial service interruption. Also, an instance in which an active
component becomes inoperative and
fails over
operations to its partner.
FC-X The Fortress hardware model identifier of the
Fortress Controller
.
FIPS
Federal Information Processing Standards—issued by NIST, FIPS mandate how IT,
including network security, is implemented by the U.S. government and associated
agencies.
FIPS operating mode
In Fortress Technologies products, the operating mode that complies with FIPS 140-2
Security Level 2.
Fortress Controller
Sometimes,
Fortress Security Controller
—Fortress’s FC-
X
model network device for
securing communications between wireless devices and a LAN, or between devices
within a LAN, or in a networked configuration.
Fortress controller device A collective noun for Fortress network devices (Fortress Bridges and Controllers).
Fortress Secure Client
A software client module for securing network communications on devices such as lap-
tops, PDAs, tablet PCs, and industrial equipment such as barcode scanners and porta-
ble terminals.
Fortress Secure Client Bridge
Also,
Fortress
SCB
or
SCB
—a hardware device for providing wireless connectivity and
securing network communications on wired devices such as portable medical equip-
ment and point-of-sale (POS) terminals.