Task 5: Configuring security
Chapter 2: Configuration and alignment
2-62
pmp-0050 (May 2012)
authentication key, also known as authorization key and skey. This key matches in the SM and AP as the
Authentication Key
parameter, and in the Prizm database.
random number, generated by Prizm or BAM and used in each attempt by an SM to register and
authenticate. The network operator can view this number.
session key, calculated separately by the SM and Prizm or BAM, based on both the authentication key (or,
by default, the factory-set key) and the random number. Prizm or BAM sends the session key to the AP.
The network operator cannot view this key.
None of the above keys is ever sent in an over-the-air link during an SM registration attempt. However, with
the assumed security risk, the operator can create and configure the
Authentication Key
parameter. See
Filtering protocols and ports
You can filter (block) specified protocols and ports from leaving the SM and entering the network. This
protects the network from both intended and inadvertent packet loading or probing by network users. By
keeping the specified protocols or ports off the network, this feature also provides a level of protection to users
from each other.
Protocol and port filtering is set per SM. Except for filtering of SNMP ports, filtering occurs as packets leave
the SM. If an SM is configured to filter SNMP, then SNMP packets are blocked from entering the SM and,
thereby, from interacting with the SNMP portion of the protocol stack on the SM.
Port Filtering with NAT Enabled
Where NAT is enabled, you can filter only the three user-defined ports. The following are example situations in
which you can configure port filtering where NAT is enabled.
To block a subscriber from using FTP, you can filter Ports 20 and 21 (the FTP ports) for both the TCP and
UDP protocols.
To block a subscriber from access to SNMP, you can filter Ports 161 and 162 (the SNMP ports) for both
the TCP and UDP protocols.
In only the SNMP case, filtering occurs before the packet interacts with the protocol stack.
Protocol and Port Filtering with NAT Disabled
Where NAT is disabled, you can filter both protocols and the three user-defined ports. Using the check boxes
on the interface, you can either
allow all protocols except those that you wish to block.
block all protocols except those that you wish to allow.
You can allow or block any of the following protocols:
PPPoE (Point to Point Protocol over Ethernet)
Summary of Contents for PMP 450
Page 1: ...Cambium PMP 450 Configuration and User Guide System Release 12 0...
Page 6: ......
Page 22: ......
Page 172: ......
Page 173: ...PMP 450 Configuration and User Guide pmp 0050 May 2012 3 1 Chapter 3 Reference information...
Page 178: ......