User Guide
Table Of Contents
- Front
- Introduction
- Bridge GUI and Administrative Access
- 2.1 Bridge GUI
- 2.2 Administrative Accounts and Access
- 2.2.1 Global Administrator Settings
- 2.2.2 Individual Administrator Accounts
- 2.2.2.1 Administrator User Names
- 2.2.2.2 Account Administrative State
- 2.2.2.3 Administrative Role
- 2.2.2.4 Administrator Audit Requirement
- 2.2.2.5 Administrator Full Name and Description
- 2.2.2.6 Administrator Interface Permissions
- 2.2.2.7 Administrator Passwords and Password Controls
- 2.2.2.8 Adding Administrative Accounts
- 2.2.2.9 Editing Administrative Accounts
- 2.2.2.10 Deleting Administrative Accounts
- 2.2.2.11 Changing Administrative Passwords
- 2.2.2.12 Unlocking Administrator Accounts
- 2.2.3 Administrator IP Address Access Control
- 2.2.4 SNMP Administration
- Network and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Bridging Configuration
- 3.3 Radio Settings
- 3.3.1 Advanced Global Radio Settings
- 3.3.2 Individual Radio Settings
- 3.3.3 DFS Operation and Channel Exclusion
- 3.3.4 Radio BSS Settings
- 3.3.4.1 BSS Administrative State and Name
- 3.3.4.2 BSS SSID and Advertise SSID
- 3.3.4.3 Wireless Bridge and Minimum RSS
- 3.3.4.4 User Cost Offset and FastPath Mesh Mode
- 3.3.4.5 BSS Switching Mode and Default VLAN ID
- 3.3.4.6 BSS G Band Only Setting
- 3.3.4.7 BSS WMM Setting
- 3.3.4.8 BSS DTIM Period
- 3.3.4.9 BSS RTS and Fragmentation Thresholds
- 3.3.4.10 BSS Unicast Rate Mode and Maximum Rate
- 3.3.4.11 BSS Multicast Rate
- 3.3.4.12 BSS Description
- 3.3.4.13 BSS Fortress Security Setting
- 3.3.4.14 BSS Wi-Fi Security Settings
- 3.3.4.15 Configuring a Radio BSS
- 3.3.5 ES210 Bridge STA Settings and Operation
- 3.3.5.1 Station Administrative State
- 3.3.5.2 Station Name and Description
- 3.3.5.3 Station SSID
- 3.3.5.4 Station BSSID
- 3.3.5.5 Station WMM
- 3.3.5.6 Station Fragmentation and RTS Thresholds
- 3.3.5.7 Station Unicast Rate Mode and Maximum Rate
- 3.3.5.8 Station Multicast Rate
- 3.3.5.9 Station Fortress Security Status
- 3.3.5.10 Station Wi-Fi Security Settings
- 3.3.5.11 Establishing an ES210 Bridge STA Interface Connection
- 3.3.5.12 Editing or Deleting the ES210 Bridge STA Interface
- 3.3.5.13 Enabling and Disabling ES210 Bridge Station Mode
- 3.4 Basic Network Settings Configuration
- 3.5 Location or GPS Configuration
- 3.6 DHCP and DNS Services
- 3.7 Ethernet Interface Settings
- 3.7.1 Port Administrative State
- 3.7.2 Port Speed and Duplex Settings
- 3.7.3 Port FastPath Mesh Mode and User Cost Offset
- 3.7.4 Port Fortress Security
- 3.7.5 Port 802.1X Authentication
- 3.7.6 Port Default VLAN ID and Port Switching Mode
- 3.7.7 Port QoS Setting
- 3.7.8 Port Power over Ethernet
- 3.7.9 Configuring Ethernet Ports
- 3.8 QoS Implementation
- 3.9 VLANs Implementation
- 3.10 ES210 Bridge Serial Port Settings
- Security, Access, and Auditing Configuration
- 4.1 Fortress Security
- 4.1.1 Operating Mode
- 4.1.2 MSP Encryption Algorithm
- 4.1.3 MSP Key Establishment
- 4.1.4 MSP Re-Key Interval
- 4.1.5 Access to the Bridge GUI
- 4.1.6 Secure Shell Access to the Bridge CLI
- 4.1.7 Blackout Mode
- 4.1.8 FIPS Self-Test Settings
- 4.1.9 Encrypted Data Compression
- 4.1.10 Encrypted Interface Cleartext Traffic
- 4.1.11 Encrypted Interface Management Access
- 4.1.12 Guest Management
- 4.1.13 Cached Authentication Credentials
- 4.1.14 Fortress Beacon Interval
- 4.1.15 Global Client and Host Idle Timeouts
- 4.1.16 Changing Basic Security Settings:
- 4.1.17 Fortress Access ID
- 4.2 Internet Protocol Security
- 4.3 Authentication Services
- 4.3.1 Authentication Server Settings
- 4.3.2 The Local Authentication Server
- 4.3.2.1 Local Authentication Server State
- 4.3.2.2 Local Authentication Server Port and Shared Key
- 4.3.2.3 Local Authentication Server Priority
- 4.3.2.4 Local Authentication Server Max Retries and Retry Interval
- 4.3.2.5 Local Authentication Server Default Idle and Session Timeouts
- 4.3.2.6 Local Authentication Server Global Device, User and Administrator Settings
- 4.3.2.7 Local 802.1X Authentication Settings
- 4.3.2.8 Configuring the Local RADIUS Server
- 4.3.3 Local User and Device Authentication
- 4.4 Local Session and Idle Timeouts
- 4.5 ACLs and Cleartext Devices
- 4.6 Remote Audit Logging
- 4.1 Fortress Security
- System and Network Monitoring
- System and Network Maintenance
- Index
- Glossary
Bridge GUI Guide: Network Configuration
84
NOTE: Radio Band
settings are cov-
ered in detail in Section
3.3.2.2).
The default Unicast Maximum Rate for a new STA interface is 54
Mbps
, which specifies the highest setting possible in either
frequency band.
You can configure
Unicast Rate Mode and Unicast Maximum
Rate only in Advanced View.
3.3.5.8 Station Multicast Rate
The bit rate at which a wireless interface sends multicast
frames is negotiated per connection.
Multicast Rate sets a floor
for multicast transmissions by specifying the lowest bit rate at
which the
STA Interface will send multicast frames.
A
STA Interface on a radio configured by default to use the 2.4
GHz 802.11g band has a default
Multicast Rate of 1 Mbps, which
is appropriate for an interface using the 2.4 GHz frequency
band. Fortress recommends leaving a
STA Interface in the
802.11g band at the default
Multicast Rate of 1.
A
STA Interface on a radio fixed on, or configured by default to
use, the 5 GHz 802.11a band has a default
Multicast Rate of
6Mbps, which is appropriate for an interface using the 5 GHz
frequency band. Fortress recommends leaving a
STA Interface
in the 802.11a band at the default
Multicast Rate of 6.
You can configure
Multicast Rate only in Advanced View.
3.3.5.9 Station Fortress Security Status
Fortress Security is displayed view-only for the STA Interface.
Fortress’s MSP (Mobile Security Protocol) cannot be applied to
the
STA Interface, so the field will always display Clear.
3.3.5.10 Station Wi-Fi Security Settings
Your selection in the
Wi-Fi Security field of the Add Station Mode
frame determines the additional fields you must configure for
that setting.
Wi-Fi Security: None
By default, no Wi-Fi security is applied to traffic on a STA
Interface
. Traffic on a STA Interface with a Wi-Fi Security setting
of None is unsecured.
WPA, WPA2 and WPA2-Mixed Security
NOTE: Enterprise
WPA and WPA2
modes require an 802.1X
authentication service to
be available, as part of
the Bridge configuration
(Section 4.3.2.7) or exter-
nally (Section 4.3.1).
WPA (Wi-Fi Protected Access) and WPA2 are the enterprise
modes of WPA (as distinguished from the
pre-shared key
modes described below). You can specify that
WPA or WPA2 be
used exclusively by the
STA Interface, or you can configure it to
be able to use either by selecting
WPA2-Mixed.
WPA and WPA2 use EAP-TLS (Extensible Authentication
Protocol-Transport Layer Security) to authenticate network
connections via X.509 digital certificates. In order for a Bridge
in station mode to successfully negotiate a WPA/WPA2 client
connection, you must have specified a locally stored key pair
and certificate to use to authenticate the Bridge as an EAP-TLS