User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
XI
ES520 Bridge: Glossary
Fortress Security System
The secure network deployment of one or more Fortress Bridges and the Fortress
Secure Clients and/or Secure Client Bridges that will communicate with the Bridge(s).
Fortress Secure Bridge
Fortress’s ES300 model network device for securing communications between wireless
devices and a LAN, or between devices within a LAN, or in a networked configuration.
Fortress Secure Wireless Bridge
Fortress’s ES520 model and ES210 model radio-equipped network devices that can act
as wireless access points and/or bridges in a mesh network.
FQDN
Fully Qualified Domain Name—the complete, unambiguous domain name specifying the
exact location in the DNS hierarchy of a particular entity on the network.
frame
In Fortress Technologies GUIs, a portion of a larger screen or dialog, graphically set
apart from other elements on the screen and providing the interface for a specific fea-
ture or function set.
In IT, a packet of data transmitted/received.
gateway
In IT, a node on a network, usually a router, that provides a connection to another net-
work.
GINA
A library developed by Microsoft®; it is a component of some Microsoft Windows®
operating systems and provides secure authentication and interactive logon services.
GPS Global Positioning System
groups
An association of network objects (users, devices, etc.) typically used to allocate shared
resources and apply access policies.
GUI
graphical user interface—a user interface in which the user manipulates various interac-
tive objects (menu items, buttons, etc.) displayed on the monitor screen.
hash function
Mathematical computation for deriving a condensed representation or
hash value
, usu-
ally a fixed-size string, from a variable-size message or data file.
HTTP
Hypertext Transfer Protocol—used to transmit and receive all data over the World Wide
Web.
HTTPS HTTP Secure sockets—HTTP with an encryption/authentication layer.
IANA
Internet Assigned Number Authority—the organization that assigns Internet Protocol
(IP) addresses and port numbers.
ICMP
Internet Control Message Protocol —supports packets containing error, control, and
informational messages. The ping command uses ICMP to test an Internet connection.
IDS
Intrusion Detection System—monitors network activity to identify suspicious patterns
that may indicate a network or system attack and supports automated and/or manual
real-time responses.
IEEE
Institute of Electrical and Electronics Engineers—a nonprofit technical professional
association that develops, promotes, and reviews standards within the electronics and
computer science industries.
IETF Internet Engineering Task Force—the primary standards organization for the Internet.
IGMP
Internet Group Management Protocol—The portion of the IP multicast specification that
describes dynamically managing the membership of multicast groups.
Internet Protocol Suite
Also, TCP/IP—the basic, two-part communication protocol in use on the Internet (refer
to IP and TCP).
IP
Internet Protocol—defines a method for transmitting data, in packets, from one com-
puter to another over a network; one of the founding protocols in the TCP/IP suite of
networking protocols.
IPS
Intrusion Prevention System—allows network administrators to apply policies and rules
to network traffic, as it is monitored by an intrusion detection system.