Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 5: Configuring security
In the Protocol Filtering tab of the AP, you may set the following parameters.
Table 28 AP Protocol Filtering attributes
Attribute Meaning
Packet Filter Types
For any box selected, the Protocol and Port Filtering feature
blocks the associated protocol type.
To filter packets in any of the user-defined ports, you must do
all of the following:
Check the box for User Defined Port
n
(See Below) in the
Packet Filter Types section of this tab.
In the User Defined Port Filtering Configuration section of
this tab:
• provide a port number at Port #
n
.
• enable TCP and/or UDP by clicking the associated radio
button
Filter Direction Operators may choose to filter upstream (uplink) RF packets or
downstream (downlink) RF packets.
User Defined Port
Filtering Configuration
You can specify ports for which to block subscriber access,
regardless of whether NAT is enabled.
RF Telnet Access RF Telnet Access restricts Telnet access to the AP from a
device situated below a network SM (downstream from the
AP). This is a security enhancement to restrict RF-interface
sourced AP access specifically to the LAN1 IP address and
LAN2 IP address (Radio Private Address, typically
192.168.101.[LUID]). This restriction disallows unauthorized
users from running Telnet commands on the AP that can
change AP configuration or modifying network-critical
components such as routing and ARP tables.
PPPoE PADI Downlink
Forwarding
Enabled: the AP allows downstream and upstream
transmission of PPPoE PADI packets. By default, PPPoE PADI
Downlink Forwarding is set to “Enabled”.
Disabled: the AP disallows PPPoE PADI packets from entering
the Ethernet interface and exiting the RF interface
(downstream to the SM). PPPoE PADI packets are still allowed
to enter the AP’s RF interface and exit the AP’s Ethernet
interface (upstream).
98
pmp-0957 (April 2015)