User's Manual
Table Of Contents
- Chapter 1 Introduction
- Chapter 2 Mesh Point CLI and Administrative Access
- Chapter 3 Networking and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Network Bridging
- 3.2.1 Bridging Configuration
- 3.2.2 FastPath Mesh Bridging
- 3.2.3 Fine-tuning FastPath Mesh Network Performance
- 3.2.3.1 Selecting the FastPath Mesh Multicast Transmit Mode
- 3.2.3.2 Setting the FastPath Mesh Packet Interval
- 3.2.3.3 Setting the FastPath Mesh Transmit Control Level
- 3.2.3.4 Setting Multicast Video Clamping Thresholds
- 3.2.3.5 Setting Mesh Routing Reactivity
- 3.2.3.6 Setting Mesh Packet Time To Live
- 3.2.3.7 Viewing Current Mesh Performance Parameters
- 3.2.3.8 Frame Processor Parameters
- 3.2.4 STP Bridging
- 3.3 Global Radio Settings
- 3.4 Individual Radio Settings
- 3.4.1 Radio Band, Short Preamble, Guard Interval
- 3.4.2 Channel Selection
- 3.4.3 Distance, Beacon Interval, Noise Immunity
- 3.4.4 Network Type, Antenna Gain, Tx Power
- 3.4.5 MIMO
- 3.4.6 STBC
- 3.4.7 Channel Lock and Other Channel Selection Features
- 3.4.8 DFS, TDWR, and Channel Exclusion
- 3.4.9 Radio BSS Settings
- 3.4.9.1 BSS Radio, BSS Name and SSID
- 3.4.9.2 WDS Bridging or AP Infrastructure Configuration
- 3.4.9.3 BSS State, SSID Advertising and Drop Probe Requests
- 3.4.9.4 BSS STA Idle Timeout and 802.11g-Only Settings
- 3.4.9.5 BSS Unicast Transmission Rate Settings
- 3.4.9.6 BSS WMM QoS Setting
- 3.4.9.7 BSS Fragmentation and RTS Thresholds
- 3.4.9.8 BSS DTIM Beacon Countdown
- 3.4.9.9 BSS VLANs Settings
- 3.4.9.10 BSS Fortress Security Zone
- 3.4.9.11 FastPath Mesh BSS Cost Offset
- 3.4.9.12 BSS Multicast Settings
- 3.4.9.13 Bridging MTU and Beacon Encryption
- 3.4.9.14 BSS Description
- 3.4.9.15 BSS Wi-Fi Security Configuration
- 3.4.10 Antenna Tracking / Rate Monitoring
- 3.4.11 ES210 Mesh Point STA Settings and Operation
- 3.4.11.1 STA Radio, Name, SSID and SSID Roaming
- 3.4.11.2 STA State
- 3.4.11.3 STA Unicast Transmission Rate Settings
- 3.4.11.4 STA Background Scanning
- 3.4.11.5 STA WMM QoS Setting
- 3.4.11.6 STA Fragmentation and RTS Thresholds
- 3.4.11.7 STA Multicast Rate
- 3.4.11.8 STA Description
- 3.4.11.9 STA Wi-Fi Security Configuration
- 3.4.11.10 Editing or Deleting a STA Interface Connection
- 3.4.11.11 Establishing a STA Interface Connection
- 3.4.11.12 ES210 Station Access Control Lists
- 3.5 Local Area Network Configuration
- 3.6 Time and Location Configuration
- 3.7 GPS and Location Configuration
- 3.8 DHCP and DNS Services
- 3.9 Ethernet Interfaces
- 3.10 Quality of Service
- 3.11 VLANs Implementation
- 3.12 ES210 Mesh Point Serial Port Settings
- 3.13 Mesh Viewer Protocol Settings
- Chapter 4 Network Security, Authentication and Auditing
- 4.1 Fortress Security Settings
- 4.1.1 Operating Mode
- 4.1.2 FIPS Settings
- 4.1.3 MSP Encryption Algorithm
- 4.1.4 Encrypted Data Compression
- 4.1.5 MSP Key Establishment
- 4.1.6 MSP Re-Key Interval
- 4.1.7 Key Beacon Interval
- 4.1.8 Fortress Legacy Devices
- 4.1.9 Encrypted Zone Cleartext Traffic
- 4.1.10 Encrypted Zone Management Settings
- 4.1.11 Authorized Wireless Client Management Settings
- 4.1.12 Turning Mesh Point GUI Access Off and On
- 4.1.13 SSH Access to the Mesh Point CLI
- 4.1.14 Blackout Mode
- 4.1.15 Allow Cached Credentials
- 4.1.16 Fortress Access ID
- 4.2 Digital Certificates
- 4.3 Access Control Entries
- 4.4 Internet Protocol Security
- 4.5 Authentication and Timeouts
- 4.5.1 Authentication Servers
- 4.5.2 Internal Authentication Server
- 4.5.2.1 Basic Internal Authentication Server Settings
- 4.5.2.2 Certificate Authority Settings
- 4.5.2.3 Global User and Device Authentication Settings
- 4.5.2.4 Local 802.1X Authentication Settings
- 4.5.2.5 OCSP Authentication Server Settings
- 4.5.2.6 OCSP Cache Settings and Management
- 4.5.2.7 Internal Authentication Server Access Control Lists
- 4.5.3 User Authentication
- 4.5.4 Client Device Authentication
- 4.5.5 Session Idle Timeouts
- 4.6 ACLs and Cleartext Devices
- 4.7 Remote Audit Logging
- 4.8 Wireless Schedules
- 4.1 Fortress Security Settings
- Chapter 5 System Options, Maintenance and Licensing
- Chapter 6 System and Network Monitoring
- Index
- Glossary
Fortress ES-Series CLI Guide: System and Network Monitoring
188
When STP is used for bridging, possible values may be:
Disabled - not passing traffic
Forwarding - passing all traffic
Listening - listening for BPDUs (Bridge Protocol
Data Units) in order to build its loop-free path, but
not yet forwarding general data frames
Blocking - blocking user traffic (usually because it
is a duplicate or sub-optimal path)
When FastPath Mesh is used, possible values may be:
Disabled - not passing traffic
Forwarding All - passing all traffic
Blocking - blocking all traffic
6.2.3 Viewing Client Connections
View information on Mesh Points and other devices on the
encrypted side of the network with show
show
clients
:
> show clients
MAC PartnerDeviceID Type State AuthSt DHKeyType Hostname
Traffic Allowed
----------------- ---------------- ---- ------------ ------- ----------- ---------------
---------------
00:02:2d:73:7e:dc 02d48e379526f4c2 MSP Secure Success MODP-2048 QALSTA-3
00:02:2d:80:a2:08 6fac6a1af46e50cd MSP Secure Success MODP-2048 QALSTA-9
00:02:a5:6f:9f:34 42e23ef6af66421e MSP Secure Success MODP-2048 QALSTA-8
00:18:4d:58:84:cc 1e694d0d57a25ecf MSP Secure Success MODP-2048 QALSTA-10
00:18:4d:58:85:7b adcd6a989e7b1b9a MSP Secure Success MODP-2048 QALSTA-2
00:30:ab:1b:4f:5d a11a28d8a54da448 MSP Negotiating Unknown MODP-1024 QALSTA-16
00:40:36:01:b4:58 7f48a2a3e4319c0c MSP Secure Success MODP-1024 QALSTA-6
00:90:4b:19:8b:16 5bb26a560ff49206 MSP Secure Success MODP-2048 QALSTA-20
00:c0:49:cb:17:42 - MSP Initial Unknown - Unknown
--- Total Clients: 9
Displayed fields include (when applicable):
MAC - the MAC address of the client device
PartnerDeviceID - the device’s unique, hexadecimal,
Fortress-generated identifier, which provides device
authentication on the Mesh Point-secured network (when
device authentication is enabled)
Type - identifies the device as an MSP client accessing the
network encrypted zone
State - the state of the device’s key establishment
transactions on the Mesh Point:
Initializing - key exchange with device initializing
Negotiating - static keys exchanged with the device
Secure - dynamic keys exchanged with the device
Failed - key exchange with the device failed
Inferior DKey - Received inferior dynamic key from
the device
Key Failed - key exchange with the device failed