User Guide
Table Of Contents
- Cambium
- PMP 450 Planning Guide
- Accuracy
- Copyrights
- Restrictions
- License Agreements
- High Risk Materials
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Planning Guide
- PMP support website: http://www.cambiumnetworks.com/support
- Cambium main website: http://www.cambiumnetworks.com/
- Sales enquiries: solutions@cambiumnetworks.com
- Email support: support@cambiumnetworks.com
- Cambium Networks
- 3800 Golf Road, Suite 360
- Rolling Meadows, IL 60008
- Chapter 1: Product description
- Chapter 2: Planning considerations
- Regulatory planning
- Network migration planning
- Site planning
- Link planning
- Analyzing the RF Environment
- Selecting Sites for Network Elements
- Diagramming Network Layouts
- Grounding and lightning protection
- Configuration options for TDD synchronization
- Data network planning
- Security planning
- Isolating APs from the Internet
- Managing module access by passwords
- Filtering protocols and ports
- Port Lockdown
- Isolating SMs
- Filtering management through Ethernet
- Allowing management from only specified IP addresses
- Configuring management IP by DHCP
- Planning for airlink security
- Planning for RF Telnet Access Control
- Planning for RADIUS integration
- Planning for SNMP security
- Ordering components
- Chapter 3: Legal information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Hardware warranty
- Limit of liability
- Cambium Networks end user license agreement
- Chapter 4: Reference information
PMP 450 Planning Guide Security planning
pmp-0047 (December 2012)
2-59
Filtering management through Ethernet
You can configure the SM to disallow any device that is connected to its Ethernet port from accessing the IP
address of the SM. If you set the Ethernet Access Control parameter to Enabled, then
• no attempt to access the SM management interface (by http, SNMP, ftp, or tftp) through Ethernet can succeed.
• any attempt to access the SM management interface over the air (by IP address, presuming that LAN1
Network Interface Configuration, Network Accessibility is set to Public, or by link from the Session Status
or Remote Subscribers tab in the AP) is unaffected.
Allowing management from only specified IP addresses
The Security tab of the Configuration web page in the AP and SM includes the IP Access Control parameter. You
can specify one, two, or three IP addresses that should be allowed to access the management interface (by HTTP,
SNMP, FTP, or TFTP).
If you select
• IP Access Filtering Disabled, then management access is allowed from any IP address, even if the Allowed
Source IP 1 to 3 parameters are populated.
• IP Access Filtering Enabled, and specify at least one address in the Allowed Source IP 1 to 3 parameter, then
management access is limited to the specified address(es).
Configuring management IP by DHCP
The IP tab in the Configuration web page of every radio contains a LAN1 Network Interface Configuration,
DHCP State parameter that, if enabled, causes the IP configuration (IP address, subnet mask, and gateway IP
address) to be obtained through DHCP instead of the values of those individual parameters. The setting of this
DHCP state parameter is also viewable, but is not settable, in the Network Interface tab of the Home page.
In the SM, this parameter is settable
• in the NAT tab of the Configuration web page, but only if NAT is enabled.
• in the IP tab of the Configuration web page, but only if the Network Accessibility parameter in the IP tab is set
to Public.
Planning for airlink security
Cambium fixed wireless broadband IP systems employ the following form of encryption for security of the wireless
link:
• DES (Data Encryption Standard): An over-the-air link encryption option that uses secret 56-bit keys and 8
parity bits. DES performs a series of bit permutations, substitutions, and recombination operations on blocks of
data. DES encryption does not affect the performance or throughput of the system.
• AES (Advanced Encryption Standard): An over-the-air link encryption option that uses the Rijndael
algorithm and 128-bit keys to establish a higher level of security than DES. AES products are certified as
compliant with the Federal Information Processing Standards (FIPS 197) in the U.S.A.