FAQs

Cradlepoint Series 3

If you are unsure of your CradlePoint series or Model number, please click here.

This article was written based on firmware verison 5.0.0.


Symptom:

Unable to access a Series 3 CradlePoint router setup page due to default password failure.

Causes:

  1. Using the default password outlined in the quick start guide example rather than the specific default password for this specific router.
  2. Password entry is error.
  3. The password has been changed and it is no longer the default password.
  4. The keyboard cap’s lock is enabled.
  5. You may have gone through an initial router set up and changed your password.


Resolution:

  1. Use the password 8 character password listed on the bottom of the CradlePoint router, which is also the last 8 characters of the MAC address.
    • The default password will only contain lowercase letters a – f and digits from 0-9.
    • The default password will never contain the letter “O” — only the number 0.
Note: If you are unsure whether or not the password is getting typed correctly, type the password into a simple editor such as Notepad and verify.

 

Note: Check that your keyboard Caps Lock is turned off and Number Lock is on.
  • If you cannot remember what you changed your password to, you can reset the CradlePoint back to the default, here is how.

Permalink

0 Comments - Leave a Comment

If you are unsure what Model or Series CradlePoint router you have, please click here.

This article was written based upon the 4.1.1 firmware version.

Description:

CradlePoint’s Series 3 routers support modem connections to Sprint’s private Data Link network, rather than connecting to the Internet.  These directions will walk you through configuring the CradlePoint to connect to your private Sprint Data Link network.  NOTE: When using the Sprint Plug-in-Connect Tri-Mode USB (Franklin U770) modem, all Data Link settings must be configured in the modem’s GUI, not in CradlePoint’s GUI.  Please consult Sprint for the appropriate configuration of this modem.

To configure the router, you will need to make sure that you have this account information from Sprint:

  • The “Network Access Identifier” (NAI)
  • The “AAA Password”
  • The “AAA Shared Secret”
  • The “Primary Home Agent” address (Primary HA)
  • The “Secondary Home Agent” address (Secondary HA)

Before starting, you will also need to make sure that both the CradlePoint router’s firmware is up-to-date, as well as the modem’s firmware.  Instructions to update the router’s firmware can be found here.  The modem’s firmware can be updated by placing the modem into a computer with the SprintView software, then checking for any available PRL or FUMO updates and installing them.

3G- Directions:

After you have verified that the modem and router have been updated to the newest firmware versions, follow these directions to configure the router with your Sprint Data Link settings:

  1. Log into the routers administration page (login instructions).
  2. Go to Internet -> Connection Manager                                                                           User-added image
  3. Under WAN Interfaces, highlight the 3G Sprint modem and click Edit User-added image
  4. On the WAN Configuration page, click on the CDMA Settings tab. User-added image
  5. On the CDMA Settings tab, place a check mark next to Persist Settings, then change the Active Profile to “0.”  Next, enter your NAI, AAA password, AAA shared secret, and primary and secondary home agents.  For the “AAA SPI” and “HA SPI” enter “1234” without the quotes. User-added image
  6. Click Submit to save the settings.

WiMAX- Directions

  1. Log into the router’s administration page.
  2. Go to Internet>Connection Manager.
  3. Under WAN Interfaces, highlight the WiMAX Sprint modem and click Edit.            User-added image
  4. In the WAN Configuration window, click WiMAX Settings.                                        User-added image
  5. On the WiMAX Setting tab, enter your realm, TTLS Authenication Mode, TTLS Username, TTLS Password and Verify.  The WiMAX Authentication Identity may not be provided or needed.                                                    User-added image
  6. Click Submit.


After making this change, the router will now be configured to connect to your Sprint private Data Link network instead of to the Internet.

Permalink

0 Comments - Leave a Comment

If you are not sure what model CradlePoint router you have, please click here.

This article was written based on firmware version 5.0.0.


Description:

The Logs allow you to track activity, failures, firewall activity, connection and disconnection of WAN devices, DDNS (Dynamic DNS) updates, VPN connections (VPN-enabled routers only) and many other events taking place in your router. Logs are a very useful tool in troubleshooting and monitoring your router’s status at any given time.


Details:

To view your router’s logs, log into the router’s admin pages and select the Status tab then System Logs from the drop down menu.

Log Options:

The log options are indicated in the picture below

User-added image


Auto Update: This option allows the log to update with new entries while the log is being viewed, giving the user a real time view of the log.

Update:  Will update the log with the most current entries but does not continue updating entries to the viewed log in real time.

Clear Log:  Clear all entries in the log.

Save Log:  This will download all current entries to a .txt file to the computer you are using to view the log.

Search Filter:  Is a text search bar that allows a user to search logs for specific entries or events.

Level:  This dropdown allows the user to view log entries of only certain levels.  The levels are Info, Warning, Error and Critical.

Log Details:  The Log Details section allows you to see information generated from the activities of the router. This information can range from administrators logging in and out, clients being assigned IP address, Dynamic DNS updates, email activity from the router, packets blocked by your firewall, and even the progress of a VPN connection on VPN-enabled routers.

We recommend saving a log file when you are having difficulties with your router that require you to call our Support team. By reaching out to our professionals, we can more easily diagnose what may be causing the problems. In other cases, you may simply want to document the activities of your router for future reference, or keep an eye on the computers being handed IP address. 

Permalink

0 Comments - Leave a Comment

If you are not sure what model CradlePoint router you have, please click here.

This article was written based on firmware version 5.0.0.

This article applies to the following CradlePoint products:  CBR400, CBR450, IBR600, IBR650, MBR1200B, MBR1400.
 

Description:

A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet.  This article explains how to set up a basic IPSEC VPN-terminated tunnel between capable CradlePoint Series 3 routers when the connections on both or either router are configured with publicly routable dynamic IP addresses using a dynamic DNS service.
For assistance configuring Series 3 CradlePoint routers where both sides connect using static IP addresses, please refer to this article instead: VPN setup example for static IP address connections

NOTE: 
This article assumes that the IP address being received from your ISP is a public facing routable address. For assistance configuring Series 3 CradlePoint routers to connect to a VPN where one side does not have a publicly routable IP address, please refer to this article instead: [Link to “VPN NAT-T setup”]

Before getting started, first make sure that both CradlePoint routers are online and that your dynamic DNS host is properly resolving to your IP address.  For assistance setting up dynamic DNS, please refer to this article: http://knowledgebase.cradlepoint.com/articles/Support/setup-Dynamic-DNS-on-a-Series-3-CradlePoint
 
Additionally, you will need to make sure that the local networks of the routers do not match.  For example, if Router #1 is already set up using the default network of 192.168.0.1, you would want to change Router #2’s local network to use a different private network (such as 192.168.100.1 or 172.16.0.1).  For assistance changing the local IP address of a Series 3 CradlePoint router, please refer to this article: How to change the router’s local IP address
 
For maximum compatibility, we also recommend making sure that the CradlePoint routers’ firmwares are upgraded to the most recent version.  The most recent CradlePoint firmware files can always be downloaded from http://www.cradlepoint.com/firmware


Directions:

After verifying that both CradlePoint routers are online that the dynamic DNS host(s) are resolving properly, and after verifying that both routers have been configured on different local subnets, the directions below will help configure a VPN tunnel between the two routers.  These same directions can be followed when only one side has a dynamic IP address, and the other side has a static IP address, just use the router’s static IP address whenever the dynamic DNS name is requested.

This is an example setup where both routers have routable dynamic WAN IP addresses.  Computer #1 is connected behind Router #1 and Computer #2 is connected behind Router #2.

Router #1
LAN IP address:                   192.168.42.1
LAN subnet mask:               255.255.255.0
Dynamic DNS name:          [the dynamic DNS hostname for router #1]
(example: cpexample1.no-ip.org)
Computer #1:                        192.168.42.199
Router #2
LAN IP address:                   192.168.0.1
LAN subnet mask:               255.255.255.0
Dynamic DNS name:          [the dynamic DNS hostname for router #2]
(example: cpexample2.zapto.org)
Computer #2:                        192.168.0.177


A typical VPN tunnel between these routers would allow Computer #1 (and other computers getting addresses from Router #1) to be able to connect directly to Computer #2 (and other computers getting addresses from Router #2) using a secure tunnel across the unsecure public Internet.
 
VPN configuration steps for Router #1:
 

1.    [Router #1] Log into CradlePoint’s admin console on Router #1.2.    [Router #1] Click Internet -> VPN TunnelsUser-added image

 

3.    [Router #1] Click Add to create a new tunnel.User-added image4.    [Router #1] On the first page of the VPN wizard, give the tunnel a unique Tunnel Name and Pre-shared Key.  In our example, theTunnel Name is “VPN_Example.”  You will use the same Tunnel Name and Pre-shared Key later when setting up Router #2.

 

If you prefer that the VPN tunnel is only established when you need it, set the Initiation Mode to On Demand.  If you instead prefer for the tunnel to remain online, set the Initiation Mode to Always On..  Click Next to continue.

 

User-added image

 

5.    [Router #1] On the Local Networks page, Select the IP Version you are using Locally for a gateway as well as the IP Version you are using for your LAN.  Then Click ADD under the Local Networks section and type the network and subnet of the local LAN that you want to make available across the VPN tunnel.  Click Save to confirm the network and click Next to continue.User-added image6.    [Router #1] On the Remote Networks page, enter Router #2’s Dynamic DNS host address as the Gateway, then Click ADD and enter Router #2’s local network and subnet mask that you would like to make available over the VPN tunnel.  Click Save and Next to continue.

 

User-added image

 
 

7.    [Router #1] For IKE Phase 1, change the Exchange Mode to Aggressive, and leave everything else at the default settings.  ClickNext to continue.User-added image8.    [Router #1] For IKE Phase 2, leave everything at the default settings.  Click Next to continue.

User-added image

9.    [Router #1] For Dead Peer Detection, leave everything at the default settings.  Click Finish to reach the summary page.

User-added image

10. [Router #1] At the Summary Screen, make sure that your settings are correct and click Yes to finish the configuration.

User-added image

11. [Router #1] Now that the VPN settings have been entered, click Enable VPN Service to turn on the VPN tunnel from Router #1’s side.

 
 
VPN configuration steps for Router #2:
 

12. [Router #2] Log into CradlePoint’s admin console on Router #2.13. [Router #2] Click Internet -> VPN TunnelsUser-added image

14. [Router #2] Click Add to create a new tunnel.

User-added image

15. [Router #2] On the first page of the VPN wizard, enter the same Tunnel NamePre-shared Key, and Initiation Mode used when setting up Router #1.  Click Next to continue.

User-added image

16. [Router #2] On the Local Networks page, Select the IP Version you are using Locally for a gateway as well as the IP Version you are using for your LAN.  Then Click ADD under the Local Networks section and type the network and subnet of the local LAN that you want to make available across the VPN tunnel.  In our example, these are the same settings entered into the Remote Network page on Router #1.  Click Save to confirm the network and click Next to continue.

User-added image17. [Router #2] On the Remote Networks page, enter Router #1’s dynamic DNS host address as the Gateway, then enter Router #1’s local network and subnet mask that you would like to make available over the VPN tunnel.  In our example, these are the same settings entered onto the “Local Network” page on Router #1.  Click Save and Next to continue.User-added image

18. [Router #2] For IKE Phase 1, again change the Exchange Mode to Aggressive, and then leave everything else at the default settings.  ClickNext to continue.

User-added image

19. [Router #2] For IKE Phase 2, again leave everything at the default settings.  Click Next to continue.

User-added image

20. [Router #2] For Dead Peer Detection, again leave everything at the default settings.  Click Finish to reach the summary page.

User-added image

21. [Router #2] At the Summary Screen, make sure that your settings are correct and click Yes to finish the configuration.

User-added image

22. [Router #2] Now that Router #2’s VPN settings have been entered, click Enable VPN Service to turn on the VPN tunnel from Router #2’s side as well.

User-added image

23. Now that both tunnels have been configured and enabled, go to Status –> VPN (from either computer) to view the status of the tunnel.

 
If the tunnel doesn’t come up automatically, you may need to generate “interesting traffic” over the VPN first.  From a computer connected to the router (or from the router itself) you will want to ping an IP address on the other side of the tunnel.  Interesting traffic would be generated if (for example) Computer #1 (192.168.42.199) attempted to ping Computer #2 (192.168.0.177), or if Router #2 (at 192.168.0.1) tried to ping Router #1 (at 192.168.42.1).
 
The “ping” command can be run directly from CradlePoint’s admin interface from  “System Settings” -> “System Control.”
 
Once the VPN tunnel has been established, you can view the VPN status by browsing to Status -> VPN.
 
Example VPN Status from Router #1:
 
User-added image
 
Example VPN Status from Router #2:
           
User-added image
 
Once the VPN tunnel has been configured and enabled, any traffic bound for the “remote network” will be sent across the VPN rather than being handled locally.
 
Note:

This example VPN shows how to make local networks available across a VPN.  If you need to have other local or public networks routed across the VPN, these networks will need to be added into the “Remote Gateway” settings for the router sending the traffic across the VPN.
 
For example, if the “Remote Gateway” in Router #2’s VPN configuration was changed from 192.168.0.0/255.255.255.0 to 0.0.0.0/0.0.0.0, this would force all Internet traffic coming from Router #2 to be sent across the VPN rather than being handled by Router #2’s WAN source.

Permalink

0 Comments - Leave a Comment

To determine the series of your CradlePoint router please click here.

This article was written based on the 4.3.0 series 3 firmware version.

Description:

A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet.  This article explains how to set up a basic IPSEC VPN-terminated tunnel between capable CradlePoint Series 3 routers when the connections on both routers are configured with publicly routable static IP addresses.
For assistance configuring Series 3 CradlePoint routers where one or both sides connect using dynamic public routable IP addresses (via Dynamic DNS), please refer to this article instead: VPN setup example for dynamic IP address connections

For assistance configuring Series 3 CradlePoint routers to connect to a VPN where one side does not have a publicly routable IP address, please refer to this article instead: VPN NAT-T setup

Before getting started, first make sure that both CradlePoint routers are online and are properly obtaining static IP  addresses from your ISP(s).  Additionally, you will need to make sure that the local networks of the routers do not match.  For example, if Router #1 is already set up using the default network of 192.168.0.1, you would want to change Router #2’s local network to use a different private network (such as 192.168.100.1 or 172.16.0.1).  For assistance changing the local IP address of a Series 3 CradlePoint router, please refer to this article: How to change the router’s local IP address

For maximum compatibility, we also recommend making sure that the CradlePoint routers’ firmwares are upgraded to the most recent version.  The most recent CradlePoint firmware files can always be downloaded from http://www.cradlepoint.com/firmware.

Directions:

After verifying that both CradlePoint routers are online with routable static IP addresses, and after verifying that both routers have been configured on different local subnets, the directions below will help configure a VPN tunnel between the two routers.

This is an example setup where both routers have routable static WAN IP addresses.  Computer #1 is connected behind Router #1 and Computer #2 is connected behind Router #2.

Router #1
LAN IP address:                   172.16.20.1
LAN subnet mask:               255.255.0.0
WAN IP address:                  [the static IP address on router #1]
Computer #1:                        172.16.123.106

Router #2
LAN IP address:                   192.168.0.1
LAN subnet mask:               255.255.255.0
WAN IP address:                  [the static IP address on router #2]
Computer #2:                        192.168.0.199

A typical VPN tunnel between these routers would allow Computer #1 (and other computers getting addresses from Router #1) to be able to connect directly to Computer #2 (and other computers getting addresses from Router #2) using a secure tunnel across the unsecure public Internet.

VPN configuration steps for Router #1:

1.    [Router #1] Log into the CradlePoint’s admin console on Router #1.

2.    [Router #1] Click “Internet” -> “VPN Tunnels”

User-added image

3.    [Router #1] Click “Add” to create a new tunnel.

User-added image

4.    [Router #1] On the first page of the VPN wizard, give the tunnel a unique “Tunnel Name” and “Pre-shared Key”.  In our example, the “Tunnel Name” is “VPN_Example”.  You will use the same “Tunnel Name” and “Pre-shared Key” later when setting up Router #2.

If you prefer that the VPN tunnel is only established when you need it, set the “Initiation Mode” to “On Demand”.  If you instead prefer for the tunnel to remain online, set the “Initiation Mode” to “Always On”.

Click “Next” to continue.

User-added image

5.     [Router #1] On the “Local Networks” page, type the network and subnet of the local LAN that you want to make available across the VPN tunnel.  Click “Save” to confirm the network and click “Next” to continue.

User-added image

6.     [Router #1] On the “Remote Networks” page, enter Router #2’s WAN IP address as the “Gateway”, then enter Router #2’s local network and subnet mask that you would like to make available over the VPN tunnel.  Click “Save” and “Next” to continue.

User-added image

7.     [Router #1] For “IKE Phase 1”, leave everything at the default settings.  Click “Next” to continue.

User-added image

8.     [Router #1] For “IKE Phase 2”, leave everything at the default settings.  Click “Next” to continue.

User-added image

9.     [Router #1] For “Dead Peer Detection”, leave everything at the default settings.  Click “Finish” to reach the summary page.

User-added image

10.     [Router #1] At the “Summary Screen”, make sure that your settings are correct and click “Yes” to finish the configuration. 

User-added image

11.     [Router #1] Now that the VPN settings have been entered, click “Enable VPN Service” to turn on the VPN tunnel from Router #1’s side.

VPN configuration steps for Router #2:

12.     [Router #2] Log into the CradlePoint’s admin console on Router #2.

13.     [Router #2] Click “Internet” -> “VPN Tunnels”

User-added image

14.     [Router #2] Click “Add” to create a new tunnel.

User-added image

15.     [Router #2] On the first page of the VPN wizard, enter the same “Tunnel Name”, “Pre-shared Key”, and “Initiation Mode” used when setting up Router #1.  Click “Next” to continue.

User-added image

16.     [Router #2] On the “Local Networks” page, type the network and subnet of the local LAN that you want to make available across the VPN tunnel.  In our example, these are the same settings entered into the “Remote Network” page on Router #1.  Click “Save” to confirm the network and click “Next” to continue.

User-added image

17.     [Router #2] On the “Remote Networks” page, enter Router #1’s WAN IP address as the “Gateway”, then enter Router #1’s local network and subnet mask that you would like to make available over the VPN tunnel.  In our example, these are the same settings entered onto the “Local Network” page on Router #1.  Click “Save” and “Next” to continue.

User-added image


18.     [Router #2] For “IKE Phase 1”, again leave everything at the default settings.  Click “Next” to continue.

User-added image

19.     [Router #2] For “IKE Phase 2”, again leave everything at the default settings.  Click “Next” to continue.

User-added image

20.     [Router #2] For “Dead Peer Detection”, again leave everything at the default settings.  Click “Finish” to reach the summary page.

User-added image

21.     [Router #2] At the “Summary Screen”, make sure that your settings are correct and click “Yes” to finish the configuration. 

User-added image

22.     [Router #2] Now that Router #2’s VPN settings have been entered, click “Enable VPN Service” to turn on the VPN tunnel from Router #2’s side as well.

User-added image

23.     Now that both tunnels have been configured and enabled, go to “Status” –> “VPN” (from either computer) to view the status of the tunnel. 
 
If the tunnel doesn’t come up automatically, you may need to generate “interesting traffic” over the VPN first.  From a computer connected to the router (or from the router itself) you will want to ping an IP address on the other side of the tunnel.  Interesting traffic would be generated if (for example) Computer #1 (at 172.16.123.106) attempted to ping Computer #2 (at 192.168.0.199), or if Router #2 (at 192.168.0.1) tried to ping Router #1 (at 172.16.20.1).
 
The “ping” command can be run directly from the CradlePoint’s admin interface from  “System Settings” -> “System Control”.
 
Once the VPN tunnel has been established, you can view the VPN status by browsing to “Status” -> “VPN”.
 
Example VPN Status from Router #1:

User-added image

Example VPN Status from Router #2:

User-added image

Once the VPN tunnel has been configured and enabled, any traffic bound for the “remote network” will be sent across the VPN rather than being handled locally.


Note:

This example VPN shows how to make local networks available across a VPN.  If you need to have other local or public networks routed across the VPN, these networks will need to be added into the “Remote Gateway” settings for the router sending the traffic across the VPN.

For example, if the “Remote Network” in Router #2’s VPN configuration was changed from 172.16.0.0/255.255.0.0 to 0.0.0.0/0.0.0.0, this would force all Internet traffic coming from Router #2 to be sent across the VPN rather than being handled by Router #2’s WAN source.

Permalink

0 Comments - Leave a Comment

If you are unsure of the CradlePoint Series or Model Number, please click here.

This article was written based upon firmware version 5.0.0.
 
 
Introduction:
 
The CradlePoint router CLI is a captive text-based interface for configuring, managing, and debugging CradlePoint routers.
 
This document provides an overview of CradlePoint’s Command Line Interface (CLI) feature available in Series 3 CradlePoint routers. 


Terminology:

“Prompt” (or “Command Prompt”) 
The input field at the bottom of the CLI interface. This is where “commands” and “arguments” are entered into the system.

“Command”
“command” is a single word instruction for the router to process.  It is sent to the router as the first word entered at the “Command Prompt.”

“Argument”
 An argument refers to the text that follows the command.  Most commands have optional arguments that control in influence the way the command will run.   Arguments for each command can typically be discovered by running the command with the “–help” argument or by running “help COMMAND.”
 

How to Enable the SSH Server to use the CLI:

The CradlePoint’s SSH server is disabled by default.  There are three ways to enable the SSH server. 
1.    Using the CradlePoint’s Web Admin Interface
a.    Log into the CradlePoint’s admin console (by default: 192.168.0.1)
b.    Go to “System  Settings” -> “Administration”
c.    Click the “Local Management” tab
d.    Place a checkmark next to “Enable SSH Server” option
e.    Optionally, select the “Remote Management” tab and check “Allow Remote SSH Access.”
f.     Click “Apply” to save your changes
 
2.    Using WiPipe Central Remote Management
a.    Log into your WiPipe Central account.  If you do not have a WiPipe Central account, please contact your sales representative  for assistance
b.    Navigate to the group or device you’d like to enable the SSH server on.
c.    Go to “System Settings” -> “Administration”
d.    Click the “Local Management” tab
e.    Place a checkmark next to “Enable SSH Server” option
f.     Optionally, select the “Remote Management” tab and check “Allow Remote SSH Access.”
g.    Click “Apply” to save your changes
 
3.    (ADVANCED) Using the “curl” application
a.    From a computer with curl installed, run this command from a terminal or command line prompt, in the same directory as curl.exe (for example):
 
curl –digest -u username:password http://192.168.0.1/api/config/firewall/ssh_admin -X PUT -d data=true
 
b.    Optionally, to enable remote SSH access, also run this command:
 
curl –digest -u username:password http://192.168.0.1/api/config/firewall/ssh_admin/remote_access -X PUT -d data=true
 
 (Your IP address may be different from 192.168.0.1)

Connecting a Client Computer to the CradlePoint’sSSH Server:

CradlePoint Series 3 routers are designed to support standards-based SSH-2 clients.  Many modern operating systems (such as GNU/Linux or Apple OSX) include an SSH client that can be run directly from the computer’s terminal prompt. For these platforms simply locate and execute the Terminal software of your preference, then run the “ssh” command with the username and password of the router:

             ssh admin@192.168.0.1

For Microsoft Windows computers, we recommend using the free and well-supported PuTTY SSH client, available from here:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
 
See the PuTTY web page and application help for details on making SSH
connections.  The only details you should need to provide are the username,
password and IP address of the router.  The default username is always “admin.”
as shown above.


After Connecting to the SSH Server:
 
Once you successfully login you will see a command prompt similar to this:
[admin@MBR1400-301: /]$
 
This shows you your username (admin), the system ID (MBR1400-301 in this case) and the current working directory (/).  The working directory is important for many commands, as it represents the “ConfigStore” context for many commands, as shown below. 


Navigating Using the CLI:

An important part of a command line shell is the notion of a hierarchical file system which is usually backed by a tree structure of directories and files on a hard disk or SSD storage device. In the case of CradlePoint routers, this file system hierarchy is backed by the routers configuration, status and control system known as the “ConfigStore.”

The ConfigStore is like the central nervous system for the router and acts as a live interactive portal to the routers current state and configuration settings. We will expand on this thought as we move forward, but try to remember that the files and directories that we talk about are live elements of the router.  Any changes to those files and directories will result in immediate application and proliferation through the routers internal subsystems.  Likewise, when viewing the contents of files, you will always be presented with the most current data.
 
Basic navigation commands:
 
ls         List                              Lists the directories and files
cd        Change directory     Changes to the specified directory
get       Get                              Gets the values of the directories and files

When you first log in your current working directory will be the “root” directory (/). 
 
            [admin@MBR1400-301: /]$
 
The “ls” command lists the directories and files in your current working directory.  Running the “ls” command from the “root” directory returns the “control/, status/, and “config/” directories.

            [admin@MBR1400-301: /]$ ls 
            control/           status/            config/ 
 
You can change the working directory using the “cd” command, followed by the directory to change to.  Running “cd config” changes the current working directory to “config/”.  Notice that the prompt now shows that the current working configuration is now “config/”
 
            [admin@MBR1400-301: /]$ cd config
            [admin@MBR1400-301: /config]$
 
If you run the “ls” command from the config/ directory, you will see all the directories and files in the “config/” directory.
 
            [admin@MBR1400-301: /config]$ ls
            ethernet/  wan/       lan/       shell/     qos/       dns/      
            firewall/  failover/  alerts/    system/    hotspot/   wwan/     
            gre/       routing/   dhcpd/     webfilter/ wlan/      vpn/      
            stats/    
 
Like before, you may use the “cd” command to change the current working directory.  Typing “cd system” changes the current working directory to “config/system/.”     
 
[admin@MBR1400-301: /config]$ cd system

            [admin@MBR1400-301: /config/system]$ ls
            mac_monitor/          local_domain          timezone             
            at_passthrough_proxy/ serial/               upnp/                
            ui_activated          snmp/                 first_boot           
            dyndns/               system_id             email/               
            gps/                  users/                power/               
            ntp/                  pci_dss               wipc/                
            qxdmproxy/            logging/              admin/               
            watchdog/             disable_leds          reboot_schedule/     
            dst_enabled
 
The “get” command by itself may be used to return the values of all files in the current working directory.  The “get” command followed by a filename or directory will return only the values for that location.
 
The “config/system/dst_enabled” file represents whether daylight savings time has been enabled in the router.  Using the command “get dst_enabled” we can find whether daylight savings time is enabled.
            [admin@MBR1400-301: /config/system]$ get dst_enabled
true

To change to the parent directory use the special “..” path.  Each directory
path must be separated with “/” character.  To go up two levels, for example,
you would type “cd ../..”. 
 
For example:
 
            [admin@MBR1400-301: /config/system/logging/]$ cd ..
            [admin@MBR1400-301: /config/system/]$ cd ../..
            [admin@MBR1400-301: /]$
The command line interface supports “tab-completion” (http://en.wikipedia.org/wiki/Command-line_completion) which can reduce the number of key strokes required to enter a command name or path name.  To use this feature simply type the first part of a command or path name and hit the tab key to complete the word.  If the word is not unique, you can hit the tab key twice to see a list of conflicts.


Commands:


To see a complete list of commands type “help.”  To get detailed help about a specific command simply run “help COMMAND” such as “help ls.” Here is an incomplete list of some basic and important commands:

wan
Show and configure wan devices.  Detailed information about a wan can be      obtained by providing the UID of the wan device as the first argument.

lan
Show the current LAN configuration and status.

wireless
Show status of all Access Points on the router and connected wireless clients.
 
get
Get the value for config item(s)

set
Set the value to a config item

delete
Delete an item from the config

inspect
Show the data type definitions for a config path.  This is useful for learning the requirements of a particular config resource.
 
log
Show and search through the system log.

passwd
Changes your password.

factory_reset
Reset the config to factory defaults.  Use with caution.


Reading and Writing Values:

The “get” and “set” commands are used to read and write values to the router’s ConfigStore.  The format for all these values is JSON (http://json.org).  Because the file system in the CLI is also the ConfigStore, you can run “get” on the entire ConfigStore if desired.  For example if you run “get” from the root directory you will see the complete contents of the routers ConfigStore.  The “get”, “set”, “append”, and “delete” commands all take the current working directory into consideration, so the argument that follows the command should be the path within or with reference to the current directory.  Use the “ls” command to view the contents of the current directory when in doubt.

Here are a few examples that illustrate the multiple ways in which you can view the contents of the system. 

We can run the get and ls command from any directory we want if we use an absolute path as the argument.  An absolute path is any path that begins with a “/” character; this indicates that the path begins at the root directory.

                        [admin@MBR1400-301: /]$ get /config/system/logging/level
                        “info”
 
                        [admin@MBR1400-301: /]$ ls /config/system/logging   
                        console        level          firewall       enabled       
                        max_logs       modem_debug    remoteLogging/
 
Alternatively, we can change our current working directory to the location of interest and run the commands from there.

                        [admin@MBR1400-301: /]$ cd /config/system/logging/
                        [admin@MBR1400-301: /config/system/logging]$ ls
                        console        level          firewall       enabled       
                        max_logs       modem_debug    remoteLogging/
 
                        [admin@MBR1400-301: /config/system/logging]$ get level
                        “info”

The .”” path name refers to the current working directory which can also be used as an argument to the get command.  You will notice the output is very similar to the ls commands output, but is formatted as JSON and includes the contents of the sub-directories too.

                        [admin@MBR1400-301: /config/system/logging]$ get .
                        {
                            “console”: false,
                            “enabled”: true,
                            “firewall”: false,
                            “level”: “info”,
                            “max_logs”: 1000,
                            “modem_debug”: false,
                            “remoteLogging”: {
                                “enabled”: false,
                                “system_id”: false,
                                “utf8_bom”: true
                                    }
                        }

If we change to the parent directory, we can run the get command again but  this time we must provide the relative path to the item we would like to see.

                        [admin@MBR1400-301: /config/system/logging]$ cd ..
                        [admin@MBR1400-301: /config/system]$ get logging/level
                        “info”

From those examples, we can see that the log level is set to “info” which means only messages of informational priority or higher will be stored in the system log.  Let’s say that we want to change this value to something else.  We can use the “inspect” command to see what the valid values for this config setting are and then use the “set” command to update the value.

                        [admin@MBR1400-301: /]$ cd /config/system/logging/    

                        [admin@MBR1400-301: /config/system/logging]$ inspect level
                        Path: /config/system/logging/level
                        Name   Type     Current value   Default Value   Options
                        ————————————————————————————-
                        level  select   info            info            debug, info, warning, error, critical

We can now see that the default value is “info” and the available options include a “debug” value which we want to set the router to use. Just to verify that the current value is indeed set to “info” we run the get command prior to our change.

                        [admin@MBR1400-301: /config/system/logging]$ get level
                        “info”

Now we simply run the “set” command with the new value.  Remember this value MUST be valid JSON (http://json.org), so in this case the string value will be encapsulated in double quotes.

                        [admin@MBR1400-301: /config/system/logging]$ set level “debug”

Running the “get” command again verifies that the change was indeed accepted.

                        [admin@MBR1400-301: /config/system/logging]$ get level
                        “debug”

As a short example of the internal error handling, we can purposely enter invalid values to test the systems validation procedures.

                        [admin@MBR1400-301: /config/system/logging]$ set level 3.14
                        Error: invalid value (3.14) at: [‘config’, ‘system’, ‘logging’, ‘level’]
                        Reason: invalid option

                        [admin@MBR1400-301: /config/system/logging]$ set level __not_json__
                        Invalid value: No JSON object could be decoded

[admin@MBR1400-301: /config/system/logging]$ set level “not_an_option”
                        Error: invalid value (not_an_option) at: [‘config’, ‘system’, ‘logging’, ‘level’]

Permalink

0 Comments - Leave a Comment

If you are unsure what model CradlePoint you have, please click here.

This article was written based on firmware version 4.3.0.

Description:

Cradlepoint’s Series 3 routers run the Linux software platform on firmware 4.0.3 and later, and one of the features of this software is to allow the router to divide the network into a number of segments. The advantage of this network segmentation is that you are allowed to specify in the configuration of the individual networks which router interfaces are to be a part of the network.

For example, an MBR1400 can be configured with two networks, one called CORPORATE, and the other GUEST. The networks can be configured as such:
CORPORATE:          Interfaces (LAN 1, 2, 3, wireless SSID: CORP-NET)
GUEST:                      Interfaces (LAN 4, wireless SSID: GUEST-NET)

This is just one example of the advantages of network segmentation.

Directions:

Once you’re logged into the Setup pages of the router (if you need help logging in to the Setup Pages of the CradlePoint, please click here),

Click Network Settings > Wifi/Local Networks. Below is a screenshot of this page.

1

For the scenario described above, we will need to create additional Ethernet Port Groups for each network that we want configured. Ethernet Port Groups can be configured in a number of different ways and is entirely up to the user to specify how this is configured.  In the box called Local Network Interfaces, click the “Ethernet Port Configuration” tab.

2
By default there are two port groups already configured: lan and wan.  Once on this page
1.     Click Add
2.     Specify a Port Group ID for your new group
3.     Move the desired port(s) into the “Selected” field
4.     Click Submit, and approve any additional prompts
3

Now, we are ready to associate our Ethernet port group with a network.

4
1.     Click the check box next to Guest LAN and then Edit
2.     Make any changes needed in the IP Settings tab, such as name or IP address
3.     Click the Interfaces tab. You can see by default, the only selected interface for this Guest LAN is WiFi: Public-b16
4.     Select our new Ethernet group “Guest”, and move it to the “Selected” field, as shown below. Click Submit. The router will inform you if the setting was applied successfully.

5

6
7

You can see now that the Ethernet group for Guest LAN (192.168.10.1) will now use Ethernet port 4 on the router as part of the group. There are a number of additional configurations that can be made to the individual IP Networks to differentiate them. These are configured in the Local Network Editor. 8

Network segmentation is not just limited to creating Primary and Guest networks, but can also be used to create networks for specific applications, such as VoIP. For larger scale switching, Ports and network segments can be configured with VLAN tagging to create VLANs across multiple switches.

Permalink

0 Comments - Leave a Comment

Series 3: How to configure MAC Address Filtering on a CradlePoint router

Note: On Series 3 routers, MAC Address Filtering only applies to devices connected via wireless (WiFi).

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

  • Restrict wireless devices access (allow specific wireless devices to connect to the routers Wi-Fi network).

Cause:

Desire to enhance wireless (Wi-Fi) network security.

Resolution:

  1. Log into the routers administration page (login instructions).
  2. Click the Network Settings tab.                                                                                                         User-added image
  3. Select MAC Filter from the drop-down menu.                                                                                 User-added image
  4. In the Filter Configuration section place a check mark next to Enable.                                      User-added image
  5. Select Whitelist or Blacklist.
    • WHITELIST:  only allow those computers listed to connect to the network.
    • BLACKLIST:  Do not allow those devices listed to connect to the network.
  6. WHITELIST is demonstrated here.  Setting up the BLACKLIST option is the same steps.   User-added image
  7. Click the  Add button.                                                                                                                           User-added image
  8. In the pop-up window, enter the MAC Address of the device you would like to create a rule for in the MAC Address box. [Always begin with the device you are using to configure the CradlePoint router]                           User-added image
  9. Click the Submit button.                                                                                 User-added image
  10. The address will now be populated in to the MAC Filter List.                                                     User-added image
  11. Repeat these steps for all devices that you would like to either ALLOW access to your network or DENY access to your network corresponding to the rule selected in step 5.

Permalink

0 Comments - Leave a Comment

To determine the series of your CradlePoint router please click here

This article was written based on the 5.0.0 series 3 firmware version.

Description:

This purpose of this document is to provide directions to setup a basic GRE terminated tunnel between capable CradlePoint Series 3 routers where both connections have static IP addresses. 

TERMS:

Generic Routing Encapsulation (GRE)– a tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.

REQUIREMENTS:

•Two (2) Series 3 CradlePoint products capable of GRE termination (MBR1400, MBR1200B, CBR400, CBR450, IBR600 and IBR650) on firmware version 4.2.0.
•Two (2) WAN sources with static publicly routable IP address
•Two (2) computers (for testing  GRE functionality)Directions:

  1. [Router #1] Log into the CradlePoint’s admin console on Router #1
  2. [Router #1] Click Internet -> GRE Tunnels                                                                 User-added image
  3. [Router #1] Click Add to create a new tunnel.                                                                                           User-added image
  4. [Router #1] On the first page of the GRE wizard, give the tunnel a unique “Tunnel Name”.  In our example, the “Tunnel Name” is “Test”.  You will use the same “Tunnel Name” later when setting up Router #2.  Following are a description of the other options that can be configured in this window.  For this example we will not be using them.                               •Local Network- Select an IP address separate from you LAN IP address.
    •Remote Network- Select an IP address on the same subnet as the Local Network
    •Subnet Mask- Use a /30 subnet to create a network with only 2 host addresses.
    •Remote Gateway- The WAN IP address of Router 2.
    •Tunnel Enabled- Ensure it is checked
    •Keep Alive- Check the enabled box if you would like Keep Alive Packets sent through the tunnel to monitor the status of the tunnel.
    •Click Next to continue.                                                       User-added image
  5. [Router #1] On the “Routes” page, click the Add Route button.
  6. [Router #1] On the “Routes” page, enter Router #2’s LAN IP address and subnet mask, as well as any other LAN IP addresses you would like to have access to the tunnel.
  7. Click Next.                                                                                                                                   User-added image
  8. You can Enable Keep alive on this next page if need be, and click Finish 
  9. [Router #2] Log into the CradlePoint’s admin console on Router #2.
  10. [Router #2] Click Internet -> VPN Tunnels
  11. [Router #2] Click Add to create a new tunnel.
  12. [Router #2] On the first page of the GRE wizard, use the “Tunnel Name” “Test”.  In our example, the “Tunnel Name” is “Test”.  You will use the same “Tunnel Name” as when you set up Router #2.                                                                                                                                                                                                                                                          •Local Network- Enter the same address you used for Router #1’s Remote Network.
    •Remote Network- Enter the same address you used for Router #1’s Local Network
    •Subnet Mask- Use a /30 subnet to create a network with only 2 host addresses.
    •Remote Gateway- The WAN IP address of Router #1.
    •Tunnel Enabled- Ensure it is checked
    •Keep Alive- Check the enabled box if you would like Keep Alive Packets sent through the tunnel to monitor the status of the tunnel.
    •Click Next to continue.                                                                                                             User-added image
  13.  [Router #2] On the “Routes” page, click the Add Route button.
  14. [Router #2] On the “Routes” page, enter Router #1’s LAN IP address and subnet mask, as well as any other LAN IP addresses you would like to have access to the tunnel.
  15. Click Next.                                                                                                                                 User-added image
  16. Once again, you can use the Keep Alive if need be, and click Finish.
  17. Now that both tunnels have been configured and enabled, go to Status –> GRE (from either computer) to view the status of the tunnel.User-added image

Permalink

0 Comments - Leave a Comment

If you are unsure of CradlePoint Series or Model number, please click here.

Overview:

All computers/devices that connect to a network get an IP Address (an IP Address is a number used to identify the specific device. Think “street address”).  Computers can acquire this IP address one of two ways:

  1. They assign one to themselves.
  2. They can choose to get one from the router itself.

Every time a computer disconnects/reconnects to the router, or turned off/on a new IP address is assigned to it by the router.  Any port forwarding/remote access rule in the router is based on the computer’s IP address.  Using port forwarding/remote access rules the computer in question is required to be assigned the same IP address assigned from the router.  DCHP Reservations provide this functionality.

Things to do before setting this up:

  1. Make sure the router firmware is up to date.(How to Verify Firmware Version)
  2. Make sure the device you want to set up the reservation for is turned on and connected to the router via Wi-Fi or Ethernet.
  3. You will need to know the CURRENT IP Address of the device you want to set up a reservation for at this time.

How to set Up DHCP Reservation:

  1. Log into the routers administration page (login instructions).
  2. If you see a button in the top left that says Basic Mode, click on it. It should now say Advanced Mode (Depending on the firmware version and the router, you may not see this button)User-added image
  3. Click the Network Settings tab then select DCHP Server.               User-added image
  4. Locate the Active Leases section then find the IP Address of the device in question select it then click Reserve.            User-added image

What if this Doesn’t Work?

  1. Try doing a hardware reset of the router. This will return all router settings to factory default, so then follow the instructions to set up the reservation again. (Hard Reset instructions)
  2. Try clearing your browser’s cache. Most browsers (IE, Firefox, and chrome) allow you to do this by pressing “CTRL” + “F5” on your keyboard. (Clear Browser Cache)

Permalink

0 Comments - Leave a Comment

This article was written based on the 4.3.0 series 3 firmware version.

If you are unsure of which CradlePoint Series or Model number you have, please click here.

Description:

This article provides a thorough explanation of how to setup a VPN tunnel between a MBR1400, CBR400/450, IBR600/650, MBR1200B; and another device.

Directions:

  1. To setup the tunnel, connect to your router, login to the router’s admin pages (http://192.168.0.1 by default), 
  2. Click on INTERNET and then VPN Tunnels from the drop-down menu
  3. Enable VPN Service.
  4. Click Add.
  5. Give the tunnel a Name.  Local Identity: this is not required for connections with Static IP addresses, but you can use it if you’d like to. Make it whatever you want, this is your identity, but it must match the “Remote Identity” on the other end of the tunnels settings. If you are using a Dynamic DNS domain service for your DHCP IP address from your carrier, you will want to add a Local Identity here.  This essentially adds an additional layer of “security” when initializing the secured tunnel. If you use a Local Identity, you must use a Remote Identity on the other end of the tunnel.
  6. Remote Identity: this is not required for connections with Static IP addresses, but you can use it if you’d like to. Make it whatever you want, this is the other end of the tunnel’s identity, but it must match   the “Local Identity” on the other end of the tunnels settings. If you are using a Dynamic DNS domain service for your DHCP IP address from your carrier, you will want to add a Remote Identity here.  This essentially adds an additional layer of “security” when initializing the secured tunnel.  If you use a Remote Identity, you must use a LocalIdentity on the other end of the tunnel.
  7. Pre-shared Key: Any password works here, it just must be the same on both ends of the tunnel!
  8. Ensure the Tunnel Enabled checkbox is checked.
  9. If you are creating a tunnel between your MBR1400 and the MBR1200, check the MBR1200 Quick Connect checkbox. NOTE: this will combine the IKE Phase 1 and IKE Phase 2 Negotiation settings in one window popup – you will see the difference when you get down to adjusting the IKE Phase settings below.
  10. Click Next.
  11. Under Local Network:  Network: this should auto-fill in with your router’s Network IP address.  Subnet Mask: this should also auto-fill in with your router’s Subnet Mask.
  12. Under Remote Network:  Gateway: this is the Static IP address of the network on the other end of the tunnel.  Network: this is the network address of the other end of the tunnel.  Subnet Mask: this should auto-fill in with the same Subnet Mask as the Local Network, but you can change it to match how the network is setup on the other end of the tunnel.
  13. Click Next.
  14. Here you will adjust all preferred IKE Phase 1 algorithms and encryptions for your tunnel.  Exchange Mode can be set to the following (this mode must match on both ends of the tunnel!):  Main – use this if you have a Static IP from your carrier.  Aggressive – use this if you are using a Dynamic DNS domain service.  NOTE: if one end of the tunnel has a Static IP and the other end is using a Dynamic DNS domain service, use the Aggressive Mode on both ends.
  15. Click Next.
  16. Here you will adjust all preferred IKE Phase 2 algorithms and encryptions for your tunnel.
  17. Click Next.
  18. If you want to “ping-check” the other end of the tunnel to ensure it’s still up (the other end of the tunnel’s network is still up), leave thisEnabled, otherwise you can uncheck it if you’d like.
  19. Click Finish. Click Yes to the Configuration Change.

INITIALIZING THE TUNNEL:  After you have saved the rules for the tunnel, you must initialize the tunnel – ping from one end of the tunnel to the other (meaning, ping from a computer on the LAN side of the tunnel to a computer on the LAN side of the other side of the tunnel).  Go to STATUS -> VPN to see your tunnel connection state.

If you would like to see a full sample case setup for two MBR1400’s, please click here.

Permalink

0 Comments - Leave a Comment

If you are not sure what model CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.

Description:

Use the Simple Network Management Protocol (SNMP) Settings sub-menu to enable or disable the SNMP protocol over either the LAN, WAN or both interfaces. For security, you can also set the community names for both Get and Set SNMP requests. SNMP versions 1, 2 and 3 are currently implemented. The supported MIB is the standard RFC 1213 MIB as maintained by the IETF. Additional Cellular-router MIB elements are available through CradlePoint’s WIPIPE-MIB.

Directions:

To enable SNMP login to the Setup Pages of the CradlePoint (for assistance in logging into the Setup Pages click here).

  1. Click on the System Settings tab, then click SNMP Configuration.User-added image
  2. Check the box next to Enable SNMP                                                                     User-added image

 

Enable on LAN
Enable SNMP on the local LAN ports so that a local device can manage the router.

Enable on WAN
Enable SNMP on the external WAN port so that an external device can manage the router.

SNMPv1
SNMP version 1 is the most basic version of SNMP

SNMPv2c
SNMP version 2 has the same features as v1 with some additional commands.

SNMPv3
SNMP version 3 includes all prior features with security available.

Get Community String
Variable length string which allows access to read-only data within this community group. The community names should never be “public” or “private”. Community names are a maximum of 15 characters long. Names should contain at least one number and one capital letter. Access to the community name should be limited to the Administrator of realms.

Set Community String
Variable length string which allows access to read and write data within this community group. The community names should never be “public” or “private”. Community names are a maximum of 15 characters long. Names should contain at least one number and one capital letter. Access to the community name should be limited to the Administrator of realms.

Authentication Type
Select the authentication and encryption type that will be used when connection to the router.  These settings must match the configuration used on any SNMP clients.

Enable SNMP Traps
Enabling traps will allow you to configure a destination server, community, and port for trap notifications.  Trap notifications are returned to the server with SNMPv1

System Contact
The email address of the system administrator

System Name
Router’s host name

System Location
Physical location of router

Note: The file attached to this document is the detailed SNMP Definitions

Permalink

0 Comments - Leave a Comment

If your are unsure of CradlePoint Series or Model number, please click here

This article was written based on firmware version 4.1.1


Description:

Series 3 CradlePoint devices normally operate as a NAT router, allowing computers connected to the LAN to use the Internet connection provided by the WAN interface.  As a NAT router, the CradlePoint is responsible for providing DHCP and local gateway access to connected clients.

If your existing network already has a DHCP server and local gateway configured, it is possible to reconfigure the CradlePoint to act as a wired LAN client to that router.  This turns the CradlePoint into a wired switch/wireless access point for that existing DHCP server and local gateway.  Set up this way, any wired or wireless computer connected to the CradlePoint will get an IP address from the existing DHCP server and route traffic through its local gateway.


Directions:

These examples will show you how to reconfigure a Series 3 CradlePoint router to be used as a wired switch and wireless gateway to connect to another “Primary Router” DHCP server and local gateway in your network.

For example, assume there is already an existing wired Primary Router using local IP address 192.168.1.1 with subnet mask 255.255.255.0.  This is the router that is providing DHCP services and providing local gateway access.  The CradlePoint will be configured as a LAN client for the Primary Router.  

To begin, first make sure that the CradlePoint is not connected to the other router.

  1. Log into CradlePoint’s setup pages (at http://192.168.0.1 by default).
  2. Go to Network Settings and click WiFi / Local Network from the drop-down menuUser-added image
  3. Scroll down and under Local Network Interfaces click the Ethernet Port Configuration tabUser-added image
  4. Make sure that all of the Ethernet ports “Mode” are set to Local Network (LAN)User-added image
  5. At the “Warning” page, click Yes to change the WAN port(s) to LAN mode.  Click OK when prompted.User-added image
  6. Place a check mark next to “Primary LAN” and click EditUser-added image
  7. On the “IP Settings” tab, change the IP Address (and the “Netmask” if necessary) to a LAN client IP address for the Primary Router.  In our example, the “Primary Router” is using 192.168.1.1, so you will need to change the CradlePoint to use some other IP on that same subnet (such as 192.168.1.2).   Also change the “Routing Mode” to Standard.User-added image
  8. Go to the “DHCP Server” tab and remove the checkmark from DHCP Server, and then click Submit.User-added image
  9. The CradlePoint will now reboot itself.
  10. Attach an Ethernet cable from a LAN port Primary Router into any of the CradlePoint’s Ethernet ports.
  11. You may need to release and renew your computer’s IP address (or else reboot the computer) in order to get a new IP from the Primary Router.

After making this change, the CradlePoint will no longer be performing any routing functionality but instead will act as a wired switch and wireless access point to extend your existing network.   All DHCP, gateway, and routing functionality will be handled by the Primary Router.

Any computers wired or wirelessly connected into the CradlePoint will receive IP addresses from the Primary Router (beginning with 192.168.1.X in our example).  Any computer attached to that network should also be able to access the CradlePoint from the LAN IP address you specified (192.168.1.2 in our example).


Note:

It may be useful to change the CradlePoint’s wireless SSID and password to match the same credentials as your other router uses.  This would allow nearby computers with the Primary Network’s wireless credentials to be able to connect to whichever network has a stronger signal.

To undo this configuration you can either follow the directions in reverse order or you can perform a factory reset of the device.

Permalink

0 Comments - Leave a Comment

This article pertains only to Series 3 routers. If you need assistance finding the default password for a Series 1 or 2 router, click here.
If you are not sure which series or model router you have, click here.

Summary:

If the CradlePoint router has not yet been configured, or if it has been reset to factory defaults, it will be necessary to use the default password to connect to it wirelessly or to access its administrative console. By default, all Series 3 CradlePoint routers are configured to use the last eight characters of the router’s MAC address as the default password. This article describes how to find your router’s default password.

Directions:

  1. Check the label on the bottom of your router.
  2. Look for a field marked as Default Password. It will be in the format 44XXXXXX. In the example below, the password is 44000000.

If the label does not have a Default Password field printed, use the last 8 characters, letters and numbers both, of the router’s MAC Address(alternatively called Wi-Fi MAC ID).

ctr35label_1.png

Note: If your router’s label is difficult to read, or there is no label at all, follow the steps below:

  1. Connect your computer to the router using an Ethernet cable.
  2. Open the Command Prompt application on your computer, and enter the following command:
    • arp –a
  3. Look for a device with the Internet Address matching your router (192.168.0.1 by default). Write down the last 8 characters of its corresponding Physical Address, ignoring spaces, dashes, or colons. This will be the default password.


Note:  Passwords are case sensitive, and all letters must be entered lowercase. If you are putting in your default password and it doesn’t appear to be working, refer to this article.

Permalink

0 Comments - Leave a Comment

If you are unsure of the CradlePoint Series or Model Number, please click here.

This article was written based up on firmware version 5.0.0


Overview:

The router automatically logs (records) events of possible interest in its internal memory. You can define what types of events you want to view and the level of events to view. 


Directions:

Follow these steps prior to power cycling the device:

  1. Access the Setup Pages
  2. Click on the Status tab, then select System Logs                                                  User-added image
  3. Press the Save Log button                                                                                           User-added image
  • You will be prompted to save the log file. Note the path and file name.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on Series 3 firmware version 5.0.0.

Summary:

Low signal or high signal interference can cause a cellular modem to provide only intermittent connectivity or low connection speeds. This article describes how to check the signal strength and quality values for a cellular modem when used with a CradlePoint router.

Directions:

  1. Plug your cellular modem into your CradlePoint router.
  2. Access the router’s administrative console. Click here if you are not sure how to do this.
  3. Click on the Status tab and select Internet Connections from the drop-down.  User-added image
  4. Select your cellular modem in the Device List by placing a check in the box next to its name. User-added image
  5. Scroll down to the Device Information section and look for the following values:
    • Service Display
    • Signal Strength or RSSI
    • Signal Quality – this value will be labelled differently, depending on the service display:
      • LTE: SINR
      • WiMAX: CINR
      • All other values: Ec/Io
  6. Monitor the numbers for 1 to 2 minutes to get an overview of the current signal characteristics.
  7. Compare your values with the Minimum Mobile Broadband Data Connection Signal Values.



Suggestions to Optimize Cellular Signal: 

If your signal strength values are below the required minimum values, you can try some of the suggestions listed below to improve your connection quality:

  • Switch the Modem Connection Mode between 4G and 3G to check which gives better values. Check this article for more information.
  • Move the router/modem to a side of the building that faces the carrier’s cellular tower.
  • Move the router/modem to a higher point in the building, second floor, on top of tall cabinets, etc.
  • Do not place the router/modem near any electrical devices, wiring, or radio devices.
  • Use a 6 to 10ft. good quality USB extension cable between the modem and router.
  • Use a passive cellular antenna plugged directly into the modem.

NOTE:  Cellular signal boosters do not improve cellular signal quality.  Use of a cellular signal booster may or may not improve the cellular signal characteristics although the signal level may report a -dBm that is within the modems allowable range.

NOTE:  Often a cellular modem’s connection may appear stable while it is plugged directly into a computer, even when the signal is actually marginal.  However, when the modem is used in the router this marginal signal may degrade slightly due to physical and electrical differences between the computer and router.  This small amount of signal degradation (~1 – 2dBm) can be enough to not allow the cellular modem to connect through the router.  Try the router/modem in other locations in your home or office.

Permalink


QUICK LINKS:


OVERVIEW:

This document is intended to assist a field engineer with configuring a Series 3 CradlePoint router with multiple content filtering instances for different VLANs.

Enabling multiple content filtering instances allows the CradlePoint to filter unencrypted content based on IP addresses or URLs only, on each VLAN independently.  For the ability to do board category based content filtering, please consult the following articles:

Series 3: How to Configure OpenDNS Content Filtering

ZScaler Cloud Based Content Filtering and Security


TERMS:

Rule Priority – used to determine the order rules are evaluated.  Higher priority rules (bigger numbers) are evaluated first and the first one to match has its assigned action taken.  Exceptions to existing rules can be created by adding another rule with a higher priority.  For example if access to maps.google.com is desired, but google.com is blocked with a priority of 50.  The addition of an allow rule for maps.google.com with a priority of 51 or greater will allow access.


SYSTEM REQUIREMENTS:

One of the following CradlePoint Models: AER 2100, MBR1400v2, MBR1400, IBR600, IBR650, CBR400 & CB450


FIRMWARE VERSION:

5.0.0 (4.3.2 for CBR400 & 450) or later

User-added image



CONFIGURATION:

These directions will assist you with configuring multiple content filtering on separate VLANs

The content filtering examples in this document assume that your VLANs are configured as shown.

The IP networks in the examples are as follows:

Management  192.168.0.0/24  (VLAN1)

PC  192.168.5.0/24  (VLAN5)

Red_VLAN  192.168.50.0/24  (VLAN50)

Green_VLAN  192.168.60.0/24  (VLAN60)

These directions demonstrate how each IP network may be configured with its own content filtering settings to allow or prevent access to designated URLs or IP addresses.

  1. Verify that your VLANs have been configured (click here for our article on setting up VLANs), and any WAN/LAN Affinity rules have been configured (click here for our article on setting up WAN Affinity).
  2. If not already connected, log into the CradlePoint’s Administrative Pages (click here for instructions on accessing the Administrative Pages).                                                                                                                                     User-added image
  3. Click on Network Settings > Content Filtering.                                                          User-added image
  4. The “Default Filter Settings” are configured by default to allow access to all URLs and IP addresses. User-added image
  5. Under “Network WebFilter Rules”, click Add to create a new rule.
  6. In the “Domain / URL Filter Rule Editor” page, set the “Assigned Network” to the LAN you would like the rule to apply.
  7. In the “Domain/URL/IP” field, type the URL or IP Address that you would like to create a rule for.
  8. Set the “Filter Action” to “Block” or “Allow”, depending on the purpose of your rule.
  9. Set the “Rule Priority” to a value between 1 & 100.  Rules with a higher priority take precedence over rules with lower priority. User-added image
    • This example shows how to create a rule on the “Red_VLAN” to block all traffic intended for the URLwww.examplexxxwebsite.com.
  10. Click Submit to add the new rule.  You will now see the new rule in the “Network WebFilter Rules” section for the network the rule is assigned.                                                                                                                              User-added image
  11. The default behavior for each network filter is to “Allow Access” to all URLs.  To change the default behavior for a network, go to “Default Network Settings”, select the network, click Edit, and change the “Default Action” to Block Access.
    • This example shows how to change the default behavior of Green_VLAN to “Block Access”. User-added image User-added image
    • Note that the “Default Action” is now displayed as “Block Access” for Green_VLAN.  This change prevents access to any URLs that are not specifically allowed in a “Network WebFilter Rule”. User-added image
  12. Repeat steps 6, 7, & 8 for each rule.

Rules may be configured to block or to allow IP addresses or URLs for each network.

This example will allow Green_VLAN access to the URL “maps.google.com”.     User-added image

This example will block all access to the subnet 166.0.0.0/8 for the “Workstations” network: User-added image

This example uses a higher rule priority to allow all access to the subnet 166.148.0.0/16 for the “Workstations” network: User-added image

After making the changes shown in the examples above, the “Network WebFilter Rules” page should look like this: User-added image

 

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This firmware was written based upon firmware version 5.0.0.


Description:

By default, the CradlePoint runs a DHCP server on the LAN IP Address of 192.168.0.1 on the 192.168.0.0/24 network, with a default DHCP IP Address range of 192.168.0.100 through 192.168.0.199.  It can sometimes be necessary to expand or shrink the size of the DHCP address pool to have less or more addresses than the router uses by default.

Follow these directions to change the DHCP Server’s IP Address range.

Directions:

  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Click Network Settings and WiFi / Local Network from the drop-down menu.                              User-added image
  3. Place a checkmark next to the LAN you would like to change the DHCP range on, then click Edit.User-added image
  4. At the Local Network Editor page, click the DHCP Server tab.
  5. At the DHCP Server tab, change the Range Start and/or Range End to what you would like for the DHCP server to use. In this example, the DHCP range has been changed to 192.168.0.50 through 192.168.0.250  Click Submit at the bottom of the box to save your settings.

​                                               User-added image

After making these changes, the DHCP server will now provide IP addresses from the range you have specified. 

Permalink


If you are unsure what model CradlePoint you have, please click here.

This article was written based on Series 3 firmware version 5.0.0.

Summary:

After a device has been setup with the appropriate settings for a specific system, the configuration settings may be saved into a backup file. This file can then be used to update other devices quickly with the same settings or reload the router with the current settings in case the router has to be reset to factory defaults at a later date. This article describes how to create and use the router configuration file.

Directions:

Click here if you are not sure how to access the administration console of your router.

Before you Start:

Check the model number and firmware version of your router. A configuration file can be applied only to a router of the same model, and only if it is running the same firmware as the one on which the configuration file was saved.

If the configuration file is intended to be shared, make sure to change the administrative and WiFi passwords prior to creating the file.

Saving the Configuration File:

  1. Once you are logged into the administrative console of your router, click on the System Settings tab and select System Software from the drop-down menu. 
    User-added image
  2. Within the System Config Save/Restore section click on the Save to disk button. User-added image
  3. When prompted, choose the option to Save File to your computer. Do not open the file. If you cannot pick a location where to save the file, or do not see any dialog at all, the file will most likely be saved in your Downloads folder.
  4. The file name will follow the format “cp_config_routermodel_date.bin”, but it can be renamed, so long as the .bin extension is preserved. If possible, move the file to a secure location for safekeeping until there is a need to restore the configuration to your router, or copy the same configuration to a different router.
  5. Refer to the next section for instructions on using the saved configuration file.

 

Uploading the Configuration File:

  1. Once you are logged into the administrative console of your router, click on the System Settings tab and select System Software from the drop-down menu.
  2. Within the System Config Save/Restore section click on the Upload from file button.
  3. Click the Browse button to select the folder on your computer where the configuration file has been previously saved. User-added image
  4. Depending on your operating system, it may be necessary to click Open after you have selected the file before it is pulled into the CradlePoint’s interface.
  5. Verify that the selected file is correct, and click on the Restore Settings button. User-added image
  6. The router will prompt the user to wait until the configuration file is uploaded. A confirmation screen will display when complete.
  7. Click Reboot the Device for the settings to be loaded to the system. Please note that the router’s LAN IP and passwords will have changed to what was specified in the configuration file.

Permalink


If you are not sure what Series CradlePoint router you have, please click here.
This article is written based on the 5.0.0 series 3 firmware version.

Description:
While it is nice to be able to provide complimentary Internet access to your customers or guests, it is important to be careful to keep important network assets secure from prying eyes.  Series 3 CradlePoint wireless routers support multiple wireless networks (SSIDs), allowing you to set up one or more Guest Networks.  The default “Guest LAN” is always present, but since its only interface (the Public-XXX wireless network) is disabled by default, it is effectively disabled until you activate an interface.

Enabling the Guest LAN allows you to have a separate wireless network with a different name and password (or no password at all) than your Primary LAN.  Additionally, you can prevent clients connected to the Guest LAN from being able to access the router’s administrative interface, or from interacting with other devices on the network.

Set Up:
First of all, let’s take a look at the default configuration for the Primary LAN:

Network:             192.168.0.0
Subnet:                255.255.255.0
DHCP Server:     Enabled
Routing Mode:    NAT
LAN Isolation:     No
Admin Access:    Yes
Ethernet ports:    lan, Port(s): 1, 2 3, 4
SSID:                    MBRXXXX-XXX  (the default SSID from the label on the bottom of the router)



The default “Guest LAN” is configured with these settings:

Network:             192.168.10.0
Subnet:                255.255.255.0
DHCP Server:     Enabled
Routing mode:   NAT
LAN Isolation:    Yes
Admin Access:   No
Ethernet ports:   None (see Notes at bottom of the article)
SSID:                    Public-XXX          (where the XXX is the last 3 characters of the device’s MAC address)

 

Directions:
Click here if you are not sure how to access your router’s administrative interface.

The “Guest LAN” can be enabled during the First Time Setup Wizard by checking the Enable Guest Network option. This activates the Public-XXX wireless network that the Guest LAN uses by default. Note that this wireless network is configured by default to not require a password.

If you have already gone through the First Time Setup Wizard, or would like to reconfigure the Guest LAN, follow the directions below.

  1. Click on the Network Settings tab and select WiFi/Local Networks from the dropdown menu.  User-added image
  2. Locate the Guest LAN in the Local IP Networks section at the top of the page. Make note of the SSID for the attached WiFi Access Point interface for this network. We will need to know this in order to enable this wireless network shortly. In this example, the Guest LAN’s SSID is “Public-d55”.                                                            User-added image
  3. Scroll down to the Local Network Interfaces section. In the list of Wireless Access Points/SSIDs, locate the one we identified during step 2. Place a checkmark in the box next to it, and then click the Edit button just above it.User-added image
  4. In the Wireless Network Editor window that appears, place a checkmark next to the Enabled option. Feel free to change any of the other default settings for this guest WiFi network here as well, and then click Submit to apply the changes.User-added image
  5. Verify that the settings for your guest wifi network are correct.                                                        User-added image

After having the Guest LAN’s wireless network enabled as shown in the example pictures, the CradlePoint will be broadcasting two SSIDs – the WPA2 secure MBR1400-d55 network, as well as an open (unsecured) Public-d55 network. Wireless clients connecting to the unsecured Public-d55 network will belong to the Guest LAN instead of the Primary LAN. Devices on the Guest LAN obtain IP addresses that begin with 192.168.10.X do not have access to CradlePoint’s administrative console, and are isolated from each other.

 

Notes:

Although there are no Ethernet ports associated to the Guest LAN by default, you may reassign specific Ethernet ports to be grouped with the Guest LAN (or any other LAN). For example, this would allow you to reconfigure the CradlePoint so that Ethernet ports 1 & 2 will belong to the Primary LAN while Ethernet ports 3 & 4 will belong to the Guest LAN. To do this, you would need to create a separate Port Group within the Ethernet Port Configuration tab found under Local Network Interfaces. You may have to first unassign those ports from the Primary LAN before reassigning them to other LANs.

To assign the Guest LAN to the “Hotspot Service” for CradlePoint routers that support the Hotspot Service feature, change the Guest LAN’s “Routing Mode:” from “NAT (default)” to “Hotspot”.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Description:

DNS servers provide resolution for a domain name, like google.com, to the actual Internet IP address that the domain represents, like 173.194.33.32.  If your computer is not properly connecting to a DNS server most programs that use the Internet will not work as expected.  The CradlePoint router can be configured to always connect to the same DNS rather than automatically receiving this information from the ISP.  Manually specifying DNS servers in the CradlePoint router ensures that connected computers will always use the specified DNS servers rather than automatically receiving this information from the ISP

Directions:

  1. Log into the router’s setup page (login instructions).
  2. You may need to switch to advanced mode on certain routers (eg. MBR95, CTR35) by clicking the Basic / Advanced toggle button at the top left of the admin screen under the CradlePoint logo.
  3. Click the Network Settings tab then select DNS.                                                                   User-added image
  4. In the DNS Settings section change Automatic Config from Automatic to Static.
  5. Set the Primary DNS to 8.8.8.8 (or any DNS server).
  6. Set the Secondary DNS to 8.8.4.4 (or any DNS server).                                                        User-added image
  7. Click Apply to save settings.

After the CradlePoint router reboots, any devices connected the interface to which you applied the changes will now use the manually assigned DNS servers instead of the servers automatically provided by the ISP.

Permalink


If you are not sure what Series CradlePoint router you have, please click here.


Description:

This article describes the notable feature changes, bug fixes, and feature additions for all Series 3 CradlePoint routers from firmware version 3.6.3 through firmware version 5.0.0.  The modem compatibility lists and new modem support lists for each release are not included here. 

This information is gathered from the PDF release note documents for each firmware release.  The .PDF release notes and the firmware files themselves may be downloaded from http://www.cradlepoint.com/firmware.
 
Firmware version 3.6.3 (06/27/2012)
 
Feature changes/fixes:

  • Fix for Sprint Datalink network issues
  • Fix for LG AD600 authentication
  • Fix for network scheduling

 No major features added since 3.6.1



Firmware version 4.0.3 (09/24/2012)
 
4.0.X is a significant re-architecture of CradlePoint firmware.  Many new features and capabilities are available.  Modem, VPN IPSec, and LAN-to-WAN performance have all been improved.

Networking features (MBR1400, IBR600/650):

  • VPN Certificate support tested with Cisco, Juniper, and CheckPoint routers
  • IP Passthrough: Ethernet WAN to LAN with failover to modem is available
  • Networking improvements: Better IP Filtering, more powerful routing (per-interface routing_, rule-based policy routing
  • QoS: Improved bandwidth & priority traffic shaping (CBQ to HTB as a queueing discipline, Fair Queuing added). QoS can handle FTP/PPTP now.
  • Hotspot: Improved client rate limiting
  • WAN Affinity improvements: No longer have FTP/PPTP limitations, possible VPN tunnel failover
  • SSH to Serial console and SSH to Telnet console.  A user can open up Remote Administration -> Allow Remote SSH Access and from the router’s CLI either use a USB-to-Serial cable or an Ethernet Telnet session to an attached device.
  • ALG Support (SIP, FTP, PPTP, TFTP, IRC) is available on the Firewall page
  • Load Balance schedule selection. The user may now select either Round-Robin, Rate, Spillover or Data Usage as a Load Balance algorithm
  • Improved UPnP support, including “Type 2” NAT support on PS3

Modem changes:

  • Most high-speed modems (HSPA+ and LTE) should see higher upload and download performance in 4.0 than in 3.0
  • Sprint Network-Initiated PRL and modem firmware updates can be accepted and scheduled for non-peak times under the Internet -> Connection Manager -> <Modem> -> Edit -> Modem Settings.  If you do not see these UI items, your modem does not support this feature

New features added in this release (all products):

  • Many improvements have been made to overall system stability and performance
  • The CBR450/CBR400 in particular work better under stress (high network loads or VPN tunnels) than they used to


Additional UI/Usability changes:

  • WAN Affinity Settings for GRE.  The ability to tie GRE to a specific WAN interface has been removed from the UI.  Standard WAN Affinity rules work with GRE now.  As VPN has special considerations, it continues to have specific WAN Affinity settings
  • Note: Many firewall configuration settings have changed as they were specific to the previous firewall implementation. Please check your firewall settings.
  • OpenDNS Filtering. Network Settings -> Content Filter -> OpenDNS Content Filtering. The ability to pick generic GOOD/BETTER/BEST pre-defined filtering has been removed as it is no longer supported by OpenDNS. Subscribers to OpenDNS can use the updated integration to apply their web filtering settings. To find out more and purchase an OpenDNS Enterprise subscription go to http://www.opendns.com/business-solutions/?cradlepoint
  • Status -> System Statistics page now shows byte totals as well as graphs.
  • The Historical Data graph on the Data Usage page was removed
  • Some additional fields have been added to the Dashboard, such as the router’s MAC Address
  • APN (Access Point Name) selection has been added to the First Time Setup Wizard
  • System Settings -> Managed Services -> SNMP Configuration now has the ability to set system Contact, Name, and Location
  • Service Mode (LTE, EVDO, etc.) for any attached modem has been added to the login screen

Defects fixed since 3.6.3:

  • WPA2 Enterprise/RADIUS settings can be set with any WiFi interface, not just the primary
  • Improved WiFi-as-WAN reconnection ability
  • A number of Data Usage Management defects have been fixed
  • The System Statistics page shows disconnects/reconnects better than it used to



Firmware version 4.1.1 (12/03/2012)
(Support added for MBR95)
 
Networking features (IBR600/650):

  • OSPF (Open Shortest Path First) routing has been added
  • BGP (Border Gateway Protocol) routing has been added
  • RIPv1 and RIPv2 (Routing Information Protocol) routing has been added
  • STP (Spanning Tree Protocol, IEEE 802.1D-1998) bridged Ethernet LAN support
  • Multicast Proxy support has been added
  • VRRP (Virtual Router Redundancy Protocol) support has been added

Limitations of these Networking features:

  • No SNMP support for these features has been added yet
  • No OSPF (Open Shortest Path First) multi-hardware support has been added yet
  • Routing Protocols will not propagate a default route at this time

Major features added since 4.0.3 (MBR1400, IBR600/IBR650, CBR400/CBR450):

  • DSCP/DiffServe (Differentiated Services Code Point) QoS support has been added

Major features added since 4.0.3 (all products unless otherwise stated):

  • MAC filtering on Ethernet as well as WiFi. The Network Settings -> MAC Filter/MAC Logging page will allow yu to whitelist or blacklist MAC Addresses
  • Multiple Content Filtering Instances have been added. Instead of having single set of content filters for the entire router, you can have different filters per network. This enables you to have different filters on your Primary vs. your Guest network, for example.
  • Failback timer (Connection Manager -> Edit WAN Device -> Advanced Failback Configuration has been changed from a maximum of 300 seconds to 14400 seconds (4 hours)
  • (MBR1200B only) Disable Attention LED. For people who don’t like their MBR1200B showing a Red Attention LED when no WAN connection is available, System Settings -> Administration -> Local Management -> Disable Attention LED
  • The WiFi client count is now a link to the Status -> Client List page
  • (IBR600/IBR650 only) Ability to configure the number of stored GPS NMEA messages for Store-and-Forward has been added. System Settings -> Administration -> Number of Stored NMEA messages
  • If you change the router’s administration password, the session cookie that allows you to remain in the router’s UI using the previous password will be invalidated and you will be logged out of the router’s admin UI. You will be required to login using the new password.

Modem Changes:

  • Specific connection modes in LTE/HSPA+ combination modems can now be selected

Defects fixed since 4.0.3:

  • IP Passthrough bypass was not working consistently
  • AT Passthrough/QXDM only worked on 3G devices
  • AT&T Momentum did not work in IP Passthrough mode
  • Broken SSL connections would lock up the UI server



Firmware Version 4.2.0 (02/25/2013)

Networking features (MBR1400 HW v2.0, IBR600/650):
  • NHRP (Next Hop Resolution Protocol) routing has been added. NHRP can be used to implement a dynamic tunneling form of VPN using a combination of keyed GRE tunnels, VPN and dynamic routing protocols. This can be thought of as a meshed layout over a VPN allowing connected devices to communicate between each other. Two phases are currently supported, with phase 1 using NHRP to inform a hub (VPN concentrator) about dynamically appearing spokes (routers attached to the hub) and phase 2 allowing for communication between spokes using a routing protocol (OSPF, BGP or RIP).

New Features added in this release (MBR1400 HW v2.0, MBR1400, IBR600/650, CBA750B):

  • DHCP Relay. Network -> WiFi/Local Networks -> “Edit” a Local IP Network -> DHCP Tab. DHCP Relay allows relaying of DHCP requests from subnets without DHCP servers to one (or more) DHCP servers on other subnets.
  • Per-client Web filtering. Network Settings -> Content Filter -> MAC Address WebFilter Rules. WebFilter rules and default filtering actions can be assigned to MAC Addresses.
  • Per-client Data Usage. Internet -> Client Data Usage. Client Data Usage tracks the WAN data used by each client connected to the router.
  • The Administration username and password can be configured to use RADIUS or TACACS+. Under System Settings -> Administration -> Router Security if the Advanced Security Mode is checked, the Authentication Mode can be selected as either Local Users or RADIUS or TACACS+. If WAN connectivity is lost when using RADIUS or TACACS+. the Local User Password can be used.
  • (IBR600/IBR650 only) GPS Additions. The GPS can be configured to provide NMEA GGA, VTG, and/or RMC sentences. Every internal modem type does not support all three sentences.

Modem Changes:

  • Added connection mode switching options with Sierra Wireless 313U modem.

Additional UI/Usability Changes:

  • NOTE: Many 4.x Firewall Configuration settings have changed as they were specific to the previous 3.x firewall implementation. Please check your firewall settings.

Defects fixed since 4.1.0:

  • Data Usage UI page was not updating correctly on MBR95
  • Data Usage data did not update correctly on MBR95 unless the user went into the UI
  • Hotspot usage statistics: The stats from one session to the next appeared to be the same even though the sessions were completely different
  • Fixed WiFi-as-WAN issue connecting MBR95 to MiFi 4620L
  • Status/Internet Connections -> Statistics -> Connection Uptime was changed from seconds to days:hours:minutes

Firmware Version 4.3.2 (07/15/13)

New features added in this release: 
  • Enterprise Cloud Manager (ECM) (all products except for MBR95): Enterprise Cloud Manager is the replacement for WiPipe Central.
    • Created client service and UI for connecting to CradlePoint Enterprise Cloud Manager (ECM) (http://www.cradlepoint.com/products/enterprise-cloud-manager). Requires a valid ECM username and password.
    • Added ‘ecm’ command line tool for controlling and monitoring the ECM client. This includes the ability to register the router with the ECM service provided you have already subscribed and have valid credentials.
    • Added ECM web based management user interface (System Settings -> Enterprise Cloud Manager).
    • Moved WiPipe Central user interface to the “Enterprise Cloud Manager” page.
    • Support for WiPipe Central or ECM management where ECM takes precedence.
  • (MBR1400s, CBA750b, IBR6x0 only), Modem Firmware update is available for select CradlePoint internal modems (IBR6x0LE, LP, LP2-EU) and MC200 modem caps. Internet->Connection Manager->Control->Firmware. Modem firmware update has been added to the Connection Manager. The modem firmware can be updated by one of two methods, Automatic and Manual.
    • Automatic update allows the supported modem’s firmware to be updated with a newer version of firmware located on CradlePoint’s firmware server. By default, the router will automatically check for modem firmware updates when a supported modem is plugged in and an Internet connection is available. The admin can uncheck the “Automatically check for new firmware” checkbox under Internet->Connection Manager->Edit->Modem Settings to stop the router from automatically checking for new modem firmware. The admin can manually check for an update by pressing the “Check Again” button. Once an update has been detected, the admin can start the modem update by selecting the “Automatic (Internet)” button.
    • Manual update allows the admin to load new firmware directly to the modem by selecting the file with the “Choose File” button and selecting the “Begin Firmware Upgrade” button to start the update process.
Additional UI/Usability changes: 
  • None
Defects fixed since 4.3.0: 
  • Fix for MBR95 showing SNMP in the UI
  • Improvement for MBR1400 when rapidly changing WiFi configuration the router may require a power cycle.
  • Fix for Daylight Savings time causing Scheduled Reboot to happen repeatedly within the hour.
Firmware Version 4.4.0 (08/13/13)

New features added in this release (MBR1400, IBR6x0, MBR1200B, CBA750B only): 
  • IPv6 support has been added. IPv6 is supported on all WAN sources and has been tested with all of the CradlePoint internal modems and modem caps. Other modems are not  supported but may work.
    • Routing features include dynamic and static IPv6 to IPv6 routing. IPv4 Tunneling support includes 6to4, 6in4, and 6RD.
    • Failover, Failback, and Load Balancing are supported if Network Prefix Translation is enabled.
    • Features that are not supported on IPv6:
      • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
      • IP Passthrough (not needed with IPv6)
      • NAT (not needed with IPv6)
      • Bounce pages
      • UPnP
      • Network Mobility
      • DHCP Relay
      • VRRP, GRE, GRE over IPSec, OSPF, NHRP
      • Syslog
      • SNMP over the WAN (LAN works)
    • The ability to pass router-generated traffic (NTP, Enterprise Cloud Management, and Firmware Update Check) to the LAN has been added. This is useful if another router that has multiple WANs is attached as a LAN client to a CradlePoint router (generally using the CradlePoint router for failover if its primary WAN fails).
    • Hotspot. A new second-stage login option for redirection has been added
    • VPN Alert. An alert can be generated if a VPN tunnel goes down.
    • Allow disabling the default ‘admin’ account for the router. This can lessen the chance of a brute-force attack getting through the default account.
    • The ability to pass multicast (IGMPv2) traffic upstream on the WAN to alternate subnets connected to a host downsteam on the LAN.
    • IBR6x0 only. Via SMS to the embedded modem, allow remote access to obtain modem and router status when a modem is unable to establish a cellular data connection. See the User Guide for SMS description, supported products, access instructions and commands.
Additional UI/Usability changes: 
  • Change position of data in the Status -> Statistics page to make it more readable.
  • Enhanced APN and Profile management in Wan Configuration -> SIM/APN/Auth Settings. APN and Profile configuration has been extended to provide enhanced APN and Profile configuration and selection.
  • Added option to select a preferred carrier operator network in Wan Configuration->Modem Settings-> Network Selection Mode. If a specific carrier is selected (as indicated by the PLMN), automatic roaming to other networks is disallowed.
New features added in this release: 
  • A defect was found in 4.2.0 and fixed in 4.2.1 that affects future upgrades. Using the Manual Firmware Upload for future firmware uploads will appear to work but default configuration settings for new features will not be set correctly. This issue does not exist with Automatic (Internet) updates or updates using Wipipe Central. Please upgrade to 4.2.1 before upgrading to a later version if you wish to use Manual Firmware Upload.
  • Workarounds are:
    • Use the Automatic update (preferred method)
    • Update to 4.2.1 before updating to 4.3 or beyond
    • On the System Settings/System Software page in the UI, use Backup Current Settings to save your current configuration. Then use Firmware Upgrade and System Config Restore to update firmware and set the configuration at the same time. Using the Restore Settings popup, always select and restore your configuration settings before selecting your firmware file and starting the firmware upgrade.
  • Feature Licensing has been added (MBR1400v2/IBR600/IBR650). System Settings -> Feature Licenses has been added to enable features that require a specific license from CradlePoint.
  • NEMO (Network Mobility) support has been added (MBR1400v2/IBR600/IBR650). Network Mobility (RFC-5177) support has been added to register up to eight mobile networks directly with a Home Agent, and automatically configure the requisite GRE tunnel. The NEMO configuration can be found under the Internet Category. NEMO support is enabled using a feature key and can be enabled under System Settings -> Feature Licenses.
  • 802.1x Ethernet port security has been added (MBR1400v2/IBR600/IBR650). Network Settings -> (WiFi) Local Networks -> Local Network Editor -> Wired 802.1x. This allows configuring an authentication server that will accept authentication requests from devices attached to wired Ethernet ports. If the wired clients cannot provide authentication, they are not allowed to connect to the Router’s networks. This has been tested with Linux, Windows OS, and Mac OS clients.
  • VPN Tunnel to allow secondary remote gateway in a single tunnel. We now allow the user to chain the VPN policies to failover from one to another as needed. If one tunnel fails, usually because its WAN interface goes down, the system can automatically fail over to another VPN tunnel. Internet / VPN Tunnels -> Add Tunnel -> Failover tunnel.
  • (IBR600 only) Increase the number of allowed WiFi clients from 32 to 64.
Additional UI/Usability changes: 
  • Internet Explorer 10 Compatibility View support.
  • An option was added to the IP Passthrough Setup Wizard for subnet selection. The options are to create a subnet automatically or to force /24 Subnet for compatibility with some other common network equipment.


Firmware Version 4.4.2 (10/08/13)

New features added in this release (MBR1400, IBR6x0, MBR1200B, CBA750B only): 
  • Added support for new modems check Supported modem list.
Additional UI/Usability changes: 
  • None
Defects fixed: 
  • Internet Explorer 8 only. Modem Edit button fixed.
  • DNS server list with HTTP modems. If a connection with an HTTP modem results in no DNS server list, the router will now allow the connection to continue.
  • Sub-1280 MTU on Ethernet causes WAN Disconnect.
  • Remote Admin Access Control (ACL) did not affect remote SSH. If remote SSH is enabled in 4.4.0, the ACL did not prevent connection attempts from unauthorized IP addresses.
  • Connection Manger – can’t expand Failback Configuration Settings.
Firmware Version 5.0.0 (11/18/13)

New features added in this release (MBR1400, IBR6x0, MBR1200B, CBA750B only. Not all features are in all products – see their respective Data Sheets):
  • Added support for new modems (see Modem list above).
  • VPN Improvements – Internet / OpenVPN. OpenVPN has been added to provide SSL VPN support.
  • L2TP support for a WAN interface is provided under Internet / L2TP Tunnels.
  • GRE: Failover/Failback and WAN Binding support have been added.
  • VPN Failback. This feature allows two or more VPN tunnels to be created that will failover if one connection goes down and will fail back if the higher priority connection is available. It is configured in the VPN Tunnels wizard / Dead Peer Detection page.
  • Filter packets going through the modem that do not match the network. This feature is enabled by default and can be disabled using Internet / Connection Manager / Common Defaults / Modem Settings.
  • Internet / CP Connect (Beta feature in 5.0). CP Connect tunnels can be used to create a connection to a private network.
  • Internet / WiFi as WAN. (MBR1400v2 only). WPA2 Enterprise Authentication added to Wi-Fi as WAN option.
  • Zscaler cloud-based filtering/security added under Network Settings / Content Filter / Cloud Based Filtering/Security.
  • SMS access. Now enabled for all products on this platform.
Extended Enterprise License (MBR1400v2, IBR6x0 only):
  • System Settings / Feature Licenses. An Extended Enterprise License will enable a number of features on those routers. For more information visit the Feature and Application License page on the CradlePoint web site.
  • Routers upgrading from earlier firmware versions will automatically be granted a license to the existing features that will fall under the EEL (STP, VRRP, etc.).
Additional UI/Usability changes:
  • First Time Setup Wizard / Configuring Failure Check. Enabling Failure Check here will default Ethernet and WiFi as WAN checks to use a ping and modems to Passive DNS.
  • Added IP WAN Subnet Filter checkbox to Modem Settings.
  • Added Enable AUX Antenna checkbox to Modem Settings. When disabled, the embedded modem’s AUX antenna is turned off.
Defects fixed:
  • PMTU issue with IPSEC/VPN
  • System Stats SINR graph moved backwards
  • GPS change. GPS was being reported in degrees and decimal degrees. Now it is reported as degrees, minutes, and seconds.
  • USB Serial hardware flow control issue
  • AT&T Beam (Netgear AC340U) now works with i2gold SIMs

Firmware Version 5.1.0 (3/3/2014)

New features added in this release (2100, MBR1400, IBR6x0, MBR1200B, CBA750B only. Not all features are in all products – see their respective Data Sheets):

  • System Settings -> Certificate Management. Certificate Management is a centralized system utility to import, export, create, and remove digital certificates. Local services can access stored certificates for authentication, verification, or for other security functions. Certificates can either be imported or exported via the PEM format or bundled with a CA certificate for import or export via the PKCS12 format. Current services utilizing Certificate Management are CP Secure Connect, IPSec VPN, and WPA Enterprise Wifi as WAN.
    • Certificates from Release 5.0 or earlier will not migrate automatically to the new Certificate Manager, and Certificates created and managed in Release 5.1 or beyond will not work if the router is downgraded to an earlier Release. A factory reset is required if Certificates are used in 5.1 or later, and the router is downgraded to 5.0 or before.
  • Add ability for negation on source and destination addresses in WAN Affinity was added.
  • Internet / CP Secure Connect. CradlePoint’s cloud VPN solution has been renamed to ‘CP Secure Connect’ and has been removed from Beta status. CP Secure Connect also supports full tunnel VPN. Full tunnel support can be created by selecting the local LAN (Ex. 192.168.0.0/24) with a remote network configured as 0.0.0.0/0.
    • CP Secure Connect will only create a single tunnel unlike IPSec that can create multiple tunnels.
    • CP Secure Connect has been removed from the Extended Enterprise License (EEL). It now has its own license.
  • Added additional Modem diagnostics to SNMP. These include CINR, SINR, RSRP, RSRQ, and a number of other values. The latest WIPIPE MIB version is 1.8 to reflect these changes.
  • Added client site visit reporting to the log that reports which clients accessed an external IP address. Network Settings -> Firewall Configuration -> Firewall Options -> Log Web Access.
  • Active and passive DNS Failure Check added to Ethernet WAN sources to make their Failure Check options match what is provided for modems.
  • (2100 only) Band-steering has been added. If a client is attached to the 2.4GHz radio on the 2100 and it is capable of using the 5.0GHz radio, it will be steered to the more open and higher-performing band. Band-steering is enabled whenever the SSID of the 2.4GHz and 5GHz radios are the same. Note that band steering may negatively impact connectivity in some situations, especially at long range. If you see performance or connectivity issues, it is recommended that you disable band-steering by setting the 2.4GHz SSID and 5 GHz SSID to different values.
  • RADIUS timeout and retry settings have been added for Hotspot support.
  • Added the ability to prioritize VOIP packets from the LAN to the WAN when using a VPN tunnel. Any QoS DSCP codes will be copied from the inner packet to the VPN packet after VPN encryption.

Additional UI/Usability changes:

  • Modem Settings, On Demand Start Connection checkbox. When checked, the modem will connect to begin On Demand mode after plug or reset. When unchecked, the modem will not connect to begin On Demand mode after plug or reset, but will wait for LAN to WAN traffic before initiating a connection.
  • SMS interface extension. Added Help command.
  • The wireless band has been added to the Wi-Fi clients list.
  • An Asset Tag field has been added to the router under the Local Administration tab.
  • Added ability for negation on source and destination addresses in WAN affinity.

Defects fixed:

  • IE9 and IE10 UI issues when setting up VPN tunnel
  • CP Secure Connect tunnel did not re-establish after reboot
  • GRE failover was not working correctly in some conditions
  • Clients dropped off of the Clients List and returned
  • OpenDNS might have issues reconnecting after reboot, depending on the speed of the WAN reconnection
  • SSH to Serial port was scrambling data

Permalink


Series 3: Out-of-Band Management

Products Supported: AER2100, MBR1400v2, MBR1400v1, IBR11x0, IBR6x0, CBA850, CBA750B. Click here to identify your router.

Firmware Version: 5.3.4 – for information on upgrading firmware, click here.


Summary

This document is intended to guide an administrator through configuring the Serial Redirector feature on Cradlepoint routers for out-of-band management and troubleshooting of devices with an RS232 console interface. Once turned on, this feature is used by establishing a telnet client session with the router, which then redirects the telnet traffic to the attached console cable.


Configuration

Configuration Difficulty: Intermediate

Physical Setup

  1. Obtain the necessary equipment.
    • IBR11x0: When initiating serial redirect from this router model, a DB9 Male to Male serial adapter is required. An example is located here. This product is not sold by Cradlepoint.
    • All other Cradlepoint models: A USB-to-serial adapter that uses an FTDI chip set such is required to use the Serial Redirect feature. For more information on finding the right kind of adapter, consult the guide located here.
    • Optional: 1-to-4 USB to RS232 serial adapter for support of multiple out of band devices.
  2. Make all the appropriate physical connections before beginning the configuration.

User-added image

For example:

User-added image

Software Setup

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Click on System Settings and select Serial Redirector from the drop-down menu.

User-added image

  • Step 3: Place a check mark next to Enabled. Wait for Server Status to become “Ready“.
    • Note: The Server Status will read Starting and never change if there is a problem with the detection of the adapter. This usually means the adapter is not supported by the router.
  • Step 4: In the USB Serial Adapter Configuration section, set the values to match those used by your device.
    • NOTE: Some routers require slightly different settings than Cradlepoint’s defaults. If you find that the console window does not appear to be displaying the data correctly (such as inserting a blank row between each line of text), try changing the Cradlepoint’s “Line Feed” option to a different value and then try again.
  • Step 5: Click Apply.

User-added image


Usage

Direct Connection

NOTE: Cradlepoint highly recommends using the SSH-to-Serial access option instead because it is encrypted and requires a username and password. We recommend NOT using telnet-to-serial access unless the device is on a private network and not accessible from the Internet.

Using your system’s telnet client software, establish a session to the Cradlepoint.

The example below shows a local connection through PuTTY.

  • Specify the Cradlepoint’s LAN or WAN IP address.
    • (Note: the WAN connection will not work unless WAN is enabled within the router’s System Settings>Serial Redirect>Telnet to Serial Configuration section. This option is highly insecure and should not be used unless the Cradlepoint router is on a private network and not accessible from the Internet.)
  • Specify the telnet port specified on the router’s System Settings>Serial Redirect>Telnet to Serial Configuration page.

User-added image

Once the session is established, you may interact directly with your hardware.

User-added image

Secure Connection

An alternate, and secure, way to access your hardware would be to establish a SSH session to the Cradlepoint. This can be done in one of three ways:

(Click each option to open up the corresponding walkthrough guide.)

Once you have access to the router’s CLI, you can issue the serial command to create a console session to your hardware.

Use the following command to initiate the serial redirect:

serial

If you are using a 1-to-4 USB to Serial Adapter, utilize the following command to initiate a serial connection to a specific client device:

serial # – for example – serial 3

User-added image

After the session is established, you will be able to access the console of your device.

Use the following commands to end the session:

CTRL + W to break connection to the device, but keep the SSH session up

CTRL + Q to break connection to the device and end the SSH session

NOTE: Only one session can be active at the a time. If a new session is opened (if the device is accessed by a different method, or by a second user) before the original one is stopped, you may receive garbled feedback.


Troubleshooting

  • Reboot the hardware, including the Cradlepoint router and its client serial device.
  • Reseat the connectors.
  • Disable/re-enable the Serial Redirect feature on the Cradlepoint router.
  • Ensure you are able to access your device’s console directly through the USB-to-Serial adapter.
  • Check the RS232 settings on your device and make sure they match.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here

Symptom:

Inability to connect to the Internet with a supported modem through a Series 3 CradlePoint router.

Cause:

Outdated Firmware.

Conceptual Plan:  Since an Internet connection cannot be established through the router, the modem will need to be connected directly to the computer in order access www.cradlepoint.com and obtain the correct firmware files.  After saving the necessary firmware files on your computer the modem will need to be removed from the computer, and the CradlePoint router connected.  To connect a computer to the router and update firmware, no internet connection is required, only a connection between the computer and router. Once the router is connected to the computer, the files will be uploaded to the router and installed.

Resolution:

  1. Turn off your CradlePoint router.
  2. Connect your modem to your computer and establish an internet connection utilizing your carrier instructions.
  3. Open your web browser (Internet Explorer, Chrome, Firefox, Safari, etc.) and type http://cradlepoint.com/firmware into the main address bar.                                                               User-added image
  4. Choose your router model within the FIND AND DOWNLOAD FIRMWARE section by clicking the down arrow next to the – Select Product – field, and then click on the grey CHECK FOR LATEST FIRMWARE button.        User-added image
  5. Click on the Download vN.N.N link next to firmware version you would like to use. Please note that you may also see additional links for 4G or Wimax firmware files, which apply only to CradlePoint internal and integrated modems.            User-added image
  6. Within the file download box, choose the Save option. DO NOT select the option to Open or to Run the file. The dialog may appear differently, depending on your browser. Internet Explorer version 9 is used the example below.                         User-added image
  7. Click Save As from the selection menu. Please note that if you do not see this option, your browser might be automatically saving the file in your Downloads folder.                                                                                           User-added image
  8. Within the Save As window, select Desktop or another location on your computer where you’d prefer to save the file, and then click theSave button.                                                                                                                     User-added image
  9. Once the download has completed, disconnect the modem from your computer.
  10. Factory reset your CradlePoint router. Click here for instructions on performing a factory reset your Series 3 CradlePoint.
  11. Connect your computer to the CradlePoint router via Ethernet or Wi-Fi.
  12. Once connected to the router, log into the router’s administrative console.
  13. If you are using the CTR35 or MBR95 router models, enable the Advanced Configuration Mode.
  14. Click the System Settings tab, and choose System Software from the drop-down menu.                    User-added image
  15. Click on Manual Firmware Upload.                                                                                            User-added image
  16. Select Choose File.                                                                                                                         User-added image
  17. Select Desktop or the location where you had saved the file during Step 8. Note: if you never chose the location during the download process, the file most like saved in your Downloads folder by default.                                                                                                 User-added image
  18. Select the file name in the format u_router_model_date_of _firmware_release.bin and click OpenUser-added image
  19. Click Begin Firmware Upgrade.                                                                                                        User-added image
  20. The following screens will be displayed as the firmware is upgraded.                                    User-added imageUser-added image
  21. Once the firmware update is complete, if connected via Ethernet, you will automatically be returned to the Cradlepoint administrative login page. If connected via Wi-Fi, you may need to reconnect to the router’s wifi. Please note that if you computer has multiple wifi networks saved, it may have automatically reconnected to one of them while the CradlePoint router was rebooting.
  22. Log into the routers administration page (login instructions).                                                     User-added image
  23. Click the Status tab, and then select Dashboard from the drop-down menu to verify that the router firmware version has been updated. User-added image

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0 and applies to the CBR400, CBR450, IBR600, IBR650 and MBR1400


Summary:

This article describes how to enable Traffic Shaping/QoS on a capable Series 3 CradlePoint router.  When Traffic Shaping/QoS is enabled, the router will prioritize the flow of Internet traffic according to your user-defined rules.
 

Enabling QOS:

  1. Log into the router’s setup page (login instructions).
  2. Click on the Network Settings tab then select WiPipe QoS from the sub-menu.
  3. In the QoS settings section simply place a check in the Enable WiPipe QoS box, see illustration below.
  4. Define your desired QoS rules in the section below.

             User-added image


Notes on QoS:
 

  1. Setting the Upload Speed and Download Speed is required to control traffic flow accurately.
  2. It is recommended that you experiment with different values for your particular Internet connection to yield the best results.

 
Upload speed:        The speed at which data can be transferred to your ISP.

Download speed:    The speed at which data can be transferred to you from your ISP. 

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.

 

Description:

Many Internet service providers provide publicly routable dynamically assigned addresses to their customers.  Because the Internet IP address provided from the ISP may change daily, it may be helpful to use a Dynamic DNS service to ensure that a user on the internet can always connect to the CradlePoint, even if they don’t know the current IP address.
For example, when connecting a Comcast cable modem to a CradlePoint MBR1400, Comcast provides you a public routable IP address (for example, 71.213.152.203).  If remote web administration is enabled on port 8080 on the CradlePoint, a remote internet user would be able to access the CradlePoint’s administrative console by surfing to http://71.213.152.203:8080.  Because this address may change without notice from Comcast, a remote user would not be able to log back in until they know the IP address.

Dynamic DNS services allow you to reserve a domain name or subdomain with a Dynamic DNS provider.  Once the account with the Dynamic DNS provider has been set up, you can enter its settings inside the CradlePoint.  Once the CradlePoint has the Dynamic DNS settings entered, then any time the address changes it will send an update request to the DNS server.

For example, you went to a Dynamic DNS provider like http://www.dyndns.org and created a username & password and reserved the subdomain “cradlepoint.dyndns.org”.  Once you’ve entered these settings into the CradlePoint (as described below), a remote user on the internet would always be able to access the remote administrative console by surfing tohttp://cradlepoint.dyndns.org:8080 rather than having to know the current IP address.

Directions:

Before entering any settings into the CradlePoint, it is necessary to create an account with a Dynamic DNS service provider.  These companies provide free and/or paid Dynamic DNS services depending on your needs:


The CradlePoint also supports other custom servers that use the same settings as the above services.

After creating your account, you will need to know your host name, user name, and password.  For our example, let’s assume that you are using these settings:

  1. Host name:           cradlepoint.dyndns.org
  2. User name:           cpusername
  3. Password:             **********

To enter these settings into your Series 3 CradlePoint, follow these directions:

  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Select “Network Settings” from the top menu, then click “DNS”.                            User-added image
  3. Under “Dynamic DNS Configuration”, place a checkmark next to “Enable Dynamic DNS”. User-added image
  4. Set the “Server Type” to the dynamic DNS service provider you are using
  5. Set the “Host name” to your host name (in this example we are using “cradlepoint.dyndns.org”), User name, password, and verify your password.                               User-added image
  6. Click “Apply” to save your changes.


After making this change, any user trying to connect to “cradlepoint.dyndns.org” will be redirected to whichever WAN IP address that the CradlePoint is currently using.  If the CradlePoint changes its WAN IP address, as soon as it gets a new address it will automatically let the Dynamic DNS provider know the new IP address.

Note:

If your CradlePoint’s WAN IP address begins with a 10 (for example 10.34.121.12), then your Internet service provider is having you connect from behind Network Address Translation (NAT) instead of providing you a routable IP address.
If you have this type of account and need to be able to access the CradlePoint’s network from the Internet, contact your mobile provider to see if they can provide you a routable IP address instead.

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written base on firmware version 5.0.0.

Overview:


VPN tunnels are used to establish a secure connection to a remote network over a public network.  This configuration covers an IPSec VPN tunnel setup between a CradlePoint Series 3 router and a Sonicwall TZ210 firewall.  Figure 1 shows the network topology example of this particular configuration.  IPSec is customizable on both the CradlePoint and Sonicwall platforms to fit into a variety of network and security requirements however, this configuration example will address only the basic configuration.

User-added image
Figure 1. Network Diagram of configuration

 

System Requirements:


The CradlePoint router model used for this example is the MBR1400 running firmware version 3.5.0 (02-27-2012).
The configuration described in this document applies to the following CradlePoint routers:

  • MBR1400
  • MBR1200B
  • CBR450
  • CBR400
  • COR IBR600
  • COR IBR650

The Sonicwall device used for this configuration is the TZ 210 Network Security Appliance running firmware version SonicOS Enhanced 5.5.1.0-5o.

Configuring IPSec VPN between a CradlePoint Router and Sonicwall:
  1. Log into the setup pages of the CradlePoint router. (if you are unsure how, please click here.)
  2. Navigate to the Internet > VPN Tunnels page.  Enable the VPN service if it hasn’t been already.  Click Add to begin tunnel configuration.
  3. Configure the tunnel to the specifications required.  Below is a screen by screen example of a base configuration that is known to work with most Sonicwall firewalls and routers.                                                                                             User-added imageUser-added imageUser-added imageUser-added imageUser-added imageUser-added image
  4. Confirm the configuration on the Tunnel Summary prompt and select Yes.
Sonicwall Configuration:
  1. Log into the Sonicwall management interface as admin.
  2. In this example, an “Address Object” had already been created called Remote_VPN_Test, which placed the network 192.168.0.0 in the LAN zone,. These can be created under Network > Address Objects.User-added image
  3. Navigate to VPN > Settings. Under VPN Policies, select Add to begin configuring the IPSec Policy. Below is a screen by screen example of a base configuration which matches that of the CradlePoint.                                                                                      User-added imageUser-added imageUser-added imageUser-added imageUser-added image
  4. Once the policy is configured in the Soniwall confirm that the tunnel is up and established.       User-added image
  5. Confirm that the tunnel is up and established on the CradlePoint router.                                   User-added image
  6. We can also verify traffic is routing properly in the management interface of the CradlePoint. Navigate to System Settings > System Control, expand the Advanced Control panel, and run a ping test to the LAN interface of the Sonicwall, or a connected client device. User-added image

Permalink


QUICK LINKS:


OVERVIEW:

This configuration document will guide you through how to configure VLAN interfaces on CradlePoint Routers, and will feature a typical Enterprise VLAN topology design implementation.


SYSTEM REQUIREMENTS:

VLAN interface configuration is recommended for the following CradlePoint Routers:

  • AER2100
  • MBR1400
  • IBR600
  • IBR650


FIRMWARE VERSION:

This content was created using firmware 5.0.0


TECHNICAL TERMS:

  • Virtual LAN (VLAN):  Distinct broadcast domain of a single layer-2 network, configured using software rather than hardware. Achieved by adding 802.1Q headers to Ethernet Packets.
  • VLAN Interface:  A layer-3 interface that allows for VLAN tagging on specific Ethernet port groups
  • Trunk Port:  Ethernet port that sends and receives tagged frames from more than one VLAN


NETWORK TOPOLOGY:

For this example, we are going to use the following network topology design. We will split up the network devices into 7 different IP networks. These networks were designed much like a typical enterprise network for a datacenter that segments and separates physical and virtual servers and storage arrays. Below is a list of the VLANs and IP addressing information that are presented in this document. All of the networks will need to be configured with 802.1Q VLAN tagging for Trunking multiple VLANs over a single Ethernet port. All networks will participate in VLAN packet tagging.

User-added image
User-added image



CONFIGURATION:

Note: The following configuration examples were written for the MBR1400, but can be applied to any CradlePoint router that supports VLANs

Step 1:  Ethernet Port Configuration

Our topology will require Trunking of all IP networks on one orange Ethernet port to a single core switch. To achieve this, we will need to do the following:

  1. Create a new port group, by choosing Ethernet Port Configuration under Network Settings > WiFi / Local Networks.
  2. Click Add.
  3. Give the Ethernet port group a name, and move the desired port to the “Selected” side. Click Submit.
    • If your network design involves trunking to more than a single switch, then simply add more ports to the Selected side while configuring. The configuration should look something similar to the image below.User-added image

*Note* If you are currently managing the CradlePoint router from the orange port you are connected to, this step will cause loss of connectivity to the router. Managing the CradlePoint router from another LAN port, or using WiFi, is recommended for the duration of this configuration example.


Step 2:  VLAN Interface Configuration

We will create the VLAN interfaces that will later be associated with specific IP networks, for now this step will associate a VLAN interface (VID tag number) with the selected port group, specifically the Dot1QTrunk group we just configured.

  1. Navigate to the VLAN Interfaces tab under Network Settings > WiFi / Local Networks
  2. Create a new VLAN by selecting the Add button.
  3. Fill in the VID and the Port Group the VLAN interface will apply to.
    • In this configuration example, we will create 7 VLAN interfaces, one for each of the following VIDs; 101, 110, 111, 191, 171, 172, and 192. Ethernet Port group Dot1QTrunk should be selected for all 7 VLAN’s. User-added image

Step 3:  IP Networks

  1. To add a new IP network, click Add under “Local IP Networks.”
  2. On the General Settings tab, name your network and check the Enabled box.     User-added image
  3. On the IPv4 Settings tab, set the IP address according to your topology.               User-added image
  4. On the interfaces tab, make sure you move the VLAN ID to “Selected”.                  User-added image
  5. Click Submit.

*Note* – You can add your WiFi SSID’s to any network. It is recommended to not add public WiFi to any management VLAN’s.


FINAL CONFIGURATION SHOULD LOOK LIKE THE BELOW.

User-added image
User-added image

Permalink


Configuration Difficulty: Intermediate



Summary

Firmware Version

Network Topology

Configuration

Technical

Troubleshooting


Summary


This article is intended to assist the CradlePoint Administrator in configuring two CradlePoints in a site to site OpenVPN configuration.


Firmware Version


This Article was written utilizing firmware version 5.2.0.


Network Topology

User-added image


Configuration

CradlePoint #1 (Local) Configuration

  1. Log in to the Administrative GUI of the Local CradlePoint. For instructions on doing this please refer to the article; Series 3: Accessing the Setup Pages of a CradlePoint router.
  2. Go to INTERNET > OPENVPN TUNNELS.                                                                                                  User-added image
  3. Click ADD. User-added image
  4. Give the Tunnel a familiar name.
  5. Select SITE-TO-SITE from the Tunnel Mode drop down.
  6. Check the TLS-Authentication if you would like the tunnel to use TLS. In this example we will leave it unchecked.
  7. Assign a Local and Remote Endpoint IP address to your tunnel. These address should be in the same subnet and are typically a /30 subnet.
  8. Check the Support IPv6 Tunnels if you will be using IPv6 addresses. In this example we will leave it unchecked.
  9. Choose the protocol you wish your tunnel to use from the Tunnel Protocol drop down. In this example we will use UDP.
  10. Enter the port number you wish your tunnel to connect on. The default is 1194.
  11. Enter the amount of time you wish to wait to send a ping if no traffic has been sent through the tunnel in the Ping field. The value is in seconds, and 10 is the default.
  12. Enter the amount of time to wait if no pings have been received before the tunnel restarts into the Ping Restart field. This value is in seconds and the default is 60.
  13. Ensure the Tunnel Enabled box is checked.
  14. Click NEXT.                                                                                                                         User-added image
  15. Click ADD.
  16. In the REMOTE SERVERS screen, you will add the WAN IP address of the CradlePoint you are attempting to create a tunnel with at this time. This IP address must be reachable across the WAN link by this CradlePoint. You will also enter the port and protocol of the Remote CradlePoint. This much the settings you entered previously on the CradlePoint.
  17. Click SAVE.
  18. Click NEXT.                                                                                                                         User-added image
  19. For this configuration, we will leave the ROUTE section at default. Click NEXT.           User-added image
  20. If during Step 6, you choose to use TLS, you will need to generate a TLS-Authentication Key, by clicking the GENERATE button. In this example, we are not using TLS so we will skip this step.
  21. Click FINISH.                                                                                                                       User-added image
  22. In order to route to any LANs or devices attached to the Remote CradlePoint, we will need to add routes to the CradlePoint. This can be done either statically or with a routing protocol. In this example we will use a Static Route. To enter a Static Route, go to NETWORK SETTINGS > ROUTING.                                                                                                                                                        User-added image
  23. Click ADD.                                                                                                              User-added image
  24. Enter the IP Version.
  25. Enter the IP address or Network Address of the device or LAN you are attempting to route to on the remote side of the tunnel.
  26. Enter the Netmask.
  27. Enter the Gateway, this will be the Local Endpoint Address that you configured in Step 7.
  28. The Device is the Interface that the traffic is being sent out of for this route. In the CradlePoint, you can use either the Gateway or Device, but not both. In this example, we will leave it blank because we are using the Gateway address to route our traffic.
  29. Configure the Metric. By default it is 1, we will leave it 1 for this example.
  30. Check the box for Allow Network Access.
  31. You check the box for Distribute, if you would like this route distributed to a Routing Protocol configured on the CradlePoint. In this example we will leave it blank.
  32. Click SUBMIT.                                                                                                               User-added image

CradlePoint #2 (Remote) Configuration

  1. Log into the Administrative GUI of the Remote CradlePoint.
  2. Go to INTERNET > OPENVPN TUNNELS.                                                                                                  User-added image
  3. Click ADD.                                                                                                                User-added image
  4. Give the Tunnel a familiar name.
  5. Select the SITE-TO-SITE option from the Tunnel Mode drop-down.
  6. Check the TLS-Authentication if you would like the tunnel to use TLS. In this example, we will leave it unchecked. This setting must match the setting in the Local CradlePoint.
  7. Assign a Local and Remote Endpoint IP address to your tunnel. This address should be in the same subnet and are typically a /30 subnet. In this CradlePoint, the addresses will be the opposite of how they were configured in Step 7 of Router #1 configuration.
  8. Check the Support IPv6 Tunnels if you will be using IPv6 addresses. In this example, we will leave it unchecked.
  9. Choose the protocol you wish your tunnel to use from the Tunnel Protocol drop down. In this example, we will use UDP. This setting must match the setting in the Local CradlePoint.
  10. Enter the port number you wish your tunnel to connect on. The default is 1194. This setting must match the setting in the Local CradlePoint.
  11. Enter the amount of time you wish to wait to send a ping if no traffic has been sent through the tunnel in the Ping field. The value is in seconds, and 10 is the default.
  12. Enter the amount of time to wait if no pings have been received before the tunnel restarts into the Ping Restart field. This value is in seconds and the default is 60.
  13. Ensure the Tunnel Enabled box is checked.
  14. Click NEXT.                                                                                                                          User-added image
  15. Click ADD.
  16. In the REMOTE SERVERS screen, you will add the WAN IP address of the CradlePoint you are attempting to create a tunnel with. This IP address must be reachable across the WAN link by this CradlePoint. You will also enter the port and protocol of the Local CradlePoint. This much the settings you entered previously on the CradlePoint.
  17. Click SAVE.
  18. Click NEXT.                                                                                                                           User-added image
  19. For this configuration, we will leave the ROUTE section at default. Click NEXT.    User-added image
  20. If in Step 6 of Router #1 configuration you choose to use TLS, you will need to generate a TLS-Authentication Key, by clicking the GENERATE button. In this example, we are not using TLS so we will skip this step. This setting must match the setting in the Local CradlePoint.
  21. Click FINISH.                                                                                                                        User-added image
  22. In order to route to any LANs or devices attached to the Local CradlePoint, we will need to add routes to the CradlePoint. This can be done either statically or with a routing protocol. In this example we will use a Static Route. The enter a Static Route, go to NETWORK SETTINGS > ROUTING.                                                                                                                                                      User-added image
  23. Click ADD. User-added image
  24. Enter the IP Version.
  25. Enter the IP address or Network Address of the device or LAN you are attempting to route to on the remote side of the tunnel.
  26. Enter the Netmask.
  27. Enter the Gateway, this will be the Local Endpoint Address that you configured in Step 7 of Router #1 configuration.
  28. The Device is the Interface that the traffic is being sent out of for this route. In the CradlePoint, you can use either the Gateway or Device, but not both. In this example, we will leave it blank because we are using the Gateway address to route our traffic.
  29. Configure the Metric. By default it is 1, we will leave it 1 for this example.
  30. Check the box for Allow Network Access.
  31. You check the box for Distribute, if you would like this route distributed to a Routing Protocol configured on the CradlePoint. In this example, we will leave it blank.
  32. Click SUBMIT.                                                                                                          User-added image

Technical

Terms

  • OpenVPN: an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[2] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL)
  • Secure Sockets Layer/Transport Layer Security (TLS): are cryptographic protocols designed to provide communication security over the Internet.[1] They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and exchanging a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.

System Requirements

  • This feature is available only on the following CradlePoint Products:  AER 2100 and MBR1400v2.
  • OpenVPN requires an Extended Enterprise License (EEL) and Enterprise Cloud Manager (ECM) to use this feature.

Troubleshooting


To view the status of the OpenVPN tunnels, you will need to access the CLI of the CradlePoint and issue the following command; get status/openvpn.

To view log messages, you will need to enable Debug level logging. Enabling this level of logging will impact router performance and over time can cause unexpected reboots or loss of functionality and should only be enabled at the request of an authorized CradlePoint representative. This enables debug level logging for most of the Router Services. This is enabled by navigating to SYSTEM SETTINGS > ADMINISTRATION > SYSTEM LOGGING and next to the LOGGING LEVEL select DEBUG from the drop down.


CradlePoint Knowledgebase

CradlePoint Manual: Network Settings → Routing Protocol

OpenVPN

OpenVPN How To


Published Date:
7/1/2014

Permalink


If you are unsure of CradlePoint Series or Model number please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Logs in Cradlepoint routers are cleared on every power cycle or reboot. If you would like to save logs after a reboot, you may want to set up a connection from the Cradlepoint router to your Syslog Server.

Cause:

Log information is saved in non-volatile memory and is lost on power cycle or reboot.

Resolution:

  1. Connect wired or wireless to the CradlePoint router
  2. Login to your CradlePoint’s set up pages.  Click here for instructions on logging in.
  3. Click System Settings tab
  4. Then click Administration
  5. Click the tab to the far left that states System Logging                                                                                               User-added image
  6. Click the checkbox to the right of Enable Logging to a Syslog Server
  7. Add in the local or remote IP of your Syslog Server in the Syslog Server Address dropdown
  8. Click Apply                                                                                                                                                                              User-added image
  9. Your Cradlepoint router will now send logs to the designated address

Permalink


If you are not sure what Series CradlePoint router you have, please click here.
This article was written based upon firmware version 5.0.0


A cellular modem displays “Suspended” or “CPPM failed: Carrier Reject” as its status and will not establish an internet connection when plugged into a Series 3 CradlePoint router, even though it works correctly when plugged into a computer.

 

  • Plug the cellular modem into the CradlePoint router.
  • Connect to your router via Wi-Fi or Ethernet, and access its administrative console. Click here if you are not sure how to do this.
  • Click on the Internet tab, and select Connection Manager from the dropdown.  User-added image
  • Select your modem within the WAN Interfaces list by clicking on its name.          User-added image
  • Once the modem is highlighted blue, click the Edit button above it.                       User-added image
  • Within the WAN Configuration window, click on the SIM/APN/AUTH Settings tab. User-added image
  • Choose the Manual option for the Access Point Name.                                              User-added image
  • Enter the access point name (APN) provided by your cellular carrier and click Submit.                            User-added image
    • NOTE: A list of common access point names (APNs) is displayed within the help panel, and some additional options can be found here. If you are not sure which APN you should use, please contact your carrier.
  • Click OK in the confirmation dialog.                                                                           User-added image
    • NOTE: After a new configuration has been submitted, the modem will reboot itself which will cause it to disappear briefly from the WAN Interfaces list before it tries to connect again.

 

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article is based upon the 5.0.0 firmware and is valid for firmwares from 3.5.0 to 5.0.0.

Description:

By default the CradlePoint router networks are available at all times for client computers.  It may be desirable to set the primary or guest networks to only be available during specific hours.  For example, a coffee shop that would like to provide free internet access to its customers during business hours, but prevent access during closed hours.

Directions:

This feature was added on CradlePoint firmware version 3.5.0.  If not on firmware version 3.5.0 or greater update your routers firmware, Firmware Update Instructions.  Before creating schedules verify that the CradlePoint routers time is correct.  The time can be verified through the router administration console; click System Settings > Administration, then click the System Clock tab, then check Enable NTP.

Note: If you are using earlier than firmware version 5.0.0, the links may appear along the top instead of along the left side

User-added image

 

This example, creates a schedule for Guest Network availability from 7:00am to 6:00pm.
 

  1. Log into the setup pages. The default location is http://192.168.0.1  Click here if you are not sure how to access the setup pages.
  2. Click on the Network Settings tab then select Wi-Fi/Local Networks.    User-added image
  3. Place a check mark next to the network you would like to add a schedule to then click Edit.                                User-added image             User-added image
  4. In the Local Network Editor screen, click the Schedule tab and check Schedule ServiceUser-added image
  5. Set the schedule for your network to use.  Dark blocks indicate the times that your network will not be available.  Light blocks indicate when your network will be available.  The default schedule provides network availability from 8:00am to 5:00pm Monday through Friday.  This example, illustrates the modified schedule so availability will be Monday through Friday from 8:00am to 5:00pm.                                                                                                                                                       User-added image
  6. Click Submit to save the schedule.

 
After applying the save the affected network will only be available when scheduled.
 
Note:  It is not required to have the scheduled times in a single block, see figure below.

User-added image

Permalink


This article is intended for CradlePoint Series 3 routers. If you are not sure what series or model CradlePoint router you have, please click here.

This article was written based on firmware version 5.0.0.


Overview:

By default the CradlePoint router will allow the modem to connect to the highest speed network available. In cases where both 3G and LTE networks are available but the LTE signal is weak, a modem that supports connection to both networks might still try to connect on LTE instead of dropping down to a more reliable 3G connection. This might cause slow speeds, frequent disconnects, or a complete lack of an Internet connection. To resolve this issue, it may be necessary to have the CradlePoint router instruct your modem to connect to 3G only.

Note: Not all LTE providers and modems may support this feature through Series 3 CradlePoint routers. Listed below are the carriers and modems which have been tested by CradlePoint:

  • Verizon 4G LTE modems: Pantech UML290, Novatel USB551L, LG VL600.
  • AT&T 4G LTE modems:  Sierra Wireless AC313U Momentum, Hauwei E368 Force 4G



Directions:

If you are not sure how to access your router’s administrative console, click here.

  1. Click on the Internet tab and select Connection Manager from the dropdown menu. User-added image
  2. Within the WAN Interfaces list, click to highlight your modem. User-added image
  3. Click the EditUser-added image
  4. Within the WAN Configuration window, select the Modem Settings tab. User-added image
  5. Change the Modem Connection Mode to either Auto 3G or Force 3G, and then click Submit to apply the changes. Your modem will briefly disappear from the WAN Interfaces list while it reconfigures itself.User-added image
Note: Forcing the modem to 3G will prevent it from being able to connect to any network other than 3G.




Note: If nearby cell towers have been upgraded to support 4G LTE, or if you move the CradlePoint into an area that supports 4G LTE, just change the Modem Connection Mode back to Auto (all modes) or Force LTE. It is a good idea to check signal strength and quality values to determine which connection mode would be more reliable.

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article is based on the 5.0.0 firmware for Series 3 CradlePoint routers.


Description: 

In areas where the 4G WiMAX signal is low, unavailable, and/or unstable the modem may bounce between a good 3G connection and an unstable4G WiMAX connection.  While the modem disconnects from 3G service and attempts the 4G WiMAX connection, the internet is not available.  By default, the CradlePoint router is set to have the modem connect to the highest speed network available.  This scenario is common in fringe 4G WiMAX coverage areas.  For cases such as this, it is advantageous to restrict a 3G/4G WiMAX modem to a 3G connection only.

 
Directions:

It is advised that your router has the most recent Firmware version loaded.  For instructions to check the router Firmware version see How to check Firmware version and How to Update Series 3 Firmware.

  1. Log into the setup pages, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the setup pages.
  2. Select the Internet tab then click Connection Manager or Modem Settings.                                                User-added image
  3. In the WAN Interfaces section un-check the Enabled check box for the 4G WiMAX modem.                                   User-added image

 
After disabling the 4G WiMAX connection, the CradlePoint router will ignore the 4G WiMAX modem connection and use the 3G modem connection.
 
Note:  If WiMAX 4G signal becomes available or you change to a location where WiMAX 4G signal is available you may want to re-enable the WiMAX 4G connection by rechecking the Enable check box.

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.


Description:

Periodically cellular carriers will release “Firmware Update Management Object” (FUMO) and/or “Preferred Roaming List” (PRL) updates for their supported modems.  Normally these updates must be performed with the modem plugged directly into the computer, but for certain modems the CradlePoint router can perform these updates directly.

You will want to verify whether the CradlePoint firmware you are using supports FUMO and/or PRL updates.  Either refer to the firmware release notes for your router to see if your modem supports these updates, or else you can just perform the update steps below to see if the update options are available.  If the update options are not available, then the firmware version you are using on the CradlePoint does not support FUMO or PRL updates for that modem.

This article describes the process to update a modem’s FUMO or PRL while the modem is connected to a Series 3 Cradlepoint router.  


Directions:

  1. Log into the routers administration page (login instructions).
  2. Click on the Status tab and then Internet Connections in the drop-down menu.                                                 User-added image
  3. Place a check mark next to the cellular modem you would like to update.  Make note of the current firmware version (FUMO) and PRL versions.                                                                                                                                User-added image
  4. Click the Internet tab and Connection Manager from the drop-down menuUser-added image
  5. Highlight your cellular modem and click the Control button.  If the modem does not support FUMO or PRL updates you see a message stating “This device does not support PRL Updates, Activation, or FUMO.”User-added image
  6. If the CradlePoint supports FUMO and/or PRL updates for the modem you are using, you will see an Update/Activate screen.  Click onUpdate.                                                                                                                User-added image
  7. You will see the status updating; and then the modem will briefly disappear and reappear from the WAN Interfaces screen.  The modem’s firmware update is now complete.

After making these changes, the modem should now be updated to the most current FUMO and PRL versions.


Note:

If you get a failure message when attempting to update the FUMO or PRL, make sure that the modem is connected and online and try again.

Permalink


This article was written based on firmware version 5.0.0.

Summary:
This article presents an example configuration of an IPSec VPN tunnel between a Series 3 CradlePoint router and a Cisco ASA.


Requirements:

  • CradlePoint model MBR1400, IBR600, IBR650, CBR400, or CBR450. If you are unsure of your CradlePoint Series or Model number, please click here.
  • Cisco ASA running software 8.4 or newer
  • Static publicly routable IP addresses on both the CradlePoint and Cisco ASA. If this requirement is not met, reference Additional Resources for examples of other configurations.
  • Need for a secure connection between two remote networks



Contents:



Terms:

  • IPSec – Protocol used for securing IP communications by authenticating and encrypting each IP packet of a communication session.
  • VPN – Virtual Private Network.  Extends a private network across a public network like the Internet.



Example Configuration:

User-added image


Configuring the CradlePoint Router:

  1. Navigate to the Internet tab.
  2. Select VPN Tunnels from the dropdown.
  3. Click Add at the top of the VPN Tunnels box.
  4. Enter a Tunnel Name and a Pre-Shared Key. (Please note that spaces are not permitted in the name.)User-added image
  5. Click Next.
  6. Under Local Networks, click Add.
  7. Enter the LAN IP network address and netmask of the CradlePoint router and click Save.User-added image
  8. Click Next.
  9. Under Remote Networks, enter the WAN IP of Cisco ASA as the Gateway.
  10. Click Add, then enter the LAN IP network address and netmask of the network on the Cisco ASA to which the VPN will connect to.                                                                    User-added image
  11. Click Save and then click Next at the bottom of the window.
  12. Select the desired IKE Phase 1 parameters.  (CradlePoint recommends AES-256 encryption, SHA1 hash, DH Group 1, and IKE Phase 1 key lifetime of 86400.)User-added image
  13. Click Next.
  14. Select the desired IKE Phase 2 parameters. (CradlePoint recommends AES-256 encryption, SHA1 hash, and DH Group 1, and Phase 2 key lifetime of 3600.)User-added image
  15. Click Next.
  16. Configure Dead Peer Detection to your preferences.  CradlePoint recommends keeping this setting enabled.User-added image
  17. Click Finish.
  18. On the Tunnel Summary screen review the settings and make sure they are correct.
  19. Click Yes to enable the tunnel.                                                                        User-added image



Configuring the Cisco Router:

Shown below is an example configuration for a Cisco router. Adjust it to match the settings you chose during the set up of the CradlePoint router. 

interface Ethernet0/0
nameif outside
ip address 75.160.178.210 255.255.255.240 (Change to your ASA’s WAN IP)

interface Ethernet0/1
nameif inside
ip address 192.168.30.254 255.255.255.0 (Change to your ASA’s LAN IP)

crypto isakmp policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

crypto ipsec transform-set myset esp-aes-256 esp-sha-hmac

access-list encrypt_acl extended permit ip 192.168.30.0 255.255.255.0 192.168.100.0 255.255.255.0 (Change to your LAN IPs)

crypto map ipsec_map 10 match address encrypt_acl
crypto map ipsec_map 10 set pfs
crypto map ipsec_map 10 set peer 166.154.4.196 (Change to CradlePoint WAN IP)
crypto map ipsec_map 10 set ikev1 transform-set myset
crypto map ipsec_map interface outside


Additional Resources:

Permalink


If you are unsure of your CradlePoint series or Model number, please click here.

This article was written based on firmware version 5.0.0


Symptom:

You need to restore your CradlePoint router to factory default settings.

Note: This document is intended for Series 3 routers if you have access to the setup pages.  If you are unable to access the setup pages, please click here.


Cause:

You need to reset the CradlePoint router to factory default settings.


Resolution:

  1. Connect to your router via Wi-Fi or Ethernet Cable
  2. Login to your router setup pages (click here for instructions) from an internet browser (Firefox, Google Chrome, Internet Explorer)
  3. Go to the System Settings tab, then click System Control under from that menu
  4. Click the Restore Factory Defaults button                                                                                   User-added image
  5. Click Yes to the message “Are you sure you want to restore the device to factory defaults and reboot?” if you are sure you would like to restore now.
  6. Once the CradlePoint is finished automatically rebooting, it will be back to factory default settings

Permalink


SUMMARY:

Beginning with firmware version 4.3.2, CradlePoint modems now have the ability to receive modem firmware updates over the Internet connection of the CradlePoint router.  This applies only to the following products; MC200LE-VZ, MC200LP-AT, IBR600LE-VZ, IBR600LP-AT on Verizon or AT&T networks
TERMS:

  • Modem Firmware- Firmware applied to the CradlePoint OEM modem, this is different from the CradlePoint firmware and will be address in the directions.

REQUIREMENTS:
  • CradlePoint OEM Modem: MC200LE-VZ, MC200LP-AT, IBR600LE-VZ, IBR600LP-AT.
  • CradlePoint Series 3 product with firmware version 4.3.2 or newer; MBR1400, CBA750B, IBR600LE-VZ, IBR600LP-AT
  • Active data plan and SIM from AT&T or Verizon

 

INSTRUCTIONS:
  1. Log in to the Administrative Pages of the CradlePoint
  2. Click on the Internet tab and then click Connection Manager                               User-added image
  3. Click on the modem interface in the WAN Interfaces box
    1. MC200LP-AT will be: LTE: LTE/HSPA+ Modem
    2. MC200LE-VZ will be: LTE: LTE/EVDO Modem
    3. IBR600LE-VZ will be: Internal: LTE/EVDO Modem
    4. IBR600LP-AT will be: Internal: LTE/HSPA+ Modem                                      User-added image
  4. Click on Control                                                                                                User-added image
  5. Click on Firmware.                                                                                             User-added image
  6. The CradlePoint will check online to see if there is a new firmware version.  If there is a new firmware version, it will display the version.  Then click Automatic (Internet).                                                  User-added image
  7. The modem will now go through he following stages as it apples the modem firmware; Downloading, Validating, Setting Mode, Flashing, and Applying Firmware.                                                                                                          User-added image         User-added imageUser-added image       User-added image
  8. After the firmware is applied the router will reboot and the modem will reconnect (this process can take a few minutes).  A double check of the firmware should it has been updated and no longer show an update available.User-added imageUser-added imageUser-added image

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 4.3.0

Symptom:

You are unable to access the internet with your Cable, DSL or Satellite modem connected to your CradlePoint router

Cause:

Some Cable, DSL, or Satellite modems use the same default IP address as the CradlePoint router.  This causes an IP conflict when connecting the router to the modem.  Changing the CradlePoint router’s IP address will eliminate this IP address Conflict.

Resolution:

  1. Log into the router’s setup page.  If you are unsure how, click here.
  2. Click the Network Settings tab, then WiFi / Local Network.
  3. In the Local IP Networks section put a check in the box to left of Primary LAN.
  4. Then click the Edit button above.                                                                                                                      User-added image
  5. Select the IP Settings tab then change the IP Address to 192.168.50.1.                                                                                                                          User-added image
  6. Click the Submit button to save the changes, then OK in the next 2 boxes.
  7. Unplug both the router and the Cable Modem from power.
  8. Plug the Ethernet cable from the Cable Modem into the blue Ethernet port on the back of the router.
  9. Wait approximately 30 seconds then plug the Cable Modem back into power.  Allow approximately 30 to 45 seconds for the modem to boot, stabilize, and connect to the ISP.
  10. Plug the power cord back into the CradlePoint router, allow approximately 30 seconds for the router boot, stabilize and connect.
  11. The router should now provide internet access to connected computers.

NOTE:  To access the router’s setup pages use the IP address that the router was changed to.  If the router IP address was changed to 192.168.50.1, for example, then use that IP in the browsers address bar to access the Cradlepoint router’s setup pages.

Permalink


Summary:

This Document describes how to provision your supported CradlePoint routers with an Extended Enterprise License.
Beginning January 1, 2014, Enterprise Cloud Manager will automatically provision Extended Enterprise Licenses when the License is purchased, and the entitlement setup.  Until then, each router must be provisioned individually by using a License Key. The License Key is only valid for the device(s) that were specified when the license was purchased (or Trial requested).

Supported Routers:

  • AER2100
  • MBR1400, ARC MBR1400 (HW ver 2.0 is required)
  • COR IBR600, COR IBR650

Terms of Service:

  • Please review the CradlePoint Services Agreement, as these terms and conditions govern your use of the Feature License.
  • If you do not accept the terms and conditions in the CradlePoint Service Agreement, DO NOT upload the License File to your routers.
  • By uploading the License File and enabling your routers with the Feature License, you acknowledge you have read, understand and agree to be bound by the CradlePoint Service Agreement.

Apply license to your CradlePoint routers:

  1. Begin by saving the License Key to the desktop of your computer.
  2. Log into the CradlePoint admin pages (Series 3: Accessing the Setup Pages of a CradlePoint router)
  3. Check that your Firmware version is 5.0.0 or later by navigating to System Settings -> System Software and check that Current Firmware Version is v5.0.0 or later. If not, select Check Again, then Automatic (Internet).
  4. From the administration pages of the router navigate to System Settings – > Feature Licenses
  5. Select Choose File and browse to the license file saved to your desktop. Select it and then select Upload to apply your license.
  6. Upon successful upload, the router must be rebooted to finish installation
  7. After reboot the feature, (s) is(are) now available in your router and ready to be configured.
Note: Feature Licenses survive factory resets and can only be removed by CradlePoint.

Permalink


If you are not sure what model CradlePoint router you have, please click here.
 
 This article was written based upon firmware version 5.0.0.
 

Description:
 
All wireless client devices (laptops, tablets, smartphones, etc.) look for nearby, visible wireless networks by performing a “wireless site survey.”  This wireless site survey will show the “Service Set Identifier” (SSID) along with the “Basic Service Set Identifier” (BSSID) for each visible network, allowing you to connect to any open network or secured network with which you have proper credentials with. 
 
SSID:      The visible name of the wireless network
BSSID:   The MAC address of the wireless access point broadcasting the signal
 
Wireless client devices are usually configured with saved “wireless profiles,” which allowing the device to connect using a saved password when it comes into range of a specific SSID.  For increased security, it is also possible to configure the “wireless profile” to only connect to a SSID with a specific BSSID.  This would prevent the device from connecting to another wireless network with the same SSID and password because the BSSID is different.
 
It is also possible to configure the wireless network as a “hidden network” so that it does not broadcast its SSID name to be visible to nearby wireless devices, only the BSSID.   A wireless device configured with a wireless profile for that network’s BSSID will still be able to connect to this hidden network.
 
 
Directions:
 
These directions will walk you through setting the CradlePoint’s wireless network to be “hidden” – that the router will not broadcast an SSID.  Wireless devices configured to connect to CradlePoint’s BSSID will still be able to connect to the hidden network. 
 

  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Click Network Settings and WiFi / Local Networks from the dorp-down menu.                                User-added image
  3. Go down to Local Network Interfaces.  Place a checkmark next to the wireless network to be hidden, then click Edit.                                                                                                                                             User-added image
  4. On the Wireless Network Editor screen, place a checkmark next to Hidden. Click Submit at the bottom of the box to save your settings. User-added image

 
After making this change, your network’s SSID will no longer be broadcast and will not be visible for most wireless site surveys.  Only wireless clients configured with a wireless profile to connect to your BSSID will be able to connect.  Directions to configured Microsoft Windows to connect to hidden networks can be found here: (http://windows.microsoft.com/en-US/windows/help/wired-and-wireless-network-connection-problems-in-windows, near the bottom, under “How do I connect to a hidden wireless network?”.
 
 
Note:
 
Be aware of the potential security disadvantages of using a hidden network.  For more information, refer to (http://en.wikipedia.org/wiki/Service_set_(802.11_network)).

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0


SUMMARY:

This document describes how to disable internet bounce pages on a Series 3 CradlePoint router.  This is necessary when you are trying to use the router for an INTRANET only, or if you do not want to see the bounce pages when the internet is not working.

First you need to log into the router, if you are unsure how click here.

  1. Click on System Settings then on Administration.                                              internet bounce
  2. Click on the Local Management Tab.
  3. Uncheck Internet Bounce Pages.
  4. Apply your settings.                                                                                                internet bounce

Permalink


This article applies only to the CBR400 and CTR35 router models, and was written based on 4.3.2 and 3.6.3 firmware versions respectively.

Description:

The CradlePoint CBR400 and CTR35 routers have one Ethernet port which can be configured to function as as either a LAN or a WAN port.

LAN Ethernet Port Mode:
LAN mode is used when it is necessary to connect a local network device to the router, such as a switch, computer, printer, or an IP camera. Use this mode only if your router is intended to get its Internet connection from a USB modem, or from an existing wireless access point though itsWiFi as WAN feature.

WAN Ethernet Port Mode:
WAN mode is used for connecting a wired WAN source, such as a DSL, Cable or Satellite modem, to provide an Internet connection to the CradlePoint router. In this scenario, local network devices will be able to connect to the router only wirelessly.

By default, the port on the CBR400 and CTR35 is configured as LAN port. To reconfigure the Ethernet port mode one one of these routers to act as a WAN port, follow the directions below.

Directions:

If you are not sure how to access your router’s administrative console, click here.

NOTE: If you are accessing the router’s admin console using a wired connection, you will lose access to the router until you connect wirelessly. Please check your router’s wifi settings prior to applying any of the changes below.

  1. Click on the Network Settings tab, and select WiFi / Local Networks from the drop-down menu. User-added image
  2. Scroll down to Local Network Interfaces section and click on the Ethernet Port Configuration tab. User-added image
  3. Click on the Mode drop-down next to the Ethernet port’s name, and choose Internet (WAN)User-added image
  4. The CradlePoint will immediately warn you that you will no longer be able to access the admin console from a computer connected via the Ethernet port.  If you are connected wirelessly this warning does not apply.  If you are wired into the CradlePoint to make this change, make sure that you are successfully able to connect to the router wirelessly prior to submitting this change.User-added image

After this change is made, the CradlePoint CBR400 or CTR35’s Ethernet port will be configured to accept a WAN connection. For additional assistance connecting a wired WAN source (DSL, cable, satellite, etc.) to your router click here.

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

 

 

Symptom:

Inability to access the CradlePoint router’s setup pages from any connected device.


Cause:

After making configuration changes you are unable to access the CradlePoint.  Changed the Wireless/WiFi or Administration password and are no longer able to access CradlePoint or setup pages.


Resolution:

Warning:  Performing a Factory Reset will erase all configuration changes that have been applied to the CradlePoint router

  1. Disconnect any devices that are connected physically to the CradlePoint, leave only the power cord connected to the router.
  2. With the router power ON use a straightened paper clip to press and hold the Reset Button on the CradlePoint router for at least 45 seconds.

Allow approximately 1 minute for the router to initialize and complete it’s boot up cycle before attempting to reconnect to the router.  The router has been returned to the original factory configuration, so be sure to use the default password and reconfigure WiFi security and/or any other configuration settings needed.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.
This article was written based up on firmware version 5.0.0.

Summary:

This article will walk you through entering a modem’s AT dial script command into a Series 3 CradlePoint router, to be used whenever the router connects using this modem.

Contents:

Description:

It can often be useful or necessary to manually enter AT dial commands into the router, for example, to assign a specific “Access Point Name” (APN) when connecting to a GSM provider (such as AT&T or T-Mobile, as well as many international mobile carriers).  When used with supported modems, Series 3 CradlePoint routers may be configured to connect using AT dial commands.

Note: Some AT dial string commands are generic, and other AT dial string commands may only work with a specific modem or brand of modem.  Your modem manufacturer may be able to provide a list of commands that your modem will support. Some modems (particularly LTE 4G modems) use QMI instead of AT dial scripting and will ignore any AT dial commands entered into the router.

Directions:

Click here if you are unsure of how to access the CradlePoint router’s administration pages.

  1. Click on the Internet tab, and then select Connection Manager from the drop-down menu. User-added image
  2. Under WAN Interfaces, highlight the modem to use with the AT command, and then click EditUser-added image
  3. On the WAN Configuration screen, click the Modem Settings tab.User-added image
  4. Enter your AT Dial Script into the AT Dial Script field. User-added image
  5. Then click on the SIM/APN/Auth Settings tab, and verify that the Access Point Name is set to DefaultUser-added image
  6. Click Submit to save your settings. The modem will briefly disappear from the WAN Interfaces list, and then reappear and try to connect using the new dial command.

Common Scripts:

1. Here is a common AT dial script used to manually assign an APN to a specific SIM profile slot:

AT+CGDCONT=[PROFILE SLOT],”IP”,”[APN NAME]”
ATDT*99***[PROFILE SLOT]#

Replace [PROFILE SLOT] with the slot number (1-15) and [APN NAME] with your mobile carrier’s APN. A list of commonly used APNs for many mobile providers can be found here.
For example, to manually assign the AT&T APN “broadband” to SIM profile slot 1, you would enter:

AT+CGDCONT=1,”IP”,”broadband”
ATDT*99***1#

To instead assign the AT&T APN “i2gold” to SIM profile slot 3, you would enter:

AT+CGDCONT=3,”IP”,”i2gold”
ATDT*99***3#

2. Here is another useful AT dial string (supported with many modems) that will “wake” the modem from airplane mode:

AT+CFUN=1

3. These commands can also be combined.  For example:

AT+CFUN=1
AT+CGDCONT=1,”IP”,”broadband”
ATDT*99***1#

4. Your modem manufacturer may be able to provide a full list of commands that your modem will support.

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article was written based up on firmware version 5.0.0.

Overview:

The username and password may be required for the cellular modem to connect.

Directions:

  1. Connect to the router and Log in to the Administration Pages
  2. Click the Internet tab, then select Connection Manager in the menu.
  3. Under WAN Interfaces select your modem and press the Edit button
  4. Under the SIM/APN/Auth Settings tab, set the PPP Authentication Mode to Auto and enter your PPP Username and Password
  5. Press Submit

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0


Overview:

This article is an explanation of the CradlePoint Hotspot Service features found in the MBR1400, CBR400, and IBR600.  There are two modes for Hotspot Services: Simple and RADIUS/UAM.  Simple Mode allows you to  define Terms of Use and timeout settings controlled within the router.  RADIUS/UAM mode allows setting up external/third party authentication servers along with their authentication data.  This mode requires an account with a RADIUS/UAM provider such as HOTSPOTSYSTEM.com.  An example of a HOTSPOTSYSTEM.com setup can be found here.

To enable the Hotspot Services feature:

  1. Log into the router’s setup page (login instructions).
  2. Click on the System Settings tab then Hotspot Services in the sub-menu.
  3. From the Hotspot Mode dropdown menu select Simple or RADIUS/UAM
  • Allow Service on 3G/4G Modems: allows you to enable or disable Hotspot access to the Internet over a modem. This is typically used if the router has a main wired link and a secondary modem for failover. Select this option if you want the router to allow data traffic over the modem if the wired connection goes down.  Must be checked if cellular is the only connection.
  • Disable Service if Ethernet Threshold is met: This can be used if the router is being used as a backup failover connection to another router with a wired connection. If that other router’s wired connection goes down and it starts using this router for its primary connection, then disable Hotspot use of the WAN connection.
  • Redirect HTTPS Requests: This allows initial requests to HTTPS websites to be redirected appropriately.


Simple Mode Setup:
 

1.    In the Simple Mode Settings section select one of the following:  Internal Terms of UseExternal Terms of Use, or No Terms of Use. Redirect Only.
  •  Internal Terms of Use:
  1. Define your policy in the Terms of Use Text section.
  2. Select what you want to occur for the user after presentation of your policy in the Redirection on Successful Authentication dropdown.
  3. If “To an administrator-defined URL“ was selected set the Redirect URL.
  4. Apply your changes.
  • External Terms of Use:
  1. Define your Terms of Use URL.
  2. Select what you want to occur for the user after presentation of your policy in the Redirection on Successful Authentication dropdown.
  3. If “To an administrator-defined URL“ was selected set the Redirect URL.
  4. Apply your changes.
  •  No Terms of Use. Redirect Only:
  1. Define your Terms of Use URL.
  2. Apply your changes.

RADIUS/UAM Mode Setup:

  1. Make your Radius settings as required by your Radius provider in the RADIUS Settings section.
  2. Make your UAM settings as required by your provider in the UAM Settings section.
  3. Apply your changes.

Permalink


The following article was based on 5.1.1 firmware.

Summary:

This article will outline how to enable the DHCP Relay Option on capable Series 3 CradlePoint routers.

Directions:

  1. Log in to the Administrative Pages of the CradlePoint.  Please click here for instructions on logging in.
  2. Click on the Network Settings tab, then click WiFi/Local Networks.User-added image
  3. Check the box next to the LAN you wish to apply the DHCP Relay and click Edit.User-added image
  4. Select the IPv4 DHCP tab.                                                                           User-added image
  5. Uncheck the box next to DHCP Server.                                                     User-added image                                                                           
  6. Check the box next to DHCP Relay and enter the IP of the DHCP server or router to be used.User-added image
  7. Click Submit to save changes.                                                                      User-added image

Permalink


If you are not sure what Series CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.


Symptom:

The Wireless Network Name is showing, and I don’t want it to be shown.


Cause:

When this option is set to Visible, your wireless network name is broadcast to anyone within the range of your signal. If you’re not using encryption then they could connect to your network. When Invisible mode is enabled, you must enter the Wireless Network Name (SSID) on the client manually to connect to the network.


Resolution:

  1. Login to the router at http://192.168.0.1 Click here if you are unsure of how to access the setup pages.
  2. Go to Network Settings tab
  3. Select Wi-Fi Local Networks
  4. Go to the box labeled “Local Network Interfaces”
  5. Place a checkmark next to the network name that you want to hide
  6. Click the Edit button                                                                                                       User-added image
  7. Place a checkmark in the box labeled Hidden on the menu that appears after clicking Edit
  8. Click Submit                                                                                                                    User-added image
  9. Your wireless network is now Hidden.

Permalink


Series 3: How to set up and use multiple (3 or 4) wireless networks on a capable CradlePoint router

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0

Symptom:

Use more than the two default wireless networks on the CBR400, IBR600, MBR1200B or MBR1400.


Cause:

The additional wireless networks must be enabled and attached to a LAN.


Resolution:

  1. Log into the administration pages of the CradlePoint router (how to log into Series 3 routers)
  2. Click on the Network Settings tab.
  3. Click Wi-Fi/Local Network from the Network Settings drop-down menu.
  4. Locate the Local Network Interfaces section and find an unconfigured WiFi Name (SSID).
  5. Click the check box next to one of the unconfigured wireless networks.                                   User-added image
  6. Then click Edit button to modify the unconfigured WiFi Network.  A Wireless Network Editor window will open.
  7. Place a check in the box next Enabled to turn on this WiFi Network (SSID).                           User-added image
  8. To create a network for the purpose of end users connecting to the Internet.  Leave Isolate checked.  To create a network to connect clients together uncheck the box next to Isolate.
  9. To enable security for this network click the Security Mode drop down menu then select the desired security mode.  This example usesWPA/WPA 2–Personal.                                                                User-added image
  10. Create a unique password 8 to 63 characters in length.  The password can be any combination of upper or lower case letters, numbers, special characters, or spaces.  Enter the password in both the WPA Password and WPA Password (confirm).
  11. Click Submit to save the changes.
  12. Scroll to the top of the page and in the Local IP Networks section, click the Add button.  NOTE:  This example illustrates creating a new LAN to connect to the new SSID, however the same settings can be used to connect the new SSID to an existing LAN.                              User-added image
  13. In the Local Network Editor, click on the Interfaces tab in the tabs along the top of the box.
  14. Select the new SSID from the Available list then click the plus (+) button.                                   User-added image
  15. Then click the IP Settings tab in the Local Network Editor window.                                      User-added image
  16. Now enter a name for the network, any name can be assigned.                                               User-added image
  17. Enter an IP Address for the network.  Any private addressing scheme and subnet can be used.  This example uses192.168.20.1/24.                                                                                                          User-added image
  18. Click the Submit button to save the changes.
  19. The new SSID should now be displayed and active in the Local IP Networks sections.User-added image

Permalink


If you are not sure what Series CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.


Overview:

Use more than the 2 default LANs on the MBR1400, MBR1200B, IBR600, CBR400.


Directions:

  1. Log in to the setup pages of the CradlePoint router (how to log into Series 3 routers)
  2. Click on the Network Settings tab.
  3. Click Wi-Fi/Local Network from the Network Settings drop-down menu.
  4.  In the Local IP Networks section, click the Add button.                                             User-added image
  5. In the Local Network Editor, click on the Interfaces tab in the tabs along the side of the box.
  6. Select the interface you would like to assign from the Available list then click the plus button. User-added image
  7. Then click the IPv4 Settings tab in the Local Network Editor window, here you need to specify an IP for the new LAN example would be 192.168.15.1.                                                         User-added image
  8. Now Click on the General Settings tab, check the Enable box, and name the network, any name can be assigned. User-added image
  9. Click the Submit button to save the changes.

Permalink


If  you are unsure of the Series and model of the CradlePoint router, click here.

This article was written based on Series 3 firmware version 5.0.0.

Description:

Load-Balancing allows multiple WAN connections to be used concurrently to improve bandwidth reliability with a CradlePoint Series 3 router. This feature effectively increases the data transfer throughput by using any connected modem interfaces consecutively. Please see this article for a high-level explanation of CradlePoint’s Load Balancing implementation. This article describes the necessary steps to enable Load Balancing on your Series 3 CradlePoint router.

MBR1400 Load-Balancing Limitations

There are 5 USB & ExpressCard connectors for modems on an MBR1400, which are provided to give users the maximum flexibility in choosing modems to use with the Series 3 Router. The limitations of their use are outlined below:

  • The power budget of the MBR1400 allows a maximum of 2 cellular modems to be actively connected and transmitting data at one time.  These 2 modems can be any combination of LTE/WiMAX/HSPA+/EVDO.
  • Version 3.3.0 or greater is required to support 2 simultaneous LTE or WiMAX modems.
  • 2 additional modems are allowed if configured in a non-connected/standby mode.
  • A “dual-mode” modem typically can only connect to one mode at a time and counts as 1 modem load.



Directions:

  1. Log into the Setup Pages of your CradlePoint router. Click here if you are not sure how to do this.
  2. Click on the Internet tab and select Connection Manager from the drop-down menu.  User-added image                                                                       
  3. Within the “WAN Interfaces” list, check the boxes in the Load Balancing column to specify which devices you would like to load balance across.                                                                                          User-added image
  4. Click on the Internet tab and select WAN Affinity/Load Balancing from the drop-down menu. User-added image
  5. Click the down arrow beside the Load Balance Algorithm field to select the needed option.  User-added image
    • Spillover: This was the default algorithm in the version 3 firmware.  Load is always given to devices with the most available bandwidth.  The estimated bandwidth rate is based on a combination of the upload and download configuration values and the observed capabilities of the device.
    • Round-Robin:  Evenly distribute each session to the available WAN connections.
    • Rate: Distribute load based on the current upload and download rates.  A WAN device’s upload and download bandwidth values can be set in the Connection Manager page.
    • Device Usage:  This mode works in concert with the Data Usage feature.  The router will make best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the Data Usage rule for each interface, rather than distributing sessions based solely on bandwidth.  For proper function, you need to create data usage rules for each WAN device you will be load balancing.  Make certain to select the “Use with Load Balancing” checkbox in the Data Usage rule editor.
  6. Press the Apply button to submit the setting.

Permalink


The following article was based on 4.4.0 firmware.

Summary:
This article will outline how to enable the Custom DHCP Options.  For a complete list of Custom DHCP Options, please click here.

Directions:

  1. Log in to the Administrative Pages of the CradlePoint.  Please click here for instructions on logging in.
  2. Click on the Network Settings tab, then Click WiFi/Local Networks (or just Local Networks if using an IBR650, CBR450, or CBA750B).User-added image
  3. Check the box next to the LAN you wish to apply the DHCP Custom Options and click Edit.User-added image
  4. Select the IPv4 DHCP tab (or DHCP tab if using the CBR450).                                      User-added image
  5. Check the box next to Custom Options.                                                                              User-added image
  6. Click Add.                                                                                                                                  User-added image
  7. Select the Option you would like to use from the drop down and enter the appropriate value in the Value box.User-added image
  8. Click Submit.                                                                                                                            User-added image
  9. Click Submit.                                                                                                                           User-added image
  10. You will now need to get a new IP address via DHCP on your LAN connected device, to ensure the settings are being applied correctly.

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.


Overview:

This article describes the functionality and how to enable the GPS feature on CradlePoint Series 3 routers.  Please note that not all supported cellular modems support this feature.  A cellular modems support for GPS is a function of both the modems functionality and the carriers configuration of that cellular modem.  GPS requires the following three elements:

1.  A cellular modem that supports GPS.
2.  A cellular carrier that allows the GPS functionality on that modem.
3.  Sufficient GPS signal level at the modem deployment location.

Please check the release notes for your router’s current firmware version to determine if this feature’s functionality is supported by your CradlePoint router for your particular cellular modem.  Firmware release notes can be found online on your router models “Firmware Downloads & Release Notes” page.


Directions:

  1. Log into the routers setup page (click here for instructions.).
  2. Click on the System Settings then select the Administration from the drop-down, and finally the GPS tab in the body of the page.
  3. Place a check mark next to Enable GPS Support.  You will be presented with the following notification:  Note: Some carriers disable GPS support in otherwise supported modems. If you encounter issues with obtaining a fix, contact your carrier and ensure that GPS is supported.  Click ‘OK‘.
  4. After enabling GPS you will be presented with a number of options, below is a brief synopsis of the available options.User-added image
    • Enable GPS server on WAN:  Enables a TCP server on the WAN side of the firewall which will periodically send GPS NMEA sentences to connected clients.
    • Enable GPS server on LAN:  Enables a TCP server on the LAN side of the firewall which will periodically send GPS NMEA sentences to connected clients.
    • GPS server port number:  GPS port, default 8889.
    • Enable GPS reporting to remote server:  Enables periodic reporting of GPS NMEA sentences to a remote server. The router will buffer NMEA data if errors are encountered or if the Internet connection goes down, and send the buffered sentences when the connection is restored.
    • Remote server hostname or IP:  The value can be either an IP address in the form of “1.2.3.4”, or a DNS name in form of “host.domain.com”. Note that DNS names are case-insensitive, so only lower case letters are allowed.
    • Remote server port:  Must provide a server port number.
    • Report only over specific time interval:  Restricts the NMEA sentence reporting to a remote server to a specific time interval.  Select your time interval.

Viewing GPS information:  A graphical view of your routers location can be viewed in the Status / GPS Status.  If GPS support is enabled and a modem capable of providing GPS coordinates is connected, this page will show a graphical view of your router’s location.  If your modem is not providing this location fix, you may see one of two messages:

  • “Obtaining GPS fix…” if the modem is capable of providing a location fix but hasn’t given one.
  • “No supported GPS device found” if the modem cannot provide a location fix.


Note:  More specific information regarding this feature’s specifications can be found in the product manual for your particular router model.

Permalink


This article was written based on the 5.0.0 series 3 firmware.
If you are not sure which CradlePoint Series or Model number you have, please click here.


Overview:
For information on what Aggressive Modem Reset is, please visit the article “What is Aggressive Modem Reset“.


Directions:
Click here if you are not sure how to access the administrative console of your router.

1. Click on the Internet tab, and select Connection Manager from the drop down menu.

User-added image



2. Click on your modem in the WAN Interfaces list. Your modem will be highlighted blue and will display additional information.

User-added image



3. Click the Edit button just above your modem.

User-added image



4. In the WAN Configuration window, click on the Modem Settings tab.

User-added image



5. Place a checkmark next to the Aggressive Reset, and then click Submit. Note that your modem will briefly disappear from the WAN Interfaces list while it reloads the new settings.

User-added image

Permalink


This article was written for CradlePoint models MBR95 and CTR35, based on firmware versions 5.0.0 and 3.6.3 respectively.Click here if you are not sure which Series or Model CradlePoint router you have.

Symptom:

I cannot find the settings I want to change. Certain options I need to choose are not available.

Description:

Router models CTR35 and MBR95 have two configuration modes: Basic and Advanced. In Basic mode many settings are hidden to make the router’s interface easier to navigate, but sometimes it may be necessary to make configuration changes which would require the Advanced mode to be turned on. This article describes how to toggle between Basic and Advanced configuration modes.

Directions:

  1. Log into your router’s administrative console. If you are not sure how to access your router’s administrative console, click here.User-added image
  2. Click on the Basic Mode button in the top left corner of the CradlePoint router’s administrative console.User-added image
  3. The button will turn dark grey, and will now be called Advanced Mode. Note that a lot of additional options are now available from the drop-down menus.User-added image

Note: To switch back to Basic Mode, just click on the dark grey Advanced Mode button.

Permalink


QUICK LINKS:

SUMMARY:

This document is intended to guide the Cradlepoint Administrator  in the best ways to craft IP Filter Rules to achieve the desired level of security.

In order to exert more control over your network, you may decide to limit access to the Internet from your LAN, or limit what IP addresses or networks have access to your CradlePoint from the Internet.  In order to assist with this CradlePoint has added the feature IP Filter Rules to all Series 3 routers.

This article was written using router firmware version 5.0.0.

TERMS:

  • Port – An application-specific or process-specific software construct serving as a communications endpoint in a computer’s host operating system.
  • IP Source – The IP address and/or Port originating the traffic.
  • IP Destination – The IP address and/or Port that the traffic is bound for.

REQUIREMENTS:

  • Cradlepoint Series 3 products: AER2100, MBR1400, MBR1400v2, MBR1200B, IBR600, IBR650, CBR400, CBR450, CBA 750B or MBR95.

CONFIGURATION:

  1. Log into CradlePoint’s Admin Pages.  For assistance accessing the router’s Admin Pages, click here.
  2. Once logged in, in the tabs across the top click on Network Settings > Firewall.  User-added image
  3. In the box labeled Advanced IP Filer Rules click Add.                                                  User-added image
  4. In the Add/Edit IP Filter Rule box, configure the rule as needed.  Leaving an IP address or port field blank will create a rule that will match traffic with ANY value in that field.  Checking the IP negation or port negation box will match all traffic EXCEPT traffic that matches that field.                                                                                                                   User-added image
  5. Click Submit.

USE CASES:

Depending on how hardened you want the security on your router, a multitude of rules can be created.  This document will cover creating rules to allow most common services and finish with a “Deny All” rule to block all other traffic.

  1. Allow LAN – create a rule that allows traffic from the LAN to the LAN.  This rule should always be added first if you plan on creating a “Deny All” rule, so you have admin access to the router.  The above screenshot illustrates how to create this rule, assuming the LAN is 192.168.0.0/24.
  2. DHCP – DHCP Discover packets are sent with a source IP of 0.0.0.0 and a destination IP of 255.255.255.255, so if you want to use DHCP you must create a rule to allow those networks if you plan on creating a “Deny All” rule.
  3. LAN HTTP – to allow users on the LAN to access web sites using port 80, create a rule to allow the LAN network to any address on port 80.
  4. LAN HTTPS – to allow users on the LAN to access web sites using port 443, create a rule to allow the LAN network to any address on port 443.
  5. WAN to NTP – for the router to be able to set the system clock, you must allow the WAN interface(s) access to the configured NTP server.  The default NTP server, pool.ntp.org uses many IP addresses, so you must create a rule that allows the WAN interface(s) to any IP address on UDP port 123.
  6. WAN to DNS – for the router to use DNS services, you must create a rule allowing the WAN interface(s) to your upstream DNS server(s).
  7. WAN to WPC – if you use WiPipe Central, you will need to create a rule that allows the WAN interface(s) to the IP address of WPC server (services.cradlepoint.com) and vice versa.  When this document was written, that IP address was 206.207.72.222.
  8. WAN to ECM – if you use Enterprise Cloud Manager, you will need to create a rule to allow your WAN interface(s) to the ECM server (cradlepointecm.com) and vice versa.  When this article was written, that IP address was 198.61.136.185
  9. Firmware check – to allow the router to check for firmware updates, you must create a rule to allow the WAN interface(s) to the firmware check server.  When this article was written, that IP address was 23.253.54.16.
  10. Firmware update – to allow the router to download a firmware update, you must create a rule to allow the WAN interface(s) to the firmware download server.  When this article was written, that IP address was 184.84.222.112.
  11. Firmware Update Via ECM – to allow a router managed by ECM to download a firmware update, you must create a rule to allow the WAN interface(s) to the firmware download server.  When this article was written, the IP addresses were 63.80.4.16 and 63.80.4.41, so create a rule to allow 63.80.4.0/26
  12. VPN – to allow traffic across a VPN, you must create rules that allow traffic between the two WAN interfaces of the VPN endpoints and rules allowing traffic between the two LANs that will communicate over the VPN.
  13. Deny All – to block all other traffic, create a DENY rule with all of the source and destination fields blank.

EXAMPLES:

Rule #2 from above – DHCP:

User-added image

Rule #3 from above – LAN to HTTP:

User-added image

Rule #5 from above – WAN to NTP:

User-added image

Rule #12 from above – Deny All:

User-added image

The below screenshot shows a list of most of these rules configured on a router.  The local routers WAN interface is 166.130.4.172 and has a VPN tunnel to a remote router at 166.241.162.155.  In this example, the LAN is only allowed to send traffic over the VPN.  All other traffic is denied.

User-added image

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0

Overview:

All current CradlePoint routers that support IP Pass-Through are the: CBA750B, CBR400, CBR450, IBR600, IBR650, and MBR1400.

Creating a custom gateway/subnet is a preventative measure to use when you have a block of consecutive static IP address from your provider.

Instructions:

  1. Click on Network Settings.
  2. Click on WiFi/ Local Networks.                                                                  User-added image
  3. Click on the Primary LAN check box.
  4. Click Edit                                                                                                        User-added image
  5. Click on the IPv4 Settings tab.
  6. Make sure your Routing mode is in fact IP Pass-Through.
  7. Set the Subnet Selection Mode to Custom Settings.
  8. Input your settings.                                                                                       User-added image

From here, you can create your own Gateway and Subnet; However, we recommend making your Gateway the same as your Static IP, except making the last octet a .1, and for subnet, a class C be fine.  For the device behind the CradlePoint, you will want to statically set its WAN port, to match the setting that were applied in the CradlePoint.  Your IP on the port should be the Static IP that you get from your provider, the Gateway will be the custom gateway that was just created (static ip of provider but last octet .1) and the class C subnet.

Example:  Cisco router behind a CradlePoint in pass through with a Verizon provided static ip 166.244.233.232.  In the CradlePoint, you would set the Gateway to 166.244.233.1 with a 255.255.255.0 subnet.  Now in the Cisco you would need to set its Eth0 or whatever port you have connected to the CradlePoint as such, IP: 166.244.233.232 GW: 166.244.233.1 S/N: 255.255.255.0

Permalink


If you are unsure of CradlePoint Series or Model number, please click here. This article was written based on firmware version 5.0.0. Overview: The Verizon “Jetpack” 4G LTE Mobile Hotspot is not designed or supported for USB tethering to any CradlePoint router.  However a Series 3 CradlePoint router can connect to the WiFi of the Jetpack using the WiFi-as-WAN feature built into the CradlePoint.

Resolution:

  1. Make sure that the routers firmware is updated, firmware update instructions.
  2. Log into the routers administration page (login instructions).
  3. Make sure the router is in Advanced Mode instead of Basic Mode (CTR35 and MBR95 only).User-added image
  4. Click the Internet tab then WiFi as WAN.User-added image
  5. Next to WiFi Client Mode, click the WiFi as WAN button.                                                               User-added image
  6. Available wireless networks will begin to appear in the Site Survey section, it may take a few moments for all nearby networks to appear.
  7. Once the Verizon Jetpack wireless network appears on the Site Survey list select it then click Import. User-added image
  8. Enter the WPA Password password for the Jetpack then click Submit to save.                      User-added image

​ Once saved, this wireless network will be available as a WAN Interface under the Internet > Connection Manager menu.  The failover priority for this Wi-Fi as WAN connection may be changed.  The higher the position on the list the higher the failover priority. Please visit the following link if you experience issues with WiFi as WAN.   WiFi as WAN troubleshooting.

Permalink


This article explains the steps needed to get your Cable Modem connected to your CTR35 or CBR400 router.

This article was written based on 3.6.3 and 4.3.2 firmware versions.

Summary:

This article describes how to configure a CTR35 or CBR400 router models to connect to a Cable, DSL or Satellite modem.

Directions:

BEFORE YOU BEGIN:

CONFIGURING THE ROUTER:

  1. Click on the Network Settings tab and select WiFi/Local Networks from the drop-down menu. User-added image
  2. Scroll down to the Local Network Interfaces section and click on the Ethernet Port Configuration tab. User-added image
  3. In the drop-down next to your Ethernet port, change the mode to Internet (WAN)NOTE: if you are currently connected to your router with a cable, you will lose access to the router, and it will have to be reset. User-added image
  4. Change your router’s IP address to 192.168.50.1. Reference this article for detailed instructions.



CONNECTING THE MODEM: 

  1. If you already have your cable modem plugged into your router, unplug it.
  2. Power off both the CradlePoint router and the modem. If the modem doesn’t have an on/off switch, just pull out the power cord.
  3. While both devices are turned off, connect them with an Ethernet cable.
  4. Wait 30 seconds and power on just the modem.
  5. Wait until the modem connects to your ISP’s network (usually 30-35 seconds), then power the CradlePoint router back on.

After the CradlePoint router goes through its startup sequence, it will connect to your modem, and all devices that are connected to the CradlePoint wirelessly should have Internet access.

NOTE:  To access your router’s administrative console again, use the IP address that was specified during step #4 of router’s set up (typically 192.168.50.1).


IF YOU ARE UNABLE TO GET THROUGH TO THE INTERNET, PLEASE REVIEW THE FOLLOWING:

  • Check your computer’s network settings:
  • Call your Internet Service Provider and tell them you need to reset your cable/DSL/Satellite modem.  Your modem may have saved the information from the last connection you had, and you need to restore the cable modem to default settings.
  • Clone your computer’s MAC address in the CradlePoint router. Instructions

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Internet Service Provider (ISP) recommends setting a static WAN IP.

Cause:

Some ISP’s require static IP settings in the router.

Resolution:

  1. Confirm that the ISP requires static WAN IPsettings by contacting the ISP (typically ISP’s do not require these settings).
  2. Log into the router’s setup page (login instructions).
  3. Click the Internet tab then Connection Manager.                                                                         User-added image
  4. Under WAN Interfaces heading, click the  Ethernet: Blue device then click the Edit button.                                 User-added image
  5. In the WAN Configuration box that displays, click the Ethernet Settings tab.
  6. Change the Connect Method to Static (Manual).
  7. Fill in the IP Address, Subnet Mask, Gateway IP, Primary and Secondary DNS (provided by the ISP).
  8. Click Submit.                                                                                                                                             User-added image
  9. Connect your static internet connection to the BLUE Ethernet port on the router.
  10. Allow up to 2 minutes for the connection to establish.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Cricket EC1705 modem will not connect to the internet on your CradlePoint Series 3 router.

Cause:

PPP Authentication.

Resolution:

  1. Check that your modem has been activated and is working properly by plugging the modem directly into your computer and accessing the Internet.  If you can access a non-cached web page your modem is activated and works.
  2. Connect the EC1705 to the USB port on the CradlePoint router.
  3. Establish a connection between your computer and router via Ethernet or Wi-Fi.
  4. Login to the router Administration pages at http://192.168.0.1
  5. Click the Internet tab, and then click Connection Manager
  6. Select your modem from the WAN Interfaces list, then click Edit.
  7. Click on the Modem Settings tab and enter the following:
    1. PPP Authentication Protocol:     Auto
    2. PPP Username:                         your 10 digit phone number@mycricket.com
    3. PPP Password:                         cricket
  8. Click Submit.

Allow up to 3 minutes for the modem connection to establish.

User-added image

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Overview: 

Series 3 CradlePoint products with Wireless (WiFI) capability can connect to an available wireless network to use as an Internet (WAN) connection.

*NOTE* The AER 2100 will allow a WiFi as WAN connection on both the 2.4 and 5.0 frequencies; However, you can only use one as an active connection, the other will remain available until the primary WiFi as WAN connection drops.

Directions:

Newer CradlePoint firmware revisions include changes that allow connection to more types of wireless access points.  It may be necessary to upgrade the firmware to a newer firmware version How to upgrade my firmware.

  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Verify Advanced Mode and not Basic Mode (CTR35 and MBR95 only).                                 User-added image
  3. Click the Internet tab then select Wi-Fi-as-WAN.                                                                        User-added image
  4. Next to Wi-Fi Client Mode click the Wi-Fi-as-WAN button (Dark gray means that Wi-Fi as WAN is enabled). User-added image
  5. Available wireless networks will begin to appear in the Site Survey section.  It may take a moment for all nearby networks to appear.
  6. Select the desired Wi-Fi network then click Import.                                                                       User-added image
  7. Enter the wireless network credentials in the window that displays.
  8. Click Submit to save settings.                                                                                                            User-added image

Once saved, this wireless network will be available as a WAN Interface under the Internet > Connection Manager menu.  The failover priority for this Wi-Fi as WAN connection may be changed.  The higher the position on the list the higher the failover priority.

Please visit the following link if you experience issues with WiFi as WAN.   WiFi as WAN troubleshooting.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based upon firmware version 5.0.0.

Description:

WAN Affinity rules allow you to manage traffic in your network so that particular bandwidth users are associated with particular WAN sources.  This allows you to prioritize bandwidth.  This article explains the steps needed to configure WAN Affinity on a capable Series 3 CradlePoint.

Directions:

  1. Log into the router’s Setup Page.  For help with logging in click here.
  2. In the tabs across the top click on Internet.  Then click on WAN Affinity/Load Balancing.                                                             User-added image
  3. In the box labeled Affinity Rules, click Add.                                                                                                                                                User-added image
  4. Give your rule a unique name.
  5. Enter the DSCP.  Differentiated Services Code Point is the successor to TOS (type of Service).  Use this field to select traffic based on the DSCP header in each IP packet.  This field is sometimes set by latency sensitive equipment such as VoIP phones.  For more information see the Differentiated Services Wikipedia page.
  6. Check the DSCP Negate box if you want the rule to apply to any packet that does not match the DSCP field.
  7. Choose the protocol you wish the rule to apply to.
  8. Source and/or Destination IP addresses: Specify an IP address or
    range of IP addresses by combining an IP address with a netmask for either ―source‖ or ―destination‖ (or both). Source vs. Destination is defined by traffic flow. Leave these blank to include all IP addresses (such as if your rule is defined by a particular port instead).
  9. Destination Port(s): Enter a port number between 1 and 65535. To enter a single port number, input the number into the left box. To enter a range of ports, fill in both boxes separated by the colon. For example “80:90” would represent all ports between 80 and 90 including 80 and 90 themselves.
  10. Check the Failover box if when your chosen WAN interface looses its connection, normal failover will apply and traffic will be directed to the highest priority WAN connection. If it is unchecked and the WAN devices looses its connection, all traffic will stop even if another WAN connection exists.
  11. Configure the WAN Binding Type base on your needs.  You have several options for specifying the type of WAN interface(s) you want associated with your rule. Designate the interface(s) by Port, Manufacturer, Model, Type, Serial Number, MAC Address, or Unique ID. This selection will create a dropdown list of options to complete a sentence with the following form: ―When ____ is ____,‖ such as, ―When Port is  Blue Ethernet.‖ You also have the option to replace ―is‖ with ―isn‘t,‖ ―starts with,‖ ―ends with,‖ or ―contains.‖
          Port: Select from the dropdown list of possible WAN ports on the router.
               o Blue Ethernet
               o Orange Ethernet 1
               o Orange Ethernet 2
               o Orange Ethernet 3
               o Orange Ethernet 4
               o USB 1
               o USB 2
               o USB 3
               o ExpressPort 1
               o ExpressPort 2
          Manufacturer: Select from a dropdown list of attached devices
     Model: Select from a dropdown list of attached devices.
          Type: Select from the dropdown list of possible WAN types.
               o WiMAX
               o Modem
               o LTE
               o Ethernet
               o Wireless As WAN
          Serial Number: Select from a dropdown list of attached devices.
          MAC Address: Select from a dropdown list of attached devices.
          Unique ID: Select from a dropdown list of attached devices.
  12. Choose the Load Balancing Algorithm you would like to use.  For a more in depth explanation of Load Balancing click here.
  13. Then click Submit.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Configure remote access on a Series 3 CradlePoint router.

Cause:

Ability to remotely access and administrate a CradlePoint router..

Resolution:

  1. Log into the routers administration page (login instructions).
  2. Click the System Settings tab.                                                                                        User-added image
  3. Click Administration.                                                                                                        User-added image
  4. Click on the Remote Management tab.                                                                        User-added image
  5. Check the Allow Remote Web Administration box.                                                   User-added image
  6. Record the HTTP Port number for future use.                                                             User-added image
  7. If you would like to use HTTPS, you can enable that check box now.  NOTE:  If enabling HTTPS allow 30 minutes before accessing the router.                                                                                                                          User-added image
  8. Click Apply then click OK on the warning dialog and OK again for the settings applied dialog.                           User-added image
  9. Configuration is complete, connect to your CradlePoint for remote web administration.

NOTE:  To access the the router from the internet the IP address must be known.  A DynDNS account or static IP address issued by your cellular carrier or ISP will maintain knowledge of the routers address.

To access the router from the Internet on a computer not on the CradlePoint router’s LAN, enter the [IP address]:[port number] or [DynDNS]:[port number]  into a web browser address bar.  For example:

  • 172.22.96.125:8080

Permalink


If you are not sure what Series CradlePoint router you have, please click here.

This article was written based on firmware version 4.3.0.

Description:

By default, the CradlePoint router will not favor any kind of Internet traffic over any another – all users, ports, applications, sources and destinations are treated equally.  There are times when it is highly desirable to prioritize the Internet traffic for specific users or devices over the needs of other users of the network.

CradlePoint’s Enterprise routers (MBR1400, CBR400, CBR450, IBR600 and IBR650) include a feature called WiPipe QoS (Quality of Service) that allows the administrator to configure traffic shaping/quality of service rules to ensure time-critical applications are given appropriate priority over less-important network usage.

The types of applications that benefit the most from defined WiPipe QoS rules are those that rely on the timely delivery of real-time data packets, for example:

VoIP telephony
Videoconferencing
Real-time streaming media
Online video gaming

These types of real-time applications will quickly become unusable when there is too much latency (lag or delay) created in its connection because of other network use.  For example, spoken words over a VoIP phone call may be delayed for a half-second because other users are checking e-mail or visiting a web site.  WiPipe QoS rules allow the router to set simple or complex rules to prioritize or restrict incoming and outgoing traffic based on a variety of criteria.

The CradlePoint’s WiPipe QoS implementation divides the available upload and download bandwidths into 1% pieces, allowing the CradlePoint to reserve bandwidth to only be used by specific users or applications.  QoS rules can also be configured to borrow unused bandwidth from other rules if desired, and also supports overlap between rules.  If more than one rule matches, the rule with the highest priority will be used.

Directions:

  1. Log into the CradlePoint’s Setup pages, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the Setup pages.
  2. Click Network Settings and then WiPipe QoS from the drop-down menu.                                                                                                                                                                                                                                                                                                  User-added image
  3. Place a checkmark next to the Enable WiPipe QoS option.
  4. In the WAN Interface Speed section, set the approximate upload and download speed for each WAN Interface.  This can be also used to restrict the maximum upload and/or download speed for the Internet sources you are using.  It is recommended that you experiment with different values for your particular Internet connection for best results.
  5. In this example, the Upload Speed is set to 1Mb/s and the Download Speed is set to 20Mb/s.
  6. Click Apply at the bottom of the section to save your settings.                                                                                                                                                                                                                                                                                                                          User-added image
  7. Click Add to bring up the Add Traffic Shaping / QoS Queue page.                                                                                                                                                                                                                                                                                                                   User-added image
  8. In the Add Traffic Shaping / QoS Queue editor, give the Queue a unique name.  In our example, we are creating a Queue to prioritize VoIP traffic, so we’ll name the rule “VoIP” and set the Upload Bandwidth parameters.                                                                                                                                                                                                                                     User-added image
    • If you would like this rule to be able to borrow unused bandwidth from other rules, leave the Borrow Spare Bandwidth option checked.  If you prefer to restrict the upload traffic to the Upload Bandwidth specified below, uncheck this box.
    • Set the Upload Bandwidth to reserve a percentage of your bandwidth for this rule.  The maximum value is adjusted to the remaining percentage after other rules receive their share.
    • Increasing the Upload Priority will cause the traffic to be handled before lower priority traffic which can lead to shorter response times.  Additionally, when spare bandwidth is available it is offered to higher priority classes first.  There are a total of eight priority classes: Lowest, Lower, Below Normal, Normal, Above Normal, High, Higher, and Highest.
    • In this example, we have reserved 25% of the upload bandwidth for this rule.  This will leave a maximum of 75% remaining for other rules.  We have enabled it to borrow spare bandwidth from other rules and set to Upload Priority to Higher
  9. On this page you will specify the Download Bandwidth for your Queue.                                                                                                                                                                                                                                                                                                        User-added image
    • If you would like this rule to be able to borrow unused bandwidth from other rules, leave the Borrow Spare Bandwidth option checked.  If you prefer to restrict the download traffic to the Download Bandwidth specified below, uncheck this box.
    • Set the Download Bandwidth to reserve a percentage of your bandwidth for this rule.  The maximum value is adjusted to the remaining percentage after other rules receive their share.
    • Increasing the Download Priority will cause the traffic to be handled before lower priority traffic which can lead to shorter response times.  Additionally, when spare bandwidth is available it is offered to higher priority classes first.  There are a total of eight priority classes: Lowest, Lower, Below Normal, Normal, Above Normal, High, Higher, and Highest.
    • In this example, we have reserved 40% of the download bandwidth for this rule.  This will leave a maximum of 60% remaining for other rules.  We have enabled it to borrow spare bandwidth from other rules and set to Download Priority to Highest.
    • There is also the option to specify a DSCP (DiffServ) Tag.  You can use this option if you want the DSCP header of each IP packet that comes through this queue to be ‘tagged’ so that other networking equipment upstream or post-NAT can do traffic shaping based on these DSCP tags as opposed to using ports.
  10. Click Finish when you are done.
  11. Click Add under Rules to create rules for your Queues to follow.                                                                                                                                                                                                                                                                                                                    User-added image
  12. Make sure the Rule is Enabled, give your rule a name, in this case we will call it “VoIP Rule”, select your Protocol, and then select theQueue to apply the rule to.                                                                                                                                         User-added image
  13. At this screen you will describe the network or server on the Internet for which you want to shape traffic.  Leaving a field empty will match any IP address and/or port number.  All fields are optional.
    1. This example applies for traffic between a VoIP telephone using local IP address 192.168.0.150 from any port when connecting to a VoIP server on IP address 172.16.0.25 on any port.  Your settings will be different than the settings entered here.                                                                                                                                                                                                                                                                                                                                                                             User-added image
  14. Click Finish to save the rule.
  15. You will now be returned to the Network Settings / WiPipe QoS page where you can see the rule you entered.  If you have multiple rules you can use the up and down arrows to change the priority.
    User-added image

After saving this rule, 250 Kb/s (25% of 1 Mb/s) of upload bandwidth and 8 Mb/s (40% of 20Mb/s) of download bandwidth will be reserved for this rule, and bandwidth would also be borrowed from other rules (if there were any) if necessary.  The rule would apply for traffic originating from 192.168.0.150 with a destination IP address of 172.16.0.25.

Another example would be to restrict the bandwidth of your guest network in order to reserve crucial bandwidth for your primary network.  Create a rule associated with the IP address range and appropriate netmask for the guest network.  Then set upload/download bandwidth limits as a percentage of your available bandwidth.  For example:

User-added image

You can view the status of your WiPipe QoS Queues by clicking Status and then WiPipe QoS from the drop-down.

User-added image

Note:

As routers have no control regarding when they receive packets, but do have control when they send packets, QoS rules created for outbound connections are significantly more effective than rules created for inbound connections.

Permalink


SUMMARY:

This document is intended to guide the CradlePoint administrator through configuring WiPipe QoS Policies to shape LAN and/or WLAN traffic  when accessing  the Internet(WAN).  This is helpful to limit the real-time available bandwidth and limit overall usage on cellular networks where data usage can be expensive.  Although this method can be used to apply to guest networks, this document is intended  for network segments other than guest network access.  For guest access, there is a less granular and simplified method via the hotspot services configuration.


QUICK LINKS:


TERMS:

  • QoS:  Quality of Service
  • LAN:  Local Area Network
  • WLAN:  Wireless Local Area Network
  • WAN:  Wide Area Network
  • Mb/s:  Megabits Per Second
  • Kb/s:  Kilobytes Per Second


REQUIREMENTS:

Advanced QoS capable CradlePoint Series 3 products: MBR1400, IBR600, IBR650, CBR400, CBR450


FIRMWARE VERSION:

This content was created using firmware version 5.0.0


ASSUMPTIONS:

The CradlePoint administrator has already setup a working LAN, WLAN and WAN.  All LAN and WLAN devices are able to access the Internet via the CradlePoint’s WAN connection.



EXAMPLE NETWORK TOPOLOGY:

User-added image
In the above topology example there is a representation of  two local hosts.  One host is connected to the wired LAN, and the other host is connected to the wireless WLAN.  On the CradlePoint router, there is a QoS policy defined that is shaping the egress (outbound) and ingress (inbound) traffic to a limit of 20% of the defined WAN bandwidth in each direction.  The Wired WAN connection has 10 Mb/s of defined WAN bandwidth, and the LTE WAN connection has 5Mb/s of defined bandwidth.



CONFIGURATION:

  1. Log Into the CradlePoint Web Administration http://192.168.0.1 (default), if you are unsure how click here.
  2. Under the Network Settings heading, select WiPipe QoS.                                        User-added image
  3. Enable WiPipe QoS and set the WAN Interface bandwidths to the desired rates.
    • Check the box to enable WiPipe QoS
    • Set the Ethernet WAN interface to 10240 Kb/s (= 10 Mb/s)
    • Set the LTE Modem to 5120Kb/s (= 5Mb/s).
    • Click Apply.                                                                                                User-added image
  4. Create a new Queue:
    • Click the Add button under the Queue section.
    • Give the Queue a unique name.
    • Uncheck the Borrow Spare Bandwidth option (if you do not uncheck this option, the traffic will be allowed to use 100% of the bandwidth on each WAN link if bandwidth is available.)
    • Set the Upload Bandwidth to 20%.  Leave all the other settings at the default values.  The Upload priority would only be applicable if you have multiple queues that you want to prioritize traffic between.
    • Click Next.                                                                                                 User-added image
  5. Configure the Download bandwidth:
    • Uncheck the Borrow Spare Bandwidth option (if you do not uncheck this option, the traffic will be allowed to use 100% of the bandwidth on each WAN link if available.)
    • Set the Download Bandwidth to 20%.  Leave all the other settings at the default values.  The Download priority would only be applicable if you have multiple queues that you want to prioritize traffic between.
    • Click Finish.                                                                                                User-added image
  6. Create a new QoS Rule:
    • Add a new QoS Rule by clicking the Add button under the Rules section
    • Name the Rule All Traffic
    • Set the Protocol to Any
    • Set the Queue Name to WAN Shaping
    • Leave all other fields at their default settings.
    • Click Next.                                                                                               User-added image
  7. Leave the Network, DSCP and Port fields blank (default).  This will mark all source and destination traffic.
  8. Click Finish.                                                                                                                      User-added image


The QoS policy will now shape (limit) all ingress and egress WAN traffic to 20% of the defined WAN connections bandwidth limit.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

What is PPPoE? Click here to find out.

Symptom:

A DSL/cable/satellite modem with PPPoE authentication required by the ISP will not connect to a CradlePoint router.

Cause:

If DSL/cable/satellite modem uses PPPoE authentication is required by an ISP the PPPoE information needs to be configured in the CradlePoint before a successful connection can be established.  The correct username and password must be obtained from the ISP.

Resolution:

  1. Obtain PPPoE authentication information from the DSL/cable/satellite provider.  Click here for a list of common DSL providers that require PPPoE.
  2. Log into the router’s setup page (login instructions).
  3. Click the Internet tab then click Connection Manager.  User-added image
  4. In the WAN Interfaces section click the device named Ethernet: Blue then click Edit.                                          User-added image
  5. Click Edit
    In the WAN Configuration box that displays click the Ethernet Settings tab.
  6. Change the Connect Method to PPPoE.
  7. Fill in the Username and Password field with your PPPoE credentials and the Auth Type (Also provided by the ISP).
  8. Click Submit.                                                                                                            User-added image
  9. Connect your PPPoE modem to the Blue WAN port on the Cradlepoint router.
  10. Allow up to 2 minutes for the connection to establish.

Permalink


To determine the series of your CradlePoint router please click here.

This article was written based on the 5.0.0 firmware version.

Description:

Typically all computers connected to a router are protected by the router’s firewall.  To allow a computer on the Internet to connect through the router to a specific computer it is necessary to either manually forward the required ports (directions below), or to place the device/computer into the CradlePoint’s Demilitarized Zone (DMZ).  For more information about adding a device to the DMZ, refer to this article.

Before getting started, you will want to ensure that the IP address you are getting from your ISP is publicly routable.  For more information on verifying whether your WAN IP address is publicly routable, refer to: How can I tell if my IP address is publicly routable?

Before forwarding any ports from the Internet, you will also want to make sure that you are able to access your server from a local IP address.  For example, if you have a local web server running on IP 192.168.0.100 listening on port 8888, you will want to make sure that another locally connected computer (like a laptop on 192.168.0.111) is able to access the web server at http://192.168.0.100:8888. Once you know that the server is working locally, adding a port forward to that device will allow users connecting from the Internet to access that server using the WAN IP address.

You will also want to be sure that the device/computer being forwarded to is always assigned the same IP address from the CradlePoint router.  To ensure that the device/computer is always assigned the same IP address from the CradlePoint router via DHCP Reservation, refer to thisarticle.

Directions:

1.       Log into the routers administration page (login instructions).


2.       Click Network Settings and then Firewal from the drop-down menu

User-added image


3.       Under Port Forwarding Rules, click Add to create a new rule.

User-added image


4.       In the Add/Edit Port Forwarding Rule screen, give your rule a unique name.

Enter the appropriate Internet and Local port(s) and Local Computer, as well as Protocol.In the example below, both TCP and UDP traffic reaching the CradlePoint on WAN port 8888 will be forwarded to local port 8888 on local computer 192.168.0.100.

Click Submit to save the rule.

User-added image


5.       After saving your rule, you will now see it listed in the Port Forwarding Rules.

You can use the up and down arrows on the left side to change the priority of your port forwarding rules.
User-added image


After making this change, this will forward traffic that reaches the CradlePoint’s WAN interface on that port to the internal web server.  For example, if this router’s WAN IP address was 123.132.234.243, anyone on the Internet would now be able to access the web server by surfing to http://123.132.234.243:8888.

Note:

Many ISPs block some or all ports from the Internet.  You may want to check with your ISP to determine whether any ports may be blocked.  You may also want to configure your port forwarding rule to use a different unblocked port for the Internet than it uses locally.
For example, if your ISP blocks incoming connections from the Internet on port 80 and your web server at 192.168.0.112:80 cannot be changed to listen on another port, you could set up a rule to forward traffic from an unblocked Internet port (like 8088) to local port 80 on the web server.

User-added image

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.


Symptom:

This article is relevant if you’re experience one of the two symptoms below:

  1. The content filtering options in a series 3 CradlePoint router has stopped working.
  2. You have an OpenDNS account and would like to configure the router to use it.

Supported CradlePoint routers can be configured to use OpenDNS to filter Web content.  OpenDNS is a third party web filtering service that CradlePoint works closely with to provide this functionality in our routers. A customer can create an OpenDNS account to take advantage of OpenDNS features such as Content Filtering & Shortcuts.

To use the OpenDNS setting you need to create an OpenDNS account.  You can create an account at http://www.opendns.com and click on the Create Account link. Follow the onscreen instructions to create an account.


Cause:

OpenDNS has discontinued their free content filtering service as of August 2012. This should not affect internet access of customers who currently are using OpenDNS, but content filtering will no longer work. If you would still like to have the content filtering service provided by OpenDNS, you will need to create an account and add the account credentials into your CradlePoint.


Resolution:

  1. Login to the router’s setup page (login instructions).
  2. With some router models (i.e., MBR95), it will be necessary to switch from Basic Mode to Advanced Mode via the toggle button beneath the CradlePoint logo at the top left of the page.
  3. Click on the Network Settings tab then Content Filtering.
  4. Put a check in the Enable box.
  5. Enter your Open DNS account information in the OpenDNS Account Information section.
  6. Enable OpenDNS ISP Filter Bypass Algorithm if desired.
  7. Click Apply to save the changes.

              User-added image
 
Additional Filtering Options:
 
Force All DNS Requests To Router: Enabling this will redirect all DNS requests from LAN clients to the router’s DNS server. This will allow the router even more control over IP Addresses even when the client might have their own DNS servers statically set.

Enable OpenDNS ISP Filter Bypass Algorithm: It is possible that your Internet Service Provider (ISP) uses the port that OpenDNS is configured to access, typically port 53, which will prevent OpenDNS filtering.  If OpenDNS does not appear to be working correctly, enabling this will attempt to bypass those ports when using an OpenDNS content filtering level.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Event logs in CradlePoint routers are cleared on every power cycle or reboot.  To save logs after a reboot configure a connection from the CradlePoint router a USB flash drive.

Cause:

Router event log information is lost on a power cycle or reboot.

Resolution:

  1. Log into the router’s setup page (login instructions).
  2. Click the System Settings tab then click Administration.
  3. Click System Logging tab.                                                                                                                          User-added image
  4. Click the check box to the right of Log to attached USB stick.
  5. Click Apply.                                                                                                                                              User-added image
  6. Plug in a USB memory device, the router will write event log data to the attached USB device.

Permalink


Configuration Difficulty: Expert



Summary

Firmware Version

Network Topology

Configuration

– Certificate Creation and Exporting

– OpenVPN Server Configuration

– Configuring the Client

Technical

Troubleshooting


Summary


This article is intended to assist the CradlePoint Administrator in configuring the CradlePoint to act as an OpenVPN Server and configuring a Windows 7 client to connect.


Firmware Version


This Article was written utilizing firmware version 5.2.0.


Network Topology

User-added image


Configuration


Certificate Creation and Exporting

  1. You will need to generate the following certificates for use by the OpenVPN architecture; A CA, a Server Certificate, and a Client Certificate (you will need a Client Certificate for each client you wish to connect to the CradlePoint). This can be done in the Certificate Manager in the CradlePoint. The Certificate Manager is accessed by clicking SYSTEM SETTINGS > CERTIFICATE MANAGEMENT. User-added image
  2. To Create a CA Certificate; Click on CREATE CERTIFICATE on the left-hand tabs. Fill out the information in the text boxes, it is recommended not to use spaces or special characters in any of the text fields for certificates. In the ISSUER section be sure to check the box for “Set as CA certificate.” Click APPLY. NOTE: The Common Name field for each certificate needs to be unique among all the certificates used for OpenVPN.User-added image
  3. To Create a Server Certificate; Click on CREATE CERTIFICATE on the left-hand tabs. Fill out the information in the text boxes, it is recommended not to use spaces or special characters in any of the text fields for certificates. In the ISSUER, section is sure to check the box for “Sign with a CA certificate” and select your CA from the drop down. NOTE: The Common Name field for each certificate needs to be unique among all the certificates used for OpenVPN. User-added image
  4. To Create a Client Certificate; Click on CREATE CERTIFICATE on the left-hand tabs. Fill out the information in the Text boxes, it is recommended not to use spaces or special characters in any of the text fields for certificates. In the ISSUER section be sure to check the box for “Sign with a CA certificate” and select your CA from the drop down. NOTE: The Common Name field for each certificate needs to be unique among all the certificates used for Open User-added image
  5. You will need to export the CA and Client certificates in order to use them in the configuration for the client. Select EXPORT PEM from the tabs on the left hand screen.                                                                                                                                                               User-added image
  6. Export the CA and Client certificates by selecting each certificate in turn from the drop-down and clicking the EXPORT button. User-added image
  7. You will also need to retrieve the Private Key for the Client certificate. As of firmware version 5.2, this is only possible via the CLI. For instructions on how to access the CLI, please refer to the article; Series 3: Command Line Interface (CLI) Overview.
  8. Once you are logged in to the CLI you will need to navigate to the Certificate Manager directory by issuing the following command cd config/certmgmt/certsUser-added image
  9. To view the certificates, issue the get command from the current directory.
  10. Locate the Private Key for your Client certificate and copy the text and paste it to a text document. The private key will be above the name of the certificate in the output of the get command as indicated in the screen shot. User-added image
  11. You will need to reformat the key document. In the key text document, you will need to locate all the carriage returns (the character combination in.). Just before each carriage return you will need to press the Enter key and the delete the carriage return. You will also need to remove all unnecessary spaces. Take great care to not delete any other characters, this will invalidate the key. Save the document with a .key extension.                                      User-added image    User-added image


OpenVPN Server Configuration

  1. To configure OpenVPN on the CradlePoint, go to INTERNET > OPENVPN TUNNELS.                                                             User-added image
  2. Click ADD.                                                                                                      User-added image
  3. Give the Tunnel a familiar name.
  4. Select SERVER from the Tunnel Mode drop down.
  5. Select you server certificate from the Certificate Name drop down.
  6. Check the TLS-Authentication if you would like the tunnel to use TLS. In this example, you will leave it unchecked.
  7. Assign an IP address and subnet mask to you tunnel network.
  8. Check the Support IPv6 Tunnels if you will be using IPv6 addresses. In this example, we will leave it unchecked.
  9. Choose the protocol you wish your tunnel to use from the Tunnel Protocol drop down. In this example, we will use UDP.
  10. Enter the port number you wish your tunnel to connect on. The default is 1194.
  11. Enter the amount of time you wish to wait to send a ping if no traffic has been sent through the tunnel in the Ping field. The value is in seconds, and 10 is the default.
  12. Enter the amount of time to wait if no pings have been received before the tunnel restarts into the Ping Restart field. This value is in seconds, and the default is 60.
  13. Ensure the Tunnel Enabled box is checked.
  14. Click NEXT.                                                                                                    User-added image
  15. The Remote Server field is unavailable in this configuration because you are the server.
  16. Click NEXT.                                                                                                    User-added image
  17. Enter any networks you would like to advertise via the tunnel by clicking ADD ROUTE, entering the Network IP Address and subnet mask and click Save.
  18. Click NEXT.                                                                                                    User-added image
  19. If in Step 6 you choose to use TLS, you will need to generate a TLS-Authentication Key, by clicking the GENERATE button. In this example, we are not using TLS so we will skip this step.
  20. Click FINISH.                                                                                                     User-added image


Configuring the Client

  1. On you Windows 7 client, you will need to download the OpenVPN GUI.
  2. You will need to create a configuration file for your client in a text editor. Below is an example configuration file that corresponds to the settings we have set in our server. In the areas for the CA and Client certificate and the Client key, you will need to open each one of those files in a text editor, and copy and paste the text direct into the configuration file in the appropriate area.
    • client
    • dev tun
    • proto udp
    • port 1194
    • persist-tun
    • persist-key
    • keepalive 10 60
    • verb 3
    • <connection>
    • remote x.x.x.x(IP address of server) 1194 udp
    • </connection>
    • <ca>
    • (Insert CA cert here)
    • </ca>
    • <cert>
    • (Insert Client cert here)
    • </cert>
    • <key>
    • (Insert Client key here)
    • </key>
  3. Save the configuration file with a .ovpn extension in to the config directory of OpenVPN.    User-added image
  4. You will need to set OpenVPN GUI to “Run as Administrator”. This can be don by right clicking on OpenVPN GUI and selecting Properties. Under the Compatibility tab, check the box next to “Run this program as an administrator”. Then click OK.                                 User-added image
  5. Launch OpenVPN GUI.                                                                                User-added image
  6. Right click the OpenVPN GUI icon in the System tray.                                                                                                                    User-added image
  7. Click Connect.

You will get a message stating you are connected to the OpenVPN server in the CradlePoint. This can be verified by opening a Command Prompt and pinging the OpenVPN IP address of the CradlePoint as well as viewing the routing table on your computer. User-added imageUser-added image


Technical

Terms

  • Carriage Return: a control character or mechanism used to reset a device’s position to the beginning of a line of text, for the purpose of this document the control character is \n.
  • Certificate Authority (CA): an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate.
  • Command Line Interface (CLI): is a type of human-computer interface (i.e., a way for humans to interact with computers) that relies solely on textual input and output. This is accessed via SSH in the CradlePoint.
  • OpenVPN: an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[2] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL)
  • Secure Sockets Layer/Transport Layer Security (TLS): are cryptographic protocols designed to provide communication security over the Internet.[1] They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.

System Requirements

  • This feature is found only on the following CradlePoint Products: AER 2100 and MBR1400v2
  • OpenVPN requires an Extended Enterprise License (EEL) and Enterprise Cloud Manager (ECM) to use this feature.

Troubleshooting

To view the status of the OpenVPN tunnels, you will need to access the CLI of the CradlePoint and issue the following command; get status/openvpn.

To view log messages, you will need to enable Debug level logging. Enabling this level of logging will impact router performance and over time can cause unexpected reboots or loss of functionality and should only be enabled at the request of an authorized CradlePoint representative. This enables debug level logging for most of the Router Services. This is enabled by navigating to SYSTEM SETTINGS > ADMINISTRATION > SYSTEM LOGGING and next to the LOGGING LEVEL select DEBUG from the drop down.


CradlePoint Knowledgebase

OpenVPN

OpenVPN How To


Published Date:
7/1/2014

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

Add host names to local computers and associate the host name to the IP addresses.

Cause:

By default Series 3 routers only know each computer by its assigned IP Address.  By adding information in the known hosts configuration file your Series 3 router will associate a name to an IP.  For example, a work computer can associate its IP 192.168.0.162 to the name Work.  Once associated references to the name Work is the same as referencing the IP address.

Resolution:

  1. Log into the router’s setup page (login instructions).
  2. In the Upper left of the screen right below the CradlePoint Logo, make sure you are in Advanced Mode.  If Basic is displayed click it to change to Advanced (only on some series 3 units).
  3. Click Network Settings then select DNS.
  4. Locate the Known Hosts Configuration area, near the bottom.
  5. Click Add.
  6. Fill in the Host name and IP of local computer.
  7. Click Submit
    User-added image

Permalink


CradlePoint routers that currently support IP Pass-Through are the: CBA750B, CBR400, CBR450, IBR600, IBR650, and MBR1400

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0

Things to know before getting started:

  • These instructions are based on firmware version 4.0.3 for Series 3 Routers that support the IP Pass-through feature.  If the router’s firmware is not up to date, update before proceeding, How to update Firmware.
  • When IP Pass-through is enabled, the first device connected to the router receives the modems public IP address.  This means that any OTHER devices connected to the router will not be able to access the internet.

Configuring IP-Pass-through

There are two ways to configure IP Passthrough.

The first is to use the IP Passthrough Setup wizard available under the Getting Started tab.  This wizard will automatically apply the settings for IP passthrough.

User-added image

The second is to configure in manually by following the below steps.

  1. Connect a computer to the router via Ethernet (you will be disabling the WiFi on the Primary LAN) then log into the routers administration page (login instructions).
  2. Click  the Network Settings tab then select Wi-Fi/Local Networks.                                         User-added image
  3. Locate Primary LAN, put a check mark next to it then click Edit.
  4. (This step only necessary on the MBR1400, IBR600, and CBR400) In the new window click on the Interfaces tab.  In the Selected box, click on the WiFi network and click the minus button.User-added image
  5. Then click the IPv4 Settings tab and change the Routing Mode to IP Pass-through.                                                                                                     User-added image
  6. Click Submit.
  7. Verify that the Internet is still available on the connected computer.
  8. Verify that the IP address is same as the modems IP.

Trouble Shooting IP Pass-Through:

  1. If the settings saved correctly and the connected computer is works properly but after connecting the router to a different device it does not work as expected, consider the following:
    • Often, IP Pass-Through requires a MAC address bound to it in order to work properly.  To do this, return to the screen presented on step 4 then re-perform step 5.  In the Pass-through, reservation field type the IP address of the device that you want to configure IP Pass-through for.
    • Then click Submit.
  2. If IP-pass-through works (device behind router receives the modems IP address), but you are unable to open ports, consider the following:
    • Many 4g networks assign private, double-NAT’d private IP addresses  Often these IP addresses start with 10.x.x.x.   If you have this type of IP address, no port forwarding or remote access will be possible due to the cellular carrier’s network configuration.  This is not a limitation imposed by the CradlePoint router.
    • In Pass-Through mode, the router is not performing any routing, so it is very likely that the cellular carrier is blocking ports.
    • If the CradlePoint router is unable to  acquire a connection through the modem it will automatically issue your device a DHCP IP address.  This can also occur if the router detects the computer connected BEFORE it connects to the modem.  Performing an IP refresh/renew on your device will typically resolve this error.

Permalink


If you are not sure what series and model CradlePoint router you have, please click here.

This article was written base upon firmware version 5.1.0.


Description:

Most but not all Series 3 CradlePoint routers can connect to more than one Internet (WAN) service.  If there are more than one WAN sources available the priority of the WAN connections can be specified, and the CradlePoint router will automatically switch over to the next available connection upon a WAN failure.

For example, both a wired Ethernet connection (DSL, cable, satellite, T1, etc.) and a USB cellular data modem.  By default, the router will use a wired connection as the primary connection and if the wired WAN connection fails it will fail over to the cellular modem.

If using a CradlePoint product that allows for multiple cellular modems or multiple wired WAN connections, it is also possible to specify the order in which the WAN connections will be used.  The CradlePoint router can also be configured to ping the target to verify the Ethernet WAN connection state.
 

Directions:

Please consult the following video for a walk-through, or skip to step one.

If you are not sure what series and model CradlePoint router you have, please click here.

This article was written base upon firmware version 5.1.0.


Description:

Most but not all Series 3 CradlePoint routers can connect to more than one Internet (WAN) service.  If there are more than one WAN sources available the priority of the WAN connections can be specified, and the CradlePoint router will automatically switch over to the next available connection upon a WAN failure.

For example, both a wired Ethernet connection (DSL, cable, satellite, T1, etc.) and a USB cellular data modem.  By default, the router will use a wired connection as the primary connection and if the wired WAN connection fails it will fail over to the cellular modem.

If using a CradlePoint product that allows for multiple cellular modems or multiple wired WAN connections, it is also possible to specify the order in which the WAN connections will be used.  The CradlePoint router can also be configured to actively ping a target to verify the Ethernet WAN connection state.
 

Directions:

Please consult the following video for a walk-through, or skip to step one.



Before configuring the Failover and Failback settings in the CradlePoint router verify that each connection works independently.

  1. Log into the administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Click the Internet tab then select Connection Manager from the drop-down menu.                                                                                  User-added image
  3. The WAN Interfaces page displays the priority and status of all available WAN interfaces.  In this example, the CradlePoint MBR1400 has a wired Ethernet connection attached to the Blue WAN port, a Sprint Sierra Wireless 250U 3G/4G modem in USB slot 1, and a Verizon Novatel MC760 3G modem in USB slot 2.
  4. The Ethernet port (shown with a green circle) is the WAN interface that is currently connected.  The cellular modems are inAvailable state in case the Ethernet connection fails.  Because Load Balance is not enabled the router will only use the available interface with the highest priority.                                                                                      User-added image
  5. To change the Failure Check settings for the Ethernet port (or any other port) highlight the interface and click the Edit button.                      User-added image
  6. At the WAN Configuration page on the General Settings tab expand the Advanced IPv4 Failure Check option.  (Advanced IPv4 Failure Check is not available on the CTR35 or MBR95)User-added image
  7. To have the router monitor the status of the WAN interface while connected change the Monitor while connected option to Active DNS.  The Idle Check Interval refers to how often the CradlePoint will check the connection.  If the CradlePoint does not receive a response, it will verify the failure was not a one off error and after 5 successive failures, it will automatically initiate fail over to the next available WAN interface.                                                                               User-added image
  8. By default, the CradlePoint will fail back over to the WAN connection once there is at least 20 KB/s of available bandwidth on the interface.  To change the Failback options, expand the ADVANCED Failback Configuration section on the WAN Configuration page. User-added image
  9. To change the failover priority for your WAN interfaces, use the up and down arrows in the WAN Interfaces box.  This example shows that the Verizon MC760 modem has been moved to a higher priority than the Sprint 250U modem.  This setting will ensure that if the wired Ethernet connection fails the router will next use the Verizon MC760 modem before using Sprint 250U modem.       User-added image
  10. For CradlePoint products that support Load Balancing, it is possible to have one or more cellular modem provide a load balanced connection.  The screenshot below shows that the Sierra Wireless 4G modem and Verizon 3G modems have both been added to the Load Balancing pool.  With these settings, the CradlePoint will automatically Load Balance the Ethernet connection if a certain bandwidth threshold is reached on that interface.  For more information about configuring load balancing, refer to Load Balancing Explanation or Load Balancing Configuration.        User-added image
  11. Click Submit to save.

 
NOTE:  CradlePoint products that do not support the Load Balancing feature will not be able to use more than one internet connection at the same time. 

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.


Device Alerts:

This article describes the configuration for Device Alerts and Email notification in Series 3 CradlePoint Routers.  Device Alerts allow you to get automatic notifications through an SMTP email server of selected system events.  Since the router does not have its own SMTP server, you must enable an SMTP email server, such as Gmail, Yahoo, etc., to be able to receive Device Alerts.
 

Enabling Device Alerts:

1.  Login to the router’s setup page (login instructions).

2.  Click on the System Settings tab then select Device Alerts from the sub-menu.

3.  In the Alert Configuration section select which alerts will be reported, the frequency and the time for the email
     notifications.  Below is a synopsis of the available alert options.

  • Firmware Upgrade Available:  Notification of a new firmware release for this router.
  • WAN Device Status Change:   An attached WAN device has changed status. The possible statuses are plugged, unplugged, connected, and disconnected.
  • Login Failure:  A failed login attempt has been detected.
  • Full System Log:  The system log has filled.
  • Recurring System Log:   The router log is sent periodically.  This alert contains all of the system events since the last recurring alert. It can be scheduled for daily, weekly and monthly reports.  You also choose the time you want the Alert sent.

4.  In the SMTP Mail Server section enter the SMTP settings for your email account.  Each SMTP server will have
     different specifications for setup, so you have to look up your specific settings separately.  Contact your Email
     provider for more information.  Below is a brief synopsis of each field.

  • Server Address: The SMTP server URL.
  • Server Port: The SMTP port used by the email Server.
  • Authentication Required: Check this box if you are required to provide login credentials to sign into your email.  This is typically required.
  • User Name:  Your full email address.
  • Password:  Your email password.
  • From Address:  Your email address, the sender email for the Device Alerts.
  • To Address:  Your email address, the receiver email for the Device Alerts.
  • **NOTE: Please utilize all lower case letters when inputting To and From email addresses.**


             User-added image

5.  In the Advanced Delivery Options settings area select any of the following options.

  • Email Subject Prefix:  Optional alert email subject prefix.  This option is helpful to identify alerts from specific routers.
  • Retry Attempts:  The number of attempts made to send the alert to the mail server.  After the attempts are exhausted, the alert is discarded.
  • Retry Delay:  The delay between each retry attempt.

6.  Apply your new settings.

           User-added image

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Things to Know Before Getting Started

  • This feature is only available on our series 3 routers: CTR35, MBR95, CBR400, CBR450, IBR600, IBR650, MBR1200B and MBR1400.
  • In order to take advantage of this feature you will need firmware version 3.5.0 or later. If you are not at this version, please updateFirmware Update Instructions.

What is  a Data Usage Rule?

A Data Usage rule attempts to track the amount of traffic used by the WAN Connection. This is useful for a cellular broadband connection with a data cap.  A Data Usage rule to helps prevent data overage charges.  Data Usage rules are not guaranteed to be 100% accurate.  Data Usage Rules provide an estimated usage of data. CradlePoint is not responsible for any overage charges.      

Before Getting Started:

Note:  Typically Data Usage volumes are written to the routers internal memory approximately every 15 minutes.  This means that if the router shuts down/reboots 13 minutes after the last save, all data used during that time will not be stored are accounted for in the Data Usage calculation when the router comes back on.  Data used by the modem, while not plugged into the router, is not reflected in the router Data Usage estimate.

Configuration:

  1. Log into the router’s setup page (login instructions).
  2. If you see a button in the top left corner of the screen that says Basic Mode click on it to change to Advanced Mode. (If you don’t see this button, ignore this step).                                                                                     User-added image
  3. Click the Internet tab then select Data Usage.
  4. Make sure Enable data usage is checked                                                                    User-added image
  5. In the Data Usage Rule section click Add.
  6. Name the rule.
  7. In the Wan Selection select the name of the USB Modem (or “Ethernet: blue” if you want to monitor data usage for a DSL/Cable/Satellite/T1 connection).                                                                                             User-added image
  8. Under the Assigned usage in MB enter the maximum data volume to be used before the router takes action (the action will be chosen at a later step).  Typically, it’s best to set the maximum slightly lower than the data cap.  Data caps are usually given in Gigabytes.  1024MB = 1GB.
  9. Make sure Rule Enabled is checked then click Next.
  10. The Cycle Type should be set according to your billing plan with your ISP.                                                                                 User-added image
  11. Cycle Start date should correspond with the billing period start day each month.
  12. Select the router action from the following options:
  • Shutdown WAN on Cap:  The router will shut down the internet connection when the cap specified at step 8 is reached.  When the cycle start date is reached, the connection will re-enable.
  • Send alert on Cap:  The router will send you an e-mail warning you that the cap has been reached. This requires configuration of SMTP mail settings, SMTP Instructions.
  • Custom Alert:  This option will generate an e-mail message when the specified percent of usage has been reached.
     14.  Click “Submit”.The page now shows a graph and numbers displaying how much data has been used.  This page can be accessed to periodically check the modems data usage.

Permalink


QUICK LINKS:

SUMMARY:

Beginning in firmware version 5.x.x, select CradlePoint routers offer SMS capabilities for limited remote management features.  This article is intended to provide steps to configure and use the SMS feature.

TERMS:

  • SMS – Text Messaging

 

REQUIREMENTS:

  • One of the following CradlePoint Models: IBR600LE, IBR650LE, IBR600LP, IBR650LP, IBR600P, IBR650P, MC200LE, MC200LP, MC300LE, MC300LP
  • Firmware version 5.x.x or later.
  • Please verify with your mobile data carrier that SMS functionality is enabled on your mobile data plan. Please contact your mobile data carrier for information on text messaging rates and options so that you are fully aware of any potential expenses that may occur.

 

OVERVIEW OF SMS AND CAPABILITIES:

Cellular Modems communicate with the network across two channels, which is what allows the use of SMS communication even when the modem does not have an active data connection. However, there are some caveats to the use of SMS for management purposes that must be considered by an administrator.

  1. SMS messages are limited to 160 characters which is useful to be aware of depending on what information you are requesting from the router. Pulling logging info from the router via SMS is possible, but will entail multiple messages, as each line of a log entry has the potential to be longer than 160 characters.
  2. SMS is not a guaranteed delivery protocol. Carriers are unable to guarantee that the message will be delivered to the modem or that the response from the modem will be delivered to the sender.
  3. SMS messages are slow and can take anywhere from seconds to minutes to be delivered.
  4. SMS is not an encrypted protocol and all information is sent in clear text across the network. This includes passwords which are sent with every command string.

To utilize the SMS feature, you will need to know the Mobile Device Number (MDN) of the modem. This can be obtained under Status > Internet Connections in the CradlePoint’s Administration Pages. Select the Internal Modem and the MDN will be located in the Diagnostics section for the modem.


CONFIGURATION:

  1. Log into the CradlePoint Administration Pages.
  2. Navigate to System Settings > Administration and select the SMS tab.                    User-added image
  3. By default, SMS Support is enabled.
  4. By default the SMS Password is the Last 8 Characters of the Routers MAC Address. Here, you can configure a password that is unique to SMS Support (Remember, SMS is unencrypted, so this should be different than any other passwords on your router). Passwords can be between 1 and 16 characters.
  5. To further increase security of the SMS Support, you can specify what Phone Numbers the Modem will respond to via the White list. Format for the white list is 2085555555 (10-digit phone number with no punctuation). CradlePoint strongly suggests utilizing the White List functionality to limit SMS support to only the Phone Numbers of Administrators responsible for administering the CradlePoint.
  6. To locate you mobile number for the CradlePoint, go to Status > Internet Connections.
  7. Select The Internal Modem from the Device List.
  8. Locate the Mobile Directory Number in the Device Information box.                           User-added image

 

SMS COMMANDS

The basic command syntax for SMS is:

<password>,<cmd>,[arg1,][arg2,]


All SMS commands are preceded by the SMS Password. Additionally, the trailing comma is mandatory as it tells the Router that this is the end of the command string.

Supported Commands:

help: Receive list of commands. (Note: Only Available in Firmware 5.1.0 or later)
syntax:<password>,reboot,
Example:1234,reboot,

 

reboot: Reboot the router (not the modem)
syntax:<password>,reboot,
Example:1234,reboot,
restore: Restore the router to factory defaults
syntax:<password>,restore,
Example:1234,restore,
rstatus: Get router status
syntax:<password>,rstatus,
Example:1234,rstatus,
This command returns info about the router along with port names for ports with attached modems.

Examples of response:

uptime:5:15:10
FW: v5.0.0
eth0: 10/100 Ethernet Switch: connected
int1: Internal LTE/EVDO: connected
mstatusGet Modem status1
syntax:<password>,mstatus,[port,]
Example: 1234,mstatus,  //return status of highest priority modem
Example: 1234,mstatus,int1,  //return status of internal modem
This command returns info about the indicated modems status. The info reflects the modem model number, service type, and connection status and values.
Example of response:
Model: Internal LTE/EVDO
Service: LTE
SIM Status: READY
RSSI: -62 dbm
SINR: 13
APN: vzwinternet
IP Addr: 166.136.142.124
mreboot: Reboot the modem1
syntax:<password>,mreboot,[port,]
Example: 1234,mreboot,  //reboot the highest priority modem
Example: 1234,mreboot,int1,  //reboot the internal modem
apn: Set the APN on the modem (for SIM-based modems)1
syntax:<password>,apn,[port,]
Example: 1234,apn,broadband,  //set APN of highest priority modem
Example:1234,apn,broadband,int1,  //set APN of the internal modem
userpass: Set the modems authentication username and password1
syntax:<password>,userpass,<username>,<userpassword>,[port,]
Example: 1234,userpass,joe,mypassword,  //set information of highest priority modem
Example:1234,userpass,joe,mypassword,int1,  //set information of the internal modem
simpin: Set the SIM’s PIN1
syntax:<password>,simpin,<pin>,[port,]
Example:1234,simpin,5678,  //set simpin in highest priority modem
Example:1234,simpin,5678,int1,  //set simpin on the internal modem
log: Return a portion of the router log
syntax:<password>,log,[start,]
Example:1234,log,  //return the top 10 items of the log
Example:1234,log,10,  //return items 10 through 20
Example:1234,log,40,  //return items 40 through 50
Sending log information via SMS will result in multiple SMS messages being sent, as each log entry can potentially exceed one text message character limit.

1The [port,] parameter is optional for these commands. It is used to specify a specific port to perform the action on. If not defined, the action will be performed on the highest priority modem.

Permalink


QUICK LINKS:

  • SUMMARY
  • REQUIREMENTS
  • EXAMPLE CONFIGURATION
  • CRADLEPOINT CONFIGURATION
  • ADTRAN CONFIGURATION


SUMMARY:

This document will guide you through creating an IPsec VPN tunnel between a Series 3 CradlePoint router and an Adtran NetVanta 3120 router.  The IPsec tunnel in this example assumes that the WAN sources attached to both routers are publicly routable and not behind a NAT.

This document was created using CradlePoint firmware 4.4.2 and Adtran NetVanta firmware R10.9.0.E, but should work similarly on other firmware versions for both devices.


REQUIREMENTS:

CradlePoint Series 3 router supporting IPsec

Adtran NetVanta 3120 (or other similar Adtran routers)

Public WAN sources attached to each router


EXAMPLE CONFIGURATION:

CradlePoint IBR600LE configuration:

WAN IP: 166.142.176.196

LAN IP: 192.168.0.1

Subnet: 255.255.255.0

Adtran NetVanta configuration:

WAN IP: 184.76.124.69   (obtained via DHCP)

LAN IP: 10.10.10.1

Subnet: 255.255.255.0

Your WAN IP addresses (and likely LAN IP networks) will be different than the examples used in this document.  This example configures an IPsec tunnel between the router so that hosts connected to the CradlePoint’s 192.168.0.0/24 LAN can access hosts on Adtran’s 10.10.10.0/24 subnet without any additional configuration.

Both the CradlePoint and Adtran device configuration begin from factory default settings.  The CradlePoint’s IPsec configuration in this guide is intended to be the most compatible with the default IPsec settings on the Adtran, but there are many other combinations that should work as long as both sides are configured with matching settings.

For more information about other IPsec options on the Adtran, please contact http://www.adtran.com for assistance.


CRADLEPOINT CONFIGURATION:

  1. After logging into the CradlePoint, click Internet > VPN TunnelsUser-added image
  2. At the Internet > VPN Tunnels page, click the Add button to create a new IPsec policy. User-added image
  3. Give the tunnel a name, and then enter “CradlePoint” as the Local Identity and enter “NetVanta3120” as the Remote Identity.  Enter the same pre-shared key that will be entered in step 10 for configuring the Adtran.  The Initiation Mode may be set to “On Demand” or “Always On,” depending on your needs.  Click Next to continue. User-added image
  4. Under Local Networks, add the CradlePoint’s local network address and netmask for the network(s) that will be made available across the VPN.  Click Next to continue.                                                                                             User-added image
  5. Under Remote Gateway, enter the public IP address (or host name if available) of the WAN interface of the NetVanta.  Under Remote Networks, enter the “Network Address” and “Netmask” of the NetVanta’s private network that will be made available across the VPN tunnel.  Click Next to continue.                                                                      User-added image
  6. For IKE Phase 1, make sure that the settings match how the NetVanta is configured.  In this example, to match the NetVanta’s settings, the Exchange Mode was changed to “Aggressive,” the “Key Lifetime” left at 28800, and all Encryption, Hash & DH Groups that were not configured on the Adtran have been unchecked.  Click Next to continue. User-added image
  7. For IKE Phase 2, again make sure that the settings match how the NetVanta is configured.  In this example, “Perfect Forward Secrecy” has been unchecked.  The “Key Lifetime” has been increased to 28800, and like above the unused Encryption, Hash & DH Groups have been unchecked.  Click Next to continue.                                                                                              User-added image
  8. For “Dead Peer Detection,” leave the settings at the default values and click Finish.       User-added image
  9. At the “Tunnel Summary” screen, ensure that your settings are correct and click Yes to save the settings.  User-added image
  10. At the VPN tunnels page, you will now see the new IPsec policy listed.  Click Enable VPN Service to start the VPN service.  User-added image


ADTRAN CONFIGURATION:

  1. After logging into the Adtran, click the Data tab.                                                          User-added image
  2. Under “VPN”, click the VPN Wizard link.                                                                       User-added image
  3. At the wizard’s welcome page, click Next.                                                                     User-added image
  4. Choose “Typical Setup” and click Next.                                                                          User-added image
  5. In the “VPN Peer Description” field, enter a name for the remote CradlePoint, then click Next.
    • In this example, the VPN peer is named “CradlePoint”.)                User-added image
  6. In the “Public Interface” field, select Adtran’s public WAN interface, then click Next.
    • In this example, the Public Interface selected is “Public (DHCP).” User-added image
  7. In the “Peer IP Address” field, enter the CradlePoint’s public WAN IP Address, then click Next.
    • In this example, the CradlePoint’s WAN IP is 166.142.176.196.     User-added image
  8. In the “Remote Subnet” and “Remote Subnet Mask” fields, enter the private network behind the CradlePoint that will be made available through the tunnel, and then click Next.
    • In this example, the “Remote Subnet” is 192.168.0.0 and the “Remote Subnet Mask” is 255.255.255.0. User-added image
  9. In the “Local Network” page, select or manually enter the Adtran’s local network that will be made available through the tunnel, and then clickNext.
    • In this example, for “Use Network From” drop-down the network “10.10.10.0/255.255.255.0” network was chosen. User-added image
  10. In the “Authentication Type” screen, choose Preshared Secret and enter a password that will be used on both sides of the tunnel. User-added image
  11. In the “Remote ID Type” field, choose Allow Any Remote ID.  It is also possible to use an e-mail address or IP address in this field if preferred, as long as both sides match.                                                                                           User-added image
  12. For the “Local ID Type,” leave it as “Domain Name”, and leave the “Local ID Value” at the default value, and then click NextUser-added image
  13. At the “Confirm Settings” page, make note of the IKE & IPsec settings that the NetVanta chose by default.  The CradlePoint will need to be entered with matching settings.
    • In the example, the NetVanta is using IKE Phase 1 Aggressive mode, Encryption type 3DES, Hash type MD5, DH Group 1, with a key lifetime of 28800.
    • The IKE Phase 2 (IPsec) settings in the example are Perfect Forward Secrecy disabled, Encryption type 3DES, Hash type MD5, with a key lifetime of 28800.  Keep in mind that these are not the same as the default settings on the CradlePoint.
    • Other combinations will also work as long as the settings match on both the CradlePoint and the NetVanta.  Click Finish to save your VPN configuration.                                                                  User-added image
  14. At the “Wizard Complete” page, click Exit to get back to the main NetVanta UI.

Permalink


This article applies only to CradlePoint router models CBR400, CBR450, IBR600, IBR650, MBR1200B, MBR1400, and AER2100.

If you are unsure of your router’s Series or Model number, please click here.

This article was written based on Series 3 firmware version 5.1.0.


Summary:

Advanced Failure Check lets the router to actively verify the status of its interfaces, which leads to a quicker resolution of a problem if one is found. This article describes how to configure Advanced Failure Check on a Series 3 CradlePoint router.  


Directions:

  1. Connect your modem to the CradlePoint router.
  2. Log into your router’s administrative console. If you are not sure how to do this, click here.
  3. Click on the Internet tab and select Connection Manager from the drop-down menu.           User-added image
  4. Select your modem within the WAN Interfaces list by clicking on its name. User-added image
  5. Click the Edit button to open the modem’s configuration screen. User-added image
  6. Within the WAN Configuration window, click on the General Settings tab and then click the down arrow to expand the Advanced Failure Check section.                                                            User-added image
  7. Set the desired Failure Check Interval. This determines how often the router verifies its connection on this interface. A lower value will lead to quicker detection of a potential problem, but will also use up more of the router’s resources and result in higher data usage.
  8. Click the down arrow next to the Monitor while connected field to select the desired failure check method.
    • Note: The recommended option for cellular modems is Passive DNS.
    • Note: If Active Ping is used for failure check, it is crucial to specify a stable IP address as the ping destination, such as 8.8.8.8or 4.2.2.2                                                                                                User-added image
  9. Click Submit if any changes were made. Please note that your modem may briefly disappear from the WAN Interfaces list while it loads the new settings.
  10. Verify that Aggressive Modem Reset is enabled. Reference this article for more information.

Permalink


If your are unsure of CradlePoint Series or Model number, please click here

This article was written based on firmware version 5.1.2.

*NOTE* This article pertains to the following routers on 5. firmware: IBR600, MBR1200B, MBR1400 and CBR400 on firmware version 4.3.2

Overview:

Introduced in firmware 3.4.0 for  Series 3 CradlePoint routers, the WiFi Bridge feature allows you to establish a wireless link between two routers, putting them both on the same IP network.  In this example, a WiFi Bridge is established between two CradlePoint Routers but, the configuration can be applied to a non-CradlePoint wireless router and a CradlePoint that is establishing the connection.

User-added image
Figure 1- Example Network using WiFi Bridge

User-added image

Figure 2– Router 1 Information

Above is general router information for Router 1.  This example uses is a Cradlepoint MBR1400v2 router.

  • WiFi SSID: Router1_SSID
  • Primary LAN: 192.168.0.1/255.255.255.0

Steps for Configuring WiFi Bridge:

  1. Verify that the Series 3 CradelPoint router firmware is version 3.4.0 or later (How to verify router firmware version).  Update the router firmware if necessary.  Click here for instructions on updating your firmware.
  2. Log into the Administration pages of Router # 2.   Click here for instructions on logging in to the Administrative Pages of the CradlePoint.
  3. Click on the Internet tab, then select WiFi was WAN / Bridge from the drop down menu.    User-added image
  4. Click on the drop down menu and select Wireless Bridge to switch the WiFi Client Mode to WiFi Bridge.     User-added image*NOTE* FOR THE CBR400 Click on the WiFi Bridge to switch the WiFi Client mode to WiFi Bridge.   User-added image
  5. Select the wireless network you wish to join From the Site Survey section, in this case “Router1_SSID”.  If you do not see any SSID’s please click the Refresh button.                                          User-added image
  6. Click the Import button.                                                                                                                    User-added image
  7. A Profile Editor window will appear, verify all the settings match that of the desired WiFi network, and enter the WiFi Security Password needed to connect to the network (in this case, the WPA Password).
  8. Click Submit.                                                                                                                   
  9. Verify the wireless network is saved and listed under the “Saved Profiles” list.                      User-added image
  10. Select Network Settings > WiFi / Local Networks.                                                                       User-added image
  11. For initial configuration the Guest LAN should be removed. Click the checkbox next to Guest LAN.  User-added image
  12. Click on the Remove button to delete the Guest LAN network. When it prompted on the removal, select Yes.
  13. Select the Primary LAN by clicking the checkbox next to Primary LAN.
  14. Click the Edit button.
    User-added image
  15. Change the last octet of the Router # 2 IP address so that it is not the same as Router 1.  In this example, we’ve changed the Router 2 IP address from 192.168.0.1 to 192.168.0.2.  It is required that the IP addresses for Router 1 and Router # 2 remain on the same network.  For example two routers with IP addresses of 10.0.0.1 and 10.0.0.25 both with 255.255.255.0 netmasks will work but, IP address of 10.0.0.1 and 10.0.1.25 with 255.255.255.0 netmasks will not. Additionally, the routing mode need to be changed from NAT(default) to Standard.User-added image
  16. Select the Interfaces tab.  Move the network interface with the prefix “WiFi Bridge” over from the “Available” list to the “Selected” list.                                                                                                      User-added image
  17. Disable the DHCP server by selecting the DHCP Server tab and unchecking DHCP Server.  This is required for WiFi Bridging.
  18. Click Submit to apply the settings.                                                                                                   User-added image

After the save is complete use 192.168.0.2 to access Router 2, since the Router 2 IP was changed.  Router 1 administration access will be available on its IP address which for this example is 192.168.0.1.

User-added image

Log into the Router 2 administration pages using the new IP address.  Navigate back to  Network Settings > WiFi / Local Networks.  Notice in the Primary LAN data there is an Attached Interface called WiFi Bridge.  Verify that the WiFi Bridge is connected, along with the signal of the connection between the two routers.  Close your web browser at this time.
User-added image

Now, test that your computer can successfully communicate with Router 1 by getting a new IP address assigned by Router 1.
Please review this article on How to renew your IP Address.

Permalink


QUICK LINKS:


SUMMARY:

This article outlines how to use SSL Certificates for VPN Authentication.


TERMS:

  • SSL:  Secure Socket Layer is a cryptographic protocol that provides communication security over the Internet.
  • VPN:  Virtual Private Network.  Extends a private network across a public network like the Internet.


REQUIREMENTS:

  • CradlePoint Series three router capable of terminating an IPSec VPN Tunnel: AER2100, MBR1400, MBR1200B, IBR600, IBR650, CBA400, CBA450
  • Valid SSL Certificates (CA Certificate, Router Certificate and Private Key)

First you will need to make sure your certificates are in the proper file format for the CradlePoint router to accept them.

The proper file format is X.509 PEM; Base64 encoded DER alphanumeric with Header and Footer (—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–).  The extension of the file does not matter, but the file must be in this format.

OpenSSL can be used to convert your certificates to this file format.  It is available for free download at www.openssl.org.

Common commands for converting certificates are as follows:

Convert a DER file (.crt .cer .der) to PEM:

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem –nodes

A file in the correct X.509 PEM format can be opened in notepad and should look like the example below.

Headers and footers of PEM formatted files:

Certificate Signing Request (CSR) file in PEM format:

—–BEGIN CERTIFICATE REQUEST—–

and

—–END CERTIFICATE REQUEST—–

Private Key file in PEM format:

—–BEGIN RSA PRIVATE KEY—–

and

—–END RSA PRIVATE KEY—–

Certificate file in PEM format:

—–BEGIN CERTIFICATE—–

and

—–END CERTIFICATE—–

 

Example SSL Certificate Signing Request file in PEM format:

—–BEGIN CERTIFICATE REQUEST—–
MIIB9TCCAWACAQAwgbgxGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHDAaBgNV
BAsME0RvY3VtZW50IERlcGFydG1lbnQxOTA3BgNVBAMMMFdoeSBhcmUgeW91IGRl
Y29kaW5nIG1lPyAgVGhpcyBpcyBvbmx5IGEgdGVzdCEhITERMA8GA1UEBwwISGFt
aWx0b24xETAPBgNVBAgMCFBlbWJyb2tlMQswCQYDVQQGEwJCTTEPMA0GCSqGSIb3
DQEJARYAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ9WRanG/fUvcfKiGl
EL4aRLjGt537mZ28UU9/3eiJeJznNSOuNLnF+hmabAu7H0LT4K7EdqfF+XUZW/2j
RKRYcvOUDGF9A7OjW7UfKk1In3+6QDCi7X34RE161jqoaJjrm/T18TOKcgkkhRzE
apQnIDm0Ea/HVzX/PiSOGuertwIDAQABMAsGCSqGSIb3DQEBBQOBgQBzMJdAV4QP
Awel8LzGx5uMOshezF/KfP67wJ93UW+N7zXY6AwPgoLj4Kjw+WtU684JL8Dtr9FX
ozakE+8p06BpxegR4BR3FMHf6p+0jQxUEAkAyb/mVgm66TyghDGC6/YkiKoZptXQ
98TwDIK/39WEB/V607As+KoYazQG8drorw==
—–END CERTIFICATE REQUEST—–


CONFIGURATION:

  1. To set up SSL Certificate Authentication for a VPN, navigate to INTERNET > VPN TUNNELS.
  2. If the VPN Service is disabled, click the button to Enable VPN Service.
  3. Under Global VPN Settings, check the box labeled Enable Certificate Support.
  4. Click the Upload Certificate button.                                                                                 User-added image
  5. Press the Choose File buttons to browse for your certificate files.  Make sure you choose the correct file for each type of certificate file.  All three files are required and must be in X.509 PEM format.
  6. Press the Load Certificate button.
  7. If you get an error, double-check your file formats.  Most likely, one or more file is in the wrong format. User-added image


When you configure your VPN tunnel, select Certificate for the Authentication Mode.

If the remote end of the VPN tunnel is a Cisco or Juniper router, check the box labeled ASN1.DN Identity.  Otherwise, if you are using a Check Point firewall/gateway or other device, do NOT select ASN1.DN Identity.

User-added image

This document only covers SSL Certificate authentication.  For examples of VPN configurations, please refer to the CradlePoint knowledge base,http://knowledgebase.cradlepoint.com.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 4.4.2

Symptom:

The WAN IP of the CradlePoint is a private IP address rather than a publicly routable IP address.

Cause:

Various Internet service providers (ISP) NAT their connection meaning users may not get a public IP but do get internet access.  This can cause issues when setting up a VPN tunnel. This article explains how to set up a VPN tunnel when one of the endpoints is connecting to the internet behind an ISP that is NAT’d.

NOTE:  At least one of the routers is required to have a publicly routable IP address.

Resolution:

A.  Gather the required information.

  1. Internet IP address of public router.
    1. Connect to the Public Router.
    2. Login to the admin pages (how to log into admin pages link).
    3. Click the Status tab then click Dashboard.
    4. In the Internet section an IP address is displayed, record this IP address it Public IP.

       2.  Internal network IP address of the public router.

  1. On the Dashboard screen locate the Local Networks section.
  2. Locate the  Primary LAN heading and the to the left you will see your internal IP, record this IP address and label it Public Internal IP.

       3.  IP address of Client computer connected to the Public Router.

  1. Click the Status tab then click Client List.
  2. Select a Wired or Wireless client that will always be connected to this router record the IP address of this device and label itPublic Internal Client.

       4.  Internal network IP of NAT’d router.
5.  IP address of client connected to NAT’d router.

B.  For the example presented in this article, the info above will be given the following values:

  1. Internet IP address of public router = 108.122.50.97
  2. Internal network IP of public router = 192.168.5.1
  3. Client Connected to public router = 192.168.5.87
  4. Internal network IP of NAT’d router = 192.168.0.1

C.  Public Router Configuration:

  1. Connect to the Public Router then log into the administration pages.
  2. Click the Internet tab.
  3. Click VPN Tunnels.
  4. Click Enable VPN Service (if disabled).
  5. Click Add.                                                                                                                     User-added image
  6. Enter the Tunnel Name as PublicTunnel.
  7. Check the Anonymous box (VERY IMPORTANT).
  8. Enter the Local Identity as publiccp
  9. Enter the remote Identity as natcp
  10. Enter test as the Pre-shared Key.
  11. Mode should be set to tunnel.
  12. Verify both Tunnel Enabled and MBR1200 Quick Connect are connected.
  13. Click Next                                                                                                                   User-added image
  14. In the Local Networks section click Add.
  15. Enter the local IP address of the Public router (192.168.5.0).
  16. Click Save, then select Next.                                                                                   User-added image
  17. Enter the Nat’d Routers Internal network (192.168.0.0).
  18. Click Save, then select Next.                                                                                   User-added image
  19. Verify that the Phase 1 and 2 Key Lifetime is set to 28800 and 3600 respectively.
  20. Check the box for Perfect Forward Secrecy if not already checked.
  21. Verify the Encrypting, Hash, and DH Groups are set to AES128, MD5, and Group 1 respectively.
  22. Click Next.                                                                                                                   User-added image
  23. Verify Dead Peer Detection is enabled then Click Finish.                                 User-added image
  24. Verify the Tunnel Summary has the correct settings then click Yes.              User-added image

D.  Setting Up the NAT’d Router configuration

26.  Connect your Internet source to the NAT’d router, open your web browser and type 192.168.0.1 in the URL bar.
27.  Log into the CradlePoint and click Internet
28.  Then click VPN Tunnels
29.  Click Enable VPN Service (if disabled).
30.  Click Add.

User-added image

     31.  Enter the tunnel name as NATdCP,
32.  Do Not Check the Anonymous box.
33.  Enter the local Identity as natcp.
34.  Enter the Remote Identity as publiccp.
35.  Enter the Preshared Key, test.
36.  Set the Mode to Tunnel.
37.  Set the Initiation mode to Always On.
38.  Check Tunnel Enabled and MBR1200 Quick Connect.
39.  Click Next.

User-added image

     40.  In the Local Networks section click Add.
41.  Enter the local IP address of the Public router (192.168.0.0).
42.  Click Save, then click Next.

User-added image

     43.  Enter the Remote Gateway. (IP of Public Router)
44.  Enter the Remote Network by clicking Add, then Save.  This will be the local network on the Public Router.
45.  Click Next.

User-added image

     46.  Verify the Phase 1 and 2 Key Lifetime is set to 28800 and 3600 respectively.
47.  Check the box for Perfect Forward Secrecy, if not already checked.
48.  Verify the Encrypting, Hash, and DH Groups are set to AES128, MD5, and Group 1 respectively.
49.  Then click Next.

User-added image

     50.  Verify Dead Peer Detection is enabled then click Finish.

User-added image

     51.  Verify the Tunnel Summary has the correct settings then click Yes.
52.  Check the tunnel by using a Ping test set to the Public router’s internal network (192.158.0.1).

User-added image

     53.  Check the Tunnel statistics, click the Status tab.
54.  Then select VPN Tunnels.

User-added image

NOTE:  The VPN tunnel will always need to be initiated from NAT’d router or a device on the NAT’d routers LAN.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here
 
This article was written based on firmware version 4.3.2


SUMMARY:

This document outlines how to setup an IPSec VPN tunnel between a CradlePoint series three router and a Cisco router.


TERMS:

  • IPSec – protocol used for securing IP communications by authenticating and encrypting each IP packet of a communication session
  • VPN – Virtual Private Network.  Extends a private network across a public network like the Internet.



REQUIREMENTS:

  • Cradlepoint Series 3 router capable of terminating an IPSec VPN Tunnel: MBR1400, IBR600, IBR650, CBR400, CBR450, CBA750B, MBR1200B.
  • Cisco router is running IOS 12.0 or newer.
  • Customer who needs a secure connection between two remote networks.
  • Static publicly routable IP Addresses on both the CradlePoint and Cisco routers.



DIRECTIONS:

Part A:  Configure IPSec Tunnel on the CradlePoint
Part B:  Configure Tunnel on the Cisco Router


A. Configure the CradlePoint router:

  1. Navigate to Internet -> VPN Tunnnels.
  2. Click the Enable VPN Service, then click Add.
  3. Enter a Tunnel Name and a Pre-Shared Key.
  4. Click Next.                                                                                                                      User-added image
  5. Under Local Networks, click Add, and then enter the LAN IP network address and netmask of the CradlePoint router and click Save.
  6. Click Next.                                                                                                            User-added image
  7. Under Remote Networks, enter the Gateway (IP Address of the Cisco router’s interface that the VPN will connect to).
  8. Click Add, and then enter the LAN IP network address and netmask of the Cisco router and click Save.
  9. Click Next.                                                                                                                User-added image
  10. Select the IKE Phase 1 parameters you want.  For efficiency, CradlePoint recommends DES encryption, SHA1 hash, and DH Group 1.
  11. Click Next.                                                                                                                               User-added image
  12. Select IKE Phase 2 parameters you want. For efficiency, CradlePoint recommends DES encryption, SHA1 hash, and DH Group 1.
  13. The Cisco default Phase 2 Key Lifetime is 86400, so CradlePoint recommends setting it to that.
  14. Click Next.                                                                                                                                  User-added image
  15. Configure Dead Peer Detection to your preferences.  We recommend keeping this enabled.
  16. Click Finish.                                                                                                       User-added image
  17. You will see a Tunnel Summary screen.  Review the settings and make sure they are correct.
  18. Click Yes to enable the tunnel.                                                                          User-added image


B.  Configure the Cisco router:

Make the necessary changes to the following config for your network and paste into your Cisco router.

!
crypto isakmp policy 2
 authentication pre-share
crypto isakmp key <pre-shared key> address 172.16.1.2 (IP Address of Cradlepoint WAN)
!
!
crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description tunnel to cradlepoint
 set peer 172.16.1.2 (IP Address of Cradlepoint WAN)
 set transform-set ASA-IPSEC
 match address 100
!
!
interface FastEthernet0 (Change interface to your WAN interface)
 switchport access vlan 50 (Change VLAN if necessary)
!
interface FastEthernet1 (Change interface to your LAN interface)
 switchport access vlan 10 (Change VLAN if necessary)
!
interface Vlan10
 ip address 10.10.10.1 255.255.255.0 (Change to your LAN IP Address and mask)
!
interface Vlan50
 ip address 172.16.1.1 255.255.255.252 (Change to your WAN IP Address and mask)
 crypto map SDM_CMAP_1
!
ip route 192.168.0.0 255.255.255.0 172.16.1.2 (Change to Cradlepoint LAN and WAN)
!
access-list 100 permit ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 110 deny   ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
(Change the above IP ranges to match Cisco LAN)
!
!
!
!
route-map nonat permit 10
 match Ip address 110

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.
This article was written based on firmware version 4.1.1.Overview:

One feature of the Cradlepoint Series 3 product line is the Serial Redirector added in firmware version 3.3. This serial redirector option allows administrators to establish a console connection to hardware which the router is configured for. This allows for out-of-band management and troubleshooting of network equipment in the case of service outages. Once turned on, this feature is used by establishing a telnet client session with the router, which then redirects the telnet traffic to the attached console cable.


System Requirements:

Serial Redirect is currently supported on the following Cradlepoint Routers

  • MBR1400
  • CBR400
  • CBR450
  • COR IBR600
  • COR IBR650

A USB-to-serial adaptor that uses an FTDI chipset such is required to use this feature. For the COR products, a Micro-Mini USB adaptor will also be required. For more information on finding the right kind of adaptor, consult the guide in the following link;
http://www.cradlepoint.com/sites/default/files/productdocs/USB_to_Serial_Console_3.16.12.pdf
Make all the appropriate physical connections before beginning the configuration.

  • Connect the USB-to-serial adaptor to the USB port of the Cradlepoint router
  • Connect a console cable (RJ45-to-DB9) to USB-to-serial adaptor cable
  • Connect to console port of device you’re like to manage

Hardware Setup Example

  • Log into the setup pages (click here for instructions) of the router and navigate to System Settings > Serial Redirector
  • Check the Enabled box, and wait for Server Status to say Ready (NOTE: Server Status will read Starting and never change if there is a problem with the detection of the adaptor. This usually means the adaptor is not supported by the router)
  • Customize your configuration to match the requirements of the device the router will be establishing a serial connection with


The configuration options will need to be tested and adjusted to find a working configuration for your specific device. Some routers will require tweaks to the configuration for proper functionality.
Administration page of router serial redirect setup
Below is a list of tested configurations of Serial connections to specific devices:
·         Cisco 1841 – 9600/8/N/1. Linefeed needs to be changed to CR/LF
 
Using your systems telnet client software (putty shown below), establish a session to the IP address of the router. The IP address you use will depend on if the Serial Redirector is configured for LAN, WAN, or both. In this example we’re establishing a session to the LAN IP address.
Putty example SSH client

After the session is established you’ll be able to access the console of your device
Console session

Permalink


This article was written based on Series 3 firmware version 5.0.0If you are unsure of what your router’s Series or Model number is, please click here.

Summary:

In certain cases, it may be necessary to clone a computer’s MAC address within a CradlePoint in order to establish a connection to a Cable, DSL, or Satellite modem. This article describes the steps necessary to do this.


Directions:

Finding your computer’s MAC address:

  1. Get to your computer’s Command Line Terminal (do a search on the Internet on how to do this for your particular Operating System)
  2. Type ipconfig /all and hit enter.
  3. Look for a Physical Address under Ethernet adapter Local Area Connection, and write it down.


Cloning the MAC address in your router:

  1. Connect to your router and access its administrative console. Click here if you are not sure how to do this.
  2. Click on the Network Settings tab, then select Connection Manager from the drop-down. User-added image
  3. In the WAN Interfaces section, click on the line corresponding to your Ethernet connection and click EditUser-added image
  4. Click on the Ethernet Settings tab within the WAN Configuration window.                                                                                                                
  5. Enter your Physical Address in the MAC Address box and then click SubmitUser-added image
  6. Disconnect the router from the modem.
  7. Power off both the router and the modem.
  8. Power on just the CradlePoint and wait for it to fully boot up.
  9. Power on the modem and wait for it to establish an internet connection.
  10. Reconnect the two devices with an Ethernet cable.

Your modem should now see the CradlePoint with the cloned MAC address, allowing a successful connection.

Permalink


If you are unsure what model or series router you have click here.

This article was written based on the 5.0.0 series 3 firmware version. If you have a Series 2 product, please refer to this article.

Summary:
In some cases, a router needs to have a specific firmware version installed in order to recognize and correctly use a modem. This article describes different ways of checking the router and modem firmware versions on a Series 3 CradlePoint router.

Contents:

Directions:
If you are not sure how to access the administrative console of your CradlePoint router, click here.

Checking Router Firmware – Method 1

  1. If you are not automatically redirected to your router’s Dashboard page upon logging in, click on the Status tab, and select Dashboardfrom the drop-down menu.                                                               User-added image
  2. The router’s firmware version is displayed under the Router Information section.

Checking Router Firmware – Method 2

  1. Click on the System Settings tab, and select System Software from the dropdown.  User-added image
  2. The router’s firmware version is listed as the Current Firmware Version, within the Firmware Upgrade box.

Checking Modem Firmware – Method 1

  1. Click on the Status tab, and select Internet Connections from the dropdown.
  2. Select your modem in the Device List.                                                    User-added image
  3. The modem firmware version will be listed in the Device Information below.

Checking Modem Firmware – Method 2
NOTE: This method will work only with the ARC and COR series products.

  1. Click on the Internet tab, and select Connection Manager from the dropdown.
  2. Select your modem in the WAN Interfaces list, and click Control.           User-added image
  3. Click on the Firmware button in the Update/Activate Device window.                        User-added image
  4. The firmware version will be displayed as the Current Version within the Firmware Upgrade box.  User-added image

Additional Resources:

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0

Symptom: 

Limited wireless range, WiMAX modem connection issues, Wi-Fi connection drops on a Series 3 router.

Cause:

Possible radio interference on the Wi-Fi channel that CradlePoint router is broadcasting on.

Resolution:

  1. Log in to the administration pages of the CradlePoint router (how to log into Series 3 routers)
  2. Once logged in click on the Network Settings tab.                                                                User-added image
  3. Then click WIFI / Local Networks in the drop-down menu.                                                    User-added image
  4. Scroll down to the box labeled Advanced WiFi Settings.
  5. In the Channel Selection Method drop down, select User Selection.  A channel selection drop down menu will appear.                                                                                                                         User-added image
  6. Select the channel you wish to use.                                                                                     User-added image
  7. Click Apply to save the settings.                                                                                          User-added image
  8. Click Ok on the warning window that appears.
  9. Click Ok on the “Settings were successfully applied” window.

You have successfully changed the Wireless Channel on the CradlePoint router.  Test your wireless network for possible improved performance.  If performance is not improved repeat these steps choosing a different Wi-Fi channel.

NOTE:  If changing the Wi-Fi channel to improve WiMAX 4G connection characteristics use channel 1 for best results.

Permalink


f you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

“NAT Type Strict” or similar message on a Gaming Console (Xbox 360, Playstation 3, Wii, etc.)


Cause:

Network Address Translation (NAT) is the service that allows multiple devices connected behind a Modem that obtains a Public IP Address.  The way this Translation is configured can, at times, cause the “Strict NAT” messages to be generated on the Gaming Console.


Resolution:

  1. Log into the router’s setup pages. (If you are unsure how, please click here.)
  2. Click on the Network Settings tab and select DHCP Server.
    • Note:  You will be presented with a list of all devices currently obtaining IP addressing from your CradlePoint router, including your gaming Console.  This can be verified by looking at the Hardware Address column in the router’s setup pages (as pictured) and comparing it to the MAC or Hardware Address of the gaming Console.  The gaming Console’s MAC address information should be found in the Consoles Network Settings.
  3. After the MAC address has been verified select the entry and press the reserve button.  Make note of the IP Address listed for the gaming Console.                                                            User-added image
  4. Select the Network Settings tab then Firewall.
  5. Scroll down and open up the Advanced Demilitarized Zone (DMZ) section.
  6. Check the Enabled box and then put in the IP address noted in step 2.
  7. Press the Submit button to apply the changes.


After submitting these settings your gaming Console will be outside of the CradlePoint router’s Firewall which resolves any NAT issues on the gaming Console.  If you continue you to receive the “Strict NAT” messages generated on the Gaming Consoles it is likely that your internet carrier has a firewall in use on your connection.  However, the issue no longer resides in the router and you will need to contact your ISP.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0

Please consult the following video for a walk-through, or skip to the Resolution section and begin step one

Symptom:

IP address conflict.

Cause:

Connecting the CradlePoint router to existing networks or some modems may cause an IP conflict.  This requires that the default CradlePoint router IP address be changed.

Resolution:

  1. Log into the routers setup page (login instructions).
  2. Select  the Network Settings tab then select Wi-Fi / Local Networks or Local Networks for non-Wi-Fi routers.        User-added image
  3. In the Local IP Networks section check the box next to Primary LAN then click Edit.  User-added image
  4. Change the IP Address to 192.168.1.1 (or any IP address you prefer).                                    User-added image
  5. Click Submit to save settings.

Note:  After changing the default router IP address you will now need to access the CradlePoint’s administrative console using the new address, as well as refresh the IP address on your computer or device by disconnecting from the CradlePoint and reconnecting.

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article was written based upon firmware version 5.0.0.

Description:

The CradlePoint MBR1400 and MBR1200B routers have five Ethernet ports that can be configured as either a LAN ports or as a WAN ports.  By default, they are configured with one WAN port and four LAN ports.

LAN mode:
LAN mode is used for connecting a wired computer’s Ethernet port (or a switch connected to several computers) into to the CradlePoint MBR1400 or MBR1200B.

WAN mode:
WAN mode is used for connecting a wired WAN source (DSL, cable, satellite, etc.) to provide an Internet connection to the CradlePoint MBR1400 or MBR1200B.

To reconfigure any of the Ethernet ports to be used as a WAN port, follow the directions below.

Directions:

  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Click Network Settings and then WiFi / Local Networks from the drop-down menu
    User-added image
  3. Scroll down to Local Network Interfaces, then select the Ethernet Port Configuration tab.
    User-added image
  4. Change the Ethernet port’s Mode from Local Network (LAN) to Internet (WAN)
    User-added image
  5. The CradlePoint will now warn you that you will no longer be able to access the admin console from a computer connected via the Ethernet port.  If you are connected wirelessly this warning does not apply.  If you are wired into the CradlePoint to make this change, make sure that you will be able to connect wirelessly after making this change.                                                                                           User-added image

After making this change, one of the CradlePoint MBR1400 or MBR1200B’s Ethernet ports will now be configured to accept a WAN connection.

For additional assistance connecting a wired connection (DSL, cable, satellite, etc.) to the MBR95, MBR1200B, or MBR1400 please click here.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Description:

Typically all computers connected to a router are protected by the router’s firewall.  In order to allow a computer on the Internet to connect through the router to a specific computer it is necessary to either manually forward the required ports, Port Forwarding on a Series 3 CradlePoint, or place the device/computer on the CradlePoint’s Demilitarized Zone (DMZ).

The CradlePoint’s routers DMZ opens all ports that are not already reserved and passes them to a single device/computer attached to the routers LAN.  This essentially places the device/computer outside the CradlePoint’s firewall.  This setting is often used to allow gaming consoles to host online games.

Any port forwarding rules or enabled administrative ports have a higher priority than the DMZ rule.

Directions:

Before adding a computer to the DMZ it is important to ensure that the device/computer is always assigned the same IP address from the Cradlepoint router.  To ensure that the device/computer is always assigned the same IP address from the Cradlepoint router Add a DHCP reservation on a Series 3 CradlePoint.  Verify that the device/computer receives the correct IP address from the router.

  1. Log into the router’s setup page (login instructions).
  2. If your router has a Basic Mode / Advanced Mode toggle button beneath the CradlePoint logo on the top left-hand side (e.g. MBR95, CTR35), you will need to set it to Advanced Mode.
  3. Then, click on the Network Settings tab then select Firewall.                                                    User-added image
  4. Expand the ADVANCED DMZ (DeMilitarized Zone) section.
  5. Check the Enabled box then enter the device/computer IP address into the IP Address field.User-added image
  6. Click Apply to save settings.

The device/computer is now outside of the routers firewall.  Any connection originating from the Internet that does not have an applicable port forwarding rule will be passed directly to the device/computer in the DMZ.

Permalink


If you are unsure of which CradlePoint Series or Model number you have, please click here.
This article was written based on firmware version 5.0.0 for Series 3 CradlePoint routers.


Overview:

Most GSM & LTE based networks require an Access Point Name or APN to be entered in the router to establish the final handshake between the carrier’s cell tower and the modem/aircard. 

You can find a list of commonly known APN’s by clicking here.  If you do not see your carrier in this list, but it is a GSM-based network, contact the carrier directly and ask which APN needs to be used.

Refer to the two articles linked below for the instructions on entering the APN or AT Dial Scripts:

  • APN Instructions: Please consult this link for instructions of how to set the APN.
  • AT Dial Script Instructions:  These instructions are only to be used as a last resort, if the standard APN does not work. Click here to view the directions to enter AT Dial Commands, as well as some examples.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.


Summary:

In some cases, it is necessary to log into the router’s administrative console to make configuration changes or to troubleshoot. This article describes how to do this.

Directions:

  1. Connect your computer to the CradlePoint router with an ethernet cable or wirelessly. Please reference this article for further instructions.
  2. Ensure that your computer is connecting only to the CradlePoint router by disconnecting all other wired and wireless network connections. This includes disconnecting the aircard or modem from your computer.
  3. Open a web browser, such as Firefox, Chrome, Safari, or Internet Explorer, type http://192.168.0.1 in the address bar and press enter/return on your keyboard. This site is hosted locally on your CradlePoint router, so you do not need internet access to view this page.
    • Note: Some browsers include both an address bar and a search bar. Make sure you are typing into the main address bar.
    • Note: If you suspect the router’s address may have been changed, try typing http://cp/ instead.
  4. You should see a page with the CradlePoint logo prompting you to enter the administrative password. Reference the following articles if you are not sure what your password is: Instructions for Series 2 Routers and Instructions for Series 3 Routers
    • Note When Using Internet ExplorerIf you see the CradlePoint logo, but don’t have the option to enter the password, you may need to Enable Compatibility View Mode. If you are still having difficulty logging in to the router, disable any extra add-ons by going to Tools -> Manage Add-Ons. You might consider using a different web browser such as Firefox, Chrome, or Safari to access the administration pages. 
  5. After you have entered your admin password, you will be logged into the administration console of your CradlePoint router and will be able to change the router’s settings.

Permalink


If you are unsure of which CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.


Overview:

With the introduction of the AER 2100, CradlePoint has a router that supports dual band concurrent WiFi.  The AER 2100 is capable of broadcasting WiFi on the 2.4 GHz & 5.0 GHz frequency bands simultaneously.  The AER 2100 is capable of up to 4 SSID’s per frequency band, and each SSID can be added to its own LAN, all on the same LAN, or set up on different LANs to fit your needs.  This article will show how to enable both the 2.4 and the 5.0 frequency band WiFi, edit their SSID’s and Passwords, and adding them to each their own LAN.


Configuration:

  1. Log into the router’s Administration page, if you are unsure how click here.
  2. Click on Network Settings then WiFi / Local Networks.                                               User-added image
  3. Under the Local Network Interfaces section click the tab of the WiFi Radio you would like to turn on, and then click Enable if it is not already enabled.                                                                                         User-added image
  4. Once enabled you can edit the SSID’s, passwords, and other options by placing a check in the box next to the WiFi Name you want to alter, and click Edit.                                                           User-added image
  5. After configuring your SSID, if it is not attached to a Network, you will need to do so before it will be functional.  You can attach the SSID to an existing Network, or you can create a new Network (instructions here) and then attach the SSID to it.  Place a Check next to the Network that you would like to attach the SSID to, and click Edit.                                                 User-added image
  6. Click on the Interfaces tab, select the SSID you configured from the Available window, click the which will move it to the Selected window, then click Submit.                                                                                     User-added image

Permalink


If you are unsure of the Series and Model of the CradlePoint Router, click here.

This article was written based on firmware version 4.4.0.

Overview:

This article is for Series 3 CradlePoint routers.  It covers some basic troubleshooting steps to take if you are experiencing internet connection issues, such as no internet or intermittent internet connectivity.

Pre-Check items:

1. Ensure that you can get online with your modem connected directly to your computer.
– If you cannot, please contact your service provider or modem manufacturer. Otherwise, please proceed with steps outlined further in this article.
**NOTE: If you are using one of our modems, this test will not work.**

2. You will want to make sure your firmware is up to date before proceeding, as a firmware update could resolve your issue.
**NOTE: Before you do an update, be sure to check the firmware release notes to verify that your modem is supported on that new firmware.**
– Click here for directions on how to update your firmware on the router.
– Click here to update the firmware on one of OUR supplied Internal or External Modems if you have an internet connection.
– Click here to download a zipped folder containing the directions and file for updating the modem firmware manually.

3. You will want to check your signal strength to determine if your issue is signal strength related, directions on how to do so can be found here.
**NOTE: You may not have a signal strength if there is no connection at all, this mainly pertains to an unstable connection.**

4.  If you are in a 3g only area or if your modem only connects on 3g in your computer, then you will want to force the modem to 3g in our router.
– Click here to force an LTE modem to 3g.
– Click here to force a WiMAX modem to 3g.

If your firmware is up to date, your signal strength is good, and the modem works in a computer directly then proceed on.

Directions:

1. Log into your router’s administration pages, if you are unsure how, click here.

2. Click on the Internet Tab then click on the Connection Manager from the drop down.

User-added image

3. While on this page check the State of your Modem.
**NOTE: Your modem may be different that what is listed here.**

User-added image

The State of the Modem will determine what to do next.
State Actions
Unconfigured Usually will not stay in this state for long, will usually change to Suspended or Connecting, if your modem stays at Unconfigured, click on the modem to highlight it blue and expand it open with more information.  There should be an ERROR (below is how to troubleshoot the errors).
Connecting Nothing. The modem is trying to connect.  If it stays at this state, you may want to check your signal strength here, or check your system logs under Status > System Logs.
Connected Nothing, if the modem is indicating that it is connected, but you still cannot get out to the internet, check for DNS issues here.
Available Nothing, Modem is ready to connect, but will not connect unless the modem above it in priority has failed / lost connection, or if you enable Load Balancing.
Not Activated You may need to activate your modem, click on your corresponding carrier for directions on how to do so: IBR600E/IBR650E | AT&T | Verizon | Clear | Sprint
Activating Nothing. The modem is in the process of trying to activate.  This can take up to 24 hours, but usually takes no more than 10 minutes.
Dormant Modem is in a sleep mode.  Try disconnecting and re-connecting the modem.  In some cases, you’ll need to insert the modem into a computer to re-activate it before plugging it back into the CradlePoint router.
Suspended Click on the modem listed and it will expand open and highlight blue with additional information, you are looking for the ERROR that is listed.

 

The Error shown under the Modem will determine what to do next.
Error Action
CARRIER REJECT If you have or are supposed to have a Static IP from your Cellular carrier you may need to manually set the APN, you will need to call your carrier to get the correct APN. For all others, you can try different APN names to troubleshoot. If this alternative doesn’t work, call your carrier.Here is how to change the APN in of a Series 3 CradlePoint Router.
NO CARRIER CradlePoint recommends contacting your ISP to have them double check your connection, and make sure the SIM card / modem is provisioned properly.
NO SIM The SIM card is not inserted, it is inserted improperly, either the SIM or the port for the SIM may be bad, or you have an incorrect size of SIM card.If the SIM is inserted properly, and is the correct size, and you are still getting the NO SIM error, then you need to test the SIM card in a different device to eliminate the SIM being the issue.Here is the correct Size SIM for use in CradlePoint products.
BUSY Reset your Modem, if that does not work call your Internet Service Provider.Click the following link and proceed to step 5 BUT, instead of clicking Firmware, click RESET.  Here is the link.
IP CONFLICT The CradlePoint is detecting an IP Conflict, usually this happens when there is something on the network that has the same IP address as the one of CradlePoint’s networks.  This can also be due to an incorrectly configured modem, and/or it can be an incorrect configuration on the CradlePoint.

Permalink


This article is written for series 3 products on the 4.3.2 or 5.0.0 firmware version.

If you are not sure which series or model CradlePoint router you have, click here.


Symptom:

I cannot connect to the internet through my CradlePoint while using my iPhone as a form of internet.

Cause:

The Apple iPhone is not a supported modem.  A CradlePoint router will not be able to recognize the Apple iPhone when it is connected to the router via the USB port.

Resolution:

Check if your version of the Apple iPhone has the capability to create a Wi-Fi HotSpot (You may be subject to additional charges from your carrier). If it does, you may be able to access the internet by using your CradlePoint router’s Wi-Fi as WAN feature to connect to the iPhone’s HotSpot. Instructions on configuring WiFi as WAN can be found here.

Alternatively, click here to view the list of officially supported modems for each CradlePoint router.

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Symptom:

A Series 3 CradlePoint router is unable to connect to an existing wireless network using the Wi-Fi as WAN feature.  Other computers may be able to connect fine to this wireless network.

Causes:

While the CradlePoint routers can connect to most wireless networks, there are several reasons that can affect the ability to connect:

  • The CradlePoint router firmware is old and needs to be updated.
  • The CradlePoint router’s IP address conflicts with the WiFi router’s IP address.
  • The WiFi network uses additional security beyond standard WiFi security (WEP/WPA/WPA2).
  • The WiFi access point may require additional login information (authentication).
  • The WiFi access point is using WPA-Enterprise security.

 

Resolution:

  • The WiFi access point’s security is preventing connection.
  • Newer CradlePoint firmware revisions include changes that allow connection to more types of WiFi access points.  It may be necessary to upgrade the CradlePoint router firmware to a newer version, How to update router firmware.
  • If the wireless network uses additional security (such as MAC address filtering) to restrict access, you will need to contact the network’s administrator to ensure there are no other requirements to connect.
  • When connecting to a network from a computer if you are immediately redirected to another authentication page to log in before you can use the Internet, the CradlePoint router will not be able to connect to this type of network.
  • The CradlePoint router does not have the ability to connect to WPA-Enterprise encrypted wireless networks.
  • Disable the WiFi Protected Access (WPA) on your WiFi access point, in some cases you may need to call the provider for information on how to accomplish this.


*NOTE* If you disable the WPA on your WiFi access point and there is still no connection then this setup, unfortunately, will not work.

Permalink


Products Supported: AER31x0, AER2100, MBR1400, MBR1200B, CBA850, CBA750B, IBR350, IBR6x0, IBR11x0. 

Summary

The Cradlepoint router CLI is a captive text-based interface for configuring, managing, and debugging Cradlepoint routers.

This document provides an overview of Cradlepoint’s Command Line Interface (CLI) feature available in Series 3 Cradlepoint routers.

Terminology

Prompt (or Command Prompt): The input field at the bottom of the CLI interface. This is where “commands” and “arguments” are entered into the system.

Command: A “command” is a single word instruction for the router to process. It is sent to the router as the first word entered at the “Command Prompt”.

Argument: An argument refers to the text that follows the command. Most commands have optional arguments that control in influence the way the command will run. Arguments for each command can typically be discovered by running the command with the “–help” argument or by running “help COMMAND”.


Configuration

Configuration Difficulty: Intermediate

Enabling SSH Server to use the CLI

Note: By default local SSH is enabled by default. These instructions are only needed for situations where you may have previously disabled SSH access.

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Click on System then Administration from the navigation menu.
  • Step 3: Click on Local Management.
  • Step 4: Place a checkmark in the box next to Enable SSH Server.
    • The SSH Server Port can be changed away from the default SSH port of 22 to a port of your choosing. This is highly recommended for any situation where Remote SSH will be enabled.
  • Step 5: Click Save.

Optional: Enable Remote SSH Access

  • Step 6: Click on Remote Admin from the navigation menu.
  • Step 7: Place a checkmark next to Allow Remote SSH Access.
  • Step 8: Click Save.

Accessing the CLI

Connecting a Client Computer to the Cradlepoint’s SSH Server

CradlePoint Series 3 routers are designed to support standards-based SSH-2 clients. Many modern operating systems (such as GNU/Linux or Apple OSX) include an SSH client that can be run directly from the computer’s terminal prompt. For these platforms simply locate and execute the Terminal software of your preference, then run the “ssh” command with the username and password of the router:

ssh admin@192.168.0.1

For Microsoft Windows computers, we recommend using the free and well-supported PuTTY SSH client, available here.

User-added image

See the PuTTY web page and application help for details on making SSH connections. The only details you should need to provide are the username, password and IP address of the router. The default username is always “admin” as shown above.

User-added image

Connecting to Cradlepoint’s SSH Server console through the UI
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Click on System, then System Control, and then Device Options.
  • ​​Step 3: Click on the Device Console button. The device console will open up in a new window.

User-added image

User-added image

Connecting to Cradlepoint’s SSH Server console through ECM
  • Step 1: Log into https://www.cradlepointecm.com. For additional information on ECM, please click here.
  • Step 2: After logging into ECM, click on the Devices tab on the left then select the router you would like to console into on the right.

​          User-added image

  • Step 3: Once the router is selected, click on Commands then Console and this will open up another window as shown below.

​          User-added image
User-added image

  • Note:  CLI Session History can be saved by clicking the checkmark in the menu bar of the Console Session.

CLI Usage

Once you successfully login you will see a command prompt similar to this:

[admin@MBR1400-301: /]$

This shows you your username (admin), the system ID (MBR1400-301 in this case), and the current working directory (/). The working directory is important for many commands, as it represents the “ConfigStore” context for many commands, as shown below.

Navigating Using the CLI

An important part of a command line shell is the notion of a hierarchical file system which is usually backed by a tree structure of directories and files on a hard disk or SSD storage device. In the case of Cradlepoint routers, this file system hierarchy is backed by the routers configuration, status and control system known as the “ConfigStore”.

The ConfigStore is like the central nervous system for the router and acts as a live interactive portal to the routers current state and configuration settings. We will expand on this thought as we move forward, but try to remember that the files and directories that we talk about are live elements of the router. Any changes to those files and directories will result in immediate application and proliferation through the routers internal subsystems. Likewise, when viewing the contents of files, you will always be presented with the most current data.

Basic navigation commands:

|Command|Action|Explanation| |—|—|—| |ls|list|Lists the directories and files| |cd|change directory|changes to the specified directory| |get|get|gets the values of the directories and files|

When you first log in your current working directory will be the “root” directory (/).

[admin@MBR1400-301: /]$

The “ls” command lists the directories and files in your current working directory. Running the “ls” command from the “root” directory returns the “control/, status/, and “config/” directories.

[admin@MBR1400-301: /]$ ls 
control/           status/            config/ 

You can change the working directory using the “cd” command, followed by the directory to change to. Running “cd config” changes the current working directory to “config/”. Notice that the prompt now shows that the current working configuration is now “/config/”

[admin@MBR1400-301: /]$ cd config
[admin@MBR1400-301: /config]$

If you run the “ls” command from the config/ directory, you will see all the directories and files in the “config/” directory.

[admin@MBR1400-301: /config]$ ls
ethernet/  wan/       lan/       shell/     qos/       dns/      
firewall/  failover/  alerts/    system/    hotspot/   wwan/     
gre/       routing/   dhcpd/     webfilter/ wlan/      vpn/      
stats/    

Like before, you may use the “cd” command to change the current working directory. Typing “cd system” changes the current working directory to “config/system/”.

[admin@MBR1400-301: /config]$ cd system

[admin@MBR1400-301: /config/system]$ ls
mac_monitor/          local_domain          timezone             
at_passthrough_proxy/ serial/               upnp/                
ui_activated          snmp/                 first_boot           
dyndns/               system_id             email/               
gps/                  users/                power/               
ntp/                  pci_dss               wipc/                
qxdmproxy/            logging/              admin/               
watchdog/             disable_leds          reboot_schedule/     
dst_enabled

The “get” command by itself may be used to return the values of all files in the current working directory. The “get” command followed by a filename or directory will return only the values for that location.

The “config/system/dstenabled” file represents whether daylight savings time has been enabled in the router. Using the command “get dstenabled” we can find whether daylight savings time is enabled.

[admin@MBR1400-301: /config/system]$ get dst_enabled
true

To change to the parent directory use the special “..” path. Each directory path must be separated with “/” character. To go up two levels, for example, you would type “cd ../..”.

For example:

[admin@MBR1400-301: /config/system/logging/]$ cd ..
[admin@MBR1400-301: /config/system/]$ cd ../..
[admin@MBR1400-301: /]$

The command line interface supports “tab-completion” (http://en.wikipedia.org/wiki/Command-line_completion) which can reduce the number of key strokes required to enter a command name or path name. To use this feature simply type the first part of a command or path name and hit the tab key to complete the word. If the word is not unique you can hit the tab key twice to see a list of conflicts.

Commands

To see a complete list of commands type “help”. To get detailed help about a specific command simply run “help COMMAND” such as “help ls”. Here is an incomplete list of some basic and important commands:

|Command|Description| |—|—| |wan|Show and configure wan devices. Detailed information about a wan can be obtained by providing the UID of the wan device as the first argument| |lan|Show the current LAN configuration and status| |wireless|Show status of all Access Points on the router and connected wireless clients| |get|Get value for config item(s)| |set|Set a value to a config item| |delete|Delete an item from the config| |inspect|Show the data type definitions for a config path. This is useful for learning the requirements of a particular config resource| |log|Show and search through the system log| |passwd|Changes your password| |factory_reset|Reset the config to factory defaults. Use with caution|

Reading and Writing Values

The “get” and “set” commands are used to read and write values to the router’s ConfigStore. The format for all these values is JSON (http://json.org). Because the file system in the CLI is also the ConfigStore, you can run “get” on the entire ConfigStore if desired. For example if you run “get” from the root directory you will see the complete contents of the routers ConfigStore. The “get”, “set”, “append”, and “delete” commands all take the current working directory into consideration, so the argument that follows the command should be the path within or with reference to the current directory. Use the “ls” command to view the contents of the current directory when in doubt.

Here are a few examples that illustrate the multiple ways in which you can view the contents of the system.

We can run the get and ls command from any directory we want if we use an absolute path as the argument. An absolute path is any path that begins with a “/” character; this indicates that the path begins at the root directory.

[admin@MBR1400-301: /]$ get /config/system/logging/level
"info"

[admin@MBR1400-301: /]$ ls /config/system/logging   
console        level          firewall       enabled       
max_logs       modem_debug    remoteLogging/

Alternatively, we can change our current working directory to the location of interest and run the commands from there.

[admin@MBR1400-301: /]$ cd /config/system/logging/
[admin@MBR1400-301: /config/system/logging]$ ls
console        level          firewall       enabled       
max_logs       modem_debug    remoteLogging/

[admin@MBR1400-301: /config/system/logging]$ get level
"info"

The “.” path name refers to the current working directory which can also be used as an argument to the get command. You will notice the output is very similar to the ls commands output, but is formatted as JSON and includes the contents of the sub-directories too.

[admin@MBR1400-301: /config/system/logging]$ get .
{
    "console": false,
    "enabled": true,
    "firewall": false,
    "level": "info",
    "max_logs": 1000,
    "modem_debug": false,
    "remoteLogging": {
        "enabled": false,
        "system_id": false,
        "utf8_bom": true
    }
}

If we change to the parent directory we can run the get command again but this time we must provide the relative path to the item we would like to see.

[admin@MBR1400-301: /config/system/logging]$ cd ..
[admin@MBR1400-301: /config/system]$ get logging/level
"info"

From those examples we can see that the log level is set to “info” which means only messages of informational priority or higher will be stored in the system log. Let’s say that we want to change this value to something else. We can use the “inspect” command to see what the valid values for this config setting are and then use the “set” command to update the value.

[admin@MBR1400-301: /]$ cd /config/system/logging/    

[admin@MBR1400-301: /config/system/logging]$ inspect level
Path: /config/system/logging/level
Name   Type     Current value   Default Value   Options
----------------------------------------
level  select   info            info            debug, info, warning, error, critical

We can now see that the default value is “info” and the available options include a “debug” value which we want to set the router to use. Just to verify that the current value is indeed set to “info” we run the get command prior to our change.

[admin@MBR1400-301: /config/system/logging]$ get level
"info"

Now we simply run the “set” command with the new value. Remember this value MUST be valid JSON (http://json.org), so in this case the string value will be encapsulated in double quotes.

[admin@MBR1400-301: /config/system/logging]$ set level "debug"

Running the “get” command again verifies that the change was indeed accepted.

[admin@MBR1400-301: /config/system/logging]$ get level
"debug"

As a short example of the internal error handling, we can purposely enter invalid values to test the systems validation procedures.

[admin@MBR1400-301: /config/system/logging]$ set level 3.14
Error: invalid value (3.14) at: ['config', 'system', 'logging', 'level']
Reason: invalid option

[admin@MBR1400-301: /config/system/logging]$ set level __not_json__
Invalid value: No JSON object could be decoded

[admin@MBR1400-301: /config/system/logging]$ set level "not_an_option" 
Error: invalid value (not_an_option) at: ['config', 'system', 'logging', 'level']
Reason: invalid option

Permalink


Type and Size of SIM Cards Used in Cradlepoint Modems

Products Supported: all Cradlepoint router models with a SIM slot. Click here to identify your router.

Firmware Version: 5.3.x and higher (all Series 3 routers) and 2.4.0 (CBA750)

Summary

This article describes the type of SIM card that is required for the operation of a Cradlepoint modem.

Cradlepoint modems only work with standard 2FF SIMs. A different type of SIM is likely not going to work correctly and might either get stuck or damage the modem.


 

Description

The Cradlepoint routers and modems listed below are equipped with a SIM card slot that can be used with a provisioned SIM card from a compatible cellular carrier:

  • MC200 – all models
  • MC300 – all models
  • MC400 – all models
  • IBR600 (Router) – all models, except NM, E-SP, and E-VZ versions
  • IBR600 (Router) – all models, except NM, E-SP, and E-VZ versions
  • IBR350 (Router) – all models, except NM
  • IBR1100 – all models
  • IBR1150 – all models

The SIM slots in these Cradlepoint products are designed to accept “Mini-SIM” cards, also referred to as a “2FF”. These “Mini-SIM” cards measure 25.0mm x 15.0mm x 0.76mm.

User-added image

Please note: the smaller “micro-SIM” (3FF; 15.0mm x 12.0mm x 0.76mm) and “nano-SIM” (4FF; 12.3mm x 8.8mm x 0.67mm) cardswill NOT fit in the Cradlepoint’s SIM card slot. Cradlepoint cannot guarantee correct modem operation if a micro or nano SIM is used with an adapter.

Using an incorrect type of SIM will void the warranty!

Inserting the SIM

To properly insert your SIM card into a CradlePoint modem, slide it into the modem’s SIM slot while its gold contacts are facing downward, with the notched corner going in first. Make sure that the modem is also facing correctly, with its label appearing on the bottom.

User-added image

Push the SIM in until you hear a click. There should be just a sliver of the SIM card sticking out of the modem’s SIM slot at this point.

User-added image

Removing the SIM

To remove the SIM card from the modem, press it into the modem again in until you hear a click. The SIM will spring out far enough to be grabbed, at which point it should be easy slide it out of the modem SIM slot.

Permalink


Products Supported: AER31x0, AER2100, AER16x0, CBA850, MBR1400v2, CBA750B, IBR11x0, IBR6x0, IBR350 and MBR1200B. Click here to identify your router.

Firmware Version: 6.0.1 and newer – for information on upgrading firmware, click here.

Summary

This article provides the steps necessary to configure a Cradlepoint Router to use IPv6.

By default all current production models of Cradlepoint routers have IPv6 on the WAN disabled, however, IPV6 is enabled on the LANs. This article is intended to provide assistance with enabling IPV6 on the WAN and modifying the default settings for custom use. These settings should be configured in combination with the IPv6 LAN settings (go to Network → Local Networks → Local IP Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

NOTE: Enabling WAN IPv6 does disable IPv4 functionality. Before enabling IPV6 Ensure your ISP is IPv6 capable.


Configuration

Configuration Difficulty: Expert
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2:Select Connection Manager in the menu on the left and click the WAN connection to be modified and click the edit button.

1958_img1.JPG

  • Step 3: In the window that opens select IPv6 Configuration and pull the IPv6 Connect Menu down to select the desired connection method.-There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).*
    • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
    • IPv6 tunneling: (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and roll-out of IPv6.

1958_img2.JPG

  • Step 4: To enable IPv6, select the desired IPv6 connection method for this WAN interface.
    • Disabled (default) – IPv6 disabled on this interface.
    • Auto – IPv6 will use automatic connection settings (if available).
    • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
    • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
    • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
    • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

1958_img3.JPG

  • Step4: Configure your Connection method examples for each are below:
    • When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.
    • Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.
    • A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Configuration Examples

Auto

  • IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):
    • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

1958_img4.JPG

Static

  • As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.
    • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the IETF explanation of CIDR).
    • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
    • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Networking → DNS Servers page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

1958_img5.JPG

6to4 Tunnel

  • Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

1958_img6.JPG

6in4 Tunnel

  • The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.
    • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
    • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • ** Delegated IPv6 Network** – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

1958_img7.JPG

6rd Tunnel

  • IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.
    • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
    • IPv4 Border Router Address – This address should be supplied by your ISP.
    • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

1958_img8.JPG

Permalink


Summary

The Edit screen within the Connection Manager allows the user to configure a WAN Interface Profile or Device. Configuration changes made to a Profile will affect all devices currently assigned to that Profile. If changes are made to a Device configuration that cause it to differ from it’s assigned Profile, then a new Profile matching the changes will be created with the device automatically assigned to it.

The Edit screen for a WAN Interface type will only display features that are configurable for that WAN type. (ie: Modem and CDMA tabs will not appear on the configuration screen for Ethernet or WWAN.)


Ethernet

  • General

    • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Networking → Local Networks → Local IP Networks. Select this option to force NAT whenever this WAN device is being used.
    • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
    • Hostname: (This only shows for certain devices.)
  • IP Overrides

    IP overrides allow you to override IP settings after a device’s IP settings have been configured.

    • IP Address
    • Subnet Mask
    • Gateway IP
    • Primary DNS Server
    • Secondary DNS Server

  • IPv6 Configuration

    The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Networking → Local Networks → Local IP Networks, select desired LAN under Local IP Networks, and select Edit) to achieve the desired result.

    This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

    • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
    • IP Passthrough (not needed with IPv6)
    • NAT (not needed with IPv6)
    • Bounce pages
    • UPnP
    • Network Mobility
    • DHCP Relay
    • VRRP, GRE, GRE over IPSec, OSPF, NHRP
    • Syslog
    • SNMP over the WAN (LAN works)

    There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

    • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
    • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

    Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

    • Disabled (default) – IPv6 disabled on this interface.
    • Auto – IPv6 will use automatic connection settings (if available).
    • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
    • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
    • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
    • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

    When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

    DNS Servers

    Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

    Delegated Networks

    A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

    Auto

    IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

    • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

    Example Configuration:

    Static

    As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

    • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
    • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
    • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

    Example Configuration:

    6to4 Tunnel

    Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

    Example Configuration:

    6in4 Tunnel

    The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

    • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
    • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

    Example Configuration:

    6rd Tunnel

    IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

    • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
    • IPv4 Border Router Address – This address should be supplied by your ISP.
    • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
    • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
    • Additional IPv6 DNS Server – Secondary DNS server.
    • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
    • Delegated IPv6 Network – Additional network available for delegation to LANs.

    Example Configuration:

  • Ethernet

    While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

    • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
    • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by selecting: “Clone Your PC’s MAC Address”. NOTE: Cloning Your PC’s MAC Address is only available when configuring a Device

    Connect Method

    Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

    • DHCP (Dynamic Host Configuration Protocol): is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
    • Static: allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
    • PPPoE: should be configured with the username, password, and other settings provided by your ISP.

    If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

    • Static (Manual):
      • IPv4 Address
      • Subnet Mask
      • Gateway IP
      • Primary DNS Server
      • Secondary DNS Server
    • PPPoE:
      • Username
      • Password
      • Password Confirm
      • Service
      • Auth Type: (None, PAP, or CHAP)
  • Filter Criteria

    The features configurable within Filter Criteria were previously found in the Advanced Configuration Rules

    Configurable Filters for Ethernet:

    • Unique ID
    • MAC Address
    • Serial Number
    • Model
    • Manufacturer
    • Port

LTE-only Modems

  • General

    • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Networking → Local Networks → Local IP Networks. Select this option to force NAT whenever this WAN device is being used.
    • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
    • Hostname: (This only shows for certain devices.)
  • IP Overrides

    IP overrides allow you to override IP settings after a device’s IP settings have been configured.

    • IP Address
    • Subnet Mask
    • Gateway IP
    • Primary DNS Server
    • Secondary DNS Server 
  • Jump to IPv6 Configuration

  • Modem

    • Modem Connection Mode: Auto (all modes) will be the only option available for LTE-only Modems.
    • Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.
    • GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).
    • Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:
      • Auto: Selected by default
      • Home Only Allows connection to the home carrier of the inserted SIM. Does not allow roaming to any other network.
      • Manual: Input the PLMN code
      • Smart: Used for selecting the “best” available operator, as determined via a modem network scan combined with connection technology and signal strength evaluation.  For more information on this option please click here.
    • Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.
    • Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.
      • Disabled: The request to update will be refused.
      • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
      • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.
    • Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.
      • IPPT
      • NAT
    • AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

      NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

    • AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

      Example:

      AT

      ATDT99**2#

  • SIM/APN/Auth

    • SIM Card Lock: Select an option to manage the SIM card
      • PIN Required: When this is selected, this will lock the SIM and require a PIN to be entered
      • No PIN Required: When selected, the SIM is unlocked and no PIN will be required. If the SIM was previously locked with a PIN, you will need to enter the valid PIN to unlock the SIM.
      • No Change: This is the default setting. When selected, the current lock state of the SIM will not be changed. If the SIM is locked, the currently configured PIN is required to use the SIM.
    • SIM PIN: Enter a 4 to 8 digit number which is the SIM’s password Note: A PIN change will occur if the SIM PIN is modified AND the old PIN has previously made a successful connection. If the SIM has never been locked a default PIN (carrier specific) may be required. You can later change the PIN after successfully locking with the default.
    • Show PIN: Display the SIM PIN value in clear text.
    • Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.
    • Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.
      • Default: Recommended Let the router choose an APN automatically.
      • Default Override: Manually enter an APN.
      • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings
  • Filter Criteria

    The features configurable within Filter Criteria were previously found in the Advanced Configuration Rules

    Configurable Filters for LTE-only Modems:

    • SIM Slot
    • Unique ID
    • MAC Address
    • Serial Number
    • Model
    • Manufacturer
    • Port

LTE/3G Multi-mode Modems & 3G-only Modems

  • General

    • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Networking → Local Networks → Local IP Networks. Select this option to force NAT whenever this WAN device is being used.
    • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
    • Hostname: (This only shows for certain devices.)
  • IP Overrides

    IP overrides allow you to override IP settings after a device’s IP settings have been configured.

    • IP Address
    • Subnet Mask
    • Gateway IP
    • Primary DNS Server
    • Secondary DNS Server 
  • Jump to IPv6 Configuration

  • Modem

    • Modem Connection Mode: Specify how the modem should connect to the network.
      • Auto (all modes): Let the modem decide which network to use.
      • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
      • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
      • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only
      • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.
    • Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.
    • GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).
    • Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:
      • Auto: Selected by default
      • Home Only Allows connection to the home carrier of the inserted SIM. Does not allow roaming to any other network
      • Manual: Input the PLMN code
      • Smart: Select a Minimum RSSI, if the signal drops below the minimum then a new PLMN will be searched for automatically
    • Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.
    • Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.
      • Disabled: The request to update will be refused.
      • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
      • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.
    • Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.
      • IPPT
      • NAT
    • AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

      NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

    • AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

      Example:

      AT

      ATDT99**2#

  • CDMA

    These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

    • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
    • Active Profile: Select disabled or a number from 0-5 from the dropdown list.

    The following fields can be left blank. If left blank they will remain unchanged in the modem.

    • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
    • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
    • Verify AAA Shared Secret (Password)
    • HA Shared Secret: (Password) “Home Agent” shared secret.
    • Primary HA
    • Secondary HA
    • AAA SPI: AAA Security Parameter Index.
    • HA SPI: HA Security Parameter Index.
  • SIM/APN/Auth

    • SIM Card Lock: Select an option to manage the SIM card
      • PIN Required: When this is selected, this will lock the SIM and require a PIN to be entered
      • No PIN Required: When selected, the SIM is unlocked and no PIN will be required. If the SIM was previously locked with a PIN, you will need to enter the valid PIN to unlock the SIM.
      • No Change: This is the default setting. When selected, the current lock state of the SIM will not be changed. If the SIM is locked, the currently configured PIN is required to use the SIM.
    • SIM PIN: Enter a 4 to 8 digit number which is the SIM’s password Note: A PIN change will occur if the SIM PIN is modified AND the old PIN has previously made a successful connection. If the SIM has never been locked a default PIN (carrier specific) may be required. You can later change the PIN after successfully locking with the default.
    • Show PIN: Display the SIM PIN value in clear text.
    • Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.
    • Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.
      • Default: Recommended Let the router choose an APN automatically.
      • Default Override: Manually enter an APN.
      • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings
  • Filter Criteria

    The features configurable within Filter Criteria were previously found in the Advanced Configuration Rules

    Configurable Filters for LTE/3G Multi-mode Modems:

    • SIM Slot
    • Unique ID
    • MAC Address
    • Serial Number
    • Model
    • Manufacturer
    • Port

WWAN (WiFi as WAN)

  • General

    • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Networking → Local Networks → Local IP Networks. Select this option to force NAT whenever this WAN device is being used.
    • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
    • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
    • Hostname: (This only shows for certain devices.)
  • IP Overrides

    IP overrides allow you to override IP settings after a device’s IP settings have been configured.

    • IP Address
    • Subnet Mask
    • Gateway IP
    • Primary DNS Server
    • Secondary DNS Server 
  • Jump to IPv6 Configuration

  • WWAN

    Connect Method: Select the connection type that you need for this WWAN connection.

    • DHCP: Automatic.
    • Static: Allows you to input static IP settings for your WWAN connection.
  • Filter Criteria

    The features configurable within Filter Criteria were previously found in the Advanced Configuration Rules

    Configurable Filters for WWAN:

    • Unique ID
    • MAC Address
    • Serial Number
    • Model
    • Manufacturer
    • Port

Control

The Control button on the main screen of the Connection Manager can only be selected for modem devices.

  • Reset: Power cycle the modem. This will have the same effect as unplugging the modem.
  • Defaults: Restore the Cradlepoint modem to its factory settings (ie: MC400LPE)
  • Activate: Activate the modem on its service provider’s network.
  • PRL UPDATE: Update the modem’s Preferred Roaming List (PRL).

Permalink


Summary

The IBR200 does not have the same sim door function that you would find on other IBR models. There is a GPIO attached to the SIM door that triggers a soft shutoff of the modem when the SIM door opens while the router stays on. This is not a “hot swap” of the sim. This is just an extra safety feature that was added on the IBR200.

Picture displays router sim door.
NOTE:


Configuration

None required

Permalink


← FAQs