User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
XIII
ES520 Bridge: Glossary
MRP
Mesh Radio Port—in Fortress Secure Wireless Bridges, a pair-wise network link formed
between WDS-enabled BSSs configured on the Bridges.
MSI The Microsoft installer system written by Microsoft for Windows platforms.
MSP
The Fortress protocol that provides authentication and encryption at the Media Access
Control (MAC) sublayer, within the Data Link Layer (Layer 2) of the Open System Inter-
connection (OSI) networking model.
Multi-factor Authentication™
In Fortress Technologies products, the combination of network authentication (through
the network Access ID), device authentication (through the Device ID), and user
authentication (through user credentials), that guards the network against unwanted
access.
multiplexing The practice of transmitting multiple signals over a single connection.
NetBIOS
Network Basic Input/Output System—an API that originally provided basic I/O services
for a PC-Network and that has been variously adapted and augmented to support cur-
rent LAN/WLAN technologies.
network authentication
In Fortress Technologies products, the requirement that all devices must authenticate
with the correct
Access ID
in order to connect to the Fortress-secured network; one of
the factors in Fortress’s Multi-factor Authentication™.
network resource
An entity on the network that provides a service or function, such as e-mail or printing,
to devices and users on the network.
NIC
Network Interface Card—computer circuit board that enables a computer to connect to
a network.
NIAP
National Information Assurance Partnership—a collaboration between NIST and the
National Security Agency (NSA), in response to the Computer Security Act of 1987 (PL
100-235), to promote sound security requirements for IT products and systems and
appropriate measures for evaluating them.
NIST
National Institute of Standards and Technology, the U.S. Government agency responsi-
ble for publishing FIPS.
NMP
Non-Mesh Point—in Fortress Secure Wireless Bridges, any node on a Fortress FastPath
Mesh network that is not an MP.
NSA
National Security Agency—United States intelligence agency administered by the
Department of Defense.
NTLM Windows NT LAN Manager—a user authentication protocol developed by Microsoft®.
operating mode
In Fortress Technologies products, the way in which access controls and cryptographic
processing are implemented on the Fortress-secured network.
OSI Model
Open System Interconnection Model—an ISO standard that defines a networking
framework for implementing data transfer and processing protocols in seven layers.
(Also see,
DLC
.)
PAN
Personal Area Network—a collection of networked computers and devices worn by or
within reach of an individual person
PDU
Protocol Data Unit—often synonymous with
packet
, a unit of data and/or control infor-
mation as defined by an OSI layer protocol.
PKI
Public Key Infrastructure (PKI), a system of digital certificates and other registration
authorities that authenticate the validity of each party involved in an Internet transac-
tion; sometimes, trusted hierarchy.
policy
The means by which access to the secure network and its resources are controlled for
users, devices and groups.
PPP
Point-to-Point Protocol—a method for communicating TCP/IP traffic over serial point-to-
point connections.