manualshive.com logo in svg

Cambium Networks PMP 450, Configuration And User'S Manual, Page: 90 / 196

Share
Download
Cambium Networks PMP 450 Configuration And User'S Manual Download Page 90

Task 5: Configuring security 

Chapter 2:  Configuration and alignment 

 

2-58

 

 

pmp-0050 (May 2012)

 

 

Canopy DES products cannot be upgraded to AES. To have the option of AES encryption, the operator must 
purchase AES products. 

Interoperability 

AES and DES products do not interoperate when enabled for encryption. For example, An AES AP with 
encryption enabled cannot communicate with DES SMs. Similarly, an AES Backhaul timing master module 
with encryption enabled cannot communicate with a DES Backhaul timing slave module.  
However, if encryption is disabled, AES modules can communicate with DES modules. 

Managing module access by passwords 

Adding a User for Access to a Module 

From the factory, each module has a preconfigured administrator-level account in the name 

root

, which 

initially requires no associated password. This is the same 

root

 account that you may have used for access to 

the module by 

telnet

 or 

ftp

. When you upgrade a module: 

 

an account is created in the name 

admin

 

both 

admin

 and 

root

 inherit the password that was previously used for access to the module: 

o

 

the 

Full Access

 password, if one was set. 

o

 

the 

Display-Only Access

 password, if one was set and no Full Access password was set. 

 

 

If you use Prizm, 

do not

 delete the 

root

 account from any module. If you use an NMS that communicates with modules 

through SNMP, 

do not

 delete the 

root

 account from any module unless you first can confirm that the NMS does not rely 

on the 

root

 account for access to the modules.

 

 
Each module supports four or fewer user accounts, regardless of account levels. The available levels are  

 

ADMINISTRATOR, who has full read and write permissions. This is the level of the 

root

 and 

admin

 

users, as well as any other administrator accounts that one of them creates. 

 

INSTALLER, who has permissions identical to those of ADMINISTRATOR except that the installer 
cannot add or delete users or change the password of any other user. 

 

GUEST, who has no write permissions and only a limited view of General Status tab, and can log in as a 
user. 
 

From the factory default state, configure passwords for both the 

root

 and 

admin

 account at the 

ADMINISTRATOR permission level, using the 

Account,

 

Change Users Password

 tab. (If you configure only 

one of these, then the other will still require no password for access into it and thus remain a security risk.) If 
you are intent on configuring only one of them, delete the 

admin

 account. The 

root

 account is the only 

account that CNUT uses to update and Prizm uses to manage the module.  
 
 

Summary of Contents for PMP 450

Page 1: ...Cambium PMP 450 Configuration and User Guide System Release 12 0...

Page 2: ...pyrighted material of Cambium its licensors or the 3rd Party software supplied material contained in the Cambium products described in this document may not be copied reproduced reverse engineered dis...

Page 3: ...with national regulations In the USA follow Section 810 of the National Electric Code ANSI NFPA No 70 1984 USA In Canada follow Section 54 of the Canadian Electrical Code These codes describe correct...

Page 4: ...ervices called primary users of the bands Radar avoidance In countries where radar systems are the primary band users the regulators have mandated special requirements to protect these systems from in...

Page 5: ...products cannot be configured to operate outside of FCC rules specifically it must not be possible to disable or modify the radar protection functions that have been demonstrated to the FCC In order...

Page 6: ......

Page 7: ...d user license agreement 1 2 Acceptance of this agreement 1 2 Definitions 1 2 Grant of license 1 2 Conditions of use 1 3 Title and restrictions 1 4 Confidentiality 1 4 Right to use Cambium s name 1 5...

Page 8: ...Checking the installed software version 2 37 Upgrading to a new software version 2 37 Task 4 Configuring General and Unit settings 2 41 General Tab of the AP 2 41 Unit Settings Tab of the AP 2 46 Gen...

Page 9: ...itted Information Rate 2 107 Bandwidth from the SM Perspective 2 108 Interaction of Burst Allocation and Sustained Data Rate Settings 2 108 High priority Bandwidth 2 108 Traffic Scheduling 2 109 Setti...

Page 10: ...ntents iv pmp 0050 May 2012 Transmitter Output Power 3 5 Exposure Separation Distances 3 1 Details of Exposure Separation Distances Calculations and Power Compliance Margins 3 1 Appendix A Glossary A...

Page 11: ...Figure 16 AP Syslog Configuration page 2 100 Figure 17 SM Syslog Configuration page 2 101 Figure 18 SM IP Configuration page 2 102 Figure 19 AP Session Status page 2 103 Figure 20 AP Remote Subscribe...

Page 12: ...Port Mapping tab of the SM 2 36 Table 17 SM PPPoE attributes 2 36 Table 18 General tab of the AP 2 41 Table 19 SM PPPoE attributes 2 42 Table 20 Unit Settings tab of the AP 2 46 Table 21 AP Unit Setti...

Page 13: ...red 2 112 Table 51 Where feature values are obtained for an SM with authentication disabled 2 112 Table 52 AP QoS attributes 2 113 Table 53 Broadcast Downlink CIR achievable per Broadcast Repeat Count...

Page 14: ...mation 1 8 pmp 0050 May 2012 About This Configuration and User Guide This guide describes the configuration of the Cambium PMP 450 Series of point to multipoint wireless equipment deployment It is int...

Page 15: ...http www cambiumnetworks com support PMP main website http www cambiumnetworks com pmp Sales enquiries solutions cambiumnetworks com Email support support cambiumnetworks com Telephone numbers North A...

Page 16: ...the customer or anyone acting on the customer s behalf to abide by the instructions system parameters or recommendations made in this document Cross references References to external publications are...

Page 17: ...it failure is suspected obtain details of the Return Material Authorization RMA process from the support website Warranty Cambium s standard hardware warranty is for one 1 year from date of shipment f...

Page 18: ...Problems and warranty Chapter 1 Legal information 1 12 pmp 0050 May 2012 Portions of Cambium equipment may be damaged from exposure to electrostatic discharge Use precautions to prevent damage...

Page 19: ...ecognized security practices Security aspects to be considered are protecting the confidentiality integrity and availability of information and assets Assets include the ability to communicate informa...

Page 20: ...arning has the following format Warning text and consequence for not following the instructions in the warning Cautions Cautions precede instructions and are used when there is a possibility of damage...

Page 21: ...Cambium equipment European Union EU Directive 2002 96 EC Waste Electrical and Electronic Equipment WEEE Do not dispose of Cambium equipment in landfill sites In the EU Cambium in conjunction with a r...

Page 22: ......

Page 23: ...nges or modifications to the equipment must not be made unless under the express consent of the party responsible for compliance Any such modifications could void the user s authority to operate the e...

Page 24: ...HE TERMS OF THIS AGREEMENT Definitions In this Agreement the word Software refers to the set of instructions for computers in executable form and in any media which may include diskette CD ROM downloa...

Page 25: ...cept that you may either i make 1 copy of the transportable part of the Software which typically is supplied on diskette CD ROM or downloadable internet solely for back up purposes or ii copy the tran...

Page 26: ...hout Cambium s written consent Unauthorized copying of the Software or Documentation or failure to comply with any of the provisions of this Agreement will result in automatic termination of this lice...

Page 27: ...may be conditioned upon transferee paying all applicable license fees and agreeing to be bound by this Agreement Updates During the first 12 months after purchase of a Product or during the term of a...

Page 28: ...SPECT TO THE CORRECTNESS ACCURACY OR RELIABILITY OF THE SOFTWARE AND DOCUMENTATION Some jurisdictions do not allow the exclusion of implied warranties so the above exclusion may not apply to you Limit...

Page 29: ...ent with the rights provided to you under the aforementioned provisions of the FAR and DFARS as applicable to the particular procuring agency and procurement transaction Term of license Your right to...

Page 30: ...t of any provision indicates an intent that it survives the term of this Agreement then it will survive Entire agreement This agreement contains the parties entire agreement regarding your use of the...

Page 31: ...rrants that hardware will conform to the relevant published specifications and will be free from material defects in material and workmanship under normal use and service Cambium shall within this tim...

Page 32: ...USE THE PRODUCT INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF BUSINESS PROFITS BUSINESS INTERRUPTION LOSS OF BUSINESS INFORMATION OR ANY OTHER PECUNIARY LOSS OR FROM ANY BREACH OF WARRANTY EVEN IF...

Page 33: ...May 2012 2 1 Chapter 2 Configuration and alignment This chapter describes all configuration and alignment tasks that are performed when a PMP 450 link is deployed Observe the precautions in Preparing...

Page 34: ...levels of RF energy The units start to radiate as soon as they are powered up Observe the following guidelines Never work in front of the antenna when the AP or SM is powered Always power down the AP...

Page 35: ...onfiguring the management PC on page 2 3 Connecting to the PC and powering up on page 2 5 Logging into the web interface on page 2 5 Configuring the management PC To configure the local management PC...

Page 36: ...and alignment 2 4 pmp 0050 May 2012 4 Enter an IP address that is valid for the 169 254 X X network avoiding 169 254 0 0 and 169 254 1 1 and 169 254 1 2 A good example is 169 254 1 3 5 Enter a subnet...

Page 37: ...C Ethernet port to the LAN port of the power supply using a standard not crossed Ethernet cable 3 Apply power to the radio power supply The green Power LED should illuminate continuously Logging into...

Page 38: ...ocedures Configuring the AP IP interface on page 2 6 Configuring the AP IP interface The IP interface allows users to connect to the PMP 450 web interface either from a locally connected computer or f...

Page 39: ...rface proceed as follows 1 Select menu option System Configuration LAN Configuration The LAN configuration page is displayed 2 Update IP Address Subnet Mask and Gateway IP Address to meet network requ...

Page 40: ...onfiguration IP address subnet mask and gateway IP address and the values of those individual parameters above are not used The setting of this DHCP state parameter is also viewable but not settable i...

Page 41: ...f configured as such LAN2 Network Interface Configuration Radio Private Interface IP Address It is recommended to not change this parameter from the default AP private IP address of 192 168 101 1 A 24...

Page 42: ...Task 2 Configuring IP and Ethernet interfaces Chapter 2 Configuration and alignment 2 10 pmp 0050 May 2012 NAT tab of the SM with NAT disabled Figure 1 NAT tab of the SM with NAT disabled...

Page 43: ...nfiguration DHCP Enabled DNS from DHCP or DNS Static Configuration In the NAT tab of an SM with NAT disabled you may set the following parameters Table 3 SM with NAT disabled NAT attributes Attribute...

Page 44: ...ed LAN DHCP Server DHCP Server Enable Disable This parameter is not configurable when NAT is disabled LAN DHCP Server DHCP Server Lease Timeout This parameter is not configurable when NAT is disabled...

Page 45: ...when NAT is disabled Remote Connection Interface Domain Name This parameter is not configurable when NAT is disabled NAT Protocol Parameters ARP Cache Timeout If a router upstream has an ARP cache of...

Page 46: ...ess the module configuration parameters at 169 254 1 1 See Overriding Forgotten IP Addresses or Passwords on AP on Page 2 60 Note or print the IP settings from this page Ensure that you can readily as...

Page 47: ...bled and avoid the blocking scenario select the Bootp Server option instead This will result in responses being appropriately filtered and discarded LAN1 Network Interface Configuration DNS IP Address...

Page 48: ...Task 2 Configuring IP and Ethernet interfaces Chapter 2 Configuration and alignment 2 16 pmp 0050 May 2012 NAT tab of the SM with NAT enabled Figure 3 NAT tab of the SM with NAT enabled...

Page 49: ...ed DNS Static Configuration DHCP Enabled DNS from DHCP or DNS Static Configuration In the NAT tab of an SM with NAT enabled you may set the following parameters Table 6 SM with NAT enabled NAT attribu...

Page 50: ...the Ethernet side address for transport traffic When NAT is enabled this interface is redundantly shown as the NAT Network Interface Configuration on the IP tab of the Configuration web page in the S...

Page 51: ...s parameter enables or disables advertisement of the SM as the DNS server On initial boot up of an SM with the NAT WAN interface configured as DHCP or PPPoE the SM module will not immediately have DNS...

Page 52: ...the SM for RF management traffic Remote Configuration Interface Subnet Mask If Static IP is set as the Connection Type of the WAN interface then this parameter configures the subnet mask of the SM fo...

Page 53: ...et to 1 This address becomes the base for the range of DHCP assigned addresses NAT Network Interface Configuration Subnet Mask Assign a subnet mask of 255 255 255 0 or a more restrictive subnet mask S...

Page 54: ...M with NAT enabled IP attributes Attribute Meaning VLAN Specify whether VLAN functionality for the AP and all linked SMs should Enabled or should not Disabled be allowed The default value is Disabled...

Page 55: ...with the module manager The range of values is 1 to 4095 The default value is 1 SM Management VID Pass through Specify whether to allow the SM Enable or the AP Disable to control the VLAN settings of...

Page 56: ...ue of Dynamic Learning is Disabled Allow Frame Type This displays the selection that was made from the drop down list at the Allow Frame Types parameter above Current VID Member Set VID Number This co...

Page 57: ...e AP or reflects a fewer number of minutes that represents the difference between what was configured and what has elapsed since the VID was learned Each minute the Age decreases by one until at zero...

Page 58: ...set the VLAN Membership tab parameter as follows Table 10 AP VLAN Membership attributes Attribute Meaning VLAN Membership Table Configuration For each VLAN in which you want the AP to be a member ent...

Page 59: ...of the SM In the VLAN tab of an SM you may set the following parameters Table 12 SM VLAN attributes Attribute Meaning Always use Local VLAN Config Enable this option before you reboot this AP as an SM...

Page 60: ...isable add the VIDs of upstream frames that enter the SM through the wired Ethernet interface to the VID table The default value is Enable Allow Frame Types Select the type of arriving frames that the...

Page 61: ...the last 3 bytes MAC addresses contain 6 bytes the first 3 of which are the OUI of the vendor that manufactured the device and the last 3 are unique to that vendor OUI If you want to cover all device...

Page 62: ...nd is set to Disabled if VLAN Port Type is set to Q Active Configuration QinQ EthType This is the value of the QinQ EtherType configured in the AP Active Configuration Allow QinQ Tagged Frames This is...

Page 63: ...lects a fewer number of minutes that represents the difference between what was configured and what has elapsed since the VID was learned Each minute the Age decreases by one until at zero the AP dele...

Page 64: ...no longer be a member enter the VLAN ID and then click the Remove Member button PPPoE Tab of the SM Table 14 PPPoE tab of the SM Point to Point Protocol over Ethernet PPPoE is a protocol that encapsul...

Page 65: ...PPPoE Server o NAT Public Network Interface Configuration will not be used and should be left to defaults Also NAT Public IP DHCP will be disabled if it is enabled Translation Bridging MUST be DISABLE...

Page 66: ...periodically The user can set a keepalive period If no data is seen from the PPPoE server for that period the link will be taken down and a reconnection attempt will be started For marginal links the...

Page 67: ...t have to worry about MTU on the client side for TCP packets The MSS will be set to the current MTU 40 20 bytes for IP headers and 20 bytes for TCP headers This will cause the application on the clien...

Page 68: ...or Reference source not found Table 16 NAT Port Mapping tab of the SM In the NAT Port Mapping tab of the SM you may set the following parameters Table 17 SM PPPoE attributes Attribute Meaning Port Map...

Page 69: ...page 1 9 and find Point to Multipoint software updates Check that the latest PMP 450 software version for example 13 0 is the same as the installed Software Version 4 If the software needs to be upgra...

Page 70: ...s for example by region or by AP cluster allows you to o perform an operation on all elements in the group simultaneously o set group level defaults for telnet or ftp password access and SNMP Communit...

Page 71: ...o Red Hat Enterprise Linux Version 4 Java Runtime Version 2 0 or later installed by the CNUT installation tool CNUT download CNUT can be downloaded from the Cambium support website see Contacting Cam...

Page 72: ...ges 7 To verify connectivity with the radio perform a Refresh Discover Entire Network operation located at View Refresh Discover Entire Network You should see the details columns for the new element f...

Page 73: ...nd Unit settings pmp 0050 May 2012 2 41 Task 4 Configuring General and Unit settings General Tab of the AP Table 18 General tab of the AP The General tab of the AP contains many of the configurable pa...

Page 74: ...the speed that they will use is 10 Mbps or 100 Mbps and whether the Ethernet traffic will be full duplex or half duplex However Ethernet links work best when either both ends are set to the same force...

Page 75: ...proper configuration exercise in environments that are subject to DFS requirements has two imperative Save Changes and Reboot cycles one after the Region Code is set and a second after related option...

Page 76: ...SM to SM communication but also sends the packets which otherwise would have been handled SM to SM through the Ethernet port of the AP Update Application Address Enter the address of the server to ac...

Page 77: ...erneath it The AP will make use of the DHCP Option 82 DHCP Relay Agent Information from RFC 3046 when performing relay functions The AP offers two types of DHCP relay functionality Full Relay Informat...

Page 78: ...to the module and uses an override default plug cannot see or learn the settings that were previously configured in it When the module is later rebooted with no plug inserted the module uses the new v...

Page 79: ...utton all configurable parameters on all tabs are reset to the factory settings General Tab of the SM Table 22 General tab of the SM In the General tab of the SM you may set the following parameters T...

Page 80: ...the subscriber s computing device the subscriber s home router is improperly configured Region Code This parameter allows you to set the region in which the radio will operate When the appropriate reg...

Page 81: ...This parameter is present in only PMP 100 Series SMs Specify the default mode in which this SM will power up when the SM senses no Ethernet link Select either Power Up in Aim Mode the SM boots in an a...

Page 82: ...event that the SM loses sync Disable If this SM loses sync from the AP then propagate the sync pulse to the BH timing master or other AP Multicast Destination Address Using Link Layer Discovery Proto...

Page 83: ...and Unit settings pmp 0050 May 2012 2 51 Unit Settings Tab of the SM Table 24 Unit Settings tab of the SM The Unit Settings tab of the SM contains an option for how the SM should react when it detect...

Page 84: ...he default values for any that were not If Disabled is checked then an override default plug functions as an override plug When the module is rebooted with the plug inserted it can be accessed at the...

Page 85: ...ble 26 Unit Settings tab of the SM You may set the time parameters as follows Table 27 AP Time attributes Attribute Meaning NTP Server Name or IP Address The management DNS domain name may be toggled...

Page 86: ...server on this tab To force the AP to obtain time and date before the first or next 15 minute interval query of the NTP server click Get Time through NTP The polling of the NTP servers is done in a se...

Page 87: ...PMP 450 Configuration and User Guide Task 4 Configuring General and Unit settings pmp 0050 May 2012 2 55 Attribute Meaning Date This field may be used to manually set the system date of the radio...

Page 88: ...o encrypt downlink broadcast transmissions such as ARP and NetBIOS Isolating SMs on page 2 64 to prevent SMs in the same sector from directly communicating with each other Filtering management through...

Page 89: ...ey is one to ensure that these products are available in only certain regions and by special permit The distributor or reseller can advise service providers about current regional availability AES pro...

Page 90: ...ne was set and no Full Access password was set If you use Prizm do not delete the root account from any module If you use an NMS that communicates with modules through SNMP do not delete the root acco...

Page 91: ...guring security pmp 0050 May 2012 2 59 Figure 7 General Status tab view for GUEST level account Figure 8 SM Add User tab After a password has been set for any ADMINISTRATOR level account initial acces...

Page 92: ...module The module has been locked by the No Remote Access feature You want local access to a module that has had the 802 3 link disabled in the Configuration page You can configure the module such tha...

Page 93: ...e module boots with the default IP address of 169 254 1 1 password fields blank and all other configuration values as previously set 3 Wait approximately 30 seconds for the boot to complete 4 Remove t...

Page 94: ...rotocols or ports off the network this feature also provides a level of protection to users from each other Protocol and port filtering is set per SM Except for filtering of SNMP ports filtering occur...

Page 95: ...Defined Port 3 User Defined Port 2 All Others The following are example situations in which you can configure protocol filtering where NAT is disabled If you block a subscriber from only PPoE and SNMP...

Page 96: ...municating with each other In the AP the SM Isolation parameter is available in the General tab of the Configuration web page In the drop down menu for that parameter you can configure the SM Isolatio...

Page 97: ...ss even if the Allowed Source IP 1 to 3 parameters are populated IP Access Filtering Enabled and specify at least one address in the Allowed Source IP 1 to 3 parameter then management access is limite...

Page 98: ...nfig html 4 Click the checkbox 5 Save the changes 6 Remove the override plug 7 Reboot the module Reinstating Remote Access Capability Where ease of network administration is more important than the ad...

Page 99: ...50 Configuration and User Guide Task 5 Configuring security pmp 0050 May 2012 2 67 Security Tab of the AP Figure 13 Security tab of the AP In the Security tab of the AP you may set the following param...

Page 100: ...esses and Shared Secrets can be configured The IP address es configured here must match the IP address es of the RADIUS server s The shared secret s configured here must match the shared secret s conf...

Page 101: ...AP Evaluation Data You can use this field to suppress the display of data about this AP on the AP Evaluation tab of the Tools page in all SMs that register Web Telnet FTP Session Timeout Enter the ex...

Page 102: ...ks the associated protocol type To filter packets in any of the user defined ports you must do all of the following Check the box for User Defined Port n See Below in the Packet Filter Types section o...

Page 103: ...u may set the following parameters Table 32 AP Port Configuration attributes Attribute Meaning FTP Port The listen port on the device used for FTP communication HTTP Port The listen port on the device...

Page 104: ...5 Configuring security Chapter 2 Configuration and alignment 2 72 pmp 0050 May 2012 Security Tab of the SM Table 33 Security tab of the SM In the Security tab of the SM you may set the following param...

Page 105: ...wever Motorola recommends that you enter 32 characters to achieve the maximal security from this feature Enforce Authentication The SM may enforce authentication types of AAA and BAM PreSharedKey The...

Page 106: ...t match the password configured for the SM on the RADIUS server The default Password is password The Password can be up to 128 non special no diacritical markings alphanumeric characters Upload Certif...

Page 107: ...the network See IP Access Control below If you want to allow management access through the Ethernet port select Ethernet Access Enabled This is the factory default setting for this parameter IP Access...

Page 108: ...n and alignment 2 76 pmp 0050 May 2012 Protocol Filtering Tab of the SM Table 35 Protocol Filtering tab of the SM In the Protocol Filtering tab of the SM you may set the following parameters Table 36...

Page 109: ...ol Filtering tab because doing so would block the DHCP request Filters apply to all packets that leave the SM via its RF interface including those that the SM itself generates If you want to keep DHCP...

Page 110: ...on attributes Attribute Meaning FTP Port The listen port on the device used for FTP communication HTTP Port The listen port on the device used for HTTP communication SNMP Port The listen port on the d...

Page 111: ...15 Radio tab of the AP The Radio tab of the AP contains some of the configurable parameters that define how the AP operates Table 38 AP Radio attributes Attribute Meaning Radio Frequency Carrier Spec...

Page 112: ...t the Region Code parameter from its drop down list 3 Click the Save Changes button 4 Click the Reboot button 5 Click the Radio tab From the drop down list select the frequency that the AP should swit...

Page 113: ...etermine actual performance based on RF conditions Deploying networks using 1 8 or 1 16 cyclic prefixes is feasible in all but the worst multi path environments urban areas with buildings causing many...

Page 114: ...codes between the modules While the SM is accessible for configuration from above the AP for remote provisioning and below the SM for local site provisioning no user data is passed over the radio lin...

Page 115: ...ate adapt must be set to its highest rate adapt modulation Max Range Enter a number of miles or kilometers divided by 1 61 then rounded to an integer for the furthest distance from which an SM is allo...

Page 116: ...e throughput for the downlink frames transmitted from the AP to the subscriber For example if the aggregate uplink and downlink total throughput on the AP is 6 Mb then 75 specified for this parameter...

Page 117: ...ormance Table 39 Control slot settings for all OFDM APs in cluster Number of SMs that Register to the AP Number of Control Slots Recommended 1 to 10 2 11 to 50 4 51 to 150 6 151 to 200 8 This field in...

Page 118: ...g the downlink with repeat broadcast packets Transmitter Output Power Nations and regions may regulate transmitter output power For example 5 7 GHz modules are available as connectorized radios which...

Page 119: ...Attribute Meaning SM Receive Target Level Each SM s Transmitter Output Power is automatically set by the AP The AP monitors the received power from each SM and adjusts each SM s Transmitter Output Po...

Page 120: ...quency that you want the SM to scan for AP transmissions The frequency band of the SM affects what channels you should select In a 5 7 GHz SM this parameter displays both ISM and U NII frequencies If...

Page 121: ...ed equally Likewise this evaluation is done for the secondary and tertiary groups in order The analysis for selecting an AP within a priority group is based on various inputs including signal strength...

Page 122: ...cond or more Configuration of this parameter is shown on the Configuration Radio web page on the SM If an operator is experiencing packet loss in the uplink due to bursting IP traffic and the overall...

Page 123: ...l installer of the equipment has the responsibility to maintain awareness of applicable regulations calculate the permissible transmitter output power for the module confirm that the initial power set...

Page 124: ...May 2012 Task 7 Setting up SNMP agent Operators may use SNMP commands to set configuration parameters and retrieve data from the AP and SM modules Also if enabled when an event occurs the SNMP agent...

Page 125: ...PMP 450 Configuration and User Guide Task 7 Setting up SNMP agent pmp 0050 May 2012 2 93 SNMP Tab of the AP Table 42 SNMP tab of the AP You may set the SNMP tab parameters as follows...

Page 126: ...g IP Subnet Mask 1 to 10 Specify the addresses that are allowed to send SNMP requests to this AP The NMS has an address that is among these addresses this subnet You must enter both The network IP add...

Page 127: ...rap Enable Session Status If you want session status traps sent to Prizm or an NMS select Enabled Site Information Viewable to Guest Users Operators can enable or disable site information from appeari...

Page 128: ...Task 7 Setting up SNMP agent Chapter 2 Configuration and alignment 2 96 pmp 0050 May 2012 SNMP Tab of the SM Table 44 SNMP tab of SM...

Page 129: ...SNMP Community String 1 to be the password for Prizm for example to have read write access to the module via SNMP or for all SNMP access to the module to be read only SNMP Community String 2 Read Onl...

Page 130: ...dress subnet mask combinations RECOMMENDATION The subscriber can access the SM by changing the subscriber device to the accessing subnet This hazard exists because the Community String and Accessing S...

Page 131: ...d can be polled by Prizm or an NMS The buffer size for this field is 128 characters Site Contact Enter contact information for the module administrator This parameter is written into the sysContact SN...

Page 132: ...o send system messages to a syslog server An example of a syslog message that would be sent from a radio is as follows 6 1 2011 05 13T12 28 31Z 169 245 1 1 BOM System Startup By default syslog is disa...

Page 133: ...sector to learn the enabling or disabling syslog messages transmission setting at registration In order for the SM to use this information from the AP the SM must be configured to learn syslog settin...

Page 134: ...anagement interface from a device situated above the AP the SM s Network Accessibility parameter located in the web GUI at Configuration IP may be set to Public Figure 18 SM IP Configuration page Acce...

Page 135: ...ade in the module Where additional security is more important than ease of network administration you can disable all remote access to a module as follows After this procedure no access to the module...

Page 136: ...n be disabled as follows After this procedure access to the module is possible through HTTP SNMP FTP or telnet over an RF link To reinstate all remote access to the module perform the following steps...

Page 137: ...the AP interface select Home 3 Click the Session Status tab Figure 21 AP Session Status page 4 Find the Session Count line under the MAC address of the SM 5 Check and note the values for Session Coun...

Page 138: ...the AP for downlink The applicable set of Uplink Burst Allocation and Downlink Burst Allocation parameters determine the number of tokens that can fill each bucket When the SM transmits or the AP tra...

Page 139: ...be enforced for the SM can be calculated as shown in Figure 23 Figure 23 Uplink and downlink rate cap adjustment example uplink cap enforced 2 000 kbps x 7 000 kbps 2 000 kbps 10 000 kbps 1 167 kbps d...

Page 140: ...icant refill at the Sustained Data Rate This configuration uses the advantage of the settable Burst Allocation If both the Burst Allocation and the Sustained Data Rate are set to 128 kb a burst is lim...

Page 141: ...of the Diffserv tab in the Configuration page and parameter descriptions are provided under DiffServ Tab of the AP on Page 2 116 This tab and its rules are identical from module type to module type H...

Page 142: ...me Spreading Support for Transmit Frame Spreading feature In Release 7 0 and later CIR Capability In all releases Power requirements affect the recommended maximums for power cord length feeding the C...

Page 143: ...CIR settings o Low Priority Uplink CIR o Low Priority Downlink CIR o Hi Priority Uplink CIR o Hi Priority Downlink CIR Table 49 Recommended combined settings for typical operations Most operators who...

Page 144: ...those previously set or if none ever were then the default values Where Authentication Server is the indication values in the SM are disregarded Where SM is the indication values that Authentication S...

Page 145: ...Configuration page shows Allow Learning Yes This selection Authentication Server SM is not recommended where Prizm manages the VLAN feature in SMs Quality of Service QoS Tab of the AP Figure 24 Quali...

Page 146: ...rate at which the AP should be replenished with credits tokens for transmission to each of the SMs in its sector This default imposes no restriction on the uplink See Maximum Information Rate MIR Para...

Page 147: ...lt Broadcast Downlink CIR is closely related to the Broadcast Repeat Count parameter which is settable in the Radio tab of the Configuration page in the AP when the Broadcast Repeat Count is changed t...

Page 148: ...orities Consistent with RFC 2474 CodePoint 0 is predefined to a fixed priority value of 0 low priority channel CodePoint 48 is predefined to a fixed priority value of 6 high priority channel CodePoint...

Page 149: ...02 1p or DiffServ priority bits should be used first when making priority decisions PPPoE Control Message Priority Operators may configure the SM to utilize the high priority channel for PPPoE control...

Page 150: ...e SM you may set the following parameters Table 55 AP Quality of Service attributes Attribute Meaning Sustained Uplink Data Rate Specify the rate that this SM is replenished with credits for transmiss...

Page 151: ...more See Maximum Information Rate MIR Parameters on page 2 106 Interaction of Burst Allocation and Sustained Data Rate Settings on page 2 108 Configuration Source on page 2 42 Downlink Burst Allocatio...

Page 152: ...ty Uplink CIR See High priority Bandwidth on page 2 108 Committed Information Rate on page 2 107 Configuration Source on page 2 42 Hi Priority Downlink CIR See High priority Bandwidth on page 2 108 Co...

Page 153: ...he same as 802 1p VLAN priorities Consistent with RFC 2474 CodePoint 0 is predefined to a fixed priority value of 0 low priority channel CodePoint 48 is predefined to a fixed priority value of 6 high...

Page 154: ...from the RADIUS server when an SM registers to an AP SM Accounting provides support for RADIUS accounting messages for usage based billing This accounting includes indications for subscriber session e...

Page 155: ...hared key authentication option In this case an identical key must be entered in the Authentication Key field on the AP s Configuration Security tab and in the Authentication Key field on each desired...

Page 156: ...will not register to an AP that has any Authentication Mode other than RADIUS AAA selected If it is desired that an SM use the authentication method configured on the AP it is registering to set Enfor...

Page 157: ...s must match the Phase 1 Outer Identity username configured in the RADIUS server The default Phase 1 Outer Identity Username is anonymous The Username can be up to 128 non special no diacritical marki...

Page 158: ...n factory software installation The default certificates are not secure and are intended for use during lab and field trials as part of gaining experience with the RADIUS functionalities or as an opti...

Page 159: ...0 supports distribution of certificates to SMs Please see the CNUT documentation for additional information the CNUT documentation may be found on the Cambium support website http www cambiumnetworks...

Page 160: ...dictionary file that defines Vendor Specific Attributes VSAa Default certificate files and the dictionary file are available from the software site www cambiumnetworks com support pmp software after...

Page 161: ...upport pmp software The RADIUS dictionary file defines the VSAs and their values and is usually imported into the RADIUS server as part of server and database setup Assigning SM management IP addressi...

Page 162: ...ize MS MPPE Send Key 26 311 16 Y MS MPPE Recv Key 26 311 17 Y Motorola Canopy LPULCIR 26 161 1 integer N 0 20000 kbps Configuration Quality of Service Low Priority Uplink CIR 0 kbps 32 bits Motorola C...

Page 163: ...LSMMGPASS 26 161 23 integer N 0 disable 1 enable Configuration VLAN SM Management VID Pass through 1 32 bits Motorola Canopy BCASTMIR 26 161 24 integer N 0 50000 kbps 0 disabled Configuration Quality...

Page 164: ...f Allow Local Login after Reject from AAA determines if the local user database is checked or not If the configured servers do not respond within 2 minutes then the local user database is used The suc...

Page 165: ...med Remote Authentication by the centralized RADIUS server is required to gain access to the SM if the SM is registered to an AP that has RADIUS AAA Authentication Mode selected For up to 2 minutes a...

Page 166: ...User Authentication Mode A given AP or SM can be configured for both either or neither RADIUS Device Data Accounting PMP 450 systems include support for RADIUS accounting messages for usage based bill...

Page 167: ...nitial value is SM MAC and increments after every start message sent of an in session SM Acct Input Octets Sum of the input octets received at the SM over regular data VC and the high priority data VC...

Page 168: ...m update counts are cumulative over the course of the session Acct Session Id Unique per AP session Initial value is SM MAC and increments after every start message sent of an in session SM Acct Input...

Page 169: ...user logs in or out of the radio only Data Usage messages or both When Data Accounting is enabled the operator must specify the interval of when the data accounting messages are sent 0 disabled or in...

Page 170: ...dent feature it was designed to work alongside with the RADIUS data usage accounting messages If a user is over their data usage limit the network operator can reject the user from staying in the netw...

Page 171: ...rators must configure Framed IP Address in RADIUS If Framed IP Address is not configured but Framed IP Netmask and or Motorola Canopy Gateway is configured the attributes will be ignored In the case w...

Page 172: ......

Page 173: ...PMP 450 Configuration and User Guide pmp 0050 May 2012 3 1 Chapter 3 Reference information...

Page 174: ...the 5725 5850 MHz ISM band 5780APC 17 dBi Connectorized 19 dBm 10 MHz channels centered on 5730 5845 in 5 MHz increments within the 5725 5850 MHz ISM band 20 MHz channels centered on 5735 5840 in 5 M...

Page 175: ...dBm 10 MHz channels centered on 5730 5845 in 5 MHz increments within the 5725 5850 MHz ISM band 20 MHz channels centered on 5735 5840 in 5 MHz increments within the 5725 5850 MHz ISM band ABZ89FT7635...

Page 176: ...FCC and ICC Information Chapter 3 Reference information 3 4 pmp 0050 May 2012 20 MHz channels centered on 5735 5840 in 5 MHz increments within the 5725 5850 MHz ISM band...

Page 177: ...TX Default Setting Antenna Gain 18 dBi 1dB cable loss Max EIRP Tx Antenna Gain PMP 450 AP 5 8 GHz OFDM FSK 5 MHz United States and Canada 30 to 19 dBm 19 dBm 17 dBi 36 dBm Europe and India 30 to 13 d...

Page 178: ......

Page 179: ...th Canada limits for the general population See Safety Code 6 on the Health Canada web site at http www hc sc gc ca ICNIRP International Commission on Non Ionizing Radiation Protection guidelines for...

Page 180: ...56 cm 150 cm 60 in 7 The Recommended Distances are chosen to give significant compliance margin in all cases They are also chosen so that an OFDM module has the same exposure distance as a Canopy mod...

Page 181: ...defines the contents of frames that are transferred through Ethernet connections Each of these frames contains a preamble the address to which the frame is sent the address that sends the frame the l...

Page 182: ...Information Base file that defines objects that are specific to the Access Point Module or Backhaul timing master See also Management Information Base ARP Address Resolution Protocol A protocol define...

Page 183: ...e also NAT Bridge Entry Timeout Field Value that the operator sets as the maximum interval for no activity with another module whose MAC address is the Bridge Entry This interval should be longer than...

Page 184: ...link option that uses secret 56 bit keys and 8 parity bits Data Encryption Standard DES performs a series of bit permutations substitutions and recombination operations on blocks of data Date of Last...

Page 185: ...ata in the SQL database in the Bandwidth and Authentication Manager BAM server This field identifies the date of the most recent authentication attempt by the SM DMZ Demilitarized Zone as defined in R...

Page 186: ...nstalled on the module this file activates the module to have the feature enabled or disabled in a separate operator action Field programmable Gate Array Array of logic relational data and wiring data...

Page 187: ...interface High priority Channel Channel that supports low latency traffic such as Voice over IP over low latency traffic such as standard web traffic and file downloads To recognize the latency toler...

Page 188: ...of whether Subscriber Modules have the Network Address Translation feature NAT enabled they support VPNs that are based on this protocol Late Collision Field This field displays how many late collisio...

Page 189: ...Address Hardware address that the factory assigns to the module for identification in the Data Link layer interface of the Open Systems Interconnection system This address serves as an electronic seri...

Page 190: ...on Base OptiPlex A trademark of Dell Inc OSS Operations support system such as a customer relationship management CRM billing or provisioning system The application programming interface API for Prizm...

Page 191: ...Address Translation NAT feature enabled Subscriber Modules support VPNs that are based on this protocol Prizm The software product that allows users to partition their entire networks into criteria b...

Page 192: ...y Selection DFS standard that is required by law or regulatory to apply or no DFS based on the frequency band range and the selected region Registrations MIB Management Information Base file that defi...

Page 193: ...D in the module In the Access Point Module and Backhaul timing master this LED is unused In the operating mode for a Subscriber Module or a Backhaul timing slave this LED flashes on and off to indicat...

Page 194: ...nagement CRM billing or provisioning system SSE Bandwidth and Authentication Manager BAM interface to the SQL server Unique sets of commands are available on this interface to manage the BAM SQL datab...

Page 195: ...and Port 9090 tcp for Engine telnet communications TDD Time Division Duplexing Synchronized data transmission with some time slots allocated to devices transmitting on the uplink and some to the devic...

Page 196: ...RFC 768 defines These protocols include checksum and address information but does not retransmit data or process any errors See http www faqs org rfcs rfc768 html UDP User defined type of port U NII U...

Reviews:

No comments