Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 15: Configuring a RADIUS server
Assigning SM management IP addressing via RADIUS
Operators may use a RADIUS AAA server to assign management IP addressing to
SM modules (framed IP address). SMs now interpret attributes Framed-IP-Address,
Framed-IP-Netmask, and Cambium-Canopy-Gateway from RADIUS. The RADIUS
dictionary file has been updated to include the Cambium-Canopy-Gateway attribute
and is available on the Cambium Software Support website.
In order for these attributes to be assigned and used by the SM, the following must
be true:
• The system is configured for AAA authentication
• The SM is
not
configured for DHCP on its management interface. If DHCP is enabled
and these attributes are configured in the RADIUS server, the attributes is ignored by
the SM.
• The SM management interface must be configured to be publically accessible. If the SM
is configured to have local accessibility, the management interface will still be assigned
the framed addressing, and the SM iscome publicly accessible via the assigned framed
IP addressing.
• When using these attributes, for the addressing to be implemented by the SM operators
must configure Framed-IP-Address in RADIUS. If Framed-IP-Address is not configured
but Framed-IP-Netmask and/or Cambium-Canopy-Gateway is configured, the attributes
is ignored. In the case where only the Framed-IP-Address is configured, Framed-IP-
Netmask defaults to 255.255.0.0 (NAT disabled) / 255.255.255.0 (NAT enabled) and
Cambium-Canopy-Gateway defaults to 0.0.0.0.
Configuring your RADIUS server for SM configuration
Canopy Vendor Specific Attributes (VSAs) along with VSA numbers and
other
details are listed in Table 60. The associated SM GUI page, tab and parameter are
listed to aid
cross-referencing
and understanding of the
VSAs.
A RADIUS dictionary file is available from the software
site:
https://support.cambiumnetworks.com/files/PMP450i
The RADIUS dictionary file
defines
the VSAs and their values and is usually
imported into the RADIUS server as part of
server
and database
setup.
200
pmp-0957 (April 2015)