User's Manual
Table Of Contents
- Chapter 1 Introduction
- Chapter 2 Mesh Point CLI and Administrative Access
- Chapter 3 Networking and Radio Configuration
- 3.1 Network Interfaces
- 3.2 Network Bridging
- 3.2.1 Bridging Configuration
- 3.2.2 FastPath Mesh Bridging
- 3.2.3 Fine-tuning FastPath Mesh Network Performance
- 3.2.3.1 Selecting the FastPath Mesh Multicast Transmit Mode
- 3.2.3.2 Setting the FastPath Mesh Packet Interval
- 3.2.3.3 Setting the FastPath Mesh Transmit Control Level
- 3.2.3.4 Setting Multicast Video Clamping Thresholds
- 3.2.3.5 Setting Mesh Routing Reactivity
- 3.2.3.6 Setting Mesh Packet Time To Live
- 3.2.3.7 Viewing Current Mesh Performance Parameters
- 3.2.3.8 Frame Processor Parameters
- 3.2.4 STP Bridging
- 3.3 Global Radio Settings
- 3.4 Individual Radio Settings
- 3.4.1 Radio Band, Short Preamble, Guard Interval
- 3.4.2 Channel Selection
- 3.4.3 Distance, Beacon Interval, Noise Immunity
- 3.4.4 Network Type, Antenna Gain, Tx Power
- 3.4.5 MIMO
- 3.4.6 STBC
- 3.4.7 Channel Lock and Other Channel Selection Features
- 3.4.8 DFS, TDWR, and Channel Exclusion
- 3.4.9 Radio BSS Settings
- 3.4.9.1 BSS Radio, BSS Name and SSID
- 3.4.9.2 WDS Bridging or AP Infrastructure Configuration
- 3.4.9.3 BSS State, SSID Advertising and Drop Probe Requests
- 3.4.9.4 BSS STA Idle Timeout and 802.11g-Only Settings
- 3.4.9.5 BSS Unicast Transmission Rate Settings
- 3.4.9.6 BSS WMM QoS Setting
- 3.4.9.7 BSS Fragmentation and RTS Thresholds
- 3.4.9.8 BSS DTIM Beacon Countdown
- 3.4.9.9 BSS VLANs Settings
- 3.4.9.10 BSS Fortress Security Zone
- 3.4.9.11 FastPath Mesh BSS Cost Offset
- 3.4.9.12 BSS Multicast Settings
- 3.4.9.13 Bridging MTU and Beacon Encryption
- 3.4.9.14 BSS Description
- 3.4.9.15 BSS Wi-Fi Security Configuration
- 3.4.10 Antenna Tracking / Rate Monitoring
- 3.4.11 ES210 Mesh Point STA Settings and Operation
- 3.4.11.1 STA Radio, Name, SSID and SSID Roaming
- 3.4.11.2 STA State
- 3.4.11.3 STA Unicast Transmission Rate Settings
- 3.4.11.4 STA Background Scanning
- 3.4.11.5 STA WMM QoS Setting
- 3.4.11.6 STA Fragmentation and RTS Thresholds
- 3.4.11.7 STA Multicast Rate
- 3.4.11.8 STA Description
- 3.4.11.9 STA Wi-Fi Security Configuration
- 3.4.11.10 Editing or Deleting a STA Interface Connection
- 3.4.11.11 Establishing a STA Interface Connection
- 3.4.11.12 ES210 Station Access Control Lists
- 3.5 Local Area Network Configuration
- 3.6 Time and Location Configuration
- 3.7 GPS and Location Configuration
- 3.8 DHCP and DNS Services
- 3.9 Ethernet Interfaces
- 3.10 Quality of Service
- 3.11 VLANs Implementation
- 3.12 ES210 Mesh Point Serial Port Settings
- 3.13 Mesh Viewer Protocol Settings
- Chapter 4 Network Security, Authentication and Auditing
- 4.1 Fortress Security Settings
- 4.1.1 Operating Mode
- 4.1.2 FIPS Settings
- 4.1.3 MSP Encryption Algorithm
- 4.1.4 Encrypted Data Compression
- 4.1.5 MSP Key Establishment
- 4.1.6 MSP Re-Key Interval
- 4.1.7 Key Beacon Interval
- 4.1.8 Fortress Legacy Devices
- 4.1.9 Encrypted Zone Cleartext Traffic
- 4.1.10 Encrypted Zone Management Settings
- 4.1.11 Authorized Wireless Client Management Settings
- 4.1.12 Turning Mesh Point GUI Access Off and On
- 4.1.13 SSH Access to the Mesh Point CLI
- 4.1.14 Blackout Mode
- 4.1.15 Allow Cached Credentials
- 4.1.16 Fortress Access ID
- 4.2 Digital Certificates
- 4.3 Access Control Entries
- 4.4 Internet Protocol Security
- 4.5 Authentication and Timeouts
- 4.5.1 Authentication Servers
- 4.5.2 Internal Authentication Server
- 4.5.2.1 Basic Internal Authentication Server Settings
- 4.5.2.2 Certificate Authority Settings
- 4.5.2.3 Global User and Device Authentication Settings
- 4.5.2.4 Local 802.1X Authentication Settings
- 4.5.2.5 OCSP Authentication Server Settings
- 4.5.2.6 OCSP Cache Settings and Management
- 4.5.2.7 Internal Authentication Server Access Control Lists
- 4.5.3 User Authentication
- 4.5.4 Client Device Authentication
- 4.5.5 Session Idle Timeouts
- 4.6 ACLs and Cleartext Devices
- 4.7 Remote Audit Logging
- 4.8 Wireless Schedules
- 4.1 Fortress Security Settings
- Chapter 5 System Options, Maintenance and Licensing
- Chapter 6 System and Network Monitoring
- Index
- Glossary
Fortress ES-Series CLI Guide: Networking and Radio Configuration
67
-ucost 0–4294967295 -mcastRate 1|2|5.5|11|6|9|12|18|24|36|48|54 -enhancedmcast y|n
-wdsmtu wifi|ether -beaconencrypt enable|disable -desc
<“descriptive string”>
-1X11i none|wpa|wpapsk|wpa2|wpa2psk| wpa2mixed|wpa2mixedpsk -keytype hex|ascii
-wpakey
<wpaKey>
-wpakeyconfirm
<wpaKey>
-rekeyperiod 0—2147483647
-gmkrekeyperiod 0—2147483647 -radiusperiod 0—2147483647 -strictrekey y|n
-reauthperiod 0—2147483647 -preauth y|n
3.4.9.15 BSS Wi-Fi Security Configuration
BSSs on Fortress Mesh Point radios support WPA (Wi-Fi
Protected Access) and WPA2 security.
When you choose an
802.1X/11i Security setting other than
none
(the default), the Mesh Point CLI prompts you for the
additional inputs required by the security method you choose.
802.1X/11i Security (none|wpa|wpapsk|wpa2|wpa2psk|wpa2mixed|wpa2mixedpsk): wpa2
WpaKeyFormat[hex] (hex|ascii to set key string format): hex|ascii
WpaKey[""] (WPA key with length 64(hex), 8..63(ascii)):
<hexORasciiKey>
WpaKeyConfirm[""] (confirm WPA key):
<hexORasciiKey>
GtkRekeyInterval (group transient key (GTK) rekey interval in seconds):
<GTKeyInterval>
GmkRekeyInterval (group master key (GMK) rekey interval in seconds):
<GMKeyInterval>
GtkStrictRekey (Y|N to rekey GTK when a STA leaves the BSS): y
ReauthInterval (EAPOL reauthentication interval in seconds):
<ReAuthInterval>
PreAuth[N] (Y|N to set RSN pre-authentication): y
WPA (wpa), WPA2 (wpa2) and WPA2-Mixed (wpa2mixed)
are enterprise modes of WPA. You can specify
wpa or wpa2
to be used exclusively by the BSS, or you can configure it
to use either by specifying
wpa2mixed.
WPA and WPA2 use EAP-TLS (Extensible Authentication
Protocol-Transport Layer Security) to authenticate network
connections via X.509 digital certificates. For the Mesh
Point to successfully negotiate a WPA/WPA2 transaction,
you must have specified a locally stored key pair and
certificate for the Mesh Point to use to authenticate the
connecting device as an EAP-TLS peer, and at least one
CA (Certificate Authority) certificate must be present in the
local certificate store. Refer to Section 4.2 for guidance on
configuring an EAP-TLS key pair and digital certificate.
These additional settings apply to
wpa, wpa2 and
wpa2mixed
selections:
rekeyperiod (GtkRekyInterval) - specifies the
interval at which Group Transient Keys are
regenerated. The default is zero (
0
), which value
disables the rekeying function; the same key will be
used for the entire session. Specify a new interval in
whole seconds between
0
and
2147483647,
inclusive.
gmkrekeyperiod (GmkRekyInterval) - specifies the
interval at which the Group Master Key is are
regenerated. The default is
1800
. A zero (
0
) value
disables the rekeying function. Specify a new interval in
whole seconds between
0
and
2147483647,
inclusive.