User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
XV
ES520 Bridge: Glossary
SWLAN Secure Wireless Local Area Network
symmetric key encryption
A class of cryptographic algorithm in which a shared secret between two or more par-
ties is used to maintain a private connection between or among them.
Tactical Mesh Point
In Fortress Secure Wireless Bridges, alternative name for the ES210 Secure Wireless
Bridge.
TCP
Transmission Control Protocol—defines a method for reliable (i.e., in order, with integ-
rity checking) delivery of data packets over a network; one of the founding protocols in
the TCP/IP suite of networking protocols.
TCP/IP
Transmission Control Protocol/Internet Protocol, also Internet Protocol Suite—the basic,
two-part communication protocol in use on the Internet (refer to IP and TCP).
TLS
Transport Layer Security—a two-part protocol that defines secure data transmission
between client/server applications communicating over the Internet. TLS Record Proto-
col uses data encryption to secure data transfer, and the TLS Handshake Protocol allows
the client and server to authenticate each other and negotiate the encryption method
to use before exchanging data.
Trusted Device
In Fortress Technologies products, a device that does not have the Secure Client
installed but is allowed network access through rules defined for it on the Fortress
Bridge.
trusted hierarchy Refer to PKI.
UDP
User Datagram Protocol—defines a method for “best effort” delivery of data packets
over a network that, like TCP, runs on top of IP but, unlike TCP, does not guarantee the
order of delivery or provide integrity checking.
UI
User Interface—the means by which a human end user provides input to and receives
output from computer software.
ULA
Unique Local Address—an IPv6 globally unique unicast address (subnet identifier),
defined in IETF RFC 4193, intended for local (intranet) communications and not
intended to be routable on the Internet.
user authentication
A mechanism for requiring users to submit established credentials (user name and
password, smartcard, etc.) and checking the validity of these credentials before allow-
ing users to log on to a device or network.
user password
The password an end must enter in order to access a network or device that requires
user authentication (compare administrator password).
VLAN
Virtual Local Area Network—a collection of computers configured through software to
behave as though they are members of the same network, even though they may be
physically connected to separate subnets.
VoIP
Voice over IP, sometimes VOI (Voice over Internet)—any of several means for transmit-
ting audio communications over the Internet.
VPN
Virtual Private Network—a private network of computers connected, entirely or in part,
by public phone lines.
WAN
Wide Area Network—a collection of interconnected computers covering a large geo-
graphic area.
WDS
Wireless Distribution System—a means for interconnecting multiple stations (STAs),
access points or nodes in a wireless network.
WEP
Wired Equivalent Privacy—a security protocol for wireless networks, defined in the IEEE
802.11b amendment. WEP has been found to be vulnerable to attack, and WPA is
intended to supplant it in current and future 802.11 standards.
Wi-Fi®
Wireless Fidelity—used generically to refer to any type of 802.11 network (referred
originally to the narrower 802.11b specification for WLANs).