Installation Guide
Table Of Contents
- PMP 450i and PTP 450i Configuration and User Guide
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Configuration and User Guide
- Chapter 1: Reference information
- Chapter 2: Configuration
- Preparing for configuration
- Task 1: Connecting to the unit
- Task 2: Configuring IP and Ethernet interfaces
- Configuring the AP IP interface
- NAT, DHCP Server, DHCP Client and DMZ in SM
- Configuring the SM IP interface with NAT disabled
- Configuring the SM IP interface with NAT enabled
- NAT tab of the SM with NAT disabled
- NAT tab of the SM with NAT enabled
- Reconnecting to the management PC
- VLAN Remarking and Priority bits configuration
- VLAN tab of the AP
- VLAN tab of the SM
- VLAN Membership tab of the SM
- PPPoE tab of the SM
- NAT Port Mapping tab of the SM
- Task 3: Upgrading the software version and using CNUT
- Task 4: Configuring General and Unit settings
- Task 5: Configuring security
- Isolating APs from the internet
- Encrypting radio transmissions
- Managing module access by passwords
- Requiring SM Authentication
- Filtering protocols and ports
- Encrypting downlink broadcasts
- Isolating SMs
- Filtering management through Ethernet
- Allowing management only from specified IP addresses
- Configuring management IP by DHCP
- Restricting radio Telnet access over the RF interface
- Security tab of the AP
- Filtering protocols and ports
- Protocol Filtering tab of the AP
- Port configuration tab of the AP
- Security tab of the SM
- Protocol Filtering tab of the SM
- Port Configuration tab of the SM
- Task 6: Configuring radio parameters
- Task 7: Setting up SNMP agent
- Task 8: Configuring syslog
- Task 9: Configuring remote access
- Task 10: Monitoring the AP-SM Link
- Task 11: Configuring quality of service
- Maximum Information Rate (MIR) Parameters
- Token Bucket Algorithm
- MIR Data Entry Checking
- Committed Information Rate (CIR)
- Bandwidth from the SM Perspective
- Interaction of Burst Allocation and Sustained Data Rate Settings
- High-priority Bandwidth
- Traffic Scheduling
- Setting the Configuration Source
- Quality of Service (QoS) tab of the AP
- DiffServ tab of the AP
- Quality of Service (QoS) tab of the SM
- DiffServ tab of the SM
- Task 12: Performing an Sector Wide SA
- Task 13: Zero Touch Configuration Using DHCP Option 66
- Task 14: Configuring Radio via config file
- Task 15: Configuring a RADIUS server
- Understanding RADIUS for PMP 450i
- Choosing Authentication Mode and Configuring for Authentication Servers - AP
- SM Authentication Mode – Require RADIUS or Follow AP
- Handling Certificates
- Configuring your RADIUS servers for SM authentication
- Assigning SM management IP addressing via RADIUS
- Configuring your RADIUS server for SM configuration
- Using RADIUS for centralized AP and SM user name and password management
- RADIUS Device Data Accounting
- RADIUS Device Re-authentication
PMP 450i and PTP 450i Configuration and User
Task 2: Configuring IP and Ethernet interfaces
Attribute Meaning
SM Management
VID Pass-
through
Specify whether to allow the SM (Enabled) or the AP/RADIUS
(Disabled) to control the VLAN settings of this SM. The default
value is Enabled.
When VLAN is enabled in the AP to whom this SM is registered,
the Active Configuration block provides the following details as
read-only information in this tab. In the Cambium fixed wireless
broadband IP network, each device of any type is automatically
a permanent member of VID 1. This facilitates deployment of
devices that have VLAN enabled with those that do not.
If disabled, MVID traffic is not allowed to or from the SM wired
interface. Also, if Management VID is the same as a Port VID
(Default or MAC-based), then this setting is ignored and
assumed to be Enabled.
Default Port VID This is the VID that is used for untagged frames and will
correspond to the Q-Tag for 802.1Q frames (if VLAN Port Type is
Q), or the C-Tag for 802.1ad frames (if the VLAN Port Type is Q-
in- Q).
Port VID MAC
Address
Mapping
These parameters allow operators to place specific devices
onto different VLANs (802.1Q tag or 802.1ad C-tag) based on
the source MAC address of the packet. If the MAC address
entry is 00-00-00-00-00-00 then that entry is not used. If a
packet arrives at the SM that is sourced from a device whose
MAC address is in the table, then the corresponding VID is
used for that frame’s Q-tag (Q port) or C-tag (Q-in-Q port). If
there is no match, then the Default Port VID is used. This
table is also used in the downstream direction for removal of
the tag based on the destination MAC address so that an
untagged (for Q port) or Q-Tagged (for Q-in-Q port) frame is
delivered to the end device. You may use wildcards for the
non-OUI (Organizationally Unique Identifier) portion of the
MAC address, which is the last 3 bytes. MAC addresses contain
6 bytes, the first 3 of which are the OUI of the vendor that
manufactured the device and the last 3 are unique to that
vendor OUI. If you want to cover all devices from a known
vendor’s OUI, you have to specify 0xFF for the remaining 3
bytes. So, for example, if you wanted all devices from a specific
vendor with an OUI of 00-95-5b (which is a Netgear OUI) to be
on the same VID of 800, you have to specify an entry with MAC
address 00-95-5b-ff-ff-ff. Then, any device underneath of the
SM with MAC addresses starting with 00-95-5b is put on VLAN
800.
48
pmp-0957 (April 2015)