Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
Task 15: Configuring a RADIUS server PMP 450i and PTP 450i Configuration and User
Guide
Aradial 5.3 has a bug that prevents “remote device login”, so
doesn’t
support the
user name and password management
feature.
Choosing Authentication Mode and Configuring for
Authentication
Servers - AP
On the AP’s Configuration => Security tab, select the RADIUS AAA
Authentication Mode. The following describes the
other
Authentication Mode
options for reference, and then the RADIUS AAA
option.
•
Disabled
: Requires no authentication. Any SM (except a SM that itself has been
configured to
require
RADIUS authentication by enabling Enforce Authentication as
described below) is allowed to
register
to the
AP.
• Authentication Server: Authentication Server in this instance refers to Wireless
Manager in BAM-only mode. Authentication is
required
for a SM to register to the AP.
Only SMs listed by MAC address in the Wireless Manager database is
allowed to
register to the
AP.
• AP Pre-Shared
Key
: Canopy offers a pre-shared key authentication option. In this
case, an identical key
must
be entered in the Authentication Key field on the AP’s
Configuration > Security tab and in the Authentication Key field on each desired SM’s
Configuration > Security
tab.
• RADIUS
AAA
: To support RADIUS authentication of SMs, on the AP’s Configuration
> Security tab
select
RADIUS AAA. Only properly configured SMs with a valid
certificate is allowed to
register
to the
AP.
When RADIUS AAA is selected, up to 3 Authentication Server (RADIUS Server)
IP
addresses
and Shared Secrets can be configured. The IP address(s) configured
here
must
match the IP address(s) of the RADIUS server(s). The shared secret(s)
configured here
must
match the shared secret(s) configured in the RADIUS
server(s). Servers 2 and 3 are meant
for
backup and reliability, not splitting the
database. If Server 1 doesn’t respond, Server 2 is
tried,
and then
server
3. If
Server 1 rejects authentication, the SM is denied entry to the network, and does
not
progress trying the other
servers.
The default IP address is 0.0.0.0.
The
default Shared Secret is
“CanopySharedSecret”. The Shared Secret can be up to 32
ASCII
characters (no
diacritical marks or ligatures, for
example).
pmp-0957 (April 2015) 185