Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 15: Configuring a RADIUS server
Task 15: Configuring a RADIUS server
Configuring a RADIUS server in a PMP 450i network is optional, but can provide
added security, increase ease of network management and provide usage-based
billing data.
Understanding RADIUS for
PMP 450i
PMP 450i modules include support for the RADIUS (Remote Authentication Dial In
User
Service)
protocol supporting Authentication and Accounting.
RADIUS
Functions
RADIUS protocol support provides the
following
functions:
• SM Authentication allows only known SMs onto the network (blocking
“rogue”
SMs), and can be configured to ensure SMs are connecting to a known
network
(preventing SMs from connecting to “rogue” APs). RADIUS authentication is
used
for
SMs,
but
is not used for APs.
• SM Configuration: Configures authenticated SMs with MIR (Maximum Information
Rate), CIR (Committed Information Rate), High Priority, and VLAN (Virtual LAN)
parameters from the RADIUS server when a SM registers to an AP.
• SM Accounting provides support for RADIUS accounting messages for usage-based
billing. This accounting includes indications for subscriber session establishment,
subscriber session disconnection, and bandwidth usage per session for each SM that
connects to the AP.
• Centralized AP and SM user name and password management allows AP
and
SM usernames and access levels (Administrator, Installer, Technician) to
be
centrally
administered in the RADIUS server instead of on each radio and tracks
access
events
(logon/logoff) for each username on the RADIUS server. This accounting does
not
track and
report
specific configuration actions performed on radios or pull statistics
such as
bit
counts from the radios. Such functions require an Element Management
System
(EMS) such as Cambium Networks Wireless Manager. This accounting is
not
the ability to perform accounting functions on the subscriber/end
user/customer
account.
•
Framed IP
allows o
perators to use a RADIUS server to assign management IP
addressing to SM modules (framed IP address).
Tested RADIUS Servers
The Canopy RADIUS implementation has been tested and is supported
on
• FreeRADIUS, Version
2.1.8
• Aradial RADIUS, Version
5.1.12
184
pmp-0957 (April 2015)