Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 5: Configuring security
Attribute Meaning
Ethernet Access
If you want to prevent any device that is connected to the
Ethernet port of the SM from accessing the management
interface of the SM, select Ethernet Access Disabled. This
selection disables access through this port to via HTTP (the
GUI), SNMP, telnet, FTP, and TFTP. With this selection,
management access is available through only the RF interface
via either an IP address (if Network Accessibility is set to
Public on the SM) or the Session Status or Remote Subscribers
tab of the AP.
This setting does not prevent a device connected to the
Ethernet port from accessing the management interface of
other SMs
in the network. To prevent this, use the IP
Access Filtering Enabled selection in the IP Access
Control parameter of the SMs in the network. See IP
Access Control below.
If you want to allow management access through the Ethernet
port, select Ethernet Access Enabled. This is the factory
default setting for this parameter.
IP Access Control You can permit access to the SM from any IP address (IP
Access Filtering Disabled) or limit it to access from only one,
two, or three IP addresses that you specify (IP Access Filtering
Enabled). If you select IP Access Filtering Enabled, then you
must populate at least one of the three Allowed Source IP
parameters or have no access permitted from any IP address
Allowed Source IP
1
to 3
If you selected IP Access Filtering Enabled for the IP Access
Control parameter, then you must populate at least one of the
three Allowed Source IP parameters or have no access
permitted to the SM from any IP address. You may populate as
many as all three.
If you selected IP Access Filtering Disabled for the IP Access
Control parameter, then no entries in this parameter are read,
and access from all IP addresses is permitted.
A subnet mask may be defined for each entry to allow for
filtering control based on a range of IP addresses.
104
pmp-0957 (April 2015)