Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 2: Configuring IP and Ethernet interfaces
NAT, DHCP Server, DHCP Client and DMZ in SM
The system provides NAT (Network Address Translation) for SMs in the following
combinations of NAT and DHCP (Dynamic Host Configuration Protocol):
• NAT Disabled
• NAT with DHCP Client (DHCP selected as the Connection Type of the WAN interface)
and DHCP Server
• NAT with DHCP Client(DHCP selected as the Connection Type of the WAN interface)
• NAT with DHCP Server
• NAT without DHCP
NAT
NAT isolates devices connected to the Ethernet or wired side of a SM from being
seen directly from the wireless side of the SM. With NAT enabled, the SM has an IP
address for transport traffic (separate from its address for management), terminates
transport traffic and allows you to assign a range of IP addresses to devices that are
connected to the Ethernet or wired side of the SM.
In the Cambium system, NAT supports many protocols, including HTTP, ICMP
(Internet Control Message Protocols), and FTP (File Transfer Protocol). For virtual
private network (VPN) implementation, L2TP over IPSec (Level 2 Tunneling Protocol
over IP Security) and PPTP (Point to Point Tunneling Protocol) are supported.
When NAT is enabled, a reduction in throughput is introduced in the system (due
to processing overhead).
DHCP
DHCP enables a device to be assigned a new IP address and TCP/IP parameters,
including a default gateway, whenever the device reboots. Thus DHCP reduces
configuration time, conserves IP addresses, and allows modules to be moved to a
different network within the Cambium system.
In conjunction with the NAT features, each SM provides the following:
• A DHCP server that assigns IP addresses to computers connected to the SM by
Ethernet protocol.
• A DHCP client that receives an IP address for the SM from a network DHCP server.
DMZ
In conjunction with the NAT features, a DMZ (Demilitarized Zone) allows the
allotment of one IP address behind the SM for a device to logically exist outside the
firewall and receive network traffic. The first three octets of this IP address must be
identical to the first three octets of the NAT private IP address.
22
pmp-0957 (April 2015)