User's Manual

ManualsBrandsCambium Networks ManualsElectronicsDual Channel 2.4GHz MIMO Access Point Transceiver

101

102

103

104

105

106

107

108

109

110

PMP 450 Planning Guide

Security planning

pmp-0047 (June 2013)

2-61

Filtering management through Ethernet

You can configure the SM to disallow any device that is connected to its Ethernet port from accessing the IP

address of the SM. If you set the Ethernet Access Control parameter to Enabled, then

 no attempt to access the SM management interface (by http, SNMP, ftp, or tftp) through Ethernet can succeed.

 any attempt to access the SM management interface over the air (by IP address, presuming that LAN1

Network Interface Configuration, Network Accessibility is set to Public, or by link from the Session Status

or Remote Subscribers tab in the AP) is unaffected.

Allowing management from only specified IP addresses

The Security tab of the Configuration web page in the AP and SM includes the IP Access Control parameter. You

can specify one, two, or three IP addresses that should be allowed to access the management interface (by HTTP,

SNMP, FTP, or TFTP).

If you select

 IP Access Filtering Disabled, then management access is allowed from any IP address, even if the Allowed

Source IP 1 to 3 parameters are populated.

 IP Access Filtering Enabled, and specify at least one address in the Allowed Source IP 1 to 3 parameter, then

management access is limited to the specified address(es).

Configuring management IP by DHCP

The IP tab in the Configuration web page of every radio contains a LAN1 Network Interface Configuration,

DHCP State parameter that, if enabled, causes the IP configuration (IP address, subnet mask, and gateway IP

address) to be obtained through DHCP instead of the values of those individual parameters. The setting of this

DHCP state parameter is also viewable, but is not settable, in the Network Interface tab of the Home page.

In the SM, this parameter is settable

 in the NAT tab of the Configuration web page, but only if NAT is enabled.

 in the IP tab of the Configuration web page, but only if the Network Accessibility parameter in the IP tab is set

to Public.

Planning for airlink security

Cambium fixed wireless broadband IP systems employ the following form of encryption for security of the wireless

link:

 DES (Data Encryption Standard): An over-the-air link encryption option that uses secret 56-bit keys and 8

parity bits. DES performs a series of bit permutations, substitutions, and recombination operations on blocks of

data. DES encryption does not affect the performance or throughput of the system.

 AES (Advanced Encryption Standard): An over-the-air link encryption option that uses the Rijndael

algorithm and 128-bit keys to establish a higher level of security than DES. AES products are certified as

compliant with the Federal Information Processing Standards (FIPS 197) in the U.S.A.