User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
Bridge GUI Guide: Network Configuration
105
NOTE: There is
only one VLAN
trunk per Bridge, used
by all
Trunk ports. It is
defined by the Bridge’s
VLAN Active ID Table
(Section 3.9.3).
Trunk - configures the port to accept incoming packets
with any VLAN tag in the VLAN ID table and to send
packets with their VLAN tagging information
unchanged, including 802.1p priority tags, provided that
the port’s QoS override function is disabled (see
QoS,
below).
Refer to Section 3.9 and to Table 3.14 for a complete
description of VLAN handling on the Bridge.
To support QoS, the Bridge treats incoming priority-tagged
packets (characterized by a VLAN ID of zero) as untagged
packets, but marks them for sorting into QoS priority queues
according to the user-priority value contained in their VLAN
tags. (Refer to Section 3.8 for details on the Bridge’s QoS
implementation).
You can configure VLAN port settings only in Advanced View.
3.7.7 Port QoS Setting
QoS enables/disables the port’s Quality of Service override
feature. When enabled, the port’s QoS function forces all traffic
on the port into the specified QoS priority queue and adds a
priority marking for that queue to each packet. Bridge priority
markings replace any 802.1p Quality of Service (QoS) tags
included in the packets.
If a packet received on the port is transmitted wirelessly, the
Bridge uses the priority marking to determine its WMM (Wi-Fi
Multimedia) priority level. If the packet egresses over an
Ethernet port with a VLAN
Switching Mode of Trunk (described
above), the Bridge priority marking is inserted into the packet’s
VLAN tag for QoS processing. (Ethernet ports with a
Switching
Mode of Access do not send VLAN tags and so cannot include
priority tags.)
By default, the QoS override is set to
None on all ports, which
disables the function. Alternatively, you can choose to
associate all traffic on the port with the Bridge’s
Low, Medium,
High or Critical priority queue. (Refer to Section 3.8 for more
information on QoS priority queues.)
You can configure QoS settings only in Advanced View.
3.7.8 Port Power over Ethernet
NOTE: The ES520
can supply a maxi-
mum 36 Watts of PoE
overall and up to 16 W
per vertically stacked
port-pair, to connected
PDs. (Refer to the ES520
Hardware Guide for de-
tails.)
Only the ES520 Bridge can act as Power over Ethernet Power
Sourcing Equipment (PoE PSE), and only via the eight ports of
its internal LAN switch, labeled
lan1–lan8 in the Bridge GUI.
The
PSE setting determines whether the port will serve PoE to
connected Powered Devices (PDs).
PSE is Disabled by default.
It must be
Enabled on every port through which you want to
supply PSE, i.e., on all ports connected to PDs.