User's Manual
Table Of Contents
- Chapter 1 Introduction
- Chapter 2 Mesh Point CLI and Administrative Access
- Chapter 3 Networking and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Network Bridging
- 3.2.1 Bridging Configuration
- 3.2.2 FastPath Mesh Bridging
- 3.2.3 Fine-tuning FastPath Mesh Network Performance
- 3.2.3.1 Selecting the FastPath Mesh Multicast Transmit Mode
- 3.2.3.2 Setting the FastPath Mesh Packet Interval
- 3.2.3.3 Setting the FastPath Mesh Transmit Control Level
- 3.2.3.4 Setting Multicast Video Clamping Thresholds
- 3.2.3.5 Setting Mesh Routing Reactivity
- 3.2.3.6 Setting Mesh Packet Time To Live
- 3.2.3.7 Viewing Current Mesh Performance Parameters
- 3.2.3.8 Frame Processor Parameters
- 3.2.4 STP Bridging
- 3.3 Global Radio Settings
- 3.4 Individual Radio Settings
- 3.4.1 Radio Band, Short Preamble, Guard Interval
- 3.4.2 Channel Selection
- 3.4.3 Distance, Beacon Interval, Noise Immunity
- 3.4.4 Network Type, Antenna Gain, Tx Power
- 3.4.5 MIMO
- 3.4.6 STBC
- 3.4.7 Channel Lock and Other Channel Selection Features
- 3.4.8 DFS, TDWR, and Channel Exclusion
- 3.4.9 Radio BSS Settings
- 3.4.9.1 BSS Radio, BSS Name and SSID
- 3.4.9.2 WDS Bridging or AP Infrastructure Configuration
- 3.4.9.3 BSS State, SSID Advertising and Drop Probe Requests
- 3.4.9.4 BSS STA Idle Timeout and 802.11g-Only Settings
- 3.4.9.5 BSS Unicast Transmission Rate Settings
- 3.4.9.6 BSS WMM QoS Setting
- 3.4.9.7 BSS Fragmentation and RTS Thresholds
- 3.4.9.8 BSS DTIM Beacon Countdown
- 3.4.9.9 BSS VLANs Settings
- 3.4.9.10 BSS Fortress Security Zone
- 3.4.9.11 FastPath Mesh BSS Cost Offset
- 3.4.9.12 BSS Multicast Settings
- 3.4.9.13 Bridging MTU and Beacon Encryption
- 3.4.9.14 BSS Description
- 3.4.9.15 BSS Wi-Fi Security Configuration
- 3.4.10 Antenna Tracking / Rate Monitoring
- 3.4.11 ES210 Mesh Point STA Settings and Operation
- 3.4.11.1 STA Radio, Name, SSID and SSID Roaming
- 3.4.11.2 STA State
- 3.4.11.3 STA Unicast Transmission Rate Settings
- 3.4.11.4 STA Background Scanning
- 3.4.11.5 STA WMM QoS Setting
- 3.4.11.6 STA Fragmentation and RTS Thresholds
- 3.4.11.7 STA Multicast Rate
- 3.4.11.8 STA Description
- 3.4.11.9 STA Wi-Fi Security Configuration
- 3.4.11.10 Editing or Deleting a STA Interface Connection
- 3.4.11.11 Establishing a STA Interface Connection
- 3.4.11.12 ES210 Station Access Control Lists
- 3.5 Local Area Network Configuration
- 3.6 Time and Location Configuration
- 3.7 GPS and Location Configuration
- 3.8 DHCP and DNS Services
- 3.9 Ethernet Interfaces
- 3.10 Quality of Service
- 3.11 VLANs Implementation
- 3.12 ES210 Mesh Point Serial Port Settings
- 3.13 Mesh Viewer Protocol Settings
- Chapter 4 Network Security, Authentication and Auditing
- 4.1 Fortress Security Settings
- 4.1.1 Operating Mode
- 4.1.2 FIPS Settings
- 4.1.3 MSP Encryption Algorithm
- 4.1.4 Encrypted Data Compression
- 4.1.5 MSP Key Establishment
- 4.1.6 MSP Re-Key Interval
- 4.1.7 Key Beacon Interval
- 4.1.8 Fortress Legacy Devices
- 4.1.9 Encrypted Zone Cleartext Traffic
- 4.1.10 Encrypted Zone Management Settings
- 4.1.11 Authorized Wireless Client Management Settings
- 4.1.12 Turning Mesh Point GUI Access Off and On
- 4.1.13 SSH Access to the Mesh Point CLI
- 4.1.14 Blackout Mode
- 4.1.15 Allow Cached Credentials
- 4.1.16 Fortress Access ID
- 4.2 Digital Certificates
- 4.3 Access Control Entries
- 4.4 Internet Protocol Security
- 4.5 Authentication and Timeouts
- 4.5.1 Authentication Servers
- 4.5.2 Internal Authentication Server
- 4.5.2.1 Basic Internal Authentication Server Settings
- 4.5.2.2 Certificate Authority Settings
- 4.5.2.3 Global User and Device Authentication Settings
- 4.5.2.4 Local 802.1X Authentication Settings
- 4.5.2.5 OCSP Authentication Server Settings
- 4.5.2.6 OCSP Cache Settings and Management
- 4.5.2.7 Internal Authentication Server Access Control Lists
- 4.5.3 User Authentication
- 4.5.4 Client Device Authentication
- 4.5.5 Session Idle Timeouts
- 4.6 ACLs and Cleartext Devices
- 4.7 Remote Audit Logging
- 4.8 Wireless Schedules
- 4.1 Fortress Security Settings
- Chapter 5 System Options, Maintenance and Licensing
- Chapter 6 System and Network Monitoring
- Index
- Glossary
Fortress ES-Series CLI Guide: Glossary
XX
STBC
Space-Time Block Coding is a technique that helps improve error rates and reliability in
a system that is experiencing poor transmission performance.
STP
Spanning Tree Protocol—a link management protocol, operating at OSI layer 2, that
prevents bridging loops while permitting path redundancy in a bridged network.
Suite B
A set of cryptographic algorithms promulgated by the National Security Agency as part
of its Cryptographic Modernization Program.
SWLAN Secure Wireless Local Area Network
symmetric key encryption
A class of cryptographic algorithm in which a shared secret between two or more par-
ties is used to maintain a private connection between or among them.
Tactical Mesh Point Name of the Fortress ES210 model Mesh Point.
TCP
Transmission Control Protocol—defines a method for reliable (i.e., in order, with integ-
rity checking) delivery of data packets over a network; one of the founding protocols in
the TCP/IP suite of networking protocols.
TCP/IP
Transmission Control Protocol/Internet Protocol, also Internet Protocol Suite—the basic,
two-part communication protocol in use on the Internet (refer to IP and TCP).
TLS
Transport Layer Security—a two-part protocol that defines secure data transmission
between client/server applications communicating over the Internet. TLS Record Proto-
col uses data encryption to secure data transfer, and the TLS Handshake Protocol allows
the client and server to authenticate each other and negotiate the encryption method
to use before exchanging data.
Trusted Device
In Fortress products, a device that does not have the Secure Client installed but is
allowed network access through rules defined for it on the Fortress Mesh Point.
trusted hierarchy Refer to PKI.
UDP
User Datagram Protocol—defines a method for “best effort” delivery of data packets
over a network that, like TCP, runs on top of IP but, unlike TCP, does not guarantee the
order of delivery or provide integrity checking.
UI
User Interface—the means by which a human end user provides input to and receives
output from computer software.
ULA
Unique Local Address—an IPv6 globally unique unicast address (subnet identifier),
defined in IETF RFC 4193, intended for local (intranet) communications and not
intended to be routable on the Internet.
user authentication
A mechanism for requiring users to submit established credentials (user name and
password, smartcard, etc.) and checking the validity of these credentials before allow-
ing users to log on to a device or network.
user password
The password an end must enter in order to access a network or device that requires
user authentication (compare administrator password).
Vehicle Mesh Point Name of the Fortress ES820 model Mesh Point.
VLAN
Virtual Local Area Network—a collection of computers configured through software to
behave as though they are members of the same network, even though they may be
physically connected to separate subnets.
VoIP
Voice over IP, sometimes VOI (Voice over Internet)—any of several means for transmit-
ting audio communications over the Internet.
VPN
Virtual Private Network—a private network of computers connected, entirely or in part,
by public phone lines.
WAN
Wide Area Network—a collection of interconnected computers covering a large geo-
graphic area.