Fortress Technologies Fortress Security System User Manual
Fortress Security System
Secure Wireless
Access Bridge
User Guide
www.fortresstech.com
© 2006 Fortress Technologies
Fortress Secure Wireless Access Bridge 2.6.1
Copyright © 2006 Fortress Technologies, Inc. All rights reserved.
This document contains proprietary information protected by copyright. No part of this
document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, without written permission of Fortress Technologies, 4023 Tampa Road, Suite
2000, Oldsmar, FL 34677, except as specified in the Product Warranty and License Terms.
FORTRESS TECHNOLOGIES, INC., MAKES NO WARRANTY OF ANY KIND WITH
REGARD TO THIS MATERIAL, INCLUDING BUT NOT LIMITED TO THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. FORTRESS TECHNOLOGIES, INC. SHALL NOT BE LIABLE FOR ERRORS
CONTAINED HEREIN OR FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE FURNISHING, PERFORMANCE OR USE OF THIS
MATERIAL. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE
WITHOUT NOTICE.
The Fortress Technologies and AirFortress logos and AirFortress and are registered
trademarks; Multi-Factor Authentication, Unified Security Model, Wireless Link Layer
Security and Three Factor Authentication (TFA) are trademarks of Fortress Technologies,
Inc. The technology behind Wireless Link Layer Security™ enjoys U.S. and international
patent protection under patent number 5,757,924.
Portions of this software are covered by the GNU General Public License (GPL) Copyright
© 1989, 1991 Free Software Foundation, Inc,. 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
To receive a complete machine-readable copy of the corresponding source code on CD,
send $10 (to cover the costs of production and mailing) to: Fortress Technologies; 4023
Tampa Road, suite 2000; Oldsmar, FL 34677-3216. Please be sure to include a copy of
your Fortress Technologies invoice and a valid “ship to” address.
This product uses the Abyss Web Server. Copyright © 2000 Moez Mahfoudh
(moez@bigfoot.com). All rights reserved.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Copyright © 1995-1998 Eric Young (eay@cryptsof t.com) All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The
implementation was written so as to conform with Netscape’s SSL.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULA R PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Atheros, the Atheros logo, Atheros Driven, Driving the wireless future, Super G and Super
AG are all registered trademarks of Atheros Communications. ROCm, JumpStart for
Wireless, Atheros XR, Wake-on-Wireless, Wake-on-Theft, and FastFrames, are all
trademarks of Atheros Communications, Inc.
This product uses Dynamic Host Control Protocol copyright 1995, 1996, 1997, 1998, 1999
by the Internet Software Consortium-DHCP. All rights reserved.
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)
Copyright © 1998-2005 The OpenSSL Project. All rights reserved.THIS SOFTWARE IS
PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
Fortress Bridge
i
DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENT AL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product uses Net-SNMP Copyright © 1989, 1991, 1992 by Carnegie Mellon
University, Derivative Work - 1996, 1998-2000. Copyright © 1996, 1998-2000 The Regents
of the University of California. All rights reserved. Copyright © 2001-2003, Cambridge
Broadband Ltd. All rights reserved. Copyright © 2003 Sun Microsystems, Inc. All rights
reserved. Copyright © 2001-2006, Networks Associates Technology, Inc. All rights
reserved. Center of Beijing University of Posts and Telecommunications. All rights
reserved.
Microsoft and Windows are registered trademarks of the Microsoft Corporation.
Firefox is a trademark of the Mozilla Foundation.
All other trademarks mentioned in this document are the property of their respective
owners.
FCC EMISSIONS COMPLIANCE STATEMENT
THIS EQUIPMENT HAS BEEN TESTED AND FOUND TO COMPLY
WITH THE LIMITS FOR A CLASS A DIGITAL DEVICE, PURSUANT TO
PART 15 OF THE FCC RULES. THESE LIMITS ARE DESIGNED TO
PROVIDE REASONABLE PROTECTION AGAINST HARMFUL
INTERFERENCE WHEN THE EQUIPMENT IS OPERATED IN A
COMMERCIAL ENVIRONMENT. THIS EQUIPMENT GENERATES,
USES, AND CAN RADIATE RADIO FREQUENCY ENERGY AND, IF
NOT INSTALLED AND USED IN ACCORDANCE WITH THE
INSTRUCTION MANUAL, MAY CAUSE HARMFUL INTERFERENCE TO
RADIO COMMUNICATIONS. OPERATION OF THIS EQUIPMENT IN A
RESIDENTIAL AREA IS LIKELY TO CAUSE HARMFUL
INTERFERENCE IN WHICH CASE THE USER WILL BE REQUIRED TO
CORRECT THE INTERFERENCE AT HIS OWN EXPENSE.
Fortress Bridge
FCC CLASS A WARNING
MODIFYING THE EQUIPMENT WITHOUT FORTRESS
AUTHORIZATION MAY RESULT IN THE EQUIPMENT NO LONGER
COMPLYING WITH FCC REQUIREMENTS FOR CLASS A DIGITAL
DEVICES. IN THAT EVENT, YOUR RIGHT TO USE THE EQUIPMENT
MAY BE LIMITED BY FCC REGULATIONS, AND YOU MAY BE
REQUIRED TO CORRECT ANY INTERFERENCE TO RADIO OR
TELEVISION COMMUNICATIONS AT YOUR OWN EXPENSE.
TO COMPLY WITH FCC RF EXPOSURE COMPLIANCE
REQUIREMENTS, THE ANTENNAS USED FOR THESE
TRANSMITTERS MUST BE INSTALLED TO PROVIDE A SEPARATION
DISTANCE OF AT LEAST 20 CM FROM ALL PERSONS AND MUST
NOT BE CO-LOCATED OR OPERATED IN CONJUNCTION WITH ANY
OTHER ANTENNA OR TRANSMITTER.
ii
Fortress Bridge: Table of Contents
Table of Contents
1
Introduction 1
Fortress Secure Wireless Access Bridge . . . . . . . . . . . . . . . . . . . . .1
Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Network Security Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
The Fortress Security System . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Multi-factor Authentication™ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Strong Encryption at the MAC Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Normal Operating Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
FIPS Operating Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
2
Installation 6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Shipped and Optional Parts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Preparing the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Port Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Safety Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
iii
Fortress Bridge: Table of Contents
Installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Outdoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Connecting the Bridge for Preconfiguration . . . . . . . . . . . . . . . . . . . . . . . . 12
Preconfiguring the Bridge for Outdoor Operation . . . . . . . . . . . . . . . . . . . . 12
Weatherizing the Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Mast Mounting the Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Reconnecting the Bridge for Outdoor Operation . . . . . . . . . . . . . . . . . . . . 18
Indoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Connecting the Bridge for Indoor Operation . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuring the Bridge for Indoor Operation . . . . . . . . . . . . . . . . . . . . . . . . 20
3
Configuration 21
The Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Accessing the GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Logging Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
LAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
WAN Port Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Radio State, Band and Mode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Radio State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Radio Band . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Radio Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Bridge Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Radio Transmission and Reception Settings . . . . . . . . . . . . . . . . . . . . . . . 26
Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Transmit Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Preamble . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Beacon Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Received Signal Strength Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring Basic Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Virtual Radio Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
SSID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Hide SSID and Accept G Only Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
DTIM Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
RTS and Fragmentation Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Security Suite and Security Suite Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configuring Virtual Radio Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
iv
Fortress Bridge: Table of Contents
802.1X Server and LAN Port Settings . . . . . . . . . . . . . . . . . . . . . . 35
802.1X Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
LAN Port 802.1X Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Bridge Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Operating Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Secure Shell Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Encryption Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Re-keying Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Access ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Non-802.1X Authentication Global and Default Settings . . . . . . . . . . . . . . 41
Enabling/Disabling Authentication Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Local Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
External Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Enabling/Disabling Device Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Maximum Authentication Retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Restart Session Login Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Default User Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Default Device Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Blackout Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
System Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Restoring Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Front-Panel Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Mode Selection from the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Toggling the Bridge Mode Setting on Radio 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Toggling the Blackout Mode setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Rebooting the Bridge from the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . 51
Restoring Defaults from the Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . 51
4
Administration 52
Device Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Maximum Device Authentication Retries . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Default Device Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Individual Device Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Editing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Deleting Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Maximum User Authentication Retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Default User Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Individual User Authentication Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Adding a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Editing a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Deleting a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
v
5
Fortress Bridge: Table of Contents
Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Adding Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Editing Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Deleting Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Visitor Access through Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Backing Up and Restoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Backing Up the Bridge Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Restoring from a Backup File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Software Versions and Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Viewing Current Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Upgrading Bridge Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Rebooting the Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Monitoring and Diagnostics 68
Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Interface Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Radio Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
AP Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
View Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Pinging a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Tracing a Packet Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Flushing the Host MAC Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Generating a Diagnostics File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Front-Panel Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
System LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Radio LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Port LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
6
Command-Line Interface 80
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
CLI Administrative Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Accessing the CLI through the Serial Port . . . . . . . . . . . . . . . . . . . . . . . . . 81
Accessing the CLI Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Logging On and Off the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
vi
Fortress Bridge: Table of Contents
Getting Help in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuration in the Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
LAN Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Spanning Tree Protocol in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Bridge Radio Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Virtual Radio Interface Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Bridge Passwords in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Changing Bridge GUI Passwords in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Changing the Bridge CLI Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Security Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Encryption Algorithm in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Re-Keying Interval in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Data Compression in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Access ID in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Operating Mode in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
WAN Port Encryption in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
SSH Access to the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Disabling the Bridge GUI in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Blackout Mode in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
System Date and Time in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Restoring Default Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Non-802.1X Authentication Settings in the CLI . . . . . . . . . . . . . . . . . . . . . 95
Non-802.1X Authentication Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Non-802.1X EAP Retry Interval Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
802.1X Authentication Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . 97
802.1X Authentication Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Internal LAN Switch Port 802.1X Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Administration in the Bridge CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Trusted Devices in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Adding Trusted Devices in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Deleting Trusted Devices in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
SNMP Settings in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Viewing the Software Version in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . .101
Restarting the Bridge in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Monitoring and Diagnostics in the CLI . . . . . . . . . . . . . . . . . . . . . .101
Viewing a Summary Overview of the Bridge . . . . . . . . . . . . . . . . . . . . . . . 101
Viewing System Uptime in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 02
Partners Tracking in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Host Tracking in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
AP Associations in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Viewing the System Log in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Pinging a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Tracing a Packet Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
WLAN Wireless Extension Tools . . . . . . . . . . . . . . . . . . . . . . . . . .104
Creating a Wireless Extension Tools Script . . . . . . . . . . . . . . . . . . . . . . . .105
vii
Fortress Bridge: Table of Contents
Secure Automatic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Preconfiguring a New Network Deployment with SAC . . . . . . . . . . . . . . . .106
Connecting the Bridges for Preconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Automatically Preconfiguring Network Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Reconfiguring Network Settings with SAC . . . . . . . . . . . . . . . . . . . . . . . . .109
Adding and Deleting Network Bridges with SAC . . . . . . . . . . . . . . . . . . . .111
Adding a New SAC Network Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Deleting a Bridge from a SAC Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
7
Specifications 114
Hardware Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Physical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Environmental . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Logical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
RJ-45-to-DB9 Console Port Adapter . . . . . . . . . . . . . . . . . . . . . . .115
8
Troubleshooting 117
Index 119
Glossary 128
viii
Chapter 1 Introduction
1.1 Fortress Secure Wireless Access Bridge
The Fortress Secure Wireless Access Bridge is an all-in-one
network access device with the most stringent security
available today built in. It can serve as a wireless bridge, a
WLAN access point, and an eight-port LAN switch, while
performing all the functions of a Fortress controller device:
encrypting wireless traffic and providing Multi-factor
Authentication for devices on the network it protects.
Fortress Bridge: Introduction
The rugged, compact chassis is uniquely designed, acting as
an external heat sink to eliminate the need for fans and filters.
The Bridge can be used indoors or outdoors with the MastMounting and Weatherizing kits that ship with every device.
The Bridge can be quickly and transparently integrated into an
existing network. It can be powered with standard AC current
or as an Ethernet powered device (PD) through its WAN port,
which supports power over Ethernet (PoE).
Once it is installed and configured, operation is automatic,
requiring no administrator intervention as it protects data
transmitted on WLANs and between WLAN devices and the
wired LAN.
1.1.1 Management Interfaces
The Bridge can be administered through either of two native
management tools: the Bridge GUI or Bridge CLI. The Bridge
also supports Simple Network Management Protocol (SNMP).
1.1.1.1 Bridge GUI
The Bridge’s graphical user interface is a browser-based
management tool that provides administration and monitoring
functions in a menu- and dialog-driven format. It is accessed
over the network via the Bridge’s IP address. The Bridge
supports Microsoft® Internet Explorer and Mozilla Firefox™.
1
1.1.1.2 Bridge CLI
The Bridge’s command-line interface provides administration
and monitoring functions via a command line. It is accessed
over the network via the Bridge’s IP address or through a
terminal connected directly to the Bridge’s serial
1.1.1.3 SNMP
The Bridge supports versions 1 and 2 of the Simple Network
Management Protocol (SNMP) Internet standard for network
management. The Fortress Management Information Base
(MIB) is included on the Bridge CD and available from:
www.fortresstech.com/support/products_updates.asp
1.2 Network Security Overview
Network security measures take a variety of forms; key
components include:
Access controls prevent unwanted users and devices from
connecting to the network. Typically some form of
authentication is required, in which credentials are
validated before a connection is allowed. Additionally,
policy can be applied to determine what on the network the
authenticated user or device can access, when, and with
what permissions.
Console port.
.
Fortress Bridge: Introduction
NOTE: You cannot
configure SNMP
management on a For-
tress Bridge in
erating mode (the
default).
FIPS op-
Privacy, or confidentiality, implementations prevent
information from being derived from intercepted network
traffic through the use of data encryption, and guard
against network tampering by checking the integrity of
transmitted data.
1.3 The Fortress Security System
The Fortress Security System applies a combination of
established and unique methodologies to both network access
and data privacy.
1.3.1 Multi-factor Authentication™
Fortress guards the network against illicit access with Multifactor Authentication: checking three levels of access
credentials before allowing a connection.
1) Network authentication mandates that connecting devices
use the correct shared identifier for the network. The Fortress Security System requires all members of a secure
network to authenticate with the correct Access ID.
2) Device authentication mandates that a connecting device is
individually recognized on the network through its unique
device identifier. The Fortress Security System requires
each device to authenticate on the secure network with the
unique Device ID generated for that device.
2
3) User authentication requires the user of a connecting
device to enter a recognized user name and valid credentials, a password, for example, or a digital certificate. The
Fortress Security System can authenticate users locally or
through existing user-authentication provisions.
1.3.2 Strong Encryption at the MAC Layer
Fortress ensures network privacy at the Media Access Control
(MAC) sublayer, within the Data Link Layer (Layer 2) of the
Open System Interconnection (OSI) networking model. This
allows a transmission’s entire contents, including the IP
address and any broadcast messages, to be encrypted.
Additionally, Fortress supports the FIPS-validated encryption
algorithm: AES-128/192/256.
1.3.3 System Components
The Fortress Security System comprises three components:
A Fortress controller device (Gateway/Controller/Bridge)
provides internal network security by bridging encrypted
wired or wireless communications to the wired LAN or by
remotely bridging point-to-point or -multipoint LAN and
WLAN connections.
Fortress Bridge: Introduction
The Fortress Secure Client provides device security and
secure wireless connectivity for mobile devices connected
to networks protected by a Fortress controller device.
Fortress Management and Policy Server (MaPS™)
provides centralized management of network devices and
resources, as well as rules-based access control and
network, device and user authentication, by itself or
integrated with back-end corporate authentication servers.
1.3.4 Operating Modes
The Fortress Security System can be operated in either of two,
mutually exclusive modes.
1.3.4.1 Normal Operating Mode
In Normal operating mode, the Fortress Security System
provides the highest available level of network security, without
the additional safeguards Federally mandated for some
government networks. Normal mode of operation is generally
more than adequate for even the most stringent security and
privacy requirements in unregulated environments.
1.3.4.2 FIPS Operating Mode
In FIPS mode, the Fortress Security System complies fully with
the Federal Information Processing Standards (FIPS) 140-2
standard for cryptographic products. Because of its added
administrative complexities, however, FIPS mode is
recommended only for networks that explicitly require FIPS
compliance.
3
1.3.5 Deployment Options
The Fortress Security System is flexible and expandable.
Fortress Bridge: Introduction
Figure 1.1 Example Point-to-Multipoint Deployment of the Fortress Secure Wireless Access Bridge
4
The Bridge can provide a secure edge for a WLAN (or
infrastructure-mode) deployments, as shown in Figure 1.1
Fortress Bridge: Introduction
1.4 This Document
This user guide assumes its users have a level of expertise
consistent with a professional Network Administrator.
1.4.1 Document Conventions
This is a task-oriented document, and the procedures it
contains are, wherever possible, self-contained and complete
in themselves. Internal cross references do appear, however,
rather than verbatim repetition.
Introductory matter before numbered steps will generally
contain information necessary to the successful completion of
the task. Descriptive matter below a stepped procedure may
add to your understanding, but is not essential to the task.
Side notes throughout this document are intended to alert you
to particular kinds of information, as visually indicated by their
icons. Examples appear to the right of this section, in
descending order of urgency.
1.4.2 Related Documents
A printed Fortress Secure Wireless Access Bridge Quick Start
Guide was included with your shipment.
For guidance on the Fortress Secure Client, please refer to
your Fortress Secure Client user guide.
WARNING: can
cause physical in-
jury or death to you
and/or your equipment.
CAUTION: can cor-
rupt your net-
work, your data o r an
intended configuration
result.
NOTE: may assist
you in executing
the task, e.g. a conve-
nient software feature or
notice of something to
keep in mind.
5
Chapter 2 Installation
2.1 Introduction
Fortress Wireless Access Bridge: Installation
The Fortress Secure Wireless Access Bridge is a full-featured
Fortress controller device, providing strong data encryption and
Multi-factor Authentication™, including native RADIUS
authentication, to users and devices on the network it secures.
The Bridge additionally comprises three, independent network
components that can be employed alone or simultaneously in
any combination:
1 Radio 1 is a tri-band 802.11a/b/g radio that can be
configured to use either the 802.11b/g band or the 802.11a
band. It can function as a wireless access point (AP),
providing secure WLAN connectivity to wireless devices
within range, or as a wireless bridge in a point-to-point or
point-to-multipoint network.
2 Radio 2 is fixed on the 802.11a band. As the higher
powered of the two radios, it would normally be the first
choice for the bridging function in a mixed AP/wireless
bridge deployment, but it can equally function as an
802.11a AP.
3 The eight RJ-45 10/100 Mbps Auto-MDIX Ethernet ports
(labeled
1-8) are connectors for the Bridge’s internal LAN
switch.
The Bridge is also an 802.3af power-over-Ethernet (PoE)
powered device (PD), drawing power through its WAN port,
when that port is connected to 802.3af power sourcing
equipment (PSE).
NOTE: Only essen-
tial configuration
settings, as required for
basic installation, are
covered in this chapter.
The full complement of
Bridge configuration
options is described in
the following chapter,
Bridge Administration.
NOTE: The internal
LAN does not sup-
port NAT (network ad-
dress translation).
2.1.1 System Requirements
To display properly, the Bridge GUI requires a monitor
resolution of at least 1024 × 768 pixels and the following (or
later) browser versions:
Microsoft® Internet Explorer 6.0
Mozilla Firefox™ 1.5
6
2.1.2 Compatibility
The Fortress Bridge is fully compatible with Fortress Secure
Client versions 2.4 and higher.
2.2 Preparation
2.2.1 Shipped and Optional Parts
Included in each Fortress Bridge shipment are:
Fortress Secure Wireless Access Bridge, comprising:
one eight-port Ethernet LAN switch
one PoE Ethernet WAN port
two USB ports
one 802.11 a/b/g multi-mode radio
one 802.11a radio
two lightning arrestor modules
one universal AC-to-48V DC power adapter
AC power cord
one EBU-101-01 PoE adapter
one RJ-45-to-DB9 adapter
(for use with a standard, straight-through CAT5 assembly)
ES520 Weatherizing Kit, including:
one front-panel cover plate
one RJ-45 connector boot assembly (six pieces)
one antenna port cap
ES520 Mast-Mounting Kit, including:
one mast mounting bracket
two 4" long, fully threaded 1/4-20 hex bolts
two 1/4" split lock washers
1
Fortress Wireless Access Bridge: Installation
Optionally, you can purchase from Fortress Technologies:
5.x GHz 9dBi omnidirectional antenna with an N-type male
direct connector
2.4–2.485 GHz 9dBi omnidirectional antenna with an
integrated 2' antenna cable terminating in an N-type male
connector
802.11a/b/g 2/2dBi tri-band rubber duck antenna with an
RP-TNC connector and RP-TNC-to-N-type male connector
adapter
The availability and specifications of antennas offered for
purchase from Fortress Technologies are subject to change.
Contact your Fortress representative for details and pricing.
1. In outdoor installations, it is mandatory that the Bridge be powered with the
EBU-101-01 PoE adapter (or equivalent).
7
2.2.2 Preparing the Network
Any Ethernet device—including hubs, switches and access
points—directly connected to the Bridge must have autonegotiation capability (and have the feature enabled), or link
and/or packet loss could result. Refer to a device’s
documentation to configure its negotiation options.
Secure Clients (and other Fortress Bridges) in communication
with the Fortress Bridge must use the same encryption
algorithm and must be assigned the same Access ID (as
established in Step 5 of Section 2.4.2).
Fortress Wireless Access Bridge: Installation
If you are deploying multiple Fortress Bridges in a potopo or reto-multipo network hey should be correctly
configured for their network roles. Typically, one Bridge serves
as the roo node in the network and the rest are configured as
non-roo nodes.
A Fortress Bridge in root mode does not initiate connections
with other Fortress Bridges, while Bridges in non-roo mode do
initiate connections with other Fortress Bridges—either directly
with a roo Bridge or with another non-roo Bridge. (The Bridge
Mode is established in Step 8 of Section 2.4.2.)
2.2.3 Port Locations
The Bridge’s dual antenna ports and grounding stud are
located on the back panel. The rest of the Bridge’s rerts are
located on the fro panel, shown below.
NOTE: In
/multire
deployments, the trans-
mission and reception
settings on all of the ra-
ios used to form the
network must match.
Figure 2.1 Fortress Bridge Port Locations
8
Fortress Wireless Access Bridge: Installation
General: This equipment must be installed by qualified
service personnel according to the applicable installation
codes. Do not locate the Bridge or antennas near power
lines or power circuits. When installing an external antenna,
take extreme care not to come into contact with such
circuits as they can cause serious injury or death. Avoid
metal ladders wherever possible. For proper installation
and grounding, refer to national and/or local codes
(WSNFPA 70 or, Canadian Electrical Code 54).
Indoor/Outdoor Siting: The Secure Wireless Access Bridge,
with or without externally sited antennas, is intended only
for installation in Environment A as defined in IEEE
802.3.af. All interconnected equipment connected to the
indoor/outdoor Bridge must be contained within the same
building, including the interconnected equipment's
associated LAN connections.
In outdoor environments, the Secure Wireless Access
Bridge shall be mounted on a wall, pole, mast or tower
using the included mounting bracket. When mounted
outside, the Bridge’s Front Panel Cover Plate (included)
provides the necessary water and dust resistance to
environmentally protect the unit. In addition, the three Front
Panel Cover Plate thumbscrews must be hand-tightened
(taking care not to over-tighten) to prevent the operatoraccess area (USB, Console, Ethernet ports, and power
inlets) from being exposed. The Bridge should not be used
outside a home, school, or other public area where the
general population has access to it.
WARNING: The
Bridge contains a
3V (7 year) lithium bat-
tery for time-keeping
purposes. It is not in-
tended to be operator-
or user-replaceable. To
avoid risk of personal
injury (and voiding of
the Bridge’s warranty),
refer all hardware ser-
vicing to Fortress Tech-
nical Support. There is a
risk of explosion if the battery is replaced by an incorrect type. Dispose of
used batteries according
to the new battery dis-
posal instructions.
When sited inside, the unit is powered within SELV low
voltage safety limits with 48VDC PoE or 48VDC external
power. The included front-panel cover plate is not required
for indoor installations.
Ambient Temperature: The temperature of the environment
in which the Bridge operates should not exceed the
maximum (
(
14º F/-10º C) operating temperatures.
Powering: For external environments, the Bridge WAN
(PoE-PD) port
EBU101-01 adapter (or equivalent). The PoE adapter
122º F/50º C) or drop below the minimum
must be PoE powered with the included
must
derive power from the included Fortress AC-to-48V DC (70
Watt) power source to meet the safety isolation
requirements defined in UL 60950. The PoE adaptor is
designed for indoor use only. Never mount the power
injector outside with the Secure Wireless Access Bridge.
For internal environments, the Bridge can be 1) direct
powered by the universal AC-to-48V DC (70 Watt) power
adapter, 2) PoE powered over the WAN port with the
included EBU101-01 POE adapter (or equivalent), or 3)
WARNING: To
avoid the risk of
severe electrical shock,
never remove the cov-
er, an exterior panel, or
any other part of the
Bridges’s chassis. There
are no user-serviceable
parts inside. Refer all
hardware servicing to
Fortress Technical Sup-
port.
9
Fortress Wireless Access Bridge: Installation
PoE powered from a remote 802.11af (13 Watt) PoE
midspan source.
Circuit Overloading: The Bridge includes a 48 V main
resettable fuse specified at 1.8 A.
Lightning/Electrostatic Protection: The Bridge’s antenna
ports conform to IEC1000-4-5 10 KV 8/20us waveform. The
WAN port conforms to IEC-61000-4-2 8 KV waveform with
58 V additional transient protection.
Grounding: The Bridge features a rear panel grounding
stud which, on Bridges with externally mounted antennas,
must be connected to protective earth ground via a 20
gauge (minimum) cable, before any other physical
connection is made.
The antenna/cable distribution system should be grounded
(earthed) in accordance with ANSI/NFPA 70, the National
Electrical Code (NEC), in particular, Section 820.93,
Grounding of Outer Conductive Shield of a Coaxial Cable.
The antenna mast and Secure Wireless Access Bridge,
when used outside, should be grounding per Article 810 of
the NEC; of particular note is the requirement that the
grounding conductor not be less than 10 AWG(Cu).
Cabling: Cables must be installed in accordance with NEC
Article 725 and 800, and all requirements must be met in
relationship to clearances with power lines and lighting
conductors. All cabling must be category 5e per TIA/EIA568-B.2.
Waterproofing: The Bridge has a UL (NEMA) 3/3S/4 raintight
rating. The Front-panel Cover Plate of the ES520
Weatherizing Kit includes a “Raintight” label. The Bridge is
water resistant when the Weatherizing Kit (cover plate,
WAN-port RJ-45 connector boot assembly, and antenna
cap—included) is properly installed.
Radio Frequency: The Bridge’s internal radios conform to
the FCC’s safety standard for human exposure to RF
electromagnetic energy, provided that you follow these
guidelines:
Do not touch or move the antennas while the unit is
transmitting or receiving.
To safeguard Bridge transmitting circuitry, relocate the
Bridge and its antennas only when the Bridge is
powered off.
When the Bridge is transmitting, do not hold it so that
the antenna is very close to or touching any exposed
parts of the body, especially the face or eyes.
WARNING: If the
Bridge connects to
outside-mounted anten-
nas, failure to provide a
low resistive earth
ground can result in mi-
gration of voltage from
lightning or line surges
onto the premises wir-
ing, which can cause
electric shock and/or
fire within the building
or structure.
10
Fortress Wireless Access Bridge: Installation
Antennas must be installed to provide a separation of at
least 20 cm (7.9") from all persons and any co-located
antenna or transmitter.
Regarding use in specific environments:
operate near unshielded blasting caps or in an
explosive environment.
•
Limit use in a hazardous
location to the constraints imposed by the location’s
•
safety director.
Abide by the rules of the Federal
Aviation Administration for the use of wireless devices
on airplanes.
•
Restrict the use of wireless devices in
hospitals to the limits set forth by each hospital.
2.3 Installation Instructions
The following instructions assume that you are installing the
Fortress Bridge with the minimum number of possible changes
to its default configuration:
The Fortress Bridge will operate in Normal operating mode.
Radio 1 will be used, in the 802.11g band, as a WLAN
access point (AP) for wireless devices within range, and it
will transmit and receive on channel 1.
Radio 2 will be used for bridging in a point-to-point or point-
to-multipoint deployment of multiple Fortress Bridges, and it
will transmit and receive on channel 149, with a distance
setting of 1 mile.
•
Do not
NOTE: The ES520
complies with
UL60950-1 safe ty s peci -
fications. It has a UL
(NEMA) 3/3S/4 (and
IEC60529) environmen-
tal rating. The Front-
panel Cover Plate of the
ES520 Weatherizing Kit
includes a “Raintight”
label.
STP (Spanning Tree Protocol) is enabled on the Bridge,
and Multicast is enabled on the non-root Bridge(s).
In indoor deployments, the Bridge’ s internal LAN switch will
be used to connect a local area network.
Complete configuration guidelines, covering the full set of
Fortress Bridge functions and options, are provided in Chapter
3, Configuration.
Procedures differ between indoor and outdoor installations.
Refer to the instructions that apply to your deployment.
2.4 Outdoor Installation
When installing the Fortress Bridge out doors, you must use the
Mast-Mounting Kit and the Weatherizing Kit—both included in
every shipment—to mount and weatherize the Bridge.
When the Weatherizing Kit is installed, the only available
connections to the Bridge are the front-panel WAN port and the
rear-panel antenna ports.
Before installing the Bridge in a hard-to-reach, outdoor
location, Fortress recommends connecting and preconfiguring
the Bridge.
NOTE: Third par-
ty antennas are
subject to local regulato-
ry requirements. For
outdoor installations,
they must be water-
proof.
11
Fortress Wireless Access Bridge: Installation
2.4.1 Connecting the Bridge for Preconfiguration
1 Position the Bridge so that it operates only within its safe
temperature range (14º–122º F/
2 Connect a waterproof, standard 802.11a/b/g-capable
antenna with an N-type male connector to antenna port 1
(
ANT1).
3 Connect an antenna cable with an N-type male connector
between antenna port 2 (
ANT2) and a high-gain
omnidirectional or directional antenna. The antenna and
cable must be waterproof.
4 Connect the Bridge's WAN port to an external 802.3af PSE/
PoE (Power Sourcing Equipment/Power over Ethernet)
source, which—if the WAN port will connect to a satellite
link or a DSL or cable modem—provides an in-line
connection to the necessary network device.
(Outdoor Bridge installations require a PoE source; the 48V
power inlet cannot be connected when the Weath erizing Kit
is installed.)
5 Connect one of the Bridge’s Auto-MDIX Ethernet LAN ports
(numbered
6 Verify that all link/activity and power LEDs illuminate for all
1–8) to a computer or switch on the wired LAN.
connected ports.
–
10º–50º C).
WARNING: To
comply with FCC
rules, antennas must be
professionally installed.
Improperly grounded
outdoor antennas pose a
particularly serious
safety hazard.
CAUTION: The
FCC requires co-
located radio antennas
to be at least 7.9" apart.
The Bridge’s antenna
connectors are only 5"
apart. Avoid directly
mounting two antennas to
the Bridge’s rear-panel
connectors.
2.4.2 Preconfiguring the Bridge for Outdoor Operation
The computer through which you configure the Bridge must
have a direct (non-routed) connection to the Bridge’s
unencrypted interface and an IP address in the same subnet
(192.168.254.0) as the Controller’s default IP address.
12
Fortress Wireless Access Bridge: Installation
1 Open a browser application on a computer on your LAN
and, in the browser address field, enter the Bridge’s def ault
IP address:
2 Log on to the Bridge GUI, entering admin as both User ID
and Password and then clicking
192.168.254.254.
Login.
(When prompted, agree to accept the security certificate.)
3 From the main menu on the left choose LAN SETTINGS, and
on the
In Host name, enter a descriptive name for the Fortress
LAN SETTINGS screen:
Bridge.
In LAN IP address, enter a network address for the
Fortress Bridge’s management interface (the address
to be used for all subsequent administrative access to
the Bridge).
In LAN Subnet mask, enter the correct subnet mask for
the Bridge’s IP address.
In Default gateway, enter the IP address of the default
gateway (or router) for the network on which you are
installing the Bridge.
If the WAN port is connected to a satellite link or a DSL
or cable modem, select
Clear for WAN Port.
NOTE: The IP ad-
dress must be
unique on the network.
NOTE: For infor-
mation about the
Bridge’s
Port encryption features
STP and WAN
refer to Section 3.2.
Apply.
Click
4 Click OK to clear the system dialog that instructs you to
reboot, but do not reboot until S tep 10 of these procedures,
when you are again instructed to do so.
13
detail:
Fortress Wireless Access Bridge: Installation
5 From the main menu, select SECURITY SETTINGS, and on the
SECURITY SETTINGS screen, in the CHANGE ACCESS ID
section:
In Current Access ID enter 16 zeros or the word
default.
In New Access ID enter the 16-digit hexadecimal
Access ID to be used by the Bridge and its Secure
Clients.
In the Confirm New Access ID field, re-enter the new
Access ID to ensure against entry errors.
CAUTION: For se-
curity reasons, the
Access ID in effect on
the Bridge cannot be
displayed. Make a note of
the new Access ID: you
will need it to configure
the Bridge’s Secure Cli-
ents, as well as to
change the Access ID on
the Bridge.
Apply.
Click
6 From the main menu on the left choose BRIDGE PASSWORD,
and on the
Leave User Name at its default setting, admin.
In Current Password, enter the default system
administrator password:
In New Password, enter the password to be used to
BRIDGE PASSWORD screen:
admin.
access administrative functions on the Bridge GUI.
In Confirm New Password, re-enter the new password.
Apply.
Click
7 On the same PASSWORD screen, repeat Step 6, except in
User Name, select
operator from the dropdown menu.
CAUTION: The
Bridge is not se-
cure until you have
changed the default Ac-
cess ID and wireless
SSIDs and reset both
GUI passwords and the
CLI password to a mini-
mum of eight, mixed al-
phanumeric, upper- and
lowercase characters.
detail:
14
Fortress Wireless Access Bridge: Installation
detail:
8 If the Fortress Bridge is the root node in the point-to-point/
multipoint deployment, skip this step.
or
If the Fortress Bridge is the non-root node in the point-topoint/multipoint deployment, choose
RADIO SETTINGS from
the main menu and in Bridge Mode setting for Radio 2,
choose
9 From the main menu on the left choose SYSTEM OPTIONS, and
on the
Non-Root, and click Apply.
SYSTEM OPTIONS screen, in the SET SYSTEM TIME
section, enter the correct date and time in the fields
provided, using two-digit values (
Apply.
detail:
hh:mm MM:DD:YY), and click
NOTE: If you are
deploying multi-
ple Fortress Bridges in a
point-to-point/multi-
point network they
must be correctly con-
figured for their net-
work roles, typically
with one serving as the
root node and the rest
configured as non-root
nodes (refer to Section
2.2 for more detail).
NOTE: The SYSTEM
OPTIONS
screen
features an information-
al timestamp under
SYSTEM
TIME. The re-
SET
fresh function of your
browser updates this
timestamp.
10 On the same screen, under REBOOT SYSTEM, click OK.
detail:
11 Click OK again to clear the system dialog.
12 Close your browser.
15
Fortress Wireless Access Bridge: Installation
13 After the Bridge reboots, change the CLI password
(according to the instructions in Section 6.4.4.2) and
configure unique SSIDs for the Bridge (according to the
instructions in Section 3.3).
If you want to use the received signal strength indicator
(RSSI) to aim the antenna of a non-root Bridge, you may
want to enable it now (refer to Section 3.3.2.7).
14 Disconnect the LAN, WAN and ant enna ports in advance of
weatherizing and mast-mounting the Bridge.
2.4.3 Weatherizing the Bridge
All front-panel ports must be disconnected before you can
install the Weatherizing Kit.
To install the Weatherizing Kit:
1 Install the RJ-45 connector boot assembly on the end of the
cable that you will be plugging into the Fortress Bridge’s
WAN port, as shown in Figure 2.2:
If the RJ-45 connector is equipped with a molded
plastic boot, remove it from the connector. (Some
Ethernet cable connectors have a molded plastic outer
casing that is not designed for removal. This style of
connector is incompatible with the connector boot.)
NOTE: The Bridge
CLI provides ac-
cess to some configu-
ration settings that
cannot be accessed
from the Bridge GUI.
CAUTION: Do not
assemble the con-
nector boot without first
referring to these in-
structions. Several as-
sembly steps are
irreversible.
assembled connector
boots are unusable
and cannot be disassem-
bled.
Incorrectly
,
Figure 2.2 Installing the RJ-45 Connector Boot Assembly
16
Fortress Wireless Access Bridge: Installation
Slide the compression nut, with the threaded opening
facing toward the connector, over the connector and
onto the cable.
Slide the compression bushing over the connector and
onto the cable.
Slide the threaded coupler, with the flanged end facing
toward the compression nut and bushing, over the
connector and onto the cable.
With the smooth-side prongs on the two halves of the
connector collar facing out and aligned with the RJ-45
connector’s locking tab, fit the collar around the
connector so that the connector’s locking tab is
compressed (the contact end of the connector extends
approximately 1/2" from the collar). Fit the outer tabs on
one half of the connector collar into the slots of the
other, and squeeze the two halves of the connector
collar together until they snap into place.
Align the primary key tab on the inner ring of the
connector boot with the cable connector’s locking tab.
Maintaining this alignment, fit the RJ-45 connectorcollar assembly into the boot through the boot’s
threaded end and snap the collar tabs into the boot
slots. Screw the connector boot securely onto the
threaded coupler.
Fit the compression bushing into the flanged end of the
threaded connector, and fit the compression nut over
the flanges. Screw the compression nut securely onto
the threaded connector until the bushing is compressed
around the cable to provide a water seal.
2 Attach the cover plate to the Bridge’s front panel with the
plate’s three captive screws, as shown in Figure 2.3.
CAUTION: There
are four different
possible alignments be-
tween the RJ-45 connec-
tor and the connector
boot. If the boot and
connector are not in the
correct alignment, the
RJ-45 connector will not
plug into the Bridge’s
WA N p o r t .
NOTE: Plugging
the connector/boot
into the
WAN port is de-
scribed in Step 4 of Sec-
tion 2.4.5.
WARNING: To
avoid the risk of
severe electrical shock,
do no t rem o ve the c o ve r
plate while the Fortre ss
Bridge is out of doors.
3 If only one antenna will be attached to the Bridge, screw the
antenna port cap onto the unused antenna port.
Figure 2.3 Attaching the Front-panel Cover Plate
17
2.4.4 Mast Mounting the Bridge
The Mast-Mounting Kit accommodates masts from 1.5" to 3" in
diameter.
To install the Mast-Mounting Kit:
1 Position the Bridge at the desired position on the mast, with
the Bridge’s underside facing toward the mast a nd the front
panel facing down, as shown in Figure 2.4
2 Sandwich the mast between the underside of the Bridge
and the mounting bracket, fitting the mast into the bracket’ s
toothed cut-outs.
3 Place a split lock washer on each of the two hex bolts,
sliding them down to the head of the bolt.
4 Fit the bolts through the bolt holes in the mounting bracket
and then into the mounting holes in the underside of the
Bridge.
5 Tighten the bolts securely, until the split lock washers are
flattened between the bolt heads and the mounting bracket.
Fortress Wireless Access Bridge: Installation
Figure 2.4 Attaching the Mast-Mounting Bracket and Grounding Stud
2.4.5 Reconnecting the Bridge for Outdoor Operation
Review the Radio Frequency Safety Requirements (Section
2.2.4) before installing or operating Bridge radios.
1 Connect the rear-panel grounding stud (shown in Figure
2.4) to protective earth ground with a 20 gauge (minimum)
cable.
2 Connect a waterproof, standard 802.11a/b/g-capable
antenna with an N-type male connector to antenna port 1
(
ANT1).
3 Connect an antenna cable with a N-type male connector
between antenna port 2 (
ANT2) and a high-gain
WARNING: To
comply with FCC
rules, antennas must be
professionally installed.
Improperly grounded
outdoor antennas pose a
particularly serious
safety hazard.
18
omnidirectional or directional antenna. The antenna and
cable must be waterproof.
4 Connect the Bridge's WAN port to an external 802.3af PSE/
PoE (Power Sourcing Equipment/Power over Ethernet)
source, which—if the
or a DSL or cable modem—provides an in-line connection
to the necessary network device.
To plug in the RJ-45 connector with the boot assembly
installed: orient the connecto r correctly with the W AN port,
and then twist the outer ring of the connector boot
clockwise until the channels in the ring align with the
locking studs on the Bridge’s WAN port casing. Continue
twisting the boot’s outer ring clockwise until the locking
channels are fully engaged and the boot is flush with the
port casing. A distinct click in the final turn of the boot’s
outer ring indicates that connector and boot are securely
plugged into the Bridge. (Installing the connector boot
assembly is covered in Section 2.4.3.)
2.5 Indoor Installation
Fortress Wireless Access Bridge: Installation
WAN port will connect to a satellite link
NOTE: Third par-
ty antennas are
subject to local regulato-
ry requirements. For
outdoor installations,
they must be water-
proof.
Figure 2.5 Indoor Fortress Bridge Connections
2.5.1 Connecting the Bridge for Indoor Operation
When the Fortress Bridge is installed indoors, it can be located
directly on a desktop with no additional hardware, or it can be
wall mounted, in any orientation—with four, #8, 3/4" wallanchored, flathead screws—through the mounting holes in the
chassis’s four corners.
19
Fortress Wireless Access Bridge: Installation
1 Position the Bridge so that it operates only within its safe
temperature range (14º–122º F/
2 Connect a standard 802.11a/b/g-capable antenna with an
N-type male connector to antenna port 1 (
3 Connect an antenna cable with an N-type male connector
between antenna port 2 (
ANT2) and a high-gain
–
10º–50º C).
ANT1).
omnidirectional or directional antenna.
4 Connect the Bridge to at least one power source:
Connect the external +48V DC power supply that came
with the Bridge to the front-panel
+48V DC power inlet
and plug the power supply into a properly rated AC
power outlet with the cord provided.
and/or
Connect the Bridge’s WAN port to an external 802.3af
PSE/PoE (Power Sourcing E q uipment/Power over
Ethernet) source. (If the
WAN port will connect the
Bridge to a satellite link or a DSL or cable modem,
ensure the PSE/PoE source is in line with the
necessary network device.)
5 Connect up to eight wired LAN devices to the RJ-45
Ethernet ports (numbered
6 If the WAN port will connect the Bridge to a satellite link or a
1-8).
DSL or cable modem (and it was not connected in Step 4),
connect the 10/100
WAN Ethernet port to the necessary
network device.
7 Verify that all link/activity and power LEDs illuminate for all
connected ports.
CAUTION: The
FCC requires co-
located radio antennas
to be at least 7.9" apart.
The Bridge’s antenna
connectors are only 5"
apart. Avoid directly
mounting two antennas to
the Bridge’s rear-panel
connectors.
NOTE: When both
power supplies
are connected, the exter-
nal +48V power supply
is automatically selected
as the Bridge’s primary
power source.
2.5.2 Configuring the Bridge for Indoor Operation
Configuration procedures for an indoor Bridge are no different
from outdoor Bridge preconfiguration procedures. Follow step s
1 through 12, Section 2.4.2.
To access the Bridge GUI after initial configuration, use a new
instance of your browser and the IP address you set in Step 3
of Section 2.4.2.
20
Loading...