FAQs

CradlePoint Services (21)

View category →

Purpose:

This article’s purpose is to prepare devices for activation and enrollment in Enterprise Cloud Manager (ECM).


Requirements:

ECM recommends devices run firmware version 5.1.1 (4.3.2 minimum). Only series three devices support this firmware (see: How to identify the Series of your CradlePoint router).

Note: The MBR95 does not support ECM, even though it does support firmware 4.3.2 and newer.


Directions:

  • Method 1 – Factory Reset and Upgrade
The absolute easiest way to establish ECM compatibility is to perform a factory reset on the device(s) and then upgrade straight to 4.4.0 or newer.Based on the device location, configuration requirements, and device workload this is not always a practical solution.
  • Method 2 – Incremental Firmware Upgrades
If there are existing device configurations on that cannot be reset, incremental firmware upgrades are highly recommended.Due to numerous configuration format changes over the years, firmware version older than 4.2.1 should be upgraded in a “stair-stepping” process; this reduces the likelihood of losing configuration settings.
Use the following sequence to upgrade device firmware versions:

 

WiPipe Central Firmware Stair-Stepping Sequence

          => 5.1.1
=> 4.4.0 (4.3.3 for CBR400 & CBR450)
=> 4.2.1
=> 4.0.3
=> 3.6.3
=> 3.5.1
=> 3.4.1
=> 3.3.0
3.2.4 (and older)

If the device is in between versions, start with the next version up. For instance, if the device is on 3.5.0, upgrade it to 3.5.1 first, and then continue up the stairs.

For procedures involving the upgrade of device firmware from WPC please visit: Getting Started with Enterprise Cloud Manager#Connecting to ECM: Upgrading Firmware

For procedures to manually upgrade device firmware see: Manually upgrade Series 3 CradlePoint firmware

Note: There is a known issue when manually upgrading from firmware version 4.2.0, this does not impact firmware upgrades from WPC or automatic (internet) upgrades. Details are in the 4.2.1 Firmware Release Notes.

Permalink

0 Comments - Leave a Comment

CradlePoint Enterprise Cloud Manager (ECM) provides multiple options for monitoring modem data usage: set up emailed Alerts when your modems reach user-defined data thresholds; get a quick, visual overview of your devices’ data usage with Dashboard; or run CSV Reports with data usage information.

Data usage is tracked in the routers, and that information is then sent to ECM at user-defined intervals (the default is 1 hour) for display in theDashboard or Reports; data usage Alerts aren’t affected by this usage sample interval because the information is pulled directly from the routers. The user-defined interval is a minimum: there are some event triggers that could cause additional data usage reports to be sent to ECM, such as heavy data usage. To change this interval, go to the Groups page in ECM and click on Settings in the top toolbar (the minimum value is 5 minutes). In the popup window that appears, ensure Enable Usage Reporting is selected and use the slider to edit the interval:

Data usage interval settings

There is a potential for some loss of data between the router and ECM if, for example, the router reboots before sending a usage sample.

CradlePoint recommends setting up data threshold Alerts for the most accurate, consistent information: receive an email whenever you reach one of your thresholds. For example, configure ECM to email you when your modem reaches 85% and 100% of your monthly data plan.

NOTE: The data usage numbers in ECM are strictly estimates and are dependent on information provided by the modem through the router: these may not match the carrier numbers. The carrier is the final authority for billing purposes. We recommend setting your thresholds lower than your billing allowances and regularly comparing the ECM numbers with the numbers from the carrier.

Setting Up Data Usage Alerts with ECM

Assign data cap thresholds

  1. Go to the Groups page in ECM (or Devices page to assign settings to an individual device instead of a group).
  2. Select a group and click on Configuration in the top toolbar and Edit in the drop-down menu.
    Open Groups configuration in ECM
  3. In the popup configuration window that appears, select Internet > Data Usage.
    Edit configuration window
  4. Make sure that Enable Data Usage is selected. Then under Template configuration, click Add to create a new data usage rule.
    Enable Data Usage
  5. Complete the fields in the popup window to create a data usage rule. Designate Assigned Usage in MB and select Send Alert on Cap to set ECM to send an email when your devices hit this threshold. Set up an additional alert by selecting Extra Email Alert and setting aPercent of Usage so that ECM will send an alert when the device’s data usage reaches this percentage of the usage threshold. For additional alerts, create another rule with a different usage threshold.
    Data Usage rule

Enable data usage alerts in ECM

  1. Go to the Alerts page in ECM. Select the Settings icon in the drop-down menu at the top of the page.
    Alerts page in ECM
  2. Click Add at the top left of the Alerts > Settings page in order to create a new alert notification rule.
  3. Complete the fields in the popup window to define your rule. Be sure to select Data Cap Threshold in the Alerts section.
    Adding an Alert Notification Rule
  4. Select one or more Users to create emailed notifications: otherwise the alerts you define will only appear in the Alerts > Log page.

NOTE: These emailed alerts come from ECM mail servers. You can alternatively set up router alerts through a separate SMTP server of your choice. In the Configuration window (under Groups or Devices), go to System Settings → Device Alerts. Configure your desired server in theSMTP Mail Server section.

Permalink

0 Comments - Leave a Comment

Quick Start


Basic Setup


1. Insert an activated SIM.

A wireless broadband data plan must be added to your CradlePoint AER 2100. Wireless broadband data plans are available from wireless carriers such as Verizon, AT&T, Sprint, EE, and Vodafone. The SIM must be provisioned with the carrier. Contact your carrier for details about selecting a data plan and about the process for provisioning your SIM.

Once you have an activated SIM, insert it into the integrated modem. Insert the SIM card into the slot marked SIM 1 (use the other slot, SIM 2, for a secondary/backup SIM).

image

Be sure to insert the card with the notch-end first and the gold contacts facing down – it will click into place.

image

2. Attach the integrated modem.

Follow these steps to attach the integrated modem:

1) Remove the left side panel cover from the router. Use a Phillips screwdriver to remove the screws, and use the Multipurpose Retaining Tool (included in the router package) to remove the cover.

image

2) Slide the modem into the side of the router. The protruding section of the green board fits into the groove.

image

3) Reattach the panel cover and screw it back on. (When necessary, remove the cover and modem using the Multipurpose Retaining Tool.)

3. Attach the WiFi and modem antennas.

Attach the three WiFi antennas (included) and two modem antennas to the connectors. Antennas are jointed, which enables you to position them for optimal signal. To attach, hold the antenna straight and twist the base of the antenna to connect, folding the joint if needed.

Examples of suggested antenna orientations:

Desk Mount

image

Wall Mount

image

Care should be taken to ensure that the router antennas are not near metal or other RF reflective surfaces.

4. Connect the power source.

Plug the provided power supply (12V DC wall adapter) into an electrical outlet. Then connect the power supply to the router.

image

Ensure power is switched on:

  • O = OFF
  • I = ON

When you set the power switch to the ON ( I ) position, watch for the power LED to illuminate.

If you would like to secure the power supply cord, attach the Multipurpose Retaining Tool as shown below. Secure with included screws.

image

5. Connect to a computer or other network equipment.

Connect wirelessly to the WiFi broadcast or with an Ethernet cable connected to your computer and then plugged into one of the Ethernet LAN ports (numbered 1–4).

The default WiFi network name broadcast is “2100-xxx”, where “xxx” is the last three characters of your router’s MAC address (this is the SSID on the product label). To connect to the WiFi, you will need to input the DEFAULT PASSWORD when prompted. The DEFAULT PASSWORD is provided on the product label found on the bottom of your router.

NOTE: The product label below is an example only: your DEFAULT PASSWORD and SSID will be unique.

image

Accessing the Administration Pages


Once you are connected, open the CradlePoint AER 2100’s GUI-based administration pages to make configuration changes to your router.

  1. Open a browser window and type “cp/” or “192.168.0.1” in the address bar. Press ENTER/RETURN.
  2. When prompted for your password, type the eight character DEFAULT PASSWORD found on the product label.

image

It’s possible – and more efficient – to do all your configuration changes through CradlePoint Enterprise Cloud Manager (ECM) without logging into the local administration pages. Set up a group of routers and set the configuration for all of them at once. See below for more information about ECM.

First Time Setup Wizard


When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your CradlePoint AER 2100. You have the ability to configure any of the following:

  • Administrator Password
  • Time Zone
  • WiFi Network Name
  • Security Mode
  • Access Point Name (APN) for SIM-based modems
  • Modem Authentication
  • Failure Check

If you are currently using the router’s WiFi network, you will need to reconnect your devices to the network using the newly established wireless network name and password.

NOTE: To return to the First Time Setup Wizard after your initial login, select GETTING STARTED on the top navigation bar and FIRST TIME SETUP in the dropdown menu.

Using Enterprise Cloud Manager


Rapidly deploy and dynamically manage networks at geographically distributed stores and branch locations with Enterprise Cloud Manager, CradlePoint’s next generation management and application platform. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs, and enhance the intelligence of your network and business operations.

Click here to sign up for a free 30-day ECM trial.

image

Depending on your ordering process, your devices may have already been bulk-loaded into ECM. If so, simply log in at cradlepointecm.comusing your ECM credentials and begin managing your devices seamlessly from the cloud.

image

If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”.

image

Once you have registered your device, go to cradlepointecm.com and log in using your ECM credentials.

For more information about how to use CradlePoint Enterprise Cloud Manager, see the following:

Permalink

0 Comments - Leave a Comment

NOTE: Threat Management is only available for the AER 2100, and it requires a feature license. Enable this feature through Enterprise Cloud Manager.

CradlePoint Secure Threat Management leverages Trend Micro‘s security experience and expertise in this one-pass Deep Packet Inspection(DPI) solution. Threat Management includes settings for both IPS (intrusion prevention system) and IDS (intrusion detection system), as well as application identification logging. Use Threat Management to identify and prevent a wide variety of network threats.

This Threat Management solution examines network traffic for both signature matches from Trend Micro’s large signature database of known threats and statistical anomalies to detect previously unknown threats. Trend Micro regularly adds new signatures to its database: update your signature database version to ensure you’re defending yourself against the newest threats. You have the option to update manually or schedule regular updates.

Follow these steps to get started with Threat Management:

  1. To purchase a license or to begin a free trial, log into Enterprise Cloud Manager (ECM) and go to the Applications tab (this is only available to the primary account administrator). Once entitled, the router must be rebooted for Threat Management to begin working.
  2. For complete configuration options, go to Network Settings → Threat Management in the configuration pages (in ECM or locally). See configuration options below.
  3. Set up emailed or logged alerts in the Alerts tab in ECM.
  4. Set up regularly scheduled signature updates in the configuration pages, or update manually in ECM via the Devices or Groups page (click on Commands in the top toolbar and select Update IPS Signatures from the dropdown options).

NOTE: Updating the signature database version causes a network disruption for a couple of seconds. You can schedule these updates to occur during days/times when you expect less traffic on your network.

Status

The Status section shows if Threat Management is enabled. It shows the current signature database version number, the timestamp for the most recent update, and the status of the most recent attempt to update signatures.

image

Click on the Update button to check for a new signature database version.

Configuration

Customize your Threat Management implementation (choose between IPS and IDS, set up a signature update schedule, etc.).

image

Operation Mode: Choose IPSIDS, or neither.

  • Disabled
  • Detect and Prevent (default) – IPS mode
  • Detect Only – IDS mode

Engine Failure/Error Action: In the unlikely event of an error with the Threat Management engine, you have the following options:

  • Allow Traffic (default)
  • Deny Traffic

With Allow Traffic selected, the device will act like a typical router without Threat Management enabled and route traffic as usual. If security is a huge concern, however, you may wish to select Deny Traffic to stop all traffic when Threat Management isn’t working properly.

Application ID Logging: (Disabled by default.) The DPI engine can identify network traffic applications and send this information to the system logs. Depending on your network traffic uses, application ID logging may send huge amounts of data to the system logs. We recommend enabling a syslog server to manage this information.

To view the logs, go to Status → System Logs. For configuration options, including syslog server setup, go to System Settings → Administration and select the System Logging tab.

Signature Update Schedule

You can choose to have a different signature update schedule for modems than for other WANs. This is intended to protect against overages when data usage limits for 3G/4G modems are restricted. For both Non-Modem WANs and Modem WANs, first choose the Frequency for updates:

  • Never
  • Daily
  • Weekly
  • Monthly

Then choose the specifc day and time. These updates cause a minor network disruption, so schedule updates for times with less critical traffic.

Whitelisted Signatures

Specify individual signatures that the Threat Management engine is detecting/preventing when the traffic is actually desired. Click Add and manually input a signature ID to include that signature on the “whitelist.”

image

Permalink

0 Comments - Leave a Comment

Getting Started


Enterprise Cloud Manager Registration


CradlePoint Enterprise Cloud Manager is CradlePoint’s next generation management and application platform. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs and enhance the intelligence of your network and business operations.

Click here to learn more and sign up for a free 30-day ECM trial.

Depending on your ordering process, your devices may have already been bulk-loaded into ECM. If so, simply log in at cradlepointecm.comusing your ECM credentials and begin managing your devices seamlessly from the cloud.

If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register.”

image

Once you have registered your device, go to https://cradlepointecm.com and log in using your ECM credentials.

image

For more information about how to use CradlePoint Enterprise Cloud Manager, see the following:

First Time Setup


When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through basic steps to customize your CradlePoint AER 2100. To return to the First Time Setup Wizard after your initial login, go to Getting Started → First Time Setup in the dropdown menu. You have the ability to configure any of the following:

  • Administrator Password
  • Time Zone
  • WiFi Network Name
  • Security Mode
  • Access Point Name (APN) for SIM-based modems
  • Modem Authentication
  • Failure Check

Administrator Password

CradlePoint recommends that you change the router’s ADMINISTRATOR PASSWORD, which is used to log into the administration pages. The administrator password is separate from the WiFi security password, although initially the Default Password is used for both.

image

NOTE: If you plan to use your router in a PCI DSS compliant environment, do not use this setting. Use the “Advanced Security Mode” settings under the Router Security tab in System Settings → Administration instead.

Time Zone

You can select your TIME ZONE from a dropdown list. (This may be necessary to properly show time in your router log, but typically your router will automatically determine your time zone through your browser.)

image

Click NEXT.

WiFi Network Name

CradlePoint recommends that you customize your WiFi network name. Type in your personalized network name here. You can also enable the Guest Network feature (for more configuration options, see Network Settings → WiFi / Local Networks).

image

WiFi Security Mode

image

Choose the WIFI SECURITY MODE that best fits your needs:

  • BEST (WPA2): Select this option if your wireless adapters support WPA2-only mode. This will connect to newest devices and is the most secure, but may not connect to older devices or some handheld devices such as the PSP.
  • GOOD (WPA1 & WPA2): Select this option if your wireless adapters support WPA or WPA2. This is the most compatible with modern devices and PCs.
  • POOR (WEP): Select this option if your wireless adapters only support WEP. This should only be used if a legacy device that only supports WEP will be connected to the router. WEP is insecure and obsolete and is only supported in the router for legacy reasons. The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited.
  • NONE (OPEN): Select this option if you do not want to activate any security features.

CradlePoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.

Choose a personalized WPA PASSWORD or WEP KEY. This password will be used to connect devices to the router’s WiFi broadcast once the security settings have been saved.

  • WPA Password: The WPA Password must be between 8 and 64 characters long. A combination of upper and lower case letters along with numbers and special characters is recommended to prevent hackers from gaining access to your network.
  • WEP Key: A WEP Key must be either a hexadecimal value of 5 or 13 characters or a text value of 10 or 26 characters.

Click NEXT.

Access Point Name (APN)

image

If you are using a SIM-based modem (LTE/GSM/HSPA) with your CradlePoint router, you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs, so check with your carrier to confirm the appropriate one to use. Some examples include:

  • AT&T: “broadband”
  • T-Mobile: “epc.tmobile.com”
  • Rogers LTE: “lteinternet.apn”
  • Bell: “inet.bell.ca”
  • TELUS: “isp.telus.com”

You can either leave this on the Default setting or select Manual and input a specific APN.

If your specific modem or SIM already has APNs programmed into it, you should leave this on the Default setting. After finishing this Wizard go toInternet → Connection Manager, select your modem, and edit the settings. The SIM PIN/APN tab has more available settings than are provided here.

Modem Authentication

Some modems require a username and password to be entered to authenticate with a carrier. Do not fill in these fields unless you are sure your modem needs authentication.

image

  • Authentication Protocol – Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Select from:
    • Auto
    • Pap
    • Chap
  • Username
  • Password

Configuring Failure Check

It is possible for a WAN interface to go down without the router recognizing the failure. (For example: the carrier for a cellular modem goes dormant, or your Ethernet connection is properly attached to a modem but the modem becomes disconnected from its Internet source.) Enable Failure Check to ensure that you can get out to the Internet via your primary WAN connection. This option is disabled by default because it may use data unnecessarily. Use this in combination with failover. For cellular modems, use this in combination with Aggressive Reset (Internet → Connection Manager under Modem Settings in the interface/rule editor).

image

Idle Check Interval: Set the number of seconds the router will wait between checks to see if the WAN is still available. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: Select from the dropdown menu. (Default: Off.)

  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected, and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping,” you will need to input an IP address that will respond to a ping request. This IP address must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

Click NEXT.

Summary

Review the details and record your wireless network name, administrative password, and WPA password (or WEP key). Move your mouse over your WiFi password to reveal it.

image

Please record these settings for future access. You may need this information to configure other wireless devices.

NOTE: If you are currently using the device’s WiFi network, reconnect to the network using the new wireless network name and security password.

Click APPLY to save the settings and update them to your router.

IP Passthrough Setup


You can quickly enable IP passthrough with the IP Passthrough Setup Wizard available under Getting Started → IP Passthrough Setup. IP passthrough takes a 3G/4G WAN data source (USB, ExpressCard, or CradlePoint business-grade modem) and passes the IP address through to Ethernet LAN.

Using this function requires many changes to your router configuration. The IP Passthrough Setup Wizard will automatically make these changes for you: simply read through the wizard and select Enable IP Passthrough on the second page. For further configuration options, see Network Settings → WiFi / Local Networks.

Review the list of changes to ensure they are compatible with your router needs:

  • All Ethernet ports will be set to LAN (i.e. you cannot use Ethernet as an Internet source for your router).
  • All WAN devices will have Load Balance disabled, and the highest priority device will be used.
  • All network groups except the primary network group will be removed.
  • All wireless interfaces will be removed from the primary network group. (It is possible to have a wireless interface associated with another network.)
  • All router-based VPN and GRE services will be disabled.
  • The Routing Mode will be set to IP Passthrough. (Network Settings → WiFi / Local Networks in the “Local Network Editor” under “IP Settings”)
  • The Subnet Selection Mode will be set to “Automatically Create Subnet” (Network Settings → WiFi / Local Networks in the “Local Network Editor” under “IP Settings” – this shows once IP Passthrough is set as the Routing Mode). You have the option to override this and select Force 24 Subnet, which forces a subnet of 255.255.255.0 and uses the first available address in the network as the gateway. This is for compatibility with equipment that may not handle modem addressing schemes; this should not be used unless necessary.

Any Ethernet WAN connections should be disconnected before IP passthrough is enabled.

Permalink

0 Comments - Leave a Comment

General M2M Question (24)

View category →

Yes. The AirLink GX400 can be configured to monitor the input, respond to specific types of events, and even trigger digital output. The device can also be configured to change its power mode in order to conserve power. These features can be configured to your needs.

The AirLink GX400 is equipped with an I/O port interface which includes 1 low power timer enable input and 1 digital I/O. These may be connected to sensors and switches to monitor status and remotely control equipment. AirLink GX400 board supports a low power timer enable input pin and a digital I/O pin which are connected to the CPU processor. The I/O signal comes in from the power connector, through a PolySwitch resettable fuse, and ties into the CPU pins with protection circuitry.

Digital Input

Digital Input can be used in two different modes: the switch mode or the voltage sensing mode.

The switch mode senses contact closures. The digital input can report either an open or closed state, and can be wired to a ground signal via a switch. When the switch is open, the input reads “”3.3V””. When the switch is closed, the input reads “”OV””.

Examples of using the input with a switch to ground:

  • When a door or other latch is opened or closed
  • Counting pulses or other electronic events
  • When a gauge reaches a certain point
  • When a container fills or empties
  • When a switch or valve is opened or closed
  • When the tow bar is raised or lowered
  • Connected to a sensor, the level of fuel in a vehicle
  • When the trunk of a vehicle is opened or closed
  • When the ignition is turned on or off

Digital Output

Digital Output of open collector design is capable of driving an external device such as a pull-up resistor or relay. As an example, a relay could be connected between the output pin and an external voltage. The voltage on the relay cannot exceed 30V. The digital output pin can handle up to 150mA.

Examples of using the digital output with an external relay or pull-up resistor:

  • Setting off an alarm or siren
  • Triggering a process to start on another device
  • Opening or closing a valve or switch
  • Locking or unlocking a door. Inputt
  • Turning a light on or off
  • Opening the vehicle’s trunk or doors

Permalink


IPv6 Settings

This is the product manual section for IPv6 Settings for the WAN. To edit these settings, go to Internet → Connection Manager. Select a WAN Interface and click on Edit to open up the WAN Configuration editor. IPv6 Settings is one of the tabs:

IPv6 configuration window


The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Permalink


Both the SIM enabled versions of the device (GX400 for HSPA+ and GX440 for LTE) use a standard size SIM, which is 2FF.

Permalink

0 Comments - Leave a Comment

Connection Manager


The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


Yes, you can get a Static IP on the Verizon Wireless Network, contact an USAT sales representative or a Verizon Wireless representative or reseller to learn more about this process.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Cradlepoint Products (4)

View category →

IPv6 Settings

This is the product manual section for IPv6 Settings for the WAN. To edit these settings, go to Internet → Connection Manager. Select a WAN Interface and click on Edit to open up the WAN Configuration editor. IPv6 Settings is one of the tabs:

IPv6 configuration window


The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Permalink


Connection Manager


The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


Router Firmware Upgrade: Best Practices

Products Supported: Series 3 Click here to identify your router.


Quick Links

Summary

Configuration

Best Practices

Related Articles


Summary

This article provides instructions on how to upgrade your Series 3 Cradlepoint router through the local device and through Enterprise Cloud Manager(ECM). Best practices regarding firmware upgrades are also listed within this article.

Caution: Updating the firmware can permanently damage your router. The upgrade process will take several minutes. Do not unplug your router from the provided power supply during this process.

Note: Downgrading firmware to a version lower than 5.2.0 will require resetting the router to factory default settings.


Configuration

Configuration Difficulty: Easy

Local Router Upgrade

Automatically Upgrading from 5.4.x or Earlier

Note: The device has to be on the internet to update automatically

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the top menus to System Settings>System Software
User-added image
  • Step 3: Press the Automatic(Internet) button.
User-added image

Automatically Upgrading from 6.0.x or Later

Note: The device has to be on the internet to update automatically

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the left-hand menus to System>System Control>System Firmware
User-added image
  • Step 3: Press the Automatic(Internet) button.
User-added image

Downloading Firmware for Manual Upgrade

Note: These instructions are only for manual firmware upgrades. You do not need to download firmware when upgrading automatically or with ECM.

  • Step 1: Log into your Connect Portal account. The login page can be found here.
  • Step 2: Click the menu button. Hover over My Support and click Firmware Downloads.
User-added image
  • Step 3: Select the model of your router from the drop down menu.
User-added image
  • Step 4: Click download on the firmware version you are updating to
User-added image

Manually Upgrading from 5.4.x or Earlier
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the top menus to System Settings>System Software
User-added image
  • Step 3: Press the Manual Firmware Upload button.
User-added image
  • Step 4: In the box that appears press Choose File and use the pop up window to navigate to the firmware file
User-added image
  • Step 5: Press Begin Firmware Update
User-added image

Manually Upgrading from 6.0.x or Later
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the left-hand menu to System>System Control>System Firmware
User-added image
  • Step 3: Press the Manual Firmware Upload button.
User-added image
  • Step 4: In the box that appears press Select Firmware File and use the pop up window to navigate to the firmware file
User-added image
  • Step 5: Press Begin Firmware Update
User-added image

ECM Upgrade

  • Step 1: Log into your Enterprise Cloud Manager account. The login page can be found here.
  • Step 2: Navigate across the left-hand menu to Groups.
User-added image
  • Step 3: Create a new group for the device using the firmware the device is currently on.
User-added image
  • Step 4: Navigate to Devices and select the router. Press the move button and put it in the new group.
User-added image
User-added image
  • Step 5: Navigate back to the groups page and press firmware. Select the firmware you would like to upgrade to.
User-added image
  • Step 6: Press Run Now
User-added image

Best Practices

Configuration Backup

It is recommended that before upgrade you backup your configuration. Click here for help making backups.

Firmware Testing

Before upgrading routers in a live deployment, it is a good idea to test the firmware before updating all your devices. Testing beforehand also helps to have a smoother time when upgrading all your devices.

The best way to test is to have a lab environment where you can create a situation similar to your live network and test how your configuration will work with different firmware.

The next step would be to test a small controlled group of devices in production on the prospective firmware to ensure a smooth transition for that firmware to your network.

Stair Stepping

When upgrading firmware between major and minor versions, it is highly recommended to perform a stair-step upgrade. A stair step upgrade entails making short jumps between firmware versions as shown below.

           Example: From 5.1.1 to 6.1.0
                   Start:___5.1.1
                Update 1:_________5.2.0
                Update 2:_______________5.2.4
                Update 3:_____________________5.3.4
                Update 4:__________________________ 5.4.1 
                Update 5:_________________________________6.0.1
                     End:_______________________________________6.1.0

Permalink


Products Affected: AER31x0, AER2100, AER16x0, IBR11x0, IBR9x0, IBR6x0, IBR6x0B, IBR6x0C, IBR350, CBA850, and MBR1200B. Click here to identify your router.

Summary

Cradlepoint was notified of critical security vulnerabilities discovered in the dnsmasq network service (CVE-2017-14491 and others); in response Cradlepoint has taken steps to incorporate the dnsmasq version 2.78 into its latest NetCloud OS.

If exploited, this vulnerability could allow attackers to remotely execute code, forward the contents of process memory, or disrupt service on an affected router. As described in various sources, this flaw is difficult to trigger, requiring an attacker who controls a specific domain to send DNS requests to dnsmasq requiring it to cache replies from that domain. Through carefully constructing DNS requests and responses, dnsmasq could cause an internal buffer overflow using content influenced by the attacker.

More details can be found here: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html.


Affected Products

Cradlepoint recommends customers immediately upgrade products to the upcoming NetCloud OS versions (available 10/30/17) to mitigate this vulnerability. All router products are affected, including:

• AER3100 / AER3150
• AER2100
• AER1600 / AER1650
• IBR1100 / IBR1150
• IBR900 / IBR950
• IBR600 / IBR650
• IBR600B / IBR650B
• IBR600C / IBR650C
• IBR350
• MBR1200B
• CBA850

NOTE: Routers used in default configuration were not exposed on their WAN interfaces. Routers were exposed to their Local Network, including the Guest LAN (if enabled).

NetCloud Manager has been patched for all its own affected services. Usernames and passwords are not at risk.


NetCloud OS Patch

6.4.2 (Available 10/30/17) – All products listed above

6.4.3 (Available 12/11/17) – IBR900/IBR950 – FIPS

Remote NetCloud OS Upgrades

For remote devices, Cradlepoint recommends using NetCloud Manager to upgrade NetCloud OS, manage networks intelligently, and avoid costly truck rolls. If you haven’t deployed NetCloud Manager, you can start a free 30-day trial of NetCloud Manager today.
Local NetCloud OS Upgrades

For information on updating NCOS locally on the Cradlepoint please consult the below articles.

NCOS: Automatic NetCloud OS Update

NCOS: How to update the NCOS of a Cradlepoint router.


Interim Mitigation Until NetCloud OS Release

Because malicious tools could be used to obtain passwords during this period, Cradlepoint recommends the following steps to protect your network during the interim:

  1. Disable Guest Access via the NETWORKING > Local Networks > Local IP Networks tab.

Once NetCloud OS 6.4.2 or 6.4.3 is Available
1. Upgrade to the latest NetCloud OS version
2. Re-enable Guest Access if it was disabled

Permalink


Cradlepoint Series 3 (102)

View category →

To determine the series of your CradlePoint router please click here.

This article was written based on the 4.3.0 series 3 firmware version.

Description:

A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet.  This article explains how to set up a basic IPSEC VPN-terminated tunnel between capable CradlePoint Series 3 routers when the connections on both routers are configured with publicly routable static IP addresses.
For assistance configuring Series 3 CradlePoint routers where one or both sides connect using dynamic public routable IP addresses (via Dynamic DNS), please refer to this article instead: VPN setup example for dynamic IP address connections

For assistance configuring Series 3 CradlePoint routers to connect to a VPN where one side does not have a publicly routable IP address, please refer to this article instead: VPN NAT-T setup

Before getting started, first make sure that both CradlePoint routers are online and are properly obtaining static IP  addresses from your ISP(s).  Additionally, you will need to make sure that the local networks of the routers do not match.  For example, if Router #1 is already set up using the default network of 192.168.0.1, you would want to change Router #2’s local network to use a different private network (such as 192.168.100.1 or 172.16.0.1).  For assistance changing the local IP address of a Series 3 CradlePoint router, please refer to this article: How to change the router’s local IP address

For maximum compatibility, we also recommend making sure that the CradlePoint routers’ firmwares are upgraded to the most recent version.  The most recent CradlePoint firmware files can always be downloaded from http://www.cradlepoint.com/firmware.

Directions:

After verifying that both CradlePoint routers are online with routable static IP addresses, and after verifying that both routers have been configured on different local subnets, the directions below will help configure a VPN tunnel between the two routers.

This is an example setup where both routers have routable static WAN IP addresses.  Computer #1 is connected behind Router #1 and Computer #2 is connected behind Router #2.

Router #1
LAN IP address:                   172.16.20.1
LAN subnet mask:               255.255.0.0
WAN IP address:                  [the static IP address on router #1]
Computer #1:                        172.16.123.106

Router #2
LAN IP address:                   192.168.0.1
LAN subnet mask:               255.255.255.0
WAN IP address:                  [the static IP address on router #2]
Computer #2:                        192.168.0.199

A typical VPN tunnel between these routers would allow Computer #1 (and other computers getting addresses from Router #1) to be able to connect directly to Computer #2 (and other computers getting addresses from Router #2) using a secure tunnel across the unsecure public Internet.

VPN configuration steps for Router #1:

1.    [Router #1] Log into the CradlePoint’s admin console on Router #1.

2.    [Router #1] Click “Internet” -> “VPN Tunnels”

User-added image

3.    [Router #1] Click “Add” to create a new tunnel.

User-added image

4.    [Router #1] On the first page of the VPN wizard, give the tunnel a unique “Tunnel Name” and “Pre-shared Key”.  In our example, the “Tunnel Name” is “VPN_Example”.  You will use the same “Tunnel Name” and “Pre-shared Key” later when setting up Router #2.

If you prefer that the VPN tunnel is only established when you need it, set the “Initiation Mode” to “On Demand”.  If you instead prefer for the tunnel to remain online, set the “Initiation Mode” to “Always On”.

Click “Next” to continue.

User-added image

5.     [Router #1] On the “Local Networks” page, type the network and subnet of the local LAN that you want to make available across the VPN tunnel.  Click “Save” to confirm the network and click “Next” to continue.

User-added image

6.     [Router #1] On the “Remote Networks” page, enter Router #2’s WAN IP address as the “Gateway”, then enter Router #2’s local network and subnet mask that you would like to make available over the VPN tunnel.  Click “Save” and “Next” to continue.

User-added image

7.     [Router #1] For “IKE Phase 1”, leave everything at the default settings.  Click “Next” to continue.

User-added image

8.     [Router #1] For “IKE Phase 2”, leave everything at the default settings.  Click “Next” to continue.

User-added image

9.     [Router #1] For “Dead Peer Detection”, leave everything at the default settings.  Click “Finish” to reach the summary page.

User-added image

10.     [Router #1] At the “Summary Screen”, make sure that your settings are correct and click “Yes” to finish the configuration. 

User-added image

11.     [Router #1] Now that the VPN settings have been entered, click “Enable VPN Service” to turn on the VPN tunnel from Router #1’s side.

VPN configuration steps for Router #2:

12.     [Router #2] Log into the CradlePoint’s admin console on Router #2.

13.     [Router #2] Click “Internet” -> “VPN Tunnels”

User-added image

14.     [Router #2] Click “Add” to create a new tunnel.

User-added image

15.     [Router #2] On the first page of the VPN wizard, enter the same “Tunnel Name”, “Pre-shared Key”, and “Initiation Mode” used when setting up Router #1.  Click “Next” to continue.

User-added image

16.     [Router #2] On the “Local Networks” page, type the network and subnet of the local LAN that you want to make available across the VPN tunnel.  In our example, these are the same settings entered into the “Remote Network” page on Router #1.  Click “Save” to confirm the network and click “Next” to continue.

User-added image

17.     [Router #2] On the “Remote Networks” page, enter Router #1’s WAN IP address as the “Gateway”, then enter Router #1’s local network and subnet mask that you would like to make available over the VPN tunnel.  In our example, these are the same settings entered onto the “Local Network” page on Router #1.  Click “Save” and “Next” to continue.

User-added image


18.     [Router #2] For “IKE Phase 1”, again leave everything at the default settings.  Click “Next” to continue.

User-added image

19.     [Router #2] For “IKE Phase 2”, again leave everything at the default settings.  Click “Next” to continue.

User-added image

20.     [Router #2] For “Dead Peer Detection”, again leave everything at the default settings.  Click “Finish” to reach the summary page.

User-added image

21.     [Router #2] At the “Summary Screen”, make sure that your settings are correct and click “Yes” to finish the configuration. 

User-added image

22.     [Router #2] Now that Router #2’s VPN settings have been entered, click “Enable VPN Service” to turn on the VPN tunnel from Router #2’s side as well.

User-added image

23.     Now that both tunnels have been configured and enabled, go to “Status” –> “VPN” (from either computer) to view the status of the tunnel. 
 
If the tunnel doesn’t come up automatically, you may need to generate “interesting traffic” over the VPN first.  From a computer connected to the router (or from the router itself) you will want to ping an IP address on the other side of the tunnel.  Interesting traffic would be generated if (for example) Computer #1 (at 172.16.123.106) attempted to ping Computer #2 (at 192.168.0.199), or if Router #2 (at 192.168.0.1) tried to ping Router #1 (at 172.16.20.1).
 
The “ping” command can be run directly from the CradlePoint’s admin interface from  “System Settings” -> “System Control”.
 
Once the VPN tunnel has been established, you can view the VPN status by browsing to “Status” -> “VPN”.
 
Example VPN Status from Router #1:

User-added image

Example VPN Status from Router #2:

User-added image

Once the VPN tunnel has been configured and enabled, any traffic bound for the “remote network” will be sent across the VPN rather than being handled locally.


Note:

This example VPN shows how to make local networks available across a VPN.  If you need to have other local or public networks routed across the VPN, these networks will need to be added into the “Remote Gateway” settings for the router sending the traffic across the VPN.

For example, if the “Remote Network” in Router #2’s VPN configuration was changed from 172.16.0.0/255.255.0.0 to 0.0.0.0/0.0.0.0, this would force all Internet traffic coming from Router #2 to be sent across the VPN rather than being handled by Router #2’s WAN source.

Permalink

0 Comments - Leave a Comment

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Description:

DNS servers provide resolution for a domain name, like google.com, to the actual Internet IP address that the domain represents, like 173.194.33.32.  If your computer is not properly connecting to a DNS server most programs that use the Internet will not work as expected.  The CradlePoint router can be configured to always connect to the same DNS rather than automatically receiving this information from the ISP.  Manually specifying DNS servers in the CradlePoint router ensures that connected computers will always use the specified DNS servers rather than automatically receiving this information from the ISP

Directions:

  1. Log into the router’s setup page (login instructions).
  2. You may need to switch to advanced mode on certain routers (eg. MBR95, CTR35) by clicking the Basic / Advanced toggle button at the top left of the admin screen under the CradlePoint logo.
  3. Click the Network Settings tab then select DNS.                                                                   User-added image
  4. In the DNS Settings section change Automatic Config from Automatic to Static.
  5. Set the Primary DNS to 8.8.8.8 (or any DNS server).
  6. Set the Secondary DNS to 8.8.4.4 (or any DNS server).                                                        User-added image
  7. Click Apply to save settings.

After the CradlePoint router reboots, any devices connected the interface to which you applied the changes will now use the manually assigned DNS servers instead of the servers automatically provided by the ISP.

Permalink


If you are unsure of your CradlePoint series or Model number, please click here.

This article was written based on firmware version 5.0.0


Symptom:

You need to restore your CradlePoint router to factory default settings.

Note: This document is intended for Series 3 routers if you have access to the setup pages.  If you are unable to access the setup pages, please click here.


Cause:

You need to reset the CradlePoint router to factory default settings.


Resolution:

  1. Connect to your router via Wi-Fi or Ethernet Cable
  2. Login to your router setup pages (click here for instructions) from an internet browser (Firefox, Google Chrome, Internet Explorer)
  3. Go to the System Settings tab, then click System Control under from that menu
  4. Click the Restore Factory Defaults button                                                                                   User-added image
  5. Click Yes to the message “Are you sure you want to restore the device to factory defaults and reboot?” if you are sure you would like to restore now.
  6. Once the CradlePoint is finished automatically rebooting, it will be back to factory default settings

Permalink


The following article was based on 4.4.0 firmware.

Summary:
This article will outline how to enable the Custom DHCP Options.  For a complete list of Custom DHCP Options, please click here.

Directions:

  1. Log in to the Administrative Pages of the CradlePoint.  Please click here for instructions on logging in.
  2. Click on the Network Settings tab, then Click WiFi/Local Networks (or just Local Networks if using an IBR650, CBR450, or CBA750B).User-added image
  3. Check the box next to the LAN you wish to apply the DHCP Custom Options and click Edit.User-added image
  4. Select the IPv4 DHCP tab (or DHCP tab if using the CBR450).                                      User-added image
  5. Check the box next to Custom Options.                                                                              User-added image
  6. Click Add.                                                                                                                                  User-added image
  7. Select the Option you would like to use from the drop down and enter the appropriate value in the Value box.User-added image
  8. Click Submit.                                                                                                                            User-added image
  9. Click Submit.                                                                                                                           User-added image
  10. You will now need to get a new IP address via DHCP on your LAN connected device, to ensure the settings are being applied correctly.

Permalink


To determine the series of your CradlePoint router please click here.

This article was written based on the 5.0.0 firmware version.

Description:

Typically all computers connected to a router are protected by the router’s firewall.  To allow a computer on the Internet to connect through the router to a specific computer it is necessary to either manually forward the required ports (directions below), or to place the device/computer into the CradlePoint’s Demilitarized Zone (DMZ).  For more information about adding a device to the DMZ, refer to this article.

Before getting started, you will want to ensure that the IP address you are getting from your ISP is publicly routable.  For more information on verifying whether your WAN IP address is publicly routable, refer to: How can I tell if my IP address is publicly routable?

Before forwarding any ports from the Internet, you will also want to make sure that you are able to access your server from a local IP address.  For example, if you have a local web server running on IP 192.168.0.100 listening on port 8888, you will want to make sure that another locally connected computer (like a laptop on 192.168.0.111) is able to access the web server at http://192.168.0.100:8888. Once you know that the server is working locally, adding a port forward to that device will allow users connecting from the Internet to access that server using the WAN IP address.

You will also want to be sure that the device/computer being forwarded to is always assigned the same IP address from the CradlePoint router.  To ensure that the device/computer is always assigned the same IP address from the CradlePoint router via DHCP Reservation, refer to thisarticle.

Directions:

1.       Log into the routers administration page (login instructions).


2.       Click Network Settings and then Firewal from the drop-down menu

User-added image


3.       Under Port Forwarding Rules, click Add to create a new rule.

User-added image


4.       In the Add/Edit Port Forwarding Rule screen, give your rule a unique name.

Enter the appropriate Internet and Local port(s) and Local Computer, as well as Protocol.In the example below, both TCP and UDP traffic reaching the CradlePoint on WAN port 8888 will be forwarded to local port 8888 on local computer 192.168.0.100.

Click Submit to save the rule.

User-added image


5.       After saving your rule, you will now see it listed in the Port Forwarding Rules.

You can use the up and down arrows on the left side to change the priority of your port forwarding rules.
User-added image


After making this change, this will forward traffic that reaches the CradlePoint’s WAN interface on that port to the internal web server.  For example, if this router’s WAN IP address was 123.132.234.243, anyone on the Internet would now be able to access the web server by surfing to http://123.132.234.243:8888.

Note:

Many ISPs block some or all ports from the Internet.  You may want to check with your ISP to determine whether any ports may be blocked.  You may also want to configure your port forwarding rule to use a different unblocked port for the Internet than it uses locally.
For example, if your ISP blocks incoming connections from the Internet on port 80 and your web server at 192.168.0.112:80 cannot be changed to listen on another port, you could set up a rule to forward traffic from an unblocked Internet port (like 8088) to local port 80 on the web server.

User-added image

Permalink


Cradlepoint Series 2 (49)

View category →

This article was written based on the 2.0.0 Series 2 Firmware.

If you are not sure what model CradlePoint router you have, please click here.


Symptom:

Internet Service Provider (ISP) recommends setting a static WAN IP.
 

Cause:

Some ISP’s require static IP settings to be configured in the router.


Resolution:

  1. Confirm that the ISP requires static WAN IP settings by contacting the ISP (typically ISP’s do not require these settings).
  2. Disconnect your static WAN source from the CradlePoint router.
  3. Log into the routers administration page (login instructions).
  4. Click on the BASIC Tab
  5. Click on WAN on the menu to the left.                                                                                             User-added image
  1. Scroll down to the Wired Wan Settings box, Under Internet Connection Select Static IP.  In the fields below that, input the information provided by your ISP.                                                                           User-added image
  2. Scroll to the top of the page, and click to Save Settings and then Reboot Now when prompted.
  3. Connect your Static Wan connection to the Blue Port on the CradlePoint
  4. Allow at least 2 minutes for the device to establish a connection

Note:
If you still cant connect after 5 minutes, unplug the Static WAN connection from the blue port of the CradlePoint, then power off the CradlePoint for 10 seconds, then power it back on.  After about 2 minutes (once the Cradlepoint stabilizes and has fully rebooted) replug in the Static WAN connection into the CradlePoint’s Blue Port and wait an additional 5 minutes for the connection to establish.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.

Description:

DNS servers provide resolution for a domain name, like google.com, to the actual Internet IP address that the domain represents, like 173.194.33.32.  If your computer is not properly communicating with a DNS server, most programs that use the Internet will not work properly.  The CradlePoint router can be configured to always connect to the same DNS specified DNS server.  Manually specifying DNS servers in the CradlePoint router ensures that connected computers will always use the specified DNS servers rather than automatically receiving this information from the ISP

Directions:

  1. Log into the routers setup page (login instructions).
  2. Select  the BASIC tab then select WAN from gray sub-menu on the left.                                   User-added image
  3. This step varies depending on the Internet connection type, wired wan connection (like DSL & cable modems) versus USB cellular modem.
    1. Wired wan connection:
      1. Locate the WIRED WAN SETTINGS section.
      2. In the DNS Settings sub-section, change DNS Address to Use the following DNS servers.
      3. Set the Primary DNS Server to 8.8.8.8 (or any DNS server).
      4. Set the “Secondary DNS Server” to 8.8.4.4 (or any DNS server).
      5. Click Save Settings at the top of the page.
    2. Cellular USB/ExpressCard/PCCard modem:
      1. Under MODEM WAN SETTINGS section change the Modem Interface to the slot your modem is plugged into.
      2. In the DNS Settings section, change DNS Address to Use the following DNS servers.
      3. Set the Primary DNS Server to 8.8.8.8 (or any DNS server).
      4. Set the Secondary DNS Server to 8.8.4.4 (or any DNS server).
      5. Click Save Settings at the top of the page.                                                                   User-added image
  4. At the REBOOT NEEDED prompt, choose Reboot Now.                                                                          User-added image

After the CradlePoint router reboots, any devices connected the interface you applied the changes to will now use the manually assigned DNS servers instead of the servers automatically provided by the ISP.

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.


Symptom:
After a period of non-use, my modem looks like its connected but it won’t pass traffic and I can’t surf the internet.


Cause:
It is common for cellular modems to go into an idle state when they are not passing traffic for an amount of time.  This would make the modem appear as if it were online, but it will not pass any traffic.


Resolution:
This issue can be resolved by enabling the Advanced Failure Check option in the CradlePoint router, which will simulate data being transmitted by the modem, thus preventing the provider from terminating the connection for inactivity.


Directions:
If you are unsure how to access your router’s administrative console, click here.

1. While the modem is connected tot he CradlePoint router, click on the MODEM tab, and then click on the SETTINGS page in the left sidebar.
User-added image

2. In the Global Reset Settings box, place a check next to Aggressive Modem Reset.
3. Place a check next to Verify Connection, and in the Verification Mode dropdown menu select Active DNS. (Note: The Active Ping failure check option will use approximately 10-20 mb of data per month.)
User-added image

4. At the top of the page, click the Save Settings button, and then Reboot Now when prompted.
User-added image

Permalink

0 Comments - Leave a Comment

If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.


Description:
 
By default, the CradlePoint router will not favor any kind of Internet traffic over any another – all users, ports, applications, sources and destinations are treated equally.  There are times when it is highly desirable to prioritize the Internet traffic for specific users or devices over the needs of other users on the network. 


Directions:

  1.  Log into the router’s setup page (login instructions).
  2. Click on the Advanced tab.
  3. Click on TRAFFIC SHAPING on the left sub-menu
  4. In the TRAFFIC SHAPING SETUP section, place a check in the Enable Traffic Shaping box to display the Traffic Shaping options. See illustration below:
  5. Select your desired Traffic Shaping options. See below for a brief description of each option.User-added image
  6. Add your Traffic Shaping rule in the ADD TRAFFIC SHAPING RULE section,  see below for a brief description of each option.      User-added image
  7. When finished, scroll to the top of the page and click the ‘Save Settings’ button and then reboot the router if prompted to do so.
  8. Your defined Traffic Shaping rules will be listed in the TRAFFIC SHAPING RULES LIST section.  Click the Enable checkbox at the left to directly activate or de-activate the entry. An entry can be changed by clicking the Edit icon or can be deleted by clicking the Delete icon. When you click the Edit icon, the item is highlighted, and the “Edit Traffic Shaping Rule” section is activated for editing.

 
 
Traffic Shaping Setup options definitions:
 
Automatic Classification:  

  • This option is enabled by default so that your router will automatically determine which programs should have network priority. For best performance, use the Automatic Classification option to set the priority automatically for your applications.

 
Dynamic Fragmentation:

  • This option should be enabled when you have a slow Internet uplink. It helps to reduce the impact that large low priority network packets can have on more urgent ones by breaking the large packets into several smaller packets.

 
Automatic Uplink Speed:

  • When enabled, this option causes the router to automatically measure the useful uplink and downlink bandwidth each time the WAN interface is re-established (after a reboot, for example).

 
Measured Uplink Speed:

  • This is the uplink speed measured when the WAN interface was last re-established. The value may be lower than that reported by your ISP as it does not include all of the network protocol overheads associated with your ISP’s network. Typically, this figure will be between 87% and 91% of the stated uplink speed for xDSL connections and around 5 kbps lower for cable network connections.

 
Manual Uplink Speed

  • If Automatic Uplink Speed is disabled, this option allows you to set the uplink speed manually. Uplink speed is the speed at which data can be transferred from the router to your ISP. This is determined by your ISP. ISPs often specify speed as a downlink/uplink pair; for example, 1.5Mbps/284kbps. For this example, you would enter “284.” Alternatively you can test your uplink speed with a service such as www.dslreports.com. Note however that sites such as DSL Reports, because they do not consider as many network protocol overheads, will note speeds slightly lower than the Measured Uplink Speed or the ISP rated speed.

Connection Type:

  • By default, the router automatically determines whether the underlying connection is an xDSL/Frame-relay network or some other connection type (such as cable modem or Ethernet), and it displays the result as Detected xDSL or Frame Relay Network. If you have an unusual network connection in which you are actually connected via xDSL but for which you configure either “Static” or “DHCP” in the WAN settings, setting this option to xDSL or Other Frame Relay Network ensures that the router will recognize that it needs to shape traffic slightly differently in order to give the best performance. Choosing xDSL or Other Frame Relay Network causes the measured uplink speed to be reported slightly lower than before on such connections, but gives much better results.

Detected xDSL or Frame Relay Network:

  • When Connection Type is set to Auto-detect, the automatically detected connection type is displayed here.

  
Traffic Shaping Rule Setup options definitions:
 
A Traffic Shaping Rule identifies a specific message flow and assigns a priority to that flow. For most applications, automatic classification will be adequate, and specific Traffic Shaping Rules will not be required.  Traffic Shaping supports overlaps between rules, where more than one rule can match for a specific message flow. If more than one rule is found to match the rule with the highest priority will be used.

 
Enable:

  • Specifies whether the entry will be active or inactive.

 Name:

  • Create a name for the rule that is meaningful to you.

Priority

  • The priority of the message flow is entered here — 1 receives the highest priority (most urgent) and 255 receives the lowest priority (least urgent).

Protocol:  The protocol used by the messages.


Local IP Range:

  • The rule applies to a flow of messages whose LAN-side IP address falls within the range set here.

Local Port Range:

  • The rule applies to a flow of messages whose LAN-side port number is within the range set here.

Remote IP Range:

  • The rule applies to a flow of messages whose WAN-side IP address falls within the range set here.

Remote Port Range:

  • The rule applies to a flow of messages whose WAN-side port number is within the range set here.

Save/Update:

  • Record the changes you have made into the following list.

Clear:

  • Re-initialize this area of the screen, discarding any changes you have made.

 
Upload speed:

  • The speed at which data can be transferred to your ISP.

Download speed:

  • The speed at which data can be transferred to you from your ISP.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.2.1.

Description:

Typically all computers connected to a router are protected by the router’s firewall.  To allow a computer on the Internet to connect through the router to a specific computer it is necessary to either manually forward the required ports, Port Forwarding on a Series 2 CradlePoint, or place the device/computer on the CradlePoint’s Demilitarized Zone (DMZ).

The CradlePoint’s routers DMZ opens all ports that are not already reserved and passes them to a single device/computer attached to the routers LAN.  This essentially places the device/computer outside the CradlePoint’s firewall.  This setting is often used to allow gaming consoles to host online games.

Any port forwarding rules or enabled administrative ports have a higher priority than the DMZ rule.

Directions:

Before adding a computer to the DMZ it is important to ensure that the device/computer is always assigned the same IP address from the Cradlepoint router.  To ensure that the device/computer is always assigned the same IP address from the Cradlepoint router Add a DHCP reservation on a Series 1 or 2 CradlePoint).  Verify that the device/computer receives the correct IP address from the router.

  1. Log into the routers setup page (login instructions).
  2. Click the ADVANCED tab then FIREWALL in the gray sub-menu on the left.                             User-added image
  3. Locate the DMZ HOST section then Enable DMZ.
  4. Choose the computer from the Computer Name drop-down or manually enter the device/computer and IP address into the DMZ IP Address field.              User-added image
  5. Click Save Settings at top of the page then click Reboot Now when prompted.                     User-added image

The device/computer is now outside of the routers firewall.  Any connection originating from the Internet that does not have an applicable port forwarding rule will be passed directly to the device/computer in the DMZ.

Permalink


Sierra Wireless Products (43)

View category →

The LTE networks that supports the GX440 are the Verizon Wireless Network and the AT&T LTE Network in the US.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


 The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

IPv6 is disabled by default. To learn about configuration options for IPv6, see this article.

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from AutoPAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


1-Wire devices enable combinations of memory, mixed signal, and secure authentication functions via a single contact serial interface. According to Wikipedia …1-Wire is a device communications bus system designed by Dallas Semiconductor Corp. that provides low-speed data, signaling, and power over a single signal. 1-Wire is typically used to communicate with devices such as digital thermometers and weather instruments. A network of 1-Wire devices with an associated master device is called a MicroLan. nnDoes Digi, Sierra Wireless, Encore, Red Lion, CradlePoint or any of the major M2M modem providers support 1-Wire to attach sensors an so forth?

Permalink


The latest ALEOS software version for all Sierra Wireless GX400 and GX440 devices is currently 4.3.6.011 (as of 7/30/2014).

 

Learn More about the Sierra Wireless Gx440

 

Permalink


The intelligent wireless gateway and router, often referred to as a wireless modem, is perfect for connecting where there is no wireline data available. Therefore it is logical to connect the wireless wide area network modem where there is no grid electric readily available as well. The solution is to harvest energy from the sun using solar photovoltaic cells. Wireless gateways use very small amounts of electricity, and they often run on DC power, the same direct current electric we can generate from solar PV arrays. USAT architects and assembles single panel systems designed to use a pole mounted panel, a NEMA enclosure, and a battery array to power a wireless modem and connected equipment.

It is important to consider what equipment will be attached along with the wireless modem/intelligent gateway. Consult with your USAT sales representative before selecting attached equipment as disparate voltages, native AC powered devices, and high draw equipment can force the solar assembly to be oversized and cost prohibitive. For example, if you need to attach an IP Pan-Tilt-Zoom camera to the off-grid system, USAT can suggest low current PTZ cameras that work well with solar assemblies. A similar example is with network switches. Switches designed for 12Vdc or 24Vdc or POE systems should be selected, and these should be rated for a broad operating temperature, for example -40C to +60C. Other equipment frequently used are radar, sensors including pressure sensors, accelerometers, humidistats, temperature sensors, digital signage, and devices attached to RTC (real-time control) type controllers. Cisco routers that rely on the Cisco Wireless HWIC are generally not optimal for off-grid deployments due to their energy requirements.

USAT has modeled the solar design characteristics for wireless gateways and modems including the Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400, Sierra Wireless AirLink® GX-440, Encore Bandits, Cradlepoint COR and MBR, Digi Connect, Digi WR, and Digi Transport, CalAmp, Multitech and Red Lion Sixnet Bluetree.

Permalink


Digi Products (3)

View category →

Firewall concerns:
Firewalls (and the IT security people that maintain them) are generally concerned with protecting a location’s Local Area Network from unauthorized use – both from traffic coming at the network from the outside world, and traffic from within the local area network going outward.  A Remote Management-capable Digi product falls into the latter category, because the Digi device creates an outbound TCP socket connection to the Device Cloud or Remote Manager server.  This  EDP (easy device protocol) socket connection is tunnel through which data gets pushed from your Gateway to to the Device Cloud, so that data can be accessed from anywhere in the world.

The following article describes:

  • The IP socket connections used when a Digi RF Gateway,TransPort Router, or edp-capable device (using Digi Cloud Connector) makes a Remote Management connection to Device Cloud or Remote Manager
  • How to determine the IP address in use for a given Device Cloud or Remote Manager DNS name

Locations where it is likely that Firewall Rules will be needed:

Those who are trying to connect to Device Cloud or Remote Manager from a location which has strict outbound firewall rules will especially need the guidance found within this article.  Some likely examples for this type of network security environment include:  Government offices/buildings and institutions, Schools, Universities, and some Businesses (especially ones that do government contract work).

 

What network port(s) does a Gateway or Connect-capable device use to connect to Device Cloud?

By default, the TCP and/or UDP port(s) your Device Cloud-capable Gateway or device uses to connect with Device Cloud will depend in part on the age/default configuration of your Gateway, the device’s configuration, as well as the particular model.

TCP Port 3197:  The outbound EDP/non-SSL (non-secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway (especially if the product hasolder firmware), which may still be configured to create an un-encrypted Device Cloud socket connection.

Note:  If possible, the firmware of older products should be updated so that the Device Cloud configuration settings can changed to use of SSL socket connections into the Device Cloud instead (see next entry below).

TCP Port 3199:   The outbound EDP/SSL (secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway with newer firmware which are configured to create a secure SSL socket connection into Device Cloud.  Required on ALL Linux-based Gateways, examples:  XBee Gateway ZB andConnectPort X2e for Smart Energy.  Can also be required if the Device Cloud account is configured to accept SSL connections only (new Device Cloud option as of version 2.16)

UDP Port 53:  Outbound DNS (Domain Name Service) name recognition service, i.e. translates the my.devicecloud.com name for Device Cloud connectivity.

Note:  DNS service is not a requirement.  If access to DNS service is not allowed or possible from your network, the device’s remote connectivity address would need to use the IP address of my.devicecloud.com (52.73.23.137), rather than the DNS name itself (see below under What IP address is needed for outbound Firewall rule(s)? for more details).

UDP Port 123:  The outbound socket connection to an NTP (time) server is required for ALL Linux-based Gateways such as the XBee Gateway and ConnectPort X2e, as well as  gateways and devices configured for NTP time management.

Important Note for all XBee and ConnectPort X2e Gateways (and Gateways configured for NTP Time Management)

The XBee Gateway and ConnectPort X2e are Linux-based gateways which require outbound access to UDP port 123 (NTP), in order to generate the secure (SSL) TCP socket connection into Device Cloud.  Any Gateways which are configured for NTP time management will have this requirement as well, since the Gateway connects to an NTP server in order to to keep an accurate date/time.

If your XBee (or CP-X2e) Gateway is added to your Device Cloud account but never shows up in a Connected state, check to ensure that outbound NTP access is available for the Gateway through your local network Firewall.  ConnectPort X2 and X4 gateways would still connect to Device Cloud (assuming TCP port 3199 isn’t blocked), but the Gateway might show an epoch 1970-based date/time if no other Time Sources are configured.
What IP address is needed for outbound Firewall rule(s)?

The best way to determine that is to do an nslookup of the DNS name for the Remote Management server you want your device(s) to connect to.  As of the date of this article (6/16/2015), here is how this looked from my Windows 7 commandline (Start – Run – CMD) prompt when doing nslookup of our various Remote Management and NTP ring servers:

Digi Device Cloud and Remote Manager device connectivity address:

C:\>nslookup my.devicecloud.com

Name:    my.devicecloud.com
Address:  52.73.23.137

Past Device Cloud connectivity addresses which may still be in use on devices (all device configurations should be updated to use of the my.devicecloud.com address, then re-connected to the server at the new address):

devicecloud.digi.com
login.etherios.com
my.idigi.com
app.idigi.com

devicecloud-uk.digi.com
login.etherios.co.uk
my.idigi.co.uk

Digi Primary NTP Time Server Ring addresses:

C:\>nslookup time.devicecloud.com

Name:     time.devicecloud.com
Addresses:  52.25.29.129, 52.2.40.158

Secondary/Tertiary NTP Time Server addresses for pool usage:

C:\>nslookup 0.time.devicecloud.com

Name:     0.time.devicecloud.com
Addresses:  52.2.40.158

C:\>nslookup 1.time.devicecloud.com

Name:     1.time.devicecloud.com
Addresses:  52.25.29.129

Deprecated NTP/Time server addresses which may still be in use on devices (all devices should be updated to use time.devicecloud.com within their configuration):

time.digi.com
time.etherios.com

time.etherios.co.uk
0.idigi.pool.ntp.org
1.idigi.pool.ntp.org
2.idigi.pool.ntp.org

Making the Firewall Rules:

If the IP address of the DNS name ever changes (before this article is updated to reflect it), a Windows CLI command can be used to determine the IP address of our server:

nslookup <DNS name of server>

The Name and Address fields will be the DNS name and IP address for the Remote Management or Time server listed.  Your firewall rule will need to allow access for the appropriate network port used based on your Gateway’s Device Management configuration, as well as UDP port 123 if NTP Time Management is in use.

Important Note regarding deprecated DNS names:

If your Gateway is configured to use an idigi.* or etherios.* DNS name, it should be re-configured to use the my.devicecloud.com url at your earliest convenience. You will need to create firewall rules for all IP addresses/ports used, for all Remote Management and Time (NTP) DNS server names used within your device.

Permalink


Cloud services can be used for applications built around Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Digi International has a platform called iDigi. iDigi is a cloud platform for both device network management and for data management. The iDigi Device Cloud is designed using a high-availability architecture, with redundancy and failover characteristics. It is a highly scalable system that can host single units to tens of thousands of Digi devices. It also has web services APIs for secure application integration and data messaging. iDigi device clouds are located in Chicago and in London and you can select to which cloud your data is subscribed.

Device management also include the ability to send commands to remote devices. Standard web service calls are available to manage traditional device settings. An optional Server Command Interface / Remote Command Interface (SCI/RCI) mechanism is available for any custom device or application commands that may be required.

iDigi Manager Pro is a pay-as-you-go model, starting at $1.59 per registered device, per month. Sending data to and from the iDigi Device Cloud is billed on a transactional basis and are available at different usage levels. Data is managed through iDigi, which means that iDigi provides a collection point of data. iDigi is not a (long-term) data storage solution–Digi Dia data is stored for 1 day, and iDigi files are stored for 7 days.

Permalink


Unlike the ConnectPort WAN, the serial ports on the standard builds of the Digi Transport line are DTE not DCE serial, this means that a null modem cable should be used instead of a cross-over cable.

Null modem is a communication method to connect two DTEs (computer, terminal, printer etc.) directly using an RS-232 serial cable. The name stems from the historical use of the RS-232 cable to connect two teleprinter devices to modems in order to communicate with one another; null modem communication was possible by instead using RS-232 to connect the teleprinters directly to one another.

Permalink


Digi Transport (18)

View category →

Why use FTP Relay

The FTP Relay agents allow any files to be transferred onto the router by a specified user using the File Transfer Protocol to be temporarily stored in memory and then relayed to a specific FTP Server. This is useful when the router is being used to collect data files from a locally attached device such as a webcam which must then be transferred to a host system over a slower data connection such as W-WAN. In effect, the router acts as a temporary data buffer for the files.

Configure FTP Relay on a TransPort router

Browse to Configuration – Network > FTP Relay> FTP Relay n and configure the agent like in the following screenshot:

User-added image

Please find details for all the fields below:

Relay Files for user: is the name of the local user and should be one of the usernames assigned in the Configuration – Security > Users web page. This name is then used as the FTP login username when the local device needs to relay a file.
To FTP Server: is the name (IP address) of the FTP Server to which the files from the locally attached device are to be relayed.
Server Username: is the username required to log in to the specified FTP Server
Server Password/Confirm Server Password: is the password to be used to log in to the Server.
Remote directory: is the full name of the directory on the FTP Server to which the file is to be saved. Please note that if you use a Filezilla Server and you set for example “C:/” as Home directory for the server, when the transport will connect to it, the server won’t recognize “C:/” as home directory but only “\”, so in this case, this fields should contain only the subdirectories path contained in the Server home directory where you need to save the file. In this example this Path is “TestFTPRelay\T1” that correspond in the Server to the Path “C:/TestFTPRelay/T1”.
Rename file: When checked, this checkbox causes the router to store the uploaded files internally with a filename in the form “relnnnn” where nnnn is a number that is incremented for each new file received. When the file is relayed to the FTP Server the original filename is used. When unchecked, the file is stored internally using its original filename. This parameter should be set if it a file having a filename longer than 12 characters is to be uploaded. This is due to the internal file system having the 8.3 filename format (i.e. autoexec.bat).
Transfer Mode ASCII / Binary: These two radio buttons select between the two possible file transfer modes, binary data or ASCII data.
Transfer Command STORE / APPEND: These two radio buttons select between the two possible storage methods, either append to or replace existing file.
Attempt to connect to the FTP Server n times: The value in this text box specifies the number of connection attempts that the router should make if the first attempt is not successful.
Wait s seconds between attempts: The value in this text box specifies the interval (in seconds) that the router should wait in between successive connections attempts.
Remain connected for s seconds after a file has been transferred: The value in this text box specifies how long (in seconds) that the router will maintain the connection to the FTP host after transferring a file.
If unable to relay file Delete File / Retain file: These two radio buttons select the behavior with respect to storing the file if the router fails to connect to the FTP host (after retrying for the specified number of attempts). Select Delete File if the file should not be stored permanently. If the file is retained, manual intervention will be required to recover it at a later stage. Note:  If the file is not retained, it will be lost if the power is removed from the router.

The correspondent CLI commands for the configuration in this example are:

frelay 0 locuser “username”
frelay 0 ftphost “10.104.1.101”
frelay 0 ftpuser “user1”
frelay 0 ftpepwd “KD5lSVJDVVgD”
frelay 0 ftpdir “TestFTPRelay\T1”

Testing the FTP Relay feature

Configure the remote FTP server with an User (corresponding to the one configured on the TransPort FTP Relay agent), allowed at least to read/write on the Home directory specified:

User-added image

User-added image

Connect the local FTP client to the TransPort FTP server and transfer the file:

User-added image

Check the eventlog on the TransPort browsing to Management – Event Log, you will see the FTP transfer from the Local Host to the TransPort (in orange) and the FTP relay of the file from the TransPort to the remote FTP Server (in red)

User-added image

The successful transfer can be also checked on the FTP remote server:

User-added image

Permalink


I need a secure (encrypted) connection from my mobile device. How do I configure a TransPort router as a L2TP/IPsec VPN responder for Apple devices such as the iPhone; iPad or Android devices such as smart phones; or tablets?

TransPort routers can be configured as a VPN server for mobile devices (Apple iOS & Android), using IPsec to create a secure connection to your router.  This article will detail the steps needed to configure a L2TP/IPsec VPN using Pre-Shared keys.

TransPort firmware version 5157 or newer is recommended.  A change has been made in this firmware version to ensure L2TP sockets are closed and immediately returned to the ‘Listening’ state as soon as the VPN is disconnected, previous firmware versions have to wait until the L2TP socket inactivity timer expires.

This solution assumes that the TransPort router has a static and public IP address configured on its WAN interface, for the purposes of this article, we’ll assume PPP 1 is the WAN interface and has already been configured for internet access.

The commands listed should be entered via the CLI (telnet, serial connection, or ‘Execute a command’ in the web GUI)

Step 1:
Enable IPsec on the PPP1 interface
ppp 1 ipsec 1

Step 2:
Phase 1 of the VPN set up, IKE, is set by default to allow all combinations of authentication and encryption algorithm proposals.  Only a couple of extra settings need to be configured.
Configure the VPN Phase 1, IKE, so that all relevant SAs are removed when a VPN is disconnected.
ike 0 delmode 1
ike 0 invspidel ON

Step 3:
Phase 2 of the VPN setup is specific to either Apple iOS or Android devices.
If you are configuring a VPN for Apple devices only, then just complete Step 3a and move on to Step 4.
If you are configuring a VPN for Android devices only, then just complete Step 3b and move on to Step 4.
If you are configuring VPNs for both Apple and Android devices, complete both Step 3a & Step 3b then continue with Step 4.

Step 3a:
Configure the VPN Phase 2, IPsec
eroute 0 descr “iPad L2TP IPsec VPN”
eroute 0 peerid “*”
eroute 0 locipifent “PPP”
eroute 0 locipifadd 1
eroute 0 mode “Transport”
eroute 0 ESPauth “SHA1”
eroute 0 ESPenc “AES”
eroute 0 proto “UDP”
eroute 0 locport 1701
eroute 0 ltime 3600
eroute 0 authmeth “PRESHARED”
eroute 0 enckeybits 256

Step 3b:
Configure the VPN Phase 2, IPsec
eroute 1 descr “Android L2TP IPsec VPN”
eroute 1 peerid “*”
eroute 1 locipifent “PPP”
eroute 1 locipifadd 1
eroute 1 mode “Transport”
eroute 1 ESPauth “SHA1”
eroute 1 ESPenc “3DES”
eroute 1 proto “UDP”
eroute 1 locport 1701
eroute 1 ltime 28800
eroute 1 authmeth “PRESHARED”
eroute 1 enckeybits 256

Step 4:
Configure the VPN users:
user 2 name “vpn-user1”
user 2 password “password1”
user 2 access 4
user 3 name “vpn-user2”
user 3 password “password2”
user 3 access 4
user 4 name “vpn-user3”
user 4 password “password3”
user 4 access 4
user 5 name “vpn-user4”
user 5 password “password4”
user 5 access 4

Step 5:
Configure the IPsec Pre-Shared Key, this is common for ALL VPN users.
user 10 name “*”
user 10 password “my-secure-psk”
user 10 access 4
user 10 dun_en off

Step 6:
Configure enough L2TP instances for the total number of required VPNs, we’ll use 4 for the number of VPN users configured in Step 4.
l2tp 0 listen ON
l2tp 0 swap_io ON
l2tp 0 rnd_srcport ON
l2tp 1 listen ON
l2tp 1 swap_io ON
l2tp 1 rnd_srcport ON
l2tp 2 listen ON
l2tp 2 swap_io ON
l2tp 2 rnd_srcport ON
l2tp 3 listen ON
l2tp 3 swap_io ON
l2tp 3 rnd_srcport ON

Step 7:
Configure enough PPP instances that will be linked with the L2TP instances configured in step 6.
This is quickest and easiest via the routers web GUI.

In the router web GUI, browse to
Configuration – Network > Interfaces > Advanced > PPP 0 – 9 > PPP 5
Click the button labelled ‘Load answering defaults’.  DO NOT CLICK ‘APPLY’.
Repeat Step 7 for PPP 6, PPP 7 & PPP 8.

Step 8:
Create a link between the PPP interfaces configured in step 7 with the L2TP instances configured in Step 6.
This is quickest and easiest via the routers CLI.

PPP 5 will be linked to L2TP 0, PPP 6 to L2TP 1, PPP 7 to L2TP 2, PPP 8 to L2TP 3
ppp 5 l1iface “L2TP”
ppp 5 l1nb 0
ppp 6 l1iface “L2TP”
ppp 6 l1nb 1
ppp 7 l1iface “L2TP”
ppp 7 l1nb 2
ppp 8 l1iface “L2TP”
ppp 8 l1nb 3

Step 9:
Save the configuration.
config 0 save

The TransPort router configuration is now complete.

The next step is to configure the iPad or Android device to connect to the TransPort using an L2TP / IPsec VPN.

iPad & iPhone settings
Step 10:
On the iPad, browse to Settings > VPN
Press ‘Add VPN Configuration’

Step 11:
Choose L2TP, which is actually L2TP/IPsec but just named L2TP.  The option for IPsec is a Cisco VPN client and is not required.

Step 12:
Enter the following information:
Description = TransPort L2TP IPsec VPN
Server = <WAN IP ADDRESS OF ROUTER>
Account = vpn-user1
RSA SecurID = OFF
Password = password1
Secret = my-secure-psk
Send All Traffic = ON
Proxy = OFF

Note:
The ‘Server’ is the TransPort routers IP public IP address.
The ‘Account’ is a user name configured in Step 4.
The ‘Password’ is the corresponding password for the user configured in Step 4.
The ‘Secret’ is the Pre-Shared Key (password) configured in Step 5.

Step 13:
Press ‘Save’ in the top right corner.

Step 14:
You will now see the newly created VPN connection listed.  If there is more than 1 VPN connection shown on this screen, press on the new VPN named ‘TransPort L2TP IPsec VPN’ so a tick appears to the left of the name.
Move the ‘VPN’ slider over to the right from ‘OFF’ to ‘ON’ and the iPad will now try and connect.
When connected, the iPad will show ‘Connected’ with a timer showing the amount of time the VPN has been connected for.

Android device settings
Step 15:
On the Android device, browse to Settings > Wireless and network > VPN settings
Press ‘Add VPN’

Step 16:
Choose ‘Add L2TP/IPSec PSK VPN’.

Step 17:
Enter the following information:
VPN name = TransPort L2TP IPsec VPN
Set VPN server = <WAN IP ADDRESS OF ROUTER>
Set IPsec pre-shared key = my-secure-psk
Enable L2TP secret = disabled
DNS search domains = not set

Note:
The ‘VPN server’ is the TransPort routers IP public IP address.
The ‘IPsec pre-shared key’ is the Pre-Shared Key (password) configured in Step 5.
The VPN username & password will be requested when initiating the VPN.

Step 18:
Save the configuration, method used is specific to device.

Step 19:
You will now see the newly created VPN connection listed.  If there is more than 1 VPN connection shown on this screen, press on the new VPN named ‘TransPort L2TP IPsec VPN’.
A username and password will be requested.
Username = vpn-user2
Password = password2
Press ‘Connect’ and the Android device will now try and connect.
When connected, the Android device will show ‘Connected’ with a key symbol in the top status bar.

This is a brief configuration guide, an Application Note will be available soon.

——–

iPad VPN proposal information:
Phase 1 proposal = AES256, SHA1, DH group 2, Lifetime 3600 seconds
Authentication method = Pre-Shared Keys
ID Type used =  IPv4 address
Phase 2 proposal = ESP, AES256, SHA1, Lifetime 3600 seconds, Mode: UDP transport, Local UDP port: Variable, Remote UDP port: 1701

Android (Froyo) VPN proposal information:
Phase 1 proposal = 3DES, SHA1, DH group 2, Lifetime 28800 seconds
Authentication method = Pre-Shared Keys
ID Type used =  IPv4 address
Phase 2 proposal = ESP, AES256, SHA1, Lifetime 28800 seconds, Mode: UDP transport, Local UDP port: Variable, Remote UDP port: 1701

Permalink


This article explains how to upgrade firmware on a Digi TransPort or Sarian router using a USB flash drive to a version earlier than 5.2.9.13.

There are two different methods available:

Method A is simpler, but will erase any existing configuration files on the router.

Method B is more complicated, but will allow any existing configuration files on the router to be retained.

Method A: Loading a complete flash memory image onto the router, in the form of a ‘.all file’

Please note: upgrading the firmware using a ‘.all file’ will erase any existing configuration files on the router.

1) Obtain the latest ‘.all file’, which can be found at one of the following links depending on your model:

Digi TransPort .all files

Sarian .all files

It is very important that the correct firmware file is used for the model number being upgraded. If you attempt to load firmware designed for one model onto a different model the router may cease to function and will be difficult to recover.

To locate the correct firmware for your model, after clicking on a link above, select the subdirectory containing the version you wish to download (the newest version is recommended) then the subdirectory relating to your model. Select the .all file to download it. The format of the file name is as follows:

<model name>-<firmware version>.all

As an example, the file called WR44-5162.all is firmware for the WR44 model and is firmware version 5.162.

2) Rename the .all file to adhere to the ‘8.3’ filename format that the router expects – i.e. a maximum of 8 characters before the ‘.’ plus a maximum of 3 characters for the extension. You can see that WR44-5162.all has 9 characters before the ‘.’ and so will not be recognised by the router’s file system. In this example WR44-5162.all is renamed to WR44.all – this step is important as most downloaded .all files will not by default adhere to the 8.3 filename convention.

3) Create a file named autoexec.bat and edit it in a text editor (for example Notepad in Windows) to contain the following lines. Lines in bold will always need to be present; the ‘copy’ line should be amended as appropriate to reflect the name of the renamed .all file being copied (although the destination filename should be always be ‘all.all’ so that the existing .all file on the router is replaced. It is important to include a blank line at the end of the file after ‘flashleds’. For the example file ‘WR44.all’:

ERROR_EXIT
copy u:WR44.all all.all
scanr
flashleds

< BLANK LINE>

4) Using your PC, format a USB flash drive. Note that this will erase all data on the USB drive. Not all USB drives work with Digi TransPort or Sarian routers. Older firmware supports only FAT16 formatted drives but newer firmware supports FAT32. NTFS is not supported.

5) Once formatting is complete, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

6) Check that the TransPort router recognises it by inserting it into a USB port on the front of the router, then connect to the router’s CLI (command line interface) via one of the following methods:

a) A Telnet or SSH session to the router’s IP address
b) A terminal emulator session (for example using Hyperterminal or TeraTerm) to the router’s ASY (serial) port

Issue the following command:

dir u: <enter>

If the USB drive is recognised, the CLI should report its size and other parameters. Remove the USB drive from the router.

7) Insert the USB drive back into your PC, and copy the .all file and the autoexec.bat file into the root directory of the USB drive.

8) When the file copying has finished, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

9) Insert the USB drive into a USB port on the front of the router once more.

The firmware upgrade process should now begin. During the process, two or three of the LEDs on the front of the router will flash repeatedly to indicate that the files are being copied. After a few minutes, these LEDs should stop flashing, and most of the LEDs other than the original two or three on the front panel will flash repeatedly. This indicates that the upgrade process is complete, i.e. that the autoexec.bat file has finished with no errors.

10) Remove the USB drive from the router’s USB port.

11) Power cycle the router.

Please note, if the LEDs did not flash as expected, this could indicate a problem with the upgrade. In this case please do NOT reboot the router, instead connect to the router and determine if there is a problem by issuing the “scan” and “dir” commands.

12) Once the router has restarted, enter the following CLI command: ati5<enter>

The CLI will return a lot of information about the router, and the second and third lines will show the firmware image and bootloader version numbers. This can be used to verify that the upgrade process has been successful – for example:

ati5
Digi TransPort WR44-U4T1-WE1-XX Ser#:160601 HW Revision: 7902a
Software Build Ver5162. Aug 13 2012 05:12:25 SW
ARM Bios Ver 6.75 v39 400MHz B512-M512-F80-O0,0 MAC:00042d027359
Power Up Profile: 0

Method B: Upgrading individual firmware files

Please note: this method should be used if any existing configuration on the router needs to be retained.

1) Obtain the latest firmware zip file, which can be found at one of the following links depending on your model:

Digi TransPort firmware files

Sarian firmware files

It is very important that the correct firmware file is used for the model number being upgraded. If you attempt to load firmware designed for one model onto a different model the router may cease to function and will be difficult to recover.

To locate the correct firmware for your model, after clicking on a link above, select the subdirectory containing the version you wish to download (the newest version is recommended) then the subdirectory relating to your model. Select the zip file to download it.

2) Extract all of the files, from the downloaded zip archive, to a directory on your PC.

3) On your PC, rename the following two files as follows:

Rename the *.dwn file (the main firmware image) to image (with no extension)
Rename the *.rom file (the bootloader) to sbios1 (with no extension)

4) Create a file named autoexec.bat and open it in a text editor (for example Notepad in Windows). Add some or all of the following lines – the lines shown in bold will always need to be present, but the other lines should be amended as appropriate so that all of the files from the original firmware zip file are copied to the router. It is important to include a blank line at the end of the file after ‘flashleds’. For the example firmware version referred to, the autoexec file needs to contain the following lines:

ERROR_EXIT
del *.web
copy u:image image
copy u:sbios1 sbios1

copy u:logcodes.txt logcodes.txt
copy u:image4.c2 image4.c2
copy u:S5162w#D.web S5162w#D.web
copy u:python.zip python.zip
copy u:wizards.zip wizards.zip
move sbios1 sbios
scanr
flashleds

< BLANK LINE>

5) Using your PC, format a USB flash drive. Note that this will erase all data on the USB drive. Not all USB drives work with Digi TransPort or Sarian routers. Older firmware supports only FAT16 formatted drives but newer firmware supports FAT32. NTFS is not supported.

6) Once formatting is complete, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

7) Check that the TransPort router recognises it by inserting it into a USB port on the front of the router, then connect to the router’s CLI (command line interface) via one of the following methods:

a) A Telnet or SSH session to the router’s IP address
b) A terminal emulator session (for example using Hyperterminal or TeraTerm) to the router’s ASY (serial) port

Issue the following command:

dir u: <enter>

If the USB drive is recognised, the CLI should report its size and other parameters. Remove the USB drive from the router.

8) Insert the USB drive back into your PC, and copy all of the firmware upgrade files into the root directory of the USB drive. The files should include all those from the original firmware zip file (with the image and bootloader files renamed as above) plus the autoexec.bat file.

9) When the file copying has finished, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

10) Insert the USB drive into a USB port on the front of the router once more.

The firmware upgrade process should now begin. During the process, two or three of the LEDs on the front of the router will flash repeatedly to indicate that the files are being copied. After a few minutes, these LEDs should stop flashing, and most of the LEDs other than the original two or three on the front panel will flash repeatedly. This indicates that the upgrade process is complete, i.e. that the autoexec.bat file has finished with no errors.

11) Remove the USB drive from the router’s USB port.

12) Power cycle the router.

Please note, if the LEDs did not flash as expected, this could indicate a problem with the upgrade. In this case please do NOT reboot the router, instead connect to the router and determine if there is a problem by issuing the “scan” and “dir” commands.

13) Once the router has restarted, enter the following CLI command: ati5<enter>

The CLI will return a lot of information about the router.The second and third lines will show the firmware image and bootloader version numbers. This can be used to verify that the upgrade process has been successful – for example:

ati5
Digi TransPort WR44-U4T1-WE1-XX Ser#:160601 HW Revision: 7902a
Software Build Ver5162. Aug 13 2012 05:12:25 SW
ARM Bios Ver 6.75 v39 400MHz B512-M512-F80-O0,0 MAC:00042d027359
Power Up Profile: 0

Permalink


This article explains how to upgrade the firmware on a Digi TransPort or Sarian router using Flashwriter via your Ethernet port.

If you need to upgrade your firmware using Flashwriter via the serial port, please see this article: How to upgrade the firmware on a Digi TransPort router using Flashwriter – Serial Procedure

Please note that upgrading the firmware using Flashwriter will erase any existing configuration files on the router.

1) Download and install Flashwriter.

2) Obtain the latest Flashwriter firmware zip file, which can be found at one of the following links depending on your model:

Digi TransPort Flashwriter files

Sarian Flashwriter files

It is very important that the correct firmware file is used for the model number being upgraded. If you attempt to load firmware designed for one model onto a different model the router may cease to function and will be difficult to recover.

Note that there is at least one variation of firmware dependent on the module.  To determine which module module you have, please see the following article: How to Determine which module to select in the Flashwriter Procedure.   This article will also come into play on step 14 of this procedure.

To locate the correct firmware for your model, after clicking on a link above, select the subdirectory containing the version you wish to download (the newest version is recommended) then the subdirectory relating to your model. Select the zip file to download it. The format of the file name is as follows:

<model name>-<firmware version>.zip

As an example, the file called WR44-5162.zip is firmware for the WR44 model and is firmware version 5.162.

3) Extract all of the files, from the downloaded zip archive, to a directory on your PC.

4) Close any other programs that are running on your PC.

5) Connect the LAN 0 port of the router to the local Ethernet network, unless the model appears in the list below, in which case please use the specified LAN port. If you are connecting the router to your PC ‘directly’ via Ethernet (i.e. not via a local network) please ensure that a (non-managed) switch is connected between the router and PC.

Model Port Number
VC7400 LAN 4
VC5100 LAN 1
MW3520 LAN 1

6) Run the Flashwriter program that was installed in step 1).

7) Select ‘Eth’ as the ‘Communications port number/Interface’ in Flashwriter, which is the last entry in the drop down list.

8) On the main Flashwriter screen, ensure that:
– The ‘Configure only’ check box is NOT ticked
– The ‘Use event driven mode’ check box IS ticked
– The ‘Use Xmodem 1K’ check box is NOT ticked
– The ‘Use TFTP’ check box IS ticked
User-added image

9) Click the ‘Load’ button.

10) Click ‘Yes’ when prompted with the warning message.

11) Enter the serial number of the router.  This is located on the label on the underside of your TransPort.  On the label, you will note a line that shows SN / HW Rev / Batch.  These correspond with the values to the right of those.  The SN stands for serial number.  This is the six digit number which is the value Flashwriter is looking for.
User-added image

Once you enter the serial number of the TransPort, click OK.
User-added image

12) A message will pop up, “Next enter the location of the .all file.  Click OK.

13) Enter the location of the ‘.all file’ that you extracted from the zip file earlier (step 3) and then click Open.

14) Select the W-WAN module that is in your TransPort.
Please see the following article on determining which module you have:How to Determine which module to select in the Flashwriter Procedure.
Click OK after selecting the module.
At this point the Flashwriter program will update your firmware.

If you have any issues, please note what, if any, error messages pop up.
If it does error out, please try to run the procedure once again.

Please note: The TFTP firmware load takes place via Ethernet. However, Flashwriter can establish initial contact with the router either via the serial port or via Ethernet. The Ethernet option is provided because it is more convenient, but please note that the Ethernet option does not work in all circumstances:

  • Some older products do not support Ethernet
  • Some older bootloaders do not support Ethernet
  • If the firmware on the unit is badly corrupted, Ethernet may not work

Some common issues:

  • Selecting a serial port when actually using an Ethernet cable
  • If there is a firewall in place, make sure it is not blocking port 69.
  • Bad or no Ethernet connection
  • Sometimes we see an error message and it’s something in the laptop or computer itself.  Maybe trying another PC or laptop will resolve the issue.
  • Ensure you are loading the correct firmware.
  • If you are connecting the router to your PC ‘directly’ via Ethernet (i.e. not via a local network) please ensure that a (non-managed) switch is connected between the router and PC.

Permalink


This article explains how to upgrade to firmware version 5.2.9.13 or later on a Digi TransPort or Sarian router using a USB flash drive.

There are two different methods available:

Method A is simpler, but will erase any existing configuration files on the router.

Method B is more complicated, but will allow any existing configuration files on the router to be retained.

Method A: Loading a complete flash memory image onto the router, in the form of a ‘.all file’

Please note: upgrading the firmware using a ‘.all file’ will erase any existing configuration files on the router.

1) Obtain the latest ‘.all file’, which can be found at one of the following links depending on your model:

Digi TransPort .all files

Sarian .all files

It is very important that the correct firmware file is used for the model number being upgraded. If you attempt to load firmware designed for one model onto a different model the router may cease to function and will be difficult to recover.

To locate the correct firmware for your model, after clicking on a link above, select the subdirectory containing the version you wish to download (the newest version is recommended) then the subdirectory relating to your model. Select the .all file to download it. The format of the file name is as follows:

<model name>-<firmware version>.all

As an example, the file called WR44-5162.all is firmware for the WR44 model and is firmware version 5.162.

2) Rename the .all file to adhere to the ‘8.3’ filename format that the router expects – i.e. a maximum of 8 characters before the ‘.’ plus a maximum of 3 characters for the extension. You can see that WR44-5162.all has 9 characters before the ‘.’ and so will not be recognised by the router’s file system. In this example WR44-5162.all is renamed to WR44.all – this step is important as most downloaded .all files will not by default adhere to the 8.3 filename convention.

3) Create a file named autoexec.bat and edit it in a text editor (for example Notepad in Windows) to contain the following lines. Lines in bold will always need to be present; the ‘copy’ line should be amended as appropriate to reflect the name of the renamed .all file being copied (although the destination filename should be always be ‘all.all’ so that the existing .all file on the router is replaced. It is important to include a blank line at the end of the file after ‘flashleds’. For the example file ‘WR44.all’:

ERROR_EXIT
copy u:WR44.all all.all
scanr
flashleds

< BLANK LINE>

4) Using your PC, format a USB flash drive. Note that this will erase all data on the USB drive. Not all USB drives work with Digi TransPort or Sarian routers. Older firmware supports only FAT16 formatted drives but newer firmware supports FAT32. NTFS is not supported.

5) Once formatting is complete, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

6) Check that the TransPort router recognises it by inserting it into a USB port on the front of the router, then connect to the router’s CLI (command line interface) via one of the following methods:

a) A Telnet or SSH session to the router’s IP address
b) A terminal emulator session (for example using Hyperterminal or TeraTerm) to the router’s ASY (serial) port

Issue the following command:

dir u: <enter>

If the USB drive is recognised, the CLI should report its size and other parameters. Remove the USB drive from the router.

7) Insert the USB drive back into your PC, and copy the .all file and the autoexec.bat file into the root directory of the USB drive.

8) When the file copying has finished, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

9) Insert the USB drive into a USB port on the front of the router once more.

The firmware upgrade process should now begin. During the process, two or three of the LEDs on the front of the router will flash repeatedly to indicate that the files are being copied. After a few minutes, these LEDs should stop flashing, and most of the LEDs other than the original two or three on the front panel will flash repeatedly. This indicates that the upgrade process is complete, i.e. that the autoexec.bat file has finished with no errors.

10) Remove the USB drive from the router’s USB port.

11) Power cycle the router.

Please note, if the LEDs did not flash as expected, this could indicate a problem with the upgrade. In this case please do NOT reboot the router, instead connect to the router and determine if there is a problem by issuing the “scan” and “dir” commands.

12) Once the router has restarted, enter the following CLI command: ati5<enter>

The CLI will return a lot of information about the router, and the second and third lines will show the firmware image and bootloader version numbers. This can be used to verify that the upgrade process has been successful – for example:

ati5
Digi TransPort WR44-U4T1-WE1-XX Ser#:160601 HW Revision: 7902a
Software Build Ver5162. Aug 13 2012 05:12:25 SW
ARM Bios Ver 6.75 v39 400MHz B512-M512-F80-O0,0 MAC:00042d027359
Power Up Profile: 0

Method B: Upgrading individual firmware files

Please note: this method should be used if any existing configuration on the router needs to be retained.

1) Obtain the latest firmware zip file, which can be found at one of the following links depending on your model:

Digi TransPort firmware files

Sarian firmware files

It is very important that the correct firmware file is used for the model number being upgraded. If you attempt to load firmware designed for one model onto a different model the router may cease to function and will be difficult to recover.

To locate the correct firmware for your model, after clicking on a link above, select the subdirectory containing the version you wish to download (the newest version is recommended) then the subdirectory relating to your model. Select the zip file to download it.

2) Extract all of the files, from the downloaded zip archive, to a directory on your PC.

3) On your PC, rename the following two files as follows:

Rename the image file (the main firmware image) to image.tmp
Rename the *.rom file (the bootloader) to sbios1 (with no extension)

4) Create a file named autoexec.bat and open it in a text editor (for example Notepad in Windows). Add some or all of the following lines – the lines shown in bold will always need to be present, but the other lines should be amended as appropriate so that all of the files from the original firmware zip file are copied to the router. It is important to include a blank line at the end of the file after ‘flashleds’. For the example firmware version referred to, the autoexec file needs to contain the following lines:

ERROR_EXIT
del *.web
copy u:image.tmp image.tmp
copy u:sbios1 sbios1

copy u:logcodes.txt logcodes.txt
copy u:wr11.web wr11.web
copy u:python.zip python.zip
copy u:wizards.zip wizards.zip
del image
ren image.tmp image
copy image image4
move sbios1 sbios
scanr
flashleds

< BLANK LINE>

5) Using your PC, format a USB flash drive. Note that this will erase all data on the USB drive. Not all USB drives work with Digi TransPort or Sarian routers. Older firmware supports only FAT16 formatted drives but newer firmware supports FAT32. NTFS is not supported.

6) Once formatting is complete, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

7) Check that the TransPort router recognises it by inserting it into a USB port on the front of the router, then connect to the router’s CLI (command line interface) via one of the following methods:

a) A Telnet or SSH session to the router’s IP address
b) A terminal emulator session (for example using Hyperterminal or TeraTerm) to the router’s ASY (serial) port

Issue the following command:

dir u: <enter>

If the USB drive is recognised, the CLI should report its size and other parameters. Remove the USB drive from the router.

8) Insert the USB drive back into your PC, and copy all of the firmware upgrade files into the root directory of the USB drive. The files should include all those from the original firmware zip file (with the image and bootloader files renamed as above) plus the autoexec.bat file.

9) When the file copying has finished, perform a ‘safe hardware removal’ of the USB drive from your PC to ensure that any delayed writes have finished.

10) Insert the USB drive into a USB port on the front of the router once more.

The firmware upgrade process should now begin. During the process, two or three of the LEDs on the front of the router will flash repeatedly to indicate that the files are being copied. After a few minutes, these LEDs should stop flashing, and most of the LEDs other than the original two or three on the front panel will flash repeatedly. This indicates that the upgrade process is complete, i.e. that the autoexec.bat file has finished with no errors.

11) Remove the USB drive from the router’s USB port.

12) Power cycle the router.

Please note, if the LEDs did not flash as expected, this could indicate a problem with the upgrade. In this case please do NOT reboot the router, instead connect to the router and determine if there is a problem by issuing the “scan” and “dir” commands.

13) Once the router has restarted, enter the following CLI command: ati5<enter>

The CLI will return a lot of information about the router.The second and third lines will show the firmware image and bootloader version numbers. This can be used to verify that the upgrade process has been successful – for example:

ati5
Digi TransPort WR44-U4T1-WE1-XX Ser#:160601 HW Revision: 7902a
Software Build Ver5162. Aug 13 2012 05:12:25 SW
ARM Bios Ver 6.75 v39 400MHz B512-M512-F80-O0,0 MAC:00042d027359
Power Up Profile: 0

Permalink


Digi Remote Manager (5)

View category →

Adding your Digi TransPort to Remote Manager

  1. Log into your Digi Remote Manager account.
  2. Click on the Device Management tab.
  3. Click on the Add Devices button on the tool bar

  4. Add the Digi TransPort by either discovering it locally, or manually adding the Device ID, using either of the the two methods described below:

Discovery method:

  1. After hitting Add Devices (step 3 above), click the Discover >> button.

  2. Click the Discover button on the 2nd Add Devices screen.

  3. Select the Digi TransPort to be added, and click OK.

Manual method:

  1. After hitting Add Devices (step 3 above), click the dropdown which defaults to MAC Address, and select Device ID instead.

  2. Populate the entry field to the right of Device ID with the Device ID of your Digi TransPort.  This can be obtained from the Digi TransPort WebUI Home page if needed.

  3. Click the Add button, then click OK.

Your Digi TransPort should now be added to Remote Manager:

After your device is added, it should show up in the list of devices as disconnected (a Red icon beside the device means Disconnected, see below).

After a minute or so, refresh the device list by clicking the Refresh button, and verify a Connected state as seen below.  A Blue icon indicate the device is connected to Remote Manager.

 

Conclusion:

If you see the Blue/Connected icon next to your TransPort, it means that your device was properly configured, and you can now manage your TransPort on Remote Manager.  If still not connected after a a few minutes, you’ll want to re-check your TransPort Remote Management and Network configurations, as well as make sure you aren’t running into any Firewall issues between the TransPort and Remote Manager.

Permalink


Remote Manager uses tags to categorize devices.  You may want to edit the tags associated with a device if the purpose of a device changes or if you use tags to create a new sub-category of devices. Device tags are stored in Remote manager and not on the device.

To add a tag to a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Enter the name of a tag in the text box and click Add Tag.
  5. Click Save. The new tag is associated with the device.

To edit tags for a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the tag name you want to edit. The tag name appears in the text box.
  5. Edit the tag name as needed and click Change Tag.
  6. Click Save. The new tag is associated with the device.

To remove a tag from a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the red X under action to delete the corresponding tag underStream Name.
  5. Click Save. The new tag is associated with the device.

Permalink


The groups feature allows you to add or create a group and assign a list of devices to that group. You can create a hierarchical structure of device groups to help organize your device inventory.

To create a group

  1. Click Device Management > Devices.
  2. Click the Groups button and select Add Group. The Add Group dialog appears.
  3. Type a group name.
  4. Choose the folder where you want to place the new group. The default is the root level.
  5. Click the Add Group button. The group name appears in the folder structure under the root directory in the left pane.

To add a device to a group
You can add one or more devices to a device group, and can add up to 500 devices to a group at one time.

  1. Click Device Management > Devices.
  2. Select the device(s) you want to add to a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.
  3. Click Assign to Group. The devices are added to the selected device group.

To move/remove a device from a group

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups you wish to remove the device from.
  3. Select the device(s) you want to remove from a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.  You may also select the “/” to move it to the root directory.
  3. Click Assign to Group. The devices are added to the selected device group or root.

To edit device group properties
You can edit device group properties, including the group name and its parent in the groups hierarchy.

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups.
  3. Click Groups and select Edit Group from the drop-down.
  4. Make changes to the group name and location as needed.
  5. Click Edit Group to confirm your changes.

To Remove a device group
Removing a device group removes the group itself and moves all devices in that group to the parent level in your device list.

  1. Click Device Management > Devices.
  2. Click to select the device group you want to remove from the device hierarchy in the left panel under Groups.
  3. Click Groups and select Remove Group from the drop-down. A confirmation dialog appears asking you to confirm that you want to remove that group.
  4. Click Yes to confirm. The group is deleted and any devices in that group move to the parent level in your device hierarchy.

To show or hide device groups
This feature will allow you to toggle the Groups display to hidden or visible.

  1. Click Device Management > Devices.
  2. Click the Show/Hide Groups button on the far left side of theDevices toolbar.

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


Introduction:

This article will discuss how to configure your Digi TransPort router for use with Remote Manager by utilizing the built-in Web User Interface (WebUI) of the Digi TransPort itself.

Changing the Remote Manager connection settings from the WebUI

The Digi TransPort WebUI can be accessed locally via the local IP address (LAN or WAN), or the Cllular Mobile IP address (provided your cellular account is one which supports Mobile Termination, and that you left a pinhole for HTTP or HTTPS through which to get to the WebUI if configured for IP Passthrough).

If you know the Mobile IP address and have met the conditions above, you should be able to open the TransPort’s WebUI by opening a browser to the Mobile IP of your TransPort at this time, but keep in mind that accessing the TransPort WebUI via the Local IP is preferred if available, since it doesn’t affect your cellular bill, is faster, and generally less prone to connection loss.

If you can get to the Local IP of the TransPort (this is an Ethernet or Wi-Fi connected TransPort and you’re at that location), you should access the TransPort’s WebUI using the Local IP address instead. The Digi Device Discovery Tool for Windows can be used to discover the Local IP address of the TransPort, if unknown. If you run the Device Discovery Tool and see a “No devices found?” message, and you’ve verified your TransPort is both powered on and has a solid Link LED present, you may want to check this article for Digi Device Discovery Troubleshooting Tips.

Assuming you can access either the Mobile (WAN) or Local (LAN) IP address and are now looking at the Web User Interface of your Digi TransPort:

1. Open Configuration -> Remote Management -> Remote Manager on the WebUI, then click the check box for “Enable Remote Management and Configuration using Remote Manager”. It should look similar to this:

2. On the page above, from the drop down menu, select the desired Device Cloud server :remotemanager.digi.com for the US Cloud or remotemanager-uk.digi.com for the EU Cloud.

3. Ensure the “Automatically reconnect to the server after being disconnected” box is checked as shown in the example, and configured with the 10 second value listed (or a reasonable alternative), as this is the box that tells your router to re-connect to the Remote Management server, should the connection get broken for some reason

4. Apply any changes by clicking the Apply button, when configuration is complete.

5. Click the blue “here” link to save the configuration, as shown below:

6. Click the “Save All” button from the ensuing page and you should get a message saying “The configuration has been saved successfully!”, then click the OK button.

7. After a minute or so, you should see that your Transport has established (i.e. state = ESTAB) a Remote Management connection to the Remote Manager server by viewing the Management -> Connections -> IP Connections page under the “General Purpose Sockets” listing towards the bottom:

In Closure: If all went well, your Digi TransPort should now be “Connected” on the Remote Manager server you selected in step 1 above.

Permalink


Digi Device Cloud (5)

View category →

One very useful aspect of Device Management on the Digi Device Cloud is the ability to view the Connection History of a device.  This of course refers to the connection history of that device as viewed from Device Cloud, and is a record of a device’s connections and disconnections with the server, for whatever reason.

Device Cloud Connection History (from the device UI):

Getting the Connection History from the Data Streams API:

As seen above, the Connection History of a device is something which Device Cloud keeps track of.  A screen like the one above may be useful when wanting to know the current state of a device or what’s been going on with it, but short of taking a screenshot or copying/pasting that information into a text file, the information isn’t very portable.  The good news is, the Connection History is something which is also tracked as a Data Stream, and each of the Connect/Disconnect events is a separate Data Point within that Stream.

To query the Data Stream Connection History if the same device, we must query for the Data Points which make up that Stream as follows:

/ws/DataPoint/{deviceId}/management/connections/

Example Request:  /ws/DataPoint/00000000-00000000-00409DFF-FF5DF1CB/management/connections/

Response (for a single Data Point of the Stream):

<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<result>
<resultSize>206</resultSize>
<requestedSize>1000</requestedSize>
<pageCursor>27f2d9aa-beab-11e5-92dc-fa163ea15feb</pageCursor>
<requestedStartTime>-1</requestedStartTime>
<requestedEndTime>-1</requestedEndTime>
<DataPoint>
<id>f5e6756c-75c8-11e5-8dc1-fa163ee3abab</id>
<cstId>70</cstId>
<streamId>00000000-00000000-00409DFF-FF5DF1CB/management/connections</streamId>
<timestamp>1445194168409</timestamp>
<timestampISO>2015-10-18T18:49:28.409Z</timestampISO>
<serverTimestamp>1445194168412</serverTimestamp>
<serverTimestampISO>2015-10-18T18:49:28.412Z</serverTimestampISO>
<data>{“connectTime”:”2015-10-18T03:14:07.442Z”,”disconnectTime”:”2015-10-18T18:49:28.409Z”,”type”:”Wi-Fi”,”remoteIp”:”213.35.189.122″,”localIp”:”192.168.82.204″,”bytesSent”:70412,”bytesReceived”:69588,”session”:”6b861b2f-bd52-4455-b9fc-dc92693460db”}</data>
<description/>
<quality>0</quality>
</DataPoint>…
</result>

As can be seen in the <resultSize> field, there were 206 Data Points in the response to the query, so I’ve only listed one Data Point as an example of the type of data retrieved from the Connection History Data Stream.

Permalink


HOW TO: Change the Device Cloud Name on Gateways Using Device Manager from the Device Cloud
To change the server name for the Device Cloud connection from your Device Cloud account, you will navigate to the Device Management tab, right click on the desired Digi device and select Properties.

From the Properties screen, navigate to Advanced Configuration > Remote management connection > Remote management connection 1.  Type in the server name (en://my.devicecloud.com) in the Server address field:

User-added image

Click Save to save the changes.  Your device may disconnect from the Device Cloud and reconnect using the new name.

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


NetCloud Engine (81)

View category →

Summary

This article documents how to install NetCloud Gateway and add/remove externals.

Install NetCloud Gateway

Note: Firmware version 6.2.0 and later is required to install NetCloud Gateway

Configuration

  • Step 1: The Gateway installation procedure begins with adding the NetCloud Client software to the Gateway device. Log into the NetCloud Engine web console with an admin account.
  • Step 2: Select Devices tab from the left menu, then select the desired Gateway device.
  • Step 3: Select Commands from above menu, then select Add NetCloud Client from the drop down menu.

    User-added image

  • Step 4: Select which LANs to forward, then select Save. Next navigate to NetCloud Engine tab on left menu.

    User-added image

  • Step 5: Under the Devices tab above the new client can be seen in a pending status. The device must be approved before Enabling NetCloud Gateway. Select the device, then select Approve above.

    User-added image

  • Step 6: A confirmation pop up screen will appear, select Approve Device button.

    User-added image

Enable NetCloud Gateway and Add Externals

Note: Please ensure that Active Directory and DNS Servers in your network are running the latest NetCloud Client.

Enable Gateway

  • Step 1: Navigate to the Gateway tab above, then select Enable Gateway link for desired device located under Externals column.

    User-added image

  • Step 2: Select Save to the right to Enable Gateway.

    User-added image

Add Externals

Note: Externals cannot have NetCloud Client Installed and must be within the same subnet as LANs advertised on the Gateway.

  • Navigate to Externals link located under Externals column from the Gateway tab above
Adding Individual Devices
  • Step 1: Select Add an External button
    • Three input fields display – Hostname, Custom Name, and External IPv4 Address. THESE FIELDS ARE REQUIRED.

User-added image

  • Step 2: Enter the Host Name of the desired device.
    • WARNING: Please limit the hostname to 15 characters of less with no spaces!
  • Step 3: Enter the Custom Name description of the device.
    • Note: This field cannot contain spaces.
  • Step 4: Enter the External IP Address of the device.
    • *Note: This field is referring to the IP address of the device assigned within the same subnet of the Gateway device.
    • Additional devices can be added by selecting Add an External button multiple times.
  • Step 5: Select Save to the right.

    User-added image

Adding Multiple Devices in CSV Format
  • Multiple devices can be added using a CSV file.
  • NOTE: Device fields in CSV format MUST be in the following order:
    • Hostname
    • Custom Name
    • External IPv4 Address
  • Select Upload CSV button. A file browser will display requesting the CSV file to upload. Select desired CSV format file.

    User-added image

  • WARNING: Please use Chrome or Safari to upload multiple devices in CSV format. There are known issues with Firefox.
  • Select Save to the right.

    User-added image

Whitelist Router Clients
  • Existing clients of the Gateway router can be added by selecting Whitelist Router Clients button.
  • Select desired devices, then select Add clients to gateway button to the right.

    User-added image

  • Select Save to the right.

    User-added image

Disable NetCloud Gateway and Remove Externals

  • Navigate to Externals link located under Externals column from the Gateway tab above
*NOTE* When You Disable a Gateway The Externals will be Orphaned and still visible in the list of devices.
  • Select Disable Gateway button.

    User-added image

  • A confirmation pop up window will appear, select Disable Gateway button.

    User-added image

    • A notification will appear to display that the Gateway has been successfully disabled.

User-added image

Remove Externals
  • Hover over the desired device and an “X” will appear to the right, select that “X” to remove that device as an External.

    User-added image

  • Select Save to the right.

Permalink


Summary

How to resolve workgroup or DNS access for devices on the Pertino network when utilizing a service such as OpenDNS.


Solution

If you have OpenDNS set as your DNS server, you may experience connectivity issues to the NetCloud Engine network since by default a feature called typo correction will automatically respond to host names even if they are not actually setup in DNS. To confirm OpenDNS is responding incorrectly, ping one of the host names listed in the NetCloud Engine network. If you get a public IPv4 response (hit-nxdomain.opendns.com IP address) that is not the actually local IPv4 or IPv6 address, then “typo correction” is turned on.

Note: You can even use names that are not real and it will respond with a public IP address.

To resolve this issue, un-check the “typo correction” box on the OpenDNS Dashboard.

https://www.opendns.com/dashboard/settings/0/advanced/

If you are not using openDNS (quick test is to use a public DNS server 8.8.8.8) but you see the same behavior with the ping test, it is possible you have configured DNS suffix on the machine and is appending the .mydomain.com to the name of the host. Normally it would fail but if the your DNS record is configured with a wildcard *.mydomain.com, it will respond to any requests that it appended to.

The best workaround to resolve this problem is to remove the DNS suffix or change the DNS record to not use a wildcard option.

To remove the DNS suffix on your Windows machine:

  1. Select the Windows start button
  2. Right click on Computer and select Properties
  3. Under Computer name, domain, and workgroup settings select Change settings
  4. Select Change in the Computer Name tab
  5. Select More… and remove the Primary DNS suffix

After you select Ok, it will require you to reboot the machine.

Permalink


Summary

This article explains the best practices for choosing an email to use for your NetCloud Engine (Formerly Pertino) account.


Configuration

If you are planning on creating a NetCloud Engine (Formerly Pertino) account for your company, one thing you should consider is which email address you should use for the account.

There is currently a system limitation that prevents you from changing the email once chosen. This can be problematic if you use a personal email or an email for a specific employee. If the employee leaves the company, you are stuck using his or her email forever (or at least until we remove that system limitation–which is tricky to do!).

If you plan ahead, however, there is a way to circumvent this limitation. Our recommended best practice is to use a generic email address, or better yet an alias for your account email–something like netcloudengine@[yourCompany].com. If you use an alias, then you can point it to whichever person in your company is responsible for NetCloud Engine (Formerly Pertino) account administration. If that person’s role changes for any reason, you can simply redirect the alias to the new admin.

Regardless of which email you end up using for your account, please remember that it has to be a valid email address and able to receive mail. This is needed to validate your account.

Permalink


Summary

This article will help provide guidance on enabling the Remote Desktop Connection application for Windows.

Note: NetCloud Engine is supported on some Windows operating systems which DO NOT include Remote Desktop Connection. Please consult the list of Windows operating systems that support Remote Desktop Connection.


Configuration

Configuration Difficulty: Easy

To enable Remote Desktop Connection on Windows, please follow the instructions provided by Microsoft Support:

http://windows.microsoft.com/en-US/windows7/allow-someone-to-connect-to-your-computer-using-remote-desktop-connection

(Advanced) Enabling remote desktop (RDC) from the command line (CMD)

We can enable remote desktop from Windows Command Prompt (run as administrator) using the following commands:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

To disable Remote Desktop from Windows command line, use the following commands:

netsh advfirewall firewall set rule group="remote desktop" new enable=No

reg add "HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

To check if Remote Desktop Connection is enabled on a Windows computer, use the following command:

netsh advfirewall firewall show rule name="Remote Desktop (TCP-In)"

Troubleshooting

Not able to access Remote Desktop

For troubleshooting remote desktop access issues, the following site is helpful: http://windows.microsoft.com/en-US/windows7/Why-can-t-I-connect-using-Remote-Desktop-Connection

No option available to enable Remote Desktop

Microsoft does not ship with RDC on Starter or Home edition OSs (including Windows 8 standard). Of the NetCloud Engine supported Microsoft operating systems, only the following support RDC:

  • Windows 10 Enterprise
  • Windows 10 Pro
  • Windows 8.1 Pro
  • Windows 8.1 Enterprise
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows 7 Professional
  • Windows 7 Enterprise
  • Windows 7 Ultimate
  • Windows 2008 Server
  • Windows 2012 Server

If you are running an operating system that does not include built-in RDC functionality, try using a third-party application such as Real VNC.

Note: The remote desktop connection can be initiated from other operating systems, including all flavors of Windows XP, Vista, 7 and 8.

Permalink


Overview

If you change the user account password on computer sharing folders with password protect enabled, you may encounter a situation where you are unable to provide the correct password when attempting to access the shared folders. This is caused by Windows caching the user credentials. To force the new credentials either log off the machine and log back in with the new credentials or delete the network path using the net use command.

  • Option 1: Log off the machine that you are using to access the remote share. Next, log back in and try to access the share again. This should prompt you for a username and password.
  • Option 2: From the windows command line, type the command “net use” and find the network path to the remote machine. Next type the command “net use /delete”
    • For example: “net use \Davids-MacBook-Pro\IPC$ /delete”. Make sure you provide the “\IPC$” at the end of the path when running this command. Next, try to access the share again and it should prompt you for username and password.

Permalink