Fortress Technologies ecure Wireless Access Bridge - page 103

Fortress Bridge: Command-Line Interface

93

6.4.5.4 Access ID in the CLI

The Access ID is a 16-digit hexadecimal ID that provides

network authentication for the Fortress Security System.

All of the Bridge’s Secure Clients must be configured to use the

same Access ID as the Bridge. For information on setting

encryption algorithms on Secure Clients, refer to your Fortress

Secure Client user guide.

CAUTION: For se-

curity reasons, the

Access ID in effect on

the Bridge cannot be

displayed. Make a note of

the new Access ID: you

will need it to configure

the Bridge’s Secure Cli-

ents, as well as to

change the Access ID on

the Bridge.

Use set accessid to change the Access ID, as follows:

[GW]>

set accessid {

<16digithexid>

|default}

The default Access ID is represented by16 zeros.

The show accessid and set accessid commands are valid

only in GW (gateway) mode (refer to Section 6.1.1 for more

detail).

6.4.5.5 Operating Mode in the CLI

The Fortress Bridge can be operated in either of two modes:

Normal (the default) or FIPS.

You can view the current operating mode on the Bridge with

show fips:

[GW]>

show fips

On

Change operating modes with the set fips command. To set

the operating mode to FIPS:

[GW]>

set fips on

Return the Fortress Bridge to Normal operating mode (the

default) with:

[GW]>

set fips off

The show fips and set fips commands are valid only in GW

(gateway) mode (refer to Section 6.1.1 for more detail).

6.4.5.6 WAN Port Encryption in the CLI

By default, the Bridge’s WAN port is in the encrypted zone of

the Bridge-secured network. It can be configured to be in the

network’s unencrypted zone.

You can view the current WAN port setting with show wanport:

[GW]>

show wanport

Encrypted

Reconfigure the WAN port’s encrypted/unencrypted zone

status with the set wanport command. To place the W AN port

in the unencrypted network zone:

[GW]>

set wanport –encrypt n

Return the WAN port to the encrypted zone with:

[GW]>

set wanport –encrypt y

The show wanport and set wanport commands are valid only

in GW (gateway) mode (refer to Section 6.1.1 for more detail).

Contents

Main Page Fortress Bridge i Page Table of Contents 1 Introduction 1 2 Installation 6 Indoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 Configuration 21 The Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 LAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4 Administration 52 5 Monitoring and Diagnostics 68 6 Command-Line Interface 80 Administration in the Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Monitoring and Diagnostics in the CLI . . . . . . . . . . . . . . . . . . . . . .101 WLAN Wireless Extension Tools . . . . . . . . . . . . . . . . . . . . . . . . . .104 Page Chapter 1 Introduction 1.1 Fortress Secure Wireless Access Bridge 1.1.1 Management Interfaces 1.2 Network Security Overview 1.3 The Fortress Security System 1.3.1 Multi-factor Authentication 1.3.2 Strong Encryption at the MAC Layer 1.3.3 System Components 1.3.4 Operating Modes Page 1.4 This Document 1.4.1 Document Conventions 1.4.2 Related Documents Chapter 2 Installation 2.1 Introduction 2.1.1 System Requirements 2.1.2 Compatibility 2.2 Preparation 2.2.1 Shipped and Optional Parts Page Page Page 2.3 Installation Instructions 2.4 Outdoor Installation 2.4.1 Connecting the Bridge for Preconfiguration 2.4.2 Preconfiguring the Bridge for Outdoor Operation Page Page Page 2.4.3 Weatherizing the Bridge To install the Weatherizing Kit: Page 2.4.4 Mast Mounting the Bridge To install the Mast-Mounting Kit: 2.4.5 Reconnecting the Bridge for Outdoor Operation 2.5 Indoor Installation 2.5.1 Connecting the Bridge for Indoor Operation 2.5.2 Configuring the Bridge for Indoor Operation Chapter 3 Configuration 3.1 The Bridge GUI 3.1.1 User Accounts 3.1.2 Accessing the GUI To access the Bridge GUI: 3.2 LAN Settings 3.2.1 Spanning Tree Protocol 3.2.2 WAN Port Encryption To reconfigure Bridge LAN settings: 3.3 Radio Settings 3.3.1 Radio State, Band and Mode Settings 3.3.2 Radio Transmission and Reception Settings Page Page 3.3.3 Configuring Basic Radio Settings 3.3.4 Virtual Radio Interface Settings Page Page Cleartext Security Fortress Security Open WEP and Shared WEP 802.1X Security WPA, WPA2 and WPA-Mixed Security WPA-PSK, WPA2-PSK and WPA-Mixed-PSK Security 3.4 802.1X Server and LAN Port Settings 3.4.1 802.1X Authentication Server To configure the Bridge for use with an external 802.1X authentication server: 3.4.2 LAN Port 802.1X Settings 3.5 Bridge Passwords Page 3.6.1 Operating Mode To change the Bridge operating mode: 3.6.2 Secure Shell Access To configure SSH access to the Bridge CLI: 3.6.3 Encryption Algorithm To change the Bridge encryption algorithm: 3.6.4 Re-keying Interval To change the Bridges re-keying interval: 3.6.5 Access ID To change the Bridges Access ID 3.6.6 Non-802.1X Authentication Global and Default Settings To enable/disable all authentication: To configure an external RADIUS server: To enable/disable device authentication: To configure maximum authentication attempts: To enable/disable user session timeout login prompts: To configure default idle and session timeouts for authenticated users: To configure the default user authentication and device state for authenticating devices: 3.7 Blackout Mode To enable/disable blackout mode: 3.8 System Date and Time To change the date and time on the Bridge: 3.9 Restoring Default Settings 3.10 Front-Panel Operation 3.10.1 Mode Selection from the Front Panel Page 3.10.2 Rebooting the Bridge from the Front Panel 3.10.3 Restoring Defaults from the Front Panel Chapter 4 Administration 4.1 Device Authentication 4.1.1 Maximum Device Authentication Retries 4.1.1 Default Device Authentication Settings 4.1.2 Individual Device Authentication Settings To edit a device: To delete one or more devices: 4.2 User Authentication 4.2.1 Maximum User Authentication Retries 4.2.1 Default User Authentication Settings 4.2.2 Individual User Authentication Settings To add a user: To edit a user account: To delete a user account: 4.3 Trusted Devices 4.3.1 Adding Trusted Devices To add a Trusted Device: 4.3.1 Editing Trusted Devices 4.3.2 Deleting Trusted Devices 4.3.3 Visitor Access through Trusted Devices 4.4 SNMP Settings 4.4.1 Configuring SNMP 4.5 Backing Up and Restoring Page 4.5.1 Backing Up the Bridge Configuration 4.5.2 Restoring from a Backup File 4.6 Software Versions and Upgrades 4.6.1 Viewing Current Software Version 4.6.2 Upgrading Bridge Software Page 4.7 Rebooting the Bridge Page 5.1.1 Traffic Statistics 5.1.2 Interface Statistics 5.1.3 Radio Statistics 5.2 Tracking Page 5.3 AP Associations 5.4 View Log Page 5.5 Diagnostics 5.5.1 Pinging a Device 5.5.2 Tracing a Packet Route 5.5.3 Flushing the Host MAC Database 5.5.4 Generating a Diagnostics File Page can exhibit: 5.6.2 Radio LEDs The upper LED can exhibit: The lower LED can exhibit: Both upper and lower LEDs can exhibit: All four Radio LEDs can exhibit: 5.6.3 Port LEDs Chapter 6 Command-Line Interface 6.1 Introduction 6.1.1 CLI Administrative Modes 6.1.2 Accessing the CLI through the Serial Port 6.1.3 Accessing the CLI Remotely 6.1.4 Logging On and Off the CLI 6.2 Getting Help in the CLI 6.3 Command Syntax 6.4 Configuration in the Bridge CLI 6.4.1 LAN Settings in the CLI 6.4.2 Spanning Tree Protocol in the CLI associated with the Bridges antenna port 1 (ANT1), while , at which point the Bridge Mode option will be inserted dynamically, as shown below. Page Page Page 6.4.4 Bridge Passwords in the CLI 6.4.5 Security Settings in the CLI Page Page Page 6.4.6 System Date and Time in the CLI 6.4.7 Restoring Default Settings in the CLI 6.4.8 Non-802.1X Authentication Settings in the CLI Page 6.4.9 802.1X Authentication Settings in the CLI Page 6.5 Administration in the Bridge CLI 6.5.1 Trusted Devices in the CLI 6.5.2 SNMP Settings in the CLI 6.5.3 Viewing the Software Version in the CLI 6.5.4 Restarting the Bridge in the CLI 6.6 Monitoring and Diagnostics in the CLI 6.6.1 Viewing a Summary Overview of the Bridge 6.6.2 Viewing System Uptime in the CLI 6.6.3 Partners Tracking in the CLI 6.6.4 Host Tracking in the CLI 6.6.5 AP Associations in the CLI 6.6.6 Viewing the System Log in the CLI 6.6.7 Pinging a Device 6.6.8 Tracing a Packet Route 6.7 WLAN Wireless Extension Tools 6.7.1 Creating a Wireless Extension Tools Script 6.8 Secure Automatic Configuration 6.8.1 Preconfiguring a New Network Deployment with SAC Page Page 6.8.2 Reconfiguring Network Settings with SAC Page 6.8.3 Adding and Deleting Network Bridges with SAC Page Page Fortress Bridge: Fortress Security System Overview 114 Chapter 7 Specifications 7.1 Hardware Specifications 7.1.3 Environmental 7.1.1 Performance 7.1.2 Physical Fortress Bridge: Fortress Security System Overview 7.2 RJ-45-to-DB9 Console Port Adapter Logical Interface Physical Interface Page Chapter 8 Troubleshooting Page Index Page Page Page Page Page Page Page Page Glossary Rijndael algorithm Fortress Secure Wireless Access Bridge Fortress Secure Client Fortress Security Controller Layer 2 OSI Layer 2 Data Link Layer fails over SCB Fortress Security Gateway Bridge Fortress Page Information Technologies Access ID packet Fortress Secure Client Bridge Fortress Secure Client Fortress Security Gateway Fortress Secure Client Bridge