333333333 CONFIGURATION GUIDE PMP/PTP 450 Series System Release 16.
Accuracy While reasonable efforts have been made to assure the accuracy of this document, Cambium Networks assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein.
Contents Contents ................................................................................................................................................... i List of Figures ...................................................................................................................................... viii List of Tables ......................................................................................................................................... xi About This User Guide ..........
Contents Using the web interface .................................................................................................................. 1-6 Logging into the web interface............................................................................................... 1-6 Web GUI ...................................................................................................................................... 1-7 Using the menu options............................................................
Contents Filtering management through Ethernet........................................................................... 1-119 Allowing management only from specified IP addresses .............................................. 1-119 Restricting radio Telnet access over the RF interface .................................................... 1-119 Configuring SNMP Access ................................................................................................... 1-123 Configuring Security .............
Contents Troubleshooting ..................................................................................................................... 1-267 Configuring Radio via config file ............................................................................................... 1-268 Import and Export of config file ......................................................................................... 1-268 Configuring cnMaestroTM Connectivity ............................................................
Contents Using BER Results tool ................................................................................................................ 2-369 Using the Sessions tool................................................................................................................ 2-370 Using the Ping Test tool .............................................................................................................. 2-371 Chapter 3: Operation .......................................................
Contents Specifications for 5 GHz PMP 450m Series - AP ................................................................. 4-2 Specifications for 3 GHz PMP 450m Series - AP ................................................................. 4-6 Specifications for PMP 450i Series - AP .............................................................................. 4-10 Specifications for PMP 450i Series - SM ..............................................................................
Contents FCC approved antenna list .................................................................................................. 4-120 Innovation Science and Economic Development Canada (ISEDC) specific information 4-124 900 MHz ISEDC notification ................................................................................................ 4-124 4.9 GHz ISEDC notification ..................................................................................................
List of Figures List of Figures Figure 1 Disarm Installation page (top and bottom of page shown) .......................................... 1-13 Figure 2 Regional Settings tab of AP/BHM ..................................................................................... 1-14 Figure 3 Radio Carrier Frequency tab of AP/BHM ......................................................................... 1-14 Figure 4 Synchronization tab of AP/BHM......................................................................
List of Figures Figure 41 Proportional Scheduler Settings on AP......................................................................... 1-244 Figure 42 Installation Color Code of AP ......................................................................................... 1-261 Figure 43 Configuration File upload and download page .......................................................... 1-268 Figure 44 Software Upgrade from cnMaestro™ ......................................................................
List of Figures Figure 84 Event log data ..................................................................................................................... 3-36 Figure 85 Network Interface tab of the AP...................................................................................... 3-38 Figure 86 Network Interface tab of the SM ..................................................................................... 3-38 Figure 87 Layer 2 Neighbors page ................................................
List of Tables List of Tables Table 1 Menu options and web pages ................................................................................................. 1-8 Table 2 Session Status Attributes – AP ............................................................................................ 1-22 Table 3 IP interface attributes ............................................................................................................ 1-25 Table 4 SM/BHS private IP and LUID ..........................
List of Tables Table 41 Security attributes –450 Platform Family BHM ............................................................. 1-131 Table 42 Security attributes –450 Platform Family SM ............................................................... 1-133 Table 43 Security attributes - 450 Platform Family BHS ............................................................ 1-140 Table 44 802.1X authentication attributes –450 Platform Family AP ....................................... 1-143 Table 45 802.
List of Tables Table 83 MIR, VLAN, HPC, and CIR Configuration Sources, Authentication Disabled ........... 1-248 Table 84 QoS page attributes - AP ................................................................................................. 1-250 Table 85 QoS page attributes - SM ................................................................................................. 1-255 Table 86 QoS page attributes - BHM .......................................................................................
List of Tables Table 125 Link Quality tab attributes ................................................................................................ 3-33 Table 126 Event Log messages for abnormal events ..................................................................... 3-37 Table 127 Event Log messages for normal events.......................................................................... 3-37 Table 128 Scheduler tab attributes .......................................................................
List of Tables Table 168 450m/450i Series Main and Aux Ethernet bridging specifications .......................... 4-56 Table 169 450 Series Ethernet bridging specifications ................................................................. 4-56 Table 170 450 Platform Family - wireless specifications............................................................... 4-57 Table 171 Radio certifications.............................................................................................................
List of Tables Table 200 Frequency range per country – 5.1 GHz band PMP/PTP 450i Series ...................... 4-93 Table 201 Frequency range per country – 5.1 GHz band PMP 450b Mid-Gain Series .............. 4-94 Table 202 Frequency range per country – 5.1 GHz band PMP 450b High Gain Series ............ 4-94 Table 203 Frequency range per country – 5.1 GHz band PMP 450m Series ............................. 4-95 Table 204 Frequency range per country – 5.2 GHz band PMP/PTP 450i Series ......................
About This User Guide This guide describes configuration and operation of the Cambium point-to-point and point-tomultipoint wireless Ethernet bridges. It covers PMP/PTP 450, 450i, 450b, 450d and PMP 450m platform Series. It is intended for use by the system designer, system installer and system administrator.
Purpose Cambium Networks Point-to-Multi-Point (PMP)/Point-To-Point (PTP) 450 documents are intended to instruct and assist personnel in the operation, installation and maintenance of the Cambium PMP/PTP equipment and ancillary devices of 450 Platform Family. It is recommended that all personnel engaged in such activities be properly trained.
Product notation Description 450m Series Refers to 450m Series device configuration: - PMP 450m AP 5 GHz - PMP 450m AP 3 GHz - Integrated Integrated Cross references References to external publications are shown in italics. Other cross references, emphasized in blue text in electronic versions, are active links to the references. This document is divided into numbered chapters that are divided into sections.
Important regulatory information The 450 Platform Family products are certified as an unlicensed device in frequency bands where it is not allowed to cause interference to licensed services (called primary users of the bands). Application software Download the latest 450 Platform Family software and install it in the Outdoor Units (ODUs) before deploying the equipment. Instructions for installing software are provided in Upgrading the software version and using CNUT on page 1-67.
Avoidance of weather radars (USA only) To comply with FCC rules (KDB 443999: Interim Plans to Approve UNII Devices Operating in the 5470 5725 MHz Band with Radar Detection and DFS Capabilities), units which are installed within 35 km (22 miles) of a Terminal Doppler Weather Radar (TDWR) system (or have a line of sight propagation path to such a system) must be configured to avoid any frequency within +30 MHz or –30 MHz of the frequency of the TDWR device.
Renseignements specifiques au Canada Attention Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de licence. L'exploitation est autorisée aux deux conditions suivantes : (1) l'appareil ne doit pas produire de brouillage, et (2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le brouillage est susceptible d'en compromettre le fonctionnement.
EU Declaration of Conformity Hereby, Cambium Networks declares that the Cambium 450 Series, 450b Series, 450i Series and 450m Series Wireless Ethernet Bridge complies with the essential requirements and other relevant provisions of Radio Equipment Directive 2014/53/EU. The declaration of conformity may be consulted at: https://www.cambiumnetworks.
Problems and warranty Reporting problems If any problems are encountered when installing or operating this equipment, follow this procedure to investigate and report: 1 Search this document and the software release notes of supported releases. 2 Visit the support website. 3 Ask for assistance from the Cambium product supplier. 4 Gather information from affected units, such as any available diagnostic downloads. 5 Escalate the problem by emailing or telephoning support.
Security advice Cambium Networks systems and equipment provide security parameters that can be configured by the operator based on their particular operating environment. Cambium recommends setting and using these parameters following industry recognized security practices. Security aspects to be considered are protecting the confidentiality, integrity, and availability of information and assets.
Warnings, cautions, and notes The following describes how warnings and cautions are used in this document and in all documents of the Cambium Networks document set. Warnings Warnings precede instructions that contain potentially hazardous situations. Warnings are used to alert the reader to possible hazards that could cause loss of life or physical injury. A warning has the following format: Warning Warning text and consequence for not following the instructions in the warning.
Caring for the environment The following information describes national or regional requirements for the disposal of Cambium Networks supplied equipment and for the approved disposal of surplus packaging. In EU countries The following information is provided to enable regulatory compliance with the European Union (EU) directives identified and any amendments made to these directives when using Cambium equipment in EU countries.
Chapter 1: Configuration This chapter describes how to use the web interface to configure the 450 Platform link.
Chapter 1: Configuration Preparing for configuration Preparing for configuration This section describes the checks to be performed before proceeding with unit configuration and antenna alignment. Safety precautions All national and local safety standards must be followed while configuring the units and aligning the antennas. Warning Ensure that personnel are not exposed to unsafe levels of RF energy. The units start to radiate RF energy as soon as they are powered up.
Chapter 1: Configuration Connecting to the unit Connecting to the unit This section describes how to connect the unit to a management PC and power it up. Configuring the management PC Use this procedure to configure the local management PC to communicate with the 450 Platform ODU. Procedure 1 Configuring the management PC 1 Select Properties for the Ethernet port. In Windows 7 this is found in Control Panel > Network and Internet > Network Connections > Local Area Connection.
Chapter 1: Configuration 4 Connecting to the unit Enter an IP address that is valid for the 169.254.X.X network, avoiding 169.254.0.0 and 169.254.1.1. A good example is 169.254.1.3: 5 Enter a subnet mask of 255.255.0.0. Leave the default gateway blank. Connecting to the PC and powering up Use this procedure to connect a management PC and power up the 450 platform ODU. Procedure 2 Connecting to the PC and powering up 1 Check that the ODU and PSU are correctly connected.
Chapter 1: Configuration Using the web interface Using the web interface This section describes how to log into the 450 Platform Family web interface and use its menus. Logging into the web interface Use this procedure to log into the web interface as a system administrator. Procedure 3 Logging into the web interface 1 Start the web browser from the management PC. 2 Type the IP address of the unit into the address bar. The factory default IP address is 169.254.1.1. Press ENTER.
Chapter 1: Configuration Using the web interface 3 On left hand side of home page, the login information is displayed: 4 Enter Username (factory default username is admin) and Password (factory default password is admin) and click Login. Web GUI 2 1 1 3 Field Name Main Menu Menu Options Parameters Description Click an option in side navigation bar (area marked as “1”).
Chapter 1: Configuration Using the web interface Using the menu options Use the menu navigation bar in the left panel to navigate to each web page. Some of the menu options are only displayed for specific system configurations. Use Table 1 to locate information about using each web page.
Chapter 1: Configuration Main Menu options menu Using the web interface Applicable Description module VLAN All VLAN configuration for PMP on page 145 VLAN configuration for PTP on page 156 DiffServ All IPv4 and IPv6 Prioritization on page 162 Protocol Filtering All Filtering protocols and ports on page 163 Syslog All Configuring syslog on page 1-227 Ping Watchdog All Configuring Ping Watchdog on page 1315 Unit Setting All Configuring Unit Settings page on page 1-99 Scheduler All V
Chapter 1: Configuration Main Menu options menu Using the web interface Applicable Description module Filter All Interpreting Filter statistics on page 365 ARP All Viewing ARP statistics on page 3-66 Overload All Interpreting Overload statistics on page 3-61 Syslog Statistics All Interpreting syslog statistics on page 378 Translation Table SM Interpreting Translation Table statistics on page 3-43 DHCP Relay AP Interpreting DHCP Relay statistics on page 3-63 NAT Stats SM Viewing NA
Chapter 1: Configuration Main Menu options menu Using the web interface Applicable Description module Subscriber Configuration AP Using the Subscriber Configuration tool on page 2-360 OFDM Frame Calculator All Using the OFDM Frame Calculator tool on page 2-356 BER results SM, BHS Using BER Results tool on page 2-369 Alignment Tool SM, BHS Using the Alignment Tool on page 2-331 All Using the Link Status tool on page 2-361 Sessions AP, BHM Using the Sessions tool on page 2-370 Ping Tes
Chapter 1: Configuration Main Menu options menu Using the web interface Applicable Description module Information SM BHM Evaluation SM AIM SM The PDA web-page includes 320 x 240 pixel formatted displays of information important to installation and alignment for installers using legacy PDA devices. All device web pages are compatible with touch devices such as smart phones and tablets. Copyright Notices All The Copyright web-page displays pertinent device copyright information.
Chapter 1: Configuration Quick link setup Quick link setup This section describes how to use the Quick Start Wizard to complete the essential system configuration tasks that must be performed on a PMP/PTP configuration. Initiating Quick Start Wizard Applicable products PMP: AP PTP: BHM To start with Quick Start Wizard: after logging into the web management interface click the Quick Start button on the left side of main menu bar. The AP/BHM responds by opening the Quick Start page.
Chapter 1: Configuration 2 Quick link setup From the pull-down menu, select the region in which the AP will operate. Figure 2 Regional Settings tab of AP/BHM 3 Click the Go To Next Page button. 4 From the pull-down menu, select a frequency for the test.
Chapter 1: Configuration Quick link setup 5 Click the Go To Next Page button. 6 At the bottom of this tab, select Generate Sync Signal. Figure 4 Synchronization tab of AP/BHM 7 Click the Go To Next Page button.
Chapter 1: Configuration 8 Quick link setup At the bottom of the IP address configuration tab, either • specify an IP Address, a Subnet Mask, and a Gateway IP Address for management of the AP and leave the DHCP state set to Disabled. • set the DHCP state to Enabled to have the IP address, subnet mask, and gateway IP address automatically configured by a domain name server (DNS). Figure 5 LAN IP Address tab of the AP/BHM Note Cambium encourages you to experiment with the interface.
Chapter 1: Configuration 10 Quick link setup Ensure that the initial parameters for the AP are set as you intended. Figure 6 Review and Save Configuration tab of the AP/BHM 11 Click Save Changes button.
Chapter 1: Configuration 12 Quick link setup Click the Reboot button. RESULT: The AP responds with the message Reboot Has Been Initiated… 13 Wait until the indicator LEDs are not red. 14 Trigger your browser to refresh the page until the AP redisplays the General Status tab. 15 Wait until the red indicator LEDs are not lit.
Chapter 1: Configuration Quick link setup If you enter a time and date, the format for entry is Figure 8 Time and date entry formats Time: hh / mm / ss Date: MM / dd / yyyy where hh mm ss MM dd yyyy represents the represents the represents the represents the represents the represents the two-digit hour in the range 00 to 24 two-digit minute two-digit second two-digit month two-digit day four-digit year Proceed with the time setup as follows.
Chapter 1: Configuration Quick link setup Viewing the Session Status of the AP/BHM to determine test registration Once the SMs/BHS under test are powered on, return to the computing device to determine if the SM/BHS units have registered to the AP/BHM. Note In order for accurate power level readings to be displayed, traffic must be present on the radio link. The Session Status tab provides information about each SM/BHS that has registered to the AP/BHM.
Chapter 1: Configuration Quick link setup Procedure 7 Viewing the AP Session Status page 1 On the AP web management GUI, navigate to Home, Session Status: Figure 9 Session Status tab of AP Note Session status page for BHM is same as AP. 2 Verify that for each SM (or BHS) MAC address (printed on the SM/BHS housing) the AP/BHM has established a registered session by verifying the “State” status of each entry. The Session Status page of the AP/BHM is explained in Table 2.
Chapter 1: Configuration Quick link setup Table 2 Session Status Attributes – AP Attribute Meaning Show Idle Sessions Idle subscribers may be included or removed from the session status display by enabling or disabling, respectively, the Show Idle Sessions parameter. Enabling or disabling this parameter only affects the GUI display of subscribers, not the registration status. Last Session Counter This field displays date and time stamp of last session counter reset.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Configuring IP and Ethernet interfaces This task consists of the following sections: • Configuring the IP interface on page 1-24 • Auxiliary port on page 1-27 • NAT, DHCP Server, DHCP Client and DMZ on page 1-28 • IP interface with NAT disabled on page 1-33 • IP interface with NAT enabled on page • NAT tab with NAT disabled on page 1-36 • NAT tab with NAT enabled on page 1-39 • NAT DNS Considerations on page 1-44 • DHCP – BHS
Chapter 1: Configuration Configuring IP and Ethernet interfaces Configuring the IP interface The IP interface allows users to connect to the 450 Platform Family web interface, either from a locally connected computer or from a management network. Applicable products PMP: AP SM PTP: BHM BMS To configure the IP interface, follow these instructions: Procedure 8 Configuring the AP/BHM IP interface 1 Select menu option Configuration > IP.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Table 3 IP interface attributes Attribute Meaning IP Address Internet Protocol (IP) address. This address is used by family of Internet protocols to uniquely identify this unit on a network. Subnet Mask Defines the address range of the connected IP network. Gateway IP Address The IP address of a computer on the current network that acts as a gateway. A gateway acts as an entrance and exit to packets from and to other networks.
Chapter 1: Configuration Configuring IP and Ethernet interfaces the management interface of the device. DNS servers may be configured automatically from the DHCP response when DHCP is enabled for the management interface of the device. Optionally devices may be configured to set the DNS server IP address manually when DHCP is enabled for the management interface. The default DNS IP addresses are 0.0.0.0 when configured manually. Preferred DNS Server The first address used for DNS resolution.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Auxiliary port An additional Ethernet port labeled “Aux” for Auxiliary port is implemented for downstream traffic. This feature is supported only for PTP/PMP 450i ODUs. To enable the Aux port, follow these instructions: Procedure 9 Enabling Aux port interface 1 Select menu option Configuration > IP > Aux Network Interface tab.
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT, DHCP Server, DHCP Client and DMZ Applicable products PMP: SM The system provides NAT (Network Address Translation) for SMs in the following combinations of NAT and DHCP (Dynamic Host Configuration Protocol): • NAT Disabled • NAT with DHCP Client (DHCP selected as the Connection Type of the WAN interface) and DHCP Server • NAT with DHCP Client(DHCP selected as the Connection Type of the WAN interface) • NAT with DHCP Server
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT Disabled The NAT Disabled implementation is illustrated in Figure 10. Figure 10 NAT disabled implementation NAT with DHCP Client and DHCP Server The NAT with DHCP Client and DHCP server is illustrated in Figure 11.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Figure 11 NAT with DHCP client and DHCP server implementation NAT with DHCP Client Figure 12 NAT with DHCP client implementation Page 1-30
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT with DHCP Server Figure 13 NAT with DHCP server implementation NAT without DHCP Figure 14 NAT without DHCP implementation Page 1-31
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT and VPNs VPN technology provides the benefits of a private network during communication over a public network. One typical use of a VPN is to connect employees remotely (who are at home or in a different city), with their corporate network through a public Internet. Any of several VPN implementation schemes is possible.
Chapter 1: Configuration Configuring IP and Ethernet interfaces IP interface with NAT disabled - SM The IP page of SM with NAT disabled is explained in Table 6. Table 6 IP attributes - SM with NAT disabled Attribute Meaning IP Address Enter the non-routable IP address to associate with the Ethernet connection on this SM. (The default IP address from the factory is 169.254.1.1.) If you forget this parameter, you must both: • physically access the module.
Chapter 1: Configuration Configuring IP and Ethernet interfaces If the DHCP state parameter is set to Enabled in the Configuration > IP submenu of the SM/BHS, do not check the BootpClient option for Packet Filter Types in its Protocol Filtering tab, because doing so can block the DHCP request. (Filters apply to all packets that leave the SM via its RF interface, including those that the SM itself generates.
Chapter 1: Configuration Configuring IP and Ethernet interfaces IP interface with NAT enabled - SM The IP page of SM with NAT enabled is explained in Table 7. Table 7 IP attributes - SM with NAT enabled Attribute Meaning IP Address Assign an IP address for SM/BHS management through Ethernet access to the SM/BHS. Set only the first three bytes. The last byte is permanently set to 1. This address becomes the base for the range of DHCP-assigned addresses. Subnet Mask Assign a subnet mask of 255.255.
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT tab with NAT disabled - SM The NAT tab of SM with NAT disabled is explained in Table 8.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Attribute Meaning NAT Enable/Disable This parameter enables or disables the Network Address Translation (NAT) feature for the SM. NAT isolates devices connected to the Ethernet or wired side of a SM from being seen directly from the wireless side of the SM.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Note When NAT is disabled, the following parameters are not required to be configurable: WAN Inter face > Connection Type, IP Address, Subnet Mask, Gateway IP address LAN Interface > IP Address LAN DHCP Server > DHCP Server Enable/Disable, DHCP Server Lease Timeout, Number of IP’s to Lease, DNS Server Proxy, DNS IP Address, Preferred DNS IP address, Alternate DNS IP address Remote Management Interface > Remote Management Interface, IP address
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT tab with NAT enabled - SM The NAT tab of SM with NAT enabled is explained in Table 9.
Chapter 1: Configuration Attribute NAT Enable/Disable Configuring IP and Ethernet interfaces Meaning This parameter enables or disabled the Network Address Translation (NAT) feature for the SM. NAT isolates devices connected to the Ethernet or wired side of a SM from being seen directly from the wireless side of the SM.
Chapter 1: Configuration DMZ IP Address Configuring IP and Ethernet interfaces If you enable DMZ in the parameter above, set the last byte of the DMZ host IP address to use for this SM when DMZ is enabled. Only one such address is allowed. The first three bytes are identical to those of the NAT private IP address. Ensure that the device that receives network traffic behind this SM is assigned this address. The system provides a warning if you enter an address within the range that DHCP can assign.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Alternate DNS IP Enter the DNS IP address to use when the DNS IP Address parameter is set Address to Set Manually and no response is received from the preferred DNS IP address.
Chapter 1: Configuration Gateway IP Address Configuring IP and Ethernet interfaces If Static IP is set as the Connection Type of the WAN interface, then this parameter configures the gateway IP address for the SM for RF management traffic. Note or print the IP settings from this page. Ensure that you can readily associate these IP settings both with the module and with the other data that you store about the module.
Chapter 1: Configuration Configuring IP and Ethernet interfaces NAT DNS Considerations - SM SM DNS behavior is different depending on the accessibility of the SM. When NAT is enabled the DNS configuration that is discussed in this document is tied to the RF Remote Configuration Interface, which must be enabled to utilize DNS Client functionality. Note that the WAN DNS settings when NAT is enabled are unchanged with the addition of the management DNS feature discussed in this document.
Chapter 1: Configuration Configuring IP and Ethernet interfaces DHCP enables a device to be assigned a new IP address and TCP/IP parameters, including a default gateway, whenever the device reboots. Thus, DHCP reduces configuration time, conserves IP addresses, and allows modules to be moved to a different network within the Cambium system. In conjunction with the NAT features, each BHS provides: • A DHCP server that assigns IP addresses to computers connected to the BHS by Ethernet protocol.
Chapter 1: Configuration Configuring IP and Ethernet interfaces VLAN ID Remarking SM supports the ability to re-mark the VLAN ID on both upstream and downstream VLAN frames at the Ethernet interface. For instance, a configuration can be added to re-mark VLAN ID ‘x’ to VLAN ID ‘y’ as shown in Table 12. AP does not support VLAN ID remarking.
Chapter 1: Configuration Configuring IP and Ethernet interfaces The priority bits used in the Q-tag/C-tag are configurable. The configuration can be: • • Promote IPv4/IPv6 priority – The priority in the IP header is copied to the Q-tag/C-tag. Define priority – Specify the priority in the range of 0 to 7. This value is used as priority in the Qtag/C-tag.
Chapter 1: Configuration Configuring IP and Ethernet interfaces VLAN page of AP The VLAN tab of the AP/BHM is explained in Table 13. Table 13 AP/BHM VLAN tab attributes Attribute Meaning VLAN Specify whether VLAN functionality for the AP and all linked SMs must (Enabled) or may not (Disabled) be allowed. The default value is Disabled. Always use Local Enable this option before you reboot this AP as a SM to use it to perform VLAN Config spectrum analysis.
Chapter 1: Configuration Attribute VLAN Aging Timeout Configuring IP and Ethernet interfaces Meaning Specify how long the AP must keep dynamically learned VIDs. The range of values is 5 to 1440 (minutes). The default value is 25 (minutes). Note VIDs that you enter for the Management VID and VLAN Membership parameters do not time out. Management VID Enter the VID that the operator wishes to use to communicate with the module manager. The range of values is 1 to 4095. The default value is 1.
Chapter 1: Configuration VLAN Not Active Configuring IP and Ethernet interfaces When VLAN is enabled in the AP, the Active Configuration block provides the following details as read-only information in this tab. In the Cambium fixed wireless broadband IP network, each device of any type is automatically a permanent member of VID 1. This facilitates deployment of devices that have VLAN enabled with those that do not.
Chapter 1: Configuration Configuring IP and Ethernet interfaces VLAN page of SM The VLAN tab of SM/BHS is explained in Table 15.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Attribute Meaning VLAN Port Type By default, this is Q, indicating that it is to operate in the existing manner. The other option is Q-in-Q, which indicates that it must be adding and removing the S-Tag, and adding a C-Tag if necessary for untagged packets. The VLAN Port type corresponds to the Ethernet port of the SM/BHS. Currently, the internal management interfaces will always operate as Q ports.
Chapter 1: Configuration SM Management VID Pass-through Configuring IP and Ethernet interfaces Specify whether to allow the SM/BHS (Enabled) or the AP/RADIUS (Disabled) to control the VLAN settings of this SM. The default value is Enabled. When VLAN is enabled in the AP to whom this SM is registered, the Active Configuration block provides the following details as read-only information in this tab.
Chapter 1: Configuration Active Configuration, Configuring IP and Ethernet interfaces This is the value of the parameter of the same name, configured above. Default Port VID Active Configuration, This is the listing of the MAC address VIDs configured in Port VID MAC MAC Address VID Address Mapping. Map Active Configuration, This is the value of the parameter of the same name, configured above.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Dynamic type - Age reflects what is configured in the VLAN Aging Timeout parameter in the Configuration => VLAN tab of the AP or reflects a fewer number of minutes that represents the difference between what was configured and what has elapsed since the VID was learned. Each minute, the Age decreases by one until, at zero, the AP deletes the learned VID, but can it again from packets sent by elements that are beneath it in the network.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Attribute Meaning VLAN Membership For each VLAN in which you want the AP to be a member, enter the VLAN Table Configuration ID and then click the Add Member button. Similarly, for any VLAN in which you want the AP to no longer be a member, enter the VLAN ID and then click the Remove Member button. VLAN configuration for PTP Applicable products PTP: BHM BMS VLAN page of BHM The VLAN tab of BHS is explained in Table 17.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Management VID Enter the VID that the BHS must share with the BHM. The range of values is 1 (Range 1-4094) to 4095. The default value is 1. Default Port VID This is the VID that is used for untagged frames and corresponds to the Q- (Range 1-4094) Tag for 802.1Q frames (if VLAN Port Type is Q), or the C-Tag for 802.1ad frames (if the VLAN Port Type is Q-in- Q). QinQ Ether Type Modules can be configured with 802.
Chapter 1: Configuration Configuring IP and Ethernet interfaces VLAN page of BHS The VLAN tab of BHS is explained in Table 18. Table 18 BHS VLAN page attributes Attribute Meaning VLAN Specify whether VLAN functionality for the BHM and all linked BHS must be (Enabled) or may not (Disabled) be allowed. The default value is Disabled. VLAN Port Type By default, this is Q, indicating that it is to operate in the existing manner.
Chapter 1: Configuration Configuring IP and Ethernet interfaces PPPoE page of SM Applicable products PMP: SM Point-to-Point Protocol over Ethernet (PPPoE) is a protocol that encapsulates PPP frames inside Ethernet frames (at Ethernet speeds).
Chapter 1: Configuration Configuring IP and Ethernet interfaces Table 19 SM PPPoE attributes Attribute Meaning Access Concentrator An optional entry to set a specific access concentrator to connect to for the PPPoE session. If this is blank, the SM will accept the first access concentrator which matches the service name (if specified). This is limited to 32 characters. Service Name An optional entry to set a specific service name to connect to for the PPPoE session.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Use User Defined MTU allows the operator to specify an MTU value to use to override any MTU that may be determined in the LCP phase of PPPoE session setup. If this is selected, the user is able to enter an MTU value up to 1492. However, if the MTU determined in LCP negotiations is less than this user-specified value, the SM will use the smaller value as its MTU for the PPPoE link. Timer Type Keep Alive is the default timer type.
Chapter 1: Configuration Configuring IP and Ethernet interfaces IP4 and IPv6 Applicable products PMP: AP SM PTP: BHM BMS IPv4 and IPv6 Prioritization 450 Platform Family provides operators the ability to prioritize IPv6 traffic in addition to IPv4 traffic. IPv6/IPv4 prioritization can be configured by selecting a CodePoint and the corresponding priority from the GUI of the AP/BHM and the IPv6/IPv4 packet is set up accordingly. There is no GUI option for selecting IPv6 or IPv4 priority.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Attribute Meaning Codepoints 1 through The PMP family of APs support four levels of QoS.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Configuring IPv4 and IPv6 Filtering IPv6 filters are set using the Protocol Filtering tab on the AP/BHM and SM/BHS (at Configuration > Protocol Filtering). Once a filter is set for a packet type, those packets will not be sent over the RF interface depending on “Filter Direction” setting.
Chapter 1: Configuration Configuring IP and Ethernet interfaces Table 21 Packet Filter Configuration attributes Attribute Meaning Packet Filter Types For any box selected, the Protocol and Port Filtering feature blocks the associated protocol type. To filter packets in any of the user-defined ports, you must do all of the following: • Check the box for User Defined Port n (See Below) in the Packet Filter Types section of this tab. • Provide a port number at Port #n.
Chapter 1: Configuration Configuring IP and Ethernet interfaces • Enable TCP and/or UDP by clicking the associated radio button Filter Direction Operators may choose to filter upstream (uplink) RF packets or downstream (downlink) RF packets. User Defined Port Filtering Configuration You can specify ports for which to block subscriber access, regardless of whether NAT is enabled.
Chapter 1: Configuration Upgrading the software version and using CNUT Upgrading the software version and using CNUT This section consists of the following procedures: • Checking the installed software version on page 1-67 Upgrading to a new software version on page 1-67 Caution If the link is operational, ensure that the remote end of the link is upgraded first using the wireless connection, and then the local end can be upgraded. Otherwise, the remote end may not be accessible. Use CNUT 4.11.
Chapter 1: Configuration Upgrading the software version and using CNUT Note Please ensure that you have the most up-to-date version of CNUT by browsing to the Customer Support Web Page located: https://www.cambiumnetworks.com/products/software-tools/cambium-networkupdater-tool/ This section includes an example of updating a single unit before deployment.
Chapter 1: Configuration • Upgrading the software version and using CNUT An md5 checksum calculator utility for identifying corruption of downloaded image files before Network Updater is set to apply them. Network element groups With the Canopy Network Updater Tool, you can identify element groups composed of network elements that you select. Identifying these element groups does the following: • Organizes the display of elements (for example, by region or by AP/BHM cluster).
Chapter 1: Configuration Upgrading the software version and using CNUT Software dependencies for CNUT CNUT functionality requires • • one of the following operating systems o Windows® 2000 o Windows Server 2003 o Windows 7 and Windows 8 o Windows XP or XP Professional o Red Hat Enterprise Linux (32-bit) Version 4 or 5 Java™ Runtime Version 2.0 or later (installed by the CNUT installation tool) CNUT download CNUT can be downloaded together with each system release that supports CNUT.
Chapter 1: Configuration General configuration General configuration The Configuration > General page of the AP/BMH or BHM/BHS contains many of the configurable parameters that define how the ratios operate in sector or backhaul. Applicable products PMP: AP PMP 450m and PMP/PTP 450i Series General page - PMP 450i AP The General page of AP is explained in Table 22.
Chapter 1: Configuration General configuration Attribute Meaning Ethernet Port Ethernet Port selection is applicable to the 450m platform only with two Selection choices in the drop-down list: • Main: A selection of main indicates that link connectivity and power to the 450m is provided through the RF45 connection on the Main port of the AP • SFP: A selection of SFP indicates that link connectivity will be provided through the SFP port on the 450m Power continues to be provided via the RJ45 Main
Chapter 1: Configuration PoE Classification (PMP 450i Series only) General configuration This is supported only on 450i series devices. PoE Classification configuration status also can be check under home > General > Device Information tab: Configuration Source See Setting the Configuration Source on page 1-246.
Chapter 1: Configuration Translation Bridging General configuration Optionally, you can configure the AP to change the source MAC address in every packet it receives from its SMs to the MAC address of the SM that bridged the packet, before forwarding the packet toward the public network. If you do, then: Not more than 128 IP devices at any time are valid to send data to the AP from behind the SM.
Chapter 1: Configuration General configuration Block and Forward SM Packets to Backbone - This not only prevents multicast/broadcast and unicast SM-to-SM communication but also sends the packets, which otherwise are handled SM to SM, through the Ethernet port of the AP. Forward Unknown Enabled: All unknown Unicast packets (no entry in the AP’s bridge table) Unicast Packets received via the AP’s Ethernet LAN interface are forwarded to registered SMs.
Chapter 1: Configuration DHCP Server (Name or IP Address) General configuration The DHCP relay server may be either a DNS name or a static IP address in dotted decimal notation. Additionally, the management DNS domain name may be toggled such that the name of the DHCP relay server only needs to be specified and the DNS domain name is automatically appended to that name. The default DHCP relay server addresses are 255.255.255.255 with the appending of the DNS domain name disabled.
Chapter 1: Configuration General configuration • $apsn$ - AP Site Name (may be truncated to 32 chars) • $smsn$ - SM Site Name (may be truncated to 32 chars) • $smvid$ - SM Port VID in ascii format, leading 0 included, 4 chars long • $smvidbi$ - SM Port VID in hex format (2 bytes) • $smluid$ - SM LUID Default value is $smvidbi$ Note: Overall expanded Option 82 data is limited to 255 bytes.
Chapter 1: Configuration General configuration Attribute Meaning Trial Mode This parameter allows to enable or disable Trial mode for radios with a Limited key. Once the trial key is applied, the 30-day trial can be enabled or disabled at any time. For information about remaining attributes, refer Table 22.
Chapter 1: Configuration General configuration General page - PMP 450i SM The General page of PMP 450i SM is explained in Table 24. The General page of PMP 450 SM looks the same as PMP 450i SM. Table 24 General page attributes – PMP 450i SM Attribute Meaning Link Speeds From the drop-down list of options, select the type of link speed for the Ethernet connection. The default for this parameter is that all speeds are selected.
Chapter 1: Configuration General configuration PoE Classification configuration status also can be check under home > General > Device Information tab: Ethernet Link Specify whether to enable or disable Ethernet/802.3 connectivity on the Enable/Disable wired port of the SM. This parameter has no effect on the wireless link. When you select Enable, this feature allows traffic on the Ethernet/802.3 port. This is the factory default state of the port.
Chapter 1: Configuration General configuration Caution This parameter governs the timeout interval, even if a router in the system has a longer timeout interval. The default value of this field is 25 (minutes). An inappropriately low Bridge Entry Timeout setting may lead to temporary loss of communication with some end users. Bridge Table Size This parameter allows to restrict devices to connect to the SM. It is configurable from 4 to 4096.
Chapter 1: Configuration General configuration General page - PTP 450i BHM The General page of BHM is explained in Table 25. The General page of PTP 450 BHM looks the same as PTP 450i BHM.
Chapter 1: Configuration Attribute Timing Mode General configuration Meaning Allows the user to choose the mode between Timing Master and Timing Slave. Link Speed See Table 22 General page attributes – PMP 450i AP on page 1-71 802.3at Type 2 PoE When the PoE Classification functionality is enabled and if Type 2 power is not present, the PAs do not power up and draw too much power.
Chapter 1: Configuration General configuration Latitude Longitude Height General page - PTP 450i BHS The General page of PTP 450i BHS is explained in Table 26. The General page of PTP 450 BHS looks the same as PTP 450i BHS.
Chapter 1: Configuration Attribute Timing Mode General configuration Meaning Allows the user to choose the mode between Timing Master and Timing Slave. Link Speed From the drop-down list of options, select the type of link speed for the Ethernet connection. The default for this parameter is that all speeds are selected. The recommended setting is a single speed selection for all BHMs and BHSs in the operator network. 802.
Chapter 1: Configuration General configuration Caution This parameter governs the timeout interval, even if a router in the system has a longer timeout interval. The default value of this field is 25 (minutes). An inappropriately low Bridge Entry Timeout setting may lead to temporary loss of communication with some end users.
Chapter 1: Configuration General configuration General page – PMP 450b SM The General page of PMP 450b SM is explained in Table 27. The General page of PMP 450b SM looks the same as PMP 450i SM.
Chapter 1: Configuration General configuration Attribute Meaning Link Mode • Multipoint: Select this option to configure the device as a multipoint SM. • Backhaul: Select this option to configure the device as a Backhaul. Timing Mode • Timing Master: Select this option when Link Mode parameter is set to Backhaul. • Timing Slave: Select this option when Link Mode parameter is set to Multipoint.
Chapter 1: Configuration General configuration Webpage Auto Enter the frequency (in seconds) for the web browser to automatically Update refresh the web-based interface. The default setting is 0. The 0 setting causes the web-based interface to never be automatically refreshed. Bridge Entry Timeout Specify the appropriate bridge timeout for correct network operation with the existing network infrastructure.
Chapter 1: Configuration General configuration Latitude Physical radio location data may be configured via the Latitude, Longitude Longitude and Height fields. Height Latitude and Longitude is measured in Decimal Degree while the Height is calculated in Meters. PTP 450b BHM Table 28 General page attributes – PMP 450b BHM Attribute Meaning Link Speed From the drop-down list of options, select the type of link speed for the Ethernet connection.
Chapter 1: Configuration General configuration Attribute Meaning Free Run Before GPS Sync See Configuring synchronization on page 1-107 Region This field displays the AP’s configured Country Code setting. Country This parameter allows you to set the country in which the radio will operate. The SM radio automatically inherits the Country Code type of the master. This behavior ignores the value of the Country parameter in the SM, even when the value is None.
Chapter 1: Configuration General configuration Attribute Meaning Update Application Address Enter the address of the server to access for software updates on this Prioritize TCP ACK To reduce the likelihood of TCP acknowledgement packets being BHM and registered BHS. dropped, set this parameter to Enabled. This can improve throughput that the end user perceives during transient periods of congestion on the link that is carrying acknowledgements.
Chapter 1: Configuration General configuration Attribute Meaning Link Mode Backhaul to run the radio in PTP mode. Multipoint to run radio in PMP SM mode. Timing Mode Allows the user to choose the mode between Timing Master and Timing Slave. Frequency Band Select the desired operating frequency band. Frequency Carrier Specify the frequency for the module to transmit. The default for this parameter is None. For a list of channels in the band, see the dropdown list on the radio GUI.
Chapter 1: Configuration General configuration Attribute Meaning Uplink Maximum Modulation Rate This pull-down menu helps in configuring the Uplink Maximum Modulation Rate at a configurable rate of 1X, 2X, 3X, 4X, 6X, or 8X. The default value is “8X”. The Rate Adapt Algorithm does not allow the modulation to go beyond this limit. Minimum Modulation Rate This pull-down menu helps in configuring the Minimum Modulation Rate at a configurable rate of 1X, 2X, 3X, 4X, 6X, or 8X. The default value is “1X”.
Chapter 1: Configuration General configuration PMP/PTP 450 Series Note Refer Table 22 and Table 24 for PMP 450 AP/SM General page parameters details.
Chapter 1: Configuration General configuration General page - PMP 450 SM Figure 16 General page attributes - PMP 450 SM Page 1-96
Chapter 1: Configuration General configuration General page – PTP 450 BHM Figure 17 General page attributes - PTP 450 BHM Page 1-97
Chapter 1: Configuration General configuration General page – PTP 450 BHS Figure 18 General page attributes - PTP 450 BHS Page 1-98
Chapter 1: Configuration Configuring Unit Settings page Configuring Unit Settings page Applicable products PMP: AP SM PTP: BHM BMS The Unit Settings page of the 450 Platform Family contains following options: • Unit-Wide Changes • Download Configuration File • Upload and Apply Configuration File (for AP and BHM) • LED Panel Settings (for SM and BHS) Note LED Panel setting is applicable for SM and BHS only.
Chapter 1: Configuration Configuring Unit Settings page Unit Settings page of 450 Platform Family - AP/BHM The Unit Setting page of AP/BHM is explained in Table 30. Table 30 Unit Settings attributes – 450 Platform Family AP/BHM Attribute Meaning Set to Factory If Enabled is checked, then the default mode functions is enabled. When the Defaults Upon Default module is rebooted with Default mode enabled, it can be accessed at the IP Mode Detection address 169.254.1.
Chapter 1: Configuration Configuring Unit Settings page Note This can be reverted by selecting "Undo Unit-Wide Saved Changes", before rebooting the radio, though this is not recommended. Password This allows to provide encrypted password for a given password. On click of ‘Encrypt the password’ button, the Encrypted Password field will display encrypted value of entered plain text password in ‘Password’ field. Configuration File This allows to download the configuration file of the radio.
Chapter 1: Configuration Configuring Unit Settings page Unit Settings page of PMP/PTP 450i SM/BHS The Unit Settings page of PMP/PTP 450i SM/BHS is explained in Table 31. Table 31 SM Unit Settings attributes Attribute Meaning Set to Factory See Table 30 Unit Settings attributes – 450 Platform Family AP/BHM on Defaults Upon Default page 1-100 Plug Detection LED Panel Settings Legacy Mode configures the radio to operate with standard LED behavior.
Chapter 1: Configuration Setting up time and date Setting up time and date Time page of 450 Platform Family - AP/BHM Applicable products PMP: AP PTP: BHM The Time page of 450 Platform Family AP/BHM is explained in Table 32.
Chapter 1: Configuration Setting up time and date • A separate NTP server (including APs/BHMs receiving NTP data) is addressable from the AP/BHM. If the AP/BHM needs to obtain time and date from a CMM4, or a separate NTP server, enter the IP address or DNS name of the CMM4 or NTP server on this tab. To force the AP/BHM to obtain time and date before the first (or next) 15-minute interval query of the NTP server, click Get Time via NTP.
Chapter 1: Configuration Configuring synchronization Configuring synchronization Applicable products PMP: AP PTP: BHM Sync Input This section describes synchronization options for PMP and PTP configuration. Figure 19 Sync Setting configuration The Sync Input parameter can be configured under Sync Setting tab of Configure > General page (see General configuration on page 1-71).
Chapter 1: Configuration Configuring synchronization In case of PMP, when there are synchronization sources on both the timing port and the power port, the power port GPS source is chosen first. If no valid GPS signal is received, the AP/BHM ceases transmission and SM/BHS registration is lost until a valid GPS signal is received again on the AP or BHM. Note After a reboot of 450m AP, the sync acquisition takes a little longer than it had on 450i (anywhere from 40 seconds to 120 seconds difference).
Chapter 1: Configuration Configuring synchronization When an AP/BHM has its "Regional Code" set to "None", The radio will not provide valid Sync Pulse Information. There is a RED warning that the radio will not transmit, but the user might expect to see a valid sync if the radio is connected to a working CMM4 or UGPS. Free Run Before GPS Sync This option is available when the Sync Input parameter is configured for either AutoSync mode or AutoSync + Free Run mode.
Chapter 1: Configuration Configuring synchronization Aux Port Power to UGPS The 450 series APs are capable of supplying power to a connected UGPS or cnPulse module via the Aux/Timing Port. Enable the Aux Port Power to UGPS parameter to output power on the port. Note The AP is able to receive GPS sync pulses and satellite data via the Aux Port regardless of whether this parameter is Enabled or Disabled.
Chapter 1: Configuration Configuring security Configuring security Perform this task to configure the 450 Platform system in accordance with the network operator’s security policy.
Chapter 1: Configuration Configuring security Managing module access by password Applicable products PMP: AP SM PTP: BHM BMS See Managing module access by password in Planning and installation Guide. Adding a User for Access to a module The Account > Add User page allows to create a new user for accessing 450 Platform Family AP/SM/BHM/BHS. The Add User page is explained in Table 33. Table 33 Add User page of account page - AP/ SM/BH Attribute Meaning User Name User Account name.
Chapter 1: Configuration Configuring security Deleting a User from Access to a module The Account > Delete User page provides a drop-down list of configured users from which to select the user you want to delete. The Delete User page is explained in Table 34. Table 34 Delete User page - 450 Platform Family - AP/ SM/BH Attribute User Meaning Select a user from drop-down list which has to be deleted and click Delete button. Accounts that cannot be deleted are • the current user's own account.
Chapter 1: Configuration Update Password tab Configuring security This tab provides a drop-down list of configured users from which a user is selected to change password. Update Mode tab This tab facilitates to convert a configured user to a Read-Only user. General Status This tab enables and disables visibility of General Status Page for all Guest Permission tab users.
Chapter 1: Configuration Configuring security Overriding Forgotten IP Addresses or Passwords on AP and SM See Radio Recovery on page 3-89 Isolating from the internet – APs/BHMs Applicable products PMP: AP PTP: BHM BHM See Isolating AP/BHM from the Internet in Planning and Installation Guide. Encrypting radio transmissions Applicable products PMP: AP SM See Encryption radio transmission in Planning and Installation Guide.
Chapter 1: Configuration Configuring security Requiring SM Authentication Applicable products PMP: AP SM Through the use of a shared AP key, or an external RADIUS (Remote Authentication Dial In User Service) server, it enhances network security by requiring SMs to authenticate when they register. For descriptions of each of the configurable security parameters on the AP, see Configuring Security on page 1-125.
Chapter 1: Configuration Configuring security Filtering protocols and ports Applicable products PMP: AP SM PTP: BHM BMS The filtering protocols and ports allows to configure filters for specified protocols and ports from leaving the AP/SM/BHM/BHS and entering the network. See Filtering protocols ans ports in Planning and Installation Guide. Protocol filtering page of 450 Platform Family AP/BHM The Protocol Filtering page of 450 Platform Family - AP/BHM is explained in Table 37.
Chapter 1: Configuration Configuring security Attribute Meaning Packet Filter Types For any box selected, the Protocol and Port Filtering feature blocks the associated protocol type. To filter packets in any of the user-defined ports, must do all of the following: Check the box for User Defined Port n (See Below) in the Packet Filter Types section of this tab. In the User Defined Port Filtering Configuration section of this tab: Filter Direction • provide a port number at Port #n.
Chapter 1: Configuration Configuring security Protocol filtering page of SM/BHS The Protocol Filtering page of SM/BHS is explained in Table 38.
Chapter 1: Configuration Configuring security Port configuration 450 Platform Family ODUs support access to various communication protocols and only the ports required for these protocols are available for access by external entities. Operators may change the port numbers for these protocols via the radio GUI or SNMP. The Port Configuration page of the AP/SM/BHM/BHS is explained in Table 39.
Chapter 1: Configuration Configuring security Filtering management through Ethernet See Filtering management through Ethernet in Installation and Planning Guide. Allowing management only from specified IP addresses See Allowing management only from specified IP address in Installation and Planning Guide. Restricting radio Telnet access over the RF interface RF Telnet Access restricts Telnet access to the AP from a device situated below a network SM (downstream from the AP).
Chapter 1: Configuration Configuring security Figure 22). The figure below depicts a user attempting two telnet sessions. One is targeted for the AP (orange) and one is targeted for the network upstream from the AP (green). If RF Telnet Access is set to “Disabled” (factory default setting), the Telnet attempt from the user to the AP is blocked, but the attempt from the user to Network is allowed to pass through the Cambium network.
Chapter 1: Configuration Configuring security Figure 22 RF Telnet Access Restrictions (orange) and Flow through (green) Key Security Considerations when using the RF Telnet Access Feature To ensure that the network is fully protected from unauthorized AP Telnet sessions, the following topics must be considered: 1.
Chapter 1: Configuration Configuring security 2. Restricting AP RF Telnet Access AP Telnet access via the RF interface may be configured in two ways – the AP GUI and SNMP. 3.
Chapter 1: Configuration Configuring security Configuring SNMP Access The SNMPv3 interface provides a more secure method to perform SNMP operations. This standard provides services for authentication, data integrity and message encryption over SNMP. Refer to Planning of SNMPv3 operation in Planning and Installation Guide. Note The factory default setting for SNMP is “SNMPv2c Only”.
Chapter 1: Configuration 6 Configuring security Under GUI heading “SNMPv3 setting”, set Engine ID, SNMPv3 Security Level, SNMPv3 Authentication Protocol, SNMPv3 Privacy Protocol, SNMPv3 Read-Only User, SNMPv3 Read/Write User, SNMPv3 Trap Configuration parameters: Engine ID: Each radio (AP/SM/BHM/BHS) has a distinct SNMP authoritative engine identified by a unique Engine ID.
Chapter 1: Configuration Configuring security Configuring Security Applicable products PMP: AP Security page – 450 Platform Family AP The security page of AP is explained in Table 40.
Chapter 1: Configuration Configuring security Page 1-126
Chapter 1: Configuration Configuring security Attribute Meaning Authentication Mode Operators may use this field to select from among the following authentication modes: Disabled—the AP requires no SMs to authenticate. (Factory default). Authentication Server —the AP/BHM requires any SM/BHS that attempts registration to be authenticated in Wireless Manager before registration.
Chapter 1: Configuration Disable AES 128-bit Configuring security This option allows to disable the AES-128 encryption. When AES-128 Encryption is disabled, it prevents the use of AES-128 when encryption is enabled. Since changes to other attributes (e.g.
Chapter 1: Configuration Configuring security Authentication for ICC Enabled: SM authentication is disabled when SM connects via ICC (Installation Color Code). SMs Disabled: SM authentication is enabled. Encryption Setting Specify the type of airlink security to apply to this AP. The encryption Bypass setting must match the encryption setting of the SMs. None provides no encryption on the air link.
Chapter 1: Configuration Web Access Configuring security The Radio supports secured and non-secured web access protocols. Select suitable web access from drop-down list: • HTTP Only – provides non-secured web access. The radio to be accessed via http://. • HTTPS Only – provides a secured web access. The radio to be accessed via https://. • HTTP and HTTPS – If enabled, the radio can be accessed via both http and https.
Chapter 1: Configuration Configuring security Table 41 Security attributes –450 Platform Family BHM Page 1-131
Chapter 1: Configuration Configuring security Attribute Meaning Authentication Mode Operators may use this field to select from among the following authentication modes: Authentication Required: the BHS requires to be authenticated. Authentication Disabled: the BHM requires no BHS to authenticate. (Factory default).
Chapter 1: Configuration Configuring security Security Banner Notice User must accept security banner before login Security page - 450 Platform Family SM The security page of 450 Platform Family SM is explained in Table 42.
Chapter 1: Configuration Configuring security Page 1-134
Chapter 1: Configuration Configuring security Page 1-135
Chapter 1: Configuration Configuring security Attribute Meaning Authentication Key Only if the AP to which this SM will register requires authentication, specify 128-bit the 128-bit key that the SM will use when authenticating. For alpha characters in this 32-character hex key, use only upper case. Select Key 128-bit Refer Table 40 Security attributes –450 Platform Family AP on 1-125 for parameter details.
Chapter 1: Configuration Phase 2 Configuring security Select the desired Phase 2 (Inside Identity) authentication protocol from the Phase 2 options of PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), and MSCHAP (Microsoft’s version of CHAP, version 2 is used). The protocol must be consistent with the authentication protocol configured on the RADIUS server.
Chapter 1: Configuration Encryption Setting Configuring security Specify the type of airlink security to apply to this SM. The encryption setting must match the encryption setting of the AP. None provides no encryption on the air link. AES (Advanced Encryption Standard): An over-the-air link encryption option that uses the Rijndael algorithm and 128-bit keys to establish a higher level of security.
Chapter 1: Configuration Configuring security • HTTP Only – provides non-secured web access. The radio to be accessed via http://. • HTTPS Only – provides a secured web access. The radio to be accessed via https://. • HTTP and HTTPS – If enabled, the radio can be accessed via both http and https. SNMP This option allows to configure SNMP agent communication version. It can be selected from drop-down list : • SNMPv2c Only – Enables SNMP v2 community protocol.
Chapter 1: Configuration Configuring security Table 43 Security attributes - 450 Platform Family BHS Page 1-140
Chapter 1: Configuration Configuring security Attribute Meaning Authentication Key Only if the BHM to which this BHS registers requires an authentication, specify the key that the BHS will use when authenticating. For alpha characters in this hex key, use only upper case. Disable AES 128-bit Authentication Key Refer Table 40 Security attributes –450 Platform Family AP on 1-125 for parameter details.
Chapter 1: Configuration SNMP Configuring security This option allows to configure SNMP agent communication version. It can be selected from drop-down list: • SNMPv2c Only – Enables SNMP v2 community protocol. • SNMPv3 Only – Enables SNMP v3 protocol. It is secured communication protocol. • SNMPv2c and SNMPv3 – It enables both the protocols. Telnet This option allows to Enable and Disable Telnet access to the Radio. FTP This option allows to Enable and Disable FTP access to the Radio.
Chapter 1: Configuration Configuring 802.1X authentication Configuring 802.1X authentication IEEE 802.1x standard defines a client and server-based access control and authentication protocol. This protocol restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to SM's ethernet port and enables the port before making available any services offered by the SM, AP, and the network.
Chapter 1: Configuration Configuring 802.1X authentication 802.1x authentication page of SM The 802.1X Authentication page of SM is explained in Table 45. Table 45 802.1X authentication attributes –450 Platform Family SM Attribute Meaning 802.1x Bridging Mode This parameter specifies the bridging mode used by SM. It is disabled by default. Following are the available options for this parameter. • Disable 802.1x: Disable 802.1x authentication. • Require 802.1x for all traffic: 802.
Chapter 1: Configuration Configuring radio parameters Configuring radio parameters • PMP 450m Series – configuring radio on page 1-146 • PMP/PTP 450i Series – configuring radio on page 1-146 • PMP/PTP 450b Series - configuring radio on page 1-180 • PMP/PTP 450 Series – configuring radio on page 1-185 • Custom Frequencies page on page 1-204 • DFS for 5 GHz Radios on page 1-207 • MIMO-A mode of operation on page 1-213 • Improved PPS performance of 450 Platform Family on page 1-216 Page 1-145
Chapter 1: Configuration Configuring radio parameters PMP 450m Series – configuring radio Radio page - PMP 450m AP 5 GHz The Radio tab of the PMP 450m AP contains some of the configurable parameters that define how an AP operates. Note Only the frequencies available for your region and the selected Channel bandwidth are displayed.
Chapter 1: Configuration Configuring radio parameters Attribute Meaning Frequency Band Select the desired operating frequency band. Frequency Carrier Specify the frequency for the module to transmit. The default for this parameter is None. For a list of channels in the band, see the drop-down list on the radio GUI. Channel Bandwidth The channel size used by the radio for RF transmission. The setting for the channel bandwidth must match between the AP and the SM.
Chapter 1: Configuration Configuring radio parameters The time (in minutes) for a subscriber to rescan (if this AP is not configured with the SM‘s primary color code). This timer will only fire once – if the Subscriber Color Code Wait Period for Idle timer is configured with a nonzero value and the Subscriber Color Code Rescan expires, the Subscriber Color Code Wait Period for Idle is started.
Chapter 1: Configuration Configuring radio parameters • does not increase the power of transmission from the AP. • can reduce aggregate throughput. For example, with a 20 MHz channel and 2.5 ms frame, every additional 2.24 miles reduces the data air time by one symbol (around 1% of the frame). Regardless of this distance, the SM must meet the minimum requirements for an acceptable link. The parameters have to be selected so that there is no overlap between one AP transmitting and another AP receiving.
Chapter 1: Configuration Configuring radio parameters Adjacent Channel For some frequency bands and products, this setting is needed if AP is Support operating on adjacent channels with zero guard band. Multicast VC This pull-down menu of the Multicast VC screen helps in configuring multicast packets to be transmitted over a dedicated channel at a configurable rate of 2X, 4X or 6X. The default value is “Disable”.
Chapter 1: Configuration Configuring radio parameters Radio page - PMP 450m AP 3 GHz Table 47 PMP 450m AP Radio attributes - 3 GHz Page 1-151
Chapter 1: Configuration Attribute Configuring radio parameters Meaning Frequency Band Frequency Carrier Channel Bandwidth Frame Period Cyclic Prefix Color Code Subscriber Color Code Rescan (When not on a Primary Color Code) Subscriber Color Code Wait Period for Idle Installation Color Code Sector ID MIMO Rate Adapt Algorithm Refer Table 46 PMP 450m AP Radio attributes - 5 GHz for parameter details.
Chapter 1: Configuration Configuring radio parameters Multicast Data Channel Multicast Repeat Count Multicast Downlink Refer Table 46 PMP 450m AP Radio attributes - 5 GHz for parameter details.
Chapter 1: Configuration Configuring radio parameters PMP/PTP 450i Series – configuring radio Radio page - PMP 450i AP 3 GHz The Radio tab of the PMP 450i AP 3 GHz is shown in Figure 24.
Chapter 1: Configuration Configuring radio parameters Note Refer Table 48 PMP 450i AP Radio attributes - 5 GHz and Table 49 PMP 450i SM Radio attributes – 5 GHz on page 1-163 for parameter details Note Only the frequencies available for your region and the selected Channel bandwidth are displayed.
Chapter 1: Configuration Configuring radio parameters Radio page - PMP 450i AP 5 GHz The Radio tab of the PMP 450i AP contains some of the configurable parameters that define how an AP operates.