Cambium Networks 89FT0001 Dual Channel MIMO Subscriber Module User Manual PMP 450 Planning Guide
Cambium Networks Inc. Dual Channel MIMO Subscriber Module PMP 450 Planning Guide
Contents
- 1. Exhibit D Users Manual per 2 1033 b3
- 2. Channel Planning Guide
Channel Planning Guide
![Security planning Planning considerations 2-60 pmp-0047 (December 2012) Planning for RF Telnet Access Control The RF Telnet Access feature restricts Telnet access to the AP from a device situated below a network SM (downstream from the AP). This is a security enhancement to restrict RF-interface sourced AP access specifically to the LAN1 IP address and LAN2 IP address (Radio Private Address, typically 192.168.101.[LUID]). This restriction disallows unauthorized users from running Telnet commands on the AP that can change AP configuration or modifying network-critical components such as routing and ARP tables. Planning for RADIUS integration PMP 450 modules include support for the RADIUS (Remote Authentication Dial In User Service) protocol supporting Authentication, Authorization, and Accounting (AAA). RADIUS Functions RADIUS protocol support provides the following functions: • SM Authentication allows only known SMs onto the network (blocking “rogue” SMs), and can be configured to ensure SMs are connecting to a known network (preventing SMs from connecting to “rogue” APs). RADIUS authentication is used for SMs, but is not used for APs. Cambium modules support EAP-TTLS and EAP-MSCHAPv2 authentication methods. • SM Configuration: Configures authenticated SMs with MIR (Maximum Information Rate), CIR (Committed Information Rate), High Priority, and VLAN (Virtual LAN) parameters from the RADIUS server when an SM registers to an AP. • SM Accounting provides support for RADIUS accounting messages for usage-based billing. This accounting includes indications for subscriber session establishment, subscriber session disconnection, and bandwidth usage per session for each SM that connects to the AP. • Centralized AP and SM user name and password management allows AP and SM usernames and access levels (Administrator, Installer, Technician) to be centrally administered in the RADIUS server instead of on each radio and tracks access events (logon/logoff) for each username on the RADIUS server. This accounting does not track and report specific configuration actions performed on radios or pull statistics such as bit counts from the radios. Such functions require an Element Management System (EMS) such as Cambium Networks Wireless Manager. This accounting is not the ability to perform accounting functions on the subscriber/end user/customer account. • Framed IP allows operators to use a RADIUS server to assign management IP addressing to SM modules (framed IP address). Planning for SNMP security Canopy modules provide the following Configuration web page parameters in the SNMP tab. These govern SNMP access from the manager to the agent: • Community String, which specifies the password for security between managers and the agent. • Accessing Subnet, which specifies the subnet mask that allows managers to poll the agents.](https://usermanual.wiki/Cambium-Networks/89FT0001.Channel-Planning-Guide/User-Guide-1875106-Page-106.png)
