Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
Task 5: Configuring security PMP 450i and PTP 450i Configuration and User
Guide
• AP PreShared Key - The AP acts as the authentication server to its SMs and will
make use of a user-configurable pre-shared authentication key. The operator enters
this key on both the AP and all SMs desired to register to that AP. There is also an
option of leaving the AP and SMs at their default setting of using the “Default Key”.
Due to the nature of the authentication operation, if you want to set a specific
authentication key, then you MUST configure the key on all of the SMs and reboot
them BEFORE enabling the key and option on the AP. Otherwise, if you configure
the AP first, none of the SMs is able to register.
• RADIUS AAA - When RADIUS AAA is selected, up to 3 Authentication Server
(RADIUS Server) IP addresses and Shared Secrets can be configured. The IP
address(s) configured here must match the IP address(s) of the RADIUS server(s).
The shared secret(s) configured here must match the shared secret(s) configured in
the RADIUS server(s). Servers 2 and 3 are meant for backup and reliability, not for
splitting the database. If Server 1 doesn’t respond, Server 2 is tried, and then server
3. If Server 1 rejects authentication, the SM is denied entry to the network, and
does not progress trying the other servers. For more information on configuring the
PMP 450i network to utilize a RADIUS server, see Task 15: Configuring a RADIUS
server on page 184
Filtering protocols and ports
You can filter (block) specified protocols and ports from leaving the AP and SM and
entering the network. This protects the network from both intended and inadvertent
packet loading or probing by network users. By keeping the specified protocols or
ports off the network, this feature also provides a level of protection to users from
each other.
Protocol and port filtering is set per AP/SM. Except for filtering of SNMP ports,
filtering occurs as packets leave the AP/SM. If a SM is configured to filter SNMP,
then SNMP packets are blocked from entering the SM and, thereby, from
interacting with the SNMP portion of the protocol stack on the SM.
Port Filtering with NAT Enabled
Where NAT is enabled, you can filter only the three user-defined ports. The
following are example situations in which you can configure port filtering where
NAT is enabled.
• To block a subscriber from using FTP, you can filter Ports 20 and 21 (the FTP ports)
for both the TCP and UDP protocols.
• To block a subscriber from access to SNMP, you can filter Ports 161 and 162 (the
SNMP ports) for both the TCP and UDP protocols.
In only the SNMP case, filtering occurs before the packet interacts with the
protocol stack.
pmp-0957 (April 2015) 85