Manualshelf

User's Manual Part 3

ManualsBrandsCascade Networks ManualsElectronicsMotorola Canopy compatible Wireless Internet Acces
81828384858687888990
Release8OperationsGuide
Issue2,November2007 Draft5forRegula toryReview 382
8. Flip the toggle switch down (away from you).
9. Click the Reboot button.
end of procedure
22.4 REQUIRINGSMAUTHENTICATION
Through the use of Prizm Release 2.0 or later, or BAM Release 2.1, you can enhance
network security by requiring SMs to authenticate when they register. Three keys and a
random number are involved in authentication as follows:
factory-set key in each SM. Neither the subscriber nor the network operator can
view or change this key.
authentication key, also known as authorization key and skey. This key matches
in the SM and AP as the Authentication Key parameter, and in the Prizm
database.
random number, generated by Prizm or BAM and used in each attempt by an SM
to register and authenticate. The network operator can view this number.
session key, calculated separately by the SM and Prizm or BAM, based on both
the authentication key (or, by default, the factory-set key) and the random
number. Prizm or BAM sends the session key to the AP. The network operator
cannot view this key.
None of the above keys is ever sent in an over-the-air link during an SM registration
attempt. However, with the assumed security risk, the operator can create and configure
the Authentication Key parameter. See Authentication Key on Page 286.
22.5 FILTERINGPROTOCOLSANDPORTS
You can filter (block) specified protocols and ports from leaving the SM and entering the
Cyclone network. This protects the network from both intended and inadvertent packet
loading or probing by network users. By keeping the specified protocols or ports off the
network, this feature also provides a level of protection to users from each other.
Protocol and port filtering is set per SM. Except for filtering of SNMP ports, filtering occurs
as packets leave the SM. If an SM is configured to filter SNMP, then SNMP packets are
blocked from entering the SM and, thereby, from interacting with the SNMP portion of the
protocol stack on the SM.
22.5.1 PortFilteringwithNATEnabled
Where NAT is enabled, you can filter only the three user-defined ports. The following are
example situations in which you can configure port filtering where NAT is enabled.
To block a subscriber from using FTP, you can filter Ports 20 and 21 (the FTP
ports) for both the TCP and UDP protocols.
To block a subscriber from access to SNMP, you can filter Ports 161 and 162
(the SNMP ports) for both the TCP and UDP protocols.
NOTE: In only the SNMP case, filtering occurs before the packet interacts with
the protocol stack.