FAQs

CradlePoint Services (24)

View category →

Summary

This article provides a list of questions commonly asked about Enterprise Cloud Manager (ECM), and the answers to those questions. The Configuration Examples sections includes links to articles that demonstrate the function of the ECM service.

Enterprise Cloud Manager is Cradlepoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with Enterprise Cloud Manager, Cradlepoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.

A detailed explanation of the Enterprise Cloud Manager service can be found on the ECM product page.


 

Requirements

To establish a successful connection to Enterprise Cloud Manager, a Cradlepoint router must meet the following requirements:

1. Supported Product: Only the following router models can currently be added to ECM: AER2100, MBR1400v2, MBR1400v1, CBA850, CBA750B, IBR1100, IBR1150, IBR600, IBR650, IBR350, MBR1200B, CBR400, and CBR450.

2. Minimum Firmware: 4.3.2 (CBR4x0 only) and 4.4.0 (all other models). Using most recent available firmware version is recommended.

Note: Product support is planned for the following router models: CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250. Expected minimum firmware requirement for Series 2 products is 2.0.0.

Click here to identify your router. For information on upgrading firmware, click here.

3. NTP Server Connection: Routers must sync with a time server before they can communicate with Enterprise Cloud Manager. ECM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century. By default, the routers boot up at Unix epoch 0 (January 1, 1970), which leads the TLS client to think the certificate is invalid without a time sync.

 

Frequently Asked Questions

What level of redundancy and reliability features do the Enterprise Cloud Manager Servers have?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:

Datacenter Redundancy and Reliability:

  • 24x7x365 onsite staff
  • Dual power circuits tied to N+1 redundant datacenter UPS systems
  • Onsite diesel backup power generators
  • Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
  • Fiber carriers enter datacenters at disparate points to guard against service failure
  • N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering

Server and Software Redundancy:

  • Redundant load balanced application servers
  • Master database in isolated private network with one-hour replacement
  • Full nightly backups
  • Rackspace SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.

What are the security measures for the Enterprise Cloud Manager Servers?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:

Datacenter Security:

  • Cradlepoint servers are located in a secured area within a Tier IV datacenter.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
  • 24x7x365 onsite staff
  • Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.

Hardware and Software Security:

  • CISCO ASA Firewall
  • Only authorized Rackspace operations personnel are allowed physical access to production ECM servers.
  • Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.

Event and Log Management:

  • All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
  • Automated logs track and log changes, including backups of this data.

Does Cradlepoint perform vulnerability assessment of the ECM servers?

Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the ECM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.

How many devices can your system support and how many do you have on the system now?

Cradlepoint manages more than 80,000 devices on WiPipe Central today. ECM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.

As a System Integrator, can I have multiple primary accounts that I can use to manage my customers’ devices, and can I see all of my customers’ devices?

Yes, with ECM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).

When an ECM account password is lost, how is it reset?

The user navigates to the “Request new password” page (link on the ECM central login page) where an email address is entered. If the email address entered matches an email address associated with an ECM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.

Cradlepoint support personnel do not have access to ECM user passwords and thus cannot provide any passwords over the phone.

How strong are ECM passwords and how long do they last?

The following password options are available:

  • Password minimum length (default = 8)
  • Require one or more CAPITALIZED letters in the password (default = yes)
  • Require one or more symbols or numbers in the password (default = yes)

The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.

How are passwords stored within the ECM Servers?

All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses thePBKDF2 algorithm with a SHA-256 hash.

Is User Data stored within the Cradlepoint devices?

No user data is stored on the Cradlepoint devices.

Do new users receive a unique password?

When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to select a new password for their account.

When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.

How do you integrate with Network Management Systems?

Enterprise Cloud Manager can be integrated with any Network Management System via the Enterprise Cloud Manager API. The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.

How many levels of user account privileges does ECM support?

ECM supports three levels of user access privileges for a customer.

  • Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
  • Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
  • Read-Only User – has read-only access for their account and any sub-account(s) below their account.

How much data does being connected to Enterprise Cloud Manager consume?

Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in “typical” scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.

How do you support Private Networks (cellular or wired)?

ECM can support a customer’s Private Network (3G/4G or wired networks). For device management, ECM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).

Support for Private Networks can be achieve by either of the following:

  • Customers create a firewall rule to allow ECM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).
ECM Private Network Support

Permalink

0 Comments - Leave a Comment


Getting Started

Status Menus

Router Configuration

Enterprise Cloud Manager

Troubleshooting


Getting Started

Take it out of the box and plug it in!

Connecting a Computer to a CradlePoint Router

Accessing the CradlePoint Admin Pages

Enterprise Cloud Manager Registration

Product Manual – First Time Setup Wizard

Product Manual – Status – Dashboard


Status Menus


Router Config

Network Settings

Internet

System Settings


Enterprise Cloud Manager

Enterprise Cloud Manager Main Page

Enterprise Cloud Manager FAQ

Perparing to migrate from WPC to ECM

How to migrate GROUPS from WPC to ECM

How to migrate DEVICES from WPC to ECM

Upgrading router firmware for ECM compatibility

Tracking modem data usage with ECM

Using a LAN gateway to connect a device to ECM

Configuration priority in ECM

Multi-Factor Authentication


Troubleshooting

Troubleshooting DNS

Troubleshooting wired WAN problems

Troubleshooting WiFi as WAN

Troubleshooting prior to RMA

Gaming console firewall problems

Permalink

0 Comments - Leave a Comment

Summary

Upgrading the modem firmware regularly is important to keep a secure and reliable internet connection. This can be done manually or through ECM, this document focuses on upgrading through ECM.

Please note that this only upgrades the modem firmware, to upgrade the router firmware click here. To connect with this modem you must also have an activated SIM from the carrier in the device. During the upgrade process the modem will restart: the router may go offline for a few minutes if this modem is it’s primary WAN connection.

Although a single Cradlepoint modem may have two SIM card slots (e.g., IBR1100 integrated modem), it is one modem module and can only have one modem firmware version, and therefore only one carrier at a time. The exception is that the AER 2100 could have two distinct integrated MC400 modems, each with two SIM slots. So while each modem by itself can only have one firmware version, the AER 2100 can support two integrated modems – on distinct carriers- simultaneously.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Log in to Enterprise Cloud Manager.
  • Step 2: Select the Devices tab and then Network Interfaces from the drop down menu at the top.

User-added image

  • Step 3: Next we need to locate the modem we want to upgrade. The easiest way to do this is by sorting the Router Name or Router ID column, or to search by a specific router name using the search tool.
  • Step 4: In the example shown below, the grid is filtered using the search tool (searched by a specific router name, IBR1100LPE) and the filter tool (selected Modems) in the top toolbar so that only the two relevant interfaces display.

User-added image

  • Step 5: To check if the modem firmware is current, first select the desired interface. *Note that integrated modems with two SIM slots show two interfaces in the grid. Both will always have the same modem firmware, so selecting either one will have the same results.
  • Step 6: Once you have selected an interface, click Commands in the top toolbar and Upgrade Modem Firmware in the drop down menu. *Note that you can also check if your modem has the latest firmware by selecting Check for New Modem Firmware

User-added image

  • Step 7: Please review the agreement notes before proceeding. The modem will restart after this point.

User-added image

  • Step 8: Once you click the OK button, the firmware upgrade will begin.
  • Step 9: The modem firmware upgrade takes a few minutes. The Modem FW Status column shows the state of the update, e.g., “Downloading (38%),” and the Modem FW column shows the update that is in process.

User-added image

  • Step 11: Once complete, the Modem FW Status column says, “Upgrade Successful” and the Modem FW column is updated with the new firmware version:

User-added image

  • Step 12: If the update fails for some reason, reboot the router before trying again.

Troubleshooting

  • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and therefore there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
  • If the modem is unable to complete the upgrade and no internet connection remains, local access to update the modem will be necessary. Click here to upgrade the modem firmware manually.

Permalink

0 Comments - Leave a Comment

Cradlepoint 6.0 Firmware Upgrade

Products Supported: AER31x0, AER21x0, MBR1400v2, MBR1400, MBR1200B, CBA850, CBA750B, IBR11x0, IBR6x0, and IBR350.

Summary

Firmware version 6.0 has been released and introduces a vastly improved GUI for all routers. The new GUI takes the look and feel of Enterprise Cloud Manager (ECM) and brings it to the router. The menus have been reworked to be more intuitive and discoverable, and yet the configuration experience in itself has stayed similar to the previous UI. In short, finding the menus is easier and configuration has stayed as easy as always.

ECM users will immediately be displayed the new router GUI when configuring a router or group of routers with FW 6.0 or greater providing an improved and consistent user experience across the platform.

Along with the new UI, some notable new functionality is now available in FW 6.0:

  • Object Firewall
    • Independently create identities and policies, then match them to create rules
    • Easier to configure and more flexible
  • Connection Manager has been revamped, and now easily configurable in ECM
    • Manage all WAN connections remotely in a single, intuitive UI
  • WiFi-as-WAN Improvements
    • Intelligent AP handover capability

Cradlepoint recommends upgrading a few routers and take some time to get familiar with the UI, the new firewall, Connection Manager, and other important configuration elements, before moving their entire fleet.

Firmware 6.0 will comes with more extensive documentation to ease the transition.

Permalink

0 Comments - Leave a Comment

Summary

This article describes the process of enabling modem Data Usage tracking through Enterprise Cloud Manager (ECM).

Data usage information is initially tracked within the routers, and then sent to ECM at specified intervals. ECM has multiple options for displaying the received modem data usage statistics:

  • Dashboard provides a quick, visual overview of your devices’ data usage
  • Reports will generate a CSV file containing the data usage information
  • Alerts can be configured to send an email whenever modems reach user-defined data thresholds

Note: There is a potential for some loss of data between the router and ECM if, for example, the router reboots before sending a usage sample. The data usage numbers in ECM are strictly estimates and are dependent on information provided by the modem through the router: these may not match the carrier numbers. The carrier is the final authority for billing purposes.


Configuration

Adjust Reporting Interval or Disable Usage Reporting

Configuration Difficulty: Intermediate

Data Usage Reporting is enabled by default, with an interval of 1 hour. This interval can be as increased to full 24 hours, or decreased to mere 5 minutes. A shorter reporting interval will provide a more accurate depiction of data usage at a given moment. Please keep in mind that the process of sending each report to ECM also uses up data, so setting a short reporting interval will result in greater overall data usage.

Note: The user-defined interval is a minimum: there are some event triggers that could cause additional data usage reports to be sent to ECM, such as heavy data usage.

To change the reporting interval, follow the directions listed below:

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Click on the Groups tab.

User-added image

  • Step 4: Select the group for which you wish to adjust data usage reporting setting, and click Settings.
    • Note: For this change to apply to multiple groups, each group has to be edited individually.

User-added image

  • Step 5: Move the slider next to Enable Data Usage Reporting to adjust the reporting interval.
  • Click OK to save the changes.

User-added image

Note: From the same interface, it is possible to completely disable data usage monitoring. To do so, simply remove the check-mark from the box next to Enable Data Usage Reporting.

User-added image

View Data Usage through the Dashboard

Configuration Difficulty: Beginner

With ECM it is possible review modem data usage at a glance, both on the group level and for each individual router.

  • To view aggregated data usage information, pulled from all interfaces of routers registered under your account, log into your ECM account, and click on the Dashboard tab in the menu on the left.
  • To view router-specific information, click on the Devices tab on the left, and then click on the name of the router to open its individual Dashboard.

Generate CSV Report

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
    • Note: There will be no historical data available for any devices that were not in groups or were in groups that had data usage reporting disabled.
  • Step 3: Click on the Reports tab.
  • Step 4: Click the arrow icon in the Report Type field and select Data Usage.

User-added image

  • Step 5: Specify a report date range by manually selecting start and end dates and times, or by clicking one of the quick option buttons.

User-added image

  • Step 6: Specify a data source by clicking within either the Accounts or Groups fields and then click OK.
    • Note: Selecting the accounts without specifying groups will pull data from all routers within all groups under the selected accounts.

User-added image

User-added image

  • Step 7: Select any additional fields to be displayed in your report from the list within the Router, Network Interface, or Modem Information sections.
  • Step 8: Click Run Report to generate a CSV file with the specified information.

User-added image

  • Step 9: Click OK to close the report notification.
  • Step 10: Within a few seconds your browser will ask what to do with the generated file. Pick the option to either open the file or to save it, and then click OK.
    • Note: If you do not get this option, please check your browser security settings.

User-added image
Optional:

  • Step 11: Click Create Saved Report to tell ECM to remember the selected time interval, data source, and any additional information fields selected.
    • For a saved report, it is recommended to use a time interval, like 1 Week, instead of hard start and end dates.
  • Step 12: To run a saved report at a later time, select it in the Saved Reports drop-down menu at the top of the Reports page, and click the Run Report button.

Configure Usage Alerts

Configuration Difficulty: Intermediate

Data Usage Alerts ignore the defined data usage report interval and get sent out immediately. CradlePoint recommends setting up data threshold Alerts for the most accurate, consistent information: receive an email whenever you reach one of your thresholds. For example, configure ECM to email you when your modem reaches 85% and 100% of your monthly data plan.

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Navigate to the Groups tab and select the group that will have the ability to generate data usage alerts. ClickConfiguration and choose Edit in the drop-down menu.

User-added image

  • Step 4: In the Edit Configuration window, click Internet and choose Data Usage in the drop-down.

User-added image

  • Step 5: Make sure Enable Data Usage is checked, and then click Add within the Template configuration section.

User-added image

  • Step 6: Define the data usage rule. Click here for an in-depth explanation of available options.
    • We recommend setting the thresholds lower than the billing allowances and regularly comparing the numbers ECM reports with those from the carrier.
  • Step 7: Click Submit to save the rule.

User-added image

  • Step 8: Click Commit Changes to send the the setting to the router, then click OK to close the warning message.
User-added image
  • Step 9: Click the Alerts tab in the menu on the left, then click the drop-down arrow next to Log and choose Settings.
User-added image
  • Step 10: Click Add to create a new alert.
User-added image
  • Step 11: Define the alert parameters and Save the rule.
    • Specify the groups and/or accounts that will generate the data usage alerts.
    • Choose Data Cap Threshold and any additional events that should generate an alert.
    • Optional: Select users that will receive alerts by email. If a user is not selected, alert events will be displayed on the Alerts>Log page, but no email will be sent out.
    • Optional: Set interval. By default, every alert event will immediately be processed, but this functionality can be adjusted to send a batch of alert events in an hourly or daily digest.

User-added image


Troubleshooting

There are No Data Usage Statistics Displayed

If you are running a report, or viewing data usage on the Dashboard, and there is nothing displayed, please check the following:

  • Data Usage Reporting might be disabled for the group
  • The modem might not be reporting any usage
    • The WAN connection could be completely unused for the selected time period
    • The modem is disconnected and is not sending data usage statistics to ECM

Permalink

0 Comments - Leave a Comment

General M2M Question (24)

View category →

M2M stands for “”machine-to-machine”” communications. Essentially, it is the exchange of data between a remote machine and a back-end IT infrastructure. The transfer of data can be two-way:

  • Uplink to collect product and usage information
  • Downlink to send instructions or software updates, or to remotely monitor equipment

In the past, the high cost of deploying M2M technology made it the exclusive domain of large organizations that could afford to build and maintain their own dedicated data networks. Today, the widespread adoption of cellular technology has made wireless M2M technology available to manufacturers all over the world.

Wireless M2M applications include connectivity-enabled devices that use a cellular data link to communicate with the computer server. A database to store collected data and a software application that allows the data to be analyzed, reported, and acted upon are also key components of a successful end-to-end solution.

Permalink

0 Comments - Leave a Comment

Four LEDs are visible from the front and top of the AirLink GX400. Labeled (from left to right) Network, Signal, Activity, and Power, each LED can display one of three colors: green, yellow, or red.

  • LED Operation:
  • Off – No activity
  • Green – Full function
  • Yellow – Limited Function
  • Red – Not functional
  • Blinking – Where needed, blinking is used to indicate altered functionality
  • Network LED:
  • Green – On the network
  • Flashing Green – Roaming
  • Yellow – Found service, attempting to connect
  • Flashing Yellow – Link down
  • Red – No data connection available
  • Signal LED – Light shows the strength of the signal and may be nearly solid
    (strong signal) or flashing (weaker signal). A slow flash indicates a very weak
    signal
  • Green – Good signal
  • Yellow – Marginal signal
  • Red – Bad signal
  • Flashing Red – No signal
  • ActivityLED – Pulse green on packet transmit/receive on radio link.
    Otherwise, LED is off
  • Power LED:
  • Off – No power (or above 36V or below 7.5V)
  • Red – System not operational
  • Green – Normal operation
  • Green, Occasional Yellow – GPS Lock
  • Yellow – Low power mode or system booting

Caution: If you need to reset the device configuration using the Reset button, hold the button depressed until the LEDs start cycling yellow, and then release the button.

Light Patterns

The LEDs on the front of the device respond with different light patterns to indicate device states.

    Normal – Each LED is lit as applicable

  • Start up and Device Reboot – All LEDS simultaneously cycle red, yellow, and green at the start. Various light patterns continue until the Power LED turns yellow, and then a solid green, to indicate an active device
  • Radio Passthrough (H/W) – Network LED is a solid red
  • Factory Reset – All LEDs cycle yellow back and forth when the Reset pin is briefly depressed and released. Returns the device’s software to the factory default state
  • Data Retry, Failed Auth, and Retrying – The Network LED blinks red every 3 seconds

Learn More about the Sierra Wireless Gx440

 

Permalink


The Sierra Wireless GX400/440 has two visible Ethernet LEDs on the rear panel of the GX400 and GX440 devices:

  • Left LED (Activity) – Blinks Yellow when there is activity
  • Right LED (Link Speed):
    • Green – 100 Mbps
    • Orange – 10 Mbps

AirLink GX400 + GX440 FAQ

Permalink


Four LEDs are visible from the front and top of the AirLink GX400. Labeled (from left to right) Network, Signal, Activity, and Power, each LED can display one of three colors: green, yellow, or red.

  • LED Operation:
  • Off – No activity
  • Green – Full function
  • Yellow – Limited Function
  • Red – Not functional
  • Blinking – Where needed, blinking is used to indicate altered functionality
  • Network LED:
  • Green – On the network
  • Flashing Green – Roaming
  • Yellow – Found service, attempting to connect
  • Flashing Yellow – Link down
  • Red – No data connection available
  • Signal LED – Light shows the strength of the signal and may be nearly solid
    (strong signal) or flashing (weaker signal). A slow flash indicates a very weak
    signal
  • Green – Good signal
  • Yellow – Marginal signal
  • Red – Bad signal
  • Flashing Red – No signal
  • ActivityLED – Pulse green on packet transmit/receive on radio link.
    Otherwise, LED is off
  • Power LED:
  • Off – No power (or above 36V or below 7.5V)
  • Red – System not operational
  • Green – Normal operation
  • Green, Occasional Yellow – GPS Lock
  • Yellow – Low power mode or system booting

Caution: If you need to reset the device configuration using the Reset button, hold the button depressed until the LEDs start cycling yellow, and then release the button.

Light Patterns

The LEDs on the front of the device respond with different light patterns to indicate device states.

    Normal – Each LED is lit as applicable

  • Start up and Device Reboot – All LEDS simultaneously cycle red, yellow, and green at the start. Various light patterns continue until the Power LED turns yellow, and then a solid green, to indicate an active device
  • Radio Passthrough (H/W) – Network LED is a solid red
  • Factory Reset – All LEDs cycle yellow back and forth when the Reset pin is briefly depressed and released. Returns the device’s software to the factory default state
  • Data Retry, Failed Auth, and Retrying – The Network LED blinks red every 3 seconds

Permalink

0 Comments - Leave a Comment

The Sierra Wireless GX400/440 can be reset to factory defaults by pressing and holding the “Reset” button continuously for 7 – 8 seconds. When all LEDs start flashing Yellow, release the Reset button and the unit will re-boot with the factory default options.

Permalink


Cradlepoint Products (7)

View category →

IPv6 Settings

This is the product manual section for IPv6 Settings for the WAN. To edit these settings, go to Internet → Connection Manager. Select a WAN Interface and click on Edit to open up the WAN Configuration editor. IPv6 Settings is one of the tabs:

IPv6 configuration window


The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Permalink


Connection Manager


The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


Router Firmware Upgrade: Best Practices

Products Supported: Series 3 Click here to identify your router.


Quick Links

Summary

Configuration

Best Practices

Related Articles


Summary

This article provides instructions on how to upgrade your Series 3 Cradlepoint router through the local device and through Enterprise Cloud Manager(ECM). Best practices regarding firmware upgrades are also listed within this article.

Caution: Updating the firmware can permanently damage your router. The upgrade process will take several minutes. Do not unplug your router from the provided power supply during this process.

Note: Downgrading firmware to a version lower than 5.2.0 will require resetting the router to factory default settings.


Configuration

Configuration Difficulty: Easy

Local Router Upgrade

Automatically Upgrading from 5.4.x or Earlier

Note: The device has to be on the internet to update automatically

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the top menus to System Settings>System Software
User-added image
  • Step 3: Press the Automatic(Internet) button.
User-added image

Automatically Upgrading from 6.0.x or Later

Note: The device has to be on the internet to update automatically

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the left-hand menus to System>System Control>System Firmware
User-added image
  • Step 3: Press the Automatic(Internet) button.
User-added image

Downloading Firmware for Manual Upgrade

Note: These instructions are only for manual firmware upgrades. You do not need to download firmware when upgrading automatically or with ECM.

  • Step 1: Log into your Connect Portal account. The login page can be found here.
  • Step 2: Click the menu button. Hover over My Support and click Firmware Downloads.
User-added image
  • Step 3: Select the model of your router from the drop down menu.
User-added image
  • Step 4: Click download on the firmware version you are updating to
User-added image

Manually Upgrading from 5.4.x or Earlier
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the top menus to System Settings>System Software
User-added image
  • Step 3: Press the Manual Firmware Upload button.
User-added image
  • Step 4: In the box that appears press Choose File and use the pop up window to navigate to the firmware file
User-added image
  • Step 5: Press Begin Firmware Update
User-added image

Manually Upgrading from 6.0.x or Later
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the left-hand menu to System>System Control>System Firmware
User-added image
  • Step 3: Press the Manual Firmware Upload button.
User-added image
  • Step 4: In the box that appears press Select Firmware File and use the pop up window to navigate to the firmware file
User-added image
  • Step 5: Press Begin Firmware Update
User-added image

ECM Upgrade

  • Step 1: Log into your Enterprise Cloud Manager account. The login page can be found here.
  • Step 2: Navigate across the left-hand menu to Groups.
User-added image
  • Step 3: Create a new group for the device using the firmware the device is currently on.
User-added image
  • Step 4: Navigate to Devices and select the router. Press the move button and put it in the new group.
User-added image
User-added image
  • Step 5: Navigate back to the groups page and press firmware. Select the firmware you would like to upgrade to.
User-added image
  • Step 6: Press Run Now
User-added image

Best Practices

Configuration Backup

It is recommended that before upgrade you backup your configuration. Click here for help making backups.

Firmware Testing

Before upgrading routers in a live deployment, it is a good idea to test the firmware before updating all your devices. Testing beforehand also helps to have a smoother time when upgrading all your devices.

The best way to test is to have a lab environment where you can create a situation similar to your live network and test how your configuration will work with different firmware.

The next step would be to test a small controlled group of devices in production on the prospective firmware to ensure a smooth transition for that firmware to your network.

Stair Stepping

When upgrading firmware between major and minor versions, it is highly recommended to perform a stair-step upgrade. A stair step upgrade entails making short jumps between firmware versions as shown below.

           Example: From 5.1.1 to 6.1.0
                   Start:___5.1.1
                Update 1:_________5.2.0
                Update 2:_______________5.2.4
                Update 3:_____________________5.3.4
                Update 4:__________________________ 5.4.1 
                Update 5:_________________________________6.0.1
                     End:_______________________________________6.1.0

Permalink


Products Affected: AER31x0, AER2100, AER16x0, IBR11x0, IBR9x0, IBR6x0, IBR6x0B, IBR6x0C, IBR350, CBA850, and MBR1200B. Click here to identify your router.

Summary

Cradlepoint was notified of critical security vulnerabilities discovered in the dnsmasq network service (CVE-2017-14491 and others); in response Cradlepoint has taken steps to incorporate the dnsmasq version 2.78 into its latest NetCloud OS.

If exploited, this vulnerability could allow attackers to remotely execute code, forward the contents of process memory, or disrupt service on an affected router. As described in various sources, this flaw is difficult to trigger, requiring an attacker who controls a specific domain to send DNS requests to dnsmasq requiring it to cache replies from that domain. Through carefully constructing DNS requests and responses, dnsmasq could cause an internal buffer overflow using content influenced by the attacker.

More details can be found here: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html.


Affected Products

Cradlepoint recommends customers immediately upgrade products to the upcoming NetCloud OS versions (available 10/30/17) to mitigate this vulnerability. All router products are affected, including:

• AER3100 / AER3150
• AER2100
• AER1600 / AER1650
• IBR1100 / IBR1150
• IBR900 / IBR950
• IBR600 / IBR650
• IBR600B / IBR650B
• IBR600C / IBR650C
• IBR350
• MBR1200B
• CBA850

NOTE: Routers used in default configuration were not exposed on their WAN interfaces. Routers were exposed to their Local Network, including the Guest LAN (if enabled).

NetCloud Manager has been patched for all its own affected services. Usernames and passwords are not at risk.


NetCloud OS Patch

6.4.2 (Available 10/30/17) – All products listed above

6.4.3 (Available 12/11/17) – IBR900/IBR950 – FIPS

Remote NetCloud OS Upgrades

For remote devices, Cradlepoint recommends using NetCloud Manager to upgrade NetCloud OS, manage networks intelligently, and avoid costly truck rolls. If you haven’t deployed NetCloud Manager, you can start a free 30-day trial of NetCloud Manager today.
Local NetCloud OS Upgrades

For information on updating NCOS locally on the Cradlepoint please consult the below articles.

NCOS: Automatic NetCloud OS Update

NCOS: How to update the NCOS of a Cradlepoint router.


Interim Mitigation Until NetCloud OS Release

Because malicious tools could be used to obtain passwords during this period, Cradlepoint recommends the following steps to protect your network during the interim:

  1. Disable Guest Access via the NETWORKING > Local Networks > Local IP Networks tab.

Once NetCloud OS 6.4.2 or 6.4.3 is Available
1. Upgrade to the latest NetCloud OS version
2. Re-enable Guest Access if it was disabled

Permalink


Summary

Two new vulnerabilities that affect many modern microprocessors were published on January 3rd, 2018. These vulnerabilities could allow attackers to read the contents of memory used by other applications on the same server or even processes running in other virtual machines (VMs).

The first vulnerability, called Meltdown, affects only Intel CPUs and can be fixed with an operating system patch.

The second, called Spectre, affects CPUs from AMD and ARM. It requires a CPU design change and cannot be fixed in software.

Cradlepoint routers are not affected by either vulnerability.  However, Cradlepoint services like NetCloud Manager (NCM) and NetCloud Perimeter (NCP) run on servers that may be vulnerable.

What is it?

Both vulnerabilities are based on a CPU optimization called “speculative execution”. Both also require an attacker to install malware on the target system.

With Meltdown, an attacker — who can install and run a program on the target machine — can access the memory of all other programs running on that machine.

With Spectre, an attacker can “read” memory of other programs through indirect means.

For more information, please see

  1. https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
  2. https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
  3. https://meltdownattack.com

 

 

The related CVEs are shown below:

CVE-2017-5715 (Spectre) “branch target injection” mitigated by CPU microcode update from CPU vendor
CVE-2017-5753 (Spectre) “bounds check bypass”
CVE-2017-5754 (Meltdown) “rogue data cache load” fixed with OS update

What Cradlepoint devices or services may be affected?

All NCM and NCP services run on cloud servers which may be affected. However, most NCM services run on multi-tenant servers and Cradlepoint’s primary cloud provider has patched their servers so that NCM is not vulnerable to Meltdown attacks running in other tenant spaces.

 

NCM could still be vulnerable to Meltdown exploits which manage to install malware on the NCM VMs. The operating system patch to fix Meltdown is expected to be released soon.  Cradlepoint will then begin immediate execution of its plans to apply the patch to all NCM systems.

 

No Cradlepoint routers use CPU’s vulnerable to Meltdown.

 

For Spectre, Cradlepoint does not support installing compiled applications on any routers with the Spectre vulnerability. An attacker would need to install malware that exploits certain CPU instruction patterns. Such patterns can only exist in compiled programs and Cradlepoint does not support compiling SDK apps.

Published Date: 01/08/2018

Permalink


Cradlepoint Series 3 (104)

View category →

If you are unsure of your CradlePoint series or Model number, please click here.

This article was written based on firmware verison 5.0.0.


Symptom:

Unable to access a Series 3 CradlePoint router setup page due to default password failure.

Causes:

  1. Using the default password outlined in the quick start guide example rather than the specific default password for this specific router.
  2. Password entry is error.
  3. The password has been changed and it is no longer the default password.
  4. The keyboard cap’s lock is enabled.
  5. You may have gone through an initial router set up and changed your password.


Resolution:

  1. Use the password 8 character password listed on the bottom of the CradlePoint router, which is also the last 8 characters of the MAC address.
    • The default password will only contain lowercase letters a – f and digits from 0-9.
    • The default password will never contain the letter “O” — only the number 0.
Note: If you are unsure whether or not the password is getting typed correctly, type the password into a simple editor such as Notepad and verify.

 

Note: Check that your keyboard Caps Lock is turned off and Number Lock is on.
  • If you cannot remember what you changed your password to, you can reset the CradlePoint back to the default, here is how.

Permalink

0 Comments - Leave a Comment

QUICK LINKS:


OVERVIEW:

This document is intended to assist a field engineer with configuring a Series 3 CradlePoint router with multiple content filtering instances for different VLANs.

Enabling multiple content filtering instances allows the CradlePoint to filter unencrypted content based on IP addresses or URLs only, on each VLAN independently.  For the ability to do board category based content filtering, please consult the following articles:

Series 3: How to Configure OpenDNS Content Filtering

ZScaler Cloud Based Content Filtering and Security


TERMS:

Rule Priority – used to determine the order rules are evaluated.  Higher priority rules (bigger numbers) are evaluated first and the first one to match has its assigned action taken.  Exceptions to existing rules can be created by adding another rule with a higher priority.  For example if access to maps.google.com is desired, but google.com is blocked with a priority of 50.  The addition of an allow rule for maps.google.com with a priority of 51 or greater will allow access.


SYSTEM REQUIREMENTS:

One of the following CradlePoint Models: AER 2100, MBR1400v2, MBR1400, IBR600, IBR650, CBR400 & CB450


FIRMWARE VERSION:

5.0.0 (4.3.2 for CBR400 & 450) or later

User-added image



CONFIGURATION:

These directions will assist you with configuring multiple content filtering on separate VLANs

The content filtering examples in this document assume that your VLANs are configured as shown.

The IP networks in the examples are as follows:

Management  192.168.0.0/24  (VLAN1)

PC  192.168.5.0/24  (VLAN5)

Red_VLAN  192.168.50.0/24  (VLAN50)

Green_VLAN  192.168.60.0/24  (VLAN60)

These directions demonstrate how each IP network may be configured with its own content filtering settings to allow or prevent access to designated URLs or IP addresses.

  1. Verify that your VLANs have been configured (click here for our article on setting up VLANs), and any WAN/LAN Affinity rules have been configured (click here for our article on setting up WAN Affinity).
  2. If not already connected, log into the CradlePoint’s Administrative Pages (click here for instructions on accessing the Administrative Pages).                                                                                                                                     User-added image
  3. Click on Network Settings > Content Filtering.                                                          User-added image
  4. The “Default Filter Settings” are configured by default to allow access to all URLs and IP addresses. User-added image
  5. Under “Network WebFilter Rules”, click Add to create a new rule.
  6. In the “Domain / URL Filter Rule Editor” page, set the “Assigned Network” to the LAN you would like the rule to apply.
  7. In the “Domain/URL/IP” field, type the URL or IP Address that you would like to create a rule for.
  8. Set the “Filter Action” to “Block” or “Allow”, depending on the purpose of your rule.
  9. Set the “Rule Priority” to a value between 1 & 100.  Rules with a higher priority take precedence over rules with lower priority. User-added image
    • This example shows how to create a rule on the “Red_VLAN” to block all traffic intended for the URLwww.examplexxxwebsite.com.
  10. Click Submit to add the new rule.  You will now see the new rule in the “Network WebFilter Rules” section for the network the rule is assigned.                                                                                                                              User-added image
  11. The default behavior for each network filter is to “Allow Access” to all URLs.  To change the default behavior for a network, go to “Default Network Settings”, select the network, click Edit, and change the “Default Action” to Block Access.
    • This example shows how to change the default behavior of Green_VLAN to “Block Access”. User-added image User-added image
    • Note that the “Default Action” is now displayed as “Block Access” for Green_VLAN.  This change prevents access to any URLs that are not specifically allowed in a “Network WebFilter Rule”. User-added image
  12. Repeat steps 6, 7, & 8 for each rule.

Rules may be configured to block or to allow IP addresses or URLs for each network.

This example will allow Green_VLAN access to the URL “maps.google.com”.     User-added image

This example will block all access to the subnet 166.0.0.0/8 for the “Workstations” network: User-added image

This example uses a higher rule priority to allow all access to the subnet 166.148.0.0/16 for the “Workstations” network: User-added image

After making the changes shown in the examples above, the “Network WebFilter Rules” page should look like this: User-added image

 

Permalink


This article is intended for CradlePoint Series 3 routers. If you are not sure what series or model CradlePoint router you have, please click here.

This article was written based on firmware version 5.0.0.


Overview:

By default the CradlePoint router will allow the modem to connect to the highest speed network available. In cases where both 3G and LTE networks are available but the LTE signal is weak, a modem that supports connection to both networks might still try to connect on LTE instead of dropping down to a more reliable 3G connection. This might cause slow speeds, frequent disconnects, or a complete lack of an Internet connection. To resolve this issue, it may be necessary to have the CradlePoint router instruct your modem to connect to 3G only.

Note: Not all LTE providers and modems may support this feature through Series 3 CradlePoint routers. Listed below are the carriers and modems which have been tested by CradlePoint:

  • Verizon 4G LTE modems: Pantech UML290, Novatel USB551L, LG VL600.
  • AT&T 4G LTE modems:  Sierra Wireless AC313U Momentum, Hauwei E368 Force 4G



Directions:

If you are not sure how to access your router’s administrative console, click here.

  1. Click on the Internet tab and select Connection Manager from the dropdown menu. User-added image
  2. Within the WAN Interfaces list, click to highlight your modem. User-added image
  3. Click the EditUser-added image
  4. Within the WAN Configuration window, select the Modem Settings tab. User-added image
  5. Change the Modem Connection Mode to either Auto 3G or Force 3G, and then click Submit to apply the changes. Your modem will briefly disappear from the WAN Interfaces list while it reconfigures itself.User-added image
Note: Forcing the modem to 3G will prevent it from being able to connect to any network other than 3G.




Note: If nearby cell towers have been upgraded to support 4G LTE, or if you move the CradlePoint into an area that supports 4G LTE, just change the Modem Connection Mode back to Auto (all modes) or Force LTE. It is a good idea to check signal strength and quality values to determine which connection mode would be more reliable.

Permalink


If you are not sure what Series CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.


Symptom:

The Wireless Network Name is showing, and I don’t want it to be shown.


Cause:

When this option is set to Visible, your wireless network name is broadcast to anyone within the range of your signal. If you’re not using encryption then they could connect to your network. When Invisible mode is enabled, you must enter the Wireless Network Name (SSID) on the client manually to connect to the network.


Resolution:

  1. Login to the router at http://192.168.0.1 Click here if you are unsure of how to access the setup pages.
  2. Go to Network Settings tab
  3. Select Wi-Fi Local Networks
  4. Go to the box labeled “Local Network Interfaces”
  5. Place a checkmark next to the network name that you want to hide
  6. Click the Edit button                                                                                                       User-added image
  7. Place a checkmark in the box labeled Hidden on the menu that appears after clicking Edit
  8. Click Submit                                                                                                                    User-added image
  9. Your wireless network is now Hidden.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Configure remote access on a Series 3 CradlePoint router.

Cause:

Ability to remotely access and administrate a CradlePoint router..

Resolution:

  1. Log into the routers administration page (login instructions).
  2. Click the System Settings tab.                                                                                        User-added image
  3. Click Administration.                                                                                                        User-added image
  4. Click on the Remote Management tab.                                                                        User-added image
  5. Check the Allow Remote Web Administration box.                                                   User-added image
  6. Record the HTTP Port number for future use.                                                             User-added image
  7. If you would like to use HTTPS, you can enable that check box now.  NOTE:  If enabling HTTPS allow 30 minutes before accessing the router.                                                                                                                          User-added image
  8. Click Apply then click OK on the warning dialog and OK again for the settings applied dialog.                           User-added image
  9. Configuration is complete, connect to your CradlePoint for remote web administration.

NOTE:  To access the the router from the internet the IP address must be known.  A DynDNS account or static IP address issued by your cellular carrier or ISP will maintain knowledge of the routers address.

To access the router from the Internet on a computer not on the CradlePoint router’s LAN, enter the [IP address]:[port number] or [DynDNS]:[port number]  into a web browser address bar.  For example:

  • 172.22.96.125:8080

Permalink


Cradlepoint Series 2 (49)

View category →

If you are unsure of CradlePoint Series or Model number, please click here.


The Logs allow you to track activity, failures, firewall activity, connection and disconnection of WAN devices, DDNS (Dynamic DNS) updates, VPN connections (VPN enabled routers only) and many other events taking place inside your router. Logs are a very useful tool in troubleshooting and monitoring your router’s status at any given time.

To view your router’s logs, log into the router’s admin pages and select the Status tab then ‘Logs’ from the left menu.

Log Options

This section allows you to turn on and off the visibility of various message types and levels. There are three types: Firewall & Security, System, and Router Status. There are also three levels for each type: Critical, Warning, and Informational.

By un-checking the various log option check boxes and selecting the ‘Apply Log Settings Now’ button you will remove those message from view in the Log Details section (even though they are still generated.) This can be particularly useful when you would like to only monitor the router for critical errors and warnings. Any disabled messages and be re-enabled by selecting their check box then ‘Apply Log Settings Now.’

Log Details

The Log Details section allows you to see information generated from the activities of the router such as administrators logging in and out, IP address assignments to clients, Dynamic DNS updates, email activity from the router, packets blocked by your firewall, and even the progress of a VPN connection on VPN-enabled routers.

From this section, you can Clear, Refresh, Email your logs, or Save your logs to your machine. We recommend saving a log file when you are having difficulties with your router that require you to call our Support team. By doing so, we can more easily diagnose what may be causing the problems you are experiencing. In other cases, you may simply want to document the activities of your router for future reference, or keep an eye on the computers being handed IP addresses. 

Refresh

Refresh updates the current log entries visible in the list. New entries will continue normally after you refresh the list. This is handy when you are waiting for a process such as Dynamic DNS updates to complete.

 

Clear

Clearing the logs simply empties the list. Log entries will continue normally after you clear the list and can be re-cleared at any time.

 

Save Log

Save log will save a local copy of the current log entries to you machine in a standard text format. This file can later be saved or emailed as needed.

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.


Symptom

Unable to access the internet with a WiMAX modem connected to the CradlePoint router.


Cause

Each cellular carrier uses a slightly different network configuration for their WiMAX modems.


Resolution

  1. Log into your router’s setup pages. If you are unsure how, click here.
  2. Go to the “Modem” tab along the top, then click “Settings” along the left side.
  3. Find the box titled “Modem Specific Settings”                                                                                                                                       User-added image
  4. Change the drop-down menu for “Modem Interface” to the Interface your modem is plugged into.
  5. Scroll down to the “WiMAX Settings” section and change the drop-down menu for “Carrier” to the carrier you are using.User-added image
  6. Then go back to the top of the page, click “Save Settings” and then “Reboot Now

Allow up three minutes for the modems initial connection after the router reboot.  If the modem does not connect after three minutes, unplug your modem from the router and then replug the modem to force the modem to reinitiate its connection cycle.  

Permalink


If you are not sure what Series CradlePoint router you have, please click here.

This article is written based on the 2.0.0 series 2 firmware version.


Description:

Periodically cellular carriers will release “Firmware Update Management Object” (FUMO) and/or “Preferred Roaming List” (PRL) updates for their supported modems.  Normally these updates must be performed with the modem plugged directly into the computer, but for certain modems the CradlePoint router can perform these updates directly.

You will want to verify whether the CradlePoint firmware you are using supports FUMO and/or PRL updates.  Either refer to the firmware release notes for your router to see if your modem supports these updates or else you can just perform the update steps below to see if the update options are available.  If the update options are not available, then the firmware version you are using on the CradlePoint does not support FUMO or PRL updates for that modem.

This article describes the process to update a modem’s FUMO or PRL while the modem is connected to a Series 2 Cradlepoint router.  


Directions:

  1. Log into the routers administration page (login instructions). 
  2. Click on MODEM in the red bar and INFO in the left column.
  3. In the MODEM DIAGNOSTICS section, you will  find the current firmware version (FUMO) and PRL versions.      User-added image
  4. Click on UPDATE on the left side.                                                                                                      User-added image
  5. If the CradlePoint supports FUMO and/or PRL updates for the modem you are using, you will see a DEVICE section like the picture below.                                                                          User-added image
  6. If the modem supports firmware (FUMO) updates, you will see the Auto Configuration section.  To update the modem’s firmware, clickInitialize.                                                                                     User-added image
  7. You will see a confirmation message stating that the update may take up to ten minutes.  Click OK to begin the modem firmware upgrade process.                                                                                                                          User-added image
  8. If the firmware updated successfully, you will see this window.  Click OK to continue.                                       User-added image
  9. Now that the FUMO update has been completed, below Preferred Roaming List (PRL) Update click Update.                                                                                                                                                                                 User-added image
  10. You will see a confirmation message stating that the update may take up to ten minutes.  Click OK to begin the modem firmware upgrade process.                                                                                                                          User-added image
  11. If the PRL update completed successfully, you will see this window.  Click OK to continue.                               User-added image

After making these changes, the modem should now be updated to the most current FUMO and PRL versions.


Note:

If you get a failure message when attempting to update the FUMO or PRL, make sure that the modem is connected and online and try again.

Permalink

0 Comments - Leave a Comment

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0.

Symptom:

Intermittent or poorly performing Internet connections with a cellular modem when used with a CradlePoint router.

Cause:

Low signal or high interference areas can cause cellular modem disconnects when using a Cradlepoint router.

Resolution:

  1. Log into the routers setup page (login instructions).
  2. With the cellular modem plugged into the router, click the MODEM tab.
  3. In the MODEM DIAGNOSTICS section locate the Signal Strength (dBM) entry.  The associated -dBm value is the cellular signal that the modem is reporting to the router.
  4. This number will update every 10 seconds.  Monitor the -dBm value for 1 to 2 minutes to get an overview of the current signal characteristics.                                                                                                                                     User-added image

Understanding the Cellular Signal:

Please consult this ARTICLE for information regarding Signal Strength levels needed to maintain an internet connection with a CradlePoint router.

NOTE:  Often a cellular modem connection may appear stable when plugged directly into a computer although the signal is actually marginal.  However, when the modem is used in the router this marginal signal may degrade slightly due to physical and electrical differences between the computer and router.  This small amount of signal degradation (~1 – 2dBm) can be enough to not allow the cellular modem to connect through the router.  Try the router/modem in other locations in your home or office.

Suggestions to Optimize Cellular Signal:

  • Move the router/modem to a side of the building that faces the carriers cellular tower.
  • Move the router/modem to a higher point in the building, second floor, on top of tall cabinets, etc.
  • Do not place the router/modem near any electrical devices, wiring, or radio devices.
  • Use a 3 to 10ft. good quality USB extension cable between the modem and router.
  • Use a passive cellular antenna plugged directly into the modem.

Note:  Cellular signal boosters do not improve cellular signal quality.  Use of a cellular signal booster may or may not improve the cellular signal characteristics although the signal level may report a -dBm that is within the modems allowable range.

Permalink


If you are unsure of which CradlePoint Series or Model number you have, please click here.

This article was written based on the 2.0.0 series 2 firmware version.

Overview:

For information on what Aggressive Modem Reset is, please visit the article “What is Aggressive Modem Reset“.

Instructions:

  1. Connect to your router, Login to its admin pages (192.168.0.1 by default)
  2. Click on MODEM in the red bar, then click on SETTINGS in the left column
  3. Scroll down to the Global Reset Settings section.
  4. Place a checkmark in the Aggressive Modem Reset box.
  5. Go to the top of the page and click Save Setting, click Reboot Now when prompted.
aggressive modem reset

Permalink


Sierra Wireless Products (44)

View category →

The SIM slot is located on the front left (as you are looking at the side with the lights and the reset button) behind the plastic cover. To access the SIM slot on the device you must remove the plastic cover with a 2mm or 5/64″ hexagon Allen wrench. Install the SIM card with the gold contacts facing down and the cut-out facing to the right. The GX400/440 also includes a SIM lock-down feature to prevent the SIM from moving during extreme vibration. The cover has a tab to mechanically secure the SIM in place during extreme vibration. When replacing the cover, first place the front into the lip and push back to make sure the four holes are aligned before screwing the bolts back in place.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


If the AirLink® GX400/GX440 is used in a vehicle or battery-powered application, the red wire should be connected to battery power and the black wire to ground. The white low-power timer enable wire must be connected to either unswitched or switched power for the GX400/GX440.

  • Red = Power
  • Black = Ground
  • White = Low-Power timer enable wire (Ignition Sense)
  • Green = Digital I/O

PLEASE NOTE: If the white lower-power wire is not used, it must be tied into the red wire. Otherwise, the device will not power on.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Yes, it will work, but not at LTE speeds. It will fall back to HSPA. For LTE speeds a GX440 must be procured.

Please contact us and let’s know if we can be of additional help.

Permalink


Designing a photovoltaic solar system destined to supply the energy needs of a transmitting and receive wireless radio modem involved elements very different than a system designed as grid tied, or to connect to AC power devices. The attached devices have low energy demands, energy remains in DC (no invertor is used to create AC power), panel mounting space is minimal, and environmental conditions can be harsh.

Choosing A Solar PV Panel

The Solar PV or photovoltaic panel harvests electricity from the sun. Quality and efficiency vary widely from manufacturer to manufacturer. Panels often use polycrystalline silicon, monocrystalline silicon, amorphous silicon, cadmium telluride, and copper indium (di)selenide/sulfide (CIGS). CIGS has the highest absorption coefficient of solar modules and is useful in harvesting energy in sub-optimal conditions such as on cloudy and overcast days and has high efficiency and carry a high cost per watt. Monocrystalline thin film solar cells are often more expensive than multi-crystalline or polycrystalline based cells, but have a greater efficiency which is useful for wireless off-grid installations and provide a balanced price to performance.
While researching ratings be mindful of whether the wattage is rated as PTC or STC. PTC or PVUSA Test Conditions uses a known constant developed by NREL (National Renewable Energy Labs). STC, or Standard Test Conditions, uses a methodology which produces higher results. Generally PTC is held to be more reflective of real-world solar and climatic conditions.

Understand the efficiency of the panel. On a pole mounted system , an efficient panel should be used to ensure that the system can be powered by one or two panels.

The panel must have its performance characteristics available, and these should follow a know standard such as PTC mentioned above.

The panel needs to be paired with a proper solar charge controller. USAT technical service engineers can help differentiate the balance between panel productivity and charge controller efficiency. If you are limited on panel space, and have a heavy demand, then we need to maximize panel yield along with using a highly efficient Maximum Power Point Tracking charge controller. On a recent deployment USAT leveraged these performance attributes along with an optimal battery array to meet a DOT requirement of 10 days runtime, without sun.

Along with the panel size, the power demand must be taken into account. USAT has demand requirements in varying loads on transmitting and receives wireless radios such as those in the Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400 and GX-440, Encore Bandit, Cradlepoint MBR and COR, Digi Connect, Digi WR, and Digi Transport, CalAmps, Multitech and Red Lion Sixnet Bluetree.

Permalink


Briefly press the Reset button to initiate a power up or reboot. All LEDs turn Red, then Yellow, then Green, and then light in the configurations below. After the kernel has booted, while the ALEOS software is initializing, the Power LED turns Yellow, then Green, and the Network LED will flash Yellow, change to a solid Yellow, and finally turn Green.

Permalink


Digi Products (3)

View category →

Firewall concerns:
Firewalls (and the IT security people that maintain them) are generally concerned with protecting a location’s Local Area Network from unauthorized use – both from traffic coming at the network from the outside world, and traffic from within the local area network going outward.  A Remote Management-capable Digi product falls into the latter category, because the Digi device creates an outbound TCP socket connection to the Device Cloud or Remote Manager server.  This  EDP (easy device protocol) socket connection is tunnel through which data gets pushed from your Gateway to to the Device Cloud, so that data can be accessed from anywhere in the world.

The following article describes:

  • The IP socket connections used when a Digi RF Gateway,TransPort Router, or edp-capable device (using Digi Cloud Connector) makes a Remote Management connection to Device Cloud or Remote Manager
  • How to determine the IP address in use for a given Device Cloud or Remote Manager DNS name

Locations where it is likely that Firewall Rules will be needed:

Those who are trying to connect to Device Cloud or Remote Manager from a location which has strict outbound firewall rules will especially need the guidance found within this article.  Some likely examples for this type of network security environment include:  Government offices/buildings and institutions, Schools, Universities, and some Businesses (especially ones that do government contract work).

 

What network port(s) does a Gateway or Connect-capable device use to connect to Device Cloud?

By default, the TCP and/or UDP port(s) your Device Cloud-capable Gateway or device uses to connect with Device Cloud will depend in part on the age/default configuration of your Gateway, the device’s configuration, as well as the particular model.

TCP Port 3197:  The outbound EDP/non-SSL (non-secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway (especially if the product hasolder firmware), which may still be configured to create an un-encrypted Device Cloud socket connection.

Note:  If possible, the firmware of older products should be updated so that the Device Cloud configuration settings can changed to use of SSL socket connections into the Device Cloud instead (see next entry below).

TCP Port 3199:   The outbound EDP/SSL (secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway with newer firmware which are configured to create a secure SSL socket connection into Device Cloud.  Required on ALL Linux-based Gateways, examples:  XBee Gateway ZB andConnectPort X2e for Smart Energy.  Can also be required if the Device Cloud account is configured to accept SSL connections only (new Device Cloud option as of version 2.16)

UDP Port 53:  Outbound DNS (Domain Name Service) name recognition service, i.e. translates the my.devicecloud.com name for Device Cloud connectivity.

Note:  DNS service is not a requirement.  If access to DNS service is not allowed or possible from your network, the device’s remote connectivity address would need to use the IP address of my.devicecloud.com (52.73.23.137), rather than the DNS name itself (see below under What IP address is needed for outbound Firewall rule(s)? for more details).

UDP Port 123:  The outbound socket connection to an NTP (time) server is required for ALL Linux-based Gateways such as the XBee Gateway and ConnectPort X2e, as well as  gateways and devices configured for NTP time management.

Important Note for all XBee and ConnectPort X2e Gateways (and Gateways configured for NTP Time Management)

The XBee Gateway and ConnectPort X2e are Linux-based gateways which require outbound access to UDP port 123 (NTP), in order to generate the secure (SSL) TCP socket connection into Device Cloud.  Any Gateways which are configured for NTP time management will have this requirement as well, since the Gateway connects to an NTP server in order to to keep an accurate date/time.

If your XBee (or CP-X2e) Gateway is added to your Device Cloud account but never shows up in a Connected state, check to ensure that outbound NTP access is available for the Gateway through your local network Firewall.  ConnectPort X2 and X4 gateways would still connect to Device Cloud (assuming TCP port 3199 isn’t blocked), but the Gateway might show an epoch 1970-based date/time if no other Time Sources are configured.
What IP address is needed for outbound Firewall rule(s)?

The best way to determine that is to do an nslookup of the DNS name for the Remote Management server you want your device(s) to connect to.  As of the date of this article (6/16/2015), here is how this looked from my Windows 7 commandline (Start – Run – CMD) prompt when doing nslookup of our various Remote Management and NTP ring servers:

Digi Device Cloud and Remote Manager device connectivity address:

C:\>nslookup my.devicecloud.com

Name:    my.devicecloud.com
Address:  52.73.23.137

Past Device Cloud connectivity addresses which may still be in use on devices (all device configurations should be updated to use of the my.devicecloud.com address, then re-connected to the server at the new address):

devicecloud.digi.com
login.etherios.com
my.idigi.com
app.idigi.com

devicecloud-uk.digi.com
login.etherios.co.uk
my.idigi.co.uk

Digi Primary NTP Time Server Ring addresses:

C:\>nslookup time.devicecloud.com

Name:     time.devicecloud.com
Addresses:  52.25.29.129, 52.2.40.158

Secondary/Tertiary NTP Time Server addresses for pool usage:

C:\>nslookup 0.time.devicecloud.com

Name:     0.time.devicecloud.com
Addresses:  52.2.40.158

C:\>nslookup 1.time.devicecloud.com

Name:     1.time.devicecloud.com
Addresses:  52.25.29.129

Deprecated NTP/Time server addresses which may still be in use on devices (all devices should be updated to use time.devicecloud.com within their configuration):

time.digi.com
time.etherios.com

time.etherios.co.uk
0.idigi.pool.ntp.org
1.idigi.pool.ntp.org
2.idigi.pool.ntp.org

Making the Firewall Rules:

If the IP address of the DNS name ever changes (before this article is updated to reflect it), a Windows CLI command can be used to determine the IP address of our server:

nslookup <DNS name of server>

The Name and Address fields will be the DNS name and IP address for the Remote Management or Time server listed.  Your firewall rule will need to allow access for the appropriate network port used based on your Gateway’s Device Management configuration, as well as UDP port 123 if NTP Time Management is in use.

Important Note regarding deprecated DNS names:

If your Gateway is configured to use an idigi.* or etherios.* DNS name, it should be re-configured to use the my.devicecloud.com url at your earliest convenience. You will need to create firewall rules for all IP addresses/ports used, for all Remote Management and Time (NTP) DNS server names used within your device.

Permalink


Cloud services can be used for applications built around Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Digi International has a platform called iDigi. iDigi is a cloud platform for both device network management and for data management. The iDigi Device Cloud is designed using a high-availability architecture, with redundancy and failover characteristics. It is a highly scalable system that can host single units to tens of thousands of Digi devices. It also has web services APIs for secure application integration and data messaging. iDigi device clouds are located in Chicago and in London and you can select to which cloud your data is subscribed.

Device management also include the ability to send commands to remote devices. Standard web service calls are available to manage traditional device settings. An optional Server Command Interface / Remote Command Interface (SCI/RCI) mechanism is available for any custom device or application commands that may be required.

iDigi Manager Pro is a pay-as-you-go model, starting at $1.59 per registered device, per month. Sending data to and from the iDigi Device Cloud is billed on a transactional basis and are available at different usage levels. Data is managed through iDigi, which means that iDigi provides a collection point of data. iDigi is not a (long-term) data storage solution–Digi Dia data is stored for 1 day, and iDigi files are stored for 7 days.

Permalink


Unlike the ConnectPort WAN, the serial ports on the standard builds of the Digi Transport line are DTE not DCE serial, this means that a null modem cable should be used instead of a cross-over cable.

Null modem is a communication method to connect two DTEs (computer, terminal, printer etc.) directly using an RS-232 serial cable. The name stems from the historical use of the RS-232 cable to connect two teleprinter devices to modems in order to communicate with one another; null modem communication was possible by instead using RS-232 to connect the teleprinters directly to one another.

Permalink


Digi Transport (18)

View category →

Debug output is usually obtained through the serial port (ASY0) or via telnet on the router (not SSH).

The options are:
“debug 0”   ->   ASY0
“debug 1”   ->   ASY1
“debug t”   ->   TELNET

To obtain debug output through SSH connect to the router via an SSH client & log in:

User-added image

Now, from the command line run the CLI command “TELNET 127.0.0.1” & log in:

User-added image

Now, you can send the debug output to the Telnet port running the CLI command “debug t” to see the debug output:

User-added image

Following an example in which IKE debug is enabled with level 4 (very high) and a IPsec VPN is removed:

User-added image

NB: In order to be sure to have all the debug output without losing old logs, please assure that the scroll line limit of the SSH client  is high (for example 2000). In Putty for example you should go to Change settings > Window to change the “Lines of scrollback” value:

User-added image

Permalink


Digi TransPort RJ45 Serial Port to Cisco RJ45 Console Port – Cable Pinout

TransPort                            Cisco
Pin 1 – RTS                         Pin 1 – RTS
Pin 2 – DTR                         Pin 2 – DTR
Pin 6 – Tx                            Pin 3 – Tx
Pin 7 – DCD                        Pin 4 – DCD
Pin 5 – GND                        Pin 5 – GND
Pin 3 – Rx                            Pin 6 – Rx
Pin 4 – N/A                          Pin 7 – DSR
Pin 8 – CTS                         Pin 8 – CTS

Permalink


Recommendations

It is recommended that a switch be used between the PC that will be uploading the files to the TransPort and the TransPort itself. Issues may occur in the file transfer and/or IP addressing if a switch is not used, and the process will need to start over to recover the TransPort.

Recovery Process

1) FlashWriter will first need to be downloaded and installed. You can download the latest version of FlashWriter from the Digi support site under the TransPort family of products:
http://www.digi.com/support/

2) The proper firmware file will also need to be downloaded to the local PC. Download the FlashWriter version of the firmware file with the .zip file extension from the Digi Support site at the below link:

http://transport.digi.com/digi/firmware/

NOTE: If you are unsure which firmware file to use, please contact Digi Technical Support for further assistance.

3) Extract the downloaded .zip file, which will give you the .all and .ini files needed to perform the upgrade.

4) Launch FlashWriter to view the first screen below, using the options shown below:

5) Click Advanced in the upper left corner, and choose Set remote TFTP IP address. With the most recent version of FlashWriter you will not need to perform steps 5 and 6).

6) Fill in a temporary IP address that will be used on the Digi TransPort and click OK, as shown in
the image below:

7) Set a Static IP address on your PC that falls within the same subnet range as the temporary IP
address that was assigned to the TransPort. Using the example IP above, the PC could be set to
an IP address of 192.168.1.100/24.

8) Once the IP addresses have been set on both the PC and in FlashWriter, click the Load button.
Click Yes on the first warning pop-up to continue.

9) Fill in the serial number of the TransPort and click OK. This number can be found on the label on
the bottom of the device:

10) A prompt for the location of the .all file will then pop-up. Click OK and browse to the file on the
PC’s hard drive.

11) After choosing the .all file, FlashWriter will ask you to choose the module type that is installed in the TransPort. Choose the appropriate module from the drop down list, and click OK.


12) Depending on the size of the firmware file, this may take a few minutes to complete the process. Once completed, a message should appear at the bottom of FlashWriter indicating so, as shown in the image below:

13) After the process completes, the TransPort will reboot itself and be back to factory defaults with the latest firmware installed.

Permalink


1)  Insert SIM card into a SIM slot 1.

2)  Power up Digi TransPort.

3)  Open a web browser and connect to Digi TransPort using the default IP address of 192.168.1.1.

4)  Once you are logged into the web interface, select Wizards under the home page, and then select radio button for Carrier Switching Wizard, as shown in the screenshot below:

User-added image

5)  Select AT&T on the next screen and then click next:

User-added image

NOTE:  The carrier firmware download may take few minutes to fully complete.  Do not navigate away from the screen while the firmware download is in progress

6)  Once the firmware download completes, navigate to Configuration – Network > Interfaces > Mobile > Mobile Settings, and locate the section titled Service Plan/APN.  In this field, enter in the APN provided by the carrier, as shown below:

User-added image

7)  Click on the Apply button and then Save the changes to flash.

NOTE:  It might take few minutes for device to get an IP address from the carrier when activating the device for the first time.  The Mobile IP address should appear under the Cellular section on the home page once obtained, and the Link/Service LED should go solid on the device:

User-added image

Permalink


There is a reset button on the underside of most routers, holding this button in for 5 seconds will perform a factory reset on the router. When the reset is initiated in this manner, the LEDs on the front of the router will flash to indicate a reset is in progress, the router will automatically reboot once the procedure is complete. Do not remove the power while the router is running this reset procedure. Using this method will not preserve any settings.

Permalink


Digi Remote Manager (5)

View category →

Remote Manager uses tags to categorize devices.  You may want to edit the tags associated with a device if the purpose of a device changes or if you use tags to create a new sub-category of devices. Device tags are stored in Remote manager and not on the device.

To add a tag to a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Enter the name of a tag in the text box and click Add Tag.
  5. Click Save. The new tag is associated with the device.

To edit tags for a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the tag name you want to edit. The tag name appears in the text box.
  5. Edit the tag name as needed and click Change Tag.
  6. Click Save. The new tag is associated with the device.

To remove a tag from a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the red X under action to delete the corresponding tag underStream Name.
  5. Click Save. The new tag is associated with the device.

Permalink


The groups feature allows you to add or create a group and assign a list of devices to that group. You can create a hierarchical structure of device groups to help organize your device inventory.

To create a group

  1. Click Device Management > Devices.
  2. Click the Groups button and select Add Group. The Add Group dialog appears.
  3. Type a group name.
  4. Choose the folder where you want to place the new group. The default is the root level.
  5. Click the Add Group button. The group name appears in the folder structure under the root directory in the left pane.

To add a device to a group
You can add one or more devices to a device group, and can add up to 500 devices to a group at one time.

  1. Click Device Management > Devices.
  2. Select the device(s) you want to add to a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.
  3. Click Assign to Group. The devices are added to the selected device group.

To move/remove a device from a group

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups you wish to remove the device from.
  3. Select the device(s) you want to remove from a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.  You may also select the “/” to move it to the root directory.
  3. Click Assign to Group. The devices are added to the selected device group or root.

To edit device group properties
You can edit device group properties, including the group name and its parent in the groups hierarchy.

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups.
  3. Click Groups and select Edit Group from the drop-down.
  4. Make changes to the group name and location as needed.
  5. Click Edit Group to confirm your changes.

To Remove a device group
Removing a device group removes the group itself and moves all devices in that group to the parent level in your device list.

  1. Click Device Management > Devices.
  2. Click to select the device group you want to remove from the device hierarchy in the left panel under Groups.
  3. Click Groups and select Remove Group from the drop-down. A confirmation dialog appears asking you to confirm that you want to remove that group.
  4. Click Yes to confirm. The group is deleted and any devices in that group move to the parent level in your device hierarchy.

To show or hide device groups
This feature will allow you to toggle the Groups display to hidden or visible.

  1. Click Device Management > Devices.
  2. Click the Show/Hide Groups button on the far left side of theDevices toolbar.

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


Introduction:

This article will discuss how to configure your Digi TransPort router for use with Remote Manager by utilizing the built-in Web User Interface (WebUI) of the Digi TransPort itself.

Changing the Remote Manager connection settings from the WebUI

The Digi TransPort WebUI can be accessed locally via the local IP address (LAN or WAN), or the Cllular Mobile IP address (provided your cellular account is one which supports Mobile Termination, and that you left a pinhole for HTTP or HTTPS through which to get to the WebUI if configured for IP Passthrough).

If you know the Mobile IP address and have met the conditions above, you should be able to open the TransPort’s WebUI by opening a browser to the Mobile IP of your TransPort at this time, but keep in mind that accessing the TransPort WebUI via the Local IP is preferred if available, since it doesn’t affect your cellular bill, is faster, and generally less prone to connection loss.

If you can get to the Local IP of the TransPort (this is an Ethernet or Wi-Fi connected TransPort and you’re at that location), you should access the TransPort’s WebUI using the Local IP address instead. The Digi Device Discovery Tool for Windows can be used to discover the Local IP address of the TransPort, if unknown. If you run the Device Discovery Tool and see a “No devices found?” message, and you’ve verified your TransPort is both powered on and has a solid Link LED present, you may want to check this article for Digi Device Discovery Troubleshooting Tips.

Assuming you can access either the Mobile (WAN) or Local (LAN) IP address and are now looking at the Web User Interface of your Digi TransPort:

1. Open Configuration -> Remote Management -> Remote Manager on the WebUI, then click the check box for “Enable Remote Management and Configuration using Remote Manager”. It should look similar to this:

2. On the page above, from the drop down menu, select the desired Device Cloud server :remotemanager.digi.com for the US Cloud or remotemanager-uk.digi.com for the EU Cloud.

3. Ensure the “Automatically reconnect to the server after being disconnected” box is checked as shown in the example, and configured with the 10 second value listed (or a reasonable alternative), as this is the box that tells your router to re-connect to the Remote Management server, should the connection get broken for some reason

4. Apply any changes by clicking the Apply button, when configuration is complete.

5. Click the blue “here” link to save the configuration, as shown below:

6. Click the “Save All” button from the ensuing page and you should get a message saying “The configuration has been saved successfully!”, then click the OK button.

7. After a minute or so, you should see that your Transport has established (i.e. state = ESTAB) a Remote Management connection to the Remote Manager server by viewing the Management -> Connections -> IP Connections page under the “General Purpose Sockets” listing towards the bottom:

In Closure: If all went well, your Digi TransPort should now be “Connected” on the Remote Manager server you selected in step 1 above.

Permalink


Adding your Digi TransPort to Remote Manager

  1. Log into your Digi Remote Manager account.
  2. Click on the Device Management tab.
  3. Click on the Add Devices button on the tool bar

  4. Add the Digi TransPort by either discovering it locally, or manually adding the Device ID, using either of the the two methods described below:

Discovery method:

  1. After hitting Add Devices (step 3 above), click the Discover >> button.

  2. Click the Discover button on the 2nd Add Devices screen.

  3. Select the Digi TransPort to be added, and click OK.

Manual method:

  1. After hitting Add Devices (step 3 above), click the dropdown which defaults to MAC Address, and select Device ID instead.

  2. Populate the entry field to the right of Device ID with the Device ID of your Digi TransPort.  This can be obtained from the Digi TransPort WebUI Home page if needed.

  3. Click the Add button, then click OK.

Your Digi TransPort should now be added to Remote Manager:

After your device is added, it should show up in the list of devices as disconnected (a Red icon beside the device means Disconnected, see below).

After a minute or so, refresh the device list by clicking the Refresh button, and verify a Connected state as seen below.  A Blue icon indicate the device is connected to Remote Manager.

 

Conclusion:

If you see the Blue/Connected icon next to your TransPort, it means that your device was properly configured, and you can now manage your TransPort on Remote Manager.  If still not connected after a a few minutes, you’ll want to re-check your TransPort Remote Management and Network configurations, as well as make sure you aren’t running into any Firewall issues between the TransPort and Remote Manager.

Permalink


Digi Device Cloud (5)

View category →

HOW TO: Change the Device Cloud Name on Gateways Using Device Manager from the Device Cloud
To change the server name for the Device Cloud connection from your Device Cloud account, you will navigate to the Device Management tab, right click on the desired Digi device and select Properties.

From the Properties screen, navigate to Advanced Configuration > Remote management connection > Remote management connection 1.  Type in the server name (en://my.devicecloud.com) in the Server address field:

User-added image

Click Save to save the changes.  Your device may disconnect from the Device Cloud and reconnect using the new name.

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


One very useful aspect of Device Management on the Digi Device Cloud is the ability to view the Connection History of a device.  This of course refers to the connection history of that device as viewed from Device Cloud, and is a record of a device’s connections and disconnections with the server, for whatever reason.

Device Cloud Connection History (from the device UI):

Getting the Connection History from the Data Streams API:

As seen above, the Connection History of a device is something which Device Cloud keeps track of.  A screen like the one above may be useful when wanting to know the current state of a device or what’s been going on with it, but short of taking a screenshot or copying/pasting that information into a text file, the information isn’t very portable.  The good news is, the Connection History is something which is also tracked as a Data Stream, and each of the Connect/Disconnect events is a separate Data Point within that Stream.

To query the Data Stream Connection History if the same device, we must query for the Data Points which make up that Stream as follows:

/ws/DataPoint/{deviceId}/management/connections/

Example Request:  /ws/DataPoint/00000000-00000000-00409DFF-FF5DF1CB/management/connections/

Response (for a single Data Point of the Stream):

<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<result>
<resultSize>206</resultSize>
<requestedSize>1000</requestedSize>
<pageCursor>27f2d9aa-beab-11e5-92dc-fa163ea15feb</pageCursor>
<requestedStartTime>-1</requestedStartTime>
<requestedEndTime>-1</requestedEndTime>
<DataPoint>
<id>f5e6756c-75c8-11e5-8dc1-fa163ee3abab</id>
<cstId>70</cstId>
<streamId>00000000-00000000-00409DFF-FF5DF1CB/management/connections</streamId>
<timestamp>1445194168409</timestamp>
<timestampISO>2015-10-18T18:49:28.409Z</timestampISO>
<serverTimestamp>1445194168412</serverTimestamp>
<serverTimestampISO>2015-10-18T18:49:28.412Z</serverTimestampISO>
<data>{“connectTime”:”2015-10-18T03:14:07.442Z”,”disconnectTime”:”2015-10-18T18:49:28.409Z”,”type”:”Wi-Fi”,”remoteIp”:”213.35.189.122″,”localIp”:”192.168.82.204″,”bytesSent”:70412,”bytesReceived”:69588,”session”:”6b861b2f-bd52-4455-b9fc-dc92693460db”}</data>
<description/>
<quality>0</quality>
</DataPoint>…
</result>

As can be seen in the <resultSize> field, there were 206 Data Points in the response to the query, so I’ve only listed one Data Point as an example of the type of data retrieved from the Connection History Data Stream.

Permalink


NetCloud Engine (82)

View category →

Summary

This article describes what a NetCloud Engine network is. This also shows how to configure and use multiple networks on your NetCloud Engine account.

A NetCloud Engine network is a secured logical container that allows you to group remote computers to be able to communicate as if they were on the same local network. When you first create an account with NetCloud Engine, your first network is named and created. All devices that you add at that point will be added to your new network. This includes new users you added or invitees (if the invitee is a new account).

Setting up multiple NetCloud Engine networks can be very helpful in controlling who has access to particular devices, as well as to help in managing the local networks.


Configuration

Configuration Difficulty: Beginner

Creating multiple networks

NetCloud Engine allows you to create as many networks for one account as you wish. Each network is completely separate, so when you switch a device from one network to another, it will no longer be able to communicate remotely to the devices on the previous network. It will still have a membership of the previous network, but will appear offline.

  • Step 1: Log into the web management console.
  • Step 2: At the top right of the page, click the Create a network button.

User-added image

  • Step 3: Give your network a name, then click Create new network.

User-added image

Switching from one network to another

There are two ways you can switch a device from one network to another.

From the web management console:

  • Step 1: Select your network.

User-added image

  • Step 2: Click Manage devices at the top right.

User-added image

  • Step 3: Select the device that needs to be moved.
  • Step 4: In the I want to.. menu at the top of the page, then select Switch Network.

User-added image

  • Step 5: Choose the new network and click Switch network.

From the device itself:

  • Step 1: Click on the NetCloud Engine icon in the system tray, and then select Network.
  • Step 2: Choose the network you want to switch to.

User-added image

Renaming a network

Tip: To rename a different network than the one you’re currently on, switch to it by clicking on the name of the current network next to the search box at the top of the page.

  • Step 1: Select your network.
  • Step 2: Click the stacked three dots at the top right.
  • Step 3: Click the pencil icon next to the Network Name to edit it.
  • Step 4: Enter a new name as necessary.

User-added image

Permalink


Summary

This article describes the steps necessary to uninstall the NetCloud Engine client from various operating systems


 

Configuration

Configuration Difficulty: Basic
Windows

To uninstall NetCloud Engine on a Windows machine, go to the Windows Start button on the bottom corner of your screen and type in the search box “Program and Features”. Next, select “Program and Features” and in the list of programs, select NetCloud Engine Connect and then uninstall.

Mac

To uninstall NetCloud Engine on a Mac, please use the following steps:

  • Step 1: Click on Finder to get the menu bar
  • Step 2: Select Go in the menu bar

User-added image

  • Step 3: Select Go to Folder…

User-added image

  • Step 4: Enter “/Library/Application Support/Pertino” and select Go button
  • Step 5: Double-click on NetCloud Engine Uninstaller.app to run the uninstaller
  • Step 6: Once it is uninstalled, you will see the following message:

User-added image

Linux Client

To uninstall the Linux client, see the following instructions:

Centos
rpm -qa | grep -i pertino

rpm -e <enter pertino-connect-xxx name returned in the query>
Ubuntu
sudo dpkg -r pertino-client

Note: After you uninstall Pertino, make sure you go to the DeviceView page on Web Management Console (app.pertino.com) and delete the device as well. If you own the device, select Deactivate Device instead of Delete from Network.

Permalink


Summary

This article describes the steps necessary to set up NetCloud Engine to work with Virtual OpenVZ server (Parallels).


Configuration

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. You must make TUN/TAP device available inside a container:

sudo vi /etc/modules (add “tun” to the end)
:wq Save and Quit vi
sudo reboot This will stop all containers

Granting a container access to TUN/TAP:

CTID=container id
vzctl set $CTID --devnodes net/tun:rw --save
vzctl set $CTID --devices c:10:200:rw --save
vzctl set $CTID --capability net_admin:on --save
vzctl exec $CTID mkdir -p /dev/net
vzctl exec $CTID mknod /dev/net/tun c 10 200
vzctl exec $CTID chmod 600 /dev/net/tun

Permalink


Summary

The UI for NetCloud Engine is located at app.pertino.com which uses active script to display the login page section. If active script is disabled, the login section will not appear. This is disabled by default on Windows 2008 R2 using IE 8.


Configuration

Configuration Difficulty: Intermediate

How to enable Active Script in IE 8:

  • Step 1: Select tools and then Internet Options.
  • Step 2: Select the security tab and then ‘Custom level…’ button.
  • Step 3: Navigate to ‘Scripting’ section, then to ‘Active Scripting’, then select ‘Enable’
  • Step 4: Select ‘Yes’ within the warning to allow changes to apply, then select ‘Ok’
    • Note: You will need to close out all browsers to allow changes to apply.

Permalink


How do I enable UsageMonitor Beta?

As the network owner of a Trial or Business plan, you can select the “Activate” button under UsageMonitor Beta on AppScape page. Once activated, the network owner can select “UsageMonitor” on MyApps page.

To whom is UsageMonitor Beta available?

UsageMonitor Beta is available to any network owner on a Trial or Business plan.

Is there an extra charge for UsageMonitor Beta?

No, there is no extra charge for UsageMonitor Beta at this time for Trial and Business plan network owners.

What does UsageMonitor Beta track?

UsageMonitor tracks traffic over the NetCloud Engine network only; it excludes local traffic and remote traffic that do not cross NetCloud Engine (e.g., Internet traffic). It tracks the last 1 day and last 7 days of usage for the network. For the 1-day graph, the horizontal axis is by hours (based on your local browser time) and the vertical axis is in Bytes/Kilobytes/Megabytes/Gigabytes depending on the traffic volume for the day. The 7-day graph’s horizontal axis is by dates for the last 7 days, and vertical axis is in Bytes/Kilobytes/Megabytes/Gigabytes depending on the traffic volume.

Why don’t I see Internet traffic?

NetCloud Engine is currently split tunnels meaning that only traffic destined to a NetCloud Engine device from a NetCloud Engine device traverses the NetCloud Engine Cloud. All other traffic bypasses it and is therefore not reflected in UsageMonitor Beta’s charts. When I transfer a file to another NetCloud Engine client, is the traffic double-counted? In a sense, yes. For example, when you send a 10MB file to another NetCloud Engine device, your usages will show a 10MB transmit (plus protocol overhead). The receiving device will show a 10MB receive. When the devices’ usages are aggregated, the result will appear to be double counted as 20MB (plus overhead).

What is a top talker?

A top talker is user or device that send more data throughout the NetCloud Engine network than other users. UsageMonitor keeps track of the top five users and top five devices.

How can I see the detailed usage of a top talking user or device?

Click on the top talker you wish to detail and you will be brought to the detail page for that user or device.

How do I see usage for a User or Device which is not a top talker?

This is not supported today; however, we plan to add this in future iterations of UsageMonitor.

Where did the OS breakdown on the Dashboard go?

With the initial release of UsageMonitor Beta, the OS breakdown is replaced by the 7-day usage chart if you have UsageMonitor Beta activated. With future releases, you will be able to rotate through the different dashboard pages (OS breakdown, Usage, etc.).

How can I get the OS breakdown on the Dashboard back?

Currently, you would have to deactivate UsageMonitor Beta for the network.

I transferred a file but I don’t see the usage.

UsageMonitor will display data about 15 minutes after your file transfer.

Why is my chart blank?

If your chart is blank it means that UsageMonitor did not see any traffic. Remember, only traffic that traverses the NetCloud Engine network is reported in UsageMonitor; Internet and local traffic are not measured.

Can I see the usage for all of my networks on my account?

Currently, the usage charts are available by network. With future releases, you will be able to view the usage for all networks on your account.

Permalink


NetCloud Manager (6)

View category →

Summary

The Applications Tab within NCM allows you to purchase, try and manage applications within NCM.


 

Overview

The Applications tab will display all available applications.

You can purchase or try an application by selecting the appropriate button.

Once your account has the application entitled the Buy and Try buttons will be replaced by a Manage button.

User-added image

Clicking Try will create a trial entitlement for 10 devices.

Clicking Buy will bring up a tab for locating a partner to purchase the entitlement.

By clicking Manage you can Add or Remove devices. You can also determine which devices are entitled.

User-added image

To Add a device to an entitlement click the Add button. You will be presented with a dialog to select routers to add. You can locate devices with the Search field by Name or MAC or Product as needed. Place a checkmark next to the device(s) you wish to add to the entitlement and the press Save.

User-added image

To Remove devices from an entitlement, select the device(s) you wish to remove and then press Remove.

User-added image

In the right column you can find the following information:

  • Entitlement Details
    • Available: Remaining entitlements
    • Assigned: How many entitlements have been applied to devices
    • Non NCM Devices: Devices with this entitlement that are not in NCM
    • Total Allowed: Total number of entitlements purchased.
  • Buy More: Buy more entitlements
  • Features: What the entitlement offers
  • Requirements: Any requirements placed upon the entitlement
  • Support Products: Which Cradlepoint products will work with this application
  • Supported NetCloud OS Version: NCOS requirements for devices to use this entitlement

User-added image

Permalink


NETCloud Manager

The default NCM configuration generates the approximate data usage that is presented below. Protocol and carrier overhead can increase these values but these values do provide a generally good rule of thumb for data generated by use of NCM.

IMPORTANT: Things that could dramatically increase your data usage:

  1. Enabling logging, stats and alerting
  2. A high number of events being logged on the router
  3. Firmware upgrades pushed from NCM
  4. Modem disconnecting and reconnecting loops.

Routers managed through NCM:

  • By default, a Connection Pulse that are approximately 66 bytes is sent to NCM every 2 minutes.
    So 720 heartbeats/day x 66 bytes = 47520 bytes/day, 47520 bytes/day x 30 = 1,425,600 bytes/month (1.43 MB/month).
  • By default Usage Reporting that are approximately 10-20KB per report (depending on how many WAN devices are utilized on the Cradlepoint router) are sent to NCM every hour.
    So 20 KB/hour x 24 = 480 KB/day; 480 KB/day x 30 = 14400 KB/month (.014 GB/month or 14 MB/month)
  • By default Log Reports that are approximately 100KB (depending on how many events are logged on the router) are sent to NCM every hour. These reports can vary in size dramatically depending on events that are logged on the router; client connects/disconnect, modem state, etc.
    So a minimum amount of data sent would be 100 KB/hour x 24 hours = 2400 KB/day; 2400 KB/day x 30 = 72000 KB/month (.069 GB/month or 69 MB/month).

Routers not managed through NCM:

  • Every time the router is powered on it sends a 50 byte heartbeat to the NCM Server and then sends a heartbeat every 86400 seconds, (once per day).
    So the volume of data generated is approximately 50 bytes/day x 30 days = 1500 bytes/month (.0000014 GB/month or .0014 MB/month).

(The timers above can be adjusted higher or lower, depending on your data caps).


Advanced Failure Check

A ping packet is 64 bytes of data. If Advanced Failure Check set to an Idle Check Interval to 3600 (1 ping per hour) would generate 64 bytes/hour x 24 hours = 1536 bytes/day.
Then 1536 bytes/day x 30 days = 46080 bytes/month (.000042 GB/month or .042 MB/month).

NOTE: Increasing the time interval on NCM check in or Advanced Failure Check will cause data generation to increase.

Permalink


Summary

This article describes how to set up alerts, export reports, and export logs from NetCloud Manager (NCM).

NOTE: On July 13, 2017, NetCloud Alerts currently generated from the legacy Enterprise Cloud Manager (ECM) will be updated with the name change to NetCloud Manager (NCM). Automated systems that consume this information may need to be updated accordingly.
Email and API Alert changes include:

  • Alert titles will change from “Cradlepoint ECM Alert Notification” to “Cradlepoint NCM Alert Notification”
  • Alert subjects will change from “ECM Alert: <friendly info>” to “NCM Alert: <friendly info>”
  • Emailed Alert summary report subject will change from “ECM Alert Summary” to “NCM Alert Summary”
  • Connection State Alert name will change from “ECM Connection State” to “NCM Connection State”
  • Firmware Upgrade alert name will change from “Firmware Upgrade” to “NetCloud OS Upgrade” with an alert description changing to “The router NetCloud OS was successfully upgraded to X.X.X”

Setting Up Alerts

The Alerts page has two views for tracking device status changes:

  • The Log view shows a list of alerts sent from the routers to NCM.
  • The Settings view shows rules for alerts, including email notifications.

Toggle between these two views by clicking on the buttons at the top left.

User-added image

Alerts are of the following types (see Definitions below):

  • Configuration Change
  • Configuration Rejected
  • Configuration Unacknowledged
  • Ethernet WAN Disconnected
  • Ethernet WAN Plugged In
  • Ethernet WAN Unplugged
  • Data Cap Threshold
  • Device Location Unknown
  • NCM Connection State
  • Firmware Upgrade
  • Geofence Proximity Change
  • Reboot
  • Temperature Limit Exceeded
  • Modem WAN Connected
  • Modem WAN Device Plugged In
  • Modem WAN Device Unplugged
  • Modem WAN Disconnected
  • WAN Service Type
  • Account Locked
  • Failed Login Attempt
  • Intrusion Activity
  • IP Address Banned
  • IPS Engine Failure
  • Successful Login
  • Unrecognized Client
  • WiFi as WAN Connected
  • WiFi as WAN Disconnected
  • WiFi as WAN Network Available
  • WiFi as WAN Network Unavailable

To enable alerts, including emailed notifications, first select the Settings view and then click on Add at the top left. Create an alert notification rule by completing the fields.

User-added image

Complete the following fields to create an alert notification rule:

  • Accounts/Groups (required) – Choose which sets of devices will follow the notification rule. If you select an account, both grouped and ungrouped devices within that account (including all subaccounts) will be assigned to this rule.
  • Alerts (required) – Select the alert types from the dropdown options.
  • Users (optional) – If you want emailed notifications for these alerts, select users from the list to receive those emails. If you just want these alerts logged, leave this field blank.
  • Interval (optional) – Select a time interval from the dropdown options. If you select “Immediately,” an email notification is sent every time one of the selected types of alerts are logged. Otherwise, the alerts are stored over the course of the time interval and then sent together.

Potential NCM Alert Issues

  • Receiving the Email Alert seem to take longer than expected.
    • Once NCM is aware of the alert, it will verify the alert, and send it out to the configured email address. We do not have control over the alert once we have sent it to its destination address.
      • We have seen some mail servers reject, or display abnormally long delays in the alert deliveries.
        • To trouble shoot/verify if this is the issue, configure a different email address with a different domain and test the behavior of the alerts.
  • Times can also vary depending on the number and type of WAN connections being used for this device.
    • If a device only has one internet source, only one connection to NCM, then you can expect delays in the alerts. The alerts are configured in NCM, then NCM lets the router know what to watch for. If the router experiences any issue pertaining to the configured alerts, the router will then report this back to NCM. However the caveat is if the router loses its internet source or connection to NCM, then the router cannot report the issues to NCM until it regains its connection to NCM.
    • In cases where you have more than one internet connection the alerts should be fairly on queue, so long as the router can check into NCM via its second internet connection to report its alerts.

Exporting Reports

Reports allow you to create a summary of information about groups of devices and export that information as a CSV file. Select from several fields to customize your reports. Select the type of report (Data Usage or Signal Quality), a range of dates, the group(s), and identifying fields and then click Run Report to view the report. You also have the option to save the settings of a report for future use.

1366IMG24.png


Exporting Logs

To export a device’s logs as a CSV file, first enable log reporting for the group the device is in. (This is disabled by default because some users won’t use this functionality – it would unnecessarily use data.) Navigate to the Groups page, select the desired group, and click on Settings.

User-added image

In the popup window that appears, ensure that Enable Log Reporting is selected.

User-added image

Once log reporting is enabled, navigate to the Devices page, select the desired device, and click on Export → Export Logs to export the device’s logs as a CSV file.

User-added image


Alert Definitions

  • Account Locked – If Advanced Security Mode is turned on for a device, the account will lock for 30 minutes after six failed attempts to log into the device. To enable this setting, open the configuration pages in Groups or Devices and go to System Settings → Administration. Open the Router Security tab and select Advanced Security Mode.
  • Configuration Change – This displays when there has been a local configuration change. Sample alert: The device configuration has changed.
  • Configuration Rejected – A configuration change that was sent to the device has been rejected.
  • Configuration Unacknowledged – A configuration change that was sent to the device was not acknowledged by the device.
  • Data Cap Threshold – If you have a data cap threshold set, this sends an alert when the threshold is reached. A data cap threshold must be configured under Internet → Data Usage. Sample alert: The (Internal LTE/EVDO Port:int1) rule exceeded 100 percent of its 150 MB daily cycle.
  • Device Location Unknown – Displays when no location has been reported for 24 hours if the device has GPS enabled. If a manual location is being used the alert will not be generated.
  • NCM Connection State – Displays when the device loses or regains its connection to NCM. Sample alert: The device entered the “online” state.
  • Ethernet WAN Connected – An Ethernet WAN device is now active.
  • Ethernet WAN Disconnected – An Ethernet WAN device is no longer active.
  • Ethernet WAN Plugged In – An Ethernet WAN device is now attached.
  • Ethernet WAN Unplugged – An Ethernet WAN device has been removed.
  • Failed Login Attempt – Someone attempted to log into the device administration pages locally and failed. Sample alert: An attempt to log in as the admin user from 192.168.0.142 has failed.
  • NetCloud OS Upgrade – The device NetCloud OS has been upgraded.
  • Geo-fence Proximity Change – Displays whenever the device enters or exits the specified geo-fence.
  • GPIO State Change – A device GPIO pin has changed state. To update the GPIO configuration, open the configuration pages in Groups or Devices, select the System → GPIO Configuration tab. Requires at least 6.0.2 NetCloud OS.
  • Intrusion Activity – This is only relevant for devices with CP Secure Threat Management. Whenever the Threat Management deep packet inspection engine detects an intrusion, the event is recorded in the logs. These events are grouped together for 15 minutes and then reported in NCM, so even if you select “Immediately” in the Interval field below, an emailed alert might not arrive for approximately 15 minutes after an intrusion. Intrusion Activity alerts include the intrusion details and the action taken by the engine (e.g., “Blocked”). To edit Threat Management settings, open the configuration pages in Groups or Devices and select Network Settings → Threat Management. For more information about Threat Management, visit the Knowledge Base article.
  • IP Address Banned – If the Ban IP Address setting is turned on for a device and someone from a particular IP address attempts and fails to log into the device administration pages six times, that IP address will be banned for 30 minutes. To enable this setting, open the configuration pages in Groups or Devices and go to System Settings → Administration. Open the Router Security tab and click on Advanced Security Mode. Select the Ban IP Address option.
  • IPS Engine Failure – This is only relevant for devices with CP Secure Threat Management. In the unlikely event that the Threat Management engine fails, an alert is logged. You can set the router to either allow or deny traffic with a failed engine: to edit this setting, open the configuration pages in Groups or Devices and select Network Settings → Threat Management. For more information about Threat Management, visit the Knowledge Base article.
  • IPSec Tunnel Down – An IPSec tunnel that was successfully connected has gone down.
  • Modem WAN Connected – A modem WAN device is now active.
  • Modem WAN Device Plugged In – A modem WAN device is now attached.
  • Modem WAN Device Unplugged – A modem WAN device has been removed.
  • Modem WAN Disconnected – A modem WAN device is no longer active.
  • Modem WAN Standby – A modem WAN device is now in standby. This means the modem is connected to the carrier, but is not sending any data. A modem in standby will failover faster than a modem not in standby. Standby can be turned on in the router’s configuration in the Connection Manager grid.
  • Reboot – Displays when the device has been rebooted. Sample alert: The device has been rebooted.
  • Rogue Access Point Detected – Displays after running a WiFi site survey when a rogue access point not marked as known is detected broadcasting the same SSID as the device running the site survey. This helps identify potential access point hijacking, evil twin, and man-in-the-middle WiFi attacks.
  • Router App Custom Alert – A custom alert that is generated by the custom code inside a router app.
  • Router App Execution State Changed – A router app that is running on a group goes into a different execution state (start, stop, error, etc).
  • Unexpected Router App Installed – An unexpected router app is found installed, an expected router app is unexpectedly uninstalled, or a router app unknown to the system is found installed.
  • Successful Login – A user has logged into the router locally (requires at least NetCloud OS 5.0.1).
  • Temperature Limit Exceeded – For products with an internal temperature sensor (COR IBR1100 and IBR1150) and configured temperature limits, this alert displays when one of those limits is reached. To set these temperature limits for the COR IBR1100 Series, open the configuration pages in Groups or Devices, select System Settings → Administration, and click on the Temperature tab.
  • Unrecognized Client – A client with an unrecognized MAC address has attempted to connect to the device. MAC logging must be enabled for this alert to display. In the configuration pages, go to: Network Settings → MAC Filter / Logging to enable MAC logging.
  • WAN Service Type – A WAN device has changed its service type, such as switching from 3G to 4G. Possible service types include: DHCP, LTE, HSPA+, etc. Sample alert: The lte-2ae6ec8e service type has changed to LTE.
  • WiFi as WAN Connected – WiFi as WAN is now active.
  • WiFi as WAN Disconnected – WiFi as WAN is no longer active.
  • WiFi as WAN Network Available – A WiFi as WAN network is now attached.
  • WiFi as WAN Network Unavailable – A WiFi as WAN network has been removed.
  • Zscaler TLS Tunnel State – This displays the state of the Zscaler TLS tunnel when using Zscaler Internet Security in TLS Tunnel mode. If there is a connection error more information can be found in the router’s system log.

Permalink


For customers with NetCloud Manager (NCM), there are three main ways to edit a device’s configuration: in NCM, through Group and Device configurations, and locally, through the router’s own administrative page.

  • NCM Group configuration has the lowest priority.
  • NCOS Local configuration has high priority.
  • NCM Device configuration has the highest priority.

The router’s default configuration is used as a basis for comparison for configuration files. It is overwritten by any custom local configurations or NCM configurations.

The Group configuration in NCM is overwritten by both the custom Local router configuration and the Device configuration in NCM.

The NCM Device and Local router configurations are synonymous in most cases. When making a configuration change at the local level, the changes will then sync with the NCM Device level, and vice versa. The two scenarios where the NCM Device level configuration will override Local changes are:

  • when conflicting changes are made at both the Local and NCM Device level while the device is offline. Once brought online and checks into NCM, the NCM Device level changes will have priority.
  • when a new change is made locally while the NCM Device level configuration is still syncing the previous change. The new change will be overwritten by the last NCM Device level configuration once the sync completes.

In general, the preferred method for managing devices that are registered in NCM is through the Group configuration. If there are more specific settings needed for individual devices, use the Device configuration in NCM. For example, it is possible to make the administration password standard for an entire group, and then create individual SSIDs for each device – both through NCM.

Troubleshooting

If most of the devices in a group are functioning as intended, but one member of the group is not behaving the same as the others, there may be a device level configuration that is overriding the group configuration. To remove the Device configuration and keep the Group configuration, log in to NetCloud Manager, select the Devices tab, highlight your router, click Configuration and select Clear

Clear Device configuration


 

Determining where a router gets its configuration

The individual config symbol found on the NCM Devices page indicates that the router is running a non-default configuration. The same symbol, when found on the NCM Groups pages tells us that the group contains one more routers that are running configuration settings that do not match the router default or the group configuration. (Tip: clicking the individual config symbol on the Groups page will automatically display all routers with unique configurations.)

The Configuration Summary option in NCM displays a color-coded output of the router’s configuration. The target configuration displays the total sum of the different configurations the router is running:

  • settings in purple are pulled from the Group configuration in NCM
  • settings in green are pulled from the Device configuration in NCM
  • settings in grey exist only on the router’s local configuration file, and are not synced to the Device configuration in NCM (possibly because the config sync was suspended, or the router went offline before syncing)

User-added image


 

Resetting a Router Managed in NetCloud

If you factory reset a device that is managed by NetCloud Manager, the Cradlepoint will automatically connect to the internet, check back in with NetCloud Manager and re-apply the Group and Device configuration stored in NetCloud. To get the device to a factory default state, the NetCloud Device and Group configuration need to be removed from the device.

To factory reset a device that is in NetCloud Manager, do the following first before trying a software or hardware reset, otherwise, it will be reverted to its previous configuration.

Step 1: Log in to Netcloud Manager. Open the Devices tab and select your Cradlepoint Router.
Step 2: If the device is in a group: highlight the router, click “Move”, select the parent account, and click “Ok”.

Highlight your router and select "move"
Select the root account and click "ok"

Step 3: Once the device is removed from the group, highlight your router, click “Configuration” and select “Clear”.

Highlight your router, click "Configuration" and select "Clear"

Step 4: Once the router has been removed from its group and the device level configuration has been cleared, you can factory reset by clicking “Commands” and selecting “Restore to Defaults”. You may also use the hardware reset button or System > System Control > Device Options > Factory Reset Router in the local web interface.

Highlight your router, click "Configuration" and select "Clear"

Permalink


NetCloud Manager: Traffic Analytics

The following products do not support Traffic analytics:

  • Series 2 Devices
  • CBA850
  • CBA750B
  • CBA400
  • CBA450
  • MBR1200B
  • MBR1400
  • IBR350
  • IBR1100
  • IBR1150
  • IBR600B
  • IBR650B
  • IBR600
  • IBR650

Click here to identify your router.


Quick Links

Summary

Configuration

Troubleshooting

Related Articles


Summary

This article is intended to guide the user through navigating, configuring, and understanding the NetCloud Manager Traffic Analytics feature.

Enabling the Traffic Analytics feature requires NCM Enterprise.  To learn more about NCM Enterprise, including setting up a demo, please visit Network Management & Applications .


Configuration

Enabling Traffic Analytics Difficulty: Beginner

Traffic analytics can be enabled through NCM under the account dashboard or in the device dashboard after selecting specific device.

To enable Traffic Analytics, follow the directions listed below.

Step 1: Log into your NCM account
Step 2: If your router is not already registered to NCM, refer to this article for help registering your device to NCM.  Otherwise, skip to the next step.

User-added image

Step 3: Click on the Dashboard tab.
Step 4: Click on Traffic tab underneath the Dashboard menu.
Step 5: Click on the Settings button.
User-added image
Step 6: Find the device you wish to enable Traffic Analytics on on (either through the list or through the search bar) and check the associated box.
Step 7: Click on the Enable button above the top of the devices table, and then click on “Client and Traffic”.
User-added image
Step 8: The prompt will ask if you are sure you wish to enable the feature, select Yes.

Note: After enabling Traffic Analytics for a device it will take 24 hours to start showing reported data.

Note: The same process can be completed through the device dashboard by clicking the same Traffic menu button.

Dashboard vs Device Level

Traffic Analytics can be found under both the account dashboard and the device dashboard.
User-added image

Account Traffic Analytics can be viewed by clicking on the Dashboard button and clicking on the Traffic button under the account dashboard menu.
User-added image

Device Traffic Analytics can be viewed by clicking on the Devices button, selecting the desired device from the list, and clicking on the Traffic button under the devices dashboard menu.
Both Client Data Analytics pages will present the same information, but the device level will only present information on clients connected to that particular device.

Adjust Data Range and Category Difficulty: Beginner 

The Traffic Analytics page has settings to specify the desired data range time period, the category of traffic to present on the page and data source information.  This can help present only the relevent information desired for a particular user.  To change these settings follow the directions listed below:

Step 1: Log into your NCM account.
User-added image
Step 2: Access the Traffic Analytics page through the account or device dashboard
User-added image
Step 3: To change the data range, click on the Data Range field and select from YesterdayLast 7 DaysLast 15 DaysLast 30 Days, or Custom Range to specify a broader date range.
User-added image
Step 4: To change the data source, click on the Data Source field and select from AllEthernet, WiFi, or Unknown to specify what types of client data types you want to have displayed.
User-added image
Step 5: You see which categories of data and applications are using what percentage of the total data used by scrolling down to the Top Categories and Top Applications sections.
User-added image
Step 6: You can view what percentage of your data is being used by which category and which application by scrolling down to the Percent of Total Usage and Data Usage by Day sections.
User-added image
Step 7: Filter the type of data displayed by category by clicking on the drop down menu for Category.
User-added image
Step 8: Filter the type of data displayed by application by clicking on the drop down menu for Application.
User-added image
Step 9: The last section of the page shows Data Usage by Category, Application, RouterClient, or Day.  Select one of these filters to view specific data usage numbers such as total data usage, download and upload data for the selected filter.

Troubleshooting

  • No traffic statistics displayed

If you are viewing the Traffic Analytics page on the Dashboard and there is nothing displayed, please check the following:

Traffic Analytics may not have enabled for the device.
The device might have been added recently (within 24 hours) and does not yet have data to display.

  • “Not Available” displayed in app category field

    Traffic category/application may result in “Not Available” when the application engine cannot categorize the traffic.  This may be caused if:

1. Application is not one of the applications identified by the engine; including any home-grown applications

2. Traffic is tunneled/encrypted not allowing the engine to inspect the application

 

Permalink