Manuals / Brands / Computer Equipment / Network Router / Fortress Technologies / Computer Equipment / Network Router

Fortress Technologies ecure Wireless Access Bridge 3.6.2 Secure Shell Access, 3.6.3 Encryption Algorithm

1 144

Download 144 pages, 5.09 Mb

Fortress Bridge: Configuration

39

If the Bridge fails any self-test on startup, it is rendered

inoperable and must be returned to the vendor for repair or

replacement.

Only a designated Crypto Officer, as defined by the Federal

Information Processing Standards, may perform

administrative functions on the Bridge and its Secure

Clients.

To change the Bridge operating mode:

1Log on to the Bridge GUI admin account and select

SECURITY SETTINGS from the menu on the left.

2In the SECURITY section of the SECURITY SETTINGS screen,

select the Bridge’s operating mode.

3Click Apply at the bottom of the screen.

3.6.2 Secure Shell Access

In order to access the Bridge CLI from a network connection to

the Bridge’s management interface, Secure Shell (SSH) must

be enabled. When SSH is disabled, you can access the Bridge

CLI exclusively through a direct connection to its Console port.

Secure Shell (SSH) is disabled on the Bridge by default.

To configure SSH access to the Bridge CLI:

1Log on to the Bridge GUI admin account and select

SECURITY SETTINGS from the menu on the left.

2In the SECURITY section of the SECURITY SETTINGS screen,

select whether SSH is Enabled or Disabled.

3Click Apply at the bottom of the screen.

3.6.3 Encryption Algorithm

The Bridge supports the strong, AES encryption standard at

these user-specified key lengths:

AES-256 (default)

AES-192

AES-128

All Secure Clients logging on to the Bridge must be configured

to use the same encryption algorithm and key length as the

detail:

detail:

Contents

Main Page Fortress Bridge i Page Table of Contents 1 Introduction 1 2 Installation 6 Indoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 Configuration 21 The Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 LAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4 Administration 52 5 Monitoring and Diagnostics 68 6 Command-Line Interface 80 Administration in the Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Monitoring and Diagnostics in the CLI . . . . . . . . . . . . . . . . . . . . . .101 WLAN Wireless Extension Tools . . . . . . . . . . . . . . . . . . . . . . . . . .104 Page Chapter 1 Introduction 1.1 Fortress Secure Wireless Access Bridge 1.1.1 Management Interfaces 1.2 Network Security Overview 1.3 The Fortress Security System 1.3.1 Multi-factor Authentication 1.3.2 Strong Encryption at the MAC Layer 1.3.3 System Components 1.3.4 Operating Modes Page 1.4 This Document 1.4.1 Document Conventions 1.4.2 Related Documents Chapter 2 Installation 2.1 Introduction 2.1.1 System Requirements 2.1.2 Compatibility 2.2 Preparation 2.2.1 Shipped and Optional Parts Page Page Page 2.3 Installation Instructions 2.4 Outdoor Installation 2.4.1 Connecting the Bridge for Preconfiguration 2.4.2 Preconfiguring the Bridge for Outdoor Operation Page Page Page 2.4.3 Weatherizing the Bridge To install the Weatherizing Kit: Page 2.4.4 Mast Mounting the Bridge To install the Mast-Mounting Kit: 2.4.5 Reconnecting the Bridge for Outdoor Operation 2.5 Indoor Installation 2.5.1 Connecting the Bridge for Indoor Operation 2.5.2 Configuring the Bridge for Indoor Operation Chapter 3 Configuration 3.1 The Bridge GUI 3.1.1 User Accounts 3.1.2 Accessing the GUI To access the Bridge GUI: 3.2 LAN Settings 3.2.1 Spanning Tree Protocol 3.2.2 WAN Port Encryption To reconfigure Bridge LAN settings: 3.3 Radio Settings 3.3.1 Radio State, Band and Mode Settings 3.3.2 Radio Transmission and Reception Settings Page Page 3.3.3 Configuring Basic Radio Settings 3.3.4 Virtual Radio Interface Settings Page Page Cleartext Security Fortress Security Open WEP and Shared WEP 802.1X Security WPA, WPA2 and WPA-Mixed Security WPA-PSK, WPA2-PSK and WPA-Mixed-PSK Security 3.4 802.1X Server and LAN Port Settings 3.4.1 802.1X Authentication Server To configure the Bridge for use with an external 802.1X authentication server: 3.4.2 LAN Port 802.1X Settings 3.5 Bridge Passwords Page 3.6.1 Operating Mode To change the Bridge operating mode: 3.6.2 Secure Shell Access To configure SSH access to the Bridge CLI: 3.6.3 Encryption Algorithm To change the Bridge encryption algorithm: 3.6.4 Re-keying Interval To change the Bridges re-keying interval: 3.6.5 Access ID To change the Bridges Access ID 3.6.6 Non-802.1X Authentication Global and Default Settings To enable/disable all authentication: To configure an external RADIUS server: To enable/disable device authentication: To configure maximum authentication attempts: To enable/disable user session timeout login prompts: To configure default idle and session timeouts for authenticated users: To configure the default user authentication and device state for authenticating devices: 3.7 Blackout Mode To enable/disable blackout mode: 3.8 System Date and Time To change the date and time on the Bridge: 3.9 Restoring Default Settings 3.10 Front-Panel Operation 3.10.1 Mode Selection from the Front Panel Page 3.10.2 Rebooting the Bridge from the Front Panel 3.10.3 Restoring Defaults from the Front Panel Chapter 4 Administration 4.1 Device Authentication 4.1.1 Maximum Device Authentication Retries 4.1.1 Default Device Authentication Settings 4.1.2 Individual Device Authentication Settings To edit a device: To delete one or more devices: 4.2 User Authentication 4.2.1 Maximum User Authentication Retries 4.2.1 Default User Authentication Settings 4.2.2 Individual User Authentication Settings To add a user: To edit a user account: To delete a user account: 4.3 Trusted Devices 4.3.1 Adding Trusted Devices To add a Trusted Device: 4.3.1 Editing Trusted Devices 4.3.2 Deleting Trusted Devices 4.3.3 Visitor Access through Trusted Devices 4.4 SNMP Settings 4.4.1 Configuring SNMP 4.5 Backing Up and Restoring Page 4.5.1 Backing Up the Bridge Configuration 4.5.2 Restoring from a Backup File 4.6 Software Versions and Upgrades 4.6.1 Viewing Current Software Version 4.6.2 Upgrading Bridge Software Page 4.7 Rebooting the Bridge Page 5.1.1 Traffic Statistics 5.1.2 Interface Statistics 5.1.3 Radio Statistics 5.2 Tracking Page 5.3 AP Associations 5.4 View Log Page 5.5 Diagnostics 5.5.1 Pinging a Device 5.5.2 Tracing a Packet Route 5.5.3 Flushing the Host MAC Database 5.5.4 Generating a Diagnostics File Page can exhibit: 5.6.2 Radio LEDs The upper LED can exhibit: The lower LED can exhibit: Both upper and lower LEDs can exhibit: All four Radio LEDs can exhibit: 5.6.3 Port LEDs Chapter 6 Command-Line Interface 6.1 Introduction 6.1.1 CLI Administrative Modes 6.1.2 Accessing the CLI through the Serial Port 6.1.3 Accessing the CLI Remotely 6.1.4 Logging On and Off the CLI 6.2 Getting Help in the CLI 6.3 Command Syntax 6.4 Configuration in the Bridge CLI 6.4.1 LAN Settings in the CLI 6.4.2 Spanning Tree Protocol in the CLI associated with the Bridges antenna port 1 (ANT1), while , at which point the Bridge Mode option will be inserted dynamically, as shown below. Page Page Page 6.4.4 Bridge Passwords in the CLI 6.4.5 Security Settings in the CLI Page Page Page 6.4.6 System Date and Time in the CLI 6.4.7 Restoring Default Settings in the CLI 6.4.8 Non-802.1X Authentication Settings in the CLI Page 6.4.9 802.1X Authentication Settings in the CLI Page 6.5 Administration in the Bridge CLI 6.5.1 Trusted Devices in the CLI 6.5.2 SNMP Settings in the CLI 6.5.3 Viewing the Software Version in the CLI 6.5.4 Restarting the Bridge in the CLI 6.6 Monitoring and Diagnostics in the CLI 6.6.1 Viewing a Summary Overview of the Bridge 6.6.2 Viewing System Uptime in the CLI 6.6.3 Partners Tracking in the CLI 6.6.4 Host Tracking in the CLI 6.6.5 AP Associations in the CLI 6.6.6 Viewing the System Log in the CLI 6.6.7 Pinging a Device 6.6.8 Tracing a Packet Route 6.7 WLAN Wireless Extension Tools 6.7.1 Creating a Wireless Extension Tools Script 6.8 Secure Automatic Configuration 6.8.1 Preconfiguring a New Network Deployment with SAC Page Page 6.8.2 Reconfiguring Network Settings with SAC Page 6.8.3 Adding and Deleting Network Bridges with SAC Page Page Fortress Bridge: Fortress Security System Overview 114 Chapter 7 Specifications 7.1 Hardware Specifications 7.1.3 Environmental 7.1.1 Performance 7.1.2 Physical Fortress Bridge: Fortress Security System Overview 7.2 RJ-45-to-DB9 Console Port Adapter Logical Interface Physical Interface Page Chapter 8 Troubleshooting Page Index Page Page Page Page Page Page Page Page Glossary Rijndael algorithm Fortress Secure Wireless Access Bridge Fortress Secure Client Fortress Security Controller Layer 2 OSI Layer 2 Data Link Layer fails over SCB Fortress Security Gateway Bridge Fortress Page Information Technologies Access ID packet Fortress Secure Client Bridge Fortress Secure Client Fortress Security Gateway Fortress Secure Client Bridge