User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
XII
ES520 Bridge: Glossary
IPsec
Internet Protocol security—a set of protocols developed by the IETF to support secure
exchange of packets at the IP layer, deployed widely to implement VPNs.
IPv4
Internet Protocol version 4—the first widely implemented and still the most prevalent
version of IP.
IPv6
Internet Protocol version 6—the next version of IP slated for wide implementation,
intended to overcome the limitations of, and to eventually replace, IPv4.
ISO
International Organization for Standardization, formerly the International Standards
Organization—ISO still refers to standards (ex., ISO 9000); the whole name refers to
the organization, sometimes appending the earlier initialization in parentheses.
isotropic antenna
A theoretical, idealized antenna that would transmit power uniformly in all directions;
used to measure antenna gain in dBi.
IT Information Technology
ITU-T
International Telecommunications Union-Telecommunication, Geneva-based interna-
tional organization for telecommunications standards, formerly CCITT.
key establishment
An transaction through which two parties with no prior knowledge of one another can
agree upon a shared secret key for symmetric key encryption of data over an insecure
channel. Sometimes, key exchange.
LAN
Local Area Network—a collection of computers located within a small area (such as an
office building) that shares a common communications infrastructure and network
resources (i.e., printers, servers, etc.).
Layer 2 Refer to DLC.
LDAP
Lightweight Directory Access Protocol—a protocol used to access directories on a net-
work, including the Internet. LDAP makes it possible to search compliant directories to
locate information and resources on a network. LDAP is a streamlined version of the
Directory Access Protocol, part of the X.500 standard for network directory services.
LLC
Logical Link Control—one of two sublayers of OSI Layer 2 (refer to
DLC
), in which frame
synchronization, flow control and error checking takes place.
MAC
Media Access Control—one of two sublayers of the OSI Model’s DLC, at which data
access and transmission permissions are controlled.
MAC address
Media Access Control address—a unique number that identifies a device, used to prop-
erly direct network traffic to the device.
MAN
Metropolitan Area Network—a collection of interconnected computers within a town or
city.
MBG
Mesh Border Gateway—in Fortress Secure Wireless Bridges, an MP that connects the
FastPath Mesh network to a conventional hierarchical network.
MIB
Management Information Base—SNMP-compliant information that an SNMP agent
stores about itself and sends in response to SNMP server requests (PDUs).
MITM
Man in the Middle attack—a network security breach in which an attacker is able to
intercept, read, insert and modify messages between two parties without their knowing
that the link between them has been compromised.
MLD
Multicast Listener Discovery—a means, defined in the IPv6 ICMPv6 protocol, of discov-
ering multicast listeners on a directly attached link (analogous to IGMP in IPv4).
MobileLink™
In GE Medical Systems
Information Technologies
, a proprietary method for wireless
transmission of serial output.
MP
Mesh Point—in Fortress Secure Wireless Bridges, a Bridge on which FastPath Mesh rout-
ing is enabled.
MRD
Multicast Router Discovery—a mechanism, defined in IETF RFC 4286, for identifying
multicast routers independent of the multicast routing protocol they use.