User Guide
Table Of Contents
- Cambium
- PMP 450 Planning Guide
- Accuracy
- Copyrights
- Restrictions
- License Agreements
- High Risk Materials
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Planning Guide
- PMP support website: http://www.cambiumnetworks.com/support
- Cambium main website: http://www.cambiumnetworks.com/
- Sales enquiries: solutions@cambiumnetworks.com
- Email support: support@cambiumnetworks.com
- Cambium Networks
- 3800 Golf Road, Suite 360
- Rolling Meadows, IL 60008
- Chapter 1: Product description
- Chapter 2: Planning considerations
- Regulatory planning
- Network migration planning
- Site planning
- Link planning
- Analyzing the RF Environment
- Selecting Sites for Network Elements
- Diagramming Network Layouts
- Grounding and lightning protection
- Configuration options for TDD synchronization
- Data network planning
- Security planning
- Isolating APs from the Internet
- Managing module access by passwords
- Filtering protocols and ports
- Port Lockdown
- Isolating SMs
- Filtering management through Ethernet
- Allowing management from only specified IP addresses
- Configuring management IP by DHCP
- Planning for airlink security
- Planning for RF Telnet Access Control
- Planning for RADIUS integration
- Planning for SNMP security
- Ordering components
- Chapter 3: Legal information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Hardware warranty
- Limit of liability
- Cambium Networks end user license agreement
- Chapter 4: Reference information
Security planning Planning considerations
2-58
pmp-0047 (December 2012)
Port Lockdown
Cambium devices support access to various communication protocols and only the ports required for these
protocols are available for access by external entities. Operators may change the port numbers for these protocols
via the radio GUI or SNMP.
Table 27 Device default port numbers
Port
Usage
Port Usage
Device
21 FTP Listen Port AP, SM
80 HTTP Listen Port AP, SM
1812 Standard RADIUS port Destination Port AP
1813 Standard RADIUS
accounting port
Destination Port AP, SM
161 SNMP port Listen Port AP, SM
162 SNMP trap port Destination Port AP, SM
514 Syslog Destination Port AP, SM
Isolating SMs
In an AP, you can prevent SMs in the sector from directly communicating with each other. In CMMmicro Release
2.2 or later and the CMM4, you can prevent connected APs from directly communicating with each other, which
prevents SMs that are in different sectors of a cluster from communicating with each other.
In the AP, the SM Isolation parameter is available in the General tab of the Configuration web page. In the drop-
down menu for that parameter, you can configure the SM Isolation feature by any of the following selections:
• Disable SM Isolation (the default selection). This allows full communication between SMs.
• Block SM Packets from being forwarded. This prevents both multicast/broadcast and unicast SM-to-SM
communication.
• Block and Forward SM Packets to Backbone. This not only prevents multicast/broadcast and unicast SM-to-
SM communication but also sends the packets, which otherwise would have been handled SM to SM, through
the Ethernet port of the AP.
In the CMMmicro and the CMM4, SM isolation treatment is the result of how you choose to manage the port-based
VLAN feature of the embedded switch, where you can switch all traffic from any AP to an uplink port that you
specify. However, this is not packet level switching. It is not based on VLAN IDs. See the VLAN Port
Configuration parameter in the dedicated user guide that supports the CMM product that you are deploying.