User's Manual
Table Of Contents
- Chapter 1 Introduction
- Chapter 2 Mesh Point CLI and Administrative Access
- Chapter 3 Networking and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Network Bridging
- 3.2.1 Bridging Configuration
- 3.2.2 FastPath Mesh Bridging
- 3.2.3 Fine-tuning FastPath Mesh Network Performance
- 3.2.3.1 Selecting the FastPath Mesh Multicast Transmit Mode
- 3.2.3.2 Setting the FastPath Mesh Packet Interval
- 3.2.3.3 Setting the FastPath Mesh Transmit Control Level
- 3.2.3.4 Setting Multicast Video Clamping Thresholds
- 3.2.3.5 Setting Mesh Routing Reactivity
- 3.2.3.6 Setting Mesh Packet Time To Live
- 3.2.3.7 Viewing Current Mesh Performance Parameters
- 3.2.3.8 Frame Processor Parameters
- 3.2.4 STP Bridging
- 3.3 Global Radio Settings
- 3.4 Individual Radio Settings
- 3.4.1 Radio Band, Short Preamble, Guard Interval
- 3.4.2 Channel Selection
- 3.4.3 Distance, Beacon Interval, Noise Immunity
- 3.4.4 Network Type, Antenna Gain, Tx Power
- 3.4.5 MIMO
- 3.4.6 STBC
- 3.4.7 Channel Lock and Other Channel Selection Features
- 3.4.8 DFS, TDWR, and Channel Exclusion
- 3.4.9 Radio BSS Settings
- 3.4.9.1 BSS Radio, BSS Name and SSID
- 3.4.9.2 WDS Bridging or AP Infrastructure Configuration
- 3.4.9.3 BSS State, SSID Advertising and Drop Probe Requests
- 3.4.9.4 BSS STA Idle Timeout and 802.11g-Only Settings
- 3.4.9.5 BSS Unicast Transmission Rate Settings
- 3.4.9.6 BSS WMM QoS Setting
- 3.4.9.7 BSS Fragmentation and RTS Thresholds
- 3.4.9.8 BSS DTIM Beacon Countdown
- 3.4.9.9 BSS VLANs Settings
- 3.4.9.10 BSS Fortress Security Zone
- 3.4.9.11 FastPath Mesh BSS Cost Offset
- 3.4.9.12 BSS Multicast Settings
- 3.4.9.13 Bridging MTU and Beacon Encryption
- 3.4.9.14 BSS Description
- 3.4.9.15 BSS Wi-Fi Security Configuration
- 3.4.10 Antenna Tracking / Rate Monitoring
- 3.4.11 ES210 Mesh Point STA Settings and Operation
- 3.4.11.1 STA Radio, Name, SSID and SSID Roaming
- 3.4.11.2 STA State
- 3.4.11.3 STA Unicast Transmission Rate Settings
- 3.4.11.4 STA Background Scanning
- 3.4.11.5 STA WMM QoS Setting
- 3.4.11.6 STA Fragmentation and RTS Thresholds
- 3.4.11.7 STA Multicast Rate
- 3.4.11.8 STA Description
- 3.4.11.9 STA Wi-Fi Security Configuration
- 3.4.11.10 Editing or Deleting a STA Interface Connection
- 3.4.11.11 Establishing a STA Interface Connection
- 3.4.11.12 ES210 Station Access Control Lists
- 3.5 Local Area Network Configuration
- 3.6 Time and Location Configuration
- 3.7 GPS and Location Configuration
- 3.8 DHCP and DNS Services
- 3.9 Ethernet Interfaces
- 3.10 Quality of Service
- 3.11 VLANs Implementation
- 3.12 ES210 Mesh Point Serial Port Settings
- 3.13 Mesh Viewer Protocol Settings
- Chapter 4 Network Security, Authentication and Auditing
- 4.1 Fortress Security Settings
- 4.1.1 Operating Mode
- 4.1.2 FIPS Settings
- 4.1.3 MSP Encryption Algorithm
- 4.1.4 Encrypted Data Compression
- 4.1.5 MSP Key Establishment
- 4.1.6 MSP Re-Key Interval
- 4.1.7 Key Beacon Interval
- 4.1.8 Fortress Legacy Devices
- 4.1.9 Encrypted Zone Cleartext Traffic
- 4.1.10 Encrypted Zone Management Settings
- 4.1.11 Authorized Wireless Client Management Settings
- 4.1.12 Turning Mesh Point GUI Access Off and On
- 4.1.13 SSH Access to the Mesh Point CLI
- 4.1.14 Blackout Mode
- 4.1.15 Allow Cached Credentials
- 4.1.16 Fortress Access ID
- 4.2 Digital Certificates
- 4.3 Access Control Entries
- 4.4 Internet Protocol Security
- 4.5 Authentication and Timeouts
- 4.5.1 Authentication Servers
- 4.5.2 Internal Authentication Server
- 4.5.2.1 Basic Internal Authentication Server Settings
- 4.5.2.2 Certificate Authority Settings
- 4.5.2.3 Global User and Device Authentication Settings
- 4.5.2.4 Local 802.1X Authentication Settings
- 4.5.2.5 OCSP Authentication Server Settings
- 4.5.2.6 OCSP Cache Settings and Management
- 4.5.2.7 Internal Authentication Server Access Control Lists
- 4.5.3 User Authentication
- 4.5.4 Client Device Authentication
- 4.5.5 Session Idle Timeouts
- 4.6 ACLs and Cleartext Devices
- 4.7 Remote Audit Logging
- 4.8 Wireless Schedules
- 4.1 Fortress Security Settings
- Chapter 5 System Options, Maintenance and Licensing
- Chapter 6 System and Network Monitoring
- Index
- Glossary
Fortress ES-Series CLI Guide: Glossary
XIV
CA
Certificate Authority—an entity, often a trusted 3rd-party, that issues the X.509 digital
certificates used to mutually verify the identities of organizations, servers or other enti-
ties connecting to one another over a public network.
CAC
Common Access Card—a United States Department of Defense (DoD) smartcard issued
as standard identification for active duty military personnel, reserve personnel, civilian
employees, and eligible contractor personnel.
CCITT
Comite Consultatif Internationale de Telegraphie et Telephonie, former name of the
ITU-T.
CLI
command-line interface—a user interface in which the user enters textual commands
on a single line on the monitor screen.
client
In client-server architecture, an application that relies on another, shared application
(server) to perform some of its functions, typically for an end-user device.
Client Refer to
Fortress Secure Client
.
CRL
Certificate Revocation List—a list of the serial numbers of digital certificates that have
been revoked by their issuing CA and that therefore should not be relied upon.
Crypto Officer password
A FIPS-defined term—sometimes,
Crypto password
—the a
dministrator password
in For-
tress devices operating in
FIPS
mode.
Data Link Layer Refer to
DLC
.
dBi
decibels over isotropic—a unit of measure of RF antenna gain: the power emitted by an
antenna in its direction of strongest RF emission divided by the power that would be
transmitted by an isotropic antenna emitting the same total power.
dBm
decibels referenced to milliwatts—an absolute (non-relative) unit of power measure-
ment that indicates the ratio, in decibels (dB), of measured power referenced to one
milliwatt (mW)
Deployable Mesh Point Name of the Fortress ES520 model Mesh Point.
device authentication
In Fortress products, a means of controlling network access at the level of individual
devices, tracking them via their generated Device IDs and providing controls to explic-
itly allow and disallow them on the network; one of the factors in Fortress’s Multi-factor
Authentication™.
Device ID
In Fortress products, a 16-digit hexadecimal value generated for and unique to each
Fortress Mesh Point or MSP Secure Client device on the Fortress-secured network.
Device IDs are used for
device authentication
and are neither modifiable nor transfer-
able.
DHCP
Dynamic Host Configuration Protocol—an Internet protocol describing a method for
flexibly assigning device IP addresses from a defined pool of available addresses as
each networked device comes online, through a client-server architecture. DHCP is an
alternative to a network of fixed IP addresses.
Diffie-Hellman key establishment
A protocol by which two parties with no prior knowledge of one another can agree upon
a shared secret key for symmetric key encryption of data over an insecure channel.
Also,
Diffie-Hellman-Merkle key establishment
;
exponential key exchange
.
DLC
Data Link Control—the second lowest network layer in the OSI Model, also referred to
as the
Data Link Layer
,
OSI Layer 2
or simply
Layer 2
. The DLC layer contains two sub-
layers: the MAC and LLC layers.
DMZ
Demilitarized Zone—in IT, a computer (or subnet) located between the private LAN and
a public network, usually the Internet.
DNS
Domain Name System
,
Server
or
Service
—a system or network service, defined in the
TCP/IP Internet Protocol Suite, that translates between textual domain and host names
and numerical IP addresses.