beautypg.com

Fortress Technologies ecure Wireless Access Bridge User Manual

Page 120

background image

Fortress Bridge: Command-Line Interface

110

Similarly, the encryption algorithm and re-key interval in effect
on the network can be viewed with

show crypto

(sections

6.4.5.1 and 6.4.5.2, respectively).

The Access ID cannot be displayed for security purposes (but it
must match across all network Bridges).

Use the

show network

command on the master/root Bridge to

view its IP address (Section 6.4.1), and the

show sac

command to view the IP addresses of slave/non-root Bridges.

The same switches and arguments used to preconfigure the
network through SAC (as explained in Section 6.8.1) are valid
for reconfiguring the network.

Two additional switches modify the behavior of the SAC
operation itself; these are shown in the third line of input below:

[GW]>

set sac start [-a ] [-e AES128|AES192|AES256] [-t ] [-fips off|on]

[-sa ] [-ca ] [-sg ] [-cg ] [-ipnw |]
[-autogen yes|no]

[-allowall yes|no]

NOTE:

As required

for preconfigura-

tion (Section 6.8.1,
above),

-autogen

and

-allowall

default to

yes

when you first invoke

set

sac

start

. The de-

faults of these switches
for subsequent

set

sac

start

invocations is

no

.

When you set automatic generation (

-autogen

) to

yes

, the

set

sac start

command automatically generates any of the SAC-

configurable network settings (as shown in Table 6.1) that you
do not explicitly specify in the command.

After the first invocation of

set sac start

(Section 6.8.1

)

, the

default

-autogen

setting is

no

, which causes only those

network parameters that you specify to be changed from their
current settings.

When you set allow all (

-allowall

) to

yes

, the master/root

Bridge broadcasts the entire set of SAC parameters to any
Fortress Bridge within range of the master/root Bridge. When

-allowall

is set to

no

, the master Bridge sends SAC

parameters to only those Bri7dges on its SAC Peer list.

CAUTION:

Setting

-allowall

to

yes

in an uncontrolled envi-
ronment poses a signifi-
cant security risk.

Fortress recommends that

-allowall

be left at its default

setting of

no

when the

set sac command

is executed in any

uncontrolled environment, particularly in a wireless
environment.

For example, the command below changes the Radio 2 SSID
on all Bridges in the SAC group:

[GW]>

set sac start -sa caisiNET01

[OK] Started SAC process successfully

NOTE:

Whenever

the configuration

changes, the configura-
tion ID (

ConfigID

) also

changes.

After executing

set sac start

, use

show sac

to confirm that

the configuration change is

COMPLETE

for each SAC peer.

[GW]>

show sac

SwabSerialNum:24656196
SwabConfigID:42550
SwabSACRole:SAC_MASTER
SwabSACState:SAC_START_4SWAB
SwabSACVer:SAC_VER_PEGASUS_ARCH1
*********SACPeerInformation*********

See also other documents in the category Fortress Technologies Hardware: