Fortress Bridge: Command-Line Interface
110
Similarly, the encryption algorithm and re-key interval in effect
on the network can be viewed with show crypto (sections
6.4.5.1 and 6.4.5.2, respectively).
The Access ID cannot be displayed for security purposes (but it
must match across all network Bridges).
Use the show network command on the master/root Bridge to
view its IP address (Section 6.4.1), and the show sac
command to view the IP addresses of slave/non-root Bridges.
The same switches and arguments used to preconfigure the
network through SAC (as explained in Section 6.8.1) are valid
for reconfiguring the network.
Two additional switches modify the behavior of the SAC
operation itself; these are shown in the third line of input below:
[GW]>
set sac start [-a
<accessId>
] [-e AES128|AES192|AES256] [-t
<rekeyint>
] [-fips off|on]
[-sa <rad2ssid>] [-ca <rad2chnl>] [-sg <radio1ssid>] [-cg <radio1chnl>] [-ipnw <IPaddr>|<resIPnw>]
[-autogen yes|no]
[-allowall yes|no]
NOTE: As required
for preconfigura-
tion (Section 6.8.1,
above),
-autogen
and
-allowall
default to yes
when you first invoke
set
sac
start
. The de-
faults of these switches
for subsequent
set
sac
start invocations is no.
When you set automatic generation (-autogen) to yes, the set
sac start command automatically generates any of the SAC-
configurable network settings (as shown in Table 6.1) that you
do not explicitly specify in the command.
After the first invocation of set sac start (Section 6.8.1), the
default -autogen setting is no, which causes only those
network parameters that you specify to be changed from their
current settings.
When you set allow all (-allowall) to yes, the master/root
Bridge broadcasts the entire set of SAC parameters to any
Fortress Bridge within range of the master/root Bridge. When
-allowall is set to no, the master Bridge sends SAC
parameters to only those Bri7dges on its SAC Peer list.
CAUTION: Setting
-allowall to yes
in an uncontrolled envi-
ronment poses a signifi-
cant security risk.
Fortress recommends that -allowall be left at its default
setting of no when the set sac command is executed in any
uncontrolled environment, particularly in a wireless
environment.
For example, the command below changes the Radio 2 SSID
on all Bridges in the SAC group:
[GW]>
set sac start -sa caisiNET01
[OK] Started SAC process successfully
NOTE: Whenever
the configuration
changes, the configura-
tion ID (ConfigID) also
changes.
After executing set sac start, use show sac to confirm that
the configuration change is COMPLETE for each SAC peer.
[GW]>
show sac
SwabSerialNum:24656196
SwabConfigID:42550
SwabSACRole:SAC_MASTER
SwabSACState:SAC_START_4SWAB
SwabSACVer:SAC_VER_PEGASUS_ARCH1
*********SACPeerInformation*********