User Guide
Table Of Contents
- Cambium
- PMP 450 Planning Guide
- Accuracy
- Copyrights
- This document, Cambium products, and 3rd Party Software products described in this document may include or describe copyrighted Cambium and other 3rd Party supplied computer programs stored in semiconductor memories or other media. Laws in the United ...
- Restrictions
- License Agreements
- High Risk Materials
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Planning Guide
- PMP support website: http://www.cambiumnetworks.com/support
- Cambium main website: http://www.cambiumnetworks.com/
- Sales enquiries: solutions@cambiumnetworks.com
- Email support: support@cambiumnetworks.com
- Telephone numbers:
- For full list of Cambium support telephone numbers, see:
- http://www.cambiumnetworks.com/support/contact-support
- Address:
- Chapter 1: Planning considerations
- Regulatory planning
- Network migration planning
- Site planning
- Link planning
- Analyzing the RF Environment
- Selecting Sites for Network Elements
- Diagramming Network Layouts
- Grounding and lightning protection
- Configuration options for TDD synchronization
- Data network planning
- Security planning
- Isolating APs from the Internet
- Managing module access by passwords
- Filtering protocols and ports
- Port Lockdown
- Isolating SMs
- Filtering management through Ethernet
- Allowing management from only specified IP addresses
- Configuring management IP by DHCP
- Planning for airlink security
- Planning for RF Telnet Access Control
- Forwarding Downlink PPPoE PADI packets
- Planning for RADIUS integration
- Planning for SNMP security
- Ordering components
- Chapter 2: Legal information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Hardware warranty
- Limit of liability
- Cambium Networks end user license agreement
- Chapter 3: Reference information
PMP 450 Planning Guide
Planning for airlink security
Cambium fixed wireless broadband IP systems employ the following form of encryption for security of the
wireless link:
• DES (Data Encryption Standard): An over-the-air link encryption option that uses secret 56-bit keys and 8
parity bits. DES performs a series of bit permutations, substitutions, and recombination operations on
blocks of data. DES encryption does not affect the performance or throughput of the system.
• AES (Advanced Encryption Standard): An over-the-air link encryption option that uses the Rijndael
algorithm and 128-bit keys to establish a higher level of security than DES. AES products are certified as
compliant with the Federal Information Processing Standards (FIPS 197) in the U.S.A.
Planning for RF Telnet Access Control
The RF Telnet Access feature restricts Telnet access to the AP from a device situated below a network SM
(downstream from the AP). This is a security enhancement to restrict RF-interface sourced AP access
specifically to the LAN1 IP address and LAN2 IP address (Radio Private Address, typically
192.168.101.[LUID]). This restriction disallows unauthorized users from running Telnet commands on the AP
that can change AP configuration or modifying network-critical components such as routing and ARP tables.
Forwarding Downlink PPPoE PADI packets
The AP supports the control of forwarding of PPPoE PADI (PPPoE Active Discovery Initiation) packets.
This forwarding is configured on the AP GUI Configuration, Radio tab by parameter PPPoE PADI Downlink
Forwarding. When set to “Enabled”, the AP allows downstream and upstream transmission of PPPoE PADI
packets. When set to “Disabled”, the AP will NOT allow PPPoE PADI packets to be sent out of the AP RF
interface (downstream) but will allow PPPoE PADI packets to enter the RF interface (upstream) and exit the
Ethernet interface.
Planning for RADIUS integration
PMP 450 modules include support for the RADIUS (Remote Authentication Dial In User
Service)
protocol
supporting Authentication, Authorization, and Accounting (AAA).
RADIUS
Functions
RADIUS protocol support provides the
following
functions:
• SM Authentication allows only known SMs onto the network (blocking
“rogue”
SMs), and can be
configured to ensure SMs are connecting to a known
network
(preventing SMs from connecting to
“rogue” APs). RADIUS authentication is
used
for SMs,
but
is not used for APs. Cambium modules
support EAP-TTLS and EAP-MSCHAPv2 authentication methods.
• SM Configuration: Configures authenticated SMs with MIR (Maximum Information Rate), CIR
(Committed Information Rate), High Priority, and VLAN (Virtual LAN) parameters from the RADIUS
server when an SM registers to an AP.
pmp-0047 (March 2014)
1-137