User's Manual
Table Of Contents
- Chapter 1 Introduction
- Chapter 2 Mesh Point CLI and Administrative Access
- Chapter 3 Networking and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Network Bridging
- 3.2.1 Bridging Configuration
- 3.2.2 FastPath Mesh Bridging
- 3.2.3 Fine-tuning FastPath Mesh Network Performance
- 3.2.3.1 Selecting the FastPath Mesh Multicast Transmit Mode
- 3.2.3.2 Setting the FastPath Mesh Packet Interval
- 3.2.3.3 Setting the FastPath Mesh Transmit Control Level
- 3.2.3.4 Setting Multicast Video Clamping Thresholds
- 3.2.3.5 Setting Mesh Routing Reactivity
- 3.2.3.6 Setting Mesh Packet Time To Live
- 3.2.3.7 Viewing Current Mesh Performance Parameters
- 3.2.3.8 Frame Processor Parameters
- 3.2.4 STP Bridging
- 3.3 Global Radio Settings
- 3.4 Individual Radio Settings
- 3.4.1 Radio Band, Short Preamble, Guard Interval
- 3.4.2 Channel Selection
- 3.4.3 Distance, Beacon Interval, Noise Immunity
- 3.4.4 Network Type, Antenna Gain, Tx Power
- 3.4.5 MIMO
- 3.4.6 STBC
- 3.4.7 Channel Lock and Other Channel Selection Features
- 3.4.8 DFS, TDWR, and Channel Exclusion
- 3.4.9 Radio BSS Settings
- 3.4.9.1 BSS Radio, BSS Name and SSID
- 3.4.9.2 WDS Bridging or AP Infrastructure Configuration
- 3.4.9.3 BSS State, SSID Advertising and Drop Probe Requests
- 3.4.9.4 BSS STA Idle Timeout and 802.11g-Only Settings
- 3.4.9.5 BSS Unicast Transmission Rate Settings
- 3.4.9.6 BSS WMM QoS Setting
- 3.4.9.7 BSS Fragmentation and RTS Thresholds
- 3.4.9.8 BSS DTIM Beacon Countdown
- 3.4.9.9 BSS VLANs Settings
- 3.4.9.10 BSS Fortress Security Zone
- 3.4.9.11 FastPath Mesh BSS Cost Offset
- 3.4.9.12 BSS Multicast Settings
- 3.4.9.13 Bridging MTU and Beacon Encryption
- 3.4.9.14 BSS Description
- 3.4.9.15 BSS Wi-Fi Security Configuration
- 3.4.10 Antenna Tracking / Rate Monitoring
- 3.4.11 ES210 Mesh Point STA Settings and Operation
- 3.4.11.1 STA Radio, Name, SSID and SSID Roaming
- 3.4.11.2 STA State
- 3.4.11.3 STA Unicast Transmission Rate Settings
- 3.4.11.4 STA Background Scanning
- 3.4.11.5 STA WMM QoS Setting
- 3.4.11.6 STA Fragmentation and RTS Thresholds
- 3.4.11.7 STA Multicast Rate
- 3.4.11.8 STA Description
- 3.4.11.9 STA Wi-Fi Security Configuration
- 3.4.11.10 Editing or Deleting a STA Interface Connection
- 3.4.11.11 Establishing a STA Interface Connection
- 3.4.11.12 ES210 Station Access Control Lists
- 3.5 Local Area Network Configuration
- 3.6 Time and Location Configuration
- 3.7 GPS and Location Configuration
- 3.8 DHCP and DNS Services
- 3.9 Ethernet Interfaces
- 3.10 Quality of Service
- 3.11 VLANs Implementation
- 3.12 ES210 Mesh Point Serial Port Settings
- 3.13 Mesh Viewer Protocol Settings
- Chapter 4 Network Security, Authentication and Auditing
- 4.1 Fortress Security Settings
- 4.1.1 Operating Mode
- 4.1.2 FIPS Settings
- 4.1.3 MSP Encryption Algorithm
- 4.1.4 Encrypted Data Compression
- 4.1.5 MSP Key Establishment
- 4.1.6 MSP Re-Key Interval
- 4.1.7 Key Beacon Interval
- 4.1.8 Fortress Legacy Devices
- 4.1.9 Encrypted Zone Cleartext Traffic
- 4.1.10 Encrypted Zone Management Settings
- 4.1.11 Authorized Wireless Client Management Settings
- 4.1.12 Turning Mesh Point GUI Access Off and On
- 4.1.13 SSH Access to the Mesh Point CLI
- 4.1.14 Blackout Mode
- 4.1.15 Allow Cached Credentials
- 4.1.16 Fortress Access ID
- 4.2 Digital Certificates
- 4.3 Access Control Entries
- 4.4 Internet Protocol Security
- 4.5 Authentication and Timeouts
- 4.5.1 Authentication Servers
- 4.5.2 Internal Authentication Server
- 4.5.2.1 Basic Internal Authentication Server Settings
- 4.5.2.2 Certificate Authority Settings
- 4.5.2.3 Global User and Device Authentication Settings
- 4.5.2.4 Local 802.1X Authentication Settings
- 4.5.2.5 OCSP Authentication Server Settings
- 4.5.2.6 OCSP Cache Settings and Management
- 4.5.2.7 Internal Authentication Server Access Control Lists
- 4.5.3 User Authentication
- 4.5.4 Client Device Authentication
- 4.5.5 Session Idle Timeouts
- 4.6 ACLs and Cleartext Devices
- 4.7 Remote Audit Logging
- 4.8 Wireless Schedules
- 4.1 Fortress Security Settings
- Chapter 5 System Options, Maintenance and Licensing
- Chapter 6 System and Network Monitoring
- Index
- Glossary
Fortress ES-Series CLI Guide: Networking and Radio Configuration
66
3.4.9.12 BSS Multicast Settings
NOTE:McastRate
is dynamic and is
not user configurable for
bridging-enabled BSSs.
McastRate specifies the lowest bit rate at which a BSS
configured to act as a network AP (
EnableWds
n
) will send
multicast frames, in megabits per second.
BSSs on a radio that is fixed on the 5 GHz 802.11a band, or
configured by default to use the 5 GHz 802.11a band, have a
default
McastRate of
6
Mbps, which is appropriate for a BSS
using the 5 GHz frequency band. Fortress recommends
leaving BSSs in the 802.11a band, including all 802.11na
options, at the default of
6
.
BSSs on a radio configured by default to use the 2.4 GHz
802.11g band have a default
McastRate of
1
Mbps, which is
appropriate for a BSS using the 2.4 GHz frequency band.
Fortress recommends leaving BSSs in the 802.11g band,
including all 802.11ng options, at the default of
1.
EnhancedMcast
is an advanced function inappropriate for typical
Mesh Point deployments. Do not modify this setting, except as
directed by a Fortress representative.
3.4.9.13 Bridging MTU and Beacon Encryption
On bridging BSSs (
EnableWds
y
), WdsMtu configures the
Maximum Transmission Unit for the interface as appropriate for
wireless (
wifi
) or Ethernet (
ether
) transmissions. The default
WdsMtu is
wifi
.
NOTE:
BeaconEn-
crypt
cannot be
reconfigured after a BSS
is created. You must
delete, and then recreate
the BSS with the new
setting, in order to
change it.
On bridging BSSs (EnableWds
y
), you can use
BeaconEncrypt
enable
to encrypt the entire contents of 802.11 beacon frames.
At the default, disabled (
BeaconEncrypt
disable
), 802.11
management frame contents, including beacons, are
transmitted as cleartext, as is typically the case in wireless
bridging implementations.
BeaconEncrypt
must be enabled (or disabled) on both ends of
the bridging link. Full implementation of the function requires it
to be enabled on all BSSs forming the WDS network.
3.4.9.14 BSS Description
You can optionally enter a
Description of the BSS of up to 32
characters. To include spaces in the description string, enclose
it in quotation marks.
As an alternative to interactive configuration, you can use the
add bss command with valid switches and arguments to
configure any of the settings described above when you create
a new BSS:
# add bss -radio radio1|radio2 -name
<BSSname>
-ssid random|
<ssid>
-wds y|n
-minRSS -95–0 -adminstate enable|disable -adssid y|n
-dropbcpr y|n
-idletimeout
<minutes>
-only11g y|n -ratemode auto|fixed -maxrate 1|2|5.5|11|6|9|12|18|24|36|48|54
-minrate 1|2|5.5|11|6|9|12|18|24|36|48|54 -wmm enable|disable -frag off|256–2345
-rts off|256—2345 -dtim 1–255 -vlanID 1—4094 -switchingmode trunk|access
-vlanAllowAll y|n -vlanActiveList 1,2,3...4094 -zone encrypted|clear