Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 15: Configuring a RADIUS server
Attribute Meaning
Accounting Messages
• disable – no accounting messages are sent to the
RADIUS server
• deviceAccess – accounting messages are sent to the
RADIUS server regarding device access (see Table 63).
• dataUsage – accounting messages are sent to the
RADIUS server regarding data usage (see Table 63).
Accounting Data
Usage Interval
The interval for which accounting data messages are sent
from the radio to the RADIUS server. If 0 is configured
for this parameter, no data usage messages are sent.
SM Re-authentication
Interval
The interval for which the SM will re-authenticate to the
RADIUS server.
SM – Technician/Installer/Administrator
Authentication
To control technician, installer, and administrator access to the SM from a centralized
RADIUS server:
Remote access control is enabled only after the SM registers to an AP that
has
Authentication Mode set to RADIUS AAA. Local access control will always be
used
before registration and is used after registration if the AP is not configured
for
RADIUS.
1
Set Authentication Mode on the AP’s Configuration > Security tab to
RADIUS
AAA
(RADIUS)
2
Set User Authentication Mode on the AP’s Account > User
Authentication
and
Access Tracking tab (the tab only appears after the AP is set to AAA
authentication) to Remote or Remote then
Local
.
3
Set User Authentication Mode on the SM’s Account > User Authentication
and Access Tracking tab to Remote or Remote then Local.
•
Local: The local SM is checked for accounts. No centralized
RADIUS
accounting (access control)
is
performed.
•
Remote: Authentication by the centralized RADIUS server
is
required to
gain access to the SM if the SM is registered to an
AP
that has RADIUS
AAA Authentication Mode selected. For up to
2
minutes a test pattern is
displayed until the server responds
or
times
out.
•
Remote then Local: Authentication using the centralized
RADIUS
server is attempted. If the server sends a reject message, then
the
setting of
Allow Local Login after Reject from AAA determines
if
the local user
database is checked or not. If the configured
servers
do
not respond within
2 minutes, then the local user database
is
used. The successful login
method is displayed in the
navigation
column of the SM.
206
pmp-0957 (April 2015)