User's Manual Part 1
Table Of Contents
- Cambium PTP 650 Series User Guide
- Contacting Cambium Networks
- Purpose
- Cross references
- Feedback
- Chapter 1: Product description
- Chapter 2: System hardware
- Chapter 3: System planning
- Chapter 4: Legal and regulatory information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Compliance with safety standards
- Compliance with radio regulations
- Cambium Networks end user license agreement
Chapter 3: System planning Security planning
Planning for RADIUS operation
Configure RADIUS where remote authentication is required for users of the web-based interface.
Remote authentication has the following advantages:
• Control of passwords can be centralized.
• Management of user accounts can be more sophisticated. For example; users can be prompted
by a network manager to change passwords at regular intervals. As another example,
passwords can be checked for inclusion of dictionary words and phrases.
• Passwords can be updated without reconfiguring multiple network elements.
• User accounts can be disabled without reconfiguring multiple network elements.
Remote authentication has one significant disadvantage in a wireless link product such as PTP 650.
If the wireless link is down, a unit on the remote side of the broken link may be prevented from
contacting a RADIUS Server, with the result that users are unable to access the web-based
interface.
One useful strategy would be to combine RADIUS authentication for normal operation with a
single locally-authenticated user account for emergency use.
PTP 650 provides a choice of the following authentication methods:
• CHAP
• MS-CHAPv2
Ensure that the authentication method selected in PTP 650 is supported by the RADIUS server.
RADIUS attributes
If the standard RADIUS attribute session-timeout (Type 27) is present in a RADIUS response, PTP
650 sets a maximum session length for the authenticated user. If the attribute is absent, the
maximum session length is infinite.
If the standard RADIUS attribute idle-timeout (Type 28) is present in a RADIUS response, PTP 650
overrides the Auto Logout Timer with this value in the authenticated session.
If the vendor-specific RADIUS attribute auth-role is present in a RADIUS response, PTP 650 selects
the role for the authenticated user according to auth-role. The supported values of auth-role are as
follows:
• 0: Invalid role. The user is not admitted.
• 1: Read Only
• 2: System Administrator
• 3: Security Officer
Page
3-39