Manualshelf

User guide

ManualsBrandsMotorola ManualsNetwork CardCanopy Backhaul Module
301302303304305306307308309310
Managing Your Canopy Network March 2005
Through Software Release 6.1
Issue 1 Page 303 of 425
Canopy System User Guide
database. In the Authentication Key parameter of the SM Configuration web
page, password access to the page governs whether the network operator or the
subscriber can view and set this key.
random number, generated by BAM and used in each attempt by an SM to
register and authenticate. Neither the subscriber nor the network operator can
view this number.
session key, calculated separately by the SM and BAM, based on both the
authentication key (or, by default, the factory-set key) and the random number.
BAM sends the session key to the AP. Neither the subscriber nor the network
operator can view this key.
None of the above keys is ever sent in an over-the-air link during an SM registration
attempt. However, with the assumed security risk, the operator can create and configure
an authentication key in the Authentication Key field of the SM Configuration page. See
Authentication Key on Page 212.
22.5 FILTERING PROTOCOLS AND PORTS
In Canopy System Release 4.2 and later releases, you can filter (block) specified
protocols and ports from leaving the SM and entering the Canopy network. This protects
the network from both intended and inadvertent packet loading or probing by network
users. By keeping the specified protocols or ports off the network, this feature also
provides a level of protection to users from each other.
Protocol and port filtering is set per SM. Except for filtering of SNMP ports, filtering occurs
as packets leave the SM. If an SM is configured to filter SNMP, then SNMP packets are
blocked from entering the SM and, thereby, from interacting with the SNMP portion of the
protocol stack on the SM.
22.5.1 Port Filtering with NAT Enabled
Where NAT is enabled, you can filter only the three user-defined ports. The following are
example situations in which you can configure port filtering where NAT is enabled.
To block a subscriber from using FTP, you can filter Ports 20 and 21 (the FTP
ports) for both the TCP and UDP protocols.
To block a subscriber from access to SNMP, you can filter Ports 161 and 162
(the SNMP ports) for both the TCP and UDP protocols.
NOTE: In only the SNMP case, filtering occurs before the packet interacts with
the protocol stack.
22.5.2 Protocol and Port Filtering with NAT Disabled
Where NAT is disabled, you can filter both protocols and the three user-defined ports.
Using the check boxes on the interface, you can either
allow all protocols except those that you wish to block.
block all protocols except those that you wish to allow.