Manuals / Brands / Computer Equipment / Network Router / Fortress Technologies / Computer Equipment / Network Router

Fortress Technologies ecure Wireless Access Bridge To configure an external RADIUS server:

1 144

Download 144 pages, 5.09 Mb

Fortress Bridge: Configuration

43

The default Auth Server Key is fortress, which you can

optionally change.

Selecting Local authentication enables the screens and fields

that configure local authentication settings for both users and

devices.

NOTE: The Bridge

has not been test-

ed with, and may not

fully support, other

common RADIUS serv-

ers. Contact your For-

tress representative for

more detail about third-

party RADIUS support.

3.6.6.3 External Authentication Server

The Bridge can be integrated with an external Remote

Authentication Dial-In User Service (RADIUS). It supports the

open source freeRADIUS.

Also, in a point-to-point or point-to-multipoint Bridge

deployment that uses the RADIUS server internal to the root

Bridge for authentication, only the root Bridge is configured for

Local authentication, while the other Bridge(s) in the network

are configured to use the root Bridge’s RADIUS server as an

External authentication server.

The screens and fields that configure local authentication

settings for users and devices are disabled when External

authentication is selected. (These settings are configured on

the external authentication server.)

NOTE: If you are

using both RADI-

US and 802.1X authenti-

cation services, they can

run on the same exter-

nal server, but you must

enter the server’s set-

tings both on the

SECURI-

TY SETTINGS screen (in

the AUTHENTICATION SET-

TINGS section) and on the

INTERFACES screen (in the

802.1X AUTHENTICATION

SERVER frame).

To use the Bridge with an external RADIUS server, the Bridge

must be added as a RADIUS Network Access Server (NAS)

client and assigned a shared key for communication with

RADIUS. Please refer to your RADIUS documentation for

guidance.

To configure an external RADIUS server:

NOTE: The server

key you enter here

should already be

present in the RADIUS

service configuration.

1Log on to the Bridge GUI admin account and select

SECURITY SETTINGS from the menu on the left.

2In the AUTHENTICATION SETTINGS frame:

Ensure that Auth Mode is External.

In Auth Server Address, enter the IP address of your

external RADIUS server.

In Auth Server Key, enter the shared key assigned to the

Bridge in RADIUS.

In Confirm Server Key, re-enter the shared key (to guard

against entry errors).

3Click Apply at the bottom of the screen.

detail:

Contents

Main Page Fortress Bridge i Page Table of Contents 1 Introduction 1 2 Installation 6 Indoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 Configuration 21 The Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 LAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4 Administration 52 5 Monitoring and Diagnostics 68 6 Command-Line Interface 80 Administration in the Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Monitoring and Diagnostics in the CLI . . . . . . . . . . . . . . . . . . . . . .101 WLAN Wireless Extension Tools . . . . . . . . . . . . . . . . . . . . . . . . . .104 Page Chapter 1 Introduction 1.1 Fortress Secure Wireless Access Bridge 1.1.1 Management Interfaces 1.2 Network Security Overview 1.3 The Fortress Security System 1.3.1 Multi-factor Authentication 1.3.2 Strong Encryption at the MAC Layer 1.3.3 System Components 1.3.4 Operating Modes Page 1.4 This Document 1.4.1 Document Conventions 1.4.2 Related Documents Chapter 2 Installation 2.1 Introduction 2.1.1 System Requirements 2.1.2 Compatibility 2.2 Preparation 2.2.1 Shipped and Optional Parts Page Page Page 2.3 Installation Instructions 2.4 Outdoor Installation 2.4.1 Connecting the Bridge for Preconfiguration 2.4.2 Preconfiguring the Bridge for Outdoor Operation Page Page Page 2.4.3 Weatherizing the Bridge To install the Weatherizing Kit: Page 2.4.4 Mast Mounting the Bridge To install the Mast-Mounting Kit: 2.4.5 Reconnecting the Bridge for Outdoor Operation 2.5 Indoor Installation 2.5.1 Connecting the Bridge for Indoor Operation 2.5.2 Configuring the Bridge for Indoor Operation Chapter 3 Configuration 3.1 The Bridge GUI 3.1.1 User Accounts 3.1.2 Accessing the GUI To access the Bridge GUI: 3.2 LAN Settings 3.2.1 Spanning Tree Protocol 3.2.2 WAN Port Encryption To reconfigure Bridge LAN settings: 3.3 Radio Settings 3.3.1 Radio State, Band and Mode Settings 3.3.2 Radio Transmission and Reception Settings Page Page 3.3.3 Configuring Basic Radio Settings 3.3.4 Virtual Radio Interface Settings Page Page Cleartext Security Fortress Security Open WEP and Shared WEP 802.1X Security WPA, WPA2 and WPA-Mixed Security WPA-PSK, WPA2-PSK and WPA-Mixed-PSK Security 3.4 802.1X Server and LAN Port Settings 3.4.1 802.1X Authentication Server To configure the Bridge for use with an external 802.1X authentication server: 3.4.2 LAN Port 802.1X Settings 3.5 Bridge Passwords Page 3.6.1 Operating Mode To change the Bridge operating mode: 3.6.2 Secure Shell Access To configure SSH access to the Bridge CLI: 3.6.3 Encryption Algorithm To change the Bridge encryption algorithm: 3.6.4 Re-keying Interval To change the Bridges re-keying interval: 3.6.5 Access ID To change the Bridges Access ID 3.6.6 Non-802.1X Authentication Global and Default Settings To enable/disable all authentication: To configure an external RADIUS server: To enable/disable device authentication: To configure maximum authentication attempts: To enable/disable user session timeout login prompts: To configure default idle and session timeouts for authenticated users: To configure the default user authentication and device state for authenticating devices: 3.7 Blackout Mode To enable/disable blackout mode: 3.8 System Date and Time To change the date and time on the Bridge: 3.9 Restoring Default Settings 3.10 Front-Panel Operation 3.10.1 Mode Selection from the Front Panel Page 3.10.2 Rebooting the Bridge from the Front Panel 3.10.3 Restoring Defaults from the Front Panel Chapter 4 Administration 4.1 Device Authentication 4.1.1 Maximum Device Authentication Retries 4.1.1 Default Device Authentication Settings 4.1.2 Individual Device Authentication Settings To edit a device: To delete one or more devices: 4.2 User Authentication 4.2.1 Maximum User Authentication Retries 4.2.1 Default User Authentication Settings 4.2.2 Individual User Authentication Settings To add a user: To edit a user account: To delete a user account: 4.3 Trusted Devices 4.3.1 Adding Trusted Devices To add a Trusted Device: 4.3.1 Editing Trusted Devices 4.3.2 Deleting Trusted Devices 4.3.3 Visitor Access through Trusted Devices 4.4 SNMP Settings 4.4.1 Configuring SNMP 4.5 Backing Up and Restoring Page 4.5.1 Backing Up the Bridge Configuration 4.5.2 Restoring from a Backup File 4.6 Software Versions and Upgrades 4.6.1 Viewing Current Software Version 4.6.2 Upgrading Bridge Software Page 4.7 Rebooting the Bridge Page 5.1.1 Traffic Statistics 5.1.2 Interface Statistics 5.1.3 Radio Statistics 5.2 Tracking Page 5.3 AP Associations 5.4 View Log Page 5.5 Diagnostics 5.5.1 Pinging a Device 5.5.2 Tracing a Packet Route 5.5.3 Flushing the Host MAC Database 5.5.4 Generating a Diagnostics File Page can exhibit: 5.6.2 Radio LEDs The upper LED can exhibit: The lower LED can exhibit: Both upper and lower LEDs can exhibit: All four Radio LEDs can exhibit: 5.6.3 Port LEDs Chapter 6 Command-Line Interface 6.1 Introduction 6.1.1 CLI Administrative Modes 6.1.2 Accessing the CLI through the Serial Port 6.1.3 Accessing the CLI Remotely 6.1.4 Logging On and Off the CLI 6.2 Getting Help in the CLI 6.3 Command Syntax 6.4 Configuration in the Bridge CLI 6.4.1 LAN Settings in the CLI 6.4.2 Spanning Tree Protocol in the CLI associated with the Bridges antenna port 1 (ANT1), while , at which point the Bridge Mode option will be inserted dynamically, as shown below. Page Page Page 6.4.4 Bridge Passwords in the CLI 6.4.5 Security Settings in the CLI Page Page Page 6.4.6 System Date and Time in the CLI 6.4.7 Restoring Default Settings in the CLI 6.4.8 Non-802.1X Authentication Settings in the CLI Page 6.4.9 802.1X Authentication Settings in the CLI Page 6.5 Administration in the Bridge CLI 6.5.1 Trusted Devices in the CLI 6.5.2 SNMP Settings in the CLI 6.5.3 Viewing the Software Version in the CLI 6.5.4 Restarting the Bridge in the CLI 6.6 Monitoring and Diagnostics in the CLI 6.6.1 Viewing a Summary Overview of the Bridge 6.6.2 Viewing System Uptime in the CLI 6.6.3 Partners Tracking in the CLI 6.6.4 Host Tracking in the CLI 6.6.5 AP Associations in the CLI 6.6.6 Viewing the System Log in the CLI 6.6.7 Pinging a Device 6.6.8 Tracing a Packet Route 6.7 WLAN Wireless Extension Tools 6.7.1 Creating a Wireless Extension Tools Script 6.8 Secure Automatic Configuration 6.8.1 Preconfiguring a New Network Deployment with SAC Page Page 6.8.2 Reconfiguring Network Settings with SAC Page 6.8.3 Adding and Deleting Network Bridges with SAC Page Page Fortress Bridge: Fortress Security System Overview 114 Chapter 7 Specifications 7.1 Hardware Specifications 7.1.3 Environmental 7.1.1 Performance 7.1.2 Physical Fortress Bridge: Fortress Security System Overview 7.2 RJ-45-to-DB9 Console Port Adapter Logical Interface Physical Interface Page Chapter 8 Troubleshooting Page Index Page Page Page Page Page Page Page Page Glossary Rijndael algorithm Fortress Secure Wireless Access Bridge Fortress Secure Client Fortress Security Controller Layer 2 OSI Layer 2 Data Link Layer fails over SCB Fortress Security Gateway Bridge Fortress Page Information Technologies Access ID packet Fortress Secure Client Bridge Fortress Secure Client Fortress Security Gateway Fortress Secure Client Bridge