beautypg.com

Fortress Technologies ecure Wireless Access Bridge User Manual

Page 117

background image

Fortress Bridge: Command-Line Interface

107

Allow all of the Bridges to boot before proceeding with SAC:
front-panel

Stat1

and

Stat2

LEDs and the lower LEDs for both

radios light solid green, while the upper LEDs for both radios
and the WAN port link/activity (

Lnk/Act

) LED flash green

intermittently.

1

Open a terminal application on the computer connected to
the SAC master Bridge’s

Console

port and (using the

settings given in Section 6.1.2) open a session with the
master Bridge.

2

Log in to the Bridge CLI of the master Bridge, using

sysadm

as both the login ID and password.

3

At the command prompt,

[GW]>

™

If you want member Bridges’ basic security settings to
be left at their default values and SAC network
parameters to be automatically generated for the
Fortress network (as shown in Table 6.1), enter

set sac

start

without arguments.

or

™

If you want to specify some or all SAC-configurable
parameters, enter the command with the appropriate
switches and arguments, as follows:

[GW]>

set sac start [-a ] [-e AES128|AES192|AES256] [-t ] [-fips off|on]

[-sa ] [-ca ] [-sg ] [-cg ] [-ipnw |]

NOTE:

You can ob-

serve SAC events

in the master Bridge’s
system log at any point
in the SAC process with

show log

. Strike the

Ctrl-c

key, to return to

the

[GW]>

command

prompt.

The first line above shows security-setting switches and
arguments. The

-a

switch configures the Access ID, for

which you must enter a 16-digit hexadecimal value. Use
the

-e

switch to enter one of the valid encryption

algorithms and the

-t

switch to configure the re-key

interval, in whole hours between

1

and

24

.

If you use the

-fips on

argument to place network

Bridges in FIPS operating mode (described in Section
3.6.1), you will not be able to configure the network
through subsequent

set sac start

commands until

you have manually reconfigured each Bridge to use
Normal operating mode (i.e.,

set fips off

). FIPS-

mandated restrictions do not allow configuration
through SAC.

The second line of SAC input (above) shows SAC
network-parameter switches and arguments. The

-sa

and

-ca

switches configure Radio 2’s SSID and

channel setting, respectively. The

-sg

and

-cg

switches configure the same settings for Radio 1.

You can use the

-ipnw

switch to establish a specific IP

address for the master/root Bridge’s management
interface and automatically generate IP addresses
within the same subnet for the rest of the network

See also other documents in the category Fortress Technologies Hardware: