User's Manual
Table Of Contents
- Chapter 1 Introduction
- Chapter 2 Mesh Point CLI and Administrative Access
- Chapter 3 Networking and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Network Bridging
- 3.2.1 Bridging Configuration
- 3.2.2 FastPath Mesh Bridging
- 3.2.3 Fine-tuning FastPath Mesh Network Performance
- 3.2.3.1 Selecting the FastPath Mesh Multicast Transmit Mode
- 3.2.3.2 Setting the FastPath Mesh Packet Interval
- 3.2.3.3 Setting the FastPath Mesh Transmit Control Level
- 3.2.3.4 Setting Multicast Video Clamping Thresholds
- 3.2.3.5 Setting Mesh Routing Reactivity
- 3.2.3.6 Setting Mesh Packet Time To Live
- 3.2.3.7 Viewing Current Mesh Performance Parameters
- 3.2.3.8 Frame Processor Parameters
- 3.2.4 STP Bridging
- 3.3 Global Radio Settings
- 3.4 Individual Radio Settings
- 3.4.1 Radio Band, Short Preamble, Guard Interval
- 3.4.2 Channel Selection
- 3.4.3 Distance, Beacon Interval, Noise Immunity
- 3.4.4 Network Type, Antenna Gain, Tx Power
- 3.4.5 MIMO
- 3.4.6 STBC
- 3.4.7 Channel Lock and Other Channel Selection Features
- 3.4.8 DFS, TDWR, and Channel Exclusion
- 3.4.9 Radio BSS Settings
- 3.4.9.1 BSS Radio, BSS Name and SSID
- 3.4.9.2 WDS Bridging or AP Infrastructure Configuration
- 3.4.9.3 BSS State, SSID Advertising and Drop Probe Requests
- 3.4.9.4 BSS STA Idle Timeout and 802.11g-Only Settings
- 3.4.9.5 BSS Unicast Transmission Rate Settings
- 3.4.9.6 BSS WMM QoS Setting
- 3.4.9.7 BSS Fragmentation and RTS Thresholds
- 3.4.9.8 BSS DTIM Beacon Countdown
- 3.4.9.9 BSS VLANs Settings
- 3.4.9.10 BSS Fortress Security Zone
- 3.4.9.11 FastPath Mesh BSS Cost Offset
- 3.4.9.12 BSS Multicast Settings
- 3.4.9.13 Bridging MTU and Beacon Encryption
- 3.4.9.14 BSS Description
- 3.4.9.15 BSS Wi-Fi Security Configuration
- 3.4.10 Antenna Tracking / Rate Monitoring
- 3.4.11 ES210 Mesh Point STA Settings and Operation
- 3.4.11.1 STA Radio, Name, SSID and SSID Roaming
- 3.4.11.2 STA State
- 3.4.11.3 STA Unicast Transmission Rate Settings
- 3.4.11.4 STA Background Scanning
- 3.4.11.5 STA WMM QoS Setting
- 3.4.11.6 STA Fragmentation and RTS Thresholds
- 3.4.11.7 STA Multicast Rate
- 3.4.11.8 STA Description
- 3.4.11.9 STA Wi-Fi Security Configuration
- 3.4.11.10 Editing or Deleting a STA Interface Connection
- 3.4.11.11 Establishing a STA Interface Connection
- 3.4.11.12 ES210 Station Access Control Lists
- 3.5 Local Area Network Configuration
- 3.6 Time and Location Configuration
- 3.7 GPS and Location Configuration
- 3.8 DHCP and DNS Services
- 3.9 Ethernet Interfaces
- 3.10 Quality of Service
- 3.11 VLANs Implementation
- 3.12 ES210 Mesh Point Serial Port Settings
- 3.13 Mesh Viewer Protocol Settings
- Chapter 4 Network Security, Authentication and Auditing
- 4.1 Fortress Security Settings
- 4.1.1 Operating Mode
- 4.1.2 FIPS Settings
- 4.1.3 MSP Encryption Algorithm
- 4.1.4 Encrypted Data Compression
- 4.1.5 MSP Key Establishment
- 4.1.6 MSP Re-Key Interval
- 4.1.7 Key Beacon Interval
- 4.1.8 Fortress Legacy Devices
- 4.1.9 Encrypted Zone Cleartext Traffic
- 4.1.10 Encrypted Zone Management Settings
- 4.1.11 Authorized Wireless Client Management Settings
- 4.1.12 Turning Mesh Point GUI Access Off and On
- 4.1.13 SSH Access to the Mesh Point CLI
- 4.1.14 Blackout Mode
- 4.1.15 Allow Cached Credentials
- 4.1.16 Fortress Access ID
- 4.2 Digital Certificates
- 4.3 Access Control Entries
- 4.4 Internet Protocol Security
- 4.5 Authentication and Timeouts
- 4.5.1 Authentication Servers
- 4.5.2 Internal Authentication Server
- 4.5.2.1 Basic Internal Authentication Server Settings
- 4.5.2.2 Certificate Authority Settings
- 4.5.2.3 Global User and Device Authentication Settings
- 4.5.2.4 Local 802.1X Authentication Settings
- 4.5.2.5 OCSP Authentication Server Settings
- 4.5.2.6 OCSP Cache Settings and Management
- 4.5.2.7 Internal Authentication Server Access Control Lists
- 4.5.3 User Authentication
- 4.5.4 Client Device Authentication
- 4.5.5 Session Idle Timeouts
- 4.6 ACLs and Cleartext Devices
- 4.7 Remote Audit Logging
- 4.8 Wireless Schedules
- 4.1 Fortress Security Settings
- Chapter 5 System Options, Maintenance and Licensing
- Chapter 6 System and Network Monitoring
- Index
- Glossary
Fortress ES-Series CLI Guide: Mesh Point CLI and Administrative Access
20
Audit: required
2.2.3.1 Adding Administrator Accounts
Add new accounts to the local administrator database with
add
admin
:
# add admin
Username (User name):
<adminName>
State[enable] ([enable|disable] User state): enable|disable
Full Name[""] (Account full name): "
<full name>
"
Description[""] (Account description): "
<description of account>
"
Role[Maintenance] ([logviewer|maintenance|administrator]):
administrator|maintenance|logviewer
Password Locked[N] ([y|n] Prevent user from changing password):
NOTE: You can
exit the interac-
tive add admin com-
mand without making
changes with Ctrl-C.
PasswordForceChange[N] ([y|n] force user to change password):
Password (Password for this user):
<adminPassword>
Password Confirm (Password for this user):
<adminPassword>
GUI[enable] ([y|n] Allow user GUI access):
Console[enable] ([y|n] Allow user console access):
SSH[enable] ([y|n] Allow user CLI access):
Audit[required] ([required| prohibited | automatic ] Audit setting):
[OK]
NOTE
:
Administra-
tor
Usernames
are
case-sensitive and can
include spaces and any
of the symbols in the
set:
~!@#$%^&*()_-
+={}[]|\:;<>
,.?/
(excludes double
and single quotation
marks).
You must create a unique Username of 1 to 32 characters for
the account and configure the
State, Role and Password. A
disabled account will persist in the database, but cannot be
used to log on to the Mesh Point. Account roles are described
at the beginning of this section (Section 2.2). Password
requirements for local administrative accounts are global and
configurable (refer to Section 2.2.1).
The
Full Name and Description fields are optional, and the
double quotation marks are required only when fields contain
spaces or special characters (as enumerated in the
NOTE to
the right).
You can enter new values for the remaining fields—or leave a
field blank and the setting unchanged by striking
Enter↵, to
display the next field. These determine whether the account
password is locked and cannot be changed (
Password Locked:
Y
) or must be changed the first time the account is used
(
PasswordForceChange: Y
). Both options are disabled by
default, and if you enable
PasswordForceChange
, it will reset to N
(disabled) after the account holder has successfully changed
the password during initial logon.
By default, administrative accounts are created with permission
to access the management interface by any means: network
access to the Mesh Point GUI (
gui) or CLI (cli) and terminal
access to the Mesh Point CLI through the front-panel
Console
port (
console). You can selectively disable access to any
interface for a given account.
Finally, remote audit logging of activity on the account can be
configured. By default, audit logging is
required, which
includes all activity on the account in the audit log. A setting of
prohibited excludes all account activity from the audit log. An