FAQs

CradlePoint Services

Summary

This article provides a list of questions commonly asked about Enterprise Cloud Manager (ECM), and the answers to those questions. The Configuration Examples sections includes links to articles that demonstrate the function of the ECM service.

Enterprise Cloud Manager is Cradlepoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with Enterprise Cloud Manager, Cradlepoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.

A detailed explanation of the Enterprise Cloud Manager service can be found on the ECM product page.


 

Requirements

To establish a successful connection to Enterprise Cloud Manager, a Cradlepoint router must meet the following requirements:

1. Supported Product: Only the following router models can currently be added to ECM: AER2100, MBR1400v2, MBR1400v1, CBA850, CBA750B, IBR1100, IBR1150, IBR600, IBR650, IBR350, MBR1200B, CBR400, and CBR450.

2. Minimum Firmware: 4.3.2 (CBR4x0 only) and 4.4.0 (all other models). Using most recent available firmware version is recommended.

Note: Product support is planned for the following router models: CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250. Expected minimum firmware requirement for Series 2 products is 2.0.0.

Click here to identify your router. For information on upgrading firmware, click here.

3. NTP Server Connection: Routers must sync with a time server before they can communicate with Enterprise Cloud Manager. ECM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century. By default, the routers boot up at Unix epoch 0 (January 1, 1970), which leads the TLS client to think the certificate is invalid without a time sync.

 

Frequently Asked Questions

What level of redundancy and reliability features do the Enterprise Cloud Manager Servers have?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:

Datacenter Redundancy and Reliability:

  • 24x7x365 onsite staff
  • Dual power circuits tied to N+1 redundant datacenter UPS systems
  • Onsite diesel backup power generators
  • Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
  • Fiber carriers enter datacenters at disparate points to guard against service failure
  • N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering

Server and Software Redundancy:

  • Redundant load balanced application servers
  • Master database in isolated private network with one-hour replacement
  • Full nightly backups
  • Rackspace SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.

What are the security measures for the Enterprise Cloud Manager Servers?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:

Datacenter Security:

  • Cradlepoint servers are located in a secured area within a Tier IV datacenter.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
  • 24x7x365 onsite staff
  • Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.

Hardware and Software Security:

  • CISCO ASA Firewall
  • Only authorized Rackspace operations personnel are allowed physical access to production ECM servers.
  • Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.

Event and Log Management:

  • All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
  • Automated logs track and log changes, including backups of this data.

Does Cradlepoint perform vulnerability assessment of the ECM servers?

Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the ECM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.

How many devices can your system support and how many do you have on the system now?

Cradlepoint manages more than 80,000 devices on WiPipe Central today. ECM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.

As a System Integrator, can I have multiple primary accounts that I can use to manage my customers’ devices, and can I see all of my customers’ devices?

Yes, with ECM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).

When an ECM account password is lost, how is it reset?

The user navigates to the “Request new password” page (link on the ECM central login page) where an email address is entered. If the email address entered matches an email address associated with an ECM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.

Cradlepoint support personnel do not have access to ECM user passwords and thus cannot provide any passwords over the phone.

How strong are ECM passwords and how long do they last?

The following password options are available:

  • Password minimum length (default = 8)
  • Require one or more CAPITALIZED letters in the password (default = yes)
  • Require one or more symbols or numbers in the password (default = yes)

The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.

How are passwords stored within the ECM Servers?

All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses thePBKDF2 algorithm with a SHA-256 hash.

Is User Data stored within the Cradlepoint devices?

No user data is stored on the Cradlepoint devices.

Do new users receive a unique password?

When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to select a new password for their account.

When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.

How do you integrate with Network Management Systems?

Enterprise Cloud Manager can be integrated with any Network Management System via the Enterprise Cloud Manager API. The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.

How many levels of user account privileges does ECM support?

ECM supports three levels of user access privileges for a customer.

  • Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
  • Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
  • Read-Only User – has read-only access for their account and any sub-account(s) below their account.

How much data does being connected to Enterprise Cloud Manager consume?

Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in “typical” scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.

How do you support Private Networks (cellular or wired)?

ECM can support a customer’s Private Network (3G/4G or wired networks). For device management, ECM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).

Support for Private Networks can be achieve by either of the following:

  • Customers create a firewall rule to allow ECM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).
ECM Private Network Support

Permalink

0 Comments - Leave a Comment

Summary

Upgrading the modem firmware regularly is important to keep a secure and reliable internet connection. This can be done manually or through ECM, this document focuses on upgrading through ECM.

Please note that this only upgrades the modem firmware, to upgrade the router firmware click here. To connect with this modem you must also have an activated SIM from the carrier in the device. During the upgrade process the modem will restart: the router may go offline for a few minutes if this modem is it’s primary WAN connection.

Although a single Cradlepoint modem may have two SIM card slots (e.g., IBR1100 integrated modem), it is one modem module and can only have one modem firmware version, and therefore only one carrier at a time. The exception is that the AER 2100 could have two distinct integrated MC400 modems, each with two SIM slots. So while each modem by itself can only have one firmware version, the AER 2100 can support two integrated modems – on distinct carriers- simultaneously.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Log in to Enterprise Cloud Manager.
  • Step 2: Select the Devices tab and then Network Interfaces from the drop down menu at the top.

User-added image

  • Step 3: Next we need to locate the modem we want to upgrade. The easiest way to do this is by sorting the Router Name or Router ID column, or to search by a specific router name using the search tool.
  • Step 4: In the example shown below, the grid is filtered using the search tool (searched by a specific router name, IBR1100LPE) and the filter tool (selected Modems) in the top toolbar so that only the two relevant interfaces display.

User-added image

  • Step 5: To check if the modem firmware is current, first select the desired interface. *Note that integrated modems with two SIM slots show two interfaces in the grid. Both will always have the same modem firmware, so selecting either one will have the same results.
  • Step 6: Once you have selected an interface, click Commands in the top toolbar and Upgrade Modem Firmware in the drop down menu. *Note that you can also check if your modem has the latest firmware by selecting Check for New Modem Firmware

User-added image

  • Step 7: Please review the agreement notes before proceeding. The modem will restart after this point.

User-added image

  • Step 8: Once you click the OK button, the firmware upgrade will begin.
  • Step 9: The modem firmware upgrade takes a few minutes. The Modem FW Status column shows the state of the update, e.g., “Downloading (38%),” and the Modem FW column shows the update that is in process.

User-added image

  • Step 11: Once complete, the Modem FW Status column says, “Upgrade Successful” and the Modem FW column is updated with the new firmware version:

User-added image

  • Step 12: If the update fails for some reason, reboot the router before trying again.

Troubleshooting

  • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and therefore there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
  • If the modem is unable to complete the upgrade and no internet connection remains, local access to update the modem will be necessary. Click here to upgrade the modem firmware manually.

Permalink

0 Comments - Leave a Comment

Summary

This article describes the process of enabling modem Data Usage tracking through Enterprise Cloud Manager (ECM).

Data usage information is initially tracked within the routers, and then sent to ECM at specified intervals. ECM has multiple options for displaying the received modem data usage statistics:

  • Dashboard provides a quick, visual overview of your devices’ data usage
  • Reports will generate a CSV file containing the data usage information
  • Alerts can be configured to send an email whenever modems reach user-defined data thresholds

Note: There is a potential for some loss of data between the router and ECM if, for example, the router reboots before sending a usage sample. The data usage numbers in ECM are strictly estimates and are dependent on information provided by the modem through the router: these may not match the carrier numbers. The carrier is the final authority for billing purposes.


Configuration

Adjust Reporting Interval or Disable Usage Reporting

Configuration Difficulty: Intermediate

Data Usage Reporting is enabled by default, with an interval of 1 hour. This interval can be as increased to full 24 hours, or decreased to mere 5 minutes. A shorter reporting interval will provide a more accurate depiction of data usage at a given moment. Please keep in mind that the process of sending each report to ECM also uses up data, so setting a short reporting interval will result in greater overall data usage.

Note: The user-defined interval is a minimum: there are some event triggers that could cause additional data usage reports to be sent to ECM, such as heavy data usage.

To change the reporting interval, follow the directions listed below:

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Click on the Groups tab.

User-added image

  • Step 4: Select the group for which you wish to adjust data usage reporting setting, and click Settings.
    • Note: For this change to apply to multiple groups, each group has to be edited individually.

User-added image

  • Step 5: Move the slider next to Enable Data Usage Reporting to adjust the reporting interval.
  • Click OK to save the changes.

User-added image

Note: From the same interface, it is possible to completely disable data usage monitoring. To do so, simply remove the check-mark from the box next to Enable Data Usage Reporting.

User-added image

View Data Usage through the Dashboard

Configuration Difficulty: Beginner

With ECM it is possible review modem data usage at a glance, both on the group level and for each individual router.

  • To view aggregated data usage information, pulled from all interfaces of routers registered under your account, log into your ECM account, and click on the Dashboard tab in the menu on the left.
  • To view router-specific information, click on the Devices tab on the left, and then click on the name of the router to open its individual Dashboard.

Generate CSV Report

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
    • Note: There will be no historical data available for any devices that were not in groups or were in groups that had data usage reporting disabled.
  • Step 3: Click on the Reports tab.
  • Step 4: Click the arrow icon in the Report Type field and select Data Usage.

User-added image

  • Step 5: Specify a report date range by manually selecting start and end dates and times, or by clicking one of the quick option buttons.

User-added image

  • Step 6: Specify a data source by clicking within either the Accounts or Groups fields and then click OK.
    • Note: Selecting the accounts without specifying groups will pull data from all routers within all groups under the selected accounts.

User-added image

User-added image

  • Step 7: Select any additional fields to be displayed in your report from the list within the Router, Network Interface, or Modem Information sections.
  • Step 8: Click Run Report to generate a CSV file with the specified information.

User-added image

  • Step 9: Click OK to close the report notification.
  • Step 10: Within a few seconds your browser will ask what to do with the generated file. Pick the option to either open the file or to save it, and then click OK.
    • Note: If you do not get this option, please check your browser security settings.

User-added image
Optional:

  • Step 11: Click Create Saved Report to tell ECM to remember the selected time interval, data source, and any additional information fields selected.
    • For a saved report, it is recommended to use a time interval, like 1 Week, instead of hard start and end dates.
  • Step 12: To run a saved report at a later time, select it in the Saved Reports drop-down menu at the top of the Reports page, and click the Run Report button.

Configure Usage Alerts

Configuration Difficulty: Intermediate

Data Usage Alerts ignore the defined data usage report interval and get sent out immediately. CradlePoint recommends setting up data threshold Alerts for the most accurate, consistent information: receive an email whenever you reach one of your thresholds. For example, configure ECM to email you when your modem reaches 85% and 100% of your monthly data plan.

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Navigate to the Groups tab and select the group that will have the ability to generate data usage alerts. ClickConfiguration and choose Edit in the drop-down menu.

User-added image

  • Step 4: In the Edit Configuration window, click Internet and choose Data Usage in the drop-down.

User-added image

  • Step 5: Make sure Enable Data Usage is checked, and then click Add within the Template configuration section.

User-added image

  • Step 6: Define the data usage rule. Click here for an in-depth explanation of available options.
    • We recommend setting the thresholds lower than the billing allowances and regularly comparing the numbers ECM reports with those from the carrier.
  • Step 7: Click Submit to save the rule.

User-added image

  • Step 8: Click Commit Changes to send the the setting to the router, then click OK to close the warning message.
User-added image
  • Step 9: Click the Alerts tab in the menu on the left, then click the drop-down arrow next to Log and choose Settings.
User-added image
  • Step 10: Click Add to create a new alert.
User-added image
  • Step 11: Define the alert parameters and Save the rule.
    • Specify the groups and/or accounts that will generate the data usage alerts.
    • Choose Data Cap Threshold and any additional events that should generate an alert.
    • Optional: Select users that will receive alerts by email. If a user is not selected, alert events will be displayed on the Alerts>Log page, but no email will be sent out.
    • Optional: Set interval. By default, every alert event will immediately be processed, but this functionality can be adjusted to send a batch of alert events in an hourly or daily digest.

User-added image


Troubleshooting

There are No Data Usage Statistics Displayed

If you are running a report, or viewing data usage on the Dashboard, and there is nothing displayed, please check the following:

  • Data Usage Reporting might be disabled for the group
  • The modem might not be reporting any usage
    • The WAN connection could be completely unused for the selected time period
    • The modem is disconnected and is not sending data usage statistics to ECM

Permalink

0 Comments - Leave a Comment

May 19, 2015

Notice

On June 19, 2015, Cradlepoint will be changing the IP Address for Enterprise Cloud Manager (ECM).  This change will require assigning a new IP Address to cradlepointecm.com, www.cradlepointecm.com and stream.cradlepointecm.com.  Most ECM customers will not notice any changes as the new DNS settings will be implemented automatically.  Please read further to understand if you are affected by this change.

Who is NOT affected

Customers who have not added a firewall rule, or use DNS names for accessing ECM, are not affected.

Who is affected

Customers who have added a firewall rule to allow access to ECM using the IP Address 198.61.136.185, are affected.

Actions to take if you are affected

Customers who have implemented specific IP addresses into their firewall systems will need to update their firewall rules, adding the following new IP addresses, in order to access ECM after June 19th.

It is recommended that customers not use the actual IP addresses for ECM, but use the DNS names as this prevents access problems when changes are made to IP addresses.

This email is being sent to all ECM Administrators who Cradlepoint has on record. Please forward this communication to all appropriate personnel within your company.

New IP addresses effective June 19, 2015

52.24.50.2

52.25.11.64

52.24.203.54 – (reserved for future use)

52.25.11.71 – (reserved for future use)

In order to allow for full availability, all four addresses should be used.

Permalink

0 Comments - Leave a Comment

Differences Between Series 2 and Series 3 Support in Enterprise Cloud Manager

Cradlepoint is adding Enterprise Cloud Manager (ECM) support for Series 2 devices. The functionality available to Series 2 devices in ECM is on par with the functionality available in WiPipe Central (WPC). The stream protocol that connects Enterprise Cloud Manager to the router works exclusively with the technology available in Series 3 devices. Together, Series 3 devices connected to ECM represent breakthrough technology in real-time router information with the lightest possible cellular data usage. We recommend customers upgrade to Series 3 devices whenever possible to experience the real-time nature of this breakthrough technology.

For customers unable to upgrade at this time, Series 2 devices will be supported in Enterprise Cloud Manager, but with a similar latency to that experienced in WiPipe Central.

Series 2 devices need to have firmware version 2.0 or higher to work with Enterprise Cloud Manager.

NOTE: For a breakdown of which devices are in Series 2 and in Series 3 and their projected ECM compatibility, see the ECM Compatibility List in this article.

Key Differences

  • Interval settings (e.g., heartbeat, logs) have an assigned time that is not configurable in ECM.
  • A device status that has recently changed will experience a delay before being updated in ECM.
  • When editing a device configuration, users will see configuration pages that look like those from WiPipe Central.
  • Some of the column selection options are different.

 


 

Interval Settings

Setting Description / Usage ECM Configuration System-Wide Interval Setting
Heartbeat How frequently a device sends its ‘heartbeat’ to ECM to indicate whether it’s still online Not configurable via ECM 5 minutes
Heartbeat Timeout Based on the number of allowed missed heartbeats before a device’s status switches from online to offline Not configurable via ECM ~15 minutes
Logs Setting that indicates whether a device sends logs to ECM, and how frequently Can enable/disable through ECM, but interval is fixed 1 hour or 200 messages
Usage Reports Setting that indicates whether a device sends usage reports to ECM, and how frequently Can enable/disable through ECM, but interval is fixed 1 hour
Sync Interval How often a device should check with ECM to verify its managed status, session configuration values, and firmware and configuration versions Not configurable via ECM 15 minutes

Permalink

0 Comments - Leave a Comment

Summary

ECM gives you the flexibility to add Collaborator User(s); this provides access to your ECM account for an existing ECM user. These users can be added under the top-level ECM account or a sub-account which will limit access to devices appropriately.
Collaborator Users provide easy access to ECM accounts for Managed Service Providers (MSP) and other support personnel.


Adding a Collaborator User

Configuration Difficulty: Beginner
  • Step 1: Log into the ECM account you wish to add a Collaborator user to.
  • Step 2: Select Acounts & Users from the navigation menu.
    User-added image
  • Step 3: Select the Account or Sub-account you wish to add the Collaborator user to, click Add, and then select Collaborator.
    User-added image

    • Collaborator users are indicated with the User-added image icon.
  • Step 5: Type in the Username for the existing ECM Username you wish to give access to.
  • Step 6: Select the appropriate role to designate for the Collaborator user and click OK.
  • Step 7: The Collaborator user will now receive a New Collaborator Request email saying they need to login to their ECM account to either Accept or Reject the request.
    NOTE: This request is shown in the System Notifications window when logged into ECM.

    • If the Collaborator Accepts the request they will then have the ability to switch to the Collaborator ECM account.
    • If the Collaborator Rejects the request the Collaborator user will be removed from the ECM account immediately.
      User-added image       User-added image
  • Step 8: Once the Collaborator user is no longer needed they can be removed by selecting the Collaborator user and clickingDelete. The Collaborator user also has the ability to delete themselves as a Collaborator (see Switching Accounts below).
    User-added image

Switching Accounts

  • Step 1: Log into your ECM Account.
  • Step 2: Click the drop down arrow next to your Username, and select Switch Accounts
    User-added image
  • Step 3: Select the Account you wish to switch to and click Switch
    User-added image
  • Step 4: ECM will prompt you saying “Are you sure you want to change your view“. Click Yes
  • Step 5: The webpage will refresh and your view will change to match the appropriate access level configured for theCollaborator User.
  • Step 6: You can identify which account you’re viewing by looking at the Account: section next to the Username
    User-added image
  • Step 7: To remove yourself as a Collaborator user open the Switch Accounts window, select the appropriate account, and clickDelete.

Permalink

0 Comments - Leave a Comment

Purpose:

This article’s purpose is to prepare devices for activation and enrollment in Enterprise Cloud Manager (ECM).


Requirements:

ECM recommends devices run firmware version 5.1.1 (4.3.2 minimum). Only series three devices support this firmware (see: How to identify the Series of your CradlePoint router).

Note: The MBR95 does not support ECM, even though it does support firmware 4.3.2 and newer.


Directions:

  • Method 1 – Factory Reset and Upgrade
The absolute easiest way to establish ECM compatibility is to perform a factory reset on the device(s) and then upgrade straight to 4.4.0 or newer.Based on the device location, configuration requirements, and device workload this is not always a practical solution.
  • Method 2 – Incremental Firmware Upgrades
If there are existing device configurations on that cannot be reset, incremental firmware upgrades are highly recommended.Due to numerous configuration format changes over the years, firmware version older than 4.2.1 should be upgraded in a “stair-stepping” process; this reduces the likelihood of losing configuration settings.
Use the following sequence to upgrade device firmware versions:

 

WiPipe Central Firmware Stair-Stepping Sequence

          => 5.1.1
=> 4.4.0 (4.3.3 for CBR400 & CBR450)
=> 4.2.1
=> 4.0.3
=> 3.6.3
=> 3.5.1
=> 3.4.1
=> 3.3.0
3.2.4 (and older)

If the device is in between versions, start with the next version up. For instance, if the device is on 3.5.0, upgrade it to 3.5.1 first, and then continue up the stairs.

For procedures involving the upgrade of device firmware from WPC please visit: Getting Started with Enterprise Cloud Manager#Connecting to ECM: Upgrading Firmware

For procedures to manually upgrade device firmware see: Manually upgrade Series 3 CradlePoint firmware

Note: There is a known issue when manually upgrading from firmware version 4.2.0, this does not impact firmware upgrades from WPC or automatic (internet) upgrades. Details are in the 4.2.1 Firmware Release Notes.

Permalink

0 Comments - Leave a Comment

CradlePoint Enterprise Cloud Manager (ECM) provides multiple options for monitoring modem data usage: set up emailed Alerts when your modems reach user-defined data thresholds; get a quick, visual overview of your devices’ data usage with Dashboard; or run CSV Reports with data usage information.

Data usage is tracked in the routers, and that information is then sent to ECM at user-defined intervals (the default is 1 hour) for display in theDashboard or Reports; data usage Alerts aren’t affected by this usage sample interval because the information is pulled directly from the routers. The user-defined interval is a minimum: there are some event triggers that could cause additional data usage reports to be sent to ECM, such as heavy data usage. To change this interval, go to the Groups page in ECM and click on Settings in the top toolbar (the minimum value is 5 minutes). In the popup window that appears, ensure Enable Usage Reporting is selected and use the slider to edit the interval:

Data usage interval settings

There is a potential for some loss of data between the router and ECM if, for example, the router reboots before sending a usage sample.

CradlePoint recommends setting up data threshold Alerts for the most accurate, consistent information: receive an email whenever you reach one of your thresholds. For example, configure ECM to email you when your modem reaches 85% and 100% of your monthly data plan.

NOTE: The data usage numbers in ECM are strictly estimates and are dependent on information provided by the modem through the router: these may not match the carrier numbers. The carrier is the final authority for billing purposes. We recommend setting your thresholds lower than your billing allowances and regularly comparing the ECM numbers with the numbers from the carrier.

Setting Up Data Usage Alerts with ECM

Assign data cap thresholds

  1. Go to the Groups page in ECM (or Devices page to assign settings to an individual device instead of a group).
  2. Select a group and click on Configuration in the top toolbar and Edit in the drop-down menu.
    Open Groups configuration in ECM
  3. In the popup configuration window that appears, select Internet > Data Usage.
    Edit configuration window
  4. Make sure that Enable Data Usage is selected. Then under Template configuration, click Add to create a new data usage rule.
    Enable Data Usage
  5. Complete the fields in the popup window to create a data usage rule. Designate Assigned Usage in MB and select Send Alert on Cap to set ECM to send an email when your devices hit this threshold. Set up an additional alert by selecting Extra Email Alert and setting aPercent of Usage so that ECM will send an alert when the device’s data usage reaches this percentage of the usage threshold. For additional alerts, create another rule with a different usage threshold.
    Data Usage rule

Enable data usage alerts in ECM

  1. Go to the Alerts page in ECM. Select the Settings icon in the drop-down menu at the top of the page.
    Alerts page in ECM
  2. Click Add at the top left of the Alerts > Settings page in order to create a new alert notification rule.
  3. Complete the fields in the popup window to define your rule. Be sure to select Data Cap Threshold in the Alerts section.
    Adding an Alert Notification Rule
  4. Select one or more Users to create emailed notifications: otherwise the alerts you define will only appear in the Alerts > Log page.

NOTE: These emailed alerts come from ECM mail servers. You can alternatively set up router alerts through a separate SMTP server of your choice. In the Configuration window (under Groups or Devices), go to System Settings → Device Alerts. Configure your desired server in theSMTP Mail Server section.

Permalink

0 Comments - Leave a Comment

Quick Start


Basic Setup


1. Insert an activated SIM.

A wireless broadband data plan must be added to your CradlePoint AER 2100. Wireless broadband data plans are available from wireless carriers such as Verizon, AT&T, Sprint, EE, and Vodafone. The SIM must be provisioned with the carrier. Contact your carrier for details about selecting a data plan and about the process for provisioning your SIM.

Once you have an activated SIM, insert it into the integrated modem. Insert the SIM card into the slot marked SIM 1 (use the other slot, SIM 2, for a secondary/backup SIM).

image

Be sure to insert the card with the notch-end first and the gold contacts facing down – it will click into place.

image

2. Attach the integrated modem.

Follow these steps to attach the integrated modem:

1) Remove the left side panel cover from the router. Use a Phillips screwdriver to remove the screws, and use the Multipurpose Retaining Tool (included in the router package) to remove the cover.

image

2) Slide the modem into the side of the router. The protruding section of the green board fits into the groove.

image

3) Reattach the panel cover and screw it back on. (When necessary, remove the cover and modem using the Multipurpose Retaining Tool.)

3. Attach the WiFi and modem antennas.

Attach the three WiFi antennas (included) and two modem antennas to the connectors. Antennas are jointed, which enables you to position them for optimal signal. To attach, hold the antenna straight and twist the base of the antenna to connect, folding the joint if needed.

Examples of suggested antenna orientations:

Desk Mount

image

Wall Mount

image

Care should be taken to ensure that the router antennas are not near metal or other RF reflective surfaces.

4. Connect the power source.

Plug the provided power supply (12V DC wall adapter) into an electrical outlet. Then connect the power supply to the router.

image

Ensure power is switched on:

  • O = OFF
  • I = ON

When you set the power switch to the ON ( I ) position, watch for the power LED to illuminate.

If you would like to secure the power supply cord, attach the Multipurpose Retaining Tool as shown below. Secure with included screws.

image

5. Connect to a computer or other network equipment.

Connect wirelessly to the WiFi broadcast or with an Ethernet cable connected to your computer and then plugged into one of the Ethernet LAN ports (numbered 1–4).

The default WiFi network name broadcast is “2100-xxx”, where “xxx” is the last three characters of your router’s MAC address (this is the SSID on the product label). To connect to the WiFi, you will need to input the DEFAULT PASSWORD when prompted. The DEFAULT PASSWORD is provided on the product label found on the bottom of your router.

NOTE: The product label below is an example only: your DEFAULT PASSWORD and SSID will be unique.

image

Accessing the Administration Pages


Once you are connected, open the CradlePoint AER 2100’s GUI-based administration pages to make configuration changes to your router.

  1. Open a browser window and type “cp/” or “192.168.0.1” in the address bar. Press ENTER/RETURN.
  2. When prompted for your password, type the eight character DEFAULT PASSWORD found on the product label.

image

It’s possible – and more efficient – to do all your configuration changes through CradlePoint Enterprise Cloud Manager (ECM) without logging into the local administration pages. Set up a group of routers and set the configuration for all of them at once. See below for more information about ECM.

First Time Setup Wizard


When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your CradlePoint AER 2100. You have the ability to configure any of the following:

  • Administrator Password
  • Time Zone
  • WiFi Network Name
  • Security Mode
  • Access Point Name (APN) for SIM-based modems
  • Modem Authentication
  • Failure Check

If you are currently using the router’s WiFi network, you will need to reconnect your devices to the network using the newly established wireless network name and password.

NOTE: To return to the First Time Setup Wizard after your initial login, select GETTING STARTED on the top navigation bar and FIRST TIME SETUP in the dropdown menu.

Using Enterprise Cloud Manager


Rapidly deploy and dynamically manage networks at geographically distributed stores and branch locations with Enterprise Cloud Manager, CradlePoint’s next generation management and application platform. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs, and enhance the intelligence of your network and business operations.

Click here to sign up for a free 30-day ECM trial.

image

Depending on your ordering process, your devices may have already been bulk-loaded into ECM. If so, simply log in at cradlepointecm.comusing your ECM credentials and begin managing your devices seamlessly from the cloud.

image

If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”.

image

Once you have registered your device, go to cradlepointecm.com and log in using your ECM credentials.

For more information about how to use CradlePoint Enterprise Cloud Manager, see the following:

Permalink

0 Comments - Leave a Comment

NOTE: Threat Management is only available for the AER 2100, and it requires a feature license. Enable this feature through Enterprise Cloud Manager.

CradlePoint Secure Threat Management leverages Trend Micro‘s security experience and expertise in this one-pass Deep Packet Inspection(DPI) solution. Threat Management includes settings for both IPS (intrusion prevention system) and IDS (intrusion detection system), as well as application identification logging. Use Threat Management to identify and prevent a wide variety of network threats.

This Threat Management solution examines network traffic for both signature matches from Trend Micro’s large signature database of known threats and statistical anomalies to detect previously unknown threats. Trend Micro regularly adds new signatures to its database: update your signature database version to ensure you’re defending yourself against the newest threats. You have the option to update manually or schedule regular updates.

Follow these steps to get started with Threat Management:

  1. To purchase a license or to begin a free trial, log into Enterprise Cloud Manager (ECM) and go to the Applications tab (this is only available to the primary account administrator). Once entitled, the router must be rebooted for Threat Management to begin working.
  2. For complete configuration options, go to Network Settings → Threat Management in the configuration pages (in ECM or locally). See configuration options below.
  3. Set up emailed or logged alerts in the Alerts tab in ECM.
  4. Set up regularly scheduled signature updates in the configuration pages, or update manually in ECM via the Devices or Groups page (click on Commands in the top toolbar and select Update IPS Signatures from the dropdown options).

NOTE: Updating the signature database version causes a network disruption for a couple of seconds. You can schedule these updates to occur during days/times when you expect less traffic on your network.

Status

The Status section shows if Threat Management is enabled. It shows the current signature database version number, the timestamp for the most recent update, and the status of the most recent attempt to update signatures.

image

Click on the Update button to check for a new signature database version.

Configuration

Customize your Threat Management implementation (choose between IPS and IDS, set up a signature update schedule, etc.).

image

Operation Mode: Choose IPSIDS, or neither.

  • Disabled
  • Detect and Prevent (default) – IPS mode
  • Detect Only – IDS mode

Engine Failure/Error Action: In the unlikely event of an error with the Threat Management engine, you have the following options:

  • Allow Traffic (default)
  • Deny Traffic

With Allow Traffic selected, the device will act like a typical router without Threat Management enabled and route traffic as usual. If security is a huge concern, however, you may wish to select Deny Traffic to stop all traffic when Threat Management isn’t working properly.

Application ID Logging: (Disabled by default.) The DPI engine can identify network traffic applications and send this information to the system logs. Depending on your network traffic uses, application ID logging may send huge amounts of data to the system logs. We recommend enabling a syslog server to manage this information.

To view the logs, go to Status → System Logs. For configuration options, including syslog server setup, go to System Settings → Administration and select the System Logging tab.

Signature Update Schedule

You can choose to have a different signature update schedule for modems than for other WANs. This is intended to protect against overages when data usage limits for 3G/4G modems are restricted. For both Non-Modem WANs and Modem WANs, first choose the Frequency for updates:

  • Never
  • Daily
  • Weekly
  • Monthly

Then choose the specifc day and time. These updates cause a minor network disruption, so schedule updates for times with less critical traffic.

Whitelisted Signatures

Specify individual signatures that the Threat Management engine is detecting/preventing when the traffic is actually desired. Click Add and manually input a signature ID to include that signature on the “whitelist.”

image

Permalink

0 Comments - Leave a Comment

Getting Started


Enterprise Cloud Manager Registration


CradlePoint Enterprise Cloud Manager is CradlePoint’s next generation management and application platform. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs and enhance the intelligence of your network and business operations.

Click here to learn more and sign up for a free 30-day ECM trial.

Depending on your ordering process, your devices may have already been bulk-loaded into ECM. If so, simply log in at cradlepointecm.comusing your ECM credentials and begin managing your devices seamlessly from the cloud.

If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register.”

image

Once you have registered your device, go to https://cradlepointecm.com and log in using your ECM credentials.

image

For more information about how to use CradlePoint Enterprise Cloud Manager, see the following:

First Time Setup


When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through basic steps to customize your CradlePoint AER 2100. To return to the First Time Setup Wizard after your initial login, go to Getting Started → First Time Setup in the dropdown menu. You have the ability to configure any of the following:

  • Administrator Password
  • Time Zone
  • WiFi Network Name
  • Security Mode
  • Access Point Name (APN) for SIM-based modems
  • Modem Authentication
  • Failure Check

Administrator Password

CradlePoint recommends that you change the router’s ADMINISTRATOR PASSWORD, which is used to log into the administration pages. The administrator password is separate from the WiFi security password, although initially the Default Password is used for both.

image

NOTE: If you plan to use your router in a PCI DSS compliant environment, do not use this setting. Use the “Advanced Security Mode” settings under the Router Security tab in System Settings → Administration instead.

Time Zone

You can select your TIME ZONE from a dropdown list. (This may be necessary to properly show time in your router log, but typically your router will automatically determine your time zone through your browser.)

image

Click NEXT.

WiFi Network Name

CradlePoint recommends that you customize your WiFi network name. Type in your personalized network name here. You can also enable the Guest Network feature (for more configuration options, see Network Settings → WiFi / Local Networks).

image

WiFi Security Mode

image

Choose the WIFI SECURITY MODE that best fits your needs:

  • BEST (WPA2): Select this option if your wireless adapters support WPA2-only mode. This will connect to newest devices and is the most secure, but may not connect to older devices or some handheld devices such as the PSP.
  • GOOD (WPA1 & WPA2): Select this option if your wireless adapters support WPA or WPA2. This is the most compatible with modern devices and PCs.
  • POOR (WEP): Select this option if your wireless adapters only support WEP. This should only be used if a legacy device that only supports WEP will be connected to the router. WEP is insecure and obsolete and is only supported in the router for legacy reasons. The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited.
  • NONE (OPEN): Select this option if you do not want to activate any security features.

CradlePoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.

Choose a personalized WPA PASSWORD or WEP KEY. This password will be used to connect devices to the router’s WiFi broadcast once the security settings have been saved.

  • WPA Password: The WPA Password must be between 8 and 64 characters long. A combination of upper and lower case letters along with numbers and special characters is recommended to prevent hackers from gaining access to your network.
  • WEP Key: A WEP Key must be either a hexadecimal value of 5 or 13 characters or a text value of 10 or 26 characters.

Click NEXT.

Access Point Name (APN)

image

If you are using a SIM-based modem (LTE/GSM/HSPA) with your CradlePoint router, you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs, so check with your carrier to confirm the appropriate one to use. Some examples include:

  • AT&T: “broadband”
  • T-Mobile: “epc.tmobile.com”
  • Rogers LTE: “lteinternet.apn”
  • Bell: “inet.bell.ca”
  • TELUS: “isp.telus.com”

You can either leave this on the Default setting or select Manual and input a specific APN.

If your specific modem or SIM already has APNs programmed into it, you should leave this on the Default setting. After finishing this Wizard go toInternet → Connection Manager, select your modem, and edit the settings. The SIM PIN/APN tab has more available settings than are provided here.

Modem Authentication

Some modems require a username and password to be entered to authenticate with a carrier. Do not fill in these fields unless you are sure your modem needs authentication.

image

  • Authentication Protocol – Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Select from:
    • Auto
    • Pap
    • Chap
  • Username
  • Password

Configuring Failure Check

It is possible for a WAN interface to go down without the router recognizing the failure. (For example: the carrier for a cellular modem goes dormant, or your Ethernet connection is properly attached to a modem but the modem becomes disconnected from its Internet source.) Enable Failure Check to ensure that you can get out to the Internet via your primary WAN connection. This option is disabled by default because it may use data unnecessarily. Use this in combination with failover. For cellular modems, use this in combination with Aggressive Reset (Internet → Connection Manager under Modem Settings in the interface/rule editor).

image

Idle Check Interval: Set the number of seconds the router will wait between checks to see if the WAN is still available. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: Select from the dropdown menu. (Default: Off.)

  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected, and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping,” you will need to input an IP address that will respond to a ping request. This IP address must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

Click NEXT.

Summary

Review the details and record your wireless network name, administrative password, and WPA password (or WEP key). Move your mouse over your WiFi password to reveal it.

image

Please record these settings for future access. You may need this information to configure other wireless devices.

NOTE: If you are currently using the device’s WiFi network, reconnect to the network using the new wireless network name and security password.

Click APPLY to save the settings and update them to your router.

IP Passthrough Setup


You can quickly enable IP passthrough with the IP Passthrough Setup Wizard available under Getting Started → IP Passthrough Setup. IP passthrough takes a 3G/4G WAN data source (USB, ExpressCard, or CradlePoint business-grade modem) and passes the IP address through to Ethernet LAN.

Using this function requires many changes to your router configuration. The IP Passthrough Setup Wizard will automatically make these changes for you: simply read through the wizard and select Enable IP Passthrough on the second page. For further configuration options, see Network Settings → WiFi / Local Networks.

Review the list of changes to ensure they are compatible with your router needs:

  • All Ethernet ports will be set to LAN (i.e. you cannot use Ethernet as an Internet source for your router).
  • All WAN devices will have Load Balance disabled, and the highest priority device will be used.
  • All network groups except the primary network group will be removed.
  • All wireless interfaces will be removed from the primary network group. (It is possible to have a wireless interface associated with another network.)
  • All router-based VPN and GRE services will be disabled.
  • The Routing Mode will be set to IP Passthrough. (Network Settings → WiFi / Local Networks in the “Local Network Editor” under “IP Settings”)
  • The Subnet Selection Mode will be set to “Automatically Create Subnet” (Network Settings → WiFi / Local Networks in the “Local Network Editor” under “IP Settings” – this shows once IP Passthrough is set as the Routing Mode). You have the option to override this and select Force 24 Subnet, which forces a subnet of 255.255.255.0 and uses the first available address in the network as the gateway. This is for compatibility with equipment that may not handle modem addressing schemes; this should not be used unless necessary.

Any Ethernet WAN connections should be disconnected before IP passthrough is enabled.

Permalink

0 Comments - Leave a Comment

Table of Contents

Purpose

This article will explain in detail the process of migrating group configurations from WiPipe Central (WPC) to Enterprise Cloud Manager (ECM).

Requirements

  1. An Administrator or Full-Access WPC account
  2. Existing group configurations in WPCNote: It is recommended to migrate group configurations first without any devices. This process allows for a review of the new ECM configurations prior to assigning any devices to the group.
  3. An Administrator or Full-Access ECM accountNote: Settings for logs and alerts will not transfer in the migration. Settings for data capture and historical information, such as saved reports, will not transfer. Migrated groups will take ECM defaults for any settings not migrated.
  4. At least one WPC group for Series 3 devices (excluding the MBR95 and CTR35)

Directions

Initiate Group Migration from WPC

Note: Prior to migrating groups from WPC, please ensure groups and devices are at firmware 4.4.0 or above as described in Preparing to Migrate from WPC to ECM

First, log into WPC.

Select Group

  1. Navigate to the Groups tab.
  2. Select the group you wish to migrate, you can select multiple groups.
  3. Click on the Migrate button.

Group Migration dialog appears. This dialog has the following items:

Input ECM Credentials

  1. An Overwrite existing ECM group configuration checkboxChecking this option will overwrite the ECM group configuration with the current WPC group configuration. If no ECM group with the same name exists, this option has no effect.
  2. Migrate devices in selected groups checkboxLeaving this option unchecked will only migrate the group configuration to ECM. Checking this option will migrate all devices that currently belong to the WPC group into the matching ECM group. If no ECM group exists, the group will be created first.Note: In order to detach from WPC and connect to ECM the router must reboot. Depending on the synchronization timer on the router, this reboot may not be immediate and will occur the next time it checks in with WPC.

WPC Group Migrated

Validate Group Migration in ECM

Immediately after migrating the group configuration it will be visible in ECM; it is highly recommended to validate the ECM configuration prior to migrating any devices into it.

ECM Group Migrated

  1. Group name migrated from WPC
  2. No devices in the group (unless the Migrate devices in selected groups option was checked)Note: Settings for logs and alerts have changed from WPC and were no longer a part of the group configuration.
  3. Select the migrated group
  4. Click on the Settings link above the group list: the group settings dialog will display.

ECM Group Logging Review

  1. Reporting – Enable log and usage reporting as desired
  2. Connection PulseThe Connection Pulse is how often the “heartbeat” is sent to the ECM server. It is recommended to leave this at its default setting. Adjusting it to a higher frequency will increase data usage. Lowering the frequency risks dropping the ECM session. If the session is dropped, the router will be forced to reestablish the SSL connection, which requires significantly more data than the keep-alive.

Click “OK” to confirm Reporting, and Connection Pulse settings

Note: Alerts are configured under the Alerts tab in ECM and are not saved as part of the group configurations like they were in WPC.

Open the group Edit Configuration window to review the group configuration settings:

ECM Group Settings Review

  1. Select the group from the groups list
  2. Click the Configuration dropdown
  3. Choose Edit

Review the group settings to ensure the new ECM group is configured as desired.

ECM Group Settings Review

Note: ECM no longer has the Group tab in group configuration pages. All of the necessary functions still exist in the following locations:

ECM Group Tab Features

  1. Alert Config – in the group Settings dialog
  2. Commands – in the group Commands dropdown
  3. Device List – filter the Devices (3a) tab using the Show Accounts (3b) show accounts feature
  4. Rename Group – Click the pencil icon next to the Name field in the Groups list (only shows when the group is highlighted)
  5. Firmware – use the Firmware dropdown
  6. Sync Config – Adjusting the status reportinglog reporting, and heartbeat notification interval are in the group settings dialog (item 1). Firmware updates are now pushed to the device (item 2), instead of the device checking with the server for updates at set intervals.

Alternative: Create Groups in ECM First

Instead of migrating group configurations from WPC, you can create and configure groups in ECM first.  In order to use this method, the group must:

  1. Have the same group name
  2. Be assigned the same device model
  3. Be assigned the same firmware version
  4. Belong to the same account not a sub-account

Note: When creating ECM groups first, it is recommended to migrate devices from the WPC device list. If the ECM group configurations do not match the WPC group configurations, WPC will require a group configuration overwrite in order to migrate devices. Migrating from the device list does not require the group configurations to match.

Migrating Devices

After the group configuration is migrated, and the new settings are reviewed, the next step is to migrate devices.

Next Step: WPC to ECM Migration: Devices

Permalink

0 Comments - Leave a Comment

It is possible to manage a CradlePoint router through Enterprise Cloud Manager (ECM) with no active WAN connection, such as when it is used a failover device or configured in WiFi Bridge mode on an existing network. With the default settings, the router requires an active WAN connection to connect to ECM or obtain the current date/time from an NTP Server. To instead use the LAN to connect to ECM, you must set the CradlePoint to use the LAN Gateway feature.

  1. Log into the device’s administration pages.
  2. Go to System Settings > Administration.
  3. Select the Router Services tab.
  4. Select Use LAN Gateway and input the LAN Gateway Address. (This is the LAN IP address of the router that the CradlePoint is connected to.)                                                                                                                  Enabling a LAN gateway for Router Services
  5. The DNS server fields might not need to be changed: these match the static DNS values (set at Network Settings > DNS). You can leave the default values or set them manually here.

Once Router Services has been configured to use a LAN gateway, the device can now be managed by ECM via the LAN. However, because the device still does not have an active WAN connection, ECM will report the IP Address for the WAN source of the network the CradlePoint is connected through.



Notes

  • Setting up a LAN gateway for router services can be used to save money when a CradlePoint router is configured for 3G/4G failover behind another router. If your 3G/4G data plan is small/expensive, you can set router services to use the LAN connection (following the above steps) so that ECM doesn’t use 3G/4G data unnecessarily.
  • In addition to ECM, other “router services” also require a WAN connection by default but can be configured to use the LAN instead. For example, the above steps will enable a connection to an NTP (Network Time Protocol) server via the LAN.

Permalink

0 Comments - Leave a Comment

Welcome to CradlePoint Enterprise Cloud Manager

Enterprise Cloud Manager is the next generation management and application platform from CradlePoint. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs, and enhance the intelligence of your network and business operations.

Getting Started

Connecting Devices to Enterprise Cloud Manager:
Using Enterprise Cloud Manager:

Connecting Devices to Enterprise Cloud Manager

Upgrading Firmware

NOTE: Currently only Series 3 devices can connect to ECM (see: How to identify the Series of your CradlePoint router).
Connecting devices to CradlePoint Enterprise Cloud Manager requires at least firmware version 4.3.2 – you may need to upgrade firmware. You can upgrade firmware through the individual device’s administration pages or through WiPipe Central.

Upgrading Firmware through the Device Administration Pages

  1. Log into the device administration pages. Open a browser window and type “cp/” or “192.168.0.1” (these are the defaults – you may have changed them) in the address bar. Press ENTER/RETURN.
  2. When prompted for your password, type the eight character DEFAULT PASSWORD found on the product label – this is also the last eight characters of the MAC address. You may have personalized this password.
  3. Once you are logged in, navigate to System Settings → System Software. Under Firmware Upgrade, select the Automatic (Internet)option to upgrade to the newest firmware version. It is recommended that you save your settings using System Config Save/Restore.

Upgrading Firmware through WiPipe Central

  1. Log into WiPipe Central.
  2. Select the group that you want updated firmware for.
  3. Click on Group and select Firmware from the dropdown menu.
User-added image
  1. Select at least firmware version 4.3.2.

Registering Devices

Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”.
User-added image
Your device is now registered in ECM.

Migrating Devices from WiPipe Central

The following articles detail the steps for safely migrating devices from WiPipe Central to Enterprise Cloud Manager:


Using Enterprise Cloud Manager

Navigating the User Interface

Once you have upgraded firmware to at least 4.3.2 and registered your devices, go to https://cradlepointecm.com and log in using your ECM credentials.
ECM login
Once you are logged in, the left navigation menu shows the following tabs:
  • Dashboard – Provides powerful insight into your network through WAN analytics including connectivity, data usage, and performance.
  • Devices – Monitor all the devices loaded into ECM. View statuses, change configurations, and update firmware by device.
  • Groups – Monitor devices by group. Add new groups and view statuses, change configurations, and update firmware by group.
  • Accounts & Users – Add new users and subaccounts and edit the existing ones.
  • Alerts – View a list of alerts generated by your devices and edit settings for alerts, including emailed alerts.
  • Reports – Select the date range, type of report, group(s), and identifier fields and export CSV reports.
  • Applications – Trial, buy, and manage cloud-based applications (e.g., CP Secure Threat Management). This tab is only available for top-level account administrators.

For contextual help, open the Help Panel by clicking on the question mark symbol in the top right corner.

ECM Help Panel
You have the ability to collapse or resize the Help Panel. Also, use your operating system/browser “Find” function to search the help text (e.g. click Ctrl+F or ⌘+F).The DevicesGroups, and Alerts → Log pages all display as grids. The grids are customizable. Reorder columns by dragging and dropping the column headers. Resize columns by dragging the edge of the column headers. Click on the column headers to sort rows by ascending/descending order.
To remove or add columns, click on the “Column Selection” icon in the top right corner of the grid. Select/deselect columns from the popup list that appears.
ECM column selection
To filter the display to show a subset of the grid items, you have two main options:
  1. Some of the fields in the grid are hyperlinks for filtering the grid (e.g. “Product”). From within the grid, click on a hyperlinked field and the grid will be filtered to display only the devices of that type. For example, click on “MBR1400v2” to display only MBR1400v2 devices.
  2. Input a string of characters into the search box (top right) to filter by devices that have that string in one of their fields. You can use partial strings, and the field does not have to start with the partial string. For example, “600” will display devices that have “IBR600” in the Product field. This searches most (but not all) of the fields.
ECM search box

Creating a New User

NOTE: Creating a new user is only available to account administrators.

  1. Click on Accounts & Users in the left menu.
  2. Select the desired account from the table.
  3. Click on Add in the top toolbar. Select “User” from the dropdown menu.
Add User
  1. Enter the information in the “Add User” dialog box. Note that the “Role” will determine the permissions the user will have in the account and all included subaccounts. Choose from the following roles:
    • Administrator: Administrators have full access to the account they are in, along with all subaccounts within that account.
    • Full Access User: Same access as administrators except cannot create/edit other users.
    • Read Only User: Cannot make any configuration changes or change settings; can only view information within Enterprise Cloud Manager (ECM) and run reports.
Add User Dialog Box
  1. Click on “OK” to save the new user.

Creating a Subaccount

NOTE: Creating a new subaccount is only available to account administrators.

  1. Click on Accounts & Users in the left menu.
  2. Select the desired account from the table.
  3. Click on Add in the top toolbar. Select “Subaccount” from the dropdown menu.
Add Subaccount
  1. Enter the name of the subaccount and click “OK”.
Add Subaccount Dialog Box

Managing Devices

Once you have added a device to ECM, you will see it listed in the Devices page. Manage individual devices within this page: view a device’s status, make configuration changes, move devices into a group, etc. The Devices page has three main views: RoutersNetwork Interfaces, and Rogue AP. In the views menu at the top, next to Devices, select one of these options (default view is Routers).
  • Routers displays all the routers.
  • Network Interfaces displays every network interface, including both LAN and WAN (e.g. modems, Ethernet connections, WiFi).
  • Rogue AP shows a list of wireless access points that your devices have seen; use this list to search for Rogue APs that could threaten your networks.

From within the Routers view, click on a device name to view in-depth WAN analytics for that device. This reveals the device dashboard, with charts for data usage, signal strength, and more.

Device dashboard
The most common way of managing devices is in groups. By putting devices in groups you can change the configuration and upgrade firmware by making a change to the group that is applied to all of the devices in that group.To create a group, select Groups in the left menu and click “Add” in the top toolbar.
Add Groups
Enter the Group Name you want to use, select the Product type you will be adding to that group (e.g., MBR1400v2, IBR600), and select theFirmware you want the devices in that group to have. You can also change the Subaccount (if desired). Click on “OK.NOTE: All the devices in a group must have the same type and same firmware.
Add Group Dialog Box
The new group is now listed on the Groups page.Now that the group is created, you can move devices into the group by first selecting them in the Devices page and then clicking “Move” on the top toolbar.
Move Device to Group
A popup window appears. Select a group (only groups with the appropriate device type are displayed) and click OK.
Select a Group
NOTE: The router will IMMEDIATELY be upgraded or downgraded to the version of firmware defined for the group. This could cause a router reboot if the firmware version of the router does not match the firmware version configured for the group.

Upgrading Firmware

Router firmware can be upgraded by group. Select a group from within the Groups page and click on Firmware in the top toolbar. In the dropdown menu, select the firmware version number.
Upgrading Firmware
You will be prompted to accept the firmware version change.
Confirm Firmware Upgrade
Click on “Yes” and the firmware upgrade will be applied IMMEDIATELY to all of the routers in the group.NOTE: The routers in the group will IMMEDIATELY be upgraded (or downgraded) to the version of firmware defined for the group. This will cause a router reboot if the firmware version of the router does not match the firmware version configured for the group.

Configuring Devices

You can apply a configuration change to a group or a specific device within a group (e.g. change failover priority, enable GPS, add a guest WiFi network, etc.). Configuration settings created for a group apply to all the devices within the group. Configuration settings created for a device apply only to that device and override configuration settings defined for the group it is in.1To change the configuration of a group select Group in the Application panel, select the group you want to configure, click “Configuration” in the top toolbar, and select “Edit” in the dropdown menu.
Configuring Devices
The Edit Configuration window shows, allowing you to make configuration changes.
Configuration Window
When making changes in the Edit Configuration window you must select “Apply” on each configuration page before leaving the page in order to save the changes made. Once you have completed all changes, select from the following buttons on the bottom of the window:
  • View Pending Changes – view all of the changes you made on all of the configuration pages
  • Commit  Changes – apply all of the changes made on all of the configuration pages to the group or device(s)
  • Discard Changes – close the configuration window without applying any of the changes made on the configuration pages

To configure an individual device, select Device in the left menu and select the device in the list. Click on “Configuration in the top toolbar” and then select “Edit” from the dropdown menu. The same rules and guidelines apply to device configuration that apply to the group configuration described above.

Setting Up Alerts

The Alerts page has two views for tracking device status changes:
  • The Log view shows a list of alerts sent from the routers to ECM.
  • The Settings view shows rules for alerts, including email notifications.

Toggle between these two views by clicking on the buttons at the top left.

Alerts

Alerts are of the following types:

  • Configuration Change
  • Configuration Rejected
  • Data Cap Threshold
  • ECM Connection State
  • Failed Login Attempt
  • Firmware Upgrade
  • Modem State
  • Reboot
  • Unrecognized Client
  • WAN Service Type
  • WAN Status Change
To enable alerts, including emailed notifications, first select the Settings view and then click on Add at the top left. Create an alert notification rule by completing the fields.
Alert notification rule
Complete the following fields to create an alert notification rule:
  • Accounts/Groups (required) – Choose which sets of devices will follow the notification rule. If you select an account, both grouped and ungrouped devices within that account (including all subaccounts) will be assigned to this rule.
  • Alerts (required) – Select the alert types from the dropdown options.
  • Users (optional) – If you want emailed notifications for these alerts, select users from the list to receive those emails. If you just want these alerts logged, leave this field blank.
  • Interval (optional – Select a time interval from the dropdown options. If you select “Immediately,”  an email notification is sent every time one of the selected types of alerts are logged. Otherwise, the alerts are stored over the course of the time interval and then sent together.

Exporting Reports

Reports allow you to create a summary of information about groups of devices and export that information as a CSV file. Select from several fields to customize your reports. Select the type of report (Data Usage or Signal Quality), a range of dates, the group(s), and identifying fields and then click Run Report to view the report. You also have the option to save the settings of a report for future use.

Reports

Exporting Logs

To export a device’s logs as a CSV file, first enable log reporting for the group the device is in. (This is disabled by default because some users won’t use this functionality – it would unnecessarily use data.) Navigate to the Groups page, select the desired group, and click on Settings.
Enable log reporting
In the popup window that appears, ensure that “Enable Log Reporting” is selected.
Enable Log Reporting
Once log reporting is enabled, navigate to the Devices page, select the desired device, and click on Export → Export Logs to export the device’s logs as a CSV file.
Export logs

 


1  Both group and device settings apply to the device unless they are mutually exclusive, in which case the device settings win. If a configuration update causes an error, the configuration will roll back to the previous configuration, and the device is “suspended:” it will still operate, but new configuration settings are not accepted until the suspension is removed.

Permalink

0 Comments - Leave a Comment

Multi-Carrier Software-Defined Radio Switching

Products Supported: Any Cradlepoint router or modem with a LPE designation.

Firmware Version: 5.3.0 or newer – for information on upgrading firmware

Summary

With firmware 5.3.0 all LPE devices can switch the modem firmware to a different carrier. This Multi-Carrier Software-Defined Radio functionality is unique to Cradlepoint products and provides customers the flexibility to expand their coverage options, reduce inventory risk, and future-proof their carrier networks.

Please note that this only changes the modem firmware. To connect with this modem, you must also have an activated SIM from the new carrier in the device. Some LPE devices allow you to insert two SIM cards, so you can include SIMs from two different carriers in a single modem and remotely switch the modem firmware with ECM.

Although a single Cradlepoint modem may have two SIM card slots (e.g., IBR1100 integrated modem), it can only have one modem firmware version on that modem, and therefore only one carrier at a time. The exception is that the AER 2100 could have two distinct, integrated MC400 modems, each with two SIM slots. So while each modem by itself can only have one firmware version, the AER 2100 can support two integrated modems – on distinct carriers- simultaneously.

Select from the following methods for instructions on switching the carrier of the modem firmware.
1. USB flash drive
2. Local administration pages
3. ECM Carrier Switching


Configuration

Configuration Difficulty: Intermediate

Manual Carrier Switching

Preparation:

To update the Modem Carrier (switching the modem between Verizon, AT&T, Sprint or Generic (T-Mobile in USA and Rogers, Bell, Telus in Canada), the following conditions must be met:

  • Compatible product with a Cradlepoint “LPE” modem. (designated in the router or modem Part Number)
  • Router Firmware version of v5.3.0 or newer.
  • USB flash drive (at least 256MB capacity) or a computer locally connected to the router.
  • An activated SIM card for carrier being changed to and provisioned for the IMEI of the modem being changed. (This is especially important for Sprint)
Manual Carrier switching using USB drive:

Note: This process will force all attached LPE modems to the updated modem firmware. In the case of an AER 2100 with two MC400 integrated modems, you may not want both modems to have the same firmware. Either use one of the other methods to update modem firmware or remove one of the MC400s during this process.

  1. Download the appropriate Modem Carrier firmware from the CradlePoint connect portal. This will be a ZIP file labeled specifically for each carrier or Generic:
    • “MC7354_Sprint.zip” for Sprint in North America.
    • “MC7354_Verizon.zip” for Verizon in North America.
    • “MC7354_AT&T.zip” for AT&T in North America.
    • “MC7354_Generic.zip” for T-Mobile, Rogers, Bell and Telus in North America.
  2. Save the file to your computer.
  3. Unzip the file contents to extract the files to your computer.
  4. Locate the extracted files. There will be an “MDM” file and a “JSON” file.
  5. Copy the “MDM” and “JSON” files from the extracted location to the root of your USB stick. The files must be in the root of the flash drive.
  6. Safely eject the USB flash drive from your computer.
  7. Locate the SIM slot, door, or panel on the Cradlepoint router or modem, and insert the new SIM (this must be performed while the power is OFF).
  8. Power on the Cradlepoint router (and connect the modem if it is not embedded in the router).
  9. Wait for the router to start-up completely. This can be verified by navigating to the router’s admin page (192.168.0.1 by default).
  10. Plug the USB flash drive into any of the router’s spare USB ports.
  11. The MODEM firmware update process begins automatically
    • PLEASE WAIT. Do NOT remove the USB flash drive at this time. The router will reboot immediately if the USB flash drive is removed. The process takes up to 10 minutes.
  12. PRIOR TO REMOVING THE USB DRIVE, verify the modem is attempting to connect with the new carrier and SIM: In a browser, log into the router’s administration page, 192.168.0.1 by default. Enter the password when prompted.
  13. Browse to Internet > Connection Manager and watch for the Internal LPE connection status to progress from “Connecting” to “Connected”.
  14. If you receive an error:
    • Consider that you may have to manually update the APN if your SIM is provisioned for one other than the carrier’s default APN. Instructions on how to do this can be found here.
    • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and, therefore, there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
    • Other troubleshooting steps may be found on Cradlepoint’s Support site or by contacting Cradlepoint Support.
  15. Regardless of the status at this time, the USB flash drive can be removed.
  16. The router will reboot itself, and attempt to connect using the new carrier/SIM.

Manual Carrier switching using a PC:
  1. Download the appropriate Modem Carrier firmware from the CradlePoint Connect Portal. This will be a ZIP file labeled specifically for each carrier or Generic:
    • “MC7354_Sprint.zip” for Sprint in North America.
    • “MC7354_Verizon.zip” for Verizon in North America.
    • “MC7354_AT&T.zip” for AT&T in North America.
    • “MC7354_Generic.zip” for T-Mobile, Rogers, Bell and Telus in North America.
  2. Save the file to your computer.
  3. Unzip the file contents to extract the files to your computer.
  4. Login to the router admin page and navigate to Internet > Connection Manager.
  5. In the WAN Interfaces table, select the desired LPE modem. *Note that for modems with two SIM slots, changing the firmware affects both SIM cards.
  6. Click Control.                                                                                                                                                                                                                                                                                                  User-added image
  7. Click Firmware.                                                                                                                                                                                                                                                                                                 User-added image
  8. Then click Manual Firmware Upgrade.                                                                                                                                                                                                                                                               User-added image
  9. Locate the files extracted in step 3 and select the .MDM file.
  10. The router UI will provide the progress status for every step and will eventually reboot. This process will take several minutes.
  11. After the router reboots it will, then attempt to connect to the new carrier.
  12. The new carrier SIM can be inserted either before or after doing the above steps. Remember that inserting a SIM on a COR model requires the router to be powered off.
  13. If you receive an error:
    • Consider that you may have to manually update the APN if your SIM is provisioned for one other than the carrier’s default APN. Instructions on how to do this can be found here.
    • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and, therefore, there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
    • Other troubleshooting steps may be found on Cradlepoint’s Support site or by contacting Cradlepoint Support.

ECM Carrier Switching

Preparation:
  • Compatible product with a Cradlepoint “LPE” modem (designated in the router or modem Part Number)
  • Router Firmware version of v5.3.0 or newer
  • An activated SIM card for carrier being changed to, and provisioned for the IMEI of the modem being changed (This is especially important for Sprint)
ECM Carrier switching steps:
  1. Log into Enterprise Cloud Manager.
  2. Select the devices tab and then Network Interfaces from the drop down menu at the top.                                                                                                                                                                                        User-added image
  3. At the far right side of the page click the User-added image icon and make sure Modem FW, Modem FW Status, SIM, and Model fields are selected then close the column select window. The Modem FW column will show you which carrier the modem is configured for and the SIM column displays the carrier of the SIM card.
  4. Next we need to locate the modem we want to switch to another carrier. The easiest way to do this is by sorting the Router Name or Router ID column, or to search by a specific router name using the search tool.
  5. In the example shown below, the grid is filtered using the search tool (searched by a specific router name, IBR1100LPE) and the filter tool (selected Modems) in the top toolbar so that only the two relevant interfaces display.                                                                                                                                                                                                                                                                                                              User-added image
  6. To switch the carrier of the modem firmware, first select the desired interface. *Note that integrated modems with two SIM slots show two interfaces in the grid. Both will always have the same modem firmware, so selecting either one will have the same results.
  7. Once you have selected an interface, click Commands in the top toolbar and Switch Carrier in the drop down menu.                                                                                                                                                User-added image
  8. Please review the agreement notes before proceeding. This process could knock your device offline.
  9. Once you click the I Agree button, you can now select the desired carrier. *Note that the Generic modem firmware is equivalent, regardless of whether you select T-Mobile, Bell, Rogers, or Telus.                               User-added image

 

  1. After the selection, ECM checks one more time to make sure you want to change the firmware because of the risk of disconnecting the modem. Click OK to continue.
  2. The modem firmware switch takes a few minutes. The Modem FW Status column shows the state of the update, e.g., “Downloading (38%),” and the Modem FW column shows the update that is in the process:        User-added image
  3. Once complete, the Modem FW Status column says, “Upgrade Successful” and the Modem FW column is updated with the new firmware version:                                                                                                    User-added image
  4. If the update fails for some reason, reboot the router before trying again.

Troubleshooting

  • You may have to manually update the APN if your SIM is provisioned for one other than the carrier’s default APN. Instructions on how to do this can be found here.
  • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and, therefore, there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
  • A factory reset will not affect the software defined radio.

 

Permalink

0 Comments - Leave a Comment

CradlePoint Enterprise Cloud Manager (ECM) is a cloud-based management service for configuring, monitoring, and organizing your CradlePoint routers. Key features include the following:

  • Group based configuration management
  • Health monitoring of router connectivity and data usage
  • Remote management and control of routers
  • Historical record keeping of device logs and status

Visit http://cradlepoint.com/ecm to learn more about CradlePoint ECM. If you do not have ECM credentials, sign up at: http://cradlepoint.com/ecm-signup.

image

Registering Your Router – Once you have signed up for ECM, click on the Register Router button to begin managing the router through ECM. Input your ECM Username and ECM Password and click Register. You have now registered the device with Enterprise Cloud Manager.

Suspending the ECM Client – Click on the Suspend Client button to stop communication between the device and ECM. Suspending the client will make it stop any current activity and go dormant. It will not attempt to contact the server while suspended. This is a temporary setting that will not survive a router reboot; to disable the client altogether use the Advanced Enterprise Cloud Manager Settings panel (below).

Enterprise Cloud Manager Settings (Advanced)

image

  • Enabled: Enable the ECM client to contact the server. While this box is unchecked, the ECM client will never attempt to contact the server. (Default: Enabled)
  • Server Host:Port: The DNS hostname and port number for your ECM server. (Default: stream.cradlepoint.com)
  • Session Retry Timer: How long to wait, in seconds, before starting a new ECM session following a connection drop or connectivity failure. Note that this value is a starting point for an internal backoff timer that prevents superfluous retries during connectivity loss.
  • Unmanaged Checkin Timer: How often, in seconds, the router checks with ECM to see if the router is remotely activated. Note that this value is a starting point for an internal backoff timer that reduces network usage over time.
  • Maximum Alerts Buffer: The maximum number of alerts to buffer when offline.

Permalink

0 Comments - Leave a Comment


Getting Started

Status Menus

Router Configuration

Enterprise Cloud Manager

Troubleshooting


Getting Started

Take it out of the box and plug it in!

Connecting a Computer to a CradlePoint Router

Accessing the CradlePoint Admin Pages

Enterprise Cloud Manager Registration

Product Manual – First Time Setup Wizard

Product Manual – Status – Dashboard


Status Menus


Router Config

Network Settings

Internet

System Settings


Enterprise Cloud Manager

Enterprise Cloud Manager Main Page

Enterprise Cloud Manager FAQ

Perparing to migrate from WPC to ECM

How to migrate GROUPS from WPC to ECM

How to migrate DEVICES from WPC to ECM

Upgrading router firmware for ECM compatibility

Tracking modem data usage with ECM

Using a LAN gateway to connect a device to ECM

Configuration priority in ECM

Multi-Factor Authentication


Troubleshooting

Troubleshooting DNS

Troubleshooting wired WAN problems

Troubleshooting WiFi as WAN

Troubleshooting prior to RMA

Gaming console firewall problems

Permalink

0 Comments - Leave a Comment

Cradlepoint 6.0 Firmware Upgrade

Products Supported: AER31x0, AER21x0, MBR1400v2, MBR1400, MBR1200B, CBA850, CBA750B, IBR11x0, IBR6x0, and IBR350.

Summary

Firmware version 6.0 has been released and introduces a vastly improved GUI for all routers. The new GUI takes the look and feel of Enterprise Cloud Manager (ECM) and brings it to the router. The menus have been reworked to be more intuitive and discoverable, and yet the configuration experience in itself has stayed similar to the previous UI. In short, finding the menus is easier and configuration has stayed as easy as always.

ECM users will immediately be displayed the new router GUI when configuring a router or group of routers with FW 6.0 or greater providing an improved and consistent user experience across the platform.

Along with the new UI, some notable new functionality is now available in FW 6.0:

  • Object Firewall
    • Independently create identities and policies, then match them to create rules
    • Easier to configure and more flexible
  • Connection Manager has been revamped, and now easily configurable in ECM
    • Manage all WAN connections remotely in a single, intuitive UI
  • WiFi-as-WAN Improvements
    • Intelligent AP handover capability

Cradlepoint recommends upgrading a few routers and take some time to get familiar with the UI, the new firewall, Connection Manager, and other important configuration elements, before moving their entire fleet.

Firmware 6.0 will comes with more extensive documentation to ease the transition.

Permalink

0 Comments - Leave a Comment

Summary

ECM provides the ability to be alerted to the presence of an Access Point that is unrecognized. This article details how to configure this functionality. After configuration the alert displays after running a WiFi site survey when a rogue access point not marked as known is detected broadcasting the same SSID as the device running the site survey.  This helps identify potential access point hijacking, evil twin, and man-in-the-middle WiFi attacks.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: Place a checkmark next to the router.
  • Step 3: Select Commands and then WiFi Site Survey.

img1

  • Step 4: If you are ready to proceed, click Yes.
    • Note: Performing a WiFi Site Survey may temporarily cause some wireless clients to lose their connection or stall their network traffic while the survey is being completed. It is recommended that this operation is performed during off hours.
  • Step 5: Next to Devices click Device and select Rogue AP.

img2

  • Step 6: Place a check mark next to any SSID’s you control or trust.
  • Step 7: Press Mark as Known to trust these SSID’s.
    • Note: Trusted/Known SSID’s are displayed with a green Thumbs Up icon. Untrusted/Unknown SSID’s are displayed with a red Thumbs Down icon.

img3

  • Step 8: Select Alerts in the navigation menu.
  • Step 9: Next to Alerts click Log and select Settings.

img4

  • Step 10: Click Add to create a new Alert.
  • Step 11: Select the Accounts/Groups to be monitored.
  • Step 12: Under Alerts expand the Security section and select Rogue Access Point Detected.

img5

  • Step 13: Configure the Users to be alerted and the Interval for when to alert.
  • Step 14: Click Save.

Permalink

0 Comments - Leave a Comment

Summary

ECM provides the ability to schedule firmware upgrades at the group level at a date and time of your choosing.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: Select Scheduler from the navigation menu.
  • Step 3: Click Add to add a new task.

User-added image

  • Step 4: Select Update Group Firmware and click Next.

User-added image

  • Step 5: Select the group you wish to schedule for updating and click Next.

User-added image

  • Step 6: Choose the target firmware version and click Next.
    • Note: As with immediate firmware upgrades, you cannot move a group to an earlier firmware version.

User-added image

  • Step 7: Click Add to create a new schedule.
  • Step 8: Give the Schedule a Name and Description.
  • Step 9: Choose the date and time to Schedule the firmware update for and then click Add.

User-added image

  • Step 10: Click Finish to create the schedule.

 

Permalink

0 Comments - Leave a Comment

Differences Between Series 2 and Series 3 Support in Enterprise Cloud Manager

CradlePoint is adding Enterprise Cloud Manager (ECM) support for Series 2 devices. The functionality available to Series 2 devices in ECM is on par with the functionality available in WiPipe Central (WPC). The stream protocol that connects Enterprise Cloud Manager to the router works exclusively with the technology available in Series 3 devices. Together, Series 3 devices connected to ECM represent breakthrough technology in real-time router information with the lightest possible cellular data usage. We recommend customers upgrade to Series 3 devices whenever possible to experience the real-time nature of this breakthrough technology.

For customers unable to upgrade at this time, Series 2 devices will be supported in Enterprise Cloud Manager, but with a similar latency to that experienced in WiPipe Central.

Series 2 devices need to have firmware version 2.0 or higher to work with Enterprise Cloud Manager.

NOTE: For a breakdown of which devices are in Series 2 and in Series 3 and their projected ECM compatibility, see the ECM Compatibility List in this article.

Key Differences

  • Interval settings (e.g., heartbeat, logs) have an assigned time that is not configurable in ECM.
  • A device status that has recently changed will experience a delay before being updated in ECM.
  • When editing a device configuration, users will see configuration pages that look like those from WiPipe Central.
  • Some of the column selection options are different.

 


 

Interval Settings

Setting Description / Usage ECM Configuration System-Wide Interval Setting
Heartbeat How frequently a device sends its ‘heartbeat’ to ECM to indicate whether it’s still online Not configurable via ECM 5 minutes
Heartbeat Timeout Based on the number of allowed missed heartbeats before a device’s status switches from online to offline Not configurable via ECM ~15 minutes
Logs Setting that indicates whether a device sends logs to ECM, and how frequently Can enable/disable through ECM, but interval is fixed 1 hour or 200 messages
Usage Reports Setting that indicates whether a device sends usage reports to ECM, and how frequently Can enable/disable through ECM, but interval is fixed 1 hour
Sync Interval How often a device should check with ECM to verify its managed status, session configuration values, and firmware and configuration versions Not configurable via ECM 15 minutes

Permalink

0 Comments - Leave a Comment

NetCloud Manager FAQ

 

Summary

This article provides a list of questions commonly asked about NetCloud Manager (NCM), and the answers to those questions. The Configuration Examples sections includes links to articles that demonstrate the function of the NCM service.

NetCloud Manager is Cradlepoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with NetCloud Manager, Cradlepoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.

A detailed explanation of the NetCloud Manager service can be found on the NCM product page.


 

Requirements

To establish a successful connection to NetCloud Manager, a Cradlepoint router must meet the following requirements:

1. Supported Product: Only the following router models can currently be added to ECM: AER2100, MBR1400v2, MBR1400v1, CBA850, CBA750B, IBR1100, IBR1150, IBR600, IBR650, IBR350, MBR1200B, CBR400, and CBR450.

2. Minimum Firmware: 4.3.2 (CBR4x0 only) and 4.4.0 (all other models). Using most recent available firmware version is recommended.

Note: Product support is planned for the following router models: CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250. Expected minimum firmware requirement for Series 2 products is 2.0.0.

Click here to identify your router. For information on upgrading NCOS, click here.

3. NTP Server Connection: Routers must sync with a time server before they can communicate with NetCloud Manager. NCM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century. By default, the routers boot up at Unix epoch 0 (January 1, 1970), which leads the TLS client to think the certificate is invalid without a time sync.


 

What level of redundancy and reliability features do the NetCloud Manager Servers have?

NetCloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:

Datacenter Redundancy and Reliability:

  • 24x7x365 onsite staff
  • Dual power circuits tied to N+1 redundant datacenter UPS systems
  • Onsite diesel backup power generators
  • Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
  • Fiber carriers enter datacenters at disparate points to guard against service failure
  • N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering

Server and Software Redundancy:

  • Redundant load balanced application servers
  • Master database in isolated private network with one-hour replacement
  • Full nightly backups
  • Rackspace SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.

 

What are the security measures for the Enterprise Cloud Manager Servers?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:

Datacenter Security:

  • Cradlepoint servers are located in a secured area within a Tier IV datacenter.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
  • 24x7x365 onsite staff
  • Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.

Hardware and Software Security:

  • CISCO ASA Firewall
  • Only authorized Rackspace operations personnel are allowed physical access to production NCM servers.
  • Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.

Event and Log Management:

  • All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
  • Automated logs track and log changes, including backups of this data.

 

Does Cradlepoint perform vulnerability assessment of the NCM servers?

Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the NCM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.

 

How many devices can your system support and how many do you have on the system now?

Cradlepoint manages more than 80,000 devices on WiPipe Central today. NCM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.

 

As a System Integrator, can I have multiple primary accounts that I can use to manage my customers’ devices, and can I see all of my customers’ devices?

Yes, with NCM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).

 

When an NCM account password is lost, how is it reset?

The user navigates to the “Request new password” page (link on the NCM central login page) where an email address is entered. If the email address entered matches an email address associated with an NCM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.

Cradlepoint support personnel do not have access to NCM user passwords and thus cannot provide any passwords over the phone.

 

How strong are NCM passwords and how long do they last?

The following are password requirements:

  • Password minimum length (default = 8)
  • Require one or more CAPITALIZED letters in the password (default = yes)
  • Require one or more numbers in the password (default = yes)

The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.

 

How are passwords stored within the NCM Servers?

All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses the PBKDF2 algorithm with a SHA-256 hash.

 

Is User Data stored within the Cradlepoint devices?

No user data is stored on the Cradlepoint devices.

 

Do new users receive a unique password?

When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to select a new password for their account.

When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.

 

How do you integrate with Network Management Systems?

NetCloud Manager can be integrated with any Network Management System via the NetCloud Manager API. The NCM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.

 

How many levels of user account privileges does NCM support?

NCM supports three levels of user access privileges for a customer.

  • Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
  • Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
  • Read-Only User – has read-only access for their account and any sub-account(s) below their account.
  • Diagnostics User – Same access as read only user, but with additional ability to reboot the router.

 

How much data does being connected to NetCloud Manager consume?

Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in “typical” scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.

 

How do you support Private Networks (cellular or wired)?

NCM can support a customer’s Private Network (3G/4G or wired networks). For device management, NCM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).

Support for Private Networks can be achieve by either of the following:

  • Customers create a firewall rule to allow NCM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).

Permalink


Summary

The Applications Tab within NCM allows you to purchase, try and manage applications within NCM.


 

Overview

The Applications tab will display all available applications.

You can purchase or try an application by selecting the appropriate button.

Once your account has the application entitled the Buy and Try buttons will be replaced by a Manage button.

User-added image

Clicking Try will create a trial entitlement for 10 devices.

Clicking Buy will bring up a tab for locating a partner to purchase the entitlement.

By clicking Manage you can Add or Remove devices. You can also determine which devices are entitled.

User-added image

To Add a device to an entitlement click the Add button. You will be presented with a dialog to select routers to add. You can locate devices with the Search field by Name or MAC or Product as needed. Place a checkmark next to the device(s) you wish to add to the entitlement and the press Save.

User-added image

To Remove devices from an entitlement, select the device(s) you wish to remove and then press Remove.

User-added image

In the right column you can find the following information:

  • Entitlement Details
    • Available: Remaining entitlements
    • Assigned: How many entitlements have been applied to devices
    • Non NCM Devices: Devices with this entitlement that are not in NCM
    • Total Allowed: Total number of entitlements purchased.
  • Buy More: Buy more entitlements
  • Features: What the entitlement offers
  • Requirements: Any requirements placed upon the entitlement
  • Support Products: Which Cradlepoint products will work with this application
  • Supported NetCloud OS Version: NCOS requirements for devices to use this entitlement

User-added image

Permalink


NETCloud Manager

The default NCM configuration generates the approximate data usage that is presented below. Protocol and carrier overhead can increase these values but these values do provide a generally good rule of thumb for data generated by use of NCM.

IMPORTANT: Things that could dramatically increase your data usage:

  1. Enabling logging, stats and alerting
  2. A high number of events being logged on the router
  3. Firmware upgrades pushed from NCM
  4. Modem disconnecting and reconnecting loops.

Routers managed through NCM:

  • By default, a Connection Pulse that are approximately 66 bytes is sent to NCM every 2 minutes.
    So 720 heartbeats/day x 66 bytes = 47520 bytes/day, 47520 bytes/day x 30 = 1,425,600 bytes/month (1.43 MB/month).
  • By default Usage Reporting that are approximately 10-20KB per report (depending on how many WAN devices are utilized on the Cradlepoint router) are sent to NCM every hour.
    So 20 KB/hour x 24 = 480 KB/day; 480 KB/day x 30 = 14400 KB/month (.014 GB/month or 14 MB/month)
  • By default Log Reports that are approximately 100KB (depending on how many events are logged on the router) are sent to NCM every hour. These reports can vary in size dramatically depending on events that are logged on the router; client connects/disconnect, modem state, etc.
    So a minimum amount of data sent would be 100 KB/hour x 24 hours = 2400 KB/day; 2400 KB/day x 30 = 72000 KB/month (.069 GB/month or 69 MB/month).

Routers not managed through NCM:

  • Every time the router is powered on it sends a 50 byte heartbeat to the NCM Server and then sends a heartbeat every 86400 seconds, (once per day).
    So the volume of data generated is approximately 50 bytes/day x 30 days = 1500 bytes/month (.0000014 GB/month or .0014 MB/month).

(The timers above can be adjusted higher or lower, depending on your data caps).


Advanced Failure Check

A ping packet is 64 bytes of data. If Advanced Failure Check set to an Idle Check Interval to 3600 (1 ping per hour) would generate 64 bytes/hour x 24 hours = 1536 bytes/day.
Then 1536 bytes/day x 30 days = 46080 bytes/month (.000042 GB/month or .042 MB/month).

NOTE: Increasing the time interval on NCM check in or Advanced Failure Check will cause data generation to increase.

Permalink


← FAQs