Fortress Technologies ecure Wireless Access Bridge Chapter 4 Administration

Fortress Bridge: Administration

52

Chapter 4Administration

4.1 Device Authentication

NOTE: The Bridge

supports 802.1X

authentication through

separate and unrelated

configuration settings.

These are described in

802.1X Security (for

wireless devices) and in

Section 3.4, 802.1X Serv-

er and LAN Port Settings.

Device authentication is supported only for Local

authentication. (When External authentication is selected, the

settings that configure device authentication are grayed out to

reflect your selection.)

On a Fortress-secured network with device authentication

enabled, a unique Device ID is generated for each device

connecting from an encrypted zone. The Device ID is

subsequently used to authenticate that device on the network.

The Fortress Bridge has an internal RADIUS (Remote

Authentication Dial-In User Service) server built-in. The Bridge

additionally supports external RADIUS servers.

Authentication (device and user) is enabled and disabled

globally on the Bridge by selecting Disabled, Local or External

on the AUTHENTICATION SETTINGS frame of the SECURITY

SETTINGS screen. Device authentication can be enabled only

when Local authentication is selected.

NOTE: Refer to

Section 3.6.6.1 for

instructions on globally

enabling authentication

and to Section 3.6.6.4 for

instructions on globally

enabling device authen-

tication and configur-

ing devices’ default user

authentication option.

When device authentication is enabled, the Bridge detects

devices attempting to access the Bridge’s encrypted zone and

lists them on the DEVICE AUTHENTICATION screen.

Device authentication is globally enabled—for Bridge’s

configured for Local authentication—when it is included in the

selection made in AUTHENTICATION OPTIONS on the SECURITY

SETTINGS screen.

For any given device, device authentication can be used by

itself or combined with the Bridge’s provisions for user

authentication.

4.1.1 Maximum Device Authentication Retries

The maximum number of unsuccessful authentication attempts

a device will be allowed before ending its session is also

configured globally; the same setting configures the maximum

number of times users can unsuccessfully attempt to

Contents

Main Page Fortress Bridge i Page Table of Contents 1 Introduction 1 2 Installation 6 Indoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 Configuration 21 The Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 LAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 4 Administration 52 5 Monitoring and Diagnostics 68 6 Command-Line Interface 80 Administration in the Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Monitoring and Diagnostics in the CLI . . . . . . . . . . . . . . . . . . . . . .101 WLAN Wireless Extension Tools . . . . . . . . . . . . . . . . . . . . . . . . . .104 Page Chapter 1 Introduction 1.1 Fortress Secure Wireless Access Bridge 1.1.1 Management Interfaces 1.2 Network Security Overview 1.3 The Fortress Security System 1.3.1 Multi-factor Authentication 1.3.2 Strong Encryption at the MAC Layer 1.3.3 System Components 1.3.4 Operating Modes Page 1.4 This Document 1.4.1 Document Conventions 1.4.2 Related Documents Chapter 2 Installation 2.1 Introduction 2.1.1 System Requirements 2.1.2 Compatibility 2.2 Preparation 2.2.1 Shipped and Optional Parts Page Page Page 2.3 Installation Instructions 2.4 Outdoor Installation 2.4.1 Connecting the Bridge for Preconfiguration 2.4.2 Preconfiguring the Bridge for Outdoor Operation Page Page Page 2.4.3 Weatherizing the Bridge To install the Weatherizing Kit: Page 2.4.4 Mast Mounting the Bridge To install the Mast-Mounting Kit: 2.4.5 Reconnecting the Bridge for Outdoor Operation 2.5 Indoor Installation 2.5.1 Connecting the Bridge for Indoor Operation 2.5.2 Configuring the Bridge for Indoor Operation Chapter 3 Configuration 3.1 The Bridge GUI 3.1.1 User Accounts 3.1.2 Accessing the GUI To access the Bridge GUI: 3.2 LAN Settings 3.2.1 Spanning Tree Protocol 3.2.2 WAN Port Encryption To reconfigure Bridge LAN settings: 3.3 Radio Settings 3.3.1 Radio State, Band and Mode Settings 3.3.2 Radio Transmission and Reception Settings Page Page 3.3.3 Configuring Basic Radio Settings 3.3.4 Virtual Radio Interface Settings Page Page Cleartext Security Fortress Security Open WEP and Shared WEP 802.1X Security WPA, WPA2 and WPA-Mixed Security WPA-PSK, WPA2-PSK and WPA-Mixed-PSK Security 3.4 802.1X Server and LAN Port Settings 3.4.1 802.1X Authentication Server To configure the Bridge for use with an external 802.1X authentication server: 3.4.2 LAN Port 802.1X Settings 3.5 Bridge Passwords Page 3.6.1 Operating Mode To change the Bridge operating mode: 3.6.2 Secure Shell Access To configure SSH access to the Bridge CLI: 3.6.3 Encryption Algorithm To change the Bridge encryption algorithm: 3.6.4 Re-keying Interval To change the Bridges re-keying interval: 3.6.5 Access ID To change the Bridges Access ID 3.6.6 Non-802.1X Authentication Global and Default Settings To enable/disable all authentication: To configure an external RADIUS server: To enable/disable device authentication: To configure maximum authentication attempts: To enable/disable user session timeout login prompts: To configure default idle and session timeouts for authenticated users: To configure the default user authentication and device state for authenticating devices: 3.7 Blackout Mode To enable/disable blackout mode: 3.8 System Date and Time To change the date and time on the Bridge: 3.9 Restoring Default Settings 3.10 Front-Panel Operation 3.10.1 Mode Selection from the Front Panel Page 3.10.2 Rebooting the Bridge from the Front Panel 3.10.3 Restoring Defaults from the Front Panel Chapter 4 Administration 4.1 Device Authentication 4.1.1 Maximum Device Authentication Retries 4.1.1 Default Device Authentication Settings 4.1.2 Individual Device Authentication Settings To edit a device: To delete one or more devices: 4.2 User Authentication 4.2.1 Maximum User Authentication Retries 4.2.1 Default User Authentication Settings 4.2.2 Individual User Authentication Settings To add a user: To edit a user account: To delete a user account: 4.3 Trusted Devices 4.3.1 Adding Trusted Devices To add a Trusted Device: 4.3.1 Editing Trusted Devices 4.3.2 Deleting Trusted Devices 4.3.3 Visitor Access through Trusted Devices 4.4 SNMP Settings 4.4.1 Configuring SNMP 4.5 Backing Up and Restoring Page 4.5.1 Backing Up the Bridge Configuration 4.5.2 Restoring from a Backup File 4.6 Software Versions and Upgrades 4.6.1 Viewing Current Software Version 4.6.2 Upgrading Bridge Software Page 4.7 Rebooting the Bridge Page 5.1.1 Traffic Statistics 5.1.2 Interface Statistics 5.1.3 Radio Statistics 5.2 Tracking Page 5.3 AP Associations 5.4 View Log Page 5.5 Diagnostics 5.5.1 Pinging a Device 5.5.2 Tracing a Packet Route 5.5.3 Flushing the Host MAC Database 5.5.4 Generating a Diagnostics File Page can exhibit: 5.6.2 Radio LEDs The upper LED can exhibit: The lower LED can exhibit: Both upper and lower LEDs can exhibit: All four Radio LEDs can exhibit: 5.6.3 Port LEDs Chapter 6 Command-Line Interface 6.1 Introduction 6.1.1 CLI Administrative Modes 6.1.2 Accessing the CLI through the Serial Port 6.1.3 Accessing the CLI Remotely 6.1.4 Logging On and Off the CLI 6.2 Getting Help in the CLI 6.3 Command Syntax 6.4 Configuration in the Bridge CLI 6.4.1 LAN Settings in the CLI 6.4.2 Spanning Tree Protocol in the CLI associated with the Bridges antenna port 1 (ANT1), while , at which point the Bridge Mode option will be inserted dynamically, as shown below. Page Page Page 6.4.4 Bridge Passwords in the CLI 6.4.5 Security Settings in the CLI Page Page Page 6.4.6 System Date and Time in the CLI 6.4.7 Restoring Default Settings in the CLI 6.4.8 Non-802.1X Authentication Settings in the CLI Page 6.4.9 802.1X Authentication Settings in the CLI Page 6.5 Administration in the Bridge CLI 6.5.1 Trusted Devices in the CLI 6.5.2 SNMP Settings in the CLI 6.5.3 Viewing the Software Version in the CLI 6.5.4 Restarting the Bridge in the CLI 6.6 Monitoring and Diagnostics in the CLI 6.6.1 Viewing a Summary Overview of the Bridge 6.6.2 Viewing System Uptime in the CLI 6.6.3 Partners Tracking in the CLI 6.6.4 Host Tracking in the CLI 6.6.5 AP Associations in the CLI 6.6.6 Viewing the System Log in the CLI 6.6.7 Pinging a Device 6.6.8 Tracing a Packet Route 6.7 WLAN Wireless Extension Tools 6.7.1 Creating a Wireless Extension Tools Script 6.8 Secure Automatic Configuration 6.8.1 Preconfiguring a New Network Deployment with SAC Page Page 6.8.2 Reconfiguring Network Settings with SAC Page 6.8.3 Adding and Deleting Network Bridges with SAC Page Page Fortress Bridge: Fortress Security System Overview 114 Chapter 7 Specifications 7.1 Hardware Specifications 7.1.3 Environmental 7.1.1 Performance 7.1.2 Physical Fortress Bridge: Fortress Security System Overview 7.2 RJ-45-to-DB9 Console Port Adapter Logical Interface Physical Interface Page Chapter 8 Troubleshooting Page Index Page Page Page Page Page Page Page Page Glossary Rijndael algorithm Fortress Secure Wireless Access Bridge Fortress Secure Client Fortress Security Controller Layer 2 OSI Layer 2 Data Link Layer fails over SCB Fortress Security Gateway Bridge Fortress Page Information Technologies Access ID packet Fortress Secure Client Bridge Fortress Secure Client Fortress Security Gateway Fortress Secure Client Bridge