PMP 450i and PTP 450i Configuration and User Guide Release 14.
PMP 450i and PTP 450i Configuration and User Guide ii Contents pmp-0957 (April 2015)
PMP 450i and PTP 450i Configuration and User G Contents PMP 450i and PTP 450i module essential information Default IP Address for Management GUI Access 169.254.1.1 Default Administrator Username admin Default Administrator Password (no password) Software Upgrade Procedure See “Updating the software version and using CNUT” in the PMP 450i Configuration and User Guide 1.
PMP 450i and PTP 450i Configuration and User Guide Contents Accuracy While reasonable efforts have been made to assure the accuracy of this document, Cambium Networks assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein.
PMP 450i and PTP 450i Configuration and User G Contents Safety and regulatory information This section describes important safety and regulatory guidelines that must be observed by personnel installing or operating PMP 450i equipment. Important safety information To prevent loss of life or physical injury, observe the safety guidelines in this section. Power lines Exercise extreme care when working near power lines. Working at heights Exercise extreme care when working at heights.
PMP 450i and PTP 450i Configuration and User Guide Contents RF exposure near the antenna Radio frequency (RF) fields is present close to the antenna when the transmitter is on. Always turn off the power to the unit before undertaking maintenance activities in front of the antenna. Minimum separation distances Install the AP or SM so as to provide and maintain the minimum separation distances from people.
PMP 450i and PTP 450i Configuration and User G Contents Renseignements spécifiques aux USA et au Canada La Commission Fédérale des Communications des Etats-Unis (FCC) a demandé aux fabricants de mettre en œuvre des mécanismes spécifiques pour éviter d’interférer avec des systèmes radar fonctionnant dans la bande 5600 MHz à 5650 MHz. Ces mécanismes doivent être mis en œuvre dans tous les produits capables de fonctionner à l'extérieur dans la bande 5470 MHz à 5725 MHz.
PMP 450i and PTP 450i Configuration and User Guide Contents Contents PMP 450i and PTP 450i module essential information ...................................................... iii Safety and regulatory information .......................................................................... v Important safety information ........................................................................................ v Important regulatory information ...................................................................
PMP 450i and PTP 450i Configuration and User G Contents VLAN tab of the SM ..................................................................................................... 46 VLAN Membership tab of the SM ............................................................................... 51 PPPoE tab of the SM.................................................................................................... 51 NAT Port Mapping tab of the SM ...............................................................
PMP 450i and PTP 450i Configuration and User Guide Contents Exporting Session Status page of the AP .................................................................. 152 Task 11: Configuring quality of service .......................................................................... 154 Maximum Information Rate (MIR) Parameters ........................................................ 154 Token Bucket Algorithm ............................................................................................
List of Figures Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure 1 AP DFS Status ............................................................................................................ 8 2 AP General Status page, GUEST user example ...........................................
PMP 450i and PTP 450i Configuration and User Guide Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure xii 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 List of Figures Multicast VC statistics .........................................................................................
PMP 450i and PTP 450i Configuration and User G List of Tables List of Tables Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table Table 1 PMP 450i wireless specifications ........................................................................ 2 2 PMP 450i safety compliance specifications ..................................................
List of Tables PMP 450i and PTP 450i Configuration and User Guide Table 39 PMP 450i Modulation levels ........................................................................... 130 Table 40 Co-channel Interference per (CCI) MCS, PMP/PTP 450i ............................... 130 Table 41 Adjacent Channel Interference (ACI) per MCS, PMP/PTP 450i .................... 131 Table 42 AP SNMP attributes ........................................................................................
PMP 450i and PTP 450i Configuration and User Guide About This Configuration and User Guide This guide describes the configuration of the Cambium PMP 450i Series of point-to-multipoint wireless equipment deployment. It is intended for use by the system administrator. After the initial general and legal information, the guide begins with a set of tasks to complete a basic configuration of the equipment. Once this configuration is complete, the units are ready for deployment.
PMP 450i and PTP 450i Configuration and User General information General information Version information The following shows the issue status of this document from its first release: Issue Date of issue Remarks 001v000 September 2012 System Release 14.0 Contacting Cambium Networks PMP support website: http://www.cambiumnetworks.com/support/pmp Cambium main website: http://www.cambiumnetworks.com/ Sales enquiries: sales@cambiumnetworks.com Email support: support@cambiumnetworks.
General information PMP 450i and PTP 450i Configuration and User Guide Purpose Cambium Networks Point-To-Multipoint (PMP) documents are intended to instruct and assist personnel in the operation, installation and maintenance of the Cambium PMP equipment and ancillary devices. It is recommended that all personnel engaged in such activities be properly trained.
PMP 450i and PTP 450i Configuration and User Problems and warranty Problems and warranty Reporting problems If any problems are encountered when installing or operating this equipment, follow this procedure to investigate and report: 1 Search this document and the software release notes of supported releases. 2 Visit the support website. http://www.cambiumnetworks.com/support 3 Ask for assistance from the Cambium product supplier.
Problems and warranty PMP 450i and PTP 450i Configuration and User Guide Warranty Cambium’s standard hardware warranty is for one (1) year from date of shipment from Cambium or a Cambium distributor. Cambium warrants that hardware will conform to the relevant published specifications and is free from material defects in material and workmanship under normal use and service.
PMP 450i and PTP 450i Configuration and User Security advice Security advice Cambium Networks systems and equipment provide security parameters that can be configured by the operator based on their particular operating environment. Cambium recommends setting and using these parameters following industry recognized security practices. Security aspects to be considered are protecting the confidentiality, integrity, availability of information and assets.
Warnings, cautions and notes PMP 450i and PTP 450i Configuration and User Guide Warnings, cautions and notes The following describes how warnings and cautions are used in this document and in all documents of the Cambium Networks document set. Warnings Warnings precede instructions that contain potentially hazardous situations. Warnings are used to alert the reader to possible hazards that can cause loss of life or physical injury.
Warnings, cautions and notes PMP 450i and PTP 450i Configuration and User Guide Chapter 1: Reference information This chapter contains reference information and regulatory notices that apply to the PMP 450i Series products. The following topics are described in this chapter: • Wireless specifications on page 2 contains specifications of the PMP 450i wireless interface, including RF bands, channel width and link loss.
PMP 450i and PTP 450i Configuration and User Wireless specifications Wireless specifications This section contains specifications of the PMP 450i wireless interface. These specifications include RF bands, channel bandwidth, spectrum settings, maximum power and link loss. General wireless specifications The wireless specifications that apply to all PMP 450i variants are lusted in Table 1.
Compliance with safety standards PMP 450i and PTP 450i Configuration and User Guide Compliance with safety standards This section lists the safety specifications against which the PMP 450i has been tested and certified. It also describes how to keep RF exposure within safe limits. Electrical safety compliance The PMP 450i hardware has been tested for compliance to the electrical safety specifications listed in Table 2.
PMP 450i and PTP 450i Configuration and User Compliance with safety standards Human exposure to radio frequency energy Standards Relevant standards (USA and EC) applicable when working with RF equipment are: • ANSI IEEE C95.1-1991, IEEE Standard for Safety Levels with Respect to Human Exposure to Radio Frequency Electromagnetic Fields, 3 kHz to 300 GHz.
Compliance with safety standards PMP 450i and PTP 450i Configuration and User Guide Calculation of power density The following calculation is based on the ANSI IEEE C95.1-1991 method, as that provides a worst case analysis. Details of the assessment to EN50383:2002 can be provided, if required. Peak power density in the far field of a radio frequency point source is calculated as follows: S= P .
PMP 450i and PTP 450i Configuration and User Compliance with safety standards Table 4 Minimum Safe Separation Distance P burst (W) P (W) G (Linear Factor) S (W/ m2) d (m) OMNI 0.25 0.21 20.00 10.00 0.17 Sectored antenna (90°) 0.25 0.21 50.00 10.00 0.26 2ft Flat Plate 0.25 0.21 631.00 10.00 0.93 4ft Dish 0.10 0.85 2344.00 10.00 1.14 6ft Dish 0.04 0.03 5248.00 10.00 1.07 OMNI 0.28 0.24 20.00 10.00 0.18 Sectored antenna (90°) 0.12 0.10 50.00 10.00 0.
Compliance with radio regulations PMP 450i and PTP 450i Configuration and User Guide Compliance with radio regulations This section describes how the PMP 450i complies with the radio regulations that are enforced in various countries. Changes or modifications not expressly approved by Cambium could void the user’s authority to operate the system. Type approvals This system has achieved Type Approval in various countries around the world.
PMP 450i and PTP 450i Configuration and User Compliance with radio regulations Notwithstanding that Cambium has designed (and qualified) the PMP 450i products to generally meet the Class B requirement to minimize the potential for interference, the PMP 450i product range is not marketed for use in a residential environment.
Compliance with radio regulations PMP 450i and PTP 450i Configuration and User Guide Table 6 OFDM DFS operation based on Country Code setting Country Code Band AP SM Weather Radar Notch-Out United States 4.9-GHz No effect No effect No 5.8-GHz No effect No effect No After an AP with DFS is powered on it performs a channel availability check on its main carrier frequency for 1 minute, monitoring for the radar signature without transmitting.
PMP 450i and PTP 450i Configuration and User Compliance with radio regulations • Radar Detected Stop Transmitting for n minutes, where n counts down from 30 to 1. • Idle, only for SM/BHS, indicates module is scanning, but has not detected a beacon from an AP/BHM. Once it detects beacon, the SM/BHS begins a Channel Availability Check on that frequency.
PMP 450i and PTP 450i Configuration and User Guide Chapter 2: Configuration This chapter describes all configuration tasks that are performed when a PMP 450i link is deployed. Observe the precautions in Preparing for configuration on page 12.
PMP 450i and PTP 450i Configuration and User Preparing for configuration Preparing for configuration This section describes the checks to be performed before proceeding with unit configuration. Safety precautions during configuration All national and local safety standards must be followed while configuring the units and aligning the antennas. Ensure that personnel are not exposed to unsafe levels of RF energy. The units start to radiate as soon as they are powered up.
Task 1: Connecting to the unit PMP 450i and PTP 450i Configuration and User Guide Task 1: Connecting to the unit This task consists of the following procedures: • Configuring the management PC on page 13 • Connecting to the PC and powering up on page 15 • Logging into the web interface on page 15 Configuring the management PC To configure the local management PC to communicate with the PMP 450i AP or SM, follow these instructions: Procedure 1 Configuring the management PC 1 Click Properties for the
PMP 450i and PTP 450i Configuration and User 4 Task 1: Connecting to the unit Enter an IP address that is valid for the 169.254.X.X network, avoiding: 169.254.0.0 and 169.254.1.1 and 169.254.1.2 A good example is 169.254.1.3: 5 Enter a subnet mask of 255.255.255.0. Leave the default gateway blank.
Task 1: Connecting to the unit PMP 450i and PTP 450i Configuration and User Guide Connecting to the PC and powering up To connect the PMP 450i AP or SM to the PC and power up the unit, follow these instructions: Procedure 2 Connecting to the PC and powering up 1 Check that the AP or SM and the associated power supply are correctly connected. 2 Connect the PC Ethernet port to the LAN port of the power supply using a standard (not crossed) Ethernet cable. 3 Apply power to the radio power supply.
PMP 450i and PTP 450i Configuration and User Task 1: Connecting to the unit Figure 2 AP General Status page, GUEST user example Figure 3 SM General Status page, GUEST user example 16 pmp-0957 (April 2015)
Task 1: Connecting to the unit 3 PMP 450i and PTP 450i Configuration and User Guide Log in with the default administrator Username (admin) and Password (admin).
PMP 450i and PTP 450i Configuration and User Task 1: Connecting to the unit Figure 5 SM General Status page, ADMINISTRATOR user example 18 pmp-0957 (April 2015)
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces This task consists of the following sections: • Configuring the AP IP interface on page 19 • NAT, DHCP Server, DHCP Client and DMZ in SM on page 22 • Configuring the SM IP interface with NAT disabled on page 26 • Configuring the SM IP interface with NAT enabled on page 29 • NAT tab of the SM with NAT disabled on page 30 • NAT tab of the SM with NAT ena
PMP 450i and PTP 450i Configuration and User 20 Task 2: Configuring IP and Ethernet interfaces 3 Review the other IP interface attributes and update them, if necessary (see Table 8). 4 Click Save. “Reboot Required” message is displayed: 5 Click Reboot.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Table 8 IP interface attributes Attribute Meaning IP Address Internet Protocol (IP) address. This address is used by family of Internet protocols to uniquely identify this unit on a network. Subnet Mask Defines the address range of the connected IP network. Gateway IP Address The IP address of a computer on the current network that acts as a gateway.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces NAT, DHCP Server, DHCP Client and DMZ in SM The system provides NAT (Network Address Translation) for SMs in the following combinations of NAT and DHCP (Dynamic Host Configuration Protocol): • NAT Disabled • NAT with DHCP Client (DHCP selected as the Connection Type of the WAN interface) and DHCP Server • NAT with DHCP Client(DHCP selected as the Connection Type of the WAN interface) • NAT with DHCP Server
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide NAT Disabled The NAT Disabled implementation is illustrated in Figure 6. Figure 6 NAT disabled implementation NAT with DHCP Client and DHCP Server The NAT with DHCP Client and DHCP server is illustrated in Figure 7.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces NAT with DHCP Client Figure 8 NAT with DHCP client implementation NAT with DHCP Server Figure 9 NAT with DHCP server implementation 24 pmp-0957 (April 2015)
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide NAT without DHCP Figure 10 NAT without DHCP implementation NAT and VPNs VPN technology provides the benefits of a private network during communication over a public network. One typical use of a VPN is to connect employees remotely (who are at home or in a different city), with their corporate network through a public Internet. Any of several VPN implementation schemes is possible.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Configuring the SM IP interface with NAT disabled Figure 11 IP tab of the SM with NAT disabled The IP tab of SM with NAT disabled is as shown in Figure 12. User may set the parameters as explained in Table 9.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Table 9 SM with NAT disabled - IP attributes Attribute Meaning IP Address Enter the non-routable IP address to associate with the Ethernet connection on this SM. (The default IP address from the factory is 169.254.1.1.) If you forget this parameter, you must both: • physically access the module. • use an override plug to electronically access the module configuration parameters at 169.254.1.1.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning DHCP state If you select Enabled, the DHCP server automatically assigns the IP configuration (IP address, subnet mask, and gateway IP address) and the values of those individual parameters (above) are not used. The setting of this DHCP state parameter is also viewable, but not settable, in the Network Interface tab of the Home page.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Configuring the SM IP interface with NAT enabled Figure 13 IP tab of SM with NAT enabled In the IP tab of SM with NAT enabled, you may set the following parameters. Table 10 SM with NAT enabled - IP attributes Attribute Meaning IP Address Assign an IP address for SM management through Ethernet access to the SM. Set only the first three bytes. The last byte is permanently set to 1.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces NAT tab of the SM with NAT disabled In the NAT tab of a SM with NAT disabled, you may set the following parameters.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Table 11 SM with NAT disabled - NAT attributes Attribute Meaning NAT Enable/Disable This parameter enables or disables the Network Address Translation (NAT) feature for the SM. NAT isolates devices connected to the Ethernet or wired side of a SM from being seen directly from the wireless side of the SM.
PMP 450i and PTP 450i Configuration and User 32 Task 2: Configuring IP and Ethernet interfaces Attribute Meaning DHCP Server Enable/Disable This parameter is not configurable when NAT is disabled. DHCP Server Lease Timeout This parameter is not configurable when NAT is disabled. DHCP Start IP This parameter is not configurable when NAT is disabled. Number of IPs to Lease This parameter is not configurable when NAT is disabled.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning TCP Session Garbage Timeout Where a large network exists behind the SM, you can set this parameter to lower than the default value of 120 minutes. This action makes additional resources available for greater traffic than the default value accommodates. UDP Session Garbage Timeout You may adjust this parameter in the range of 1 to 1440 minutes, based on network performance.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces NAT tab of the SM with NAT enabled Figure 15 NAT tab of the SM with NAT enabled 34 pmp-0957 (April 2015)
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide In the NAT tab of SM with NAT enabled, you may set the following parameters. Table 12 SM with NAT enabled - NAT attributes Attribute Meaning NAT Enable/Disable This parameter enables or disabled the Network Address Translation (NAT) feature for the SM. NAT isolates devices connected to the Ethernet or wired side of a SM from being seen directly from the wireless side of the SM.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning IP Address Assign an IP address for SM management through Ethernet access to the SM. This address becomes the base for the range of DHCP-assigned addresses. Subnet Mask Assign a subnet mask of 255.255.255.0 or a more restrictive subnet mask. Set only the last byte of this subnet mask. Each of the first three bytes is permanently set to 255.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning DNS Server Proxy This parameter enables or disables advertisement of the SM as the DNS server. On initial boot up of a SM with the NAT WAN interface configured as DHCP or PPPoE, the SM module will not have DNS information immediately. With DNS Server Proxy disabled, the clients will renew their lease about every minute until the SM has the DNS information to give out.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Remote Management Interface To offer greater flexibility in IP address management, the NAT-enabled SM’s configured WAN Interface IP address may now be used as the device Remote Management Interface (unless the SM’s PPPoE client is set to Enabled) Disable: When this interface is set to “Disable”, the SM is not directly accessible by IP address.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Subnet Mask If Static IP is set as the Connection Type of the WAN interface, then this parameter configures the subnet mask of the SM for RF management traffic. Gateway IP Address If Static IP is set as the Connection Type of the WAN interface, then this parameter configures the gateway IP address for the SM for RF management traffic. Note or print the IP settings from this page.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces SM NAT DNS Considerations SM DNS behavior is different depending on the accessibility of the SM. When NAT is enabled the DNS configuration that is discussed in this document is tied to the RF Remote Configuration Interface, which must be enabled to utilize DNS Client functionality.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide VLAN Remarking and Priority bits configuration VLAN Remarking VLAN Remarking feature allows the user to change the VLAN ID and priority of both upstream and downstream packets at the Ethernet Interface. The remarking configuration is available for: 1. VLAN ID re-marking 2. 802.1p priority re-marking For Q-in-Q VLAN tagged frame, re-marking is performed on the outer tag.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces VLAN Priority Bits configuration VLAN Priority Bits Configuration feature allows the user to configure the three 802.1p bits upon assigning VLAN to an ingress packet. The priority bits configuration is available for: • • • Default Port VID Provider VID MAC Address mapped Port VID • Management VID Default Port VID This VID is used for untagged frames and will correspond to the Q-Tag for 802.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide VLAN tab of the AP Figure 16 VLAN tab of the AP In the VLAN tab of the AP, you may set the following parameters. Table 15 AP VLAN tab attributes Attribute Meaning VLAN Specify whether VLAN functionality for the AP and all linked SMs must (Enabled) or may not (Disabled) be allowed. The default value is Disabled.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning VLAN Aging Timeout Specify how long the AP must keep dynamically learned VIDs. The range of values is 5 to 1440 (minutes). The default value is 25 (minutes). VIDs that you enter for the Management VID and VLAN Membership parameters do not time out. Management VID Enter the VID that the operator wishes to use to communicate with the module manager. The range of values is 1 to 4095.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning VLAN Not Active When VLAN is enabled in the AP, the Active Configuration block provides the following details as read-only information in this tab. In the Cambium fixed wireless broadband IP network, each device of any type is automatically a permanent member of VID 1. This facilitates deployment of devices that have VLAN enabled with those that do not.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces VLAN tab of the SM Figure 17 VLAN tab of the SM 46 pmp-0957 (April 2015)
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide In the VLAN tab of SM, you may set the following parameters. Table 17 SM VLAN attributes Attribute Meaning VLAN Port Type By default this is Q, indicating that it is to operate in the existing manner. The other option is Q-in-Q, which indicates that it must be adding and removing the S-Tag, and adding a CTag if necessary for untagged packets. The VLAN Port type corresponds to the Ethernet port of the SM.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning SM Management VID Passthrough Specify whether to allow the SM (Enabled) or the AP/RADIUS (Disabled) to control the VLAN settings of this SM. The default value is Enabled. When VLAN is enabled in the AP to whom this SM is registered, the Active Configuration block provides the following details as read-only information in this tab.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Provider VID The provider VID is used for the S-tag. It is only used if the Port Type is Q-in-Q and will always be used for the S-tag. If an existing 802.1Q frame arrives, the Provider VID is what is used for adding and removing of the outer S-tag.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Active Configuration, Allow QinQ Tagged Frames This is the value of Accept QinQ Frames, configured above. Active Configuration, Current VID Member Set, VID Number This column lists the ID numbers of the VLANs in which this module is a member, whether through assignment or through dynamic learning.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide VLAN Membership tab of the SM Figure 18 VLAN Membership tab of the SM In the VLAN Membership tab, you may set the following parameter. Table 18 SM VLAN Membership attributes Attribute Meaning VLAN Membership Table Configuration For each VLAN in which you want the AP to be a member, enter the VLAN ID and then click the Add Member button.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Point-to-Point Protocol over Ethernet (PPPoE) is a protocol that encapsulates PPP frames inside Ethernet frames (at Ethernet speeds).
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Service Name An optional entry to set a specific service name to connect to for the PPPoE session. If this is left blank the SM will accept the first service option that comes back from the access concentrator specified above, if any. This is limited to 32 characters.
PMP 450i and PTP 450i Configuration and User Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Timer Type Keep Alive is the default timer type. This timer will enable a keepalive that will check the status of the link periodically. The user can set a keepalive period. If no data is seen from the PPPoE server for that period, the link is taken down and a reconnection attempt is started.
Task 2: Configuring IP and Ethernet interfaces PMP 450i and PTP 450i Configuration and User Guide NAT Port Mapping tab of the SM An example of the NAT Port Mapping tab in a SM is displayed in below. Figure 20 NAT Port Mapping tab of the SM In the NAT Port Mapping tab of the SM, you may set the following parameters.
PMP 450i and PTP 450i Configuration and User Task 3: Upgrading the software version and using CNUT Task 3: Upgrading the software version and using CNUT This task consists of the following procedures: • Checking the installed software version on page 56 • Upgrading to a new software version on page 56 If the link is operational, ensure that the remote end of the link is upgraded first using the wireless connection, and then the local end can be upgraded.
Task 3: Upgrading the software version and usin PMP 450i and PTP 450i Configuration and User Guide Please ensure that you have the most up-to-date version of CNUT by browsing to the Customer Support Web Page located: http://www.cambiumnetworks.com/support/management-tools/cnut This section includes an example of updating a single unit before deployment.
PMP 450i and PTP 450i Configuration and User • Task 3: Upgrading the software version and using CNUT An md5 checksum calculator utility for identifying corruption of downloaded image files before Network Updater is set to apply them. Network element groups With the Canopy Network Updater Tool, you can identify element groups composed of network elements that you select. Identifying these element groups does the following: • Organizes the display of elements (for example, by region or by AP cluster).
Task 3: Upgrading the software version and usin PMP 450i and PTP 450i Configuration and User Guide Software dependencies for CNUT CNUT functionality requires • one of the following operating systems o Windows® 2000 o Windows Server 2003 o Windows 7 and Windows 8 o Windows XP or XP Professional o Red Hat Enterprise Linux (32-bit) Version 4 or 5 • Java™ Runtime Version 2.
PMP 450i and PTP 450i Configuration and User 8 60 Task 3: Upgrading the software version and using CNUT Initiate the upgrade of the radio using Update Entire Network Root operation (located at Update => Update Entire Network Root). When this operation finishes, the radio is done being upgraded.
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide Task 4: Configuring General and Unit settings General tab of the AP’s Configuration section Figure 21 General tab pmp-0957 (April 2015) 61
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Continue… The General tab of the AP’s Configuration section contains many of the configurable parameters that define how the AP and the SMs in the sector operate. Table 21 AP General tab attributes Attribute Meaning Device Setting Allows the Spectrum Analyzer to be run directly from AP now. Link Speeds From the drop-down list of options, select the type of link speed for the Ethernet connection.
Task 4: Configuring General and Unit settings Attribute PMP 450i and PTP 450i Configuration and User Guide Meaning timing port and the power port, the power port GPS source is chosen first. If there is a loss of GPS synchronization pulse, within two seconds the AP automatically attempts to source GPS signaling from another source.
PMP 450i and PTP 450i Configuration and User Attribute Task 4: Configuring General and Unit settings Meaning synchronize transmission of APs that can “hear” each other; it will only generate a sync signal for the local AP and its associated SMs. AP Type Standard AP: The Autosync mechanism will source GPS synchronization from the AP’s RJ-11 port, the AP’s power port, or from the device on-board GPS module.
Task 4: Configuring General and Unit settings Attribute PMP 450i and PTP 450i Configuration and User Guide Meaning setting is 0. The 0 setting causes the web-based interface to never be automatically refreshed. Bridge Entry Timeout Specify the appropriate bridge timeout for correct network operation with the existing network infrastructure. The Bridge Entry Timeout must be a longer period than the ARP (Address Resolution Protocol) cache timeout of the router that feeds the network.
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Attribute Meaning ARP then the Send Untranslated ARP parameter can be: Disabled - so that the AP will overwrite the MAC address in Address Resolution Protocol (ARP) packets before forwarding them. Enabled - so that the AP will forward ARP packets regardless of whether it has overwritten the MAC address.
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Address wired on the Ethernet interface. Although some switches (CMMmicro, for example) do not pass LLDP addresses upward in the network, a radio can pass it as the value of the Multicast Destination Address parameter value in the connected device that has it populated. DHCP Relay Agent The AP may act as a DHCP relay for SMs and CPEs underneath it.
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Unit Settings tab of the AP Figure 22 Unit Settings tab of the AP The Unit Settings tab of the AP contains following options: • Default Plug • Unit-Wide Changes • Download Configuration File • Upload and Apply Configuration File The Default Plug option controls how the AP must react when it detects a connected override plug.
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide Table 22 AP Unit Settings attributes Attribute Meaning Set to Factory Defaults Upon Default Plug Detection If Enabled is checked, then an override/default plug functions as a default plug. When the module is rebooted with the plug inserted, it can be accessed at the IP address 169.254.1.1 and no password, and all parameter values are reset to defaults.
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Attribute Meaning Apply Configuration File This allows to import and apply configuration to the AP. Chose File: Select the file to upload the configuration. The configuration file is named as “.cfg”. Upload: Import the configuration to the AP. Apply Configuration File: Apply the imported file configuration to the AP.
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide General tab of the SM Figure 23 General tab of the SM pmp-0957 (April 2015) 71
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings In the General tab of the SM, you may set the following parameters. Table 23 SM General Configuration attributes Attribute Meaning Link Speeds From the drop-down list of options, select the type of link speed for the Ethernet connection. The default for this parameter is that all speeds are selected. The recommended setting is a single speed selection for all APs and SMs in the operator network.
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Webpage Auto Update Enter the frequency (in seconds) for the web browser to automatically refresh the web-based interface. The default setting is 0. The 0 setting causes the web-based interface to never be automatically refreshed. Bridge Entry Timeout Specify the appropriate bridge timeout for correct network operation with the existing network infrastructure.
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Unit Settings tab of the SM Figure 24 Unit Settings tab of the SM The Unit Settings tab of the SM contains following options: • Default Plug • LED Panel Settings • Download Configuration File Default Plug is an option for how the SM must react when it detects a connected override plug. The exiting configuration of SM can be exported as a text file via Download Configuration File section.
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide Table 24 SM Unit Settings attributes Attribute Meaning Set to Factory Defaults Upon Default Plug Detection If Enabled is checked, then an override/default plug functions as a default plug. When the module is rebooted with the plug inserted, it can be accessed at the IP address 169.254.1.1 and no password, and all parameter values are reset to defaults.
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Time tab of the AP Figure 25 Time tab of the AP 76 pmp-0957 (April 2015)
Task 4: Configuring General and Unit settings PMP 450i and PTP 450i Configuration and User Guide You may set the time parameters as follows: Table 25 AP Time attributes Attribute Meaning NTP Server (Name or IP Address) The management DNS domain name may be toggled such that the name of the NTP server only needs to be specified and the DNS domain name is automatically appended to that name.
PMP 450i and PTP 450i Configuration and User Task 4: Configuring General and Unit settings Attribute Meaning Date This field may be used to manually set the system date of the radio. NTP Update Log This field shows NTP clock update log. It includes NTP clock update Date and Time stamp along with server name.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Task 5: Configuring security Perform this task to configure the PMP 450i system in accordance with the network operator’s security policy.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Encrypting radio transmissions Cambium fixed wireless broadband IP systems employ the following form of encryption for security of the wireless link: • DES (Data Encryption Standard): An over-the-air link encryption option that uses secret 56-bit keys and 8 parity bits. DES performs a series of bit permutations, substitutions, and recombination operations on blocks of data.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide From the factory default state, configure passwords for both the root and admin account at the ADMINISTRATOR permission level, using the Account, Change Users Password tab. To change the user password, select the desired user and enter the new password in the “New Password” field. This new password must be confirmed in the “Confirm Password” field.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Accounts that cannot be deleted are • the current user's own account. • the last remaining account of ADMINISTRATOR level. Changing a User Setting Figure 28 Change User Setting tab AP / SM The Account => Change User Setting tab allows to update password, mode update and general status permission for a user. Update Password This tab provides a drop down list of configured users from which a user is selected to change password.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Overriding Forgotten IP Addresses or Passwords on AP and SM A small adjunctive product allows you to temporarily override some AP/SM settings and thereby regain control of the module. This override plug is needed for access to the module in any of the following cases: • You have forgotten either o the IP address assigned to the module. o the password that provides access to the module.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security While the override plug is connected to a module, the module can neither register nor allow registration of another module. Procedure 8 Using the override plug 1 Insert the override plug into the RJ-11 GPS utility port of the module. 2 Power cycle by removing, then re-inserting, the Ethernet cable. RESULT: The module boots with the default IP address of 169.254.1.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide • AP PreShared Key - The AP acts as the authentication server to its SMs and will make use of a user-configurable pre-shared authentication key. The operator enters this key on both the AP and all SMs desired to register to that AP. There is also an option of leaving the AP and SMs at their default setting of using the “Default Key”.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Protocol and Port Filtering with NAT Disabled Where NAT is disabled, you can filter both protocols and the three user-defined ports. Using the check boxes on the interface, you can either • Allow all protocols except those that you wish to block. • Block all protocols except those that you wish to allow.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide The following are example situations in which you can configure protocol filtering where NAT is disabled: • If you block a subscriber from only PPPoE and SNMP, then the subscriber retains access to all other protocols and all ports. • If you block PPPoE, IPv4, and Uplink Broadcast, and you also check the All others selection, then only Address Resolution Protocol is not filtered.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Isolating SMs In an AP, you can prevent SMs in the sector from directly communicating with each other. In CMMmicro Release 2.2 or later and the CMM4, you can prevent connected APs from directly communicating with each other, which prevents SMs that are in different sectors of a cluster from communicating with each other. In the AP, the SM Isolation parameter is available in the General tab of the Configuration web page.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide • IP Access Filtering Disabled, then management access is allowed from any IP address, even if the Allowed Source IP 1 to 3 parameters are populated. • IP Access Filtering Enabled, and specify at least one address in the Allowed Source IP 1 to 3 parameter, then management access is limited to the specified address(s).
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security The figure below depicts a user attempting two telnet sessions. One is targeted for the AP (orange) and one is targeted for the network upstream from the AP (green). If RF Telnet Access is set to “Disabled”, the Telnet attempt from the user to the AP is blocked, but the attempt from the user to Network is allowed to pass through the Cambium network.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide As a common practice, AP administrator usernames and passwords must be secured with strong, non-default passwords. Securing SNMP Access The SNMPv3 provides a more secure method to perform SNMP operations. This standard provides services for authentication, data integrity and message encryption over SNMP.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security SNMPv3 Read-Only and Read/Write User The user can defined by configurable attributes.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Security tab of the AP Figure 34 Security tab of the AP pmp-0957 (April 2015) 93
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security In the Security tab of the AP, you may set the following parameters. Table 27 AP Security attributes Attribute Meaning Authentication Mode Operators may use this field to select from among the following authentication modes: Disabled—the AP requires no SMs to authenticate. Authentication Server —the AP requires any SM that attempts registration to be authenticated in Wireless Manager before registration.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Authentication Key The authentication key is a 32-character hexadecimal string used when Authentication Mode is set to AP PreShared Key. By default, this key is set to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Attribute Meaning Allowed Source IP 1 If you selected IP Access Filtering Enabled for the IP Access Control parameter, then you must populate at least one of the three Allowed Source IP parameters or have no access permitted to the AP from any IP address. You may populate as many as all three.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Filtering protocols and ports Protocol Filtering tab of the AP Figure 35 Protocol Filtering tab of the AP pmp-0957 (April 2015) 97
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security In the Protocol Filtering tab of the AP, you may set the following parameters. Table 28 AP Protocol Filtering attributes Attribute Meaning Packet Filter Types For any box selected, the Protocol and Port Filtering feature blocks the associated protocol type.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Port configuration tab of the AP PMP 450i devices support access to various communication protocols and only the ports required for these protocols are available for access by external entities. Operators may change the port numbers for these protocols via the radio GUI or SNMP. Figure 36 Port Configuration tab of the AP In the Port Configuration tab of the AP, you may set the following parameters.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Security tab of the SM Figure 37 Security tab of the SM 100 pmp-0957 (April 2015)
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Continue… In the Security tab of the SM, you may set the following parameters. Table 30 SM Security attributes Attribute Meaning Authentication Key Only if the AP to which this SM will register requires authentication, specify the key that the SM will use when authenticating. For alpha characters in this hex key, use only upper case.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Attribute Meaning Enforce Authentication The SM may enforce authentication types of AAA and AP PresharedKey. The SM will not finish the registration process if the AP is not using the configured authentication method (and the SM locks out the AP for 15 minutes).
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Upload Certificate File To upload a certificate manually to a SM, first load it in a known place on your PC or network drive, then click on a Delete button on one of the Certificate description blocks to delete a certificate to provide space for your certificate.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Attribute Meaning Ethernet Access If you want to prevent any device that is connected to the Ethernet port of the SM from accessing the management interface of the SM, select Ethernet Access Disabled. This selection disables access through this port to via HTTP (the GUI), SNMP, telnet, FTP, and TFTP.
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Web Access The Radio supports secured and non-secured web access protocols. Select suitable web access from drop down list: SNMP • HTTP Only – provides non-secured web access. The radio to be accessed via http://. • HTTPs Only – provides a secured web access. The radio to be accessed via http://.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Protocol Filtering tab of the SM Figure 38 Protocol Filtering tab of the SM 106 pmp-0957 (April 2015)
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User Guide In the Protocol Filtering tab of the SM, you may set the following parameters. Table 31 SM Protocol Filtering attributes Attribute Meaning Packet Filter Types For any box selected, the Protocol and Port Filtering feature blocks the associated protocol type.
PMP 450i and PTP 450i Configuration and User Task 5: Configuring security Port Configuration tab of the SM PMP 450i devices support access to various communication protocols and only the ports required for these protocols are available for access by external entities. Operators may change the port numbers for these protocols via the radio GUI or SNMP. Figure 39 Port Configuration tab of the SM In the Port Configuration tab of the SM, you may set the following parameters.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Task 6: Configuring radio parameters Radio tab of the AP The Radio tab of the AP for 5 GHz is as shown in Figure 40.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters Only the frequencies available for your region and the selected Channel bandwidth (5/10/20) are displayed. The Radio tab of the AP contains some of the configurable parameters that define how an AP operates. Table 33 AP Radio attributes Attribute Meaning Radio Mode Reserved for future modes of operation. Frequency Band Select the desired operating frequency band.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Subscriber Color Code Rescan (When not on a Primary Color Code) This timer may be utilized to initiate SM rescans in order to register to an AP configured with the SM‘s primary color code. The time (in minutes) for a subscriber to rescan (if this AP is not configured with the SM‘s primary color code).
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters Attribute Meaning Max Range Enter a number of miles (or kilometers divided by 1.61, then rounded to an integer) for the furthest distance from which a SM is allowed to register to this AP. Do not set the distance to any greater number of miles. A greater distance • does not increase the power of transmission from the AP. • can reduce aggregate throughput.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Contention Slots This field indicates the number of (reserved) Contention slots configured by the operator. The SM uses reserved Contention slots and unused data slots for bandwidth requests (f.k.a. Control Slots) Uplink Data Slots are used first for data. If they are not needed for data in a given frame, the remaining data slots can be used by the SMs for bandwidth requests.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters Attribute Meaning Broadcast Repeat Count The default is 2 repeats (in addition to the original broadcast packet, for a total of 3 packets sent for every one needed), and is settable to 1 or 0 repeats (2 or 1 packets for every broadcast). ARQ (Automatic Repeat reQuest) is not present in downlink broadcast packets, since it can cause unnecessary uplink traffic from every SM for each broadcast packet.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Multicast VC Data Rate This pull down menu of the Multicast Data Control screen helps in configuring multicast packets to be transmitted over a dedicated channel at a configurable rate of 1X, 2X, 4X or 6X. The default value is “Disable”. If set to the default value, all multicast packets are transmitted over the Broadcast VC data path.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters To configure Multicast VC, the AP must have this enabled. This can be enabled in the “Multicast Data Control” section (under Configuration => Radio tab). The default value is “Disable”. If set to the default value, all multicast packets are transmitted over the Broadcast VC data path. To enable, select the data rate that is desired for the Multicast VC Data Rate parameter and click Save Changes button.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Figure 41 Multicast VC statistics The AP and SM display Transmit and Receive Multicast Data Count (under the Statistics => Scheduler tab), as shown in Figure 42.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters The frequencies that a user can select are controlled by the country or a region and the Channel Bandwidth selected. There can be a case where a user adds a custom frequency (from the Custom Frequency page) and cannot see it in the pull down menu.
Task 6: Configuring radio parameters pmp-0957 (April 2015) PMP 450i and PTP 450i Configuration and User Guide 119
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters IPv6 Prioritization System Release 13.2 provides operators the ability to prioritize IPv6 traffic in addition to IPv4 traffic. IPv6 prioritization works similar to IPv4 prioritization where the user can select the Code Point and the corresponding priority from the GUI of the AP and the IPv6 packet is set up accordingly. There is no separate GUI option for IPv6 priority.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Priority Select The priority setting input for the CodePoint selected in CodePoint Select Priority Precedence Allows operator to decide if 802.1p or DiffServ priority bits must be used first when making priority decisions. PPPoE Control Message Priority Operators may configure the AP to utilize the high priority channel for PPPoE control messages.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters IPv6 Filtering In releases prior to System Release 13.2, the operator can filter (block) specified IPv4 protocols and ports from leaving the AP and SM and entering the network. This protects the network from both intended and inadvertent packet loading or probing by network users. By keeping the specified protocols or ports off the network, this feature also provides a level of protection to users from each other.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Radio tab of the SM The Radio tab of the SM for 5 GHz is as shown in Figure 45.
PMP 450i and PTP 450i Configuration and User 124 Task 6: Configuring radio parameters pmp-0957 (April 2015)
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide In the Radio tab of the SM, you may set the following parameters. Table 38 SM Radio attributes Attribute Meaning Custom Radio Frequency Scan Selection List Check any frequency that you want the SM to scan for AP transmissions. Prior to System Release 12.0.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters Attribute Meaning Continue... The worst case scanning time is approximately two minutes after boot up (SM with all frequencies and channel bandwidths selected and registering to an AP at 10 MHz). If only one channel bandwidth is selected the time to scan all the available frequencies and register to an AP is approximately one minute after boot up.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Color Code 1 to 20 Color code allows you to force the SM to register to only a specific AP, even where the SM can communicate with multiple APs. For registration to occur, the color code of the SM and the AP must match. Specify a value from 0 to 254. Color code is not a security feature. Instead, color code is a management feature, typically for assigning each sector a different color code.
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters Attribute Meaning External Gain This value represents the amount of gain added externally to the radio in the form of a LENS or Dish. With a CSM, this value represents the gain of the external antenna that the radio is being connected to since there is no internal gain for that radio type.
Task 6: Configuring radio parameters pmp-0957 (April 2015) PMP 450i and PTP 450i Configuration and User Guide 129
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters MIMO-A mode of operation for PMP 450i In releases prior to System Release 13.2, PMP 450i supports MIMO-B mode using the following modulation levels: QPSK, 16-QAM, 64-QAM and 256-QAM. System Release 13.2 introduces MIMO-A mode of operation using the same modulation levels as the MIMO-B mode.
Task 6: Configuring radio parameters PMP 450i and PTP 450i Configuration and User Guide Table 41 Adjacent Channel Interference (ACI) per MCS, PMP/PTP 450i MCS of Victim MCS of Interferer Channel BW 6X (64-QAM MIMO-B) 5, 7, 10 or 20 MHz 2X (16-QAM SISO) 6X (64-QAM MIMO-B) 5, 7, 10 or 20 MHz 3X (64-QAM SISO) 6X (64-QAM MIMO-B) 5, 7, 10 or 20 MHz 1X (QPSK MIMO-A) 6X (64-QAM MIMO-B) 5, 7, 10 or 20 MHz 1X (QPSK SISO) 6X (64-QAM MIMO-B) 5, 7, 10 or 20 MHz 6X (64-QAM MIMO-B) 5, 7, 10 or 20 MHz 6X
PMP 450i and PTP 450i Configuration and User Task 6: Configuring radio parameters Improved PPS performance of PMP 450i SMs The PMP 450i provides improved packets per second (PPS) performance of the PMP 450i SMs. Through software enhancements and algorithm efficiencies, the PPS performance of the PMP 450i SM has been improved to 14000 packets/seconds, measured through a standard RFC2544 test using 64 bytes packets.
Task 6: Configuring radio parameters pmp-0957 (April 2015) PMP 450i and PTP 450i Configuration and User Guide 133
PMP 450i and PTP 450i Configuration and User Task 7: Setting up SNMP agent Task 7: Setting up SNMP agent Operators may use SNMP commands to set configuration parameters and retrieve data from the AP and SM modules. Also, if enabled, when an event occurs, the SNMP agent on the PMP 450i sends a trap to whatever SNMP trap receivers have been configured.
Task 7: Setting up SNMP agent PMP 450i and PTP 450i Configuration and User Guide SNMP tab of the AP Figure 47 SNMP tab of the AP pmp-0957 (April 2015) 135
PMP 450i and PTP 450i Configuration and User Task 7: Setting up SNMP agent Continue… You may set the SNMP tab parameters as follows. Table 42 AP SNMP attributes Attribute Meaning SNMP Community String 1 Specify a control string that can allow a Network Management Station (NMS) to access SNMP information. No spaces are allowed in this string. The default string is Canopy.
Task 7: Setting up SNMP agent PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning SNMPv3 Authentication Protocol Currently, the SNMPv3 authentication protocol MD5 is supported. SNMPv3 Privacy Protocol Currently, the SNMPv3 privacy protocol CBC-DES is supported. SNMPv3 Read-Only User This filed allows for a read-only user per devices.
PMP 450i and PTP 450i Configuration and User Task 7: Setting up SNMP agent Attribute Meaning SNMP Trap Server DNS Usage The management DNS domain name may be toggled such that the name of the trap server only needs to be specified and the DNS domain name is automatically appended to that name. The default SNMP trap server addresses for all 10 available servers is 0.0.0.0 with the appending of the DNS domain name disabled. Trap Address 1 to 10 Specify ten or fewer IP addresses (xxx.xxx.xxx.
Task 7: Setting up SNMP agent PMP 450i and PTP 450i Configuration and User Guide SNMP tab of the SM Figure 48 SNMP tab of the SM pmp-0957 (April 2015) 139
PMP 450i and PTP 450i Configuration and User 140 Task 7: Setting up SNMP agent pmp-0957 (April 2015)
Task 7: Setting up SNMP agent PMP 450i and PTP 450i Configuration and User Guide In the SNMP tab of the SM, you may set the following parameters. Table 43 SM SNMP attributes Attribute Meaning SNMP Community String 1 Specify a control string that can allow an Network Management Station (NMS) to access SNMP information. No spaces are allowed in this string. The default string is Canopy.
PMP 450i and PTP 450i Configuration and User Task 7: Setting up SNMP agent Attribute Meaning SNMPv3 Read/Write User Read-write user by default is disabled.
Task 7: Setting up SNMP agent PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning SNMP Trap Server DNS Usage The management DNS domain name may be toggled such that the name of the trap server only needs to be specified and the DNS domain name is automatically appended to that name. The default SNMP trap server addresses for all 10 available servers is 0.0.0.0 with the appending of the DNS domain name disabled. Trap Address 1 to 10 Specify ten or fewer IP addresses (xxx.xxx.xxx.
PMP 450i and PTP 450i Configuration and User Task 8: Configuring syslog Task 8: Configuring syslog System Release 13.0 includes enhancements to the existing Syslog functionality. Additional events are now logged as explained in Table 44. Table 44 Syslog enhancements Syslog enhancement Description Timestamp All syslog messages captured from the radio have a timestamp.
Task 8: Configuring syslog PMP 450i and PTP 450i Configuration and User Guide Configuring AP system logging (syslog) To configure system logging, select the menu option Configuration => Syslog. The Syslog Configuration page for AP is shown in Figure 49. Figure 49 AP Syslog Configuration page Table 45 AP Syslog Configuration attributes Attribute Meaning Syslog DNS Server Usage To configure the AP to append or not append the DNS server name to the syslog server name.
PMP 450i and PTP 450i Configuration and User Task 8: Configuring syslog Configuring SM system logging (syslog) To configure system logging, select the menu option Configuration => Syslog. The Syslog Configuration page is shown in Figure 50. Syslog only works with SMs that have Network Accessibility set to Public.
Task 8: Configuring syslog PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Syslog Transmission Controls the SMs ability to transmit syslog messages. When set to “Learn from AP” the AP will control whether this SM transmits syslog messages. When set to “enable” or “disable” the SM will control whether it sends syslog messages. This allows an operator to override the AP settings for individual SMs in a sector.
PMP 450i and PTP 450i Configuration and User Task 9: Configuring remote access Task 9: Configuring remote access Configuring SM IP over-the-air access To access the SM management interface from a device situated above the AP, the SM’s Network Accessibility parameter (under the web GUI at Configuration => IP) may be set to Public. Figure 51 SM IP Configuration page Table 47 SM IP Configuration attributes Attribute Meaning IP Address Internet Protocol (IP) address.
Task 9: Configuring remote access PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning DNS IP Address Canopy devices allow for configuration of a preferred and alternate DNS server IP address either automatically or manually. Devices must set DNS server IP address manually when DHCP is disabled for the management interface of the device. The default DNS IP addresses are 0.0.0.0 when configured manually. Preferred DNS Server The first address used for DNS resolution.
PMP 450i and PTP 450i Configuration and User Task 9: Configuring remote access Figure 52 AP Session Status page The SessionStatus.xml hyper link allows user to export all displayed SM data in Session Status table into an xml file. To access any one of the SMs, click PMP450i SM hyperlink, as shown in Figure 53.
Task 10: Monitoring the AP-SM Link PMP 450i and PTP 450i Configuration and User Guide Task 10: Monitoring the AP-SM Link Monitoring the AP-SM Link After the SM installer has configured the link, either an operator in the network office or the SM installer in the field (if read access to the AP is available to the installer) must perform the following procedure. Who is authorized and able to do this depends on local operator password policy, management VLAN setup and operational practices.
PMP 450i and PTP 450i Configuration and User Task 10: Monitoring the AP-SM Link • Session Count: This field displays how many sessions the SM has had with the AP. Typically, this is the sum of Reg Count and Re-Reg Count. However, the result of internal calculation may display here as a value that slightly differs from the sum. • Reg Count: When a SM makes a registration request, the AP checks its local data to see whether it considers the SM to be already registered.
Task 10: Monitoring the AP-SM Link PMP 450i and PTP 450i Configuration and User Guide Figure 55 Exporting Session Status page of the AP In case, the session status page does not list any SM, the SessionStatus.xml will still be visible but the file would be empty. The file will contain data from all of the 5 different tables. Export from command line The scripts users can also get this file from command line, you have to authenticate successfully in order to download the file. Wget http://169.254.1.
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service Task 11: Configuring quality of service Maximum Information Rate (MIR) Parameters Point-to-multipoint links use the following MIR parameters for bandwidth management: • Sustained Uplink Data Rate (kbps) • Uplink Burst Allocation (kb) • Sustained Downlink Data Rate (kbps) • Downlink Burst Allocation (kb) • Max Burst Downlink Data Rate (kbps) • Max Burst Uplink Data Rate (kbps) You can independently set each of t
Task 11: Configuring quality of service PMP 450i and PTP 450i Configuration and User Guide MIR Data Entry Checking Uplink and downlink MIR is enforced as shown in Figure 56. In these figures, entry refers to the setting in the data rate parameter, not the burst allocation parameter.
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service Active CIR configuration can be verified via the AP’s Home => Session Status tab. Bandwidth from the SM Perspective In the SM, normal web browsing, e-mail, small file transfers and short streaming video are rarely rate limited with practical bandwidth management (QoS) settings.
Task 11: Configuring quality of service • PMP 450i and PTP 450i Configuration and User Guide comparing the 6-bit Differentiated Services Code Point (DSCP) field in the ToS byte of a received packet to a corresponding value in the Diffserv tab of the Configuration page of the module. A packet contains no flag that indicates whether the encoding is for the Low Latency bit or the DSCP field.
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service Traffic Scheduling The characteristics of traffic scheduling in a sector are summarized in Table 48.
Task 11: Configuring quality of service PMP 450i and PTP 450i Configuration and User Guide Setting the Configuration Source The AP includes a Configuration Source parameter, which sets where SMs that register to the AP are controlled for MIR, CIR, VLAN, and the high-priority channel as follows.
PMP 450i and PTP 450i Configuration and User Most operators who use… Task 11: Configuring quality of service must set this parameter… in this web page/tab… in the AP to… Source General Server Table 50 Where feature values are obtained for a SM with authentication required Configuration Source Setting in the AP Values are obtained from VLAN Values High Priority Channel State CIR Values MIR Values Authentication Server Authentication Server Authentication Server Authentication Server Authent
Task 11: Configuring quality of service PMP 450i and PTP 450i Configuration and User Guide Quality of Service (QoS) tab of the AP Figure 58 Quality of Service (QoS) tab of the AP In the Quality of Service (QoS) tab, you can set AP bandwidth parameters as follows.
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service Attribute Meaning Uplink Burst Allocation • Specify the maximum amount of data to allow each SM to transmit before being recharged at the Sustained Uplink Data Rate with credits to transmit more.
Task 11: Configuring quality of service PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning PPPoE Control Message Priority Operators may configure the SM to utilize the high priority channel for PPPoE control messages. Configuring the SM in this fashion can benefit the continuity of PPPoE connections when there are issues with PPPoE sessions being dropped in the network. This prioritization may be configured in the DiffServ tab in the Configuration menu of the SM.
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service Table 53 AP Diffserv attributes Attribute Meaning CodePoint 1 through CodePoint 47 Priorities of 0 through 3 map to the low-priority channel; 4 through 7 to the high-priority channel. The mappings are the same as 802.1p VLAN priorities. CodePoint 49 through CodePoint 55 CodePoint 57 through CodePoint 63 Consistent with RFC 2474 CodePoint 0 is predefined to a fixed priority value of 0 (low-priority channel).
Task 11: Configuring quality of service PMP 450i and PTP 450i Configuration and User Guide Quality of Service (QoS) tab of the SM Figure 60 Quality of Service (QoS) tab of the SM In the Quality of Service (QoS) tab of the SM, you may set the following parameters. Table 54 SM Quality of Service attributes Attribute Meaning Sustained Uplink Data Rate • Specify the rate that this SM is replenished with credits for transmission. This default imposes no restriction on the uplink.
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service Attribute Meaning Uplink Burst Allocation • Specify the maximum amount of data to allow this SM to transmit before being recharged at the Sustained Uplink Data Rate with credits to transmit more.
Task 11: Configuring quality of service Attribute Meaning Hi Priority Channel See Hi Priority Uplink CIR Hi Priority Downlink CIR PMP 450i and PTP 450i Configuration and User Guide • High-priority Bandwidth on page 156 • Configuration Source on page 62 This field indicates the minimum rate at which high priority traffic is sent over the uplink (unless CIR is oversubscribed or RF link quality is degraded).
PMP 450i and PTP 450i Configuration and User Task 11: Configuring quality of service DiffServ tab of the SM Figure 61 DiffServ tab of the SM In the DiffServ tab of the SM, you may set the following parameters. Table 55 SM DiffServ attributes Attribute CodePoint 1 through CodePoint 47 CodePoint 49 through CodePoint 55 CodePoint 57 through CodePoint 63 CodePoint Select Priority Select 168 Meaning Priorities of 0 through 3 map to the low-priority channel; 4 through 7 to the high-priority channel.
Task 11: Configuring quality of service PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Priority Precedence Allows operator to decide if 802.1p or DiffServ priority bits must be used first when making priority decisions. PPPoE Control Message Priority Operators may configure the SM to utilize the high priority channel for PPPoE control messages.
PMP 450i and PTP 450i Configuration and User Task 12: Performing an Sector Wide SA Task 12: Performing an Sector Wide SA The integrated spectrum analyzer can be very useful as a tool for troubleshooting and RF planning, but is not intended to replicate the accuracy and programmability of a high-end spectrum analyzer, which you may sometime need for other purposes. The AP and SM perform spectrum analysis together in the Sector Spectrum Analyzer tool.
Task 12: Performing an Sector Wide SA PMP 450i and PTP 450i Configuration and User Guide Using Spectrum Analyzer tool The SM and AP display the graphical spectrum analyzer. An example of the Spectrum Analyzer tab is shown in Figure 62. Figure 62 Spectrum Analyzer tab of the AP/ SM Enabling “Perform Spectrum Analysis on Boot for configured Duration” will increase SM registration time by the amount of seconds specified for the SM to scan the spectrum upon boot.
PMP 450i and PTP 450i Configuration and User Task 12: Performing an Sector Wide SA When the mouse is positioned over a bar, the receive power level, frequency, maximum and mean receive power levels are displayed above the graph To keep the displayed data current, either set “Auto Refresh” on the module’s Configuration => General.
Task 12: Performing an Sector Wide SA PMP 450i and PTP 450i Configuration and User Guide Table 56 Spectrum Analyzer attributes Attribute Meaning Display Data Path Both means that the vertical and horizontal paths are displayed or an individual path may be selected to display only a single-path reading. Data For ease of parsing data and to facilitate automation, the spectrum analyzer results may be saved as an XML file. To save the results in an XML formatted file, right-click the “SpectrumAnalysis.
PMP 450i and PTP 450i Configuration and User Task 12: Performing an Sector Wide SA Using the Remote Spectrum Analyzer tool The Remote Spectrum Analyzer tool in the AP provides additional flexibility in the use of the spectrum analyzer in the SM. You can set the duration of 10 to 1000 seconds and select a SM from the drop-down list, then click the Start Remote Spectrum Analysis button to launch the analysis from that SM.
Task 12: Performing an Sector Wide SA PMP 450i and PTP 450i Configuration and User Guide Table 57 Remote Spectrum Analyzer tab attributes Attribute Meaning Registered SM Count This field displays the number of SMs that were registered to the AP before the SA was started. This helps the user know all the SMs re-registered after performing a SA. Maximum Count of Registered SMs This field displays the largest number of SMs that have been simultaneously registered in the AP since it was last rebooted.
PMP 450i and PTP 450i Configuration and User Task 13: Zero Touch Configuration Using DHCP Option 66 Task 13: Zero Touch Configuration Using DHCP Option 66 This feature allows an SM to get its configuration via DHCP option 66. This can be used for the initial configuration of an SM as well as managing the configuration of SMs on an ongoing basis. Here is how it works in brief : 1.
Task 13: Zero Touch Configuration Using DHCP 66 PMP 450i and PTP 450i Configuration and User Guide If some configuration is unique per SM, but rest of the configuration is common, the SMs can be staged with the unique part, and use option 66 to manage the common part. For example, if each SM needs to have its coordinates set, don’t include the coordinates in the golden config file. Instead, configure the coordinates for each SM manually. Manage the rest of the configuration using DHCP option 66.
PMP 450i and PTP 450i Configuration and User Task 13: Zero Touch Configuration Using DHCP Option 66 "location": { "siteName": "Test site" }, "smRadioConfig": { "frequencyScanList": [ 5475000, 5480000 ], "colorCodeList": [ { "colorCode": 42, "priority": 1 } ] }, "networkConfig": { "lanDhcpState": 1 } }, "cfgFileVersion": "1.
Task 13: Zero Touch Configuration Using DHCP 66 PMP 450i and PTP 450i Configuration and User Guide Hosting the config file Copy the golden configuration file to an FTP, TFTP, HTTP or HTTPS server. This location can be password protected; you just have to include the user name and password in the URL. DHCP server configuration Configure DHCP server to return the full URL to the golden config file as the value of DHCP option 66. The following example explains how to make the change for Windows Server 2008.
PMP 450i and PTP 450i Configuration and User Task 13: Zero Touch Configuration Using DHCP Option 66 5. In the DHCP snap-in window, right click and “Refresh” to see the DHCP option 66 in the list of DHCP options Supported URL Formats FTP, TFTP, HTTP and HTTPS URLs are supported. Some examples are given below. - ftp://10.120.163.253/canopy.cfg - ftp://admin:admin123@10.120.163.253/canopy.cfg (login as admin with password admin123) - tftp://10.120.163.253/canopy.cfg - http://10.120.163.
Task 13: Zero Touch Configuration Using DHCP 66 PMP 450i and PTP 450i Configuration and User Guide For example: - ftp://10.120.163.253/smconfig/ In this case, the SM will append “.cfg” to the path and try to get that file. For example, if the SM’s MAC address is 0a-00-3e-a2-c2-74, it will request for ftp://10.120.163.253/smconfig/0a003ea2c274.cfg. This mechanism can be used to serve individual config file for each SM. Troubleshooting 1. Make sure the SM is running 13.
PMP 450i and PTP 450i Configuration and User Task 14: Configuring Radio via config file Task 14: Configuring Radio via config file The PMP 450i supports export and import of a configuration file from the AP or SM as a text file. The configuration file is in JSON format. To export or import the configuration file, the logged in user needs to be an ADMINISTRATOR and it must not be a “read-only” account. The exported configuration file contains the complete configuration including all the default values.
Task 14: Configuring Radio via config file PMP 450i and PTP 450i Configuration and User Guide Procedure 14 Special Headers for configuration file 1 A "configFileParameters" section can be added to the header to control the behaviour of the device when importing configuration. { "cfgFileString": "Canopy configuration file", "cfgFileVersion": "1.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Task 15: Configuring a RADIUS server Configuring a RADIUS server in a PMP 450i network is optional, but can provide added security, increase ease of network management and provide usage-based billing data. Understanding RADIUS for PMP 450i PMP 450i modules include support for the RADIUS (Remote Authentication Dial In User Service) protocol supporting Authentication and Accounting.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Aradial 5.3 has a bug that prevents “remote device login”, so doesn’t support the user name and password management feature. Choosing Authentication Mode and Configuring for Authentication Servers - AP On the AP’s Configuration => Security tab, select the RADIUS AAA Authentication Mode. The following describes the other Authentication Mode options for reference, and then the RADIUS AAA option.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Figure 65 Security tab of the AP 186 pmp-0957 (April 2015)
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Table 58 Security tab attributes Attribute Meaning Operators may use this field to select the following authentication modes: Disabled—the AP requires no SMs to authenticate. Authentication Server —the AP requires any SM that attempts registration to be authenticated in Wireless Manager before registration.
PMP 450i and PTP 450i Configuration and User Attribute Task 15: Configuring a RADIUS server Meaning Authentication Server 5 (BAM Only) Radius Port This field allows the operator to configure a custom port for RADIUS server communication. The default value is 1812. Authentication Key The authentication key is a 32-character hexadecimal string used when Authentication Mode is set to AP Pre-Shared Key. By default, this key is set to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Allowed Source IP 2 Allowed Source IP parameters or have no access permitted to the AP from any IP address. You may populate as many as all three. Allowed Source IP 3 If you selected IP Access Filtering Disabled for the IP Access Control parameter, then no entries in this parameter are read, and access from all IP addresses is permitted.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server SM Authentication Mode – Require RADIUS or Follow AP If it is desired that a SM will only authenticate to an AP that is using RADIUS, on the SM’s Configuration Security tab set Enforce Authentication to AAA. With this enabled, SM does not register to an AP that has any Authentication Mode other than RADIUS AAA selected.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Figure 66 Security tab of the SM pmp-0957 (April 2015) 191
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Continue… 192 pmp-0957 (April 2015)
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Table 59 SM Security tab attributes Attribute Meaning Authentication Key The authentication key is a 32-character hexadecimal string used when Authentication Mode is set to AP PreShared Key. By default, this key is set to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Attribute Meaning Username Enter a Username for the SM. This must match the username configured for the SM on the RADIUS server. The default Username is the SM’s MAC address. The Username can be up to 128 non-special (no diacritical markings) alphanumeric characters. Password Confirm Password Enter the desired password for the SM in the Password and Confirm Password fields.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Attribute Meaning Web, Telnet, FTP Session Timeout Enter the expiry in seconds for remote management sessions via HTTP, telnet or ftp access to the AP. Ethernet Access If you want to prevent any device that is connected to the Ethernet port of the SM from accessing the management interface of the SM, select Ethernet Access Disabled.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Attribute Meaning SNMP This option allows to configure SNMP agent communication version. It can be selected from drop down list : • SNMPv2c Only – Enables SNMP v2 community protocol. • SNMPv3 Only – Enables SNMP v3 protocol. It is secured communication protocol. • SNMPv2c and SNMPv3 – It enables both the protocols. Telnet This option allows to Enable and Disable Telnet access to the Radio.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide SM - Phase 1 (Outside Identity) parameters and settings The protocols supported for the Phase 1 (Outside Identity) phase of authentication are eapttls (Extensible Authentication Protocol Tunneled Transport Layer Security) and eapMSChapV2 (Extensible Authentication Protocol – Microsoft Challenge-Handshake Authentication Protocol). Configure an outer Identity in the Username field.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server To upload a certificate manually to a SM, first load it in a known place on your PC or network drive, then click on a Delete button on one of the Certificate description blocks to delete a certificate to provide space for your certificate. Click on Choose File, browse to the location of the certificate, and click the Import Certificate button, and then reboot the radio to use the new certificate.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Configuring your RADIUS servers for SM authentication Your RADIUS server must be configured to use the following: • EAPTTLS or MSCHAPv2 as the Phase 1/Outer Identity protocol. • If Enable Realm is selected on the SM’s Configuration => Security tab, then the same Realm appears there (or access to it).
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Assigning SM management IP addressing via RADIUS Operators may use a RADIUS AAA server to assign management IP addressing to SM modules (framed IP address). SMs now interpret attributes Framed-IP-Address, Framed-IP-Netmask, and Cambium-Canopy-Gateway from RADIUS. The RADIUS dictionary file has been updated to include the Cambium-Canopy-Gateway attribute and is available on the Cambium Software Support website.
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Beginning with System Release 12.0.2, two RADIUS dictionary files are available on the Cambium website – “RADIUS Dictionary file – Cambium” and “RADIUS Dictionary file – Motorola”. In addition to a renaming of attributes, the Cambium-branded dictionary file contains two new VSAs for controlling uplink and downlink Maximum Burst Data Rate (these VSAs are listed below in Table 60).
PMP 450i and PTP 450i Configuration and User Cambium-Canopy-ULBR 26.161.6 intege N Task 15: Configuring a RADIUS server 0-100000 kbps Configuration > Quality of Service > Sustained Uplink Data Rate dependent on radio feature set Cambium-Canopy-ULBL 0-2500000 kbps 26.161.7 intege N 32 bits Configuration > Quality of Service > Uplink Burst Allocation Cambium-Canopy-DLBR 26.161.
Task 15: Configuring a RADIUS server Cambium-Canopy-DLMB PMP 450i and PTP 450i Configuration and User Guide 26.161.27 intege N r 0-100000 kbps Configuration > Quality of Service > Max Burst Downlink Data Rate 0 32 bits Cambium-Canopy-UserLevel 26.161.50 intege N r 1-Technician, 2-Installer, Account > Add User > Level 0 3-Administrator 32 bits Note about VSA numbering: 26 connotes Vendor Specific Attribute, per RFC 2865 26.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Using RADIUS for centralized AP and SM user name and password management AP – Technician/Installer/Administrator Authentication To control technician, installer, and administrator access to the AP from a centralized RADIUS server: 1 Set Authentication Mode on the AP’s Configuration > Security tab to RADIUS AAA 2 Set User Authentication Mode on the AP’s Account > User Authentication tab (the tab only appears after the AP i
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Figure 68 User Authentication and Access Tracking tab of the AP Table 61 AP User Authentication and Access Tracking attributes Attribute Meaning • Local: The local SM is checked for accounts. No centralized RADIUS accounting (access control) is performed. • Remote: Authentication by the centralized RADIUS server is required to gain access to the AP.
PMP 450i and PTP 450i Configuration and User Attribute Accounting Messages Task 15: Configuring a RADIUS server Meaning • disable – no accounting messages are sent to the RADIUS server • deviceAccess – accounting messages are sent to the RADIUS server regarding device access (see Table 63). • dataUsage – accounting messages are sent to the RADIUS server regarding data usage (see Table 63).
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User Guide Figure 69 User Authentication and Access Tracking tab of the SM Table 62 SM User Authentication and Access Tracking attributes Attribute Meaning • User Authentication Mode Allow Local Login after Reject from AAA Local: The local SM is checked for accounts. No centralized RADIUS accounting (access control) is performed.
PMP 450i and PTP 450i Configuration and User Attribute Task 15: Configuring a RADIUS server Meaning Accounting Messages • disable – no accounting messages are sent to the RADIUS server • deviceAccess – accounting messages are sent to the RADIUS server regarding device access (see Table 63).
Task 15: Configuring a RADIUS server Sender Message pmp-0957 (April 2015) PMP 450i and PTP 450i Configuration and User Guide Attribute Value Acct-Input-Octets Sum of the input octets received at the SM over regular data VC and the high priority data VC (if enabled). Will not include broadcast. Acct-OutputOctets Sum of the output octets sent from the SM over regular data VC and the high priority data VC (if enabled).
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server Sender Message Attribute Value AP AccountingRequest Acct-Status-Type 3 - Interim-Update Acct-Session-Id Unique per AP session. Initial value is SM MAC, and increments after every start message sent of an in session SM. Acct-Input-Octets Sum of the input octets sent to the SM over regular data VC and the high priority data VC (if enabled). Will not include broadcast.
Task 15: Configuring a RADIUS server Sender Message PMP 450i and PTP 450i Configuration and User Guide Attribute Value Acct-OutputPackets Sum of unicast and multicast packets that are sent from a particular SM over the regular data VC and the high priority data VC (if enabled). Description The data accounting configuration is located on the AP’s Accounts => User Authentication and Access Tracking GUI menu, and the AP’s Authentication Mode must be set to Radius AAA for the menu to appear.
PMP 450i and PTP 450i Configuration and User Task 15: Configuring a RADIUS server RADIUS Device Re-authentication PMP 450i systems include support for periodic SM re-authentication in a network without requiring the SM to re-register (and drop the session). The re-authentication may be configured to occur in the range of every 30 minutes to weekly. Figure 71 Device re-authentication configuration The re-authentication interval is only configurable on the AP.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Appendix A : Glossary Table 64 Glossary Term Definition 10Base-T Technology in Ethernet communications that can deliver 10 Mb of data across 328 feet (100 meters) of CAT 5 cable. 169.254.0.0 Gateway IP address default in Cambium fixed wireless broadband IP network modules. 169.254.1.1 IP address default in Cambium fixed wireless broadband IP network modules. 255.255.0.
PMP 450i and PTP 450i Configuration and User Guid 214 : Glossary Term Definition APs MIB Management Information Base file that defines objects that are specific to the Access Point Module. See also Management Information Base. ARP Address Resolution Protocol. A protocol defined in RFC 826 to allow a network element to correlate a host IP address to the Ethernet address of the host. See http://www.faqs.org/rfcs/rfc826.html. ASN.1 Abstract Syntax Notation One language.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition CarSenseLost Field This field displays how many carrier sense lost errors occurred on the Ethernet controller. CAT 5 Cable Cable that delivers Ethernet communications from module to module. Later modules auto-sense whether this cable is wired in a straight-through or crossover scheme. CIR Committed Information Rate.
PMP 450i and PTP 450i Configuration and User Guid 216 : Glossary Term Definition Desensed Received an undesired signal that was strong enough to make the module insensitive to the desired signal. DFS See Dynamic Frequency Selection DHCP Dynamic Host Configuration Protocol, defined in RFC 2131. Protocol that enables a device to be assigned a new IP address and TCP/IP parameters, including a default gateway, whenever the device reboots.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition Enable To turn on a feature in the module after the feature activation file has activated the module to use the feature. See also Activate. ESN Electronic Serial Number. The hardware address that the factory assigns to the module for identification in the Data Link layer interface of the Open Systems Interconnection system. This address serves as an electronic serial number. Same as MAC Address.
PMP 450i and PTP 450i Configuration and User Guid 218 : Glossary Term Definition FTP File Transfer Protocol, defined in RFC 959. Utility that transfers of files through TCP (Transport Control Protocol) between computing devices that do not operate on the same platform. See http://www.faqs.org/rfcs/rfc959.html.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition inoctets count Field How many octets were received on the interface, including those that deliver framing information. Intel A registered trademark of Intel Corporation. inucastpkts count Field How many inbound subnetwork-unicast packets were delivered to a higher-layer protocol. inunknownprotos count Field How many inbound packets were discarded because of an unknown or unsupported protocol.
PMP 450i and PTP 450i Configuration and User Guid 220 : Glossary Term Definition LNK/5 Furthest left LED in the module. In the operating mode, this LED is continuously lit when the Ethernet link is present. In the aiming mode for a Subscriber Module, this LED is part of a bar graph that indicates the quality of the RF link. Logical Unit ID Final octet of the 4-octet IP address of the module. LOS Line of sight. The wireless path (not simply visual path) direct from module to module.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition NetBIOS Protocol defined in RFC 1001 and RFC 1002 to support an applications programming interface in TCP/IP. This interface allows a computer to transmit and receive data with another host computer on the network. RFC 1001 defines the concepts and methods. RFC 1002 defines the detailed specifications. See http://www.faqs.org/rfcs/rfc1001.html and http://www.faqs.org/rfcs/rfc1002.html.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition Point-toMultipoint Protocol Defined in RFC 2178, which specifies that data that originates from a central network element can be received by all other network elements, but data that originates from a non-central network element can be received by only the central network element. See http://www.faqs.org/rfcs/rfc2178.html. Also referenced as PMP. PPPoE Point to Point Protocol over Ethernet.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition Region Code A parameter that offers multiple fixed selections, each of which automatically implements frequency band range restrictions for the selected region. Units shipped to regions other than the United States must be configured with the corresponding Region Code to comply with local regulatory requirements.
PMP 450i and PTP 450i Configuration and User Guid 224 : Glossary Term Definition SES/2 Third-from-right LED in the module. In the Access Point Module, this LED is unused. In the operating mode for a Subscriber Module, this LED flashes on and off to indicate that the module is not registered. In the aiming mode for a Subscriber Module, this LED is part of a bar graph that indicates the quality of the RF link.
PMP 450i and PTP 450i Configuration and User Guid : Glossary Term Definition SYN/1 Second-from-right LED in the module. In the Access Point Module or in a registered Subscriber, this LED is continuously lit to indicate the presence of sync. In the operating mode for a Subscriber Module, this LED flashes on and to indicate that the module is not registered. Sync GPS (Global Positioning System) absolute time, which is passed from one module to another.
PMP 450i and PTP 450i Configuration and User Guid 226 : Glossary Term Definition U-NII Unlicensed National Information Infrastructure radio frequency band, in the 5.1-GHz through 5.8-GHz ranges. VID VLAN identifier. See also VLAN. VLAN Virtual local area network. An association of devices through software that contains broadcast traffic, as routers would, but in the switch-level protocol. VPN Virtual private network for communication over a public network.
PMP 450i and PTP 450i Configuration and User Guid : FCC and IC approved antennas Appendix B : FCC and IC approved antennas Table 65 FCC and IC approved antennas list Gain (dBi) Description Frequency band 4.9 GHz 5.8 GHz Directional antennas PMP450i/PTP450i Integrated Directional (5092HH) 23 PMP450i/PTP450i Integrated Small Form Factor Directional (5096HH) 17 28.5 MARS 2 ft flat plate MA-WA56-DP-28N 28 GABRIEL 4ft Standard Dual QuickFire Parabolic QFD4-49-N 33.
