Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 5: Configuring security
Isolating SMs
In an AP, you can prevent SMs in the sector from directly communicating with each
other. In CMMmicro Release 2.2 or later and the CMM4, you can prevent connected
APs from directly communicating with each other, which prevents SMs that are in
different sectors of a cluster from communicating with each other.
In the AP, the SM Isolation parameter is available in the General tab of the
Configuration web page. In the drop-down menu for that parameter, you can
configure the SM Isolation feature by any of the following selections:
• Disable SM Isolation (the default selection). This allows full communication
between SMs.
• Block SM Packets from being forwarded. This prevents both multicast/broadcast
and unicast SM-to-SM communication.
• Block and Forward SM Packets to Backbone. This not only prevents
multicast/broadcast and unicast SM-to-SM communication but also sends the
packets, which otherwise are handled SM to SM, through the Ethernet port of the
AP.
In the CMMmicro and the CMM4, SM isolation treatment is the result of how you
choose to manage the port-based VLAN feature of the embedded switch, where you
can switch all traffic from any AP to an uplink port that you specify. However, this is
not packet level switching. It is not based on VLAN IDs. See the VLAN Port
Configuration parameter in the dedicated user guide that supports the CMM
product that you are deploying.
Filtering management through Ethernet
You can configure the SM to disallow any device that is connected to its Ethernet
port from accessing the IP address of the SM. If you set the Ethernet Access
Control parameter to Enabled, then
• no attempt to access the SM management interface (by HTTP, SNMP, FTP, or
TFTP) through Ethernet can succeed.
• any attempt to access the SM management interface over the air (by IP address,
presuming that LAN1 Network Interface Configuration, Network Accessibility
is set to Public, or by link from the Session Status or Remote Subscribers tab in the
AP) is unaffected.
Allowing management only from specified IP addresses
The Security tab of the Configuration web page in the AP and SM includes the IP
Access Control parameter. You can specify one, two, or three IP addresses that
must be allowed to access the management interface (by HTTP, SNMP, FTP, or
TFTP).
If you select
88
pmp-0957 (April 2015)