FAQs

Can’t Find what you are looking for? Ask a question!

Your Email (required)

Your Question



CradlePoint Services (21)

View category →

It is possible to manage a CradlePoint router through Enterprise Cloud Manager (ECM) with no active WAN connection, such as when it is used a failover device or configured in WiFi Bridge mode on an existing network. With the default settings, the router requires an active WAN connection to connect to ECM or obtain the current date/time from an NTP Server. To instead use the LAN to connect to ECM, you must set the CradlePoint to use the LAN Gateway feature.

  1. Log into the device’s administration pages.
  2. Go to System Settings > Administration.
  3. Select the Router Services tab.
  4. Select Use LAN Gateway and input the LAN Gateway Address. (This is the LAN IP address of the router that the CradlePoint is connected to.)                                                                                                                  Enabling a LAN gateway for Router Services
  5. The DNS server fields might not need to be changed: these match the static DNS values (set at Network Settings > DNS). You can leave the default values or set them manually here.

Once Router Services has been configured to use a LAN gateway, the device can now be managed by ECM via the LAN. However, because the device still does not have an active WAN connection, ECM will report the IP Address for the WAN source of the network the CradlePoint is connected through.



Notes

  • Setting up a LAN gateway for router services can be used to save money when a CradlePoint router is configured for 3G/4G failover behind another router. If your 3G/4G data plan is small/expensive, you can set router services to use the LAN connection (following the above steps) so that ECM doesn’t use 3G/4G data unnecessarily.
  • In addition to ECM, other “router services” also require a WAN connection by default but can be configured to use the LAN instead. For example, the above steps will enable a connection to an NTP (Network Time Protocol) server via the LAN.

Permalink

0 Comments - Leave a Comment

Welcome to CradlePoint Enterprise Cloud Manager

Enterprise Cloud Manager is the next generation management and application platform from CradlePoint. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs, and enhance the intelligence of your network and business operations.

Getting Started

Connecting Devices to Enterprise Cloud Manager:
Using Enterprise Cloud Manager:

Connecting Devices to Enterprise Cloud Manager

Upgrading Firmware

NOTE: Currently only Series 3 devices can connect to ECM (see: How to identify the Series of your CradlePoint router).
Connecting devices to CradlePoint Enterprise Cloud Manager requires at least firmware version 4.3.2 – you may need to upgrade firmware. You can upgrade firmware through the individual device’s administration pages or through WiPipe Central.

Upgrading Firmware through the Device Administration Pages

  1. Log into the device administration pages. Open a browser window and type “cp/” or “192.168.0.1” (these are the defaults – you may have changed them) in the address bar. Press ENTER/RETURN.
  2. When prompted for your password, type the eight character DEFAULT PASSWORD found on the product label – this is also the last eight characters of the MAC address. You may have personalized this password.
  3. Once you are logged in, navigate to System Settings → System Software. Under Firmware Upgrade, select the Automatic (Internet)option to upgrade to the newest firmware version. It is recommended that you save your settings using System Config Save/Restore.

Upgrading Firmware through WiPipe Central

  1. Log into WiPipe Central.
  2. Select the group that you want updated firmware for.
  3. Click on Group and select Firmware from the dropdown menu.
User-added image
  1. Select at least firmware version 4.3.2.

Registering Devices

Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”.
User-added image
Your device is now registered in ECM.

Migrating Devices from WiPipe Central

The following articles detail the steps for safely migrating devices from WiPipe Central to Enterprise Cloud Manager:


Using Enterprise Cloud Manager

Navigating the User Interface

Once you have upgraded firmware to at least 4.3.2 and registered your devices, go to https://cradlepointecm.com and log in using your ECM credentials.
ECM login
Once you are logged in, the left navigation menu shows the following tabs:
  • Dashboard – Provides powerful insight into your network through WAN analytics including connectivity, data usage, and performance.
  • Devices – Monitor all the devices loaded into ECM. View statuses, change configurations, and update firmware by device.
  • Groups – Monitor devices by group. Add new groups and view statuses, change configurations, and update firmware by group.
  • Accounts & Users – Add new users and subaccounts and edit the existing ones.
  • Alerts – View a list of alerts generated by your devices and edit settings for alerts, including emailed alerts.
  • Reports – Select the date range, type of report, group(s), and identifier fields and export CSV reports.
  • Applications – Trial, buy, and manage cloud-based applications (e.g., CP Secure Threat Management). This tab is only available for top-level account administrators.

For contextual help, open the Help Panel by clicking on the question mark symbol in the top right corner.

ECM Help Panel
You have the ability to collapse or resize the Help Panel. Also, use your operating system/browser “Find” function to search the help text (e.g. click Ctrl+F or ⌘+F).The DevicesGroups, and Alerts → Log pages all display as grids. The grids are customizable. Reorder columns by dragging and dropping the column headers. Resize columns by dragging the edge of the column headers. Click on the column headers to sort rows by ascending/descending order.
To remove or add columns, click on the “Column Selection” icon in the top right corner of the grid. Select/deselect columns from the popup list that appears.
ECM column selection
To filter the display to show a subset of the grid items, you have two main options:
  1. Some of the fields in the grid are hyperlinks for filtering the grid (e.g. “Product”). From within the grid, click on a hyperlinked field and the grid will be filtered to display only the devices of that type. For example, click on “MBR1400v2” to display only MBR1400v2 devices.
  2. Input a string of characters into the search box (top right) to filter by devices that have that string in one of their fields. You can use partial strings, and the field does not have to start with the partial string. For example, “600” will display devices that have “IBR600” in the Product field. This searches most (but not all) of the fields.
ECM search box

Creating a New User

NOTE: Creating a new user is only available to account administrators.

  1. Click on Accounts & Users in the left menu.
  2. Select the desired account from the table.
  3. Click on Add in the top toolbar. Select “User” from the dropdown menu.
Add User
  1. Enter the information in the “Add User” dialog box. Note that the “Role” will determine the permissions the user will have in the account and all included subaccounts. Choose from the following roles:
    • Administrator: Administrators have full access to the account they are in, along with all subaccounts within that account.
    • Full Access User: Same access as administrators except cannot create/edit other users.
    • Read Only User: Cannot make any configuration changes or change settings; can only view information within Enterprise Cloud Manager (ECM) and run reports.
Add User Dialog Box
  1. Click on “OK” to save the new user.

Creating a Subaccount

NOTE: Creating a new subaccount is only available to account administrators.

  1. Click on Accounts & Users in the left menu.
  2. Select the desired account from the table.
  3. Click on Add in the top toolbar. Select “Subaccount” from the dropdown menu.
Add Subaccount
  1. Enter the name of the subaccount and click “OK”.
Add Subaccount Dialog Box

Managing Devices

Once you have added a device to ECM, you will see it listed in the Devices page. Manage individual devices within this page: view a device’s status, make configuration changes, move devices into a group, etc. The Devices page has three main views: RoutersNetwork Interfaces, and Rogue AP. In the views menu at the top, next to Devices, select one of these options (default view is Routers).
  • Routers displays all the routers.
  • Network Interfaces displays every network interface, including both LAN and WAN (e.g. modems, Ethernet connections, WiFi).
  • Rogue AP shows a list of wireless access points that your devices have seen; use this list to search for Rogue APs that could threaten your networks.

From within the Routers view, click on a device name to view in-depth WAN analytics for that device. This reveals the device dashboard, with charts for data usage, signal strength, and more.

Device dashboard
The most common way of managing devices is in groups. By putting devices in groups you can change the configuration and upgrade firmware by making a change to the group that is applied to all of the devices in that group.To create a group, select Groups in the left menu and click “Add” in the top toolbar.
Add Groups
Enter the Group Name you want to use, select the Product type you will be adding to that group (e.g., MBR1400v2, IBR600), and select theFirmware you want the devices in that group to have. You can also change the Subaccount (if desired). Click on “OK.NOTE: All the devices in a group must have the same type and same firmware.
Add Group Dialog Box
The new group is now listed on the Groups page.Now that the group is created, you can move devices into the group by first selecting them in the Devices page and then clicking “Move” on the top toolbar.
Move Device to Group
A popup window appears. Select a group (only groups with the appropriate device type are displayed) and click OK.
Select a Group
NOTE: The router will IMMEDIATELY be upgraded or downgraded to the version of firmware defined for the group. This could cause a router reboot if the firmware version of the router does not match the firmware version configured for the group.

Upgrading Firmware

Router firmware can be upgraded by group. Select a group from within the Groups page and click on Firmware in the top toolbar. In the dropdown menu, select the firmware version number.
Upgrading Firmware
You will be prompted to accept the firmware version change.
Confirm Firmware Upgrade
Click on “Yes” and the firmware upgrade will be applied IMMEDIATELY to all of the routers in the group.NOTE: The routers in the group will IMMEDIATELY be upgraded (or downgraded) to the version of firmware defined for the group. This will cause a router reboot if the firmware version of the router does not match the firmware version configured for the group.

Configuring Devices

You can apply a configuration change to a group or a specific device within a group (e.g. change failover priority, enable GPS, add a guest WiFi network, etc.). Configuration settings created for a group apply to all the devices within the group. Configuration settings created for a device apply only to that device and override configuration settings defined for the group it is in.1To change the configuration of a group select Group in the Application panel, select the group you want to configure, click “Configuration” in the top toolbar, and select “Edit” in the dropdown menu.
Configuring Devices
The Edit Configuration window shows, allowing you to make configuration changes.
Configuration Window
When making changes in the Edit Configuration window you must select “Apply” on each configuration page before leaving the page in order to save the changes made. Once you have completed all changes, select from the following buttons on the bottom of the window:
  • View Pending Changes – view all of the changes you made on all of the configuration pages
  • Commit  Changes – apply all of the changes made on all of the configuration pages to the group or device(s)
  • Discard Changes – close the configuration window without applying any of the changes made on the configuration pages

To configure an individual device, select Device in the left menu and select the device in the list. Click on “Configuration in the top toolbar” and then select “Edit” from the dropdown menu. The same rules and guidelines apply to device configuration that apply to the group configuration described above.

Setting Up Alerts

The Alerts page has two views for tracking device status changes:
  • The Log view shows a list of alerts sent from the routers to ECM.
  • The Settings view shows rules for alerts, including email notifications.

Toggle between these two views by clicking on the buttons at the top left.

Alerts

Alerts are of the following types:

  • Configuration Change
  • Configuration Rejected
  • Data Cap Threshold
  • ECM Connection State
  • Failed Login Attempt
  • Firmware Upgrade
  • Modem State
  • Reboot
  • Unrecognized Client
  • WAN Service Type
  • WAN Status Change
To enable alerts, including emailed notifications, first select the Settings view and then click on Add at the top left. Create an alert notification rule by completing the fields.
Alert notification rule
Complete the following fields to create an alert notification rule:
  • Accounts/Groups (required) – Choose which sets of devices will follow the notification rule. If you select an account, both grouped and ungrouped devices within that account (including all subaccounts) will be assigned to this rule.
  • Alerts (required) – Select the alert types from the dropdown options.
  • Users (optional) – If you want emailed notifications for these alerts, select users from the list to receive those emails. If you just want these alerts logged, leave this field blank.
  • Interval (optional – Select a time interval from the dropdown options. If you select “Immediately,”  an email notification is sent every time one of the selected types of alerts are logged. Otherwise, the alerts are stored over the course of the time interval and then sent together.

Exporting Reports

Reports allow you to create a summary of information about groups of devices and export that information as a CSV file. Select from several fields to customize your reports. Select the type of report (Data Usage or Signal Quality), a range of dates, the group(s), and identifying fields and then click Run Report to view the report. You also have the option to save the settings of a report for future use.

Reports

Exporting Logs

To export a device’s logs as a CSV file, first enable log reporting for the group the device is in. (This is disabled by default because some users won’t use this functionality – it would unnecessarily use data.) Navigate to the Groups page, select the desired group, and click on Settings.
Enable log reporting
In the popup window that appears, ensure that “Enable Log Reporting” is selected.
Enable Log Reporting
Once log reporting is enabled, navigate to the Devices page, select the desired device, and click on Export → Export Logs to export the device’s logs as a CSV file.
Export logs

 


1  Both group and device settings apply to the device unless they are mutually exclusive, in which case the device settings win. If a configuration update causes an error, the configuration will roll back to the previous configuration, and the device is “suspended:” it will still operate, but new configuration settings are not accepted until the suspension is removed.

Permalink

0 Comments - Leave a Comment

Multi-Carrier Software-Defined Radio Switching

Products Supported: Any Cradlepoint router or modem with a LPE designation.

Firmware Version: 5.3.0 or newer – for information on upgrading firmware

Summary

With firmware 5.3.0 all LPE devices can switch the modem firmware to a different carrier. This Multi-Carrier Software-Defined Radio functionality is unique to Cradlepoint products and provides customers the flexibility to expand their coverage options, reduce inventory risk, and future-proof their carrier networks.

Please note that this only changes the modem firmware. To connect with this modem, you must also have an activated SIM from the new carrier in the device. Some LPE devices allow you to insert two SIM cards, so you can include SIMs from two different carriers in a single modem and remotely switch the modem firmware with ECM.

Although a single Cradlepoint modem may have two SIM card slots (e.g., IBR1100 integrated modem), it can only have one modem firmware version on that modem, and therefore only one carrier at a time. The exception is that the AER 2100 could have two distinct, integrated MC400 modems, each with two SIM slots. So while each modem by itself can only have one firmware version, the AER 2100 can support two integrated modems – on distinct carriers- simultaneously.

Select from the following methods for instructions on switching the carrier of the modem firmware.
1. USB flash drive
2. Local administration pages
3. ECM Carrier Switching


Configuration

Configuration Difficulty: Intermediate

Manual Carrier Switching

Preparation:

To update the Modem Carrier (switching the modem between Verizon, AT&T, Sprint or Generic (T-Mobile in USA and Rogers, Bell, Telus in Canada), the following conditions must be met:

  • Compatible product with a Cradlepoint “LPE” modem. (designated in the router or modem Part Number)
  • Router Firmware version of v5.3.0 or newer.
  • USB flash drive (at least 256MB capacity) or a computer locally connected to the router.
  • An activated SIM card for carrier being changed to and provisioned for the IMEI of the modem being changed. (This is especially important for Sprint)
Manual Carrier switching using USB drive:

Note: This process will force all attached LPE modems to the updated modem firmware. In the case of an AER 2100 with two MC400 integrated modems, you may not want both modems to have the same firmware. Either use one of the other methods to update modem firmware or remove one of the MC400s during this process.

  1. Download the appropriate Modem Carrier firmware from the CradlePoint connect portal. This will be a ZIP file labeled specifically for each carrier or Generic:
    • “MC7354_Sprint.zip” for Sprint in North America.
    • “MC7354_Verizon.zip” for Verizon in North America.
    • “MC7354_AT&T.zip” for AT&T in North America.
    • “MC7354_Generic.zip” for T-Mobile, Rogers, Bell and Telus in North America.
  2. Save the file to your computer.
  3. Unzip the file contents to extract the files to your computer.
  4. Locate the extracted files. There will be an “MDM” file and a “JSON” file.
  5. Copy the “MDM” and “JSON” files from the extracted location to the root of your USB stick. The files must be in the root of the flash drive.
  6. Safely eject the USB flash drive from your computer.
  7. Locate the SIM slot, door, or panel on the Cradlepoint router or modem, and insert the new SIM (this must be performed while the power is OFF).
  8. Power on the Cradlepoint router (and connect the modem if it is not embedded in the router).
  9. Wait for the router to start-up completely. This can be verified by navigating to the router’s admin page (192.168.0.1 by default).
  10. Plug the USB flash drive into any of the router’s spare USB ports.
  11. The MODEM firmware update process begins automatically
    • PLEASE WAIT. Do NOT remove the USB flash drive at this time. The router will reboot immediately if the USB flash drive is removed. The process takes up to 10 minutes.
  12. PRIOR TO REMOVING THE USB DRIVE, verify the modem is attempting to connect with the new carrier and SIM: In a browser, log into the router’s administration page, 192.168.0.1 by default. Enter the password when prompted.
  13. Browse to Internet > Connection Manager and watch for the Internal LPE connection status to progress from “Connecting” to “Connected”.
  14. If you receive an error:
    • Consider that you may have to manually update the APN if your SIM is provisioned for one other than the carrier’s default APN. Instructions on how to do this can be found here.
    • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and, therefore, there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
    • Other troubleshooting steps may be found on Cradlepoint’s Support site or by contacting Cradlepoint Support.
  15. Regardless of the status at this time, the USB flash drive can be removed.
  16. The router will reboot itself, and attempt to connect using the new carrier/SIM.

Manual Carrier switching using a PC:
  1. Download the appropriate Modem Carrier firmware from the CradlePoint Connect Portal. This will be a ZIP file labeled specifically for each carrier or Generic:
    • “MC7354_Sprint.zip” for Sprint in North America.
    • “MC7354_Verizon.zip” for Verizon in North America.
    • “MC7354_AT&T.zip” for AT&T in North America.
    • “MC7354_Generic.zip” for T-Mobile, Rogers, Bell and Telus in North America.
  2. Save the file to your computer.
  3. Unzip the file contents to extract the files to your computer.
  4. Login to the router admin page and navigate to Internet > Connection Manager.
  5. In the WAN Interfaces table, select the desired LPE modem. *Note that for modems with two SIM slots, changing the firmware affects both SIM cards.
  6. Click Control.                                                                                                                                                                                                                                                                                                  User-added image
  7. Click Firmware.                                                                                                                                                                                                                                                                                                 User-added image
  8. Then click Manual Firmware Upgrade.                                                                                                                                                                                                                                                               User-added image
  9. Locate the files extracted in step 3 and select the .MDM file.
  10. The router UI will provide the progress status for every step and will eventually reboot. This process will take several minutes.
  11. After the router reboots it will, then attempt to connect to the new carrier.
  12. The new carrier SIM can be inserted either before or after doing the above steps. Remember that inserting a SIM on a COR model requires the router to be powered off.
  13. If you receive an error:
    • Consider that you may have to manually update the APN if your SIM is provisioned for one other than the carrier’s default APN. Instructions on how to do this can be found here.
    • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and, therefore, there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
    • Other troubleshooting steps may be found on Cradlepoint’s Support site or by contacting Cradlepoint Support.

ECM Carrier Switching

Preparation:
  • Compatible product with a Cradlepoint “LPE” modem (designated in the router or modem Part Number)
  • Router Firmware version of v5.3.0 or newer
  • An activated SIM card for carrier being changed to, and provisioned for the IMEI of the modem being changed (This is especially important for Sprint)
ECM Carrier switching steps:
  1. Log into Enterprise Cloud Manager.
  2. Select the devices tab and then Network Interfaces from the drop down menu at the top.                                                                                                                                                                                        User-added image
  3. At the far right side of the page click the User-added image icon and make sure Modem FW, Modem FW Status, SIM, and Model fields are selected then close the column select window. The Modem FW column will show you which carrier the modem is configured for and the SIM column displays the carrier of the SIM card.
  4. Next we need to locate the modem we want to switch to another carrier. The easiest way to do this is by sorting the Router Name or Router ID column, or to search by a specific router name using the search tool.
  5. In the example shown below, the grid is filtered using the search tool (searched by a specific router name, IBR1100LPE) and the filter tool (selected Modems) in the top toolbar so that only the two relevant interfaces display.                                                                                                                                                                                                                                                                                                              User-added image
  6. To switch the carrier of the modem firmware, first select the desired interface. *Note that integrated modems with two SIM slots show two interfaces in the grid. Both will always have the same modem firmware, so selecting either one will have the same results.
  7. Once you have selected an interface, click Commands in the top toolbar and Switch Carrier in the drop down menu.                                                                                                                                                User-added image
  8. Please review the agreement notes before proceeding. This process could knock your device offline.
  9. Once you click the I Agree button, you can now select the desired carrier. *Note that the Generic modem firmware is equivalent, regardless of whether you select T-Mobile, Bell, Rogers, or Telus.                               User-added image

 

  1. After the selection, ECM checks one more time to make sure you want to change the firmware because of the risk of disconnecting the modem. Click OK to continue.
  2. The modem firmware switch takes a few minutes. The Modem FW Status column shows the state of the update, e.g., “Downloading (38%),” and the Modem FW column shows the update that is in the process:        User-added image
  3. Once complete, the Modem FW Status column says, “Upgrade Successful” and the Modem FW column is updated with the new firmware version:                                                                                                    User-added image
  4. If the update fails for some reason, reboot the router before trying again.

Troubleshooting

  • You may have to manually update the APN if your SIM is provisioned for one other than the carrier’s default APN. Instructions on how to do this can be found here.
  • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and, therefore, there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
  • A factory reset will not affect the software defined radio.

 

Permalink

0 Comments - Leave a Comment

CradlePoint Enterprise Cloud Manager (ECM) is a cloud-based management service for configuring, monitoring, and organizing your CradlePoint routers. Key features include the following:

  • Group based configuration management
  • Health monitoring of router connectivity and data usage
  • Remote management and control of routers
  • Historical record keeping of device logs and status

Visit http://cradlepoint.com/ecm to learn more about CradlePoint ECM. If you do not have ECM credentials, sign up at: http://cradlepoint.com/ecm-signup.

image

Registering Your Router – Once you have signed up for ECM, click on the Register Router button to begin managing the router through ECM. Input your ECM Username and ECM Password and click Register. You have now registered the device with Enterprise Cloud Manager.

Suspending the ECM Client – Click on the Suspend Client button to stop communication between the device and ECM. Suspending the client will make it stop any current activity and go dormant. It will not attempt to contact the server while suspended. This is a temporary setting that will not survive a router reboot; to disable the client altogether use the Advanced Enterprise Cloud Manager Settings panel (below).

Enterprise Cloud Manager Settings (Advanced)

image

  • Enabled: Enable the ECM client to contact the server. While this box is unchecked, the ECM client will never attempt to contact the server. (Default: Enabled)
  • Server Host:Port: The DNS hostname and port number for your ECM server. (Default: stream.cradlepoint.com)
  • Session Retry Timer: How long to wait, in seconds, before starting a new ECM session following a connection drop or connectivity failure. Note that this value is a starting point for an internal backoff timer that prevents superfluous retries during connectivity loss.
  • Unmanaged Checkin Timer: How often, in seconds, the router checks with ECM to see if the router is remotely activated. Note that this value is a starting point for an internal backoff timer that reduces network usage over time.
  • Maximum Alerts Buffer: The maximum number of alerts to buffer when offline.

Permalink

0 Comments - Leave a Comment

Summary

This article provides a list of questions commonly asked about Enterprise Cloud Manager (ECM), and the answers to those questions. The Configuration Examples sections includes links to articles that demonstrate the function of the ECM service.

Enterprise Cloud Manager is Cradlepoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with Enterprise Cloud Manager, Cradlepoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.

A detailed explanation of the Enterprise Cloud Manager service can be found on the ECM product page.


 

Requirements

To establish a successful connection to Enterprise Cloud Manager, a Cradlepoint router must meet the following requirements:

1. Supported Product: Only the following router models can currently be added to ECM: AER2100, MBR1400v2, MBR1400v1, CBA850, CBA750B, IBR1100, IBR1150, IBR600, IBR650, IBR350, MBR1200B, CBR400, and CBR450.

2. Minimum Firmware: 4.3.2 (CBR4x0 only) and 4.4.0 (all other models). Using most recent available firmware version is recommended.

Note: Product support is planned for the following router models: CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250. Expected minimum firmware requirement for Series 2 products is 2.0.0.

Click here to identify your router. For information on upgrading firmware, click here.

3. NTP Server Connection: Routers must sync with a time server before they can communicate with Enterprise Cloud Manager. ECM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century. By default, the routers boot up at Unix epoch 0 (January 1, 1970), which leads the TLS client to think the certificate is invalid without a time sync.

 

Frequently Asked Questions

What level of redundancy and reliability features do the Enterprise Cloud Manager Servers have?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:

Datacenter Redundancy and Reliability:

  • 24x7x365 onsite staff
  • Dual power circuits tied to N+1 redundant datacenter UPS systems
  • Onsite diesel backup power generators
  • Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
  • Fiber carriers enter datacenters at disparate points to guard against service failure
  • N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering

Server and Software Redundancy:

  • Redundant load balanced application servers
  • Master database in isolated private network with one-hour replacement
  • Full nightly backups
  • Rackspace SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.

What are the security measures for the Enterprise Cloud Manager Servers?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:

Datacenter Security:

  • Cradlepoint servers are located in a secured area within a Tier IV datacenter.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
  • 24x7x365 onsite staff
  • Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.

Hardware and Software Security:

  • CISCO ASA Firewall
  • Only authorized Rackspace operations personnel are allowed physical access to production ECM servers.
  • Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.

Event and Log Management:

  • All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
  • Automated logs track and log changes, including backups of this data.

Does Cradlepoint perform vulnerability assessment of the ECM servers?

Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the ECM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.

How many devices can your system support and how many do you have on the system now?

Cradlepoint manages more than 80,000 devices on WiPipe Central today. ECM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.

As a System Integrator, can I have multiple primary accounts that I can use to manage my customers’ devices, and can I see all of my customers’ devices?

Yes, with ECM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).

When an ECM account password is lost, how is it reset?

The user navigates to the “Request new password” page (link on the ECM central login page) where an email address is entered. If the email address entered matches an email address associated with an ECM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.

Cradlepoint support personnel do not have access to ECM user passwords and thus cannot provide any passwords over the phone.

How strong are ECM passwords and how long do they last?

The following password options are available:

  • Password minimum length (default = 8)
  • Require one or more CAPITALIZED letters in the password (default = yes)
  • Require one or more symbols or numbers in the password (default = yes)

The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.

How are passwords stored within the ECM Servers?

All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses thePBKDF2 algorithm with a SHA-256 hash.

Is User Data stored within the Cradlepoint devices?

No user data is stored on the Cradlepoint devices.

Do new users receive a unique password?

When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to select a new password for their account.

When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.

How do you integrate with Network Management Systems?

Enterprise Cloud Manager can be integrated with any Network Management System via the Enterprise Cloud Manager API. The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.

How many levels of user account privileges does ECM support?

ECM supports three levels of user access privileges for a customer.

  • Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
  • Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
  • Read-Only User – has read-only access for their account and any sub-account(s) below their account.

How much data does being connected to Enterprise Cloud Manager consume?

Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in “typical” scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.

How do you support Private Networks (cellular or wired)?

ECM can support a customer’s Private Network (3G/4G or wired networks). For device management, ECM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).

Support for Private Networks can be achieve by either of the following:

  • Customers create a firewall rule to allow ECM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).
ECM Private Network Support

Permalink

0 Comments - Leave a Comment

General M2M Question (24)

View category →

The LTE networks that supports the GX440 are the Verizon Wireless Network and the AT&T LTE Network in the US.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


The GX400 for EVDO networks does NOT require a SIM card and activation can be done with the appropriate network operator representative and the ESN of the device located on the bottom.

The GX400 for HSPA+ DOES require a SIM card, which can be procured from the appropriate network operator representative.

  • Sim cards used for other AirLink HSPA devices CAN be used in the GX400.

The GX440 DOES require a SIM card. This is notable, since this is the first time that an AirLink device on the VZW network requires a SIM card. SIMs can be procured from your VZW representative during the course of account activation.

Permalink

0 Comments - Leave a Comment

The Sierra Wireless AirLink® products that support ALEOS Application Framework or AAF are the Sierra Wireless AirLink® GX440, the Sierra Wireless AirLink® GX400 and the Sierra Wireless AirLink® LS-300. USAT carries these products designed for the Verizon, AT&T, and Sprint carrier networks as well as through USAT’s Express M2M network services (ExpressM2M.com).

USAT has ALEOS Application Framework engineering teams on staff. Bring us your project for AAF, and we will bring intelligence to the edge for you.

You can view our Sierra Wireless AirLink GX440 and GX400 and LS300 products in the USAT web store.

Permalink


A custom AAF application can be used to collect and measure data and send custom alerts to many different destinations. This can allow you to push something that may have been server side processing down to the modem. Alternatively, you may have previously needed another computer connected in your solution to do this type of monitoring and response. Now with a custom AAF solution from USAT, you no longer need the expense of purchasing and maintaining the additional hardware. Also with fewer points of potential failure, the reliability of the solution increases.

Permalink

0 Comments - Leave a Comment

M2M stands for “”machine-to-machine”” communications. Essentially, it is the exchange of data between a remote machine and a back-end IT infrastructure. The transfer of data can be two-way:

  • Uplink to collect product and usage information
  • Downlink to send instructions or software updates, or to remotely monitor equipment

In the past, the high cost of deploying M2M technology made it the exclusive domain of large organizations that could afford to build and maintain their own dedicated data networks. Today, the widespread adoption of cellular technology has made wireless M2M technology available to manufacturers all over the world.

Wireless M2M applications include connectivity-enabled devices that use a cellular data link to communicate with the computer server. A database to store collected data and a software application that allows the data to be analyzed, reported, and acted upon are also key components of a successful end-to-end solution.

Permalink

0 Comments - Leave a Comment

Cradlepoint Products (2)

View category →

IPv6 Settings

This is the product manual section for IPv6 Settings for the WAN. To edit these settings, go to Internet → Connection Manager. Select a WAN Interface and click on Edit to open up the WAN Configuration editor. IPv6 Settings is one of the tabs:

IPv6 configuration window


The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Permalink


Connection Manager


The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


Cradlepoint Series 3 (102)

View category →

If your are unsure of CradlePoint Series or Model number, please click here

This article was written based on firmware version 4.1.1


Description:

Series 3 CradlePoint devices normally operate as a NAT router, allowing computers connected to the LAN to use the Internet connection provided by the WAN interface.  As a NAT router, the CradlePoint is responsible for providing DHCP and local gateway access to connected clients.

If your existing network already has a DHCP server and local gateway configured, it is possible to reconfigure the CradlePoint to act as a wired LAN client to that router.  This turns the CradlePoint into a wired switch/wireless access point for that existing DHCP server and local gateway.  Set up this way, any wired or wireless computer connected to the CradlePoint will get an IP address from the existing DHCP server and route traffic through its local gateway.


Directions:

These examples will show you how to reconfigure a Series 3 CradlePoint router to be used as a wired switch and wireless gateway to connect to another “Primary Router” DHCP server and local gateway in your network.

For example, assume there is already an existing wired Primary Router using local IP address 192.168.1.1 with subnet mask 255.255.255.0.  This is the router that is providing DHCP services and providing local gateway access.  The CradlePoint will be configured as a LAN client for the Primary Router.  

To begin, first make sure that the CradlePoint is not connected to the other router.

  1. Log into CradlePoint’s setup pages (at http://192.168.0.1 by default).
  2. Go to Network Settings and click WiFi / Local Network from the drop-down menuUser-added image
  3. Scroll down and under Local Network Interfaces click the Ethernet Port Configuration tabUser-added image
  4. Make sure that all of the Ethernet ports “Mode” are set to Local Network (LAN)User-added image
  5. At the “Warning” page, click Yes to change the WAN port(s) to LAN mode.  Click OK when prompted.User-added image
  6. Place a check mark next to “Primary LAN” and click EditUser-added image
  7. On the “IP Settings” tab, change the IP Address (and the “Netmask” if necessary) to a LAN client IP address for the Primary Router.  In our example, the “Primary Router” is using 192.168.1.1, so you will need to change the CradlePoint to use some other IP on that same subnet (such as 192.168.1.2).   Also change the “Routing Mode” to Standard.User-added image
  8. Go to the “DHCP Server” tab and remove the checkmark from DHCP Server, and then click Submit.User-added image
  9. The CradlePoint will now reboot itself.
  10. Attach an Ethernet cable from a LAN port Primary Router into any of the CradlePoint’s Ethernet ports.
  11. You may need to release and renew your computer’s IP address (or else reboot the computer) in order to get a new IP from the Primary Router.

After making this change, the CradlePoint will no longer be performing any routing functionality but instead will act as a wired switch and wireless access point to extend your existing network.   All DHCP, gateway, and routing functionality will be handled by the Primary Router.

Any computers wired or wirelessly connected into the CradlePoint will receive IP addresses from the Primary Router (beginning with 192.168.1.X in our example).  Any computer attached to that network should also be able to access the CradlePoint from the LAN IP address you specified (192.168.1.2 in our example).


Note:

It may be useful to change the CradlePoint’s wireless SSID and password to match the same credentials as your other router uses.  This would allow nearby computers with the Primary Network’s wireless credentials to be able to connect to whichever network has a stronger signal.

To undo this configuration you can either follow the directions in reverse order or you can perform a factory reset of the device.

Permalink

0 Comments - Leave a Comment

Configuration Difficulty: Intermediate



Summary

Firmware Version

Network Topology

Configuration

Technical

Troubleshooting


Summary


This article is intended to assist the CradlePoint Administrator in configuring two CradlePoints in a site to site OpenVPN configuration.


Firmware Version


This Article was written utilizing firmware version 5.2.0.


Network Topology

User-added image


Configuration

CradlePoint #1 (Local) Configuration

  1. Log in to the Administrative GUI of the Local CradlePoint. For instructions on doing this please refer to the article; Series 3: Accessing the Setup Pages of a CradlePoint router.
  2. Go to INTERNET > OPENVPN TUNNELS.                                                                                                  User-added image
  3. Click ADD. User-added image
  4. Give the Tunnel a familiar name.
  5. Select SITE-TO-SITE from the Tunnel Mode drop down.
  6. Check the TLS-Authentication if you would like the tunnel to use TLS. In this example we will leave it unchecked.
  7. Assign a Local and Remote Endpoint IP address to your tunnel. These address should be in the same subnet and are typically a /30 subnet.
  8. Check the Support IPv6 Tunnels if you will be using IPv6 addresses. In this example we will leave it unchecked.
  9. Choose the protocol you wish your tunnel to use from the Tunnel Protocol drop down. In this example we will use UDP.
  10. Enter the port number you wish your tunnel to connect on. The default is 1194.
  11. Enter the amount of time you wish to wait to send a ping if no traffic has been sent through the tunnel in the Ping field. The value is in seconds, and 10 is the default.
  12. Enter the amount of time to wait if no pings have been received before the tunnel restarts into the Ping Restart field. This value is in seconds and the default is 60.
  13. Ensure the Tunnel Enabled box is checked.
  14. Click NEXT.                                                                                                                         User-added image
  15. Click ADD.
  16. In the REMOTE SERVERS screen, you will add the WAN IP address of the CradlePoint you are attempting to create a tunnel with at this time. This IP address must be reachable across the WAN link by this CradlePoint. You will also enter the port and protocol of the Remote CradlePoint. This much the settings you entered previously on the CradlePoint.
  17. Click SAVE.
  18. Click NEXT.                                                                                                                         User-added image
  19. For this configuration, we will leave the ROUTE section at default. Click NEXT.           User-added image
  20. If during Step 6, you choose to use TLS, you will need to generate a TLS-Authentication Key, by clicking the GENERATE button. In this example, we are not using TLS so we will skip this step.
  21. Click FINISH.                                                                                                                       User-added image
  22. In order to route to any LANs or devices attached to the Remote CradlePoint, we will need to add routes to the CradlePoint. This can be done either statically or with a routing protocol. In this example we will use a Static Route. To enter a Static Route, go to NETWORK SETTINGS > ROUTING.                                                                                                                                                        User-added image
  23. Click ADD.                                                                                                              User-added image
  24. Enter the IP Version.
  25. Enter the IP address or Network Address of the device or LAN you are attempting to route to on the remote side of the tunnel.
  26. Enter the Netmask.
  27. Enter the Gateway, this will be the Local Endpoint Address that you configured in Step 7.
  28. The Device is the Interface that the traffic is being sent out of for this route. In the CradlePoint, you can use either the Gateway or Device, but not both. In this example, we will leave it blank because we are using the Gateway address to route our traffic.
  29. Configure the Metric. By default it is 1, we will leave it 1 for this example.
  30. Check the box for Allow Network Access.
  31. You check the box for Distribute, if you would like this route distributed to a Routing Protocol configured on the CradlePoint. In this example we will leave it blank.
  32. Click SUBMIT.                                                                                                               User-added image

CradlePoint #2 (Remote) Configuration

  1. Log into the Administrative GUI of the Remote CradlePoint.
  2. Go to INTERNET > OPENVPN TUNNELS.                                                                                                  User-added image
  3. Click ADD.                                                                                                                User-added image
  4. Give the Tunnel a familiar name.
  5. Select the SITE-TO-SITE option from the Tunnel Mode drop-down.
  6. Check the TLS-Authentication if you would like the tunnel to use TLS. In this example, we will leave it unchecked. This setting must match the setting in the Local CradlePoint.
  7. Assign a Local and Remote Endpoint IP address to your tunnel. This address should be in the same subnet and are typically a /30 subnet. In this CradlePoint, the addresses will be the opposite of how they were configured in Step 7 of Router #1 configuration.
  8. Check the Support IPv6 Tunnels if you will be using IPv6 addresses. In this example, we will leave it unchecked.
  9. Choose the protocol you wish your tunnel to use from the Tunnel Protocol drop down. In this example, we will use UDP. This setting must match the setting in the Local CradlePoint.
  10. Enter the port number you wish your tunnel to connect on. The default is 1194. This setting must match the setting in the Local CradlePoint.
  11. Enter the amount of time you wish to wait to send a ping if no traffic has been sent through the tunnel in the Ping field. The value is in seconds, and 10 is the default.
  12. Enter the amount of time to wait if no pings have been received before the tunnel restarts into the Ping Restart field. This value is in seconds and the default is 60.
  13. Ensure the Tunnel Enabled box is checked.
  14. Click NEXT.                                                                                                                          User-added image
  15. Click ADD.
  16. In the REMOTE SERVERS screen, you will add the WAN IP address of the CradlePoint you are attempting to create a tunnel with. This IP address must be reachable across the WAN link by this CradlePoint. You will also enter the port and protocol of the Local CradlePoint. This much the settings you entered previously on the CradlePoint.
  17. Click SAVE.
  18. Click NEXT.                                                                                                                           User-added image
  19. For this configuration, we will leave the ROUTE section at default. Click NEXT.    User-added image
  20. If in Step 6 of Router #1 configuration you choose to use TLS, you will need to generate a TLS-Authentication Key, by clicking the GENERATE button. In this example, we are not using TLS so we will skip this step. This setting must match the setting in the Local CradlePoint.
  21. Click FINISH.                                                                                                                        User-added image
  22. In order to route to any LANs or devices attached to the Local CradlePoint, we will need to add routes to the CradlePoint. This can be done either statically or with a routing protocol. In this example we will use a Static Route. The enter a Static Route, go to NETWORK SETTINGS > ROUTING.                                                                                                                                                      User-added image
  23. Click ADD. User-added image
  24. Enter the IP Version.
  25. Enter the IP address or Network Address of the device or LAN you are attempting to route to on the remote side of the tunnel.
  26. Enter the Netmask.
  27. Enter the Gateway, this will be the Local Endpoint Address that you configured in Step 7 of Router #1 configuration.
  28. The Device is the Interface that the traffic is being sent out of for this route. In the CradlePoint, you can use either the Gateway or Device, but not both. In this example, we will leave it blank because we are using the Gateway address to route our traffic.
  29. Configure the Metric. By default it is 1, we will leave it 1 for this example.
  30. Check the box for Allow Network Access.
  31. You check the box for Distribute, if you would like this route distributed to a Routing Protocol configured on the CradlePoint. In this example, we will leave it blank.
  32. Click SUBMIT.                                                                                                          User-added image

Technical

Terms

  • OpenVPN: an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[2] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL)
  • Secure Sockets Layer/Transport Layer Security (TLS): are cryptographic protocols designed to provide communication security over the Internet.[1] They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and exchanging a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.

System Requirements

  • This feature is available only on the following CradlePoint Products:  AER 2100 and MBR1400v2.
  • OpenVPN requires an Extended Enterprise License (EEL) and Enterprise Cloud Manager (ECM) to use this feature.

Troubleshooting


To view the status of the OpenVPN tunnels, you will need to access the CLI of the CradlePoint and issue the following command; get status/openvpn.

To view log messages, you will need to enable Debug level logging. Enabling this level of logging will impact router performance and over time can cause unexpected reboots or loss of functionality and should only be enabled at the request of an authorized CradlePoint representative. This enables debug level logging for most of the Router Services. This is enabled by navigating to SYSTEM SETTINGS > ADMINISTRATION > SYSTEM LOGGING and next to the LOGGING LEVEL select DEBUG from the drop down.


CradlePoint Knowledgebase

CradlePoint Manual: Network Settings → Routing Protocol

OpenVPN

OpenVPN How To


Published Date:
7/1/2014

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.
This article was written based up on firmware version 5.0.0.

Summary:

This article will walk you through entering a modem’s AT dial script command into a Series 3 CradlePoint router, to be used whenever the router connects using this modem.

Contents:

Description:

It can often be useful or necessary to manually enter AT dial commands into the router, for example, to assign a specific “Access Point Name” (APN) when connecting to a GSM provider (such as AT&T or T-Mobile, as well as many international mobile carriers).  When used with supported modems, Series 3 CradlePoint routers may be configured to connect using AT dial commands.

Note: Some AT dial string commands are generic, and other AT dial string commands may only work with a specific modem or brand of modem.  Your modem manufacturer may be able to provide a list of commands that your modem will support. Some modems (particularly LTE 4G modems) use QMI instead of AT dial scripting and will ignore any AT dial commands entered into the router.

Directions:

Click here if you are unsure of how to access the CradlePoint router’s administration pages.

  1. Click on the Internet tab, and then select Connection Manager from the drop-down menu. User-added image
  2. Under WAN Interfaces, highlight the modem to use with the AT command, and then click EditUser-added image
  3. On the WAN Configuration screen, click the Modem Settings tab.User-added image
  4. Enter your AT Dial Script into the AT Dial Script field. User-added image
  5. Then click on the SIM/APN/Auth Settings tab, and verify that the Access Point Name is set to DefaultUser-added image
  6. Click Submit to save your settings. The modem will briefly disappear from the WAN Interfaces list, and then reappear and try to connect using the new dial command.

Common Scripts:

1. Here is a common AT dial script used to manually assign an APN to a specific SIM profile slot:

AT+CGDCONT=[PROFILE SLOT],”IP”,”[APN NAME]”
ATDT*99***[PROFILE SLOT]#

Replace [PROFILE SLOT] with the slot number (1-15) and [APN NAME] with your mobile carrier’s APN. A list of commonly used APNs for many mobile providers can be found here.
For example, to manually assign the AT&T APN “broadband” to SIM profile slot 1, you would enter:

AT+CGDCONT=1,”IP”,”broadband”
ATDT*99***1#

To instead assign the AT&T APN “i2gold” to SIM profile slot 3, you would enter:

AT+CGDCONT=3,”IP”,”i2gold”
ATDT*99***3#

2. Here is another useful AT dial string (supported with many modems) that will “wake” the modem from airplane mode:

AT+CFUN=1

3. These commands can also be combined.  For example:

AT+CFUN=1
AT+CGDCONT=1,”IP”,”broadband”
ATDT*99***1#

4. Your modem manufacturer may be able to provide a full list of commands that your modem will support.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Internet Service Provider (ISP) recommends setting a static WAN IP.

Cause:

Some ISP’s require static IP settings in the router.

Resolution:

  1. Confirm that the ISP requires static WAN IPsettings by contacting the ISP (typically ISP’s do not require these settings).
  2. Log into the router’s setup page (login instructions).
  3. Click the Internet tab then Connection Manager.                                                                         User-added image
  4. Under WAN Interfaces heading, click the  Ethernet: Blue device then click the Edit button.                                 User-added image
  5. In the WAN Configuration box that displays, click the Ethernet Settings tab.
  6. Change the Connect Method to Static (Manual).
  7. Fill in the IP Address, Subnet Mask, Gateway IP, Primary and Secondary DNS (provided by the ISP).
  8. Click Submit.                                                                                                                                             User-added image
  9. Connect your static internet connection to the BLUE Ethernet port on the router.
  10. Allow up to 2 minutes for the connection to establish.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Things to Know Before Getting Started

  • This feature is only available on our series 3 routers: CTR35, MBR95, CBR400, CBR450, IBR600, IBR650, MBR1200B and MBR1400.
  • In order to take advantage of this feature you will need firmware version 3.5.0 or later. If you are not at this version, please updateFirmware Update Instructions.

What is  a Data Usage Rule?

A Data Usage rule attempts to track the amount of traffic used by the WAN Connection. This is useful for a cellular broadband connection with a data cap.  A Data Usage rule to helps prevent data overage charges.  Data Usage rules are not guaranteed to be 100% accurate.  Data Usage Rules provide an estimated usage of data. CradlePoint is not responsible for any overage charges.      

Before Getting Started:

Note:  Typically Data Usage volumes are written to the routers internal memory approximately every 15 minutes.  This means that if the router shuts down/reboots 13 minutes after the last save, all data used during that time will not be stored are accounted for in the Data Usage calculation when the router comes back on.  Data used by the modem, while not plugged into the router, is not reflected in the router Data Usage estimate.

Configuration:

  1. Log into the router’s setup page (login instructions).
  2. If you see a button in the top left corner of the screen that says Basic Mode click on it to change to Advanced Mode. (If you don’t see this button, ignore this step).                                                                                     User-added image
  3. Click the Internet tab then select Data Usage.
  4. Make sure Enable data usage is checked                                                                    User-added image
  5. In the Data Usage Rule section click Add.
  6. Name the rule.
  7. In the Wan Selection select the name of the USB Modem (or “Ethernet: blue” if you want to monitor data usage for a DSL/Cable/Satellite/T1 connection).                                                                                             User-added image
  8. Under the Assigned usage in MB enter the maximum data volume to be used before the router takes action (the action will be chosen at a later step).  Typically, it’s best to set the maximum slightly lower than the data cap.  Data caps are usually given in Gigabytes.  1024MB = 1GB.
  9. Make sure Rule Enabled is checked then click Next.
  10. The Cycle Type should be set according to your billing plan with your ISP.                                                                                 User-added image
  11. Cycle Start date should correspond with the billing period start day each month.
  12. Select the router action from the following options:
  • Shutdown WAN on Cap:  The router will shut down the internet connection when the cap specified at step 8 is reached.  When the cycle start date is reached, the connection will re-enable.
  • Send alert on Cap:  The router will send you an e-mail warning you that the cap has been reached. This requires configuration of SMTP mail settings, SMTP Instructions.
  • Custom Alert:  This option will generate an e-mail message when the specified percent of usage has been reached.
     14.  Click “Submit”.The page now shows a graph and numbers displaying how much data has been used.  This page can be accessed to periodically check the modems data usage.

Permalink


Cradlepoint Series 2 (49)

View category →

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.

Overview:

All computers/devices that connect to a network get an IP Address (an IP Address is a number used to identify the specific device. Think “street address”).  Computers can acquire this IP address one of two ways:

  1. They assign one to themselves.
  2. They can choose to get one from the router itself.

Every time a computer disconnects/reconnects to the router, or turned off/on a new IP address is assigned to it by the router.  Any port forwarding/remote access rule in the router is based on the computer’s IP address.  Using port forwarding/remote access rules the computer in question is required to be assigned the same IP address assigned from the router.  DCHP Reservations provide this functionality.

Things to do before configuration:

  1. Make sure the router firmware is up to date (to check your firmware version, please click this link).
  2. Make sure the device you want to set up the reservation for is turned on and connected to the router via Wi-Fi or Ethernet.
  3. You will need to know the CURRENT IP Address of the device you want to set up a reservation for.

How to set Up:

  1. Log into the routers administration page (login instructions).
  2. Click the “BASIC” tab at the top, then to “DCHP” on the gray sub-menu on the left.   User-added image
  3. Locate the ADD DCHP RESERVATION section.                                                              User-added image
  4. Check Enable and under Computer Name click on the drop down menu and select the name of the device.
  5. The IP address and MAC address field should auto-fill.
  6. Click Save.
  7. Scroll to the top and click Save Settings.

The CradlePoint router will now only issue the reserved IP to the device (MAC address) that is associated with the rule.

Permalink


If you are unsure of the CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.

Description: 

By default, the CradlePoint router will attempt to connect to the highest speed network available.  If using a 3G/4G WiMAX modem in an area where only a 3G signal is reliable or available the CradlePoint will disconnect from 3G and attempt, unsuccessfully, to connect to the 4G WiMAX network.  While this connection is attempted, the Internet will be unavailable through the modem and router. For this reason, it may be necessary to set the CradlePoint router to connect only to 3G to avoid the connection interruptions due to any possible 4G connection attempt.

3G/4G WiMAX modems from these carriers may require this change:

  • Sprint
  • Clear
  • BridgeMAXX
  • Time Warner Cable
  • Comcast
  • Xohm
  • Rover

Directions:

It is highly recommended to update to the CradlePoint routers most recent firmware and WiMAX driver version,  How to Update Firmware.

  1. Log into the routers administration page (login instructions).
  2. Click the MODEM tab then select SETTINGS from the gray sub-menu on the left.                                        User-added image
  3. Locate the MODEM SPECIFIC SETTINGS section then select the Modem Interface drop-down to the slot that your modem is connected to.                                                                                                                                User-added image
  4. Locate the Dual WiMAX/3G Settings sub-section and change Connect Mode to 3G Only                               User-added image
  5. Click Save Settings at the top of the page then click Reboot Now when prompted.                                           User-added image

After the router reboots, only the 3G connection will connect, and the 4G connection will be disengaged.

Permalink


If you are unsure what model or series router you have click here.

This article was written based on the 2.0.0 series 2 firmware version.


Symptom:

Unsure of the current firmware version installed on a Series 1 or 2 CradlePoint router.


Resolution:

  1. You will need to connect to your router to check the firmware, please click here to review an article for help connecting.
  2. Access the CradlePoint’s setup pages.  Click here if you are unsure of how to access the setup pages.
  3. Once in the setup pages, in the tabs across the top click on Status.User-added image
  4. In the middle of the page the second box down will be labeled General.
  5. The current Firmware Version and WiMAX Version will be listed.User-added image

Permalink

0 Comments - Leave a Comment

If you are not sure what series and model CradlePoint router you have, please click here.

This article was written based upon the 2.0.0 firmware version.


Overview:

Most (but not all) Series 2 CradlePoint routers can connect to more than one Internet (WAN) source.  If you have more than one WAN source available priority of the connections  can be configured and the CradlePoint will automatically switch over to the next available WAN connection upon failure of the defined primary WAN source.

For example, with two available WAN sources a wired Ethernet connection (DSL, cable, satellite, T1, etc.) as well as a USB cellular data modem.  By default, the CradlePoint router will use a wired connection as the primary connection; if the wired connection fails the router will switch to the cellular modem as the WAN source.  Several CradlePoint routers allow for multiple cellular modems and/or multiple wired WAN connections it is possible to specify the order WAN connections.  Additionally the CradlePoint router can be configured to actively ping a target computer to check the Ethernet WAN connection state.
 

Directions:

NOTE:  Before configuration of Failover and Failback features verify that the WAN connections are working independently.

  1. Log into the administrative console, the default location is http://192.168.0.1 Click here if you are unsure how to access the administration pages.
  2. Click the ADVANCED tab then select FAILOVER/LOAD BALANCE from the gray sub-menu on the left.  For routers without the Load Balancing feature, this option is called FAILOVER.                                                                                                                                                                  User-added image
  3. Place a check mark next to Enable in the ETHERNET WAN FAILURE DETECTION section.            User-added image
  4. The FAILOVER/LOAD BALANCE page displayes the priority and status of all available WAN interfaces.  In this example, the CradlePoint MBR1200 has a wired Ethernet connection attached to the Blue WAN port, a Sprint Sierra Wireless 250U 3G/4G modem in USB slot 1, and a Verizon Novatel MC760 3G modem in USB slot 2.                                                                                                                                               User-added image
  5. The Ethernet port (shown in green) is currently connected WAN source.  The cellular modems are in Ready state and available in case the Ethernet connection fails.  Since Enable Failback under ETHERNET WAN FAILURE DETECTION is not enabled, the router will not automatically reconnect to the primary connection when it becomes available.
  6. Without specifying a ping target, the router will automatically ping the remote gateway IP address.  Since it is possible for the gateway IP address to provide a ping response while not connected to the Internet set the CradlePoint router to ping a specific target on the Internet.  The Enable Failback option allows the router to re-connect to the Ethernet WAN connection once it becomes available again.
  7. In this example, the ETHERNET WAN FAILURE DETECTION has been set to send a ping to the IP address 8.8.8.8 (Google’s public DNS servers) every 30 seconds.  If the CradlePoint is unable to receive a ping response from 8.8.8.8, it will automatically failover to the next available connection.  Because Enable Failback is checked the CradlePoint router will automatically fail back to the Ethernet connection once it  receives a ping response from 8.8.8.8.User-added image
  8. To change the failover priority for attached WAN interfaces, use the red Priority arrows in the WAN INTERFACES section to move a device.   This example shows that the Verizon MC760 modem has been moved to a higher priority than the Sprint 250U modem.  This setting will ensure that if the wired Ethernet connection fails that the CradlePoint router will use the Verizon MC760 modem next.  User-added image
  9. For CradlePoint routers that support Load Balancing, it is possible to have multiple cellular modems connected with an Ethernet connection.
  10. Under WAN LOAD BALANCING the Load Balance Mode change to Enabled load balance with any WAN interface then all available modems will become established.                                                                                                               User-added image
  11. After enabling, Load Balancing the modems previously showing Ready will now show Established.   User-added image
  12. Click Save Settings at the top of the page.                                                                   User-added image
  13. If prompt reboot choose Reboot Now.

 
 
NOTE:  CradlePoint routers that do not support the Load Balancing feature will not be able to use more than internet connection at the same time. 

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article was written based upon firmware version 2.0.0.

Description:

The DEVICE INFO page of the STATUS tab shows many of the settings saved in the CradlePoint’s administrative console.  This article will go through each setting and explain what each setting is used for.

Directions:

  1. Log into the CradlePoint’s administrative console.  The default LAN IP address is http://192.168.0.1.
  2. If not already there, click on STATUS and then DEVICE INFO in the left-hand column
User-added image



GENERAL section:

User-added image

Time:
The current time of the router, based on the time zone selected.  This time will not be correct unless the time zone has been set, and that the router is online to reach the “Network Time Protocol” (NTP) server.
Firmware Version:
The current build version and release date for the firmware currently installed on the router.  You can download the most recent firmware version for your device from http://www.cradlepoint.com/firmware.
WiMAX Version:
Some carriers (like Sprint and Clear) use “WiMAX” for 4G service.  When using these modems, it is necessary for the WiMAX Version to be updated.  This setting is optional for all non-WiMAX carriers, such as Verizon or AT&T.



WAN INTERFACE section:

User-added image

Port:
The interface being used — Ethernet, USB, ExpressCard, or PC Card.
Connection Type:
The type of connection the interface is connecting with — DHCP, PPP, PPPoE, etc.Traffic Shaping:
For capable routers, this indicates whether Traffic Shaping is enabled.Cable Status:
This indicates whether the media state is connected or disconnected.Network Status:
This indicates whether the connection to the remote network is established or not.  While trying to establish a connection, this will show “Establishing.”  If the modem is unable to connect, this will show “Suspended.”

Connection Up Time:
The amount of time that the WAN connection has been online.

Renew & Release buttons:
These buttons will allow you to force the CradlePoint to release or renew its IP address.  Once the IP address has been released, you will be unable to connect until you renew the IP address (to get a new IP address).

MAC Address:
The physical machine access control (MAC) address of the CradlePoint’s wired WAN interface.  This will be a different MAC address than the CradlePoint’s LAN MAC address (below).

IP Address:
The Internet Protocol address the CradlePoint is receiving or specifying from the router it is connecting through.

Subnet Mask:
The subnet mask that specifies the size of the network the CradlePoint’s WAN interface is connected to.

Default Gateway:
The remote gateway that provides the next step out to the Internet from your IP address.

Primary & Secondary DNS Servers:
The primary and secondary domain name servers (DNS) used to translate domain names into IP addresses.



LAN section:

User-added image

MAC Address:
The physical machine access control (MAC) address of the CradlePoint’s wired LAN interface.  This will be a different MAC address than the CradlePoint’s WAN MAC address (above).IP Address:
The local LAN IP address of the CradlePoint.  This can be changed from “BASIC” -> “LAN” if necessary.Subnet Mask:
The subnet mask defines the size of the CradlePoint’s local LAN network.DHCP Server:
The DHCP server allows the router to automatically provide local IP addresses to wired and wireless computers that connect to the CradlePoint.  If the DHCP server is disabled, only computers that are set to manually assign their network settings would be able to connect.



WIRELESS (WI-FI) LAN section:

User-added image

Wireless Radio:
This indicates whether the router’s wireless radio is enabled or disabled.  This can be changed at “BASIC” -> “WIRELESS (WI-FI)”WISH:
This indicates whether Wireless Intelligent Stream Handling (WISH) is enabled.  This can be enabled or disabled from “ADVANCED” -> “WISH.”MAC Address:
The physical machine access control (MAC) address of the CradlePoint’s wireless LAN interface.  This will be a different MAC address than the CradlePoint’s WAN MAC address or wired LAN MAC address (above).Network Name (SSID):
The name of the wireless network.  This is what nearby wireless devices will see when they attempt a wireless site survey.

Channel:
The channel number that the wireless network is operating on.  In the USA there are eleven channels, 1 though 11.  In areas with several nearby wireless networks, it is highly recommended to use a channel that other networks are not using, if possible.

Security Mode:
This indicates the type of wireless security on the wireless network: Open, WEP, WPA, WPA2, etc.

Wi-Fi Protected Setup:
This indicates whether WiFi Protected Setup is enabled or disabled.  This can be changed from “ADVANCED” -> “WI-FI PROTECTED SETUP.”

CURRENT DHCP RESERVATIONS section:

User-added image

This section shows any DHCP reservations already saved in the CradlePoint.  Any device MAC address listed here should always receive the same IP address from the CradlePoint.  You can add, edit, or remove devices from the DHCP Reservations List from the “BASIC” -> “DHCP” page.

In this example, when the device with MAC address 00: 12:34: ab: cd:ef tries to connect, the CradlePoint will always give it IP address 192.168.24.100.

IGMP MULTICAST MEMBERSHIPS section:

igmp.jpg

If IGMP is enabled, this section will display all multicast groups of which any LAN devices are members.  This can be changed under “ADVANCED” -> “NETWORK.”

Permalink

0 Comments - Leave a Comment

Sierra Wireless Products (43)

View category →

Yes, the Sierra Wireless AirLink® LS300 is RoHS Certified. The M2M modem is branded with an RoHS sticker on the modem, and USAT has a certificate of compliance on file from Sierra Wireless for the AirLink® LS300 RoHS Certification (available on request). The certificate is a DECLARATION OF EUROPEAN UNION RoHS COMPLIANT PRODUCT, and that Sierra Wireless Inc certifies that the products identified below to be “”RoHS Compliant””:

Sierra Wireless AirLink® LS300 Modem

Restriction of Hazard Substances (or RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

The RoHS directive is with respect to any homogenous components used in the product as shipped by Sierra Wireless, in its entirety.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive which USAT is proud that our suppliers, such as Sierra Wireless, support.

Permalink


Yes. The AirLink GX400 can be configured to monitor the input, respond to specific types of events, and even trigger digital output. The device can also be configured to change its power mode in order to conserve power. These features can be configured to your needs.

The AirLink GX400 is equipped with an I/O port interface which includes 1 low power timer enable input and 1 digital I/O. These may be connected to sensors and switches to monitor status and remotely control equipment. AirLink GX400 board supports a low power timer enable input pin and a digital I/O pin which are connected to the CPU processor. The I/O signal comes in from the power connector, through a PolySwitch resettable fuse, and ties into the CPU pins with protection circuitry.

Digital Input

Digital Input can be used in two different modes: the switch mode or the voltage sensing mode.

The switch mode senses contact closures. The digital input can report either an open or closed state, and can be wired to a ground signal via a switch. When the switch is open, the input reads “”3.3V””. When the switch is closed, the input reads “”OV””.

Examples of using the input with a switch to ground:

  • When a door or other latch is opened or closed
  • Counting pulses or other electronic events
  • When a gauge reaches a certain point
  • When a container fills or empties
  • When a switch or valve is opened or closed
  • When the tow bar is raised or lowered
  • Connected to a sensor, the level of fuel in a vehicle
  • When the trunk of a vehicle is opened or closed
  • When the ignition is turned on or off

Digital Output

Digital Output of open collector design is capable of driving an external device such as a pull-up resistor or relay. As an example, a relay could be connected between the output pin and an external voltage. The voltage on the relay cannot exceed 30V. The digital output pin can handle up to 150mA.

Examples of using the digital output with an external relay or pull-up resistor:

  • Setting off an alarm or siren
  • Triggering a process to start on another device
  • Opening or closing a valve or switch
  • Locking or unlocking a door. Inputt
  • Turning a light on or off
  • Opening the vehicle’s trunk or doors

Permalink


Yes, the Sierra Wireless AirLink® GX-440 is RoHS Certified. The M2M modem is branded with an RoHS sticker on the modem, and USAT has a certificate of compliance on file from Sierra Wireless for the AirLink® GX-440 RoHS Certification (available on request). The certificate is a DECLARATION OF EUROPEAN UNION RoHS COMPLIANT PRODUCT, and that Sierra Wireless Inc certifies that the products identified below to be “”RoHS Compliant””:

Sierra Wireless AirLink® GX440 Modem

Restriction of Hazard Substances (or RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

The RoHS directive is with respect to any homogenous components used in the product as shipped by Sierra Wireless, in its entirety.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive which USAT is proud that our suppliers, such as Sierra Wireless, support.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Yes, the GX440 fully supports fallback to 3G and 2G networks. The default setting for the GX440, when it comes to network service preference, is “”LTE Preferred””, meaning the GX440 will always look to connect to a LTE service first, if available. If LTE service is not available, then the GX440 will connect to the next fastest service available.

Customers who purchase the GX440, but who do not yet have LTE service in their area, there is a configuration option under the “”WAN/Cellular”” tab in ACEmanager 4.0 to set the GX440 to “”CDMA Only””. When this configuration is used the GX440 will not actively scan for LTE service.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Yes, the Sierra Wireless AirLink® GX-400 is RoHS Certified. The M2M modem is branded with an RoHS sticker on the modem, and USAT has a certificate of compliance on file from Sierra Wireless for the AirLink® GX-400 RoHS Certification (available on request). The certificate is a DECLARATION OF EUROPEAN UNION RoHS COMPLIANT PRODUCT, and that Sierra Wireless Inc certifies that the products identified below to be “”RoHS Compliant””:

Sierra Wireless AirLink® GX400 Modem

Restriction of Hazard Substances (or RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

The RoHS directive is with respect to any homogenous components used in the product as shipped by Sierra Wireless, in its entirety.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive which USAT is proud that our suppliers, such as Sierra Wireless, support.

Permalink


Digi Products (3)

View category →

Firewall concerns:
Firewalls (and the IT security people that maintain them) are generally concerned with protecting a location’s Local Area Network from unauthorized use – both from traffic coming at the network from the outside world, and traffic from within the local area network going outward.  A Remote Management-capable Digi product falls into the latter category, because the Digi device creates an outbound TCP socket connection to the Device Cloud or Remote Manager server.  This  EDP (easy device protocol) socket connection is tunnel through which data gets pushed from your Gateway to to the Device Cloud, so that data can be accessed from anywhere in the world.

The following article describes:

  • The IP socket connections used when a Digi RF Gateway,TransPort Router, or edp-capable device (using Digi Cloud Connector) makes a Remote Management connection to Device Cloud or Remote Manager
  • How to determine the IP address in use for a given Device Cloud or Remote Manager DNS name

Locations where it is likely that Firewall Rules will be needed:

Those who are trying to connect to Device Cloud or Remote Manager from a location which has strict outbound firewall rules will especially need the guidance found within this article.  Some likely examples for this type of network security environment include:  Government offices/buildings and institutions, Schools, Universities, and some Businesses (especially ones that do government contract work).

 

What network port(s) does a Gateway or Connect-capable device use to connect to Device Cloud?

By default, the TCP and/or UDP port(s) your Device Cloud-capable Gateway or device uses to connect with Device Cloud will depend in part on the age/default configuration of your Gateway, the device’s configuration, as well as the particular model.

TCP Port 3197:  The outbound EDP/non-SSL (non-secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway (especially if the product hasolder firmware), which may still be configured to create an un-encrypted Device Cloud socket connection.

Note:  If possible, the firmware of older products should be updated so that the Device Cloud configuration settings can changed to use of SSL socket connections into the Device Cloud instead (see next entry below).

TCP Port 3199:   The outbound EDP/SSL (secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway with newer firmware which are configured to create a secure SSL socket connection into Device Cloud.  Required on ALL Linux-based Gateways, examples:  XBee Gateway ZB andConnectPort X2e for Smart Energy.  Can also be required if the Device Cloud account is configured to accept SSL connections only (new Device Cloud option as of version 2.16)

UDP Port 53:  Outbound DNS (Domain Name Service) name recognition service, i.e. translates the my.devicecloud.com name for Device Cloud connectivity.

Note:  DNS service is not a requirement.  If access to DNS service is not allowed or possible from your network, the device’s remote connectivity address would need to use the IP address of my.devicecloud.com (52.73.23.137), rather than the DNS name itself (see below under What IP address is needed for outbound Firewall rule(s)? for more details).

UDP Port 123:  The outbound socket connection to an NTP (time) server is required for ALL Linux-based Gateways such as the XBee Gateway and ConnectPort X2e, as well as  gateways and devices configured for NTP time management.

Important Note for all XBee and ConnectPort X2e Gateways (and Gateways configured for NTP Time Management)

The XBee Gateway and ConnectPort X2e are Linux-based gateways which require outbound access to UDP port 123 (NTP), in order to generate the secure (SSL) TCP socket connection into Device Cloud.  Any Gateways which are configured for NTP time management will have this requirement as well, since the Gateway connects to an NTP server in order to to keep an accurate date/time.

If your XBee (or CP-X2e) Gateway is added to your Device Cloud account but never shows up in a Connected state, check to ensure that outbound NTP access is available for the Gateway through your local network Firewall.  ConnectPort X2 and X4 gateways would still connect to Device Cloud (assuming TCP port 3199 isn’t blocked), but the Gateway might show an epoch 1970-based date/time if no other Time Sources are configured.
What IP address is needed for outbound Firewall rule(s)?

The best way to determine that is to do an nslookup of the DNS name for the Remote Management server you want your device(s) to connect to.  As of the date of this article (6/16/2015), here is how this looked from my Windows 7 commandline (Start – Run – CMD) prompt when doing nslookup of our various Remote Management and NTP ring servers:

Digi Device Cloud and Remote Manager device connectivity address:

C:\>nslookup my.devicecloud.com

Name:    my.devicecloud.com
Address:  52.73.23.137

Past Device Cloud connectivity addresses which may still be in use on devices (all device configurations should be updated to use of the my.devicecloud.com address, then re-connected to the server at the new address):

devicecloud.digi.com
login.etherios.com
my.idigi.com
app.idigi.com

devicecloud-uk.digi.com
login.etherios.co.uk
my.idigi.co.uk

Digi Primary NTP Time Server Ring addresses:

C:\>nslookup time.devicecloud.com

Name:     time.devicecloud.com
Addresses:  52.25.29.129, 52.2.40.158

Secondary/Tertiary NTP Time Server addresses for pool usage:

C:\>nslookup 0.time.devicecloud.com

Name:     0.time.devicecloud.com
Addresses:  52.2.40.158

C:\>nslookup 1.time.devicecloud.com

Name:     1.time.devicecloud.com
Addresses:  52.25.29.129

Deprecated NTP/Time server addresses which may still be in use on devices (all devices should be updated to use time.devicecloud.com within their configuration):

time.digi.com
time.etherios.com

time.etherios.co.uk
0.idigi.pool.ntp.org
1.idigi.pool.ntp.org
2.idigi.pool.ntp.org

Making the Firewall Rules:

If the IP address of the DNS name ever changes (before this article is updated to reflect it), a Windows CLI command can be used to determine the IP address of our server:

nslookup <DNS name of server>

The Name and Address fields will be the DNS name and IP address for the Remote Management or Time server listed.  Your firewall rule will need to allow access for the appropriate network port used based on your Gateway’s Device Management configuration, as well as UDP port 123 if NTP Time Management is in use.

Important Note regarding deprecated DNS names:

If your Gateway is configured to use an idigi.* or etherios.* DNS name, it should be re-configured to use the my.devicecloud.com url at your earliest convenience. You will need to create firewall rules for all IP addresses/ports used, for all Remote Management and Time (NTP) DNS server names used within your device.

Permalink


Cloud services can be used for applications built around Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Digi International has a platform called iDigi. iDigi is a cloud platform for both device network management and for data management. The iDigi Device Cloud is designed using a high-availability architecture, with redundancy and failover characteristics. It is a highly scalable system that can host single units to tens of thousands of Digi devices. It also has web services APIs for secure application integration and data messaging. iDigi device clouds are located in Chicago and in London and you can select to which cloud your data is subscribed.

Device management also include the ability to send commands to remote devices. Standard web service calls are available to manage traditional device settings. An optional Server Command Interface / Remote Command Interface (SCI/RCI) mechanism is available for any custom device or application commands that may be required.

iDigi Manager Pro is a pay-as-you-go model, starting at $1.59 per registered device, per month. Sending data to and from the iDigi Device Cloud is billed on a transactional basis and are available at different usage levels. Data is managed through iDigi, which means that iDigi provides a collection point of data. iDigi is not a (long-term) data storage solution–Digi Dia data is stored for 1 day, and iDigi files are stored for 7 days.

Permalink


Unlike the ConnectPort WAN, the serial ports on the standard builds of the Digi Transport line are DTE not DCE serial, this means that a null modem cable should be used instead of a cross-over cable.

Null modem is a communication method to connect two DTEs (computer, terminal, printer etc.) directly using an RS-232 serial cable. The name stems from the historical use of the RS-232 cable to connect two teleprinter devices to modems in order to communicate with one another; null modem communication was possible by instead using RS-232 to connect the teleprinters directly to one another.

Permalink


Digi Transport (18)

View category →

When using a Digi TransPort Router with a Public SIM card, the issue of reaching this device by it’s IP address happens as most/all providers will dynamically assign IP addresses that will change at every connection / reconnection.

To overcome this problem, it is possible to use a Dynamic DNS host configured in the router. The Router will update the service provider with it’s current IP Address and / or any IP Address changes. This will allow the device to be reached without knowing it’s currently assigned IP Address

Digi TransPort Routers currently supports 3 service providers type :
– DynDNS.org
– No-IP.org
– Other

In this example, No-IP.org will be used as they allow registration of free Dynamic DNS hosts.

Before you can successfully register the IP address of your router with a service provider, you must create an account on their web site. In this example, no-ip will be used.

1- Sign-UP for a Free Account on No-IP

Go to https://www.noip.com/sign-up and sign-up for a free DDNS Account. When registering, the “hostname” will be the name used to reach your device, for example: “digitesteu.ddns.net

User-added image

2- Configure Digi TransPort DDNS settings

Open a web browser to the IP Address of the Digi TransPort Routers and navigate to Configuration – Network > Dynamic DNS

– Select the Service Provider, in this example: No-IP
– Enter the Host and Domain Name previously chosen during registration at the service provider, in this example: digitesteu.ddns.net
– Destination port can be left to 0. This will by default use HTTP port 80.
– DynDNS User Name is the username chosen during registration.
– DynDNS Password and Confirm Password is the password chosen during registration
– When is which interface to use to send DDNS updates. By default, use default route.

Click Apply and Save Configuration

User-added image

3- Verify DDNS update

3.1 – On Digi TransPort Router

Navigate to Management > Event Log. A line should show the DynDNS update success :

12:47:01, 10 Mar 2015,DynDNS 0 host 0 updated: good 90.121.121.151

3.2 – On No-IP.org website

Navigate to https://www.noip.com/members/dns/ and login with the previously created account credentials.

Under Manage Hosts, the domain name should be displayed with the current Digi TransPort’s Routers IP.

User-added image

4- Test Connection

Now that the DDNS update is done, open a web browser to the selected domain name (in this example : digitesteu.ddns.net). The Web interface of the Digi TransPort Router should be displayed

User-added image

Permalink


Gobi 2000/3000 Sprint Provisioning
Overview
This document is intended for Gobi Transport units over the Sprint network.  The purpose is to quickly walk you through running the Gobi Carrier Wizard, how to provision the device for Sprint networks.  It also highlights items to look at and how to test the unit.

Assumptions
This guide assumes that you have a PC that is able to reach the TransPort through the Ethernet interface to gain access to the WebUI for configuration purposes.

Information You Might Need
If possible, please try to gather the following information from Sprint as it might be necessary for possible issues:
MSL – Master Subsidiary Lock is required to allow the PTN and the MSID to be programmed
PTN – The phone number, which should contain 10 digits
MSID – The Mobile Station Identity or MIN, again 10 digits

Running the Gobi Carrier Wizard
The first thing that will need to do be done is run the Gobi Carrier Wizard to enable the device for Sprint. The following steps will guide you through this process:

1) Log into the WebUI through the Ethernet interface. (Default IP address is 192.168.1.1)

2) Once in the WebUI, click on Wizards on the upper-left hand side, as shown in the screenshot below:
User-added image

3) Click on the GOBI Carrier Wizard, and then click Next, as shown in the screenshot below:
User-added image
4) Choose Sprint, and click Next, as shown below:
User-added image

5) On the next page, you will see a line that says “Save configuration changes here”, with the “here” being blue in color and underlined. Click the ‘here’ link and then click Save on the next screen. Reboot the device after saving.

6) After the device reboots, log back into the WebUI.

7) Navigate to Configuration > Network > Interfaces > Mobile > CDMA Provisioning.

8) Under the section titled Automatic Provisioning, click the Start button. DO NOT fill in any of the 3 parameters unless told to by Digi.  DO NOT fill out anything under Manual Provisioning.
User-added image

9) This process will take ~2 minutes to complete. Once the process completes, a message at the top of the page will indicate if it has either been successful or failed to provision. If successful, click the Reboot link and reboot the device.  If failed, try provisioning again.  Please email Digi Technical Support with the debug.txt file (please see “When contacting Digi Technical Support” below) if the failure continues.

Once the unit is provisioned, it could take another minute or so before it establishes an IP address.

Indicators, WebUI

LED Displays

For the WR41 & WR44
W-WAN NET
Will illuminate steady if the unit is able to log on to the Sprint mobile network.

W-WAN SIM
This LED should not light up since you do not a SIM for a Sprint account.

W-WAN DAT
Represents data passing to and from the network.

Signal Strength
Here is a guide for the signal strength:

  • -113 dBm or less (0 LED) -> effectively no signal
  • -112 dBm to –87 dBm (1 LED) -> weak signal
  • -86 dBm to –71 dBm (2 LEDs) -> medium strength signal
  • -70 dBm or greater (3 LEDs) -> strong signal

The minimum recommended strength indication is 2 LEDs. If you have no or 1 LEDs lit, it is recommended that you fit an external antenna to the unit.

For the WR21
Service
Illuminates steady when there is a network connection to the WWAN interface and flashes when data is transmitted or received.

WWAN
Flashes to show which network mode the unit is operating in:
Off – no service
1 blink – GPRS mode
2 blinks – EDGE mode
3 blinks – UMTS mode
4 blinks – HSDPA mode
5 blinks – HSUPA mode
On steady – CDMA mode

Strength
Here is a guide for the signal strength:

  • -113 dBm or less (0 LED) -> effectively no signal
  • -112 dBm to –87 dBm (1 LED) -> weak signal
  • -86 dBm to –71 dBm (2 LEDs) -> medium strength signal
  • -70 dBm or greater (3 LEDs) -> strong signal

The minimum recommended strength indication is 2 LEDs. If you have no or 1 LEDs lit, it is recommended that you fit an external antenna to the unit.

WebUI

Locating the Mobile IP Address
On the Home page, you should see the Mobile IP address under PPP1 (W-WAN (CDMA)).

NOTE: If you get an IP address of 120.x.x.x, this is a false mobile IP address.  Please see the Troubleshooting section of this document.
User-added image

Under Management > Network Status > Interfaces > Mobile
User-added image

NOTE:  Use the above screenshot as a reference for the below information.

Mobile Connection  

Registration Status
This is the registration status of the mobile module with respect to the cellular network.
Ideally, it will show up as registered.

Signal Strength
The signal strength in dBm being received by the mobile module.
Here is a guide for the signal strength:

  • -113 dBm or less (0 LED) -> effectively no signal
  • -112 dBm to –87 dBm (1 LED) -> weak signal
  • -86 dBm to –71 dBm (2 LEDs) -> medium strength signal
  • -70 dBm or greater (3 LEDs) -> strong signal

The minimum recommended strength indication is 2 LEDs. If you have no or 1 LEDs lit, it is recommended that you fit a high-gain external antenna to the unit.

Mobile Statistics
IP Address
The IP address of the mobile interface.

Primary DNS Address / Secondary DNS Address
The primary and secondary DNS addresses used by the mobile interface

Data Received
The number of data bytes that have been received on the mobile interface whilst it has been connected.

Data Sent
The number of data bytes that have been sent on the mobile interface whilst it has been connected.

Mobile Information  
Current system ID
The current system ID reported by the mobile module.

Current network ID
The current network ID reported by the mobile module.

Network
The current network reported by the mobile module.

Signal strength 1xRTT
The signal strength in dBm being received by the mobile module from 1xRTT networks.

Signal strength EVDO
The signal strength in dBm being received by the mobile module from EVDO networks.

Manufacturer
The manufacturer of the mobile module.  For a Gobi module, you should see either Huawei Incorporated or Qualcomm Incorporated.

Model
The model of the mobile module.  Examples for the Gobi would be Huawei EM680, Qualcomm Gobi 2000, Qualcomm Gobi 3000.

MDN
The Mobile Directory Number (MDN) of the mobile module.

MIN
The Mobile Identification Number (MIN) of the mobile module.

ESN
The Electronic Serial Number (ESN) of the mobile module.

MEID
The Mobile Equipment Identifier (MEID) of the mobile module.

Firmware
The firmware running on mobile module.

Bootcode
The bootcode firmware running on the mobile module.

Hardware version
The hardware version of the mobile module.

Registration State
See Registration Status.

Roaming status
The current roaming status of the mobile module.

Service capabilities
EVDO, CDMA 1x, or both

Radio band
1900 MHz for Sprint.

Channel
The transmission channel in use.  25 for Sprint.

Preferred system
Specifies what you configured it for: CDMA, EVDO, or Auto.  You can set this under Configuration > Network > Interfaces > Mobile > Advanced.

PRL version
The version of the Preferred Roaming List (PRL) loaded on the mobile module.

Activation status
The activation state of the mobile module. It can be of the following:

  • 0 – Not activated
  • 1 – Activated

Raising and Lowering the Cellular Link
Under Management > Connections > PPP Connections > PPP 1 – W-WAN, you should see the Mobile IP Address, the Primary and Secondary DNS Address, as well as buttons to Drop or Raise the link.
NOTE: If you get an IP address of 120.x.x.x, this is a false mobile IP address.  Please see the Troubleshooting section of this document.
User-added image

Locating the Event Log

Under Management > Event Log
This page displays the current contents of the event log on the router.  This log records events throughout the Digi device’s system including cellular information.  Some of this cellular information you might see would be status codes, error codes, signal strengths, tower locations, & service available.
Note: The newest information is on top of this file.

Testing
Once you have set up the mobile settings on your unit and you see a mobile IP address, there are a couple of quick tests you can do to ensure your device is working.

Ping test

Unfortunately, you cannot do a ping test on the Sprint Network.  Sprint blocks this port (please see Sprint EVDO Blocked Ports under Troubleshooting, below).

Accessing the Internet

If you have a laptop or computer directly connected to your Transport, you can try opening a browser and accessing the Internet (for example ‘http://www.digi.com’).

NOTE: In order for this step to be a valid test, you must ensure you do not have another source to the Internet, such as being connected to your company’s network either via Ethernet or over Wi-Fi.

If this fails, please email Digi Technical Support with the debug.txt file (please see “When contacting Digi Technical Support” below).

Access the Transport Remotely

With Sprint as a cellular provider, they block certain ports.  A complete list of these blocked ports may be found in the Troubleshooting section below.  One of those ports is port 80, which is HTTP, which is the protocol normally used to access the Internet. With Sprint blocking this port, a user will no longer be able to remote into the Transport by simply entering the address (i.e. http://x.x.x.x where the x’s are representing the mobile IP address of the Transport).  Locally, the user will still have access to it using the local IP address.

In order to resolve the issue of getting into the Transport using the mobile IP address, there are two methods.

  1. With the Transport, there are two services for entering the Web GUI, HTTP or HTTPS.  Sprint blocks port 80, which is HTTP, but they do not block port 443, which is HTTPS.  To change to HTTPS, go to Configuration > Network > Network Services, then click the “Enable Secure Web Server” button.  You will then click the Apply button and then the Save.  Then click the Save All button.  Note that you will lose your connection.  At this point, in order to access either remotely or locally, you will need to specify “https” (i.e. https://x.x.x.x where the x’s are representing your local or remote address of the Transport).
  2. The HTTP service, in the Transport, besides the normal port 80, also accepts port 8080.  This means that you can keep the default settings and then enter the unit remotely specifying port 8080 (i.e. http://x.x.x.x:8080 where the x’s are representing the mobile IP address of the transport).  Note that locally you may still enter the WebUI of the Transport as you normally would (http://x.x.x.x where the x’s are representing the local IP address of the Transport).  To change to HTTP (which is the default setting), go to Configuration > Network > Network Services, then click the “Enable Web Server” button.  You will then click the Apply button and then the Save.  Then click the Save All button.

If you have a mobile terminated account, you should be able to access the Transport remotely.  Find a laptop or PC that has Internet access (outside of the Transport), open a browser, and specify, using https, the mobile IP address of the Transport (i.e. https://166.55.x.x).

If this fails, please verify that you have Web Server enabled (Configuration > Network > Network Services).  Having IP Forwarding (Configuration > Network > IP Routing/Forwarding > IP Port Forwarding/Static NAT Mapping) or IP Passthrough (Configuration > Network > IP Passthrough) enabled could affect these results as well.  Otherwise, if you cannot access your Transport remotely, the issue could be that you have a mobile originated account or a private account.  You should check this with your provider.

Mobile Originated vs. Mobile Terminated

Mobile Origination – Allows for outbound data to pass through the Digi and receive responses from the data request, but it does not allow for data originating from the Internet to pass through the Digi or to devices beyond it.

Mobile Termination – Allows for 2-way communication of data, where data from the Internet can reach the Digi and beyond, and data from the Digi can go to the Internet.

Troubleshooting
Ensure you are on the latest firmware
Updating your firmware may resolve your issue as well as enhancements to both your Transport and traces for troubleshooting.

  1. To check your firmware, go to Administration > System Information and note your Firmware Version
  2. Compare the firmware version to our latest release by going to www.digi.com > Support > Firmware Updates.
  3. Enter your Transport Model (i.e. WR21) in the field and then click on your particular model.
  4. It should bring you to a page for your product.  Choose the fimrware for the type of upgrade you will performing, either via FTP (WebUI) or FlashWriter, from the options on the page and save the file to your PC.
  5. Please follow “TransPort Firmware Upgrade Instructions” that is available under the General Firmware page listed above.

False Mobile IP Address Sprint units
120.x.x.x – If you see an IP address in the 120.x.x.x network for your mobile IP address, you should note that this is a false IP address.  Please attempt to re-provision your Transport.  If you still receive a false IP address, please provide the debug.txt file to Tech Support (please see “When contacting Digi Technical Support” below).  You may also need to contact Sprint, as well.

Sprint EVDO Blocked Ports
80/tcp filtered http
113/tcp filtered auth
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
559/tcp filtered teedtap
901/tcp filtered samba-swat
1022/tcp filtered unknown
1023/tcp filtered netvenuechat
1025/tcp filtered NFS-or-IIS
1433/tcp filtered ms-sql-s
3128/tcp filtered squid-http
3306/tcp filtered mysql
4000/tcp filtered remoteanything
4899/tcp filtered radmin
5000/tcp filtered UPnP
17300/tcp filtered kuang2
27374/tcp filtered subseven

Permalink


1)  Log into the WebUI, and navigate to Configuration – Network > IP Routing/Forwarding > IP Port Forwarding/Static NAT Mappings.

NOTE:  Use the below screenshot as a reference for steps 2-5

User-added image

2)  Fill in the Minimum and Maximum TCP/UDP ports the TransPort should listen on.  These can be the same port if only 1 port is being passed through, or a range of multiple ports if those are needed to pass through.

3)  Fill in the IP address of the LAN device the connection needs to get to.

4)  Fill in the TCP/UDP port of the LAN device the connection needs to get to.  Click Add when finished.

5)  Click Apply and Save the settings.

NOTE:  A reboot may be necessary at this point in time for the rules to take effect.

6)  Navigate to Configuration – Network > Interfaces > Mobile.

7)  Expand Mobile Settings, and change the NAT option to IP address and Port as shown in the screenshot below:

User-added image

8)  Click Apply and Save the changes.

Permalink


For most model TransPorts, the PPP 1 interface is the default cellular WAN interface.  If needed, an Ethernet interface may be used instead for WAN connectivity, for example, to connect to a separate non-cellular modem via Ethernet for Internet access.

Generally, all that needs to be done for this to work is to change the Interface of the Default Route to the Ethernet port and to enable NAT on the Ethernet WAN port.

To change the Interface of the Default Route to the Ethernet port, from the TransPort’s web interface, navigate to Configuration – Network > IP Routing/Forwarding > Static Routes > Default Route 0, and then change the “Default Route 0” Interface from PPP 1 (or whatever it currently is) to the appropriate Ethernet port, for example Ethernet 0.

For the vast majority of applications, enable NAT on the Ethernet WAN port.  In this “Ethernet as a WAN” scenario, NAT should only be disabled on the Ethernet WAN port in certain circumstances, for example, when using a private APN (and even then it may still need to be enabled).  To enable NAT on the Ethernet WAN port from the TransPort’s web interface, navigate to Configuration – Network > Interfaces > Ethernet > ETH x* > Advanced, and then check “Enable NAT on this interface”.  *Select the appropriate Ethernet port that’s being used for WAN (usually Eth 0 but not always).  Optionally check the option to enable NAT for “IP address and Port” instead of just “IP address” to avoid any potential Port Forwarding issues in the future.

Notes:

  • If the TransPort has multiple Ethernet ports, consider either enabling Port Isolate mode or utilizing Hub Groups.  Using an Ethernet port as the WAN interface will work without enabling Port Isolate mode or utilizing Hub Groups, but there are considerations.  If using the default Hub Mode instead of Port Isolate mode, traffic will route out of a single Ethernet port, for example Eth 0, and respond on that same port.
    • To enable Port Isolate mode from the TransPort’s web interface, navigate to Configuration – Network > Interfaces > Ethernet > ETH 0 > Advanced, and then click the “Switch to Port Isolate mode” button, unless the device is already in Port Isolate mode.
    • A Hub Group can alternatively be utilized by putting the WAN Ethernet port (Eth 0 for example) in a Hub Group that’s separate than the other ports.
    • For more information about Hub Mode vs. Port Isolate mode, and Hub Groups, please review the TransPort User Guide:  http://ftp1.digi.com/support/documentation/90001019.pdf
  • Be sure the TransPort’s Ethernet IPv4 port settings are configured correctly, to match the Ethernet-attached device.
  • Be sure to Apply any configuration changes, save the configuration, and then Reboot the TransPort.
  • WAN failover between Ethernet and Cellular may also be desired.  Please reference Quick Note 53 for information on this type of failover scenario.

Permalink


Debug output is usually obtained through the serial port (ASY0) or via telnet on the router (not SSH).

The options are:
“debug 0”   ->   ASY0
“debug 1”   ->   ASY1
“debug t”   ->   TELNET

To obtain debug output through SSH connect to the router via an SSH client & log in:

User-added image

Now, from the command line run the CLI command “TELNET 127.0.0.1” & log in:

User-added image

Now, you can send the debug output to the Telnet port running the CLI command “debug t” to see the debug output:

User-added image

Following an example in which IKE debug is enabled with level 4 (very high) and a IPsec VPN is removed:

User-added image

NB: In order to be sure to have all the debug output without losing old logs, please assure that the scroll line limit of the SSH client  is high (for example 2000). In Putty for example you should go to Change settings > Window to change the “Lines of scrollback” value:

User-added image

Permalink


Digi Remote Manager (5)

View category →

Remote Manager uses tags to categorize devices.  You may want to edit the tags associated with a device if the purpose of a device changes or if you use tags to create a new sub-category of devices. Device tags are stored in Remote manager and not on the device.

To add a tag to a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Enter the name of a tag in the text box and click Add Tag.
  5. Click Save. The new tag is associated with the device.

To edit tags for a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the tag name you want to edit. The tag name appears in the text box.
  5. Edit the tag name as needed and click Change Tag.
  6. Click Save. The new tag is associated with the device.

To remove a tag from a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the red X under action to delete the corresponding tag underStream Name.
  5. Click Save. The new tag is associated with the device.

Permalink


The groups feature allows you to add or create a group and assign a list of devices to that group. You can create a hierarchical structure of device groups to help organize your device inventory.

To create a group

  1. Click Device Management > Devices.
  2. Click the Groups button and select Add Group. The Add Group dialog appears.
  3. Type a group name.
  4. Choose the folder where you want to place the new group. The default is the root level.
  5. Click the Add Group button. The group name appears in the folder structure under the root directory in the left pane.

To add a device to a group
You can add one or more devices to a device group, and can add up to 500 devices to a group at one time.

  1. Click Device Management > Devices.
  2. Select the device(s) you want to add to a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.
  3. Click Assign to Group. The devices are added to the selected device group.

To move/remove a device from a group

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups you wish to remove the device from.
  3. Select the device(s) you want to remove from a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.  You may also select the “/” to move it to the root directory.
  3. Click Assign to Group. The devices are added to the selected device group or root.

To edit device group properties
You can edit device group properties, including the group name and its parent in the groups hierarchy.

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups.
  3. Click Groups and select Edit Group from the drop-down.
  4. Make changes to the group name and location as needed.
  5. Click Edit Group to confirm your changes.

To Remove a device group
Removing a device group removes the group itself and moves all devices in that group to the parent level in your device list.

  1. Click Device Management > Devices.
  2. Click to select the device group you want to remove from the device hierarchy in the left panel under Groups.
  3. Click Groups and select Remove Group from the drop-down. A confirmation dialog appears asking you to confirm that you want to remove that group.
  4. Click Yes to confirm. The group is deleted and any devices in that group move to the parent level in your device hierarchy.

To show or hide device groups
This feature will allow you to toggle the Groups display to hidden or visible.

  1. Click Device Management > Devices.
  2. Click the Show/Hide Groups button on the far left side of theDevices toolbar.

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


Introduction:

This article will discuss how to configure your Digi TransPort router for use with Remote Manager by utilizing the built-in Web User Interface (WebUI) of the Digi TransPort itself.

Changing the Remote Manager connection settings from the WebUI

The Digi TransPort WebUI can be accessed locally via the local IP address (LAN or WAN), or the Cllular Mobile IP address (provided your cellular account is one which supports Mobile Termination, and that you left a pinhole for HTTP or HTTPS through which to get to the WebUI if configured for IP Passthrough).

If you know the Mobile IP address and have met the conditions above, you should be able to open the TransPort’s WebUI by opening a browser to the Mobile IP of your TransPort at this time, but keep in mind that accessing the TransPort WebUI via the Local IP is preferred if available, since it doesn’t affect your cellular bill, is faster, and generally less prone to connection loss.

If you can get to the Local IP of the TransPort (this is an Ethernet or Wi-Fi connected TransPort and you’re at that location), you should access the TransPort’s WebUI using the Local IP address instead. The Digi Device Discovery Tool for Windows can be used to discover the Local IP address of the TransPort, if unknown. If you run the Device Discovery Tool and see a “No devices found?” message, and you’ve verified your TransPort is both powered on and has a solid Link LED present, you may want to check this article for Digi Device Discovery Troubleshooting Tips.

Assuming you can access either the Mobile (WAN) or Local (LAN) IP address and are now looking at the Web User Interface of your Digi TransPort:

1. Open Configuration -> Remote Management -> Remote Manager on the WebUI, then click the check box for “Enable Remote Management and Configuration using Remote Manager”. It should look similar to this:

2. On the page above, from the drop down menu, select the desired Device Cloud server :remotemanager.digi.com for the US Cloud or remotemanager-uk.digi.com for the EU Cloud.

3. Ensure the “Automatically reconnect to the server after being disconnected” box is checked as shown in the example, and configured with the 10 second value listed (or a reasonable alternative), as this is the box that tells your router to re-connect to the Remote Management server, should the connection get broken for some reason

4. Apply any changes by clicking the Apply button, when configuration is complete.

5. Click the blue “here” link to save the configuration, as shown below:

6. Click the “Save All” button from the ensuing page and you should get a message saying “The configuration has been saved successfully!”, then click the OK button.

7. After a minute or so, you should see that your Transport has established (i.e. state = ESTAB) a Remote Management connection to the Remote Manager server by viewing the Management -> Connections -> IP Connections page under the “General Purpose Sockets” listing towards the bottom:

In Closure: If all went well, your Digi TransPort should now be “Connected” on the Remote Manager server you selected in step 1 above.

Permalink


Adding your Digi TransPort to Remote Manager

  1. Log into your Digi Remote Manager account.
  2. Click on the Device Management tab.
  3. Click on the Add Devices button on the tool bar

  4. Add the Digi TransPort by either discovering it locally, or manually adding the Device ID, using either of the the two methods described below:

Discovery method:

  1. After hitting Add Devices (step 3 above), click the Discover >> button.

  2. Click the Discover button on the 2nd Add Devices screen.

  3. Select the Digi TransPort to be added, and click OK.

Manual method:

  1. After hitting Add Devices (step 3 above), click the dropdown which defaults to MAC Address, and select Device ID instead.

  2. Populate the entry field to the right of Device ID with the Device ID of your Digi TransPort.  This can be obtained from the Digi TransPort WebUI Home page if needed.

  3. Click the Add button, then click OK.

Your Digi TransPort should now be added to Remote Manager:

After your device is added, it should show up in the list of devices as disconnected (a Red icon beside the device means Disconnected, see below).

After a minute or so, refresh the device list by clicking the Refresh button, and verify a Connected state as seen below.  A Blue icon indicate the device is connected to Remote Manager.

 

Conclusion:

If you see the Blue/Connected icon next to your TransPort, it means that your device was properly configured, and you can now manage your TransPort on Remote Manager.  If still not connected after a a few minutes, you’ll want to re-check your TransPort Remote Management and Network configurations, as well as make sure you aren’t running into any Firewall issues between the TransPort and Remote Manager.

Permalink


Digi Device Cloud (5)

View category →

HOW TO: Change the Device Cloud Name on Gateways Using Device Manager from the Device Cloud
To change the server name for the Device Cloud connection from your Device Cloud account, you will navigate to the Device Management tab, right click on the desired Digi device and select Properties.

From the Properties screen, navigate to Advanced Configuration > Remote management connection > Remote management connection 1.  Type in the server name (en://my.devicecloud.com) in the Server address field:

User-added image

Click Save to save the changes.  Your device may disconnect from the Device Cloud and reconnect using the new name.

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


One very useful aspect of Device Management on the Digi Device Cloud is the ability to view the Connection History of a device.  This of course refers to the connection history of that device as viewed from Device Cloud, and is a record of a device’s connections and disconnections with the server, for whatever reason.

Device Cloud Connection History (from the device UI):

Getting the Connection History from the Data Streams API:

As seen above, the Connection History of a device is something which Device Cloud keeps track of.  A screen like the one above may be useful when wanting to know the current state of a device or what’s been going on with it, but short of taking a screenshot or copying/pasting that information into a text file, the information isn’t very portable.  The good news is, the Connection History is something which is also tracked as a Data Stream, and each of the Connect/Disconnect events is a separate Data Point within that Stream.

To query the Data Stream Connection History if the same device, we must query for the Data Points which make up that Stream as follows:

/ws/DataPoint/{deviceId}/management/connections/

Example Request:  /ws/DataPoint/00000000-00000000-00409DFF-FF5DF1CB/management/connections/

Response (for a single Data Point of the Stream):

<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<result>
<resultSize>206</resultSize>
<requestedSize>1000</requestedSize>
<pageCursor>27f2d9aa-beab-11e5-92dc-fa163ea15feb</pageCursor>
<requestedStartTime>-1</requestedStartTime>
<requestedEndTime>-1</requestedEndTime>
<DataPoint>
<id>f5e6756c-75c8-11e5-8dc1-fa163ee3abab</id>
<cstId>70</cstId>
<streamId>00000000-00000000-00409DFF-FF5DF1CB/management/connections</streamId>
<timestamp>1445194168409</timestamp>
<timestampISO>2015-10-18T18:49:28.409Z</timestampISO>
<serverTimestamp>1445194168412</serverTimestamp>
<serverTimestampISO>2015-10-18T18:49:28.412Z</serverTimestampISO>
<data>{“connectTime”:”2015-10-18T03:14:07.442Z”,”disconnectTime”:”2015-10-18T18:49:28.409Z”,”type”:”Wi-Fi”,”remoteIp”:”213.35.189.122″,”localIp”:”192.168.82.204″,”bytesSent”:70412,”bytesReceived”:69588,”session”:”6b861b2f-bd52-4455-b9fc-dc92693460db”}</data>
<description/>
<quality>0</quality>
</DataPoint>…
</result>

As can be seen in the <resultSize> field, there were 206 Data Points in the response to the query, so I’ve only listed one Data Point as an example of the type of data retrieved from the Connection History Data Stream.

Permalink


NetCloud Engine (81)

View category →

Summary

The NAC function of NetCloud Engine provides an extra layer of security for administrators looking to control which devices can or cannot join their Network. When enabled, any new devices attempting to join the network must be explicitly allowed by the administrator in order to become a member of the Network.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Log into Cradlepoint NetCloud.

User-added image

  • Step 2: Navigate to the NetCloud Engine tab.

User-added image

  • Step 3: Click on the Settings tab.

User-added image

  • Step 4: Enable NAC by clicking on the status button.

User-added image

  • Step 5: Select the new device from the list.

User-added image

  • Step 6: Approve the new device.

User-added image

  • Note: The status icon will change from this:User-added image to this:User-added image

Permalink


Summary

It is recommended that you use RDP when accessing QuickBooks over NetCloud Engine. This is because QuickBooks was not designed to work well over non-LAN topologies due to lower latency and higher bandwidth requirements.

See Intuit’s support knowledge article below under “Networks That Are Not Recommended”:

http://support.quickbooks.intuit.com/support/Articles/INF26626

Permalink


Summary

What is a Personal-3 Network?

Personal-3 networks constitute NetCloud Engine (Formerly Pertino)’s free offering. Personal-3 networks are useful for personal or home use of NetCloud Engine (Formerly Pertino) services. Personal-3 networks include basic features only whereas free trials offer NetCloud Engine’s advanced features for a period of 30 days.

How long may I have a Personal-3 network?

You may keep your Personal-3 networks indefinitely. However, Cradlepoint reserves the right to discontinue Personal-3 networks in the future, although we currently have no plans to do so.

How many Personal-3 networks may I have?

In general, there is no limit to the number of Personal-3 networks you may have. You may add additional Personal-3 networks to your account using the https://app.pertino.com management interface.

How many devices can a Personal-3 network have?

As suggested by its name, a Personal-3 network may have up to 3 devices configured. Devices configured on the Personal-3 network count regardless of connection status. If you wish to add a different device to a Personal-3 network that already has 3 configured devices, you must first remove a device from the network using the Device View panel on the https://app.pertino.com management interface.

What do I do if I need more than 3 devices?

We have several pricing plans to accommodate your needs. Please refer to http://pertino.com/pricing for a description of these plans and included features.

Permalink


Summary

This article describes the steps necessary to set up NetCloud Engine (Formerly Pertino) with Active Directory.


Configuration

Note: This is now automatic using the new feature called ADConnect for all Business Plans.

One of the major benefits of using AD through NetCloud Engine (Formerly Pertino) is you will not have to provide a username or password when accessing file shares on the domain. Also once you add the Pertino AD IPv4 address in the DNS settings on the network interface adapter, you will be able to add remote computers into the domain as you would normally when connected to the same network.

First you will need to find the Pertino IPv4 address of the AD server by pinging the computer name from the remote computer (you may have to use the -4 option when pinging the computer). Next, edit the Pertino Virtual network adapter from the remote computer by right clicking the interface and select Properties and double-click the IPv4 protocol. In the DNS settings, add the IPv4 address you got back from the ping.

User-added image

User-added image

Note: Keep in mind when you upgrade the NetCloud Engine (Formerly Pertino) client, you will have to reapply these settings. There is also a chance the Pertino IP address could change which would require you to reapply the changes as well. This is not a problem if you use ADConnect.

Make sure your DNS server is listening on the Pertino Virtual interface. To verify see below:

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
  2. In the console tree, click the name of the DNS server you wish to configure.
  3. On the Action menu, click Properties.
  4. On the Interfaces tab, make sure the Pertino IPv6 address is checked . By default, all IP addresses are selected.

Permalink


Summary

This article describes the steps necessary to share files and folders on a Windows machine.


Quick Setup

Configuration Difficulty: Beginner

  • Step 1: On the computer you will be sharing folders from, click on the Start button.
  • Step 2: Search for “Sharing” and select on Manage advance sharing settings from the results.

User-added image

  • Step 3: Select Turn on network discovery and Turn on file and print sharing.
  • Step 4a: (Optional) Select Turn on password protection sharing.

User-added image

  • Step 4b: (Only if “password protected sharing” is enabled) Navigate to Control Panel.

User-added image

  • Step 4c: Select Add or remove user accounts.

User-added image

  • Step 4d: Select Create a new account.

User-added image

  • Step 4e: Specify the user’s name and then click Create Account.

User-added image

  • Step 4f: Select the account you just created and then select Create a password.

User-added image

  • Step 5: Right click on the folder you want to share and select Specific people…
  • Step 6: Select the user you are giving access to, and click Add and then Share.

User-added image

  • Step 7: Right click the folder again and select Properties.
  • Step 8: Select the Sharing tab.

User-added image

  • Step 9: Select Advanced Sharing…
  • Step 10: Check the Share this folder and click OK.

User-added image


Detailed Instructions

Configuration Difficulty: Intermediate

To share files and folders on a workgroup or a domain:

  1. In Windows Explorer, select the file or folder to be shared, and then click the Share with menu at the top.
  2. Select Specific people to get to the File Sharing wizard:
    • If your computer is on a domain, click the arrow next to the text box, and then click Find people. In the Select Users or Groups dialog box, type a name in the box, click Check Names, and then click OK.
    • If your computer is part of a workgroup, click the arrow next to the text box, click a name from the list and then click Add.
    • Under Permission Level column, select one of the following options:
      • Read: Recipients can open, but not modify or delete the file.
      • Read/Write: Recipients can open, modify or delete the file.
  3. When you have finished adding people, click Share.
  4. After you receive confirmation that your item is shared, you can let the people know.
  5. When you are finished, click Done.

Notes:

  • If you try to share a file or folder in one of the Windows 7 Public folders, the Share with menu will display an option called Advanced sharing settings… instead of the sharing options for non-public folders and files. This option takes you to the Control Panel, where you can turn Public folder sharing on or off.
  • If password-protected sharing is turned on, the person you want to share with must have a user account and password on your computer for full access to shared items. Password-protected sharing is located in Control Panel under Advanced sharing settings. It’s turned ON by default.

To share files and folders on a homegroup:

  1. Right-click on the file or folder you want to share, and then click on Share with.
  2. Choose one of the following options:
    • Homegroup (Read): This option shares the item with your entire homegroup, but they can only open and read the item. They cannot modify or delete it.
    • Homegroup (Read/Write): This option shares the item with your entire homegroup and lets them open, modify or delete it.
    • Specific people: This option opens the File Sharing wizard which allows you to select individual people to share items with.

Turning Public folder sharing on or off:

Anyone on your computer or network can access Public folders if you have sharing turned on for that folder. When it’s turned off, only people with a user account and password on your computer have access.

  1. Click on Start button, click on Control Panel, click on Network and Sharing Center.
  2. Select Change advanced sharing settings in the left pane.
  3. Click the chevron to expand your current network profile.
  4. Under Public folder sharing, select one of the following options:
    • Turn on sharing so anyone with network access can read and write files in the Public folders
    • Turn off Public folder sharing (people logged on to this computer can still access these folders)
  5. Click Save changes.

Notes:

  • When you share the Public folder on your computer with other people, they can open and view the files stored there just as if they were stored on their own computers. If you give them permission to change files, any changes they make will change the files on your computer.
  • If you click a Public folder or its content, you will see Advanced sharing settings in the Share with menu. This option takes you to the Control Panel where you can turn Public folder sharing on or off.
  • By turning on password-protect sharing in Control Panel, you can limit Public folder access to people with a user account and password on your computer. This option is not available on a domain.

Turning password-protected sharing on or off:

  1. Click on Start button, click on Control Panel, click on Network and Sharing Center, and then click on Change advanced sharing settings in the left pane.
  2. Expand your current network profile.
  3. Under Password protected sharing, select one of the following:
    • Turn on password protected sharing
    • Turn off password protected sharing
  4. Click Save changes.

To stop sharing a file or folder:

Right-click on the item you want to stop sharing, click Share with menu at the top of File Explorer, then select Nobody.


Modifying File and Print Sharing and Network Discovery from Windows command line (CMD)

Network discovery and file and print sharing from Windows command line can be enabled using the following commands:

netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

To disable these functions in Windows, use the same command, replacing all instances of “Yes” with a “No”.


Accessing shared resources

From a Windows machine:

  • Step 1: From Windows Explorer on a different Windows PC, Select Network to list the computers on your network.
  • Step 2: Double-click the computer you would like to access, then provide its username and password.
  • Step 3: You will now see the folders that are being shared on that remote computer.

User-added image

From a Mac:

  • Step 1: From Finder, select Go, then Network, then Shared.
  • Step 2: Double-click the computer you would like to access, and provide its username and password.
  • Step 3: You will now see the folders that are being shared on that remote computer.

Troubleshooting

  • Please ensure that the printer or file sharing device is powered on and connected to the network.
  • If you are still not able to access the files or folders you might have a permission issue, please refer to this Microsoft support link.

Permalink