Fortress Bridge: Command-Line Interface
107
Allow all of the Bridges to boot before proceeding with SAC:
front-panel Stat1 and Stat2 LEDs and the lower LEDs for both
radios light solid green, while the upper LEDs for both radios
and the WAN port link/activity (Lnk/Act) LED flash green
intermittently.
1Open a terminal application on the computer connected to
the SAC master Bridge’s Console port and (using the
settings given in Section 6.1.2) open a session with the
master Bridge.
2Log in to the Bridge CLI of the master Bridge, using
sysadm
as both the login ID and password.
3At the command prompt, [GW]>
If you want member Bridges’ basic security settings to
be left at their default values and SAC network
parameters to be automatically generated for the
Fortress network (as shown in Table 6.1), enter
set sac
start
without arguments.
or
If you want to specify some or all SAC-configurable
parameters, enter the command with the appropriate
switches and arguments, as follows:
[GW]>
set sac start [-a
<accessId>
] [-e AES128|AES192|AES256] [-t
<rekeyint>
] [-fips off|on]
[-sa
<rad2ssid>
] [-ca
<rad2chnl>
] [-sg
<rad1ssid>
] [-cg
<rad1chnl>
] [-ipnw
<IPaddr>
|
<resIPnw>
]
NOTE: You can ob-
serve SAC events
in the master Bridge’s
system log at any point
in the SAC process with
show log. Strike the
Ctrl-c key, to return to
the [GW]> command
prompt.
The first line above shows security-setting switches and
arguments. The -a switch configures the Access ID, for
which you must enter a 16-digit hexadecimal value. Use
the -e switch to enter one of the valid encryption
algorithms and the -t switch to configure the re-key
interval, in whole hours between
1
and
24
.
If you use the -fips on argument to place network
Bridges in FIPS operating mode (described in Section
3.6.1), you will not be able to configure the network
through subsequent set sac start commands until
you have manually reconfigured each Bridge to use
Normal operating mode (i.e., set fips off). FIPS-
mandated restrictions do not allow configuration
through SAC.
The second line of SAC input (above) shows SAC
network-parameter switches and arguments. The -sa
and -ca switches configure Radio 2’s SSID and
channel setting, respectively. The -sg and -cg
switches configure the same settings for Radio 1.
You can use the -ipnw switch to establish a specific IP
address for the master/root Bridge’s management
interface and automatically generate IP addresses
within the same subnet for the rest of the network