User Guide
Table Of Contents
- Cambium
- PMP 450 Planning Guide
- Accuracy
- Copyrights
- This document, Cambium products, and 3rd Party Software products described in this document may include or describe copyrighted Cambium and other 3rd Party supplied computer programs stored in semiconductor memories or other media. Laws in the United ...
- Restrictions
- License Agreements
- High Risk Materials
- Safety and regulatory information
- Contents
- List of Figures
- List of Tables
- About This Planning Guide
- PMP support website: http://www.cambiumnetworks.com/support
- Cambium main website: http://www.cambiumnetworks.com/
- Sales enquiries: solutions@cambiumnetworks.com
- Email support: support@cambiumnetworks.com
- Telephone numbers:
- For full list of Cambium support telephone numbers, see:
- http://www.cambiumnetworks.com/support/contact-support
- Address:
- Chapter 1: Planning considerations
- Regulatory planning
- Network migration planning
- Site planning
- Link planning
- Analyzing the RF Environment
- Selecting Sites for Network Elements
- Diagramming Network Layouts
- Grounding and lightning protection
- Configuration options for TDD synchronization
- Data network planning
- Security planning
- Isolating APs from the Internet
- Managing module access by passwords
- Filtering protocols and ports
- Port Lockdown
- Isolating SMs
- Filtering management through Ethernet
- Allowing management from only specified IP addresses
- Configuring management IP by DHCP
- Planning for airlink security
- Planning for RF Telnet Access Control
- Forwarding Downlink PPPoE PADI packets
- Planning for RADIUS integration
- Planning for SNMP security
- Ordering components
- Chapter 2: Legal information
- Cambium Networks end user license agreement
- Acceptance of this agreement
- Definitions
- Grant of license
- Conditions of use
- Title and restrictions
- Confidentiality
- Right to use Cambium’s name
- Transfer
- Updates
- Maintenance
- Disclaimer
- Limitation of liability
- U.S. government
- Term of license
- Governing law
- Assignment
- Survival of provisions
- Entire agreement
- Third party software
- Hardware warranty
- Limit of liability
- Cambium Networks end user license agreement
- Chapter 3: Reference information
PMP 450 Planning Guide
Identity-based user accounts
When identity-based user accounts are configured, a security officer can define from one to four user accounts,
each of which may have one of the four possible roles:
• ADMINISTRATOR, who has full read and write permissions. This is the level of the root and admin
users, as well as any other administrator accounts that one of them creates.
• INSTALLER, who has permissions identical to those of ADMINISTRATOR except that the installer
cannot add or delete users or change the password of any other user.
• TECHNICIAN, who has permissions to modify basic radio parameters and view informational web pages
• GUEST, who has no write permissions and only a limited view of General Status tab
See Table 57 Identity-based user account permissions - AP on page 1-129 and Table 58 Identity-based user
account permissions - SM on page 1-131 for detailed information on account permissions.
Remote Authentication Dial In User Service (RADIUS)
The PMP 450 system includes support for RADIUS (Remote Authentication Dial In User Service) protocol
functionality including:
• Authentication: Allows only known SMs onto the network (blocking “rogue” SMs), and can be configured
to ensure SMs are connecting to a known network (preventing SMs from connecting to “rogue” APs).
RADIUS authentication is used for SMs, but not used for APs.
• SM Configuration: Configures authenticated SMs with MIR (Maximum Information Rate), High Priority,
and VLAN (Virtual LAN) parameters from the RADIUS server when an SM registers to an AP.
• SM Accounting provides support for RADIUS accounting messages for usage-based billing. This
accounting includes indications for subscriber session establishment, subscriber session disconnection, and
bandwidth usage per session for each SM that connects to the AP.
• Centralized AP and SM user name and password management: Allows AP and SM usernames and access
levels (Administrator, Installer, Technician) to be centrally administered in the RADIUS server instead of
on each radio and tracks access events (logon/logoff) for each username on the RADIUS server. This
accounting does not track and report specific configuration actions performed on radios or pull statistics
such as bit counts from the radios. Such functions require an Element Management System (EMS) such as
Cambium Wireless Manager. This accounting is not the ability to perform accounting functions on the
subscriber/end user/customer account.
• Framed-IP-Address: Operators may use a RADIUS server to assign management IP addressing to SM
modules.
SNMP
• The management agent supports fault and performance management by means of an SNMP interface. The
management agent is compatible with SNMP v1 and SNMP v2c using 5 Management Information Base
(MIB) files which are available for download from the Cambium Networks Support website
(https://support.cambiumnetworks.com/files/pmp450).
1-52
pmp-0047 (March 2014)