PMP 450 Planning Guide
Identity-based user accounts
When identity-based user accounts are configured, a security officer can define from one to four user accounts, each
of which may have one of the four possible roles:
•
ADMINISTRATOR, who has full read and write permissions. This is the level of the
root
and
admin
users,
as well as any other administrator accounts that one of them creates.
•
INSTALLER, who has permissions identical to those of ADMINISTRATOR except that the installer cannot
add or delete users or change the password of any other user.
•
TECHNICIAN, who has permissions to modify basic radio parameters and view informational web pages
•
GUEST, who has no write permissions and only a limited view of General Status tab
See
Table 57 Identity-based user account permissions - AP
Table 58 Identity-based user account
on page
for detailed information on account permissions.
Remote Authentication Dial In User Service (RADIUS)
The PMP 450 system includes support for RADIUS (Remote Authentication Dial In User Service) protocol
functionality including:
•
Authentication:
Allows only known SMs onto the network (blocking “rogue” SMs), and can be configured to
ensure SMs are connecting to a known network (preventing SMs from connecting to “rogue” APs). RADIUS
authentication is used for SMs, but not used for APs.
•
SM Configuration:
Configures authenticated SMs with MIR (Maximum Information Rate), High Priority, and
VLAN (Virtual LAN) parameters from the RADIUS server when an SM registers to an AP.
•
SM Accounting
provides support for RADIUS accounting messages for usage-based billing. This accounting
includes indications for subscriber session establishment, subscriber session disconnection, and bandwidth
usage per session for each SM that connects to the AP.
•
Centralized AP and SM user name and password management:
Allows AP and SM usernames and access
levels (Administrator, Installer, Technician) to be centrally administered in the RADIUS server instead of on
each radio and tracks access events (logon/logoff) for each username on the RADIUS server. This accounting
does not track and report specific configuration actions performed on radios or pull statistics such as bit counts
from the radios. Such functions require an Element Management System (EMS) such as Cambium Wireless
Manager. This accounting is not the ability to perform accounting functions on the subscriber/end
user/customer account.
•
Framed-IP-Address:
Operators may use a RADIUS server to assign management IP addressing to SM
modules.
SNMP
•
The management agent supports fault and performance management by means of an SNMP interface. The
management agent is compatible with SNMP v1 and SNMP v2c using 5 Management Information Base (MIB)
files which are available for download from the Cambium Networks Support website
https://support.cambiumnetworks.com/files/pmp450
1-50
pmp-0047 (March 2014)
Summary of Contents for PMP 450
Page 1: ...Cambium PMP 450 Planning Guide System Release 13 1 ...
Page 13: ...PMP 450 Planning Guide pmp 0047 March 2014 1 3 ...
Page 42: ...PMP 450 Planning Guide Figure 14 Custom Frequency tab of the SM 1 32 pmp 0047 March 2014 ...
Page 58: ...PMP 450 Planning Guide Figure 16 AP web based management screenshot 1 48 pmp 0047 March 2014 ...
Page 82: ...PMP 450 Planning Guide 1 72 pmp 0047 March 2014 ...
Page 155: ...PMP 450 Planning Guide pmp 0047 March 2014 1 145 ...