Cambium Networks PMP 450 Configuration And User's Manual
  1. Manuals
  2. Brands
  3. Cambium Networks Manuals
  4. Wireless Access Point
  5. PMP 450
  6. Configuration and user's manual

Cambium Networks PMP 450 Configuration And User's Manual

Outdoor access point
Hide thumbs Also See for PMP 450:
Table of Contents

Quick Links

See also: User Manual
Cambium
PMP 450 Configuration and
User Guide
System Release 12.0
Table of Contents
loading

Related Manuals for Cambium Networks PMP 450

Summary of Contents for Cambium Networks PMP 450

  • Page 1 Cambium PMP 450 Configuration and User Guide System Release 12.0...
  • Page 2 Accuracy While reasonable efforts have been made to assure the accuracy of this document, Cambium Networks assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein. Cambium reserves the right to make changes to any products described herein to improve reliability, function, or design, and reserves the right to revise this document and to make changes from time to time in content hereof with no obligation to notify any person of revisions or changes.

  • Page 3: Safety And Regulatory Information

    Exercise extreme care when working at heights. Grounding and protective earth PMP 450 units must be properly grounded to protect against lightning. It is the user‘s responsibility to install the equipment in accordance with national regulations. In the USA, follow Section 810 of the National Electric Code, ANSI/NFPA No.70-1984 (USA).
  • Page 4 Install the units so as to provide and maintain the minimum separation distances from all persons. Important regulatory information The PMP 450 product is certified as an unlicensed device in frequency bands where it is not allowed to cause interference to licensed services (called primary users of the bands).
  • Page 5 Other variants of the PMP 450 are available for use in the rest of the world, but these variants are not supplied to the USA or Canada except under strict controls, when they are needed for export and deployment outside the USA or Canada.

  • Page 7: Table Of Contents

    Warnings, cautions, and notes ..........................1-14 Caring for the environment ............................ 1-15 Chapter 1: Legal information ..................1-1 Cambium Networks end user license agreement ....................... 1-2 Acceptance of this agreement ..........................1-2 Definitions ................................. 1-2 Grant of license ..............................1-2 Conditions of use ...............................
  • Page 8 Contents Task 1: Connecting to the unit ..........................2-3 Configuring the management PC ........................2-3 Connecting to the PC and powering up ......................2-5 Logging into the web interface .......................... 2-5 Task 2: Configuring IP and Ethernet interfaces ....................... 2-6 Configuring the AP IP interface ........................
  • Page 9 DiffServ Tab of the SM ..........................2-120 Task 12: Configuring a RADIUS server ....................... 2-122 Understanding RADIUS for PMP 450 ......................2-122 Choosing Authentication Mode and Configuring for Authentication Servers - AP ........2-123 SM Authentication Mode – Require RADIUS or Follow AP ..............2-124 Handling Certificates .............................
  • Page 10 Contents Transmitter Output Power ............................3-5 Exposure Separation Distances ..........................3-1 Details of Exposure Separation Distances Calculations and Power Compliance Margins ......... 3-1 Appendix A: Glossary ....................A-1 pmp-0050 (May 2012)
  • Page 11 PMP 450 Configuration and User Guide List of Figures Figure 1 NAT tab of the SM with NAT disabled ......................2-10 Figure 2 IP tab of the SM with NAT disabled ......................2-14 Figure 3 NAT tab of the SM with NAT enabled ......................2-16 Figure 4 IP tab of SM with NAT enabled ........................
  • Page 12 List of Tables List of Tables Table 1 IP interface attributes......................... 2-8 Table 2 SM DNS Options with NAT Disabled ..................2-11 Table 3 SM with NAT disabled - NAT attributes .................. 2-11 Table 4 SM with NAT disabled - IP attributes ..................2-14 Table 5 SM DNS Options with NAT Enabled ..................
  • Page 13 Table 61 Device re-authentication configuration ................. 2-138 Table 62 US FCC IDs and Industry Canada Certification Numbers and Covered Configurations ..3-2 Table 63 PMP 450 AP transmitter output power ..................3-5 Table 64 Exposure Separation Distances ....................3-1 Table 65 Calculated Exposure Distances and Power Compliance Margins ..........3-2...

  • Page 14: About This Configuration And User Guide

    General information Chapter 1: Legal information About This Configuration and User Guide This guide describes the configuration of the Cambium PMP 450 Series of point-to-multipoint wireless equipment deployment. It is intended for use by the system administrator. pmp-0050 (May 2012)

  • Page 15: General Information

    PMP 450 Configuration and User Guide General information General information Version information The following shows the issue status of this document since it was first released: Issue Date of Remarks issue 000v001 Jan 2012 System Release 12.0 Contacting Cambium Networks PMP support website: http://www.cambiumnetworks.com/support...
  • Page 16 Chapter 1: Legal information Purpose Cambium Networks Point-To-Multipoint (PMP) documents are intended to instruct and assist personnel in the operation, installation and maintenance of the Cambium PMP equipment and ancillary devices. It is recommended that all personnel engaged in such activities be properly trained.

  • Page 17: Problems And Warranty

    Any available diagnostic downloads. Escalate the problem by emailing or telephoning support. See ‗Contacting Cambium Networks‘ for URLs, email addresses and telephone numbers. Repair and service If unit failure is suspected, obtain details of the Return Material Authorization (RMA) process from the support website.
  • Page 18 Problems and warranty Chapter 1: Legal information Portions of Cambium equipment may be damaged from exposure to electrostatic discharge. Use precautions to prevent damage. pmp-0050 (May 2012) 1-12...

  • Page 19: Security Advice

    Security advice Security advice Cambium Networks systems and equipment provide security parameters that can be configured by the operator based on their particular operating environment. Cambium recommends setting and using these parameters following industry recognized security practices. Security aspects to be considered are protecting the confidentiality, integrity, and availability of information and assets.

  • Page 20: Warnings, Cautions, And Notes

    Chapter 1: Legal information Warnings, cautions, and notes The following describes how warnings and cautions are used in this document and in all documents of the Cambium Networks document set. Warnings Warnings precede instructions that contain potentially hazardous situations. Warnings are used to alert the reader to possible hazards that could cause loss of life or physical injury.

  • Page 21: Caring For The Environment

    Caring for the environment The following information describes national or regional requirements for the disposal of Cambium Networks supplied equipment and for the approved disposal of surplus packaging. In EU countries The following information is provided to enable regulatory compliance with the European Union (EU) directives identified and any amendments made to these directives when using Cambium equipment in EU countries.

  • Page 23: Chapter 1: Legal Information

    PMP 450 Configuration and User Guide Caring for the environment Chapter 1: Legal information This chapter provides legal notices including software license agreements. Intentional or unintentional changes or modifications to the equipment must not be made unless under the express consent of the party responsible for compliance. Any such modifications could void the user‘s authority to operate the equipment and will void the...

  • Page 24: Cambium Networks End User License Agreement

    Grant of license Cambium Networks Limited (―Cambium‖) grants you (―Licensee‖ or ―you‖) a personal, nonexclusive, non-transferable license to use the Software and Documentation subject to the Conditions of Use set forth in ―Conditions of use‖ and the terms and conditions of this Agreement.

  • Page 25: Conditions Of Use

    PMP 450 Configuration and User Guide Cambium Networks end user license agreement Conditions of use Any use of the Software and Documentation outside of the conditions set forth in this Agreement is strictly prohibited and will be deemed a breach of this Agreement.

  • Page 26: Title And Restrictions

    Cambium Networks end user license Chapter 1: Legal information agreement Title and restrictions If you transfer possession of any copy of the Software and Documentation to another party outside of the terms of this agreement, your license is automatically terminated. Title and copyrights to the Software and Documentation and any copies made by you remain with Cambium and its licensors.

  • Page 27: Right To Use Cambium's Name

    PMP 450 Configuration and User Guide Cambium Networks end user license agreement Right to use Cambium’s name Except as required in “Conditions of use‖, you will not, during the term of this Agreement or thereafter, use any trademark of Cambium, or any word or symbol likely to be confused with any Cambium trademark, either alone or in any combination with another word or words.

  • Page 28: Disclaimer

    Cambium Networks end user license Chapter 1: Legal information agreement Disclaimer CAMBIUM DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR IN ANY COMMUNICATION WITH YOU. CAMBIUM SPECIFICALLY DISCLAIMS ANY WARRANTY INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILTY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.

  • Page 29: U.s. Government

    PMP 450 Configuration and User Guide Cambium Networks end user license agreement U.S. government If you are acquiring the Product on behalf of any unit or agency of the U.S. Government, the following applies. Use, duplication, or disclosure of the Software and Documentation is subject to the restrictions set forth in subparagraphs (c) (1) and (2) of the Commercial Computer Software –...

  • Page 30: Survival Of Provisions

    Cambium Networks end user license Chapter 1: Legal information agreement Survival of provisions The parties agree that where the context of any provision indicates an intent that it survives the term of this Agreement, then it will survive. Entire agreement This agreement contains the parties’...

  • Page 31: Hardware Warranty

    PMP 450 Configuration and User Guide Hardware warranty Hardware warranty Cambium‘s standard hardware warranty is for one (1) year from date of shipment from Cambium or a Cambium Point-To-Point Distributor. Cambium warrants that hardware will conform to the relevant published specifications and will be free from material defects in material and workmanship under normal use and service.

  • Page 32: Limit Of Liability

    Limit of liability Chapter 1: Legal information Limit of liability IN NO EVENT SHALL CAMBIUM NETWORKS BE LIABLE TO YOU OR ANY OTHER PARTY FOR ANY DIRECT, INDIRECT, GENERAL, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR OTHER DAMAGE ARISING OUT OF THE USE...

  • Page 33: Chapter 2: Configuration And Alignment

    PMP 450 Configuration and User Guide Chapter 2: Configuration and alignment This chapter describes all configuration and alignment tasks that are performed when a PMP 450 link is deployed. Observe the precautions in Preparing for configuration and alignment on page 2-2.

  • Page 34: Preparing For Configuration And Alignment

    Preparing for configuration and Chapter 2: Configuration and alignment alignment Preparing for configuration and alignment This section describes the checks to be performed before proceeding with unit configuration and antenna alignment. Safety precautions during configuration and alignment All national and local safety standards must be followed while configuring the units and aligning the antennas. Ensure that personnel are not exposed to unsafe levels of RF energy.

  • Page 35: Task 1: Connecting To The Unit

    Logging into the web interface on page Configuring the management PC To configure the local management PC to communicate with the PMP 450 AP or SM, proceed as follows: Select Properties for the Ethernet port. Select the Internet Protocol (TCP/IP) item: Click on Properties.
  • Page 36 Task 1: Connecting to the unit Chapter 2: Configuration and alignment Enter an IP address that is valid for the 169.254.X.X network, avoiding: 169.254.0.0 and 169.254.1.1 and 169.254.1.2 A good example is 169.254.1.3: Enter a subnet mask of 255.255.255.0. Leave the default gateway blank. pmp-0050 (May 2012)

  • Page 37: Connecting To The Pc And Powering Up

    Task 1: Connecting to the unit Connecting to the PC and powering up To connect the PMP 450 AP or SM to the PC and power up the unit, proceed as follows: Check that the AP/SM and the associated power supply are correctly connected.

  • Page 38: Task 2: Configuring Ip And Ethernet Interfaces

    Configuring the AP IP interface The IP interface allows users to connect to the PMP 450 web interface, either from a locally connected computer or from a management network. To configure the Ethernet link to run at a fixed speed and duplex, leave Ethernet Auto Negotiation set to ‗Enabled‘...
  • Page 39 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces To configure the IP interface, proceed as follows Select menu option System, Configuration, LAN Configuration. The LAN configuration page is displayed: Update IP Address, Subnet Mask and Gateway IP Address to meet network requirements (as specified by the network administrator).

  • Page 40: Table 1 Ip Interface Attributes

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Select Save. The ―Reboot Required‖ message is displayed: Select Reboot. Table 1 IP interface attributes Attribute Meaning IP Address Internet protocol (IP) address. This address is used by the family of Internet protocols to uniquely identify this unit on a network.
  • Page 41 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Alternate DNS Server Upon failure to reach the Preferred DNS server, the Alternate DNS Server is used. Domain Name The operator‘s management domain name may be configured for DNS. The domain name configuration can be used for configuration of the servers in the operator‘s network.

  • Page 42: Nat Tab Of The Sm With Nat Disabled

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces NAT tab of the SM with NAT disabled Figure 1 NAT tab of the SM with NAT disabled pmp-0050 (May 2012) 2-10...

  • Page 43: Table 2 Sm Dns Options With Nat Disabled

    PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces SM NAT DNS Considerations SM DNS behavior is different depending on the accessibility of the SM. When NAT is disabled the DNS configuration that is discussed in this document is tied to LAN1 interface, and only functions if the device is publicly accessible.
  • Page 44 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning WAN Interface, Subnet Mask This field displays the subnet mask for the SM. DHCP Server will not automatically assign this address when NAT is disabled. WAN Interface, Gateway IP This field displays the gateway IP address for the SM.
  • Page 45 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Remote Configuration This parameter is not configurable when NAT is disabled. Interface, Subnet Mask Remote Configuration This parameter is not configurable when NAT is disabled.

  • Page 46: Ip Tab Of The Sm With Nat Disabled

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces IP tab of the SM with NAT disabled Figure 2 IP tab of the SM with NAT disabled In the IP tab of an SM with NAT disabled, you may set the following parameters. Table 4 SM with NAT disabled - IP attributes Attribute Meaning...
  • Page 47 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning LAN1 Network Interface If you select Enabled, the DHCP server automatically assigns the IP Configuration, DHCP state configuration (IP address, subnet mask, and gateway IP address) and the values of those individual parameters (above) are not used.

  • Page 48: Nat Tab Of The Sm With Nat Enabled

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces NAT tab of the SM with NAT enabled Figure 3 NAT tab of the SM with NAT enabled pmp-0050 (May 2012) 2-16...

  • Page 49: Table 5 Sm Dns Options With Nat Enabled

    PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces SM NAT DNS Considerations SM DNS behavior is different depending on the accessibility of the SM. When NAT is enabled the DNS configuration that is discussed in this document is tied to the RF Remote Configuration Interface, which must be enabled to utilize DNS Client functionality.
  • Page 50 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning WAN Interface, Connection This parameter may be set to Type Static IP—when this is the selection, the following three parameters (IP Address, Subnet Mask, and Gateway IP Address) must all be properly populated.
  • Page 51 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning LAN DHCP Server, DHCP Select either Server Enable/Disable Enabled to allow this SM to assign IP addresses, subnet masks, and gateway IP addresses to attached devices.
  • Page 52 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning Remote Configuration Interface The Remote Configuration interface is the RF-side address for management by an EMS or NMS (Prizm or WM, for example). Remote Configuration When this interface is Disabled, the SM is not directly accessible by IP Interface, Interface address, and management access is only through either Enable/Disable...

  • Page 53: Ip Tab Of The Sm With Nat Enabled

    PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces IP tab of the SM with NAT enabled Figure 4 IP tab of SM with NAT enabled In the IP tab of an SM with NAT enabled, you may set the following parameters.

  • Page 54: Vlan Tab Of The Ap

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces VLAN Tab of the AP Figure 5 VLAN tab of the AP In the VLAN tab of the AP, you may set the following parameters. Table 8 SM with NAT enabled - IP attributes Attribute Meaning VLAN...
  • Page 55 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Dynamic Learning Specify whether the AP should (Enabled) or should not (Disabled) add the VLAN IDs (VIDs) of upstream frames to the VID table. (The AP passes frames with VIDs that are stored in the table both upstream and downstream.) The default value is...
  • Page 56 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning Port VID This is the VID that the AP will use for tagging frames of the type specified by Allow Frame Types. Management VID This is the value of the parameter of the same name, configured above.
  • Page 57 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Current VID Member Set, For each VID number in the first column of the table, the entry in this column reflects whether or when the VID number will time out: for Permanent type—the number will never time out, and...

  • Page 58: Vlan Membership Tab Of The Ap

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces VLAN Membership Tab of the AP Table 9 VLAN Membership tab of the AP You may set the VLAN Membership tab parameter as follows. Table 10 AP VLAN Membership attributes Attribute Meaning VLAN Membership Table...

  • Page 59: Vlan Tab Of The Sm

    PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces VLAN Tab of the SM Table 11 VLAN tab of the SM In the VLAN tab of an SM, you may set the following parameters. Table 12 SM VLAN attributes...
  • Page 60 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning VLAN Port Type By default this will be simply Q, indicating that it is to operate in the existing manner. The other option is Q-in-Q, which indicates that it should be adding and removing the S-Tag, and adding a C-Tag if necessary for untagged packets.
  • Page 61 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Default Port VID This is the VID that will be used for untagged frames and will correspond to the Q-Tag for 802.1Q frames (if VLAN Port Type is Q), or the C-Tag for 802.1ad frames (if the VLAN Port Type is...
  • Page 62 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning Active Configuration, SM This is the value of the parameter of the same name, configured Management VID Pass- above. Through Active Configuration, This is the value of the VLAN Aging Timeout parameter Dynamic Ageing Timeout configured above.

  • Page 63: Vlan Membership Tab Of The Sm

    PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning Active Configuration, For each VID number in the first column of the table, the entry Current VID Member Set, in this column reflects whether or when the VID number will time out: for Permanent type—the number will never time out, and this is...

  • Page 64: Pppoe Tab Of The Sm

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces In the VLAN Membership tab, you may set the following parameter. Table 13 SM VLAN Membership attributes Attribute Meaning VLAN Membership Table For each VLAN in which you want the AP to be a member, Configuration enter the VLAN ID and then click the Add Member button.

  • Page 65: Table 15 Sm Pppoe Attributes

    PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces When PPPoE is enabled, once the RF session comes up between the SM and the AP, the SM will immediately attempt to connect to the PPPoE Server. You can monitor the status of this by viewing the PPPoE Session Log in the Logs section (Administrator only).
  • Page 66 Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces Attribute Meaning Password This is the CHAP/PAP password that will be used if PAP authentication is selected. If None is selected for authentication then this field is unused. This is limited to 32 characters.
  • Page 67 PMP 450 Configuration and User Guide Task 2: Configuring IP and Ethernet interfaces Attribute Meaning TCP MSS Clamping If this is enabled, then the SM will alter TCP SYN and SYN- ACK packets by changing the Maximum Segment Size to be compatible with the current MTU of the PPPoE link.

  • Page 68: Nat Port Mapping Tab Of The Sm

    Task 2: Configuring IP and Ethernet Chapter 2: Configuration and alignment interfaces NAT Port Mapping Tab of the SM An example of the NAT Port Mapping tab in an SM is displayed in Error! Reference source not found.. Table 16 NAT Port Mapping tab of the SM In the NAT Port Mapping tab of the SM, you may set the following parameters.

  • Page 69: Task 3: Upgrading The Software Version And Using Cnut

    Note the installed Software Version (near the top of the page): Go to the support website (see Contacting Cambium Networks on page 1-9) and find Point-to- Multipoint software updates. Check that the latest PMP 450 software version (for example 13.0) is the same as the installed Software Version.
  • Page 70 Task 3: Upgrading the software Chapter 2: Configuration and alignment version and using CNUT CNUT functions The Canopy Network Updater Tool automatically discovers all network elements executes a UDP command that initiates and terminates the Autoupdate mode within APs. This command is both secure and convenient: For security, the AP accepts this command from only the IP address that you specify in the Configuration page of the AP.
  • Page 71 Java™ Runtime Version 2.0 or later (installed by the CNUT installation tool) CNUT download CNUT can be downloaded from the Cambium support website (see Contacting Cambium Networks on page Upgrading a module prior to deployment To upgrade to a new software version, proceed as follows: Go to the support website (see Contacting Cambium Networks on page 1-9) and find Point-to- Multipoint software updates.
  • Page 72 Task 3: Upgrading the software Chapter 2: Configuration and alignment version and using CNUT Make sure that the proper Installation Package is active with the Package Manager dialogue (located at Update, Manage Packages). To verify connectivity with the radio, perform a Refresh, Discover Entire Network operation (located at View, Refresh/Discover Entire Network).

  • Page 73: Task 4: Configuring General And Unit Settings

    PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Task 4: Configuring General and Unit settings General Tab of the AP Table 18 General tab of the AP The General tab of the AP contains many of the configurable parameters that define how the AP and the SMs in the sector operate.

  • Page 74: Table 19 Sm Pppoe Attributes

    Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Table 19 SM PPPoE attributes Attribute Meaning Device Setting You can temporarily transform an AP into an SM and thereby use the spectrum analyzer functionality. Otherwise, the selection for this parameter is AP.
  • Page 75 PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Attribute Meaning Region Code From the drop-down list, select the region in which the radio is operating. Selectable regions are: Australia Brazil Canada Europe India Indonesia Russia...
  • Page 76 Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Attribute Meaning Send Untranslated ARP If the Translation Bridging parameter is set to Enabled, then the Send Untranslated ARP parameter can be disabled, so that the AP will overwrite the MAC address in Address Resolution Protocol (ARP) packets before forwarding them.
  • Page 77 PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Attribute Meaning Multicast Destination Using Link Layer Discovery Protocol (LLDP), a module exchanges Address multicast addresses with the device to which it is wired on the Ethernet interface. Although some switches (CMMmicro, for...

  • Page 78: Unit Settings Tab Of The Ap

    Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Unit Settings Tab of the AP Table 20 Unit Settings tab of the AP The Unit Settings tab of the AP contains an option for how the AP should react when it detects a connected override plug.

  • Page 79: General Tab Of The Sm

    PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Attribute Meaning Undo Unit-Wide Saved When you click this button, any changes that you made in any tab Changes but did not commit by a reboot of the module are undone.
  • Page 80 Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Attribute Meaning Ethernet Link Enable/Disable Specify whether to enable or disable Ethernet/802.3 connectivity on the wired port of the SM. This parameter has no effect on the wireless link. When you select Enable, this feature allows traffic on the Ethernet/802.3 port.
  • Page 81 PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Attribute Meaning Bridge Entry Timeout Specify the appropriate bridge timeout for correct network operation with the existing network infrastructure. Timeout occurs when the AP encounters no activity with the SM (whose MAC address is the bridge entry) within the interval that this parameter specifies.
  • Page 82 Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Attribute Meaning Dynamic Rate Adapt This parameter is present in only PMP 400 Series (OFDM) SMs. Whatever value that you set in this parameter is overridden by a lock-down to 1X or 2X operation, if that is configured in the AP.

  • Page 83: Unit Settings Tab Of The Sm

    PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Unit Settings Tab of the SM Table 24 Unit Settings tab of the SM The Unit Settings tab of the SM contains an option for how the SM should react when it detects a connected override plug.

  • Page 84: Table 25 Sm Unit Settings Attributes

    Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Table 25 SM Unit Settings attributes Attribute Meaning Set to Factory Defaults Upon If Enabled is checked, then an override/default plug functions Default Plug Detection as a default plug. When the module is rebooted with the plug inserted, it can be accessed at the IP address 169.254.1.1 and no password, and all parameter values are reset to defaults.

  • Page 85: Time Tab Of The Ap

    PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Time tab of the AP Table 26 Unit Settings tab of the SM You may set the time parameters as follows: Table 27 AP Time attributes Attribute...
  • Page 86 Task 4: Configuring General and Unit Chapter 2: Configuration and alignment settings Attribute Meaning NTP Server 1 (Name or IP To have each log in the AP correlated to a meaningful time Address) and date, either a reliable network element must pass time and date to the AP or you must set the time and date NTP Server 2 (Name or IP whenever a power cycle of the AP has occurred.
  • Page 87 PMP 450 Configuration and User Guide Task 4: Configuring General and Unit settings Attribute Meaning Date This field may be used to manually set the system date of the radio. pmp-0050 (May 2012) 2-55...

  • Page 88: Task 5: Configuring Security

    Task 5: Configuring security Chapter 2: Configuration and alignment Task 5: Configuring security Perform this task to configure the PMP 450 system in accordance with the network operator‘s security policy. Choose from the following procedures: Isolating APs from the internet...

  • Page 89: Encrypting Radio Transmissions

    PMP 450 Configuration and User Guide Task 5: Configuring security Encrypting radio transmissions Motorola fixed wireless broadband IP systems employ the following forms of encryption for security of the wireless link: DES–Data Encryption Standard, an over-the-air link option that uses secret 56-bit keys and 8 parity bits.

  • Page 90: Managing Module Access By Passwords

    Task 5: Configuring security Chapter 2: Configuration and alignment Canopy DES products cannot be upgraded to AES. To have the option of AES encryption, the operator must purchase AES products. Interoperability AES and DES products do not interoperate when enabled for encryption. For example, An AES AP with encryption enabled cannot communicate with DES SMs.

  • Page 91: Figure 7 General Status Tab View For Guest-Level Account

    PMP 450 Configuration and User Guide Task 5: Configuring security Figure 7 General Status tab view for GUEST-level account Figure 8 SM Add User tab After a password has been set for any ADMINISTRATOR-level account, initial access to the module GUI opens the view of GUEST level.

  • Page 92: Figure 9 Delete User Tab Of The Sm

    Task 5: Configuring security Chapter 2: Configuration and alignment Deleting a User from Access to a Module The Account => Delete User tab provides a drop-down list of configured users from which to select the user you want to delete. Figure 9 Delete User tab of the SM Accounts that cannot be deleted are the current user's own account.

  • Page 93: Requiring Sm Authentication

    PMP 450 Configuration and User Guide Task 5: Configuring security Figure 10 RJ-11 pinout for the override plug white / orange white / green white / blue green blue Pin 5 orange Pin 4 Using the Override Plug While the override plug is connected to a module, the module can neither register nor allow registration of another module.

  • Page 94: Filtering Protocols And Ports

    Task 5: Configuring security Chapter 2: Configuration and alignment authentication key, also known as authorization key and skey. This key matches in the SM and AP as the Authentication Key parameter, and in the Prizm database. random number, generated by Prizm or BAM and used in each attempt by an SM to register and authenticate.

  • Page 95: Figure 11 Categorical Protocol Filtering

    PMP 450 Configuration and User Guide Task 5: Configuring security Any or all of the following IPv4 (Internet Protocol version 4) protocols: SMB (Network Neighborhood) SNMP Up to 3 user-defined ports All other IPv4 traffic Uplink Broadcast ARP (Address Resolution Protocol)

  • Page 96: Encrypting Downlink Broadcasts

    Task 5: Configuring security Chapter 2: Configuration and alignment Protocol Port Filtered (Blocked) Selected SNMP Destination Ports 161 TCP and UDP, 162 TCP and UDP Bootp Client Source Port 68 UDP Bootp Server Source Port 67 UDP Encrypting downlink broadcasts An AP can be enabled to encrypt downlink broadcast packets such as the following: NetBIOS broadcast packets containing video data on UDP.

  • Page 97: Filtering Management Through Ethernet

    PMP 450 Configuration and User Guide Task 5: Configuring security Filtering management through Ethernet You can configure the SM to disallow any device that is connected to its Ethernet port from accessing the IP address of the SM. If you set the Ethernet Access Control parameter to Enabled, then no attempt to access the SM management interface (by http, SNMP, telnet, ftp, or tftp) through Ethernet can succeed.

  • Page 98: Reinstating Remote Access Capability

    Task 5: Configuring security Chapter 2: Configuration and alignment Where additional security is more important than ease of network administration, you can disable all remote access to a module as follows. After this procedure, no access to the module is possible through HTTP, SNMP, FTP, or telnet over an RF link.

  • Page 99: Security Tab Of The Ap

    PMP 450 Configuration and User Guide Task 5: Configuring security Security Tab of the AP Figure 13 Security tab of the AP In the Security tab of the AP, you may set the following parameters. pmp-0050 (May 2012) 2-67...

  • Page 100: Table 28 Ap Security Attributes

    Task 5: Configuring security Chapter 2: Configuration and alignment Table 28 AP Security attributes Attribute Meaning Authentication Mode If the AP has authentication capability, then you can use this field to select from among the following authentication modes: Disabled—the AP requires no SMs to authenticate. Authentication Server —the AP requires any SM that attempts registration to be authenticated in BAM or Prizm before registration.
  • Page 101 PMP 450 Configuration and User Guide Task 5: Configuring security Attribute Meaning Select Key This option allows operators to choose which authentication key is used: Use Key above means that the key specified in Authentication Key is used for authentication Use Default Key means that a default key (based off of the SM‘s MAC...

  • Page 102: Protocol Filtering Tab Of The Ap

    Task 5: Configuring security Chapter 2: Configuration and alignment Protocol Filtering tab of the AP Table 29 Protocol Filtering tab of the AP In the Protocol Filtering tab of the AP, you may set the following parameters. Table 30 AP Protocol Filtering attributes Attribute Meaning Packet Filter Types...

  • Page 103: Port Configuration Tab Of The Ap

    Task 5: Configuring security Port configuration tab of the AP PMP 450 devices support access to various communication protocols and only the ports required for these protocols are available for access by external entities. Operators may change the port numbers for these protocols via the radio GUI or SNMP.

  • Page 104: Security Tab Of The Sm

    Task 5: Configuring security Chapter 2: Configuration and alignment Security Tab of the SM Table 33 Security tab of the SM In the Security tab of the SM, you may set the following parameters. pmp-0050 (May 2012) 2-72...

  • Page 105: Table 34 Ap Security Attributes

    PMP 450 Configuration and User Guide Task 5: Configuring security Table 34 AP Security attributes Attribute Meaning Authentication Key Only if the AP to which this SM will register requires authentication, specify the key that the SM should use when authenticating. For alpha characters in this hex key, use only upper case.
  • Page 106 Task 5: Configuring security Chapter 2: Configuration and alignment Attribute Meaning Identity/Realm If Realms are being used, select Enable Realm and configure an outer identity in the Identity field and a Realm in the Realm field. These must match the Phase 1/Outer Identity and Realm configured in the RADIUS server.
  • Page 107 PMP 450 Configuration and User Guide Task 5: Configuring security Attribute Meaning Ethernet Access Control If you want to prevent any device that is connected to the Ethernet port of the SM from accessing the management interface of the SM, select Ethernet Access Disabled.

  • Page 108: Protocol Filtering Tab Of The Sm

    Task 5: Configuring security Chapter 2: Configuration and alignment Protocol Filtering Tab of the SM Table 35 Protocol Filtering tab of the SM In the Protocol Filtering tab of the SM, you may set the following parameters. Table 36 AP Protocol Filtering attributes Attribute Meaning pmp-0050 (May 2012)

  • Page 109: Port Configuration Tab Of The Sm

    NAT is enabled. Port configuration tab of the SM PMP 450 devices support access to various communication protocols and only the ports required for these protocols are available for access by external entities. Operators may change the port numbers for these protocols via the radio GUI or SNMP.

  • Page 110: Table 37 Sm Port Configuration Attributes

    Task 5: Configuring security Chapter 2: Configuration and alignment Table 37 SM Port Configuration attributes Attribute Meaning FTP Port The listen port on the device used for FTP communication. HTTP Port The listen port on the device used for HTTP communication. SNMP Port The listen port on the device used for SNMP communication.

  • Page 111: Task 6: Configuring Radio Parameters

    PMP 450 Configuration and User Guide Task 6: Configuring radio parameters Task 6: Configuring radio parameters Radio tab of the AP Figure 15 Radio tab of the AP The Radio tab of the AP contains some of the configurable parameters that define how the AP operates.
  • Page 112 Task 6: Configuring radio parameters Chapter 2: Configuration and alignment Attribute Meaning Alternate Frequency If your network operates in a region in which DFS shutdown capability is Carrier 1 required, and you do not see this parameter, perform the following steps: 1.
  • Page 113 1/16 cyclic prefix means that for every 16 bits of throughput data transmitted, an additional bit is used. PMP 450 radios use a default cyclic prefix of 1/4 that is configurable by the operator to 1/8 or 1/16. The cyclic prefix is set on the Configuration > Radio page of the AP.
  • Page 114 Task 6: Configuring radio parameters Chapter 2: Configuration and alignment Attribute Meaning This timer may be utilized to initiate SM rescans in order to register to an AP Subscriber Color Code configured with the SM‘s primary color code. Rescan (When not on a The time (in minutes) for a subscriber to rescan (if this AP is not configured Primary Color Code) with the SM‘s primary color code).
  • Page 115 APs in the cluster exactly the same, except as described in the NOTE admonition below. The default value of this parameter is 2 miles (3.2 km). For the PMP 450 Series AP, the typical maximum range achievable depends on the operation mode as follows: 5 miles (8 km) in 1X operation 2.5 miles (4 km) in 2X operation...
  • Page 116 Task 6: Configuring radio parameters Chapter 2: Configuration and alignment Attribute Meaning Specify the percentage of the aggregate throughput for the downlink (frames Downlink Data transmitted from the AP to the subscriber). For example, if the aggregate (uplink and downlink total) throughput on the AP is 6 Mb, then 75% specified for this parameter allocates 4.5 Mb for the downlink and 1.5 Mb for the uplink.

  • Page 117: Table 39: Control Slot Settings For All Ofdm Aps In Cluster

    PMP 450 Configuration and User Guide Task 6: Configuring radio parameters Attribute Meaning Control Slots Field results have indicated that, in general, systems perform better with a slightly higher number of control slots than previously recommended. If you are experiencing latency or SM-servicing issues, increasing the number of control slots may increase system performance, depending on traffic mix over time.
  • Page 118 Task 6: Configuring radio parameters Chapter 2: Configuration and alignment Attribute Meaning The default is 2 repeats (in addition to the original broadcast packet, for a Broadcast Repeat Count total of 3 packets sent for every one needed), and is settable to 1 or 0 repeats (2 or 1 packets for every broadcast).
  • Page 119 PMP 450 Configuration and User Guide Task 6: Configuring radio parameters Attribute Meaning SM Receive Target Level Each SM‘s Transmitter Output Power is automatically set by the AP. The AP monitors the received power from each SM, and adjusts each SM‘s Transmitter Output Power so that the received power at the AP from that SM is not greater what is set in this field.

  • Page 120: Table 40 Radio Tab Of Sm

    Task 6: Configuring radio parameters Chapter 2: Configuration and alignment Radio tab of the SM Table 40 Radio tab of SM In the Radio tab of the SM, you may set the following parameters. Table 41 SM Radio attributes Attribute Meaning Check any frequency that you want the SM to scan for AP transmissions.
  • Page 121 PMP 450 Configuration and User Guide Task 6: Configuring radio parameters Attribute Meaning Color Code 1 to 10 Color code allows you to force the SM to register to only a specific AP, even where the SM can communicate with multiple APs. For registration to occur, the color code of the SM and the AP must match.
  • Page 122 Task 6: Configuring radio parameters Chapter 2: Configuration and alignment Attribute Meaning Large VC data Q Certain applications such as video Surveillance cameras operate by sending bursts of IP traffic upstream. Some systems will send short bursts of packets at over 50 Mbps and then be idle for some period of time and then send another burst of data.
  • Page 123 PMP 450 Configuration and User Guide Task 6: Configuring radio parameters Attribute Meaning The professional installer of the equipment has the responsibility to Transmitter Output Power maintain awareness of applicable regulations. calculate the permissible transmitter output power for the module.

  • Page 124: Task 7: Setting Up Snmp Agent

    Operators may use SNMP commands to set configuration parameters and retrieve data from the AP and SM modules. Also, if enabled, when an event occurs, the SNMP agent on the PMP 450 sends a trap to whatever SNMP trap receivers have been configured.

  • Page 125: Snmp Tab Of The Ap

    PMP 450 Configuration and User Guide Task 7: Setting up SNMP agent SNMP Tab of the AP Table 42 SNMP tab of the AP You may set the SNMP tab parameters as follows. pmp-0050 (May 2012) 2-93...

  • Page 126: Table 43 Ap Snmp Attributes

    Task 7: Setting up SNMP agent Chapter 2: Configuration and alignment Table 43 AP SNMP attributes Attribute Meaning SNMP Community String Specify a control string that can allow an Network Management Station (NMS) to access SNMP information. No spaces are allowed in this string. The default string is Canopy.
  • Page 127 PMP 450 Configuration and User Guide Task 7: Setting up SNMP agent Attribute Meaning Trap Address 1 to 10 Specify ten or fewer IP addresses (xxx.xxx.xxx.xxx) or DNS names to which SNMP traps should be sent. Traps inform Prizm or an NMS that something has occurred.

  • Page 128: Snmp Tab Of The Sm

    Task 7: Setting up SNMP agent Chapter 2: Configuration and alignment SNMP Tab of the SM Table 44 SNMP tab of SM pmp-0050 (May 2012) 2-96...

  • Page 129: Table 45 Sm Snmp Attributes

    PMP 450 Configuration and User Guide Task 7: Setting up SNMP agent In the SNMP tab of the SM, you may set the following parameters. Table 45 SM SNMP attributes Attribute Meaning SNMP Community String Specify a control string that can allow an Network Management Station (NMS) to access SNMP information.
  • Page 130 Task 7: Setting up SNMP agent Chapter 2: Configuration and alignment Attribute Meaning Accessing IP / Subnet Mask Specify the addresses that are allowed to send SNMP requests to this SM. 1 to 10 Prizm or the NMS has an address that is among these addresses (this subnet). You must enter both The network IP address in the form xxx.xxx.xxx.xxx The CIDR (Classless Interdomain Routing) prefix length in the form /xx...
  • Page 131 PMP 450 Configuration and User Guide Task 7: Setting up SNMP agent Attribute Meaning Site Information Viewable Operators can enable or disable site information from appearing when a user is to Guest Users in GUEST account mode. Site Name Specify a string to associate with the physical module. This parameter is written into the sysName SNMP MIB-II object and can be polled by Prizm or an NMS.

  • Page 132: Task 8: Configuring Syslog

    Task 8: Configuring syslog Chapter 2: Configuration and alignment Task 8: Configuring syslog This task is only performed when system logging is required. Both the AP and the SM may be configured to send system messages to a syslog server. An example of a syslog message that would be sent from a radio is as follows: <6>1 2011-05-13T12:28:31Z 169.245.1.1 - - - - BOM******System Startup****** By default syslog is disabled on all devices.

  • Page 133: Configuring Sm System Logging (Syslog)

    PMP 450 Configuration and User Guide Task 8: Configuring syslog Table 46 Syslog Configuration attributes Attribute Meaning Syslog DNS Server To configure the AP to append or not append the DNS server name to the syslog Usage server name. Syslog Server The dotted decimal or DNS name of the syslog server address.

  • Page 134: Task 9: Configuring Remote Access

    Task 9: Configuring remote access Chapter 2: Configuration and alignment Task 9: Configuring remote access Configuring SM IP over-the-air access To access the SM management interface from a device situated above the AP, the SM‘s Network Accessibility parameter (located in the web GUI at Configuration, IP) may be set to Public. Figure 18 SM IP Configuration page Accessing SM over-the-air by LUID The SM may be accessed via the AP management GUI by navigating to either Home, Session Status or Home,...

  • Page 135: Denying All Remote Access

    PMP 450 Configuration and User Guide Task 9: Configuring remote access Figure 19 AP Session Status page Figure 20 AP Remote Subscribers page Denying All Remote Access Wherever the No Remote Access feature is enabled by the following procedure, physical access to the module is required for any change in the configuration of the module.

  • Page 136: Reinstating Remote Access Capability

    Task 9: Configuring remote access Chapter 2: Configuration and alignment Reinstating Remote Access Capability Where ease of network administration is more important than the additional security that the No Remote Access feature provides, this feature can be disabled as follows. After this procedure, access to the module is possible through HTTP, SNMP, FTP, or telnet over an RF link.

  • Page 137: Task 10: Monitoring The Ap-Sm Link

    PMP 450 Configuration and User Guide Task 10: Monitoring the AP-SM Link Task 10: Monitoring the AP-SM Link Monitoring the AP-SM Link After the SM installer has configured the link, either an operator in the network office or the SM installer in the field (if read access to the AP is available to the installer) should perform the following procedure.

  • Page 138: Task 11: Configuring Quality Of Service

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service Task 11: Configuring quality of service Maximum Information Rate (MIR) Parameters Point-to-multipoint links use the following four MIR parameters for bandwidth management: Sustained Uplink Data Rate (kbps) Uplink Burst Allocation (kb) Sustained Downlink Data Rate (kbps) Downlink Burst Allocation (kb) You can independently set each of these parameters per AP or per SM.

  • Page 139: Mir Data Entry Checking

    PMP 450 Configuration and User Guide Task 11: Configuring quality of service MIR Data Entry Checking Uplink and downlink MIR is enforced as shown in Figure In these figures, entry refers to the setting in the data rate parameter, not the burst allocation parameter.

  • Page 140: Bandwidth From The Sm Perspective

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service When an SM successfully registers and authenticates, if BAM or Prizm has CIR configuration data for the SM, then messages make the CIR configuration available to the SM, depending on the Configuration Source setting.

  • Page 141: Traffic Scheduling

    PMP 450 Configuration and User Guide Task 11: Configuring quality of service comparing the 6-bit Differentiated Services Code Point (DSCP) field in the ToS byte of a received packet to a corresponding value in the Diffserv tab of the Configuration page of the module. A packet contains no flag that indicates whether the encoding is for the Low Latency bit or the DSCP field.

  • Page 142: Setting The Configuration Source

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service Category Factor Treatment Number of frames required for the scheduling process Latency Round-trip latency ≈ 6 ms AP broadcast the download schedule Dynamic, based Allocation for uplink high- on amount of priority traffic on amount of high-priority high-priority traffic...

  • Page 143: Table 49 Recommended Combined Settings For Typical Operations

    PMP 450 Configuration and User Guide Task 11: Configuring quality of service Uplink Burst Allocation Sustained Downlink Data Rate Downlink Burst Allocation all SM VLAN settings Dynamic Learning Allow Only Tagged Frames VLAN Aging Timeout Untagged Ingress VID Management VID...

  • Page 144: Table 50 Where Feature Values Are Obtained For An Sm With Authentication Required

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service Table 50 Where feature values are obtained for an SM with authentication required Values are obtained from Configuration Source Setting High Priority Channel MIR Values VLAN Values CIR Values in the AP State Authentication...

  • Page 145: Quality Of Service (Qos) Tab Of The Ap

    PMP 450 Configuration and User Guide Task 11: Configuring quality of service For the case where the Configuration Source parameter in the AP is set to +SM, and Prizm Authentication Server does not send VLAN values, the SM uses the configured value in the SM for Dynamic Learning. If the SM is set to factory defaults, then this value is Enable.
  • Page 146 Task 11: Configuring quality of Chapter 2: Configuration and alignment service Attribute Meaning Uplink Burst Allocation Specify the maximum amount of data to allow each SM to transmit before being recharged at the Sustained Uplink Data Rate with credits to transmit more.

  • Page 147: Table 53 Broadcast Downlink Cir Achievable Per Broadcast Repeat Count

    PMP 450 Configuration and User Guide Task 11: Configuring quality of service Attribute Meaning Broadcast Downlink CIR Broadcast Downlink CIR (Committed Information Rate, a minimum) supports some system designs where downlink broadcast is desired to have higher priority than other traffic. For many other system designs, especially typical internet access networks, leave the Broadcast Downlink CIR at the default.

  • Page 148: Diffserv Tab Of The Ap

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service DiffServ Tab of the AP Figure 25 Diffserv tab of the AP You may set the following Diffserv tab parameters. Table 54 AP Diffserv attributes Attribute Meaning Priorities of 0 through 3 map to the low-priority channel; 4 through 7 to the high-priority channel.
  • Page 149 PMP 450 Configuration and User Guide Task 11: Configuring quality of service Attribute Meaning Priority Select The priority setting input for the CodePoint selected in CodePoint Select Priority Precedence Allows operator to decide if 802.1p or DiffServ priority bits should be used first when making priority decisions.

  • Page 150: Quality Of Service (Qos) Tab Of The Sm

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service Quality of Service (QoS) Tab of the SM Figure 26 Quality of Service (QoS) tab of the SM In the Quality of Service (QoS) tab of the SM, you may set the following parameters. Table 55 AP Quality of Service attributes Attribute Meaning...
  • Page 151 PMP 450 Configuration and User Guide Task 11: Configuring quality of service Attribute Meaning Sustained Downlink Data Specify the rate at which the AP should be replenished with credits (tokens) Rate for transmission to this SM. This default imposes no restriction on the uplink.

  • Page 152: Diffserv Tab Of The Sm

    Task 11: Configuring quality of Chapter 2: Configuration and alignment service Attribute Meaning Hi Priority Uplink CIR High-priority Bandwidth on page 2-108 Committed Information Rate on page 2-107 Configuration Source on page 2-42. Hi Priority Downlink CIR High-priority Bandwidth on page 2-108 Committed Information Rate on Page...

  • Page 153: Table 56 Sm Diffserv Attributes

    PMP 450 Configuration and User Guide Task 11: Configuring quality of service In the Diffserv tab of the SM, you may set the following parameters. Table 56 SM Diffserv attributes Attribute Meaning Priorities of 0 through 3 map to the low-priority channel; 4 through 7 to the CodePoint 1 high-priority channel.

  • Page 154: Task 12: Configuring A Radius Server

    Chapter 2: Configuration and alignment server Task 12: Configuring a RADIUS server Configuring a RADIUS AAA (Authentication, Authorization, and Accounting) server in a PMP 450 network is optional, but can provide added security, increase ease of network management and provide usage-based billing data.

  • Page 155: Choosing Authentication Mode And Configuring For Authentication Servers - Ap

    PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Note, Aradial 5.3 has a bug that prevents ―remote device login‖, so doesn‘t support the user name and password management feature. Choosing Authentication Mode and Configuring for Authentication Servers - AP On the AP‘s Configuration >...

  • Page 156: Sm Authentication Mode - Require Radius Or Follow Ap

    Task 12: Configuring a RADIUS Chapter 2: Configuration and alignment server Figure 28 Security tab of the AP SM Authentication Mode – Require RADIUS or Follow AP If it is desired that an SM will only authenticate to an AP that is using RADIUS, on the SM‘s Configuration Security tab set Enforce Authentication to AAA.

  • Page 157: Figure 29 Security Tab Of The Sm

    PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Figure 29 Security tab of the SM SM - Phase 1 (Outside Identity) parameters and settings The protocols supported for the Phase 1 (Outside Identity) phase of authentication are eapttls (Extensible Authentication Protocol Tunneled Transport Layer Security) and eapMSChapV2 (Extensible Authentication Protocol –...

  • Page 158: Handling Certificates

    Task 12: Configuring a RADIUS Chapter 2: Configuration and alignment server SM - Phase 2 (Inside Identity) parameters and settings If using eapttls for Phase 1 authentication, select the desired Phase 2 (Inside Identity) authentication protocol from the Phase 2 options of PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), and MSCHAPv2 (Microsoft‘s version of CHAP).

  • Page 159: Configuring Your Radius Servers For Sm Authentication

    PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Figure 30 SM Certificate Management Using CNUT to distribute certificates to SMs CNUT Release 4.0 supports distribution of certificates to SMs. Please see the CNUT documentation for additional information (the CNUT documentation may be found on the Cambium support website http://www.cambiumnetworks.com/support).

  • Page 160: Figure 31 Ap Display Of Radius Accept For Sm

    Task 12: Configuring a RADIUS Chapter 2: Configuration and alignment server If Enable Realm is selected on the SM‘s Configuration > Security tab, then the same Realm as appears there (or access to it). The same Phase 2 (Inner Identity) protocol as configured on the SM‘s Configuration > Security tab under Phase 2 options.

  • Page 161: Configuring Your Radius Server For Sm Configuration

    PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Figure 32 AP display of RADIUS rejected SM Figure 33 SM display of RADIUS accpet Configuring your RADIUS server for SM configuration Table 57 lists Canopy Vendor Specific Attributes (VSAs) along with VSA numbers and other details. The associated SM GUI page, tab, and parameter is listed to aid cross-referencing and understanding of the VSAs.

  • Page 162: Table 57 Radius Vendor Specific Attributes (Vsas)

    Task 12: Configuring a RADIUS Chapter 2: Configuration and alignment server The SM is not configured for DHCP on its management interface. If DHCP is enabled and these attributes are configured in the RADIUS server, the attributes will be ignored by the SM. The SM management interface must be configured to be publically accessible.

  • Page 163: Using Radius For Centralized Ap And Sm User Name And Password Management

    PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Motorola-Canopy- 26.161.14 integer N 0-disable, 1-enable VLLEARNNEN Configuration > VLAN > Dynamic Learning 32 bits Motorola-Canopy-VLFRAMES 26.161.15 integer N 0-all, 1-tagged, 2-untagged Configuration > VLAN > Allow Frame Types...

  • Page 164: Figure 34 User Authentication Tab Of The Ap

    Task 12: Configuring a RADIUS Chapter 2: Configuration and alignment server Set User Authentication Mode on the AP‘s Account > User Authentication tab (the tab only appears after the AP is set to RADIUS authentication) to Remote or Remote then Local. •...
  • Page 165 PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server SM – Technician/Installer/Administrator Authentication To control technician, installer, and administrator access to the SM from a centralized RADIUS server: Set Authentication Mode on the AP‘s Configuration > Security tab to AAA (RADIUS) Set User Authentication Mode on the AP‘s Account >...

  • Page 166: Radius Device Data Accounting

    SM can be configured for both, either, or neither. RADIUS Device Data Accounting PMP 450 systems include support for RADIUS accounting messages for usage-based billing. This accounting includes indications for subscriber session establishment, subscriber session disconnection, and bandwidth usage per session for each SM that connects to the AP. The attributes included in the RADIUS accounting messages are shown in the table below.
  • Page 167 PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Sender Message Attribute Value Description every time an SM Request Unique per AP session. registers with an AP, Initial value is SM MAC, and after the SM Acct-Session-Id and increments after every stats are cleared.
  • Page 168 Task 12: Configuring a RADIUS Chapter 2: Configuration and alignment server Sender Message Attribute Value Description Sum of unicast and multicast packets that are sent from a particular SM Acct-Output-Packets over the regular data VC and the high priority data VC (if enabled).

  • Page 169: Table 59 Radius Accounting Messages Configuration

    PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server Sender Message Attribute Value Description Sum of unicast and multicast packets that are sent to a particular SM over Acct-Input-Packets the regular data VC and the high priority data VC (if enabled).

  • Page 170: Radius Device Re-Authentication

    RADIUS Device Re-Authentication PMP 450 systems include support for periodic SM re-authentication in a network without requiring the SM to re-register (and drop the session). The re-authentication may be configured to occur in the range of every 30 minutes to weekly.
  • Page 171 PMP 450 Configuration and User Guide Task 12: Configuring a RADIUS server When using these attributes, for the addressing to be implemented by the SM operators must configure Framed-IP-Address in RADIUS. If Framed-IP-Address is not configured but Framed-IP-Netmask and/or Motorola-Canopy-Gateway is configured, the attributes will be ignored. In the case where only the Framed-IP-Address is configured, Framed-IP-Netmask defaults to 255.255.0.0 (NAT disabled) /...

  • Page 173: Chapter 3: Reference Information

    PMP 450 Configuration and User Guide Chapter 3: Reference information pmp-0050 (May 2012)

  • Page 174: Fcc And Icc Information

    FCC and ICC Information Chapter 3: Reference information FCC and ICC Information Table 62 US FCC IDs and Industry Canada Certification Numbers and Covered Configurations FCC ID Industry Frequencies Module Antenna Maximum Canada Families (OFDM) Tx Output Cert Power Number ABZ89FT7634 109W-5780 5 MHz channels,...
  • Page 175 PMP 450 Configuration and User Guide FCC and ICC Information ABZ89FT7635 109W-5790 5 MHz channels, 5790SM 19 dBm 9 dBi Integrated with centered on 5727.5-5845 18 dBi Reflector Dish in 5 MHz increments (within the 5725-5850 MHz ISM band) 10 MHz channels,...
  • Page 176 FCC and ICC Information Chapter 3: Reference information 20 MHz channels, centered on 5735-5840 in 5 MHz increments (within the 5725-5850 MHz ISM band) pmp-0050 (May 2012)

  • Page 177: Transmitter Output Power

    PMP 450 Configuration and User Guide Transmitter Output Power Transmitter Output Power Table 63 PMP 450 AP transmitter output power Antenna Transmit Gain EIRP Radio/ Channel Output Region(s) Default (Tx + (18 dBi – Size Power Frequency Setting 1dB cable...

  • Page 179: Exposure Separation Distances

    PMP 450 Configuration and User Guide Exposure Separation Distances To protect from overexposure to RF energy, install PMP 450 radios so as to provide and maintain the minimum separation distances from all persons shown in Table Table 64 Exposure Separation Distances...

  • Page 180: Table 65 Calculated Exposure Distances And Power Compliance Margins

    Exposure Separation Distances Chapter 1: Table 65 Calculated Exposure Distances and Power Compliance Margins Freq. Antenna Variable Recom- Power Band mended Compliance (calc Separati Margin lated) Distance 5.4 / 5.8 Integrated, 0.079 W .08 W 8 cm 20 cm 9 dBi (9 dBi) (8 in) OFDM...

  • Page 181: Appendix A: Glossary

    PMP 450 Configuration and User Guide User Guide Appendix A: Glossary Term Definition The command that terminates an SSH Secure Shell session to another server. Used on the Bandwidth and Authentication Manager (BAM) master server in the database replication setup.
  • Page 182 Exposure Separation Distances Chapter 1: Address Protocol defined in RFC 826 to allow a network element to correlate a host IP address to Resolution the Ethernet address of the host. See http://www.faqs.org/rfcs/rfc826.html. Protocol Advanced Over-the-air link option that provides extremely secure wireless connections. Advanced Encryption Encryption Standard (AES) uses 128-bit secret keys as directed by the government of the Standard (AES)
  • Page 183 PMP 450 Configuration and User Guide Exposure Separation Distances Backhaul Timing Backhaul Module that sends network timing (synchronization) to another Backhaul Master Module, which serves as the Backhaul timing slave. Backhaul Timing Backhaul Module that receives network timing (synchronization) from another Backhaul Slave Module, which serves as the Backhaul timing master.
  • Page 184 Exposure Separation Distances Chapter 1: Cluster Management Module. A module that provides power, GPS timing, and networking connections for an Access Point cluster. If this CMM is connected to a Backhaul Module (BH), then this CMM is the central point of connectivity for the entire site.
  • Page 185 PMP 450 Configuration and User Guide Exposure Separation Distances Diffraction Partial obstruction of a signal. Typically diffraction attenuates a signal so much that the link is unacceptable. However, in some instances where the obstruction is very close to the receiver, the link may be acceptable.
  • Page 186 Exposure Separation Distances Chapter 1: ESN Data Table Table in which each row identifies data about a single SM. In tab-separated fields, each row stores the ESN, authentication key, and QoS information that apply to the SM. The operator can create and modify this table. This table is both an input to and an output from the Bandwidth and Authentication Manager (BAM) SQL database, and should be identically input to redundant BAM servers.
  • Page 187 PMP 450 Configuration and User Guide Exposure Separation Distances File Transfer Protocol, defined in RFC 959. Utility that transfers of files through TCP (Transport Control Protocol) between computing devices that do not operate on the same platform. See http://www.faqs.org/rfcs/rfc959.html. Global...
  • Page 188 Exposure Separation Distances Chapter 1: inunknownprotos How many inbound packets were discarded because of an unknown or unsupported count Field protocol. Internet Protocol defined in RFC 791. The Network Layer in the TCP/IP protocol stack. This protocol is applied to addressing, routing, and delivering, and re-assembling data packets into the Data Link layer of the protocol stack.
  • Page 189 PMP 450 Configuration and User Guide Exposure Separation Distances MAC Address Media Access Control address. The hardware address that the factory assigns to the module for identification in the Data Link layer interface of the Open Systems Interconnection system. This address serves as an electronic serial number.
  • Page 190 Exposure Separation Distances Chapter 1: Network Address Scheme that defines the Access Point Module as a proxy server to isolate registered Translation Subscriber Modules from the Internet. Defined in RFC 1631. See http://www.faqs.org/rfcs/rfc1631.html. Network See NMS. Management Station Network Management Station. A monitor device that uses Simple Network Management Protocol (SNMP) to control, gather, and report information about predefined network variables (objects).
  • Page 191 PMP 450 Configuration and User Guide Exposure Separation Distances php-mysql Package group that enables the Web Server application in the Red Hat® Linux® 9 operating system to provide data from the SQL Database Server application as PHP in the Bandwidth and Authentication Manager (BAM) GUI.
  • Page 192 Exposure Separation Distances Chapter 1: Radio Signal Relative measure of the strength of a received signal. An acceptable link displays an Strength Radio Signal Strength Indicator (RSSI) value of greater than 700. Indicator Random Number Number that the Bandwidth and Authentication Manager (BAM) generates, invisible to both the SM and the network operator, to send to the SM as a challenge against an authentication attempt.
  • Page 193 PMP 450 Configuration and User Guide Exposure Separation Distances Router Network element that uses the logical (IP) address of another to pass data to only the intended recipient. Compare to Switch and Bridge. Red Hat® Package Manager. A command that the Linux® operating system accepts to identify the version of Linux®...
  • Page 194 Exposure Separation Distances Chapter 1: Slave Designation that defines the role of a component relative to the role of another. This designation both applies to a Backhaul slave that receives synchronization over the air from another Backhaul module (a Backhaul timing master) and applies to a redundant Bandwidth and Authentication Manager (BAM) server whose SQL database is automatically overwritten by a copy from the primary BAM server (BAM master).
  • Page 195 PMP 450 Configuration and User Guide Exposure Separation Distances SYN/1 Second-from-right LED in the module. In the Access Point Module or Backhaul timing master, as in a registered Subscriber Module or Backhaul timing slave, this LED is continuously lit to indicate the presence of sync. In the operating mode for a Subscriber Module or Backhaul timing slave, this LED flashes on and to indicate that the module is not registered.
  • Page 196 Exposure Separation Distances Chapter 1: TNAR Total number of authentication requests. A field in the data that the cmd show esn command generates from the SQL database in the Bandwidth and Authentication Manager (BAM) server. This field indicates how many times the SM (identified by ESN in the related data) attempted to authenticate, regardless of whether the attempt succeeded.

Table of Contents