User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
XIV
ES520 Bridge: Glossary
QoS Quality of Service
RSA SecurID® An authentication method created and owned by RSA Security.
RADIUS
Remote Authentication Dial-In User Service—an authentication service design that
issues challenges to connecting users for their usernames and passwords and authenti-
cates their responses against a database of valid usernames and passwords; described
in RFC 2865.
RF Radio Frequency
RFC
Request for Comments—a document proposing an Internet standard that has been
accepted by the IETF as potentially developing into an established Internet standard.
RSN
Robust Security Network
- the concept, introduced in the 802.11i amendment to the
IEEE 802.11 standard, of a wireless security network that allows only
RSNAs
to be cre-
ated.
RSNA
Robust Security Network Association
- in the IEEE 802.11i amendment, a wireless con-
nection between 802.11i entities established through the 802.11i 4-Way Handshake key
management scheme.
RRL
Resilient Radio Link—in Fortress Secure Wireless Bridges, active wireless links that form
along the best available path between the WDS-enabled BSSs of networked Bridges.
RRLs provide fault-tolerant connections for Fortress’s self-healing wireless networks.
SCB Refer to
Fortress Secure Client Bridge
.
Secure Client Refer to
Fortress Secure Client
.
Secure Client Bridge Refer to
Fortress Secure Client Bridge
.
Secure Client device
In Fortress Technologies products, a device such as a laptop, PDA, tablet PC, or barcode
scanner, that has the Fortress Secure Client installed and configured to permit the
device to communicate on the Fortress-secured network.
SFP Small Form Pluggable—shorthand for fiber optic Small Form Pluggable transceiver.
SHA
Secure Hash Algorithm, cryptographic hash functions developed by the NSA and pub-
lished by NIST in FIPS 180-2.
SHS
Secure Hash Standard—FIPS-approved NIST standard specifying five secure hash algo-
rithms: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
SLIP
Serial Line Internet Protocol—a method for communicating over serial lines, developed
for dial-up connections.
SMTP
Simple Mail Transfer Protocol—describes a method for transmitting e-mail between
servers.
SNMP
Simple Network Management Protocol—a set of protocols for simplifying management
of complex networks. The SNMP server sends requests (PDUs) to network devices, and
SNMP-compliant devices (SNMP agents) respond with data about themselves (stored in
MIBs).
SNMP agent
Any network device running the SNMP daemon and storing a MIB, a client of the SNMP
server.
SSH®
Secure Shell®, sometimes, Secure Socket Shell—a protocol, developed by SSH Com-
munication Security®, for providing authenticated and encrypted logon, file transfer
and remote command execution over a network.
SSID Service Set Identifier—a unique name that identifies a particular wireless network
STP
Spanning Tree Protocol—a link management protocol, operating at OSI layer 2, that
prevents bridging loops while permitting path redundancy in a bridged network.
Suite B
A set of cryptographic algorithms promulgated by the National Security Agency as part
of its Cryptographic Modernization Program. Suite B is available in the Secure Client
when licensed.