User guide

ManualsBrandsMotorola ManualsOther5440SM - Canopy 5.4 GHz Subscriber Module

431

432

433

434

435

436

437

438

439

440

Canopy System User Guide Filtering Protocols and Ports

pmp-0229 (Mar 2013)

435

Requiring SM Authentication

By using a RADIUS server in the management network, SMs may be required to authenticate

before being allowed entry into the network. SM authentication allows only known SMs onto the

network (blocking

“rogue”

SMs), and can be configured to ensure SMs are connecting to a

known

network

(preventing SMs from connecting to “rogue” APs). RADIUS authentication is

used

for SMs,

but is

not used for APs, BHMs, or

BHSs.

lternatively, through the use of Prizm Release 2.0 or later, or BAM Release 2.1 you can enhance

network security by requiring SMs to authenticate when they register. Three keys and a random

number are involved in authentication as follows:

• factory-set key in each SM. Neither the subscriber nor the network operator can view or

change this key.

• authentication key, also known as authorization key and skey. This key matches in the SM

and AP as the Authentication Key parameter, and in the Prizm database.

• random number, generated by Prizm or BAM and used in each attempt by an SM to register

and authenticate. The network operator can view this number.

• session key, calculated separately by the SM and Prizm or BAM, based on both the

authentication key (or, by default, the factory-set key) and the random number. Prizm or

BAM sends the session key to the AP. The network operator cannot view this key.

None of the above keys is ever sent in an over-the-air link during an SM registration attempt.

However, with the assumed security risk, the operator can create and configure the

Authentication Key parameter.

Filtering Protocols and Ports

You can filter (block) specified protocols and ports from leaving the SM and entering the network.

This protects the network from both intended and inadvertent packet loading or probing by

network users. By keeping the specified protocols or ports off the network, this feature also

provides a level of protection to users from each other.

Protocol and port filtering is set per SM. Except for filtering of SNMP ports, filtering occurs as

packets leave the SM. If an SM is configured to filter SNMP, then SNMP packets are blocked

from entering the SM and, thereby, from interacting with the SNMP portion of the protocol stack

on the SM.