User Guide
Table Of Contents
- Cambium
- PMP 450 Planning Guide
- Accuracy
- Copyrights
- This document, Cambium products, and 3rd Party Software products described in this document may include or describe copyrighted Cambium and other 3rd Party supplied computer programs stored in semiconductor memories or other media. Laws in the United ...
- Restrictions
- License Agreements
- High Risk Materials
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Planning Guide
- PMP support website: http://www.cambiumnetworks.com/support
- Cambium main website: http://www.cambiumnetworks.com/
- Sales enquiries: solutions@cambiumnetworks.com
- Email support: support@cambiumnetworks.com
- Telephone numbers:
- For full list of Cambium support telephone numbers, see:
- http://www.cambiumnetworks.com/support/contact-support
- Address:
- Chapter 1: Planning considerations
- Regulatory planning
- Network migration planning
- Site planning
- Link planning
- Analyzing the RF Environment
- Selecting Sites for Network Elements
- Diagramming Network Layouts
- Grounding and lightning protection
- Configuration options for TDD synchronization
- Data network planning
- Security planning
- Isolating APs from the Internet
- Managing module access by passwords
- Filtering protocols and ports
- Port Lockdown
- Isolating SMs
- Filtering management through Ethernet
- Allowing management from only specified IP addresses
- Configuring management IP by DHCP
- Planning for airlink security
- Planning for RF Telnet Access Control
- Forwarding Downlink PPPoE PADI packets
- Planning for RADIUS integration
- Planning for SNMP security
- Ordering components
- Chapter 2: Legal information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Hardware warranty
- Limit of liability
- Cambium Networks end user license agreement
- Chapter 3: Reference information
PMP 450 Planning Guide
• Block and Forward SM Packets to Backbone. This not only prevents multicast/broadcast and unicast SM-
to-SM communication but also sends the packets, which otherwise would have been handled SM to SM,
through the Ethernet port of the AP.
In the CMMmicro and the CMM4, SM isolation treatment is the result of how you choose to manage the port-
based VLAN feature of the embedded switch, where you can switch all traffic from any AP to an uplink port
that you specify. However, this is not packet level switching. It is not based on VLAN IDs. See the VLAN Port
Configuration parameter in the dedicated user guide that supports the CMM product that you are deploying.
Filtering management through Ethernet
You can configure the SM to disallow any device that is connected to its Ethernet port from accessing the IP
address of the SM. If you set the Ethernet Access Control parameter to Enabled, then
• no attempt to access the SM management interface (by http, SNMP, ftp, or tftp) through Ethernet can
succeed.
• any attempt to access the SM management interface over the air (by IP address, presuming that LAN1
Network Interface Configuration, Network Accessibility is set to Public, or by link from the Session Status
or Remote Subscribers tab in the AP) is unaffected.
Allowing management from only specified IP addresses
The Security tab of the Configuration web page in the AP and SM includes the IP Access Control parameter.
You can specify one, two, or three IP addresses that should be allowed to access the management interface (by
HTTP, SNMP, FTP, or TFTP).
If you select
• IP Access Filtering Disabled, then management access is allowed from any IP address, even if the Allowed
Source IP 1 to 3 parameters are populated.
• IP Access Filtering Enabled, and specify at least one address in the Allowed Source IP 1 to 3 parameter,
then management access is limited to the specified address(es).
Configuring management IP by DHCP
The IP tab in the Configuration web page of every radio contains a LAN1 Network Interface Configuration,
DHCP State parameter that, if enabled, causes the IP configuration (IP address, subnet mask, and gateway IP
address) to be obtained through DHCP instead of the values of those individual parameters. The setting of this
DHCP state parameter is also viewable, but is not settable, in the Network Interface tab of the Home page.
In the SM, this parameter is settable
• in the NAT tab of the Configuration web page, but only if NAT is enabled.
• in the IP tab of the Configuration web page, but only if the Network Accessibility parameter in the IP tab
is set to Public.
1-136
pmp-0047 (March 2014)