User Guide
Table Of Contents
- Cambium
- PMP 450 Planning Guide
- Accuracy
- Copyrights
- This document, Cambium products, and 3rd Party Software products described in this document may include or describe copyrighted Cambium and other 3rd Party supplied computer programs stored in semiconductor memories or other media. Laws in the United ...
- Restrictions
- License Agreements
- High Risk Materials
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Planning Guide
- PMP support website: http://www.cambiumnetworks.com/support
- Cambium main website: http://www.cambiumnetworks.com/
- Sales enquiries: solutions@cambiumnetworks.com
- Email support: support@cambiumnetworks.com
- Telephone numbers:
- For full list of Cambium support telephone numbers, see:
- http://www.cambiumnetworks.com/support/contact-support
- Address:
- Chapter 1: Planning considerations
- Regulatory planning
- Network migration planning
- Site planning
- Link planning
- Analyzing the RF Environment
- Selecting Sites for Network Elements
- Diagramming Network Layouts
- Grounding and lightning protection
- Configuration options for TDD synchronization
- Data network planning
- Security planning
- Isolating APs from the Internet
- Managing module access by passwords
- Filtering protocols and ports
- Port Lockdown
- Isolating SMs
- Filtering management through Ethernet
- Allowing management from only specified IP addresses
- Configuring management IP by DHCP
- Planning for airlink security
- Planning for RF Telnet Access Control
- Forwarding Downlink PPPoE PADI packets
- Planning for RADIUS integration
- Planning for SNMP security
- Ordering components
- Chapter 2: Legal information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Hardware warranty
- Limit of liability
- Cambium Networks end user license agreement
- Chapter 3: Reference information
PMP 450 Planning Guide
Security planning
This section describes how to plan for PMP 450 networks to operate in secure mode.
Isolating APs from the Internet
Ensure that the IP addresses of the APs in your network
• are not routable over the Internet.
• do not share the subnet of the IP address of your user.
RFC 1918, Address Allocation for Private Subnets, reserves for private IP networks three blocks of IP
addresses that are not routable over the Internet:
• /8 subnets have one reserved network, 10.0.0.0 to 10.255.255.255.
• /16 subnets have 16 reserved networks, 172.16.0.0 to 172.31.255.255.
• /24 subnets have 256 reserved networks, 192.168.0.0 to 192.168.255.255.
Managing module access by passwords
Adding a user for access to a module
From the factory, each module has a preconfigured administrator-level account in the name root, which
initially requires no associated password. This is the same root account that you may have used for access to
the module by ftp. When you upgrade a module
• an account is created in the name admin.
• both admin and root inherit the password that was previously used for access to the module:
o the Full Access password, if one was set.
o the Display-Only Access password, if one was set and no Full Access password was set.
If you use Wireless Manager, do not delete the root account from any module. If you use an NMS that
communicates with modules through SNMP, do not delete the root account from any module unless you first
can confirm that the NMS does not rely on the root account for access to the modules.
Each module supports four or fewer user accounts, regardless of account levels. The available levels are
• ADMINISTRATOR, who has full read and write permissions. This is the level of the root and admin
users, as well as any other administrator accounts that one of them creates.
• INSTALLER, who has permissions identical to those of ADMINISTRATOR except that the installer
cannot add or delete users or change the password of any other user.
• TECHNICIAN, who
1-128
pmp-0047 (March 2014)