FAQs

M2M stands for “”machine-to-machine”” communications. Essentially, it is the exchange of data between a remote machine and a back-end IT infrastructure. The transfer of data can be two-way:

  • Uplink to collect product and usage information
  • Downlink to send instructions or software updates, or to remotely monitor equipment

In the past, the high cost of deploying M2M technology made it the exclusive domain of large organizations that could afford to build and maintain their own dedicated data networks. Today, the widespread adoption of cellular technology has made wireless M2M technology available to manufacturers all over the world.

Wireless M2M applications include connectivity-enabled devices that use a cellular data link to communicate with the computer server. A database to store collected data and a software application that allows the data to be analyzed, reported, and acted upon are also key components of a successful end-to-end solution.

Permalink

0 Comments - Leave a Comment

ALEOS AF supports Lua, a general purpose scripting language that is fast, lightweight, powerful, embeddable, and suitable for the constraints of mobile devices. New applications are easy to write using Lua, and existing applications can be ported to Lua.

 

Permalink

0 Comments - Leave a Comment

ALEOS Application Framework (ALEOS AF) provides developers a complete set of building blocks and tools for creating applications that run inside Sierra Wireless AirLink GX gateways. ALEOS AF builds on the proven ALEOS built-in embedded intelligence and integrates with the AirVantage M2M Cloud Platform in order to offer developers and customers a platform for creating tailored end-to-end M2M solution.

ALEOS AF provides M2M and network protocol stacks, remote application and data management, access to existing ALEOS services, and direct access to hardware interfaces for building custom M2M applications.

ALEOS AF gets solutions to market faster, simplifies deployment, and allows for specialized features that yield cheaper and more focused solutions. Intelligence at the edge reduces hardware and communication costs by preprocessing and transmitting only necessary data.

For a visual introduction to what is ALEOS AF and what it enables please see the ALEOS AF video below.

Permalink


Four LEDs are visible from the front and top of the AirLink GX400. Labeled (from left to right) Network, Signal, Activity, and Power, each LED can display one of three colors: green, yellow, or red.

  • LED Operation:
  • Off – No activity
  • Green – Full function
  • Yellow – Limited Function
  • Red – Not functional
  • Blinking – Where needed, blinking is used to indicate altered functionality
  • Network LED:
  • Green – On the network
  • Flashing Green – Roaming
  • Yellow – Found service, attempting to connect
  • Flashing Yellow – Link down
  • Red – No data connection available
  • Signal LED – Light shows the strength of the signal and may be nearly solid
    (strong signal) or flashing (weaker signal). A slow flash indicates a very weak
    signal
  • Green – Good signal
  • Yellow – Marginal signal
  • Red – Bad signal
  • Flashing Red – No signal
  • ActivityLED – Pulse green on packet transmit/receive on radio link.
    Otherwise, LED is off
  • Power LED:
  • Off – No power (or above 36V or below 7.5V)
  • Red – System not operational
  • Green – Normal operation
  • Green, Occasional Yellow – GPS Lock
  • Yellow – Low power mode or system booting

Caution: If you need to reset the device configuration using the Reset button, hold the button depressed until the LEDs start cycling yellow, and then release the button.

Light Patterns

The LEDs on the front of the device respond with different light patterns to indicate device states.

    Normal – Each LED is lit as applicable

  • Start up and Device Reboot – All LEDS simultaneously cycle red, yellow, and green at the start. Various light patterns continue until the Power LED turns yellow, and then a solid green, to indicate an active device
  • Radio Passthrough (H/W) – Network LED is a solid red
  • Factory Reset – All LEDs cycle yellow back and forth when the Reset pin is briefly depressed and released. Returns the device’s software to the factory default state
  • Data Retry, Failed Auth, and Retrying – The Network LED blinks red every 3 seconds

Permalink

0 Comments - Leave a Comment

Four LEDs are visible from the front and top of the AirLink GX400. Labeled (from left to right) Network, Signal, Activity, and Power, each LED can display one of three colors: green, yellow, or red.

  • LED Operation:
  • Off – No activity
  • Green – Full function
  • Yellow – Limited Function
  • Red – Not functional
  • Blinking – Where needed, blinking is used to indicate altered functionality
  • Network LED:
  • Green – On the network
  • Flashing Green – Roaming
  • Yellow – Found service, attempting to connect
  • Flashing Yellow – Link down
  • Red – No data connection available
  • Signal LED – Light shows the strength of the signal and may be nearly solid
    (strong signal) or flashing (weaker signal). A slow flash indicates a very weak
    signal
  • Green – Good signal
  • Yellow – Marginal signal
  • Red – Bad signal
  • Flashing Red – No signal
  • ActivityLED – Pulse green on packet transmit/receive on radio link.
    Otherwise, LED is off
  • Power LED:
  • Off – No power (or above 36V or below 7.5V)
  • Red – System not operational
  • Green – Normal operation
  • Green, Occasional Yellow – GPS Lock
  • Yellow – Low power mode or system booting

Caution: If you need to reset the device configuration using the Reset button, hold the button depressed until the LEDs start cycling yellow, and then release the button.

Light Patterns

The LEDs on the front of the device respond with different light patterns to indicate device states.

    Normal – Each LED is lit as applicable

  • Start up and Device Reboot – All LEDS simultaneously cycle red, yellow, and green at the start. Various light patterns continue until the Power LED turns yellow, and then a solid green, to indicate an active device
  • Radio Passthrough (H/W) – Network LED is a solid red
  • Factory Reset – All LEDs cycle yellow back and forth when the Reset pin is briefly depressed and released. Returns the device’s software to the factory default state
  • Data Retry, Failed Auth, and Retrying – The Network LED blinks red every 3 seconds

Learn More about the Sierra Wireless Gx440

 

Permalink


A custom AAF application can be used to collect and measure data and send custom alerts to many different destinations. This can allow you to push something that may have been server side processing down to the modem. Alternatively, you may have previously needed another computer connected in your solution to do this type of monitoring and response. Now with a custom AAF solution from USAT, you no longer need the expense of purchasing and maintaining the additional hardware. Also with fewer points of potential failure, the reliability of the solution increases.

Permalink

0 Comments - Leave a Comment

The Sierra Wireless AirLink® products that support ALEOS Application Framework or AAF are the Sierra Wireless AirLink® GX440, the Sierra Wireless AirLink® GX400 and the Sierra Wireless AirLink® LS-300. USAT carries these products designed for the Verizon, AT&T, and Sprint carrier networks as well as through USAT’s Express M2M network services (ExpressM2M.com).

USAT has ALEOS Application Framework engineering teams on staff. Bring us your project for AAF, and we will bring intelligence to the edge for you.

You can view our Sierra Wireless AirLink GX440 and GX400 and LS300 products in the USAT web store.

Permalink


The GX400 for EVDO networks does NOT require a SIM card and activation can be done with the appropriate network operator representative and the ESN of the device located on the bottom.

The GX400 for HSPA+ DOES require a SIM card, which can be procured from the appropriate network operator representative.

  • Sim cards used for other AirLink HSPA devices CAN be used in the GX400.

The GX440 DOES require a SIM card. This is notable, since this is the first time that an AirLink device on the VZW network requires a SIM card. SIMs can be procured from your VZW representative during the course of account activation.

Permalink

0 Comments - Leave a Comment

The LTE networks that supports the GX440 are the Verizon Wireless Network and the AT&T LTE Network in the US.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


The SIM slot is located on the front left (as you are looking at the side with the lights and the reset button) behind the plastic cover. To access the SIM slot on the device you must remove the plastic cover with a 2mm or 5/64″ hexagon Allen wrench. Install the SIM card with the gold contacts facing down and the cut-out facing to the right. The GX400/440 also includes a SIM lock-down feature to prevent the SIM from moving during extreme vibration. The cover has a tab to mechanically secure the SIM in place during extreme vibration. When replacing the cover, first place the front into the lip and push back to make sure the four holes are aligned before screwing the bolts back in place.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Verizon: Band 13 – UL 777-787Mhz, DL 746-756Mhz

AT&T (future product): Band 17 – UL 704-716Mhz, DL 734-746Mhz (also Band 1 and Band 4 used outside the US

GX440 supports Verizon OR AT&T LTE frequencies, different embedded modules are required for Verizon and AT&T, therefore, there will be two distinct GX440 SKUs

GX440 does NOT support public safety Band 14 (D block) – UL 788-798Mhz, DL 758-768Mhz

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Yes, the GX440 fully supports fallback to 3G and 2G networks. The default setting for the GX440, when it comes to network service preference, is “”LTE Preferred””, meaning the GX440 will always look to connect to a LTE service first, if available. If LTE service is not available, then the GX440 will connect to the next fastest service available.

Customers who purchase the GX440, but who do not yet have LTE service in their area, there is a configuration option under the “”WAN/Cellular”” tab in ACEmanager 4.0 to set the GX440 to “”CDMA Only””. When this configuration is used the GX440 will not actively scan for LTE service.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Yes, you can get a Static IP on the Verizon Wireless Network, contact an USAT sales representative or a Verizon Wireless representative or reseller to learn more about this process.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Both the SIM enabled versions of the device (GX400 for HSPA+ and GX440 for LTE) use a standard size SIM, which is 2FF.

Permalink

0 Comments - Leave a Comment

Yes. The AirLink GX400 can be configured to monitor the input, respond to specific types of events, and even trigger digital output. The device can also be configured to change its power mode in order to conserve power. These features can be configured to your needs.

The AirLink GX400 is equipped with an I/O port interface which includes 1 low power timer enable input and 1 digital I/O. These may be connected to sensors and switches to monitor status and remotely control equipment. AirLink GX400 board supports a low power timer enable input pin and a digital I/O pin which are connected to the CPU processor. The I/O signal comes in from the power connector, through a PolySwitch resettable fuse, and ties into the CPU pins with protection circuitry.

Digital Input

Digital Input can be used in two different modes: the switch mode or the voltage sensing mode.

The switch mode senses contact closures. The digital input can report either an open or closed state, and can be wired to a ground signal via a switch. When the switch is open, the input reads “”3.3V””. When the switch is closed, the input reads “”OV””.

Examples of using the input with a switch to ground:

  • When a door or other latch is opened or closed
  • Counting pulses or other electronic events
  • When a gauge reaches a certain point
  • When a container fills or empties
  • When a switch or valve is opened or closed
  • When the tow bar is raised or lowered
  • Connected to a sensor, the level of fuel in a vehicle
  • When the trunk of a vehicle is opened or closed
  • When the ignition is turned on or off

Digital Output

Digital Output of open collector design is capable of driving an external device such as a pull-up resistor or relay. As an example, a relay could be connected between the output pin and an external voltage. The voltage on the relay cannot exceed 30V. The digital output pin can handle up to 150mA.

Examples of using the digital output with an external relay or pull-up resistor:

  • Setting off an alarm or siren
  • Triggering a process to start on another device
  • Opening or closing a valve or switch
  • Locking or unlocking a door. Inputt
  • Turning a light on or off
  • Opening the vehicle’s trunk or doors

Permalink


Below is a classic “Hello World” style example.  If you are interested in more in-depth examples, please contact us.
— Documentation that starts with — is interpreted as luadoc
— It provides information that can be used by the IDE
local log = require(‘log’)
log.setlevel(“INFO”, “HELLO”)
— Creation of a new table that will contain the module
— Module that provide helper functions.
— @module my_module
local lib = {}
— Creation of a new field (hello) in the table
— This field is fill with a new function
— Function that prints and log hello message
— @function [parent=#my_module] hello
— @param #string name The name that will be in the message
— @return nothing
function lib.hello(name)
   print(‘Hello ‘..name..’!’)
   log.trace(“HELLO”, “INFO”, “\”Hello %s!\”, printed”, name)
end
— Creation of a field with a String value
— Default value for the message
— @field [parent=#my_module] #string default
lib.default = “World”
— creation of another function
— Default function to print hello world
— @function [parent=#my_module] helloworld
— @return nothing
function lib.helloworld()
   lib.hello(lib.default)
end
— Return of the table that will be used as a module
return lib

Permalink

0 Comments - Leave a Comment

The LED lights on the GX400 and GX440 stand for the following:

  • Off – No activity
  • Green – Fully functional
  • Yellow – Limited functionality
  • Red – Not functional
  • Blinking – Where needed, blinking can be used to indicate altered functionality

Permalink

0 Comments - Leave a Comment

Briefly press the Reset button to initiate a power up or reboot. All LEDs turn Red, then Yellow, then Green, and then light in the configurations below. After the kernel has booted, while the ALEOS software is initializing, the Power LED turns Yellow, then Green, and the Network LED will flash Yellow, change to a solid Yellow, and finally turn Green.

Permalink


The Sierra Wireless GX400/440 can be reset to factory defaults by pressing and holding the “Reset” button continuously for 7 – 8 seconds. When all LEDs start flashing Yellow, release the Reset button and the unit will re-boot with the factory default options.

Permalink


The Sierra Wireless GX400/440 has two visible Ethernet LEDs on the rear panel of the GX400 and GX440 devices:

  • Left LED (Activity) – Blinks Yellow when there is activity
  • Right LED (Link Speed):
    • Green – 100 Mbps
    • Orange – 10 Mbps

AirLink GX400 + GX440 FAQ

Permalink


The Sierra Wireless GX400 on Verizon and Sprint is tailored for their EVDO networks and does NOT require a SIM card. Device activation can be performed by working with your USAT Sales Manager.

Permalink


The only GX400 device that requires a SIM card is the Sierra Wireless GX400 for HSPA+ (AT&T/T-Mobile). The AT&T SIM card can be procured & activated by USAT the time of purchase.

Through the procurement of USAT’s DevProv+ suite the device and SIM can be activated on the AT&T network. Additionally, USAT’s DevProv+ suite allows for network authentication, special template loads and device management prior to shipment.

Permalink


The GX400 is available on the following networks:

  • The GX400 is currently certified for Verizon, Sprint and AT&T
  • The GX400 is available for use on mobile networks in Europe, The Middle East, Africa and Asia where specific network operator approval is not necessary
  • The GX400 is available for use on the Telstra network in Australia
  • Certification for Canadian networks is planned for 2012

Permalink

0 Comments - Leave a Comment

The Sierra Wireless GX440 is available and certified on AT&T and Verizon Wireless networks in the US. Contact your USAT Sales Manager for pricing and availability.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


No A Verizon 4G LTE SIM will not work in a devices designated for the AT&T network. Conversely, an AT&T 4G LTE SIM will not work in a Verizon designated device. SIM’s must be paired with devices designed to operate on their network. Please contact your USAT Sales Manager if you have any questions concerning network interchangeability.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


There are multiple sizes of SIM cards in the marketplace; however it is important to note that the Sierra Wireless GX400 and GX440 both use a standard size SIM.

Please contact your USAT Sales Manager to identify the SIM that will work best for you. Note all devices provisioned by USAT will be network authenticated prior to shipment thereby removing any chance that you order the incorrect SIM.

Permalink


Static IPs are available on the Verizon LTE network. Your USAT Sales Manager can provide more information about working with USAT to activate Sierra Wireless WWAN Routers and gateways on the Verizon network.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


No While the GX440 LTE devices does use an APN, that APN will be automatically loaded into the device by the Verizon Wireless network at time of initial device provisioning.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


MEID (Mobile Equipment Identifier) is the equivalent to an ESN and is now used by Verizon Wireless instead of the ESN for LTE devices. The MEID is printed on the bottom label of the GX440. IMEI, MEID and ESN are the same.

Permalink

0 Comments - Leave a Comment

The GX440 supports the following frequencies:

  • Verizon: Band 13 – UL 777-787Mhz, DL 746-756Mhz
  • AT&T: Band 17 – UL 704-716Mhz, DL 734-746Mhz (also Band 1 and Band 4 used outside the US)

Note: The Sierra Wireless GX440 does NOT support public safety Band 14 (D block) – UL 788-798Mhz, DL 758-768Mhz

 

Learn More about the Sierra Wireless Gx440

 

Permalink


The Sierra Wireless GX400 and GX440 have an additional antenna port for Rx Diversity. Rx Diversity is designed to improve the quality of the downlink signal by essentially enabling the device to “choose” the best available signal. Rx diversity has been shown to improve signal quality. However, many customers decide to forego the expense of the 2nd antenna and rely on one Rx signal. Rx Diversity is set to “”ON”” by default in ALEOS, but if you decide to not use a 2nd antenna it’s vital to change the ALEOS setting for Rx Diversity to “OFF”. This setting can be found under the “WAN/Cellular” tab in ACEmanager 4.0.

The GX440 (LTE) utilizes 2×2 MIMO technology. MIMO equals Multi-In/Multi-out and is designed to improve the cellular signal and quality on both the down-link and up-link. MIMO for LTE works differently than Rx Diversity in that it utilizes 2 distinct Tx and Rx signals which are intelligently combined to increase throughput where signal multipath is available. MIMO will increase throughput in areas where interference would otherwise cause throughput degradation. Our recommendation is that 2 antennas be used for optimal performance. A single antenna may be used, however with one antenna you will not receive full MIMO benefits and your antenna performance may not be optimized. It is up to the user to determine if two antennas are beneficial, as multi-path is determined by local topology. There is no option to turn MIMO off in the GX440 since MIMO is a requirement of LTE.

Please contact your USAT Sales Manager for help identifying your best antenna options and to learn more about our custom cable assemblies and jumpers.

Permalink


Yes, both the Sierra Wireless GX400 and 440 support the use of X-Cards. The expansion card slot is designed to greatly increase the versatility of the platform.

  • WiFi XCard that will enable a WiFi (802.11 b/g/n) hotspot (access point) and support WiFi client mode

Two additional X-Cards are slated to be released in 2012. These cards will

  • Support additional Ethernet Ports
  • Expand I/O (inputs and outputs)

Learn More about the Sierra Wireless Gx440

 

Permalink


There are 2 ways to add/purchase Sierra Wireless X-Cards. They can be procured:

Manufacturer Direct: Card installed at Sierra Wireless at time of purchase

Purchased and Installed by USATCORP. USAT is an authorized distributor and integrator of Sierra Wireless X-Cards. By going through USAT you will remove the hassle of integration and have the peace of mind that your warranty has not been voided.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


IP (Ingress Protection) rating measures the rates and the degrees of protection provided against the intrusion of solid objects (including body parts like hands and fingers), dust, accidental contact, and water in mechanical casings and with electric enclosures. The first number of an IP rating represents the level of protection against “solid particle”, while the second number represents the level of protection against “liquid ingress”.
An IP rating of 64 indicates that the GX400/440:

  • 6 for solid particles – “No ingress of dust; complete protection against contact.” 6 is the highest rating for solid particle protection.
  • 4 for liquid ingress – Splashing Water; “Water splashing against the enclosure from any direction shall have no harmful effect.”

Learn More about the Sierra Wireless Gx440

 

Permalink


The Windows client version of ACEmanager will not work with the Sierra Wireless GX400 or GX440. The appropriate tool for one-to-one local, or remote, management of the GX400 or GX440 is ACEmanager 4.0.

Permalink


The Sierra Wireless GX440 is a 4G WWAN LTE router. AT&T and Verizon’s 4G LTE service requires the use of a SIM card. USAT stocks AT&T SIM cards. The AT&T SIM card can be procured & activated by USAT the time of purchase.

Through the procurement of USAT’s DevProv+ suite the device and SIM can be activated on the AT&T network. Additionally, USAT’s DevProv+ suite allows for network authentication, special template loads and device management prior to shipment.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Antenna diversity typically uses two antennas in order to increase the quality and reliability of wireless communications. In order to understand diversity antennas, you need to understand the idea of multipath interference. Basically, multipath interference is caused by radio waves bouncing off of different objects on the way to their destination. When these radio waves arrive, they have the potential to interfere with each other. Diversity antenna capable devices support multiple antennas (usually two) in order to combat this phenomenon and minimize its effects. While diversity antennas are not required for 2G/3G connections, they are highly recommended in order to get the most reliable connection, especially in areas of low coverage. Identical or highly similar antennas should also be used for the best results. On the other hand, 4G connections use MIMO communication (multiple input multiple output) and therefore should always be used with 2 antennas. As a result, the second antenna used with a 4g modem is not considered a diversity antenna.

Permalink

0 Comments - Leave a Comment

GPS reports/data can be sent to local host devices that are connected to the GX device via WiFi in much the same way that they can be sent to local host devices connected to any AirLink product via Ethernet.

There are two ways to configure this:

1. If there are one or two host devices connected over WiFi, then configure one or two of the GPS Servers in ACE manager to send GPS reports to the local IP addresses that would be associated with that device (or devices). By default, the first address handed out by the modem to a WiFi host is 192.168.17.100, and the next addresses would be .101, .102, and so forth.

2. If there are three or more host devices connected to the GX device via WiFi, you can configure a GPS server to send reports to the wildcard address of 192.168.17.255. The modem would then send the GPS reports to any device connected via WiFi.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Unlike the ConnectPort WAN, the serial ports on the standard builds of the Digi Transport line are DTE not DCE serial, this means that a null modem cable should be used instead of a cross-over cable.

Null modem is a communication method to connect two DTEs (computer, terminal, printer etc.) directly using an RS-232 serial cable. The name stems from the historical use of the RS-232 cable to connect two teleprinter devices to modems in order to communicate with one another; null modem communication was possible by instead using RS-232 to connect the teleprinters directly to one another.

Permalink


Cloud services can be used for applications built around Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Digi International has a platform called iDigi. iDigi is a cloud platform for both device network management and for data management. The iDigi Device Cloud is designed using a high-availability architecture, with redundancy and failover characteristics. It is a highly scalable system that can host single units to tens of thousands of Digi devices. It also has web services APIs for secure application integration and data messaging. iDigi device clouds are located in Chicago and in London and you can select to which cloud your data is subscribed.

Device management also include the ability to send commands to remote devices. Standard web service calls are available to manage traditional device settings. An optional Server Command Interface / Remote Command Interface (SCI/RCI) mechanism is available for any custom device or application commands that may be required.

iDigi Manager Pro is a pay-as-you-go model, starting at $1.59 per registered device, per month. Sending data to and from the iDigi Device Cloud is billed on a transactional basis and are available at different usage levels. Data is managed through iDigi, which means that iDigi provides a collection point of data. iDigi is not a (long-term) data storage solution–Digi Dia data is stored for 1 day, and iDigi files are stored for 7 days.

Permalink


iDigi Manager Pro is a pay-as-you-go model, starting at $1.59 per registered device, per month. Sending data to and from the iDigi Device Cloud is billed on a transactional basis and are available at different usage levels. Data is managed through iDigi, which means that iDigi provides a collection point of data. iDigi is not a (long-term) data storage solution–Digi Dia data is stored for 1 day, and iDigi files are stored for 7 days.

Permalink

0 Comments - Leave a Comment

SCI (Server Command Interface) is one of the web services interfaces used by Digi International that allows users to perform commands and access information that relate to their device. Digi International’s iDigi platform may use this to pass remote commands to a device. Many of those commands utilize RCI (Remote Command Interface), a protocol that establishes settings and capabilities specific to each device. Examples of these requests include retrieving and setting configurations and amending parameters in Digi Transport and Digi connect products, pushing firmware updates, collecting and modifying files, working with Zigbee and XBee devices, retrieving device statuses, rebooting a device, and messaging to the device.

An SCI request is composed of XML that is POSTed to the iDigi cloud. USAT technical services can assist you with leveraging the application services within the iDigi M2M device cloud.

Permalink

0 Comments - Leave a Comment

Cloud services can be used for applications built around Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Sierra Wireless AirLink® has a platform called AirVantage. AirVantage has a powerful set of M2M application development tools and an open web services application programming interface (API) which can be leveraged in conjunction with ALEOS Application Framework (AAF) running inside of Sierra Wireless AirLink® GX-400 and GX-440 intelligent wireless gateways. USAT Corp is a premier partner of Sierra Wireless authorized to to optimize AAF coding in Lua, so that the devices are shipped live to the field during with device deployment. USAT’s DevProv+ suite of services ensures maximum success with a deployment of equipment utilizing the AirVantage platform.

AirVantage can also function as a device management backbone, communicating directly with devices in the field through the AirVantage Ready Agent. This also provides advanced asset management features to issue commands to assets or collect asset data and events. AirVantage Platform also includes embedded and application development tools to expedite time to market. The eclipse based programming tools are tied to the AirVantage Ready Agent as well as the services platform in order to create a comprehensive M2M development environment. This environment includes embedded M2M modeling tools and application simulation tools.

Another facet of AirVantage is AirVantage Smart Automation. This platform simplifies the connection to industrial equipment and the creation of embedded business logic without programming. This enables new services such as tiered monitoring and maintenance, demand response applications, and time- or location-based equipment usage models.

Smart Automation leverages the AirVantage Platform to facilitate subscription, device and asset management through a remote M2M application. The Smart Automation extension integrates these capabilities with industrial control systems. AirVantage Smart Automation makes it easy to set up custom business logic to collect, sort, prioritize, send and store data without the need for programming. Existing backend systems can be integrated or new M2M applications can be implemented using standard web services APIs.

Permalink


Sierra Wireless AirLink® has a platform called AirVantage. AirVantage has a powerful set of M2M application development tools and an open web services application programming interface (API) which can be leveraged in conjunction with ALEOS Application Framework (AAF) running inside of Sierra Wireless AirLink® GX-400 and GX-440 intelligent wireless gateways. USAT Corp is a premier partner of Sierra Wireless authorized to to optimize AAF coding in Lua, so that the devices are shipped live to the field during with device deployment. USAT’s DevProv+ suite of services ensures maximum success with a deployment of equipment utilizing the AirVantage platform.

AirVantage can also function as a device management backbone, communicating directly with devices in the field through the AirVantage Ready Agent. This also provides advanced asset management features to issue commands to assets or collect asset data and events. AirVantage Platform also includes embedded and application development tools to expedite time to market. The eclipse based programming tools are tied to the AirVantage Ready Agent as well as the services platform in order to create a comprehensive M2M development environment. This environment includes embedded M2M modeling tools and application simulation tools.

Another facet of AirVantage is AirVantage Smart Automation. This platform simplifies the connection to industrial equipment and the creation of embedded business logic without programming. This enables new services such as tiered monitoring and maintenance, demand response applications, and time- or location-based equipment usage models.

Permalink


The intelligent wireless gateway and router, often referred to as a wireless modem, is perfect for connecting where there is no wireline data available. Therefore it is logical to connect the wireless wide area network modem where there is no grid electric readily available as well. The solution is to harvest energy from the sun using solar photovoltaic cells. Wireless gateways use very small amounts of electricity, and they often run on DC power, the same direct current electric we can generate from solar PV arrays. USAT architects and assembles single panel systems designed to use a pole mounted panel, a NEMA enclosure, and a battery array to power a wireless modem and connected equipment.

It is important to consider what equipment will be attached along with the wireless modem/intelligent gateway. Consult with your USAT sales representative before selecting attached equipment as disparate voltages, native AC powered devices, and high draw equipment can force the solar assembly to be oversized and cost prohibitive. For example, if you need to attach an IP Pan-Tilt-Zoom camera to the off-grid system, USAT can suggest low current PTZ cameras that work well with solar assemblies. A similar example is with network switches. Switches designed for 12Vdc or 24Vdc or POE systems should be selected, and these should be rated for a broad operating temperature, for example -40C to +60C. Other equipment frequently used are radar, sensors including pressure sensors, accelerometers, humidistats, temperature sensors, digital signage, and devices attached to RTC (real-time control) type controllers. Cisco routers that rely on the Cisco Wireless HWIC are generally not optimal for off-grid deployments due to their energy requirements.

USAT has modeled the solar design characteristics for wireless gateways and modems including the Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400, Sierra Wireless AirLink® GX-440, Encore Bandits, Cradlepoint COR and MBR, Digi Connect, Digi WR, and Digi Transport, CalAmp, Multitech and Red Lion Sixnet Bluetree.

Permalink


Calculating modem power demand is based on measuring the known power consumption characteristics of the modem/gateway.

These can be broken down into power demands for four states: Transmit, Receive, Idle, and Power Save. USAT examines data usage, keep alive pings, and other modem activity to calculate the daily power consumption along with a variance factor to create both the maximum demand and the maximum running average the modem will have. These results let us calculate battery life for battery backup and solar power (off-grid) arrays.

USAT has modeled modem power consumption characteristics for many makes of wireless equipment including the Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400, Sierra Wireless AirLink® GX-440, Encore Bandits, Cradlepoint COR and MBR, Digi Connect, Digi WR, and Digi Transport, CalAMP, Multitech and Red Lion Sixnet Bluetree. Wireless modules designed for Sprint’s network varies in energy consumption from T-Mobile’s and AT&T’s network which varies in energy consumption from Verizon network. Likewise we need to explore whether the modem will be on GPRS, HSDPA, HSUPA, or 1x-RTT, or EVDO rev A or 0. Likewise 4G presents different module consumptions whether running LTE, or WiMAX, or one of the HSPA+ variants. Each device has unique power requirements, and these all vary based on the intended application. Let USAT size the solar system for you leveraging our engineering expertise specific to solar and wireless data applications.

Permalink

0 Comments - Leave a Comment

The core elements of an off-grid solar photovoltaic system are as follows:

  • Solar PV Panel or Panels
  • PV Panel Pole Mount
  • Solar Charge Controller
  • Deep Cycle Solar Battery
  • NEMA Enclosure

The array is designed for the location (where on the planet) it will be deployed into. The design needs to accommodate the demand requirements of attached equipment. Modems take varying amounts of power depending on whether they are transmitting, receiving, idling or entering a low power state. USAT engineers have modeled the solar demand characteristics for wireless gateways and modems including Encore Bandits, Cradlepoint COR and MBR, Digi Connect, Digi WR, and Digi Transport, Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400, Sierra Wireless AirLink® GX-440, CalAmp, Multitech and Red Lion Sixnet Bluetree wireless devices.

Permalink

0 Comments - Leave a Comment

Designing a photovoltaic solar system destined to supply the energy needs of a transmitting and receive wireless radio modem involved elements very different than a system designed as grid tied, or to connect to AC power devices. The attached devices have low energy demands, energy remains in DC (no invertor is used to create AC power), panel mounting space is minimal, and environmental conditions can be harsh.

Choosing A Solar PV Panel

The Solar PV or photovoltaic panel harvests electricity from the sun. Quality and efficiency vary widely from manufacturer to manufacturer. Panels often use polycrystalline silicon, monocrystalline silicon, amorphous silicon, cadmium telluride, and copper indium (di)selenide/sulfide (CIGS). CIGS has the highest absorption coefficient of solar modules and is useful in harvesting energy in sub-optimal conditions such as on cloudy and overcast days and has high efficiency and carry a high cost per watt. Monocrystalline thin film solar cells are often more expensive than multi-crystalline or polycrystalline based cells, but have a greater efficiency which is useful for wireless off-grid installations and provide a balanced price to performance.
While researching ratings be mindful of whether the wattage is rated as PTC or STC. PTC or PVUSA Test Conditions uses a known constant developed by NREL (National Renewable Energy Labs). STC, or Standard Test Conditions, uses a methodology which produces higher results. Generally PTC is held to be more reflective of real-world solar and climatic conditions.

Understand the efficiency of the panel. On a pole mounted system , an efficient panel should be used to ensure that the system can be powered by one or two panels.

The panel must have its performance characteristics available, and these should follow a know standard such as PTC mentioned above.

The panel needs to be paired with a proper solar charge controller. USAT technical service engineers can help differentiate the balance between panel productivity and charge controller efficiency. If you are limited on panel space, and have a heavy demand, then we need to maximize panel yield along with using a highly efficient Maximum Power Point Tracking charge controller. On a recent deployment USAT leveraged these performance attributes along with an optimal battery array to meet a DOT requirement of 10 days runtime, without sun.

Along with the panel size, the power demand must be taken into account. USAT has demand requirements in varying loads on transmitting and receives wireless radios such as those in the Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400 and GX-440, Encore Bandit, Cradlepoint MBR and COR, Digi Connect, Digi WR, and Digi Transport, CalAmps, Multitech and Red Lion Sixnet Bluetree.

Permalink


The solar charge controller takes solar irradiance input and provides it as output to charge the battery storage in the system as well as provide electric to the system equipment (modems, cameras, meters, sensors, etc).
It is important to determine how critical array yield is, what the operating temperature requirement is, as well as if the controller will used in a hazardous location (Class 1, Division 2, Groups A-D, such as needed for oil & gas industry application).

Two major charge controller technologies are MPPT (maximum Power Point Tracking)and PWM (Pulse Width Modulation) charge controllers.
MPPT charge controllers maximize the yield from a panel by harvesting from the peak point of the PV array. The MPPT then convert the power to a charging voltage for the battery and boosts the power when needed. USAT often specs MPPT charge controllers that have a 97% or a 99% efficiency rating and a very low self-consumption rate. These are very useful when the yield from a one or two panels needs to be maximized—when adding another solar panel is not a practical option.

MPPT charge controlled benefit from using numerous power points during shading, sunrise and sunset, from very fast sweeping of the entire solar i-v curve, and from the strongest production during low solar insolation times. These often have temperature sensors that can adjust the charging temperature of the battery based on ambient temperature inside the enclosure. Solar sizing can be completes in watts since the panel will be fully utilized.

PWM charge controllers connects the array directly to the battery being charged, therefore operating the array at the battery voltage. The controller should have a 4 stage battery charging capability to maintain optimal battery life and charge state.

Array sizing must be done in amps as less power is available for charging the battery.

Permalink

0 Comments - Leave a Comment

Specify an Absorbed Glass Mat (AGM) gel type sealed, maintenance free battery designed for use in solar applications. These are non-gassing so enclosure venting becomes less critical to prevent gaseous buildup. These also are not susceptible to freezing, and have a greater lifespan when compared to wet batteries. These batteries can carry DOT, IATA, ICAO, and IMDG approvals so they may be transported by land, sea and air.

The battery should be rated for temperature extremes present in outdoor enclosure, and should carry a warranty that covers a published derate (decay) factor based on age that does not exceed 25%.

The battery can be monitored by the charge controller for optimizing charging voltage based on the ambient temperature.

Always collect the table of discharge rates for the battery chosen. Often times an extended discharge time should be chosen, and the temperature present at discharge should be taken into account when modeling solar panel array size requirements.

Permalink

0 Comments - Leave a Comment

The NEMA enclosure should have an IP (Ingress Protection) rating sufficient to keep the enclosed equipment safe from the elements (search for IP rating in USAT’s common questions for more info).

Glass polycarbonate is the preferred material for the NEMA enclosure. Unless in areas with high security or vandalism risks, glass polycarbonate enclosure are sufficiently durable and conduct less heat to the enclosed equipment then metal enclosures.

The enclosure should also be vented. Venting does allow excess heat to be passively removed, but also facilitates pressure equalization in changing weather conditions. Venting can be accommodated while still maintaining the units IP rating by the use of labyrinthine vents.
Generally speaking active venting is not suggested. Active venting uses fans to force air out of the box. Fans have the disadvantage of drawing environmental elements into the box including dust, airborne particulates, humidity, and even water. Fans also draw more electricity and can fail over time. If they must be used, they should be thermostatically controlled fans and highly energy efficient.

Permalink

0 Comments - Leave a Comment

Designing a photovoltaic solar system destined to supply the energy needs of a transmitting and receive wireless radio modem involved elements very different than a system designed as grid tied, or to connect to AC power devices. The attached devices have low energy demands, energy remains in DC (no invertor is used to create AC power), panel mounting space is minimal, and environmental conditions can be harsh.

Choosing A Pole Mount

For the panel installation pole mounts will house up to 140 Watt in a single panel for a compact pole mount installation. These can be installed so the pole has two panels with minimal shading impact on the lower panel. Larger panels may require different bracing for the pole and mount. Panels will install angled toward the equator. For North America, this array azimuth is 180 degrees, due south. You should have a clear access to the sun in a southerly facing mount. Other compass headings are feasible with a corresponding loss in productivity. Their pitch or array tilt angle is based on the location they are used in and how the system is optimized.

Permalink

0 Comments - Leave a Comment

Yes, it will work, but not at LTE speeds. It will fall back to HSPA. For LTE speeds a GX440 must be procured.

Please contact us and let’s know if we can be of additional help.

Permalink


Yes the Penta Band Dipole Antenna will work on the AT&T Network in the (HSDPA 850/1900 frequencies), contact USAT for a quote – product is in stock.

Permalink

0 Comments - Leave a Comment

The most common term, M2M Modem, is generally the least accurate because it is a very broad term coming from its days when acoustically coupled MOdulator DEModulator (MO-DEM) devices converted data signals to fit the transport medium available (POTS lines). An M2M modem would not have much device level intelligence. Devices with no routing capabilities, which run on AT commands or require an external device manager and have no local sophisticated Operating System or OS, are the most like an M2M modem

Today, wireless modem, is a generic term that refers to essentially all radio connection devices for cellular, satellite, private radio, and 802.11x wireless networks.

M2M gateways or intelligent wireless gateways such as the AirLink® Raven X work in the cellular radio space and add intelligence to the activity of connecting a device to the internet. They will translate a private local IP to a public network IP assigned by the cellular service carrier. They can provide VPN tunnels, modem level password security, keep alive pings, automatic timed restarts, Network Time Protocol updates from US atomic clocks, and IP block and IP white (friendly IP) lists these features are some of the intelligence in intelligent gateways. They can also have some routing capabilities, although this is not their forte. The gateway connects a local private device or local private network to the carriers public network and the internet. These are sometimes considered, intelligent modems.

M2M routers or intelligent wireless routers such as the Digi Transport and Sierra Wireless GX-440 perform all the functions of a wireless gateway, and add sophisticated routing capabilities as well as multiple Ethernet and/or WLAN connections. These capabilities involve port forwarding or mapping and port routing, something USAT engineers spend time designing and refining for our clientele. The single public IP assigned from the carrier may be mapped in the M2M router so that one port of the single public IP is mapped to a camera, another to a sensor, and another to manage the M2M router, and another to a locally connected network for web access.

Although there are technical differences between modem, M2M gateway, M2M router, wireless modem, wireless gateway, and wireless router, the terms are often used interchangeably. The best option is to let USAT navigate platform and device differentiation as it applies to your needs.

Permalink

0 Comments - Leave a Comment

If the AirLink® GX400/GX440 is used in a vehicle or battery-powered application, the red wire should be connected to battery power and the black wire to ground. The white low-power timer enable wire must be connected to either unswitched or switched power for the GX400/GX440.

  • Red = Power
  • Black = Ground
  • White = Low-Power timer enable wire (Ignition Sense)
  • Green = Digital I/O

PLEASE NOTE: If the white lower-power wire is not used, it must be tied into the red wire. Otherwise, the device will not power on.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


No, it does not. But this model ships with two cellular and two WiFi antennas. Two model versions exist (one with a powered port for Active GPS and one without). If you require Active GPS, then the device needed is IBR600LE-PWD. This unit ships with two cellular antenna, (does not ship with a GPS antenna), and ships with one WiFi antenna. Basically, one of the WiFi co-ax ports has been converted to a GPS version on this model.

Permalink

0 Comments - Leave a Comment

The latest ALEOS software version for all Sierra Wireless GX400 and GX440 devices is currently 4.3.6.011 (as of 7/30/2014).

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Modems typically only send and receive data. Most of the devices that USAT carries include modems and some sort of gateway and/or routing capability. Please contact a USAT salesperson for details on specific devices, or if you need help choosing a device.

Permalink

0 Comments - Leave a Comment

There are ways to prevent against this negative scenario: Your application requires a very small airtime plan on a monthly basis to poll a 4-byte register 2 or 3 times a day. However when the bill comes from the cellular carrier, your M2M device has racked up 20MB of activity! How does this happen and how do you prevent against the egregious overage charges that result?

First remember that cellular data networks are IP-based. Therefore, the data is typically encapsulated in TCP or UDP, then in IP; then sometimes in IPsec or GRE , and finally into PPP. So the 4-byte register poll grows significantly beyond the size that you first calculated. Next, recall that TCP is connection based, so every packet sent must receive a handshake back. If there is a packet drop, the handshake may ask for a re-transmission, even if the missing data has already been sent. More data is pushed as a result Protocols like Modbus already have error-checking built-in; so why not use UDP instead if you can?

Other reasons why a handshake can go awry is that some M2M apps do not factor in latency. So if a handshake has not occurred in 100ms, another packet is transmitted. Although 4G speeds alleviate the latency issues, re-transmission bloat is still a concern. Signal quality is also important. Intermittent signal can lead to lost handshakes and the polling and transmission cycle can happen yet again. Using a better antenna is worth the monetary investment.

So how do you prevent overages? Many of the top-tier cellular device manufacturers have included the functionality on their device management systems where one can set a data threshold that will send out an alarm message prior to the data cap being exceeded or even DISABLE a connection before the data cap is reached. A USAT Corp. engineer can be engaged to show how this can be done in order to protect your organization from costly cellular bills. And, as in most cases, the best defense is a strong offense. Run a pilot with a single M2M cellular device/application software/and backend hardware all included in the test-bed. For the pilot, activate the M2M cellular device on a sizable rate plan like 2 GB. Analyze usage after one billable month, and then select the cellular data plan that is relevant. A well planned pilot project can save a lot of money in the long run.

In closing, also remember that it is the commonly the M2M application that initiates polling not the M2M 3g/4/g gateway or router. Make sure that you know how your own application operates so you can proactively enter the correct settings that limit polling. Blaming an M2M cellular network device for overages is like blaming a car for how fast it is driving on the highway…

Permalink

0 Comments - Leave a Comment

Most anyone working in the utility industry is probably familiar with Modbus, a serial communications protocol typically used with PLCs (programmable logic controllers). Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in SCADA systems. Did you also know that Sierra Wireless intelligent serial gateways feature Modbus support? Sierra Wireless AirLink® serial cellular gateways like the Raven X (V4228-V), GX400/440 and Raven XT (V2227-V) can be used in place of radios in a Modbus solution. In order to do this, you will need an AirLink® device for the host and an AirLink® device at each remote location. Each of these devices will also need to be properly configured. Once this is done correctly, the host (master) provides a single endpoint to poll all of the field devices (slaves). This functionality is extremely useful when trying to maintain compatibility with existing hardware and software, all while transitioning to a cellular network-driven solution.

USAT can assist in every facet of a solution such as this: the design, provisioning, configuration, and deployment. Contact USAT today for more information.

Permalink


Multiple-Input Multiple-Output (MIMO) antennas systems require two antenna fixtures and are designed for use for LTE networks built out by the cellular carriers (in the USA–AT&T, Verizon, Sprint). By utilizing multiple antennas, data throughput and range are increased compared to a single antenna using the same radio transmit power. Additionally MIMO antennas improve link reliability and experience less fading than a single antenna system. By transmitting multiple data streams at the same time, wireless capacity is increased.

MIMO technology uses Multipath (when wireless signals ‘bounce’ off of objects and arrive at the receiver at different times) to improve wireless performance. MIMO technology takes a single data stream and breaks it down into several separate data streams and sends it out over multiple antennas. This provides redundancy. The receiving MIMO antenna will ‘look’ at each stream being sent to determine the strongest one to choose.

USAT Corp. has performed bench tests where using a MIMO antenna system for LTE has increased performance by 40% over using one antenna fixture.

Contact USAT Corp’s sales team and we can recommend the correct MIMO antenna solution for your fixed or mobile application to maximize the speeds and feeds of the LTE network.

Permalink

0 Comments - Leave a Comment

In many cases it is possible to enable a device that is designed to communicate over wire-line using a specialized cellular gateway that can be configured emulate legacy 4-Wire E&M while also making the conversion to IP. USAT achieves this solution by such a gateway on both ends of the communication loop. Contact USAT Corp. for more information if your business is being burdened by an aging 4-Wire infrastructure and you are looking for an alternative or fix in the short-term. Clients have reported that their telecomm providers are simply not interested in repairing DC line systems anymore.

Permalink

0 Comments - Leave a Comment

1-Wire devices enable combinations of memory, mixed signal, and secure authentication functions via a single contact serial interface. According to Wikipedia …1-Wire is a device communications bus system designed by Dallas Semiconductor Corp. that provides low-speed data, signaling, and power over a single signal. 1-Wire is typically used to communicate with devices such as digital thermometers and weather instruments. A network of 1-Wire devices with an associated master device is called a MicroLan. nnDoes Digi, Sierra Wireless, Encore, Red Lion, CradlePoint or any of the major M2M modem providers support 1-Wire to attach sensors an so forth?

Permalink


CradlePoint is transitioning to the new MBR1400 hardware version (v2). The product is the same form and fit, as the MBR1400 v1 but has a couple new functions. By replacing the Ethernet Switch inside, the MBR1400 v2 will now be able to support the new advanced features that were supported in our IBR6x0 (COR) products in our 4.1.1 firmware release including:

  • OSPF (Open Shortest Path First) routing has been added
  • BGP (Border Gateway Protocol) routing has been added
  • RIPv1 and RIPv2 (Routing Information Protocol) routing has been added
  • STP (Spanning Tree Protocol, IEEE 802.1D-1998) bridged Ethernet LAN support
  • Multicast Proxy support has been added
  • VRRP (Virtual Router Redundancy Protocol) support has been added

These features will be officially supported in the MBR1400 HW v2 in our 4.2 firmware release expected in Q1 2013

The two caveats of this change:

  • The original MBR1400 HW v1 units cannot be grouped in the same WiPipe Central Group as MBR1400 HW v2 due to the different features of each product
  • You will not be able to down-grade firmware on the MBR1400 v2 below FW 4.x.x. This could affect customers who have standardized on a 3.x.x version of firmware. If you run into this issue please let us know as soon as possible so we can assist with any migration concerns

Permalink

0 Comments - Leave a Comment

The Sierra Wireless LS300 is designed to a very compact form factor while still providing serial, USB, and Ethernet connections, along with full support for ALEOS and ALEOS Application Framework (AAF).
As of the LS-300 product release the space requirements for 4G-LTE radio modules will not allow the LS300 to support 4G-LTE data connectivity. Currently the Sierra Wireless AirLink GX-440 M2M modem supports 4G-LTE through major carriers including Verizon, Sprint and AT&T. Note that while the LS-400 does not currently support 4G-LTE or 4G Long Term Evolution it does support the HSPA+ standard which is marketed by AT&T and T-Mobile in the US as “4G” and used by worldwide GSM carriers including Vodafone.

Permalink


Restriction of Hazard Substances (RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

RoHS restricted substances appear in many electronic products in our industry: they can appear in

  • Cables: PVC (poly-vinyl chloride) cables such as power cables, Ethernet cables, IO cables, and serial cables
  • Enclosures: in paints, pigments, and metal parts
  • Circuit boards: solders, circuit board finishes, leads, interconnects such as serial connectors)
  • Power Supplies: Vinyl power cords, Batteries, power board circuit boards

RoHS is closely linked with the Waste Electrical and Electronic Equipment Directive (WEEE) 2002/96/EC directive and a compliance certification is with respect to any homogenous components used in the product as shipped by its manufacturer.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive to reduce the hazardous materials in ‘hi-tech trash’ which USAT is proud that our suppliers support.

Permalink

0 Comments - Leave a Comment

Yes, the Sierra Wireless AirLink® GX-440 is RoHS Certified. The M2M modem is branded with an RoHS sticker on the modem, and USAT has a certificate of compliance on file from Sierra Wireless for the AirLink® GX-440 RoHS Certification (available on request). The certificate is a DECLARATION OF EUROPEAN UNION RoHS COMPLIANT PRODUCT, and that Sierra Wireless Inc certifies that the products identified below to be “”RoHS Compliant””:

Sierra Wireless AirLink® GX440 Modem

Restriction of Hazard Substances (or RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

The RoHS directive is with respect to any homogenous components used in the product as shipped by Sierra Wireless, in its entirety.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive which USAT is proud that our suppliers, such as Sierra Wireless, support.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


Yes, the Sierra Wireless AirLink® GX-400 is RoHS Certified. The M2M modem is branded with an RoHS sticker on the modem, and USAT has a certificate of compliance on file from Sierra Wireless for the AirLink® GX-400 RoHS Certification (available on request). The certificate is a DECLARATION OF EUROPEAN UNION RoHS COMPLIANT PRODUCT, and that Sierra Wireless Inc certifies that the products identified below to be “”RoHS Compliant””:

Sierra Wireless AirLink® GX400 Modem

Restriction of Hazard Substances (or RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

The RoHS directive is with respect to any homogenous components used in the product as shipped by Sierra Wireless, in its entirety.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive which USAT is proud that our suppliers, such as Sierra Wireless, support.

Permalink


Yes, the Sierra Wireless AirLink® LS300 is RoHS Certified. The M2M modem is branded with an RoHS sticker on the modem, and USAT has a certificate of compliance on file from Sierra Wireless for the AirLink® LS300 RoHS Certification (available on request). The certificate is a DECLARATION OF EUROPEAN UNION RoHS COMPLIANT PRODUCT, and that Sierra Wireless Inc certifies that the products identified below to be “”RoHS Compliant””:

Sierra Wireless AirLink® LS300 Modem

Restriction of Hazard Substances (or RoHS) compliant defines that the product conforms to the requirements of the European Union’s restriction on use of hazardous substances in electrical and electronics equipment’s directive,2002/95/EC (RoHS directive) which limits the content of the following elements:

  • Lead (Pb)
  • Mercury (Hg)
  • Cadmium (Cd)
  • Hexavalent Chromium (Cr6+)
  • Polybrominated biphenyls (PBB)
  • Polybrominated diphenyl ethers (PBDE)

Hexavalent chromium is used in primers, chrome coatings and chrome plating.

PBB and PBDE are used in plastics as flame retardants.

The RoHS directive is with respect to any homogenous components used in the product as shipped by Sierra Wireless, in its entirety.

The RoHS directive is vitally important for USAT’s clients in the European Union, global carrier partners such as Vodafone and AT&T, as well as North American enterprises with sales and offices in Europe. RoHS is also an environmental sustainability directive which USAT is proud that our suppliers, such as Sierra Wireless, support.

Permalink


The term IoT or Internet of Things is gaining popularity among marketing teams as a neologism to describe device interconnectivity through the conduit of the Internet. It is arguable that M2M or Machine-to-Machine communications can occur on any internet (lower case i) that is established between devices, including locally via Bluetooth, WiFi WLAN, Zigbee, Digi International’s Xbee, private cellular networks and so forth. The Internet (capital I) is the massive cloud that is a conduit for devices to interconnect, and the Internet of Things uses this cloud to connect together devices from around the world.

Connected devices communicate with each other and with host machines over the Internet, often spawning activity based on a set of arguments which requires Internet level connectivity. For example, a generator indicates that its fuel tank is low, a regional fuel truck has the generator added to its delivery list, and a dispatcher is sent an email alert when a critical refill was scheduled. Finally, a summary is sent to a regional scheduling manager who can modify the alerting process to keep the tank from hitting a critical level.

Another term is also gaining ground in some markets. The IoE, or Internet of Everything. IoE is a similar to IoT, with perhaps a more superlative nature to emphasize that everything will be inter-connected.

Regardless of whether the days term is M2M, IoT, or IoE, USAT Corp. is focused on connecting enterprise customers with business assets, enabling automated control, monitoring, measurement, and device management. Everything will be connected eventually, and USAT has the breadth of experience and the technical capabilities to ensure that our clientele are connected first.

Permalink

0 Comments - Leave a Comment

The Sierra Wireless AirLink Raven XT has been replaced by the Sierra Wireless AirLink LS300. The LS300 is a 3G modem that has an MSRP of $479.

Permalink


Cellular boosters, signal boosters, or wireless amplifiers for M2M Modems and WWAN Wireless Routers need to be functional in a manner acceptable to the wireless carriers including Sprint, Verizon, AT&T, Vodafone, T-Mobile and others. Additionally, government communications groups also dictate the types and use of signal boosters.

Effective February 20, 2013, the United States Federal Communications Commission (FCC) issued a report an order which requires, among other things, that all registrations for new permits to manufacture boosters follow a standard. http://www.fcc.gov/document/use-and-design-signal-boosters-report-and-order.

Beginning on March 1, 2014 the FCC requires new cell site protection standards are met. As of March 1, 2014 all M2M modem boosters, industrial signal boosters, and Part 90 signal boosters must meet these certification requirements in order to be manufactured and sold. USAT has boosters that meet these requirements today, such as those made by Wilson Electronics.

The FCC defines Industrial Signal Boosters as follows: “Industrial Signal Boosters include a wide variety of devices that are designed for installation by licensees or professional installers. These devices are typically designed to serve multiple users simultaneously and cover larger areas such as stadiums, airports, office buildings, hospitals, tunnels, and educational campuses. Industrial Signal Boosters sold and marketed starting on March 1, 2014 must meet new FCC requirements.” (FCC.gov)

The FCC defines Part 90 Signal Boosters as follows: “Part 90 Signal Boosters are a type of Industrial Signal Booster. Part 90 Signal Boosters sold and marketed starting on March 1, 2014 must meet new FCC requirements. In addition, Class B Signal Boosters must be registered directly with the FCC before being used.”

Part 90 Signal Booster Classifications

  • Class A signal booster. A signal booster designed to retransmit signals on one or more specific channels. A signal booster is deemed to be a Class A signal booster if none of its passbands exceed 75 kHz
  • Class B signal booster. A signal booster designed to retransmit any signals within a wide frequency band. A signal booster is deemed to be a Class B signal booster if it has a passband that exceeds 75 kHz. (FCC.gov)

The FCC is also issuing guidance as to the use of cellular signal boosters by consumers. Effective February 20, 2013 the FCC the FCC issued a Report and Order “that includes rules and policies that will enhance wireless coverage for consumers, particularly in rural, under served, and difficult-to-serve areas by broadening the availability of signal boosters while ensuring that boosters do not adversely affect wireless networks.” (FCC.gov)

Most wireless carriers active in the US, including AT&T, Sprint, T-Mobile, and Verizon, will authorize the use of these new cellular boosters. New boosters/amplifiers should have this label:

This is a CONSUMER device.

BEFORE USE, you MUST REGISTER THIS DEVICE with your wireless provider and have your provider’s consent. Most wireless providers consent to the use of signal boosters. Some providers may consent to the use of this device on their network. If you are unsure, contact your provider.

You MUST operate this device with approved antennas and cables as specified by the manufacturer. Antennas MUST be installed at least 20 cm (8 inches) from any person.

You MUST cease operating this device immediately if requested by the FCC or a licensed wireless service provider.

WARNING. E911 location information may not be provided or may be inaccurate for calls served by using this device.

Note: The label above is an example provided by the FCC. Booster manufacturers may follow a different format, however they will need to include the content listed in the label above.

Contact your USAT wireless team for more info on the proper types and use of cellular signal boosters in the United States.

Permalink

0 Comments - Leave a Comment

Sierra Wireless AirLink devices for AT&T or Verizon Wireless LTE do not come standard with a SIM card installed. This means that in order to be operate on a cellular network, SIM cards must be installed. With most cellular modem devices this is not a complex procedure, with the exception of Sierra Wireless GX400s or GX440s with WiFi or any other GX with an expansion card installed.

When the aforementioned AirLink® GX-series devices with X-cards are concerned, (WiFi, i/o, serial, ethernet),  is highly recommended that you opt to have USAT perform the SIM insertion on your behalf, which we do standard as a part of the DevProv+ suite of services, or for a nominial “SIM insertion” fee. If you face extenuating circumstances where this is not an option, follow the instructions below.

 

 

 

 

Installing a SIM in a GX Wi-Fi
X-Card Enabled Device:

 

 

USAT highly recommends that SIM
integration on GX Wi-Fi X-Card enabled devices be performed by an authorized
service center such as USAT.  USAT
includes SIM integration at no additional charge with our DevProv+ service
packages. 

 

 

While we highly recommend this service be performed
by USAT, we understand that some customers may want to integrate an existing
SIM upon receipt of their new GX400/440 device with the Wi-Fi X-Card. 

 

 

Below are the basic steps for
integration.  Extra care should be taken as damage to the X-Card or modem that occurs
during SIM insertion is outside of the manufacturer’s warranty coverage.

 

The SIM slot is located on the front left
(as you are looking at the side with the lights and the reset button) behind
the plastic cover. To access the SIM slot on the device you must remove the
plastic cover.

 

 

Step 1: Unplug your GX400/440 from power source.

 

 

Step 2: Remove the four hex screws on top of the unit (used to secure the
black cover). Place screws in a safe spot, these screws will be used again.

 

                Step 3: Remove the nut and washer from the front facing SMA connector. Place
nut and    washer in a safe spot, these will be used again.

 

                Step 4: Slide the top black cover off of the device.


            Step 5: Install the SIM card with the gold contacts facing down and the
cut-out facing to the right.

 

 

 

 

Re-Installing The Cover for a GX
Wi-Fi X-Card Enabled Device:

 

 

The cover has
a tab to mechanically secure the SIM in place during extreme vibration. When
replacing the cover:

Step 1: Install the black cover by lining up the SMA antenna connector with
the hole in the cover, tilt the rear of the cover slightly to make sure the
front bottom of the cover seats in the front ridge, and then push the top of
the cover down.

 

Step 2: Re-install the 4 hex screws on top of the unit.

 

                Step 3: Place the lock washer onto the SMA antenna connector and push to the
face of the cover.


            Step 4: Install then tighten nut.

 

If you are a USAT client, you may contact USAT Corp. with any points of clarification that you may need.

 

Learn More about the Sierra Wireless Gx440

 

 

Permalink


If you reference Aleos all-in-one user guide on page 202. It states that you can set your GPS report type to RAP Type “GPS+Date+RF”RAP” a GPS report that contains GPS data, the UTC time and date,and radio frequency information for the cellular connection.

Permalink

0 Comments - Leave a Comment

The majority of CradlePoint routers support 4G/LTE Modems from various carriers. Please review this pre-filtered version of our Modem Compatibility Page to determine which carriers, modems and routers are compatible with one another.

Additionally, please verify the router’s firmware is up to date to ensure the drivers are present for the latest supported 4G/LTE modems. To ensure your firmware is up to date, please review the following articles:

CradlePoint Series 2 Router Firmware Update Instructions

CradlePoint Series 3 Router Firmware Update Instructions

 

 

Permalink

0 Comments - Leave a Comment

COR IBR600LE2-SP


Sprint 4G LTE

To activate the CradlePoint IBR600LE2-SP modem with Sprint service, you will need to obtain a Sprint SIM card with 2FF format and have the MEID number that is listed on the bottom for the CradlePoint.

User-added image                 User-added image
  1. Obtain a Sprint SIM card with 2FF format – SKU SIMGLW106R – from your Sprint Account Manager or Sprint-Reseller Sales Representative.  A device cannot be activated without a SIM card.
  2. After you have received the SIM, contact your Sprint-Reseller Sales Representative or Sprint Account Manger to create an appropriate data account.  To establish Sprint service, provide the MEID from the device product label and the ICC ID from the SIM card during the account setup process.  Once this step is complete, your account will be ready for activation.
  3. After your account is activated, insert your SIM card – notch-end first with the gold contact down – into the SIM slot of the COR LTE modem (it will click into place), shut the cover door and attach the included antennas (finger tight only).
  4. Attach the power cable to the router and power on the unit. Ensure the SIM door is shut to access the On/Off switch.
  5. Wait approximately five (5) minutes for the modem to activate on Sprint’s network, the router to reset, and the connection to establish. This time frame assumes a good signal strength area of 3+ bars.
  6. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network).


Troubleshooting

Check modem signal strength LEDs to make sure the unit is in a good Sprint coverage area (2+ bars). If not adequate, move the router to a different location.




ARC MBR1400LE2-SP & ARC CBA750B-LE2-SP


Sprint 4G LTE

To activate the CradlePoint ARC MBR1400LE2-SP or ARC CBA750B-LE2-SP modem with Sprint service, you will need to obtain a Sprint SIM card with 2FF format and have the MEID number that is listed on the bottom for the CradlePoint.

User-added image                 User-added image
  1. Obtain a Sprint SIM card with 2FF format – SKU SIMGLW106R – from your Sprint Account Manager or Sprint-Reseller Sales Representative.  A device cannot be activated without a SIM card.
  2. After you have received the SIM, contact your Sprint-Reseller Sales Representative or Sprint Account Manger to create an appropriate data account.  To establish Sprint service, provide the MEID from the device product label and the ICC ID from the SIM card during the account setup process.  Once this step is complete, your account will be ready for activation.
  3. After your account is activated, insert your SIM card – notch-end first with the gold contact down – into the SIM slot of the ARC LTE modem (it will click into place) and attach the included antennas (finger tight only).
  4. Attach the power cable to the router and power on the unit. Ensure the SIM door is shut to access the On/Off switch.
  5. Wait approximately three (3) minutes for the modem to activate on Sprint’s network, the router to reset, and the connection to establish. This time frame assumes a good signal strength area of 3+ bars.
  6. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network).


Troubleshooting

Check modem signal strength LEDs to make sure the unit is in a good Sprint coverage area (2+ bars). If not adequate, move the router to a different location.




COR IBR600E-SP & COR IBR650E-SP
Sprint 3G EVDO

 
A wireless broadband data plan must be added to your COR product. A new line of service can be added, or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Sprint, and are required to allow your modem to connect and transfer data on their network.

To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact your Sprint representative and provide them with the COR IBR600E or COR IBR650E model number and ESN from the product.

After adding a data plan to the router the first time the COR router is powered on, an Over the Air activation process will start and may take a few minutes.  When modem activation is complete, confirm the modem LED is solid green on the router.
 


COR IBR650W, ARCMBR1400W,
ARC CBA750B-W, ARC CBA750W
Sprint 4G WiMAX

A wireless broadband data plan must be added to your ARC product. A new line of service can be added, or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Sprint, and are required to allow your modem to connect and transfer data on their network

To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Sprint representative and provide them with the MC100W model number and WiMAX MAC Address from the product. (Note that ARC MBR1400 or ARC CBA750 will not be visible in the Sprint system – it will show up as MC100W that is the modem part of the ARC product).

VERIFY THE CARRIER REALM

ARC MBR1400W &  ARC CBA750B-W

The MBR1400 defaults to the Sprint network realm. If it has been changed, you will need to revert your WiMAX realm back to Sprint

  1. Connect your ARC MC100W modem to the ARC CBA750 Adapter
  2. Connect the computer to the CradlePoint adapter with an Ethernet cable
  3. Open a browser window and type http://192.168.0.1 in the address bar. Press enter/return.
  4. When prompted, enter your password, default is the last six characters of your MAC address found on the product label.
  5. Click the MODEM tab on the top navigation bar, then SETTINGS in the left menu.
  6. Under MODEM SPECIFIC SETTINGS find WiMAX SETTINGS.
  7. Choose Sprint from the Carrier drop-down menu
  8. Click SAVE SETTINGS at the top of the page and then REBOOT NOW when prompted.


COR IBR650W

The COR IBR650W defaults to the Clear network realm. If it has not been changed, you will need to change the WiMAX realm to Sprint.

  1. Connect the computer to the CradlePoint router with an Ethernet cable or via Wi-Fi
  2. Open a browser window and type http://192.168.0.1 in the address bar. Press enter/return.
  3. When prompted, enter your password, default is the last eight characters of your MAC address found on the product label.
  4. Click the INTERNET tab on the top navigation bar, then CONNECTION MANAGER link.
  5. Select the WiMAX: Internal WiMAX modem in the WAN Interfaces list and click the EDIT button.
  6. Click the WiMAX SETTINGS tab
  7. Choose Sprint 3G/4G from the Carrier drop-down menu
  8. Click SUBMIT at the bottom of the page.


CBA750 &  ARC CBA750W  
*** Note:  The CradlePoint CBA750 & ARC CBA750W were discontinued as of May 1, 2013 ***

The CBA750 defaults to the Sprint network realm. If it has been changed, you will need to revert your WiMAX realm back to Sprint

  1. Connect your ARC MC100W modem to the ARC CBA750 Adapter
  2. Connect the computer to the CradlePoint adapter with an Ethernet cable
  3. Open a browser window and type http://192.168.0.1 in the address bar. Press enter/return.
  4. When prompted, enter your password, default is the last six characters of your MAC address found on the product label.
  5. Click the MODEM tab on the top navigation bar, then SETTINGS in the left menu.
  6. Under MODEM SPECIFIC SETTINGS find WiMAX SETTINGS.
  7. Choose Sprint from the Carrier drop-down menu
  8. Click SAVE SETTINGS at the top of the page and then REBOOT NOW when prompted.



ARC MBR1400E-SP & ARC CBA750E-SP
*** Note:  The CradlePoint MC100E modem cap was discontinued as of November 5, 2012 ***
Sprint 3G EVDO


A wireless broadband data plan must be added to your ARC product. A new line of service can be added or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Sprint, and are required to allow your modem to connect and transfer data on their network

To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Sprint representative and provide them with the MC100E model number and ESN from the product. (Note that ARC MBR1400 or ARC CBA750 will not be visible in the Sprint system – it will show up as MC100E which is the modem part of the ARC product).

After adding a data plan to the modem the first time the ARC modem is plugged and powered an Over the Air activation process will start and may take a few minutes.  When modem activation is complete, confirm the modem USB2 is solid green on the router.
 
 

Permalink

0 Comments - Leave a Comment

AER 2100LE-VZ
VERIZON 4G LTE

Verizon LTE SIM activation process

  1. Obtain a properly provisioned SIM from your Verizon or Verizon-reseller sales representative.  SIM provisioning is done the same way as USB modem SIM provisioning.  The standard plans are “Mobile Broadband.”*
  2. Insert your SIM card into the SIM slot of the AER LTE modem and attach the two included antennas (finger tight only).
  3. Connect the AER LTE modem to the compatible CradlePoint AER 2100.
  4. Power on unit and check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  5. Confirm that the Internal modem1 light is solid green on the router (indicates activation successful and router is connected to the network). This should take less than 5 minutes.

*Note: Router pricing plans for B2B customers and M2M small data limits and pooled plans are also available for this product.  These plans are available only through Verizon business representatives.  Contact your Verizon representative for more information.

For static SIM process please see the following        

Verizon LTE customers with static IP address SIMs

To ensure proper initial activation of your LTE static IP SIM with the Verizon network while in a CradlePoint router or adapter, please follow these steps the first time you use the product:

  1. Confirm with your Verizon sales representative that your account and SIM have been properly provisioned with a static IP address on the Verizon network. SIM provisioning is done the same way as USB modem SIM provisioning.
  2. Insert your SIM card into the SIM slot of the AER LTE modem and attach the two included antennas (finger tight only).
  3. Connect the AER LTE modem to the compatible CradlePoint AER 2100.
  4. Power on unit and check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  5. Wait up to 60 minutes for the activation process to complete. DO NOT POWER OFF ROUTER OR UNPLUG AER MODEM
  6. When modem activation is complete, the Internal modem1 LED will turn solid green on the router or adapter.

ARC MBR1400LE-VZ, ARC CBA750B-LE-VZ & ARC CBA750LE-VZ

*** Note:  The CradlePoint CBA750 & ARC CBA750LE-VZ were discontinued as of May 1, 2013 ***

VERIZON 4G LTE

Verizon LTE SIM activation process

  1. Obtain a properly provisioned SIM from your Verizon or Verizon-reseller sales representative.  SIM provisioning is done the same way as USB modem SIM provisioning.  The standard plans are “Mobile Broadband”.*
  2. Insert your SIM card into the SIM slot of the ARC LTE modem and attach the two included antennas (finger tight only).
  3. Connect the ARC LTE modem to the compatible CradlePoint ARC MBR1400 or ARC CBA750.
  4. Power on unit and check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  5. Confirm that the modem USB1 light is solid green on the router (indicates activation successful and router is connected to the network). This should take less than 5 minutes.


*Note: Router pricing plans for B2B customers and M2M small data limits and pooled plans are also available for this product.  Note that these plans are available only through Verizon business representatives.  Contact your Verizon representative for more information.

For static SIM process please see the following        

Verizon LTE customers with static IP address SIMs

To ensure proper initial activation of your LTE static IP SIM with the Verizon network while in a CradlePoint router or adapter, please follow these steps the first time you use the product:

  1. Confirm with your Verizon sales representative that your account and SIM have been properly provisioned with a static IP address on the Verizon network. SIM provisioning is done the same way as USB modem SIM provisioning.
  2. Insert your SIM card into the SIM slot of the ARC LTE modem and attach the two included antennas (finger tight only).
  3. Connect the ARC LTE modem to the compatible CradlePoint ARC MBR1400 or ARC CBA750.
  4. Power on unit and check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  5. Wait up to 60 minutes for the activation process to complete. DO NOT POWER OFF ROUTER OR UNPLUG ARC MODEM
  6. When modem activation is complete, the modem USB1 LED will turn solid green on the router or adapter.
ARC MBR1400E-VZ & ARC CBA750E-VZ

*** Note:  The CradlePoint MC100E modem cap was discontinued as of November 5, 2012 ***

VERIZON 3G EVDO

A wireless broadband data plan must be added to your ARC product. A new line of service can be added or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Verizon, and are required to allow your modem to connect and transfer data on their network

To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Verizon representative and provide them with the MC100E model number and ESN from the product. (Note that ARC MBR1400 or ARC CBA750 will not be visible in the Verizon system – it will show up as MC100E which is the modem part of the ARC product).

After adding a data plan to the modem, the modem may need to be activated from the router.
To activate the modem.

ARC MBR1400
Login to the MBR1400 setup pages (click here for instructions) and select Internet from the top navigation bar then Connection Manager from the drop-down menu, find and select the CradlePoint “EVDO Modem” and click Control modem and click Activate.
When modem activation is complete, confirm the modem USB2 is solid green on the router.

ARC CBA750
Login to the CBA750 setup pages (click here for instructions) and select Modem from the top navigation bar and Update from the left menu.  Clickupdate. When modem activation is complete, confirm the modem USB2 is solid green on the router.

 

COR IBR600LE-VZ & COR IBR650LE-VZ
VERIZON 4G LTEVerizon LTE SIM activation process1. Obtain a properly provisioned SIM from your Verizon or Verizon-reseller sales representative. SIM provisioning is done the same way as USB modem SIM provisioning. The standard plans are “Mobile Broadband.”*

2. Insert your SIM card into the SIM slot of the COR IBR600LE, shut the cover door, and attach included antennas
(finger tight only).

3. Power on the unit (ensure the SIM door is shut, and the on/off switch is set to on “I” which is next to the door)

4. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).

5. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network). This should take less than 5 minutes.

*Note: Router pricing plans for B2B customers and M2M small data limits and pooled plans are also available for this product. Note that these plans are available only through Verizon business representatives. Contact your Verizon representative for more information.

Verizon LTE customers with static IP address SIMs

To ensure proper initial activation of your LTE static IP SIM with the Verizon network while in a CradlePoint router, please follow these steps the first time you use the product:

  1. Confirm with your Verizon sales representative that your account and SIM have been properly provisioned with a static IP address on the Verizon network. SIM provisioning is done the same way as USB modem SIM provisioning.
  2. Insert your SIM card into the SIM slot of the COR IBR6x0LE, shut the cover door, and attach the two included antennas (finger tight only).
  3. Connect the AER LTE modem to the compatible CradlePoint AER 2100.
  4. Power on the unit (ensure the SIM door is shut, and the on/off switch is set to on “I” which is next to the door)
  5. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  6. Wait up to 60 minutes for the activation process to complete. DO NOT POWER OFF ROUTER.
  7. When modem activation is complete, the modem LED will turn solid green on the router.
COR IBR600E-VZ & COR IBR650E-VZ
VERIZON 3G EVDO


A wireless broadband data plan must be added to your COR product. A new line of service can be added, or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Verizon, and are required to allow your modem to connect and transfer data on their network

To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Verizon representative and provide them with the COR IBR600E or COR IBR650E model number and ESN from the product.

After adding a data plan to the COR IBR600E or COR IBR650E router, the modem may need to be activated.
To activate the modem.

COR IBR600E & COR IBR650E
Login to the COR setup pages (click here for instructions) and select Internet from the top navigation bar then Connection Manager from the drop-down menu, find and select the CradlePoint “EVDO Modem” and click Control modem and click Activate.
When modem activation is complete, confirm the modem LED is solid green on the router.

Permalink

0 Comments - Leave a Comment

AER 2100LE-VZ
AT&T 4G LTESIM activation process:

  1. Obtain an LTE SIM with an active data plan from your AT&T account manager or AT&T-reseller sales representative.  If requested during activation, the IMEI for the device can be found on the product label.
  2. Insert your SIM notch-end first into the SIM slot of the AER LTE modem (it will click into place), and attach included antennas (finger tight only).
  3. Connect the AER LTE modem to the compatible CradlePoint AER 2100.
  4. Attach the power cable and power on unit.
  5. The router will automatically connect to the AT&T network after installing the SIM and turning the unit on.  If using a custom APN see “Configuing a Customer APN” section below.
  6. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  7. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network). This should take about 1 minute.

Configuring a Custom APN:

  1. Log into the routers administration page (login instructions).
  2. Navigate the menu to Internet -> Connection Manager
  3. Select the LTE: LTE/HSPA+ modem, click Edit
  4. Click the SIM/APN/AUTH Settings tab, select Manual and type in your APN.
    • If your APN came with a Username and Password (they usually don’t) Place a dot next to Select then input your username and password in the appropriate fields.
  5. Click Submit and the modem will reboot and connect to the network using your new APN.
ARC MBR1400LP-AT, ARC CBA750B-LP-AT & ARC CBA750LP-AT

*** Note:  The CradlePoint CBA750 & ARC CBA750LP-AT were discontinued as of May 1, 2013 ***


AT&T 4G LTE

SIM activation process: 

  1. Obtain an LTE SIM with an active data plan from your AT&T account manager or AT&T-reseller sales representative.  If requested during activation, the IMEI for the device can be found on the product label.
  2. Insert your SIM notch-end first into the SIM slot of the ARC LTE modem (it will click into place), and attach included antennas (finger tight only).
  3. Connect the ARC LTE modem to the compatible CradlePoint ARC MBR1400 or ARC CBA750.
  4. Attach the power cable and power on unit.
  5. The router will automatically connect to the AT&T network after installing the SIM and turning the unit on.  If using a custom APN see step 8 below.
  6. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  7. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network). This should take about 1 minute.

Configuring a Custom APN:

ARC MBR1400 & ARC CBA750B:

  1. Log into the routers administration page (login instructions).
  2. Navigate the menu to Internet -> Connection Manager
  3. Select the LTE: Internal LTE/HSPA+ modem, click Edit
  4. Click the SIM/APN/AUTH Settings tab, select Manual and type in your APN.
    • If your APN came with a Username and Password (they usually don’t) Place a dot next to Select then input your username and password in the appropriate fields.
  5. Click Submit and the modem will reboot and connect to the network using your new APN.

ARC CBA750:

  1. Log into the routers administration page (login instructions).
  2. Navigate to Modem -> Settings
  3. Under Modem Specific Settings -> Access Point Name (APN) select Manual Entry and type in your APN.
  4. Click Save Settings at the top of the page and then select Reboot Now.


AT&T has provided a Notice of Network Compatibility for the MC200LP-AT (the modem portion of the ARC product). This allows use of the device on AT&T’s broadband network and is compatible to use with AT&T data plans.


COR IBR600LP-AT, COR IBR600P-AT, COR IBR650P-AT


AT&T 4G LTE

SIM activation process:  

  1. Obtain an LTE SIM with an active data plan from your AT&T account manager or AT&T-reseller sales representative.  If requested during activation, the IMEI for the device can be found on the product label.
  2. Insert your SIM notch-end first into the SIM slot of the COR IBR6x0LP (it will click into place), shut the cover door, attach included power cord and antennas (finger tight only).
  3. Power on the unit (ensure the SIM door is shut and the on/off switch is set to on “I” which is next to the door).
  4. The router will automatically connect to the AT&T network after installing the SIM and turning the unit on.  If using a custom APN see step 7 below.
  5. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  6. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network). This should take about 1 minute.

 
Configuring a Custom APN:

If the router does not connect to the network automatically or if you were assigned a CCS or custom APN you will need to configure your APN settings by following these instructions:

  1. Log into the routers administration page (login instructions).
  2. Navigate the menu to Internet -> Connection Manager
  3. Select the LTE: Internal LTE/HSPA+ modem, click Edit
  4. Click the SIM/APN/AUTH Settings tab, select Manual and type in your APN.
    • If your APN came with a Username and Password (they usually don’t) Place a dot next to Select then input your username and password in the appropriate fields.
  5. Click Submit and the modem will reboot and connect to the network using your new APN.


AT&T has provided a Notice of Network Compatibility for the IBR600LP-AT. This allows use of the device on AT&T’s broadband network and is capable to be used with AT&T’s data plans.

Permalink

0 Comments - Leave a Comment

AER 2100LP-F, AER 2100LP2-UK, AER 2100LP2-EU

SIM activation process:

  1. Obtain an LTE SIM with an active data plan from your cellular account manager or sales representative.
  2. Insert your SIM notch-end first with the contacts facing down into the SIM slot of the AER LTE modem (it will click into place), and attach included antennas (finger tight only).
  3. Connect the AER LTE modem to the compatible CradlePoint AER 2100.
  4. Attach the power cable and power on unit.
    • The router may automatically connect to the network after installing the SIM and turning the unit on.  If it does not connect, please consult the “Configuring an APN” section.
  5. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  6. Confirm that the Internal modem 1 light is solid green on the router (indicates activation successful and router is connected to the network).

Configuring an APN:

For many international carriers an APN must be manually configured in the router.  You can configure your APN settings by following these instructions:

  1. Log into the router administration page (login instructions).
  2. Navigate the menu to Internet -> Connection Manager
  3. Select the LTE: LTE/HSPA+ modem, click Edit
  4. Click the SIM/APN/AUTH Settings tab, select Manual and type in your APN.
    • If your APN came with a Username and Password (they usually don’t)  Input your username and password in the appropriate fields.
  5. Click Submit and the modem will reboot and connect to the network using the new APN.

COR IBR600LP, COR IBR600LP2-EU
COR IBR600P(-INTL), COR IBR650P(-INTL)


SIM activation process: 

  1. Obtain an LTE SIM with an active data plan from your cellular account manager or sales representative.
  2. Insert your SIM notch-end first with the contacts facing down into the SIM slot of the COR IBR600LP (it will click into place), shut the cover door, attach included power cord and antennas (finger tight only).
  3. Power on the unit (ensure the SIM door is shut and the on/off switch is set to on “I” which is next to the door).
  • The router may automatically connect to the network after installing the SIM and turning the unit on.  If it does not connect, please consult the “Configuring an APN” section.
  1. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  2. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network).


Configuring an APN:


For many international carriers an APN must be manually configured in the router.  You can configure your APN settings by following these instructions:

  1. Log into the routers administration page (login instructions).
  2. Navigate the menu to Internet -> Connection Manager
  3. Select the Modem: Internal…, click Edit
  4. Click the SIM/APN/AUTH Settings tab, select Manual and type in your APN.
    • If your APN came with a Username and Password (they usually don’t)  Input your username and password in the appropriate fields.
  5. Click Submit and the modem will reboot and connect to the network using the new APN.
ARC MBR1400LP, ARC CBA750B-LP
ARC MBR1400LP-EU, ARC CBA750B-LP-EU

SIM activation process:

  1. Obtain an LTE SIM with an active data plan from your cellular account manager or sales representative.
  2. Insert your SIM notch-end first with the contacts facing down into the SIM slot of the ARC LTE modem (it will click into place), and attach included antennas (finger tight only).
  3. Connect the ARC LTE modem to the compatible CradlePoint ARC MBR1400 or ARC CBA750B.
  4. Attach the power cable and power on unit.
    • The router may automatically connect to the network after installing the SIM and turning the unit on.  If it does not connect, please consult the “Configuring an APN” section.
  5. Check modem signal strength LEDs to make sure the unit is in a good coverage area (2+ bars).
  6. Confirm that the modem light is solid green on the router (indicates activation successful and router is connected to the network).

Configuring an APN:

For many international carriers an APN must be manually configured in the router.  You can configure your APN settings by following these instructions:

ARC MBR1400 & ARC CBA750B:

  1. Log into the router administration page (login instructions).
  2. Navigate the menu to Internet -> Connection Manager
  3. Select the LTE: Internal LTE/HSPA+ modem, click Edit
  4. Click the SIM/APN/AUTH Settings tab, select Manual and type in your APN.
    • If your APN came with a Username and Password (they usually don’t)  Input your username and password in the appropriate fields.
  5. Click Submit and the modem will reboot and connect to the network using the new APN.

Permalink

0 Comments - Leave a Comment

This article explains your CradlePoint ARC and COR modem activation options.

Click here for AT&T activation instructions

  • ARC 4G LTE/HSPA+
  • COR 4G LTE/HSPA+
  • COR 3G HSPA+

Click here for CLEAR activation instructions

  • ARC 4G WiMAX
  • COR 4G WiMAX

Click here for SPRINT activation instructions

  • ARC 4G WiMAX
  • ARC 3G EVDO
  • ARC 3G EVDO

Click here for VERIZON activation instructions

  • ARC 4G LTE
  • ARC 3G EVDO
  • COR 4G LTE
  • COR 4G EVDO

Click here for International activation instructions

  • ARC 4G LTE/HSPA+
  • COR 4G LTE/HSPA+
  • COR 3G HSPA+

Permalink

0 Comments - Leave a Comment

Understanding the difference between Standard COR IBRs & Active Standalone GPS versions of the IBR600LE-PWD & IBR600LP-PWD


On standard versions of COR we support GPS and reception is received on the auxiliary (2nd) modem antenna port.  Our default modem antennas don’t provide great GPS reception.  There is a 3rd dedicated GPS antenna port on the module inside COR (that isn’t used in regular versions or COR).  In the –PWD versions this dedicated GPS port is wired to one of the WiFi antenna ports, which is now the new dedicated GPS port.  WiFi no longer uses that port so it is only running with 1 antenna which isn’t a major issue for most GPS applications.  The dedicated GPS port is powered (PWD) from COR.  This means an active (meaning powered at 3.3V, 100mA max) GPS antenna can be attached to the dedicated GPS port and placed on top of a vehicle providing a much stronger signal and low attenuation.  Active GPS antennas are readily available in the market.

Main differences between COR PWD and COR:
  • 1×1 n WiFi instead of 2×2 n WiFi
  • Active GPS antenna port at 3.3V, 100mA max (SMA adapter included to convert WiFi port to standard SMA active GPS port)
  • The GPS function is turned on by default, where as in the standard COR the default is disabled
IBR600LE-PWD & IBR600LP-PWD Setup:
The IBR600LE-PWD & IBR600LP-PWD ship with 3 antenna; 2 cellular and 1 WiFi, and a R-SMA to SMA adapter for connecting a GPS antenna.  It does not ship with a GPS antenna.IBR600LE-PWD & IBR600LP-PWD WiFi and GPS Antenna Connectors
User-added image

R-SMA to SMA adapter
User-added image
WiFi Antenna
User-added image
IBR600LE-PWD/IBR600LP-PWD Cellular Antenna Connectors
User-added image

IBR600LE-PWD/IBR600LP-PWD Cellular Antennas
User-added image

To Install:

  1. Match the antenna to the connector
  2. Connect the antenna and tighten by hand.
How to Activate the IBR600LE-PWD or IBR600LP-PWD

For instructions on activating the IBR600LE-PWD click here, look for the COR IBR600LE-VZ section.

For instructions on activating the IBR600LP-PWD click here, look for the COR IBR600LP-AT section.

Permalink

0 Comments - Leave a Comment

Introduction


 

Package Contents


  • AER 2100 with integrated business-class 3G/4G modem
  • External 3G/4G mobile broadband modem antennas (2) (SMA) w/ multiplexing for GPS; finger tighten only
  • External dual-band high-gain WiFi antennas (3) reverse SMA (5 dBi, 2.4 GHz, 5 dBi 5 GHz, VSWR <= 2); finger tighten only
  • 12V 3A AC/DC power adapter (WARNING: using a power adapter other than the one provided may damage the device and will void the warranty)
  • Ethernet cable
  • Multipurpose Retaining Tool with screws for securing
  • Quick Start Guide with warranty information

 

System Requirements


  • At least one Internet source: a CradlePoint integrated 3G/4G modem with an active data plan, an Ethernet-based modem, or WiFi as WAN
  • Windows 2000/XP/7/8, Mac OS X, or Linux computer (with WiFi adapter – 802.11n recommended – for WiFi functionality).
  • Internet Explorer v6.0 or higher, Firefox v2.0 or higher, Safari v1.0 or higher.

 

Specifications


The All-in-One, Cloud-Managed Networking Platform for the Distributed Enterprise

The CradlePoint AER 2100 is the first in a new generation of cloud-managed 4G networking solutions that helps enterprises increase bandwidth and achieve five-nines reliability in a secure, flexible, and open-architecture platform. As a cloud-managed solution, the CradlePoint AER is designed for the distributed enterprise to intelligently manage wired and 4G wireless connectivity for a more reliable “connected experience” at the edge. Network administrators can extend applications and services to remote branches with a solution that is customizable through the real-time deployment of cloud-enabled services, applications, and analytics. This all-in-one solution combined with CradlePoint’s Enterprise Class Support is defining a new standard for networking in the distributed enterprise.

A CradlePoint MC400 integrated 4G LTE modem comes standard with the AER 2100. Add a second integrated MC400 modem for a complete “cut-the-wire” 4G LTE solution, fusing enterprise reliability with unparalleled agility.

image


Key Features

WAN

  • Integrated 4G LTE (with 3G failover)
    • Verizon, AT&T, Sprint, Europe, and generic models available
    • Dual integrated modem option
    • Dual SIM slot in each modem
    • Most models include support for active GPS
  • WiFi as WAN
  • Failover/Failback
  • Load Balancing
  • Advance Modem Failure Check
  • WAN Port Speed Control
  • WAN/LAN Affinity
  • IP Passthrough

LAN

  • VLAN 802.1Q
  • DHCP Server, Client, Relay
  • DNS and DNS Proxy
  • DynDNS
  • UPnP
  • Zone Firewall
  • DMZ
  • Multicast/Multicast Proxy
  • QoS (DSCP and Priority Queuing)
  • MAC Address Filtering

WiFi

  • Dual-Band Dual-Concurrent (3×3 MIMO)
  • 802.11ac (a, b, g, n, ac)
  • Up to 256 connected devices (128 per channel – 2.4 GHz and 5 GHz)
  • WPA2 Enterprise (WiFi)
  • Hotspot/Captive Portal
  • SSID-based Priority

Management

  • CradlePoint Enterprise Cloud Manager²
  • Web UI, API, CLI
  • GPS Location
  • Data Usage Alerts (router and per client)
  • Advanced Troubleshooting (support)
  • Device Alerts
  • SNMP
  • SMS control
  • Serial Redirector

VPN and Routing

  • IPsec Tunnel
  • OpenVPN (SSL VPN)¹
  • L2TP¹
  • GRE Tunnel
  • OSPF/BGP/RIP¹
  • Per-Interface Routing
  • Routing Rules
  • NAT-less Routing
  • Virtual Server/Port Forwarding
  • NEMO/DMNR¹
  • IPv6
  • VRRP¹
  • STP¹
  • NHRP¹

Security

  • RADIUS and TACACS+
  • 802.1x authentication for Ethernet
  • Zscaler integration¹
  • Certificate support
  • ALGs
  • MAC Address Filtering
  • Advanced Security Mode (local user management only)
  • Per-Client Web Filtering
  • IP Filtering
  • Content Filtering (basic)
  • Website Filtering

Cloud Optimized IP Communications

  • Automated WAN Failover/Failback support
  • WAN Affinity and QoS allow prioritization of VoIP services
  • Advanced VPN connectivity options to HQ
  • SIP ALG and NAT to allow VoIP and UC communications to traverse firewall
  • MAC Address Filtering
  • 802.1p/q for LAN QoS segmentation and treatment of VoIP on LAN
  • Private Network support (wired and 4G WAN)
  • Cloud-based management²

1 – Requires an Extended Enterprise License
2 – Enterprise Cloud Manager requires a subscription


Extended Enterprise License (subscription required)

Routing

  • OSPF/BGP/RIP
  • VRRP
  • STP
  • NHRP

VPN & Tunneling

  • OpenVPN (SSL VPN)
  • L2TP

NEMO (Network Mobility) / DMNR (Dynamic Mobile Network Routing for Verizon)

  • NEMO/DMNR Primary
  • NEMO/DMNR Failover (Pending Verizon certification)

Cloud Security

  • Seamless integration with Zscaler’s secure web gateway. Depending on your Zscaler implementation, this could include:
    • Global Cloud Platform
    • Real-Time Reporting
    • Behavioral Analysis
    • URL Filtering
    • Advanced Threat Protection
    • Inline Anti-Virus & Anti-Spyware
    • Web 2.0 Control
    • Data Loss Prevention
    • Bandwidth Management
    • Web Access Control
    • And more…

Specifications

  • WAN: Integrated 4G LTE (one modem included; dual-modem option), 10/100/1000 Ethernet ports (cable/DSL/T1/satellite/Metro Ethernet), WiFi (as WAN; Metro WiFi) 3×3 MIMO 2.4 GHz or 5 GHz (802.11 a/b/g/n/ac)
  • LAN: Dual-band dual-concurrent WiFi (802.11 a/b/g/n/ac), five 10/100/1000 Ethernet ports (WAN/LAN switchable), serial console support w/ USB-to-serial adapter
  • TEMPERATURE:
    • 0°C to 50°C (32°F to 122°F) operating
    • −20°C to 70°C (−4°F to 158°F) storage
  • HUMIDITY (non-condensing):
    • 10% to 85% operating
    • 5% to 90% storage
  • MEMORY: 256 MB DRAM; 16MB SPI Flash; 256 MB NAND Flash
  • SIZE: 10.25×8.5×1.75 in (260x214x45 mm)
  • CERTIFICATIONS: FCC, WiFi Alliance, CE, IC, carrier certifications
  • LAN TO WAN: 940 Mbps
  • WAN TO LAN: 940 Mbps
  • Stateful Throughput: 940 Mbps
  • WIFI POWER: FCC maximum power reported:
    • 2.4 GHz band: 24.47 dBm
    • Lower 5 GHz band: 16.9 dBm
    • Upper 5 GHz band: 27.77 dBm

What’s In The Box

  • AER 2100 with integrated MC400 4G LTE modem
  • External 3G/4G mobile broadband modem antennas (2) (SMA) w/ multiplexing for GPS; finger tighten only
  • External dual-band high-gain WiFi antennas (3) reverse SMA (5 dBi, 2.4 GHz, 5 dBi 5 GHz, VSWR ≤ 2); finger tighten only
  • 12V 3A AC/DC power adapter
  • Multipurpose Retaining Tool
  • Ethernet cable
  • Quick Start Guide with warranty information

Feature Details

  • WAN Security – IPS/IDS & Application Identification (subscription required), NAT, SPI, ALG, inbound filtering of IP addresses, port blocking, service filtering (FTP, SMTP, HTTP, RPL, SNMP, DNS, ICMP, NNTP, POP3, SSH), protocol filtering, WAN ping (allow/ignore)
  • Redundancy and Load Balancing – Failover/failback on all WAN connections with rule selection; advanced load balancing options (round robin, spillover, data usage, rate); WAN failure detection; VRRP (subscription required)
  • Intelligent Routing – UPnP, DMZ, virtual server/port forwarding, routing rules, NAT-less routing, wired or wireless WAN-to-LAN IP passthrough, route management, per-interface routing, content filtering, IP filtering, website filtering, per-client Web filtering, local DHCP server, DHCP client, DHCP relay, DNS, DNS proxy; ALGs: PPTP, L2TP, PPPoE passthrough, IPsec passthrough, FTP (passive), FTP (active), SIP, TFTP, IRC, MAC address filtering, Dynamic DNS, LAN/WAN affinity, VLAN support (802.1Q), STP, enterprise routing protocols: BGP/OSPF/RIP (subscription required), multicast proxy support, IP setting overrides, IPv6 support
  • Management – Enterprise Cloud Manager: cloud-enabled management and application platform (subscription required); web-based GUI (local management), optional RADIUS or TACACS+ username/password; remote WAN web-based management w/ access control (HTTP, HTTPS); SNMP v1, v2c, & v3; CLI over SSH, SSH to serial, SSH to telnet; API; one-button firmware upgrade; modem configuration, update, and management; modem data usage w/ alerts, per-client data usage; custom AT scripting to modems; SMS for device recovery
  • Performance & Health Monitoring – WiPipe™ advanced QoS with traffic shaping, with DSCP/DiffServe QoS, Modem Health Management (MHM) improves connectivity of modem, SSID-based priority, WAN port speed control, several levels of basic and advanced logging for troubleshooting
  • VPN (IPsec) – Tunnel, NAT-T, and transport modes; connect to CradlePoint, Cisco/Linksys, CheckPoint, Watchguard, Juniper, SonicWall, Adtran and others; certificate support; Hash (MD5, SHA128, SHA256, SHA384, SHA512), Cipher (AES, 3DES, DES); support for 20 concurrent connections; GRE tunneling; L2TP support (subscription required); multiple networks supported in a single tunnel; OpenVPN/SSL VPN (subscription required); site-to-site dynamic VPN with NHRP (subscription required)
  • GPS – Active GPS supported on most models (see attached); GUI mapping as well as local or remote server logging

Services, Support, and Warranty

  • CradleCare Support Agreement available with technical support, software upgrades, and advanced hardware exchange – 1, 3, and 5 year options
  • One-year limited hardware warranty available in the US and Canada; two-year limited hardware warranty for integrated EU products when purchased from an authorized EU distributor – extend warranty to 2, 3, or 5 years
  • CradleCare Site Survey and Installation services offered for rapid deployment

Accessories

  • Second integrated 4G LTE modem
    • MC400LPE-VZ (Verizon)
    • MC400LPE-AT (AT&T)
    • MC400LPE-GN (generic – for use on T-Mobile in the U.S. and Rogers, Bell, & TELUS in Canada)
    • MC400LE2-SP (Sprint)
    • MC400LP3-EU (Europe)
  • Standard rack mount with modem and WiFi cables (Part # 170629-000)
  • 12V 3A wall power adapter (Part # 170623-000)
  • 12V 4A wall power adapter (Part # 170624-000)
  • Directional Patch antennas for external (outside) mounting (Part # 170587-000)
  • Directional Yagi (Log-Periodic) antennas for external (outside) mounting (Part # 170588-000)
  • Omni-directional antennas for external (outside) mounting (Part # 170586-000)
  • 12″ Mag-mount antenna (Part # 170605-000)
  • 4″ Mini mag-mount antenna (Part # 170606-000)

Business-Grade Modem Specifications

AER 2100 models include an integrated 4G LTE modem (MC400); specific model names include a specific modem (e.g., the AER 2100LPE-VZ includes an MC400LPE-VZ modem for Verizon).

Please note that LPE models are flexible and support bands for multiple cellular providers; however, only the frequency bands in bold below are supported by the listed provider.

AER 2100LPE-VZ – 4G LTE/HSPA+/EVDO for Verizon

  • Technology: LTE, HSPA+, EVDO Rev A
  • Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps, EVDO 3.1 Mbps (theoretical)
  • Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps, EVDO 1.8 Mbps (theoretical)
  • Frequency Bands:
    • LTE Band 2 (1900 MHz), Band 4 – AWS (1700/2100 MHz), Band 5 (850 MHz), Band 13 (700 MHz), Band 17 (700 MHz), Band 25 (1900 MHz)
    • HSPA+/UMTS (850/900/1900/2100 MHz, AWS)
    • GSM/GPRS/EDGE (850/900/1800/1900 MHz)
    • CDMA EVDO Rev A/1xRTT (800/1900 MHz)
  • Power: LTE 23 dBm +/− 1, HSPA+ 23 dBm +/− 1, EVDO 24 dBm +0.5/−1 (typical conducted)
  • Antennas: two SMA male (plug), 1 dBi (LTE), 2 dBi (Cellular/PCS) gain; finger tighten only (maximum torque spec is 7 kgf-cm)
  • GPS: active GPS support
  • Industry Standards & Certs: FCC, Verizon
  • Modem Part Number: MC400LPE

AER 2100LPE-AT – 4G LTE/HSPA+/EVDO for AT&T

  • Technology: LTE, HSPA+, EVDO Rev A
  • Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps, EVDO 3.1 Mbps (theoretical)
  • Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps, EVDO 1.8 Mbps (theoretical)
  • Frequency Bands:
    • LTE Band 2 (1900 MHz)Band 4 – AWS (1700/2100 MHz)Band 5 (850 MHz), Band 13 (700 MHz), Band 17 (700 MHz), Band 25 (1900 MHz)
    • HSPA+/UMTS (850/900/1900/2100 MHz, AWS)
    • GSM/GPRS/EDGE (850/900/1800/1900 MHz)
    • CDMA EVDO Rev A/1xRTT (800/1900 MHz)
  • Power: LTE 23 dBm +/− 1, HSPA+ 23 dBm +/− 1, EVDO 24 dBm +0.5/−1 (typical conducted)
  • Antennas: two SMA male (plug), 1 dBi (LTE), 2 dBi (Cellular/PCS) gain; finger tighten only (maximum torque spec is 7 kgf-cm)
  • GPS: active GPS support
  • Industry Standards & Certs: PTCRB, FCC, IC, AT&T
  • Modem Part Number: MC400LPE

AER 2100LE2-SP – 4G LTE/EVDO for Sprint

  • Technology: LTE, EVDO Rev A
  • Downlink Rates: LTE 100 Mbps, EVDO 3.1 Mbps (theoretical)
  • Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps, EVDO 1.8 Mbps (theoretical)
  • Frequency Bands:
    • Band 25 (1900 MHz)
    • CDMA EVDO Rev A/1xRTT (800/1900 MHz)
  • Power: LTE 23 dBm +/− 1, EVDO 24 dBm +0.5/−1 (typical conducted)
  • Antennas: two SMA male (plug), 1 dBi (LTE), 2 dBi (Cellular/PCS) gain; finger tighten only (maximum torque spec is 7 kgf-cm)
  • GPS: standalone GPS support
  • Industry Standards & Certs: FCC, Sprint
  • Modem Part Number: MC400LE2

AER 2100LP3-EU (2100LP3-UK*) – 4G LTE/HSPA+ for Europe (United Kingdom)

  • Technology: LTE, HSPA+
  • Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps (theoretical)
  • Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps (theoretical)
  • Frequency Bands:
    • LTE Band 1 (2100 MHz), Band 3 (1800 MHz), Band 7 (2600 MHz), Band 8 (900 MHz), Band 20 (800 MHz)
    • HSPA+/UMTS (800/850/900/1900/2100 MHz)
    • GSM/GPRS/EDGE Quad-Band (850/900/1800/1900 MHz)
  • Power: LTE Band 1/3/8/20 – 23 dBm +/− 1; LTE Band 7 – 22 dBm +/− 1, HSPA+ 23 dBm +/− 1 (typical conducted)
  • Antennas: two SMA male (plug), 1 dBi (LTE), 2 dBi (Cellular/PCS) gain; finger tighten only
  • GPS: active GPS support
  • Industry Standards & Certs: CE, GCF-CC
  • Modem Part Number: MC400LP3

*The 2100LP3-EU and 2100LP3-UK models are equivalent except for the line cord.

AER 2100LPE-GN – 4G LTE/HSPA+/EVDO (generic – for use on T-Mobile in the U.S. and Rogers, Bell, & TELUS in Canada)

  • Technology: LTE, HSPA+, EVDO Rev A
  • Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps, EVDO 3.1 Mbps (theoretical)
  • Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps, EVDO 1.8 Mbps (theoretical)
  • Frequency Bands:
    • LTE Band 2 (1900 MHz), Band 4 (AWS), Band 5 (850 MHz), Band 13 (700 MHz), Band 17 (700 MHz), Band 25 (1900 MHz)
    • HSPA+/UMTS (850/900/1900/2100 MHz, AWS)
    • GSM/GPRS/EDGE (850/900/1800/1900 MHz)
    • CDMA EVDO Rev A/1xRTT (800/1900 MHz)
  • Power: LTE 23 dBm +/− 1, HSPA+ 23 dBm +/− 1, EVDO 24 dBm +0.5/−1 (typical conducted)
  • Antennas: two SMA male (plug), 1 dBi (LTE), 2 dBi (Cellular/PCS) gain; finger tighten only (maximum torque spec is 7 kgf-cm)
  • GPS: active GPS support
  • Industry Standards & Certs: PTCRB, FCC, IC
  • Modem Part Number: MC400LPE

 

Hardware


Front Panel

image

Back Panel

image

Left Side

With Cover

image

Cover Removed

image

With Two MC400 Integrated Modems (one included by default)

image

Right Side

image

Antennas

image

When connecting the provided antennas, review the connection points:

  • WiFi antennas have flat circular bases (RSMA).
  • Modem antennas have protruding pins (SMA).

 

LEDs


image – POWER

The CradlePoint AER 2100 must be powered using an approved 12V DC power source.

  • Green = Powered ON.
  • No Light = Not receiving power. Check the power switch and the power source connection.
  • Flashing Amber = Attention. Open the administration pages (see page 10) and check the router status.

image – ETHERNET WAN

Indicates information about a data source connected to the Ethernet WAN port.

  • Blue = Connected to an active Ethernet WAN interface.

image – WiFi BROADCAST

These two LEDs indicate activity on the WiFi broadcast for both the 2.4 GHz and 5 GHz bands.

  • 2.4G (green) = 2.4 GHz WiFi is on and operating normally.
  • 5G (blue) = 5 GHz WiFi is on and operating normally.

image – SIGNAL STRENGTH

Blue LED bars indicate the active modem’s signal strength.

  • 4 Solid Bars = Strongest signal.
  • 1 Blinking Bar = Weakest signal. (A blinking bar indicates half of a bar.)

image – INTEGRATED MODEM

Indicates the status of integrated modems.

image – EXTERNAL USB MODEM

Indicates the status of external USB modems. Both integrated and external USB modems have the following LED indicators:

  • Green = Modem has established an active connection.
  • Blinking Green = Modem is connecting.
  • Amber = Modem is not active.
  • Blinking Amber = Data connection error. No modem connection possible.
  • Blinking Red = Modem is in the process of resetting.

ADDITIONAL LED INDICATIONS

  • Several different LEDs flash when the factory reset button is detected.
  • Two of the modem LEDs blink red in unison for 10 seconds when there is an error during firmware upgrade.

Permalink

0 Comments - Leave a Comment

Quick Start


Basic Setup


1. Insert an activated SIM.

A wireless broadband data plan must be added to your CradlePoint AER 2100. Wireless broadband data plans are available from wireless carriers such as Verizon, AT&T, Sprint, EE, and Vodafone. The SIM must be provisioned with the carrier. Contact your carrier for details about selecting a data plan and about the process for provisioning your SIM.

Once you have an activated SIM, insert it into the integrated modem. Insert the SIM card into the slot marked SIM 1 (use the other slot, SIM 2, for a secondary/backup SIM).

image

Be sure to insert the card with the notch-end first and the gold contacts facing down – it will click into place.

image

2. Attach the integrated modem.

Follow these steps to attach the integrated modem:

1) Remove the left side panel cover from the router. Use a Phillips screwdriver to remove the screws, and use the Multipurpose Retaining Tool (included in the router package) to remove the cover.

image

2) Slide the modem into the side of the router. The protruding section of the green board fits into the groove.

image

3) Reattach the panel cover and screw it back on. (When necessary, remove the cover and modem using the Multipurpose Retaining Tool.)

3. Attach the WiFi and modem antennas.

Attach the three WiFi antennas (included) and two modem antennas to the connectors. Antennas are jointed, which enables you to position them for optimal signal. To attach, hold the antenna straight and twist the base of the antenna to connect, folding the joint if needed.

Examples of suggested antenna orientations:

Desk Mount

image

Wall Mount

image

Care should be taken to ensure that the router antennas are not near metal or other RF reflective surfaces.

4. Connect the power source.

Plug the provided power supply (12V DC wall adapter) into an electrical outlet. Then connect the power supply to the router.

image

Ensure power is switched on:

  • O = OFF
  • I = ON

When you set the power switch to the ON ( I ) position, watch for the power LED to illuminate.

If you would like to secure the power supply cord, attach the Multipurpose Retaining Tool as shown below. Secure with included screws.

image

5. Connect to a computer or other network equipment.

Connect wirelessly to the WiFi broadcast or with an Ethernet cable connected to your computer and then plugged into one of the Ethernet LAN ports (numbered 1–4).

The default WiFi network name broadcast is “2100-xxx”, where “xxx” is the last three characters of your router’s MAC address (this is the SSID on the product label). To connect to the WiFi, you will need to input the DEFAULT PASSWORD when prompted. The DEFAULT PASSWORD is provided on the product label found on the bottom of your router.

NOTE: The product label below is an example only: your DEFAULT PASSWORD and SSID will be unique.

image

Accessing the Administration Pages


Once you are connected, open the CradlePoint AER 2100’s GUI-based administration pages to make configuration changes to your router.

  1. Open a browser window and type “cp/” or “192.168.0.1” in the address bar. Press ENTER/RETURN.
  2. When prompted for your password, type the eight character DEFAULT PASSWORD found on the product label.

image

It’s possible – and more efficient – to do all your configuration changes through CradlePoint Enterprise Cloud Manager (ECM) without logging into the local administration pages. Set up a group of routers and set the configuration for all of them at once. See below for more information about ECM.

First Time Setup Wizard


When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your CradlePoint AER 2100. You have the ability to configure any of the following:

  • Administrator Password
  • Time Zone
  • WiFi Network Name
  • Security Mode
  • Access Point Name (APN) for SIM-based modems
  • Modem Authentication
  • Failure Check

If you are currently using the router’s WiFi network, you will need to reconnect your devices to the network using the newly established wireless network name and password.

NOTE: To return to the First Time Setup Wizard after your initial login, select GETTING STARTED on the top navigation bar and FIRST TIME SETUP in the dropdown menu.

Using Enterprise Cloud Manager


Rapidly deploy and dynamically manage networks at geographically distributed stores and branch locations with Enterprise Cloud Manager, CradlePoint’s next generation management and application platform. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs, and enhance the intelligence of your network and business operations.

Click here to sign up for a free 30-day ECM trial.

image

Depending on your ordering process, your devices may have already been bulk-loaded into ECM. If so, simply log in at cradlepointecm.comusing your ECM credentials and begin managing your devices seamlessly from the cloud.

image

If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”.

image

Once you have registered your device, go to cradlepointecm.com and log in using your ECM credentials.

For more information about how to use CradlePoint Enterprise Cloud Manager, see the following:

Permalink

0 Comments - Leave a Comment

My Aircard/Modem/Phone does not work when connected to the router. 

Symptom:

My aircard/modem/phone will not give me Internet connectivity when connected to my CradlePoint.

Cause:

There are several cause for this issue including but not limited to; you are using an unsupported device, your firmware may be out of date, or additional settings may need to be input into your Cradlepoint.

Resolution:

Is Your Device Supported?

One of the ways in which CradlePoint sets itself apart from competitors is our broad support of mobile broadband devices.  However, since each device has its own way of connecting to mobile broadband signals, if your data modem or smart phone is not able to connect, it may not be an officially supported device.

With every firmware update we add large numbers of new modems and smartphones, but as fast as the mobile broadband market is expanding, we can’t support each and every modem.  If your device is not on our Supported Devices List, it is actually not supported.  Some devices are supported on one carrier but not on another.  We update firmware to support new devices four times a year, and when its published, a device becomes certified and approved to work with CradlePoint routers.

To find if your device is supported, please visit our Modems page.

My Device is Supported

If your device is supported make sure your routers firmware is up to date.  Click on the links below for instructions on how to locate what version of firmware your CradlePoint is based on the model (If you are not sure what series CradlePoint you have, please click here).

Series 1 or 2

Series 3

If the firmware on the CradlePoint is out of date, click on the links below for instructions on how to update the firmware on your CradlePoint based on the model (If you are not sure what series CradlePoint you have, please click here).

Series 1 or 2

Series 3

The firmware on my Cradlepoint is up to date.

Sometimes a cellular device needs to be updated or have other configurations set correctly in order to make a connection through the router. If your device has not been updated recently, it is recommended that you do so. Simply, insert your device into your PC and, using the software provided by your cellular carrier, access the Internet. Follow the directions provided to complete the update. Once you have updated your device, reconnect the cellular device to your CradlePoint router and connect to the Internet

Permalink

0 Comments - Leave a Comment

SUMMARY:

This document is intended to guide CradlePoint Administrators and Value Added Resellers through the process required for configuring the AT&T static IP with Mobile to Mobile communication.

AT&T’s legacy static IP address service uses the “i2gold” Access Point Name (APN) for all customers.  AT&T’s new offering allows the user to have mobile to mobile communication capability as well as a publicly routable static IP address.

AT&T’s M2M service requires customer authentication with AT&T’s RADIUS authentication system.  AT&T assigns the customer a username and password, along with the APN WWAN.CCS.  This document describes the process of configuring this information in the CradlePoint firmware.

This article was written to correspond with CradlePoint 5.0.0 firmware for Series 3 devices.

TERMS:

  • Access Point Name (APN):  The name of the gateway used to access the WAN. This is specified by the carrier.
  • PPP Username & Password:  The CHAP username and password assigned by the carrier
  • Mobile to Mobile:  Wireless WAN (WWAN) with AT&T Commercial Connectivity Service (CCS) is a network-based option that extends the reach of the corporate network to mobile devices and workers with security enhanced back-end connectivity between the customer’s WAN and the AT&T Mobility network. WWAN is ideal for backup connectivity for bandwidths up to T1.5 and for primary connectivity where wired network connectivity is unavailable.

CONFIGURATION:

Configuring AT&T’s M2M SIM cards requires two settings: entering the username/password, and entering the correct APN.

  1. Click Internet > Connection Manager to access the “WAN Interfaces” page. User-added image
  2. From the “WAN Interfaces” section, select the modem and click Edit.        User-added image
  3. Click the SIM/APN/Auth Settings tab.                                                                  User-added image
  4. Set the “Authentication Protocol” drop-down to CHAP, then enter the “Username” and Password” that were assigned by the carrier.                                                                            User-added image
  5. Under “Access Point Configuration” click next to Manual. In the “APN” field enter wwan.ccs, then click the Submit button. User-added image

After making this change, the modem will connect to the AT&T network and allow the modem to be configured with the AT&T assigned static publicly routable IP address.

The IP address being received by the carrier may be confirmed by selecting under the “Internet” section of the Status Dashboard page.User-added image

Permalink

0 Comments - Leave a Comment

This article is intended to provide a basic overview regarding WAN inputs and connected Wi-Fi and LAN devices on a CradlePoint router.

The numbered descriptions below correspond to the numbered sections in the illustration.

Basic Overview

  1. The CradlePoint router.  This can be a Series 1,  Series 2 or a Series 3 router.
  2. Cellular modem (aircard) provided by your cellular carrier such as AT&T, Sprint, Verizon, etc. which provides access to the internet through the carriers cellular network.  This is known as a WAN (Wide Area Network) connection.
  3. Cable, DSL, or other modem or networking device that provides a connection to the internet via the ISP (Internet Service Provider) using Ethernet.  This is known as a WAN (Wide Area Network) connection.
  4. Wi-Fi as WAN (Series 3 routers only) connection to the internet through an existing Wi-Fi network.  This is known as a WAN (Wide Area Network) connection.
  5. LAN (Local Area Network) devices connected via Ethernet to the router.  These devices, such as a computer, connect to only a yellow or orange port on the back of the router.  Note, some routers such as the CTR350, CTR500, CTR35, and CBR400  provide a single configurable LAN/WAN port. The CBA250, CBA750 and CBR450 Ethernet port only allow a LAN connection.
  6. Wi-Fi connected devices; this is a wireless connection to the LAN of the router.

Permalink

0 Comments - Leave a Comment

If you are not sure what Series CradlePoint router you have, please click here.Symptom:

The computer is getting a successful ping response from an Internet public IP address such as 8.8.8.8 but the user is unable to access Internet web pages through a web browser.  A DNS poisoning  may also occur.

Causes:

This issue is typically caused by a problem with domain name server (DNS) resolution because the Internet service provider’s DNS servers are unavailable or a problem with the security software (usually a firewall) running on the computer which is attempting to access the Internet.

Resolution:

Computers use DNS servers to allow a user to remember a domain name, such as http://google.com, rather than needing to remember the actual IP address, such as http://173.194.33.32.  If a computer is unable to reach a DNS server any application, such as a web browser, using domain names will not work properly.  The simplest test of a computers ability to resolve domain names is with the ping command.  For more information about using the ping command, please see How to check if a Microsoft Windows PC is online or How to check if a Mac OSX computer is online.

Attempt to ping a domain name like google.com.  If properly connecting to the DNS server a result similar to this example will be displayed:

User-added image

These results show that the computer was able to connect to the DNS server which resolved the domain name google.com to the IP address of 173.194.33.36.

If the computer is unable to resolve the domain name a result similar to the result below will be displayed.

User-added image

The ability to successfully ping an Internet IP address like 8.8.8.8 but inability not able to resolve domain names like google.com can be resolved by manually assigning DNS servers within the CradlePoint’s router.  Click one of the following links for assistance manually assigning DNS server addresses, How to manually assign DNS servers on a Series 1 or 2 CradlePoint  or How to manually assign DNS servers on a Series 3 CradlePoint

The ability to successfully ping both IP addresses and domain names while still not being able to access the internet is typically caused by a computer’s security software, usually the firewall.  Rebooting the computer can resolve many of these issues.  This problem is also often solved by disabling or uninstalling the computer’s firewall software, then re-enabling or reinstalling the software once everything is working again.  It may be helpful to contact your computer manufacturer’s technical support for assistance resolving these kinds of software problems.

Permalink

0 Comments - Leave a Comment

QUICK LINKS:


SUMMARY: 

This document is intended to assist users in configuring a CradlePoint CBA750B in IP Passthrough Mode to act as a transparent bridge and provide the carrier’s IP address to an internal router, firewall (Cisco, Juniper, etc…) or computer.  The Cradlepoint CBA750B does have NAT capabilities, but is not designed to function as a NAT router.


REQUIREMENTS:

  • CradlePoint CBA750B
  • Modem with SIM card provisioned by a cellular network provider (Verizon, AT&T, Sprint, etc..) – we recommend the enterprise gradeCradlepoint MC200 modem cap.
  • Internal router, firewall or computer


FIRMWARE VERSION: 

The firmware version that was used for the preparation of this document was 5.1.1


GOLDEN CONFIGURATION: 

This configuration file has Advanced Failure Check set to use Passive DNS in the Common Defaults Advanced Configuration Rule.  This will apply the Advanced Failure Check using Passive DNS to all WAN interfaces to force failover in the event of network failure upstream of the router.  The Subnet Selection Mode for IP Passthrough is set to “Force 24 Subnet” to hand out a 24 bit subnet mask and a gateway of +1 of WAN IP address.

Download CBA750B Golden Configuration File

Series 3: Backing Up and Restoring CradlePoint Router Config Settings

INITIAL CONFIGURATION:

  1. Connect the modem to the USB1 port of the CBA750B, then apply power to the CBA750B using the included power supply or a Power-over-Ethernet switch (Cradlepoint implements the 802.1af PoE specification).  Connect a computer to the CBA750B’s Ethernet port.
  2. The CBA750B will attempt to connect using the modem. When the CBA750B’s USB1 LED turns solid green, this indicates the modem has connected. If the USB1 LED continues to flash and does not go solid, you should verify with your carrier that the SIM Card or Modem has been provisioned before calling CradlePoint Support for assistance.
    • If you have a static IP address and the modem is not connecting, try setting the APN.
  3. From the computer connected to the CBA750B, open a browser (we recommend Chrome or Firefox) and access the Administration Pages at http://192.168.0.1. Log in to the CBA750B using the default administrator password (the last 8 characters of the CBA750B’s MAC Address).
  4. The First Time Setup Wizard is optional – for the purpose of this document, we recommend skipping this step.
  5. If you have a static IP address, complete the following steps:  If not, skip to step #6.
    1. Navigate to Network Settings > Local Networks, select the Primary LAN and click Edit.    User-added image
    2. Select the IPv4 Settings tab and set the Subnet Selection Mode to “Force 24 Subnet” and click Submit. User-added image
  6. Check the modem’s signal strength by going to Status > Internet Connections. Make note of the Service DisplayRSSI, and SINR, CINR, or EC/IO which are dependent on connection type as to whether they are displayed. (Information regarding signal values can be located here).  If you have a static IP address, verify that the correct IP address is listed.                                                            User-added image
  7. Navigate to Internet > Connection Manager, select the modem and click the Edit button. User-added image
  8. Click on Advanced IPv4 Failure Check, select Passive DNS from the “Monitor while connected” drop-down box, click SubmitUser-added image
  9. Once the modem is connected with good signal, go to System Settings > System Control Advanced Ping Test and run the ping test to a URL (e.g. google.com) to verify connectivity.User-added image
  10. You can now disconnect your computer and connect your CBA750B to your router or firewall.


ADDITIONAL CONFIGURATION OPTIONS:

Subnet Selection Mode (from Initial Configuration step 6):
This option overrides the subnet mask that is assigned to the modem from the carrier.  In some cases, you may be assigned static IP addresses in the same network at multiple locations, or a subnet mask that would designate that the IP address is a non-usable network or broadcast address and cause the internal router to reject it.  In these cases, it is necessary to force a different subnet mask.
  • Force 24 Subnet” – this setting will alleviate the issue where you are assigned IP addresses in the same network at multiple locations, or an IP address and subnet mask combination that designates the IP address as a non-usable network or broadcast address and is rejected by an internal router.
  • Force 31 Subnet” – this setting is used when you have two CBA750Bs with IP addresses in the same network connected to the same internal router, which would cause overlapping routes.  This option also requires that the internal router supports the /31 subnet mask.
  • Custom Subnet” – this setting is used to specify a subnet mask of your choice.  One example would be to use a /30 mask if your internal router does not support the /31 mask.
DESIGN RECOMMENDATIONS:
  • PoE:  Power-over-Ethernet allows you to place the CBA750B in a location where you are able to get optimal signal and not have to worry about an available power outlet. It also eliminates the power cabling, providing for a cleaner installation. Cradlepoint implements the 802.1af PoE specification.
  • IP PassThrough Switch:  There is a physical switch located on the side of the CAB750B.  It was added as a convenience for switching the router from IP Passthrough mode to Config mode.  We recommend not using this switch unless absolutely necessary as it does make changes to the configuration that may not be desirable, such as setting the Subnet Selection Mode to “auto”.
TROUBLESHOOTING:If after following the instructions on the previous page, you are unable to maintain an internet connection, please review the following information.

The CBA750B uses a MAC binding feature when in IP Passthrough Mode to restrict the IP address being passed through to a single device. When switching between devices connected to the ethernet of the CBA750B, power cycle the CradlePoint to clear this MAC binding to ensure proper functionality to the newly connected device.

LTE spec defines the MTU at 1428.  As a best practice you will need to avoid excessive fragmentation for efficient application data traffic flow. It is recommended that you follow the MTU\MSS design guide to avoid fragmentation:  http://knowledgebase.cradlepoint.com/articles/Support/MTU-MSS-Design-Considerations

Additionally, IP Source Violations (where the source IP packet is not the IP issued by the cellular carrier)  will cause the carrier to briefly disconnect the modem. This disconnect in most cases is quick to recover and has been labeled “structured packet loss” . Since the CBA750B is a transparent bridge you are required to NAT all traffic to the IP address assigned by your carrier on your network hardware. The most common offender of IP source violation is ancillary traffic source directly from the router like NTP, SNMP, TACACS, and Syslog.

IP source violations were fixed in our 5.0.0 firmware by forcing the router to drop packets that are sourced from any IP other than the routers WAN IP (passthrough IP).  If you are experiencing modem reconnection loops, make sure you are running firmware 5.0.0 or later.

Permalink

0 Comments - Leave a Comment

This article is written for the MBR1400, MBR1200, MBR1200B, MBR1000, CBA750, MBR800, CBR400, CBR450, CTR500, and CBA250 routers.
Symptom:


The router will not eject my Express Card

Cause:

On some ExpressCard format cellular modems, the SIM slot position may cause the card to become stuck in the router.

Resolution:

REMOVAL

The method to remove the modem once it is stuck is to place piece of paper or business card over the modem, as shown in Figure 1. Then the modem can be easily removed.

Figure 1
mbr800_router_with_aircard_sm.png

PREVENTION

A method to prevent the modem from getting stuck is to place a strip of tape over the SIM card slot, as shown in Figure 2.

Figure 2
expresscard_stuck.png

Permalink

0 Comments - Leave a Comment

Most GSM-based networks require an APN to be entered in the router to establish the final handshake between the carrier’s cell tower and the modem/aircard. You can find a list of commonly known APN’s below. If you do not see your carrier in the list, or none of the given APNs work, contact your carrier directly to verify which APN to use.

Additional Resources:


NOTES: The first APN listed for each carrier is the most common.


Network APN Username Password
       
Alltel 10dig#@alltel.net alltel
 
AT&T broadband
  isp.cingular isp@cingulargprs.com cingular1
  ispda.cingular ispda@cingulargprs.com cingular1
  wap.cingular wap@cingulargprs.com cingular1
i2gold (Business Plan, call AT&T)
 
Bell internet.com wapuser1 wap
  inet.bell.ca
  pda.bell.ca
CelluarSouth 10dig#@modem.cs3g.com cs3g
 
Claro
  internet.ideasclaro.com.do
Argentina wap.ctimovil.com.ar ctigprs ctipgprs999
Brazil wap.clao.com.br claro claro
  bandalarga.claro.com.br claro claro
Chile wap.clarochile.cl clarochile clarochile
 
Cricket 10dig#@mycricket.com cricket
 
Comcel
Colombia wap.comcel.com.co COMCELWEB COMCELWEB
 
Fido internet.fido.ca fido fido
  wap.fido.ca fido fido
 
InterTelecom
Ukraine 3g.utel.ua IT@IT IT
 
ICE icecellular
Costa Rica kolbi3g
IUSACELL
Mexico MDN@iusacell3g.com BJMPW504
 
MoviStar
Mexico internet.movistar.mx movistar movistar
Chile web.tmovil.cl web web
 
nTelos 10digit#@datacard.ntelos.com ESN#
  10digit#@evdo.ntelos.com ESN#
 
Rogers lteinternet.apn (none needed) (none needed)
ltemobile.apn (none needed) (none needed)
internet.apn (none needed) (none needed)
  internet.com (none needed) (none needed)
  vpn.com (none needed) (none needed)
wapuser1 wap
staticip.apn (none needed) (none needed)
ltestaticip.apn (none needed) (none needed)
 
Sasktel proxy.stm.sk.ca
inet,stm.sk.ca
T-Mobile
 3G – No Static IP epc.t-mobile.com (none needed) (none needed)
 4G – No Static IP fast.t-mobile.com (none needed) (none needed)
 Static IP brb.t-mobile.com (none needed) (none needed)
 
Telcel
Mexico wap.itelcel.com iesgprs iesgprs2002
  internet.itelcel.com webgprs webgprs2002
 
Telus
HSPA isp.telus.com
sp.telus.com
  vpn.telus.net
  staticipwest.telus.com –Used for Static IP- See Telus
  staticipeast.telus.com –Used for Static IP- See Telus
  internet.com wapuser1 wap
 
USCellular 10dig#@mip.cs3g.com ESN#
 
Verizon vzwinternet (LTE Only, U.S. Only)
inetgsm.vzw3g.com (Outside USA) 10digit#@vzw3g.com vzw
  Vzmverizon (Outside USA)
Vivo – Brazil zap.vivo.com.br vivo vivo

Permalink

0 Comments - Leave a Comment

Symptom:

My computer does not establish a connection with the CradlePoint via an Ethernet cable.

Cause:

There are several cause related to this problem including but not limited to: cable is plugged in to the wrong port, the cable is bad, etc.

Resolution:

There are two steps in determining if your computer is connected to the router properly with an Ethernet cable.

1)  Make sure that the Ethernet cable is connected to your computer and to the Ethernet port on your CradlePoint router.

2)  Verify that the WLAN or Computer LED on the front of the router is active.

For Routers with Multiple Ethernet Ports (MBR800, MBR900, MBR1000, MBR1200, MBR90, MBR95, MBR1200B, MBR1400)  Connect the Ethernet cable from your computer to one of the Yellow or Orange Ethernet ports on the router.  Make sure it is not plugged into the Blue/WANport.  The Blue/WAN port is where you connect Cable/DSL/T1 Internet service.

TROUBLESHOOTING

If the WLAN or Computer LED on the router is not active, first try a new Ethernet cable.

If the LED still does not become active, try plugging your router into a different computer.

If your router has multiple Ethernet ports, you can plug two of them together.  (Ex: LAN1 and LAN3.)  Both lights will become active and start flashing.

If the LED is on and you are still not able to get your computer to connect through the router, check the DHCP settings on your computer.  How do I set DHCP Settings?

If you have followed all these troubleshooting steps above, check your Dial-up and Proxy settings.  How do I check my Dial-up and Proxy Settings?

If, after following these troubleshooting steps, you are still unable to connect your computer to the router via an Ethernet cable, contactCradlePoint Technical Support for further assistance.

Permalink

0 Comments - Leave a Comment

For customers with CradlePoint Enterprise Cloud Manager (ECM), there are three main ways to edit a device’s configuration:

  • the Groups panel in ECM
  • the Devices panel in ECM
  • locally, through the individual device administration pages

Configuration settings from all of these three sources are additive unless there is a conflict. The following table shows the configuration priority when there are conflicts:

Configuration Priority Levels

Highest ECM Device
ECM Group
Lowest Local

In general, the preferred method for configuring devices is through the Groups panel in ECM. If you have more specific settings for individual devices, use the Devices panel.

For example, you could make the administration password standard for an entire group and then create individual SSIDs for specific devices – both through ECM. If someone tried to log into the device administration pages to change either the administration password or SSID, those changes would be overridden by the ECM settings.

ECM Groups Page

In the Groups panel in ECM, use the Configuration menu in the top toolbar to Edit the group configuration, display a configuration Summary,Clear the group configuration, and Copy To (save the settings from this group and apply them to another group). To access this menu, you must first select a group.

ECM Groups screenshot

  • Edit – Opens a popup window with most of the same configuration options found in the administration pages of the individual devices. The configuration window includes dropdown menus for Network SettingsInternet, and System Settings. Refer to the product manual for more information about configuration options for each type of device.

ECM Group configuration pages

  • Summary – This is a diagnostic tool for experts. The output shows the Target Configuration: the complete set of configuration changes sent to the group through CradlePoint Enterprise Cloud Manager.
  • Clear – Clear the group configuration; device configuration rules remain.
  • Copy To – Saves the settings from this group and applies them to another group that you select. Only groups with the same product type are available for you to select.

 

ECM Devices Page

In the Devices panel in ECM, the Configuration menu in the top toolbar has the same options as in the Groups panel, with one addition: Resume Updates.

ECM Devices screenshot

  • Resume Updates – It is possible for a device’s configuration changes to be “suspended.” This means that a configuration change was sent to the device through Enterprise Cloud Manager that disabled the connection to ECM. Whenever this happens the device rolls back to the previous configuration settings and it can no longer receive configuration updates. Select Resume Updates to restart configuration updates for the device. NOTE: You should first determine why the suspension occurred and correct the configuration.

Permalink

0 Comments - Leave a Comment

Symptom:

Connect a computer or other device to a CradlePoint router that uses a static IP address.

Definitions:

  • Local area network device – any device connected as a client either wirelessly or wired into a LAN port on a CradlePoint router.
  • Static IP – anytime a network address is configured manually on a client (or any device connected to one of the LAN ports of a router). The alternative would be to use a DHCP server to assign an address.
  • Subnet – The range of numbers that represent a single inter-connected network.  Network devices that share the same subnet can “see” and communicate with each other.  Devices on a different subnet cannot communicate with each other without the aid of external routing.  The default subnet on CradlePoint routers is set to 192.168.0.1 to 192.168.0.254.  By default, the CradlePoint router uses the IP address of 192.168.0.1.
  • Default Gateway – If a request is made to communicate with a device that lies outside of the subnet, then the request automatically goes to the default gateway, which is usually the CradlePoint router (the default address of 192.168.0.1).  The default gateway can then route the request to the appropriate location as long as it knows the route.

Resolution:

If you need to configure a device to use a static IP address (like an IP Camera for example), the general rule is that the device must reside on the same subnet as the router. The subnet is determined by the settings on the router.  By default the subnet of the router is set to 192.168.0.1 through 192.168.0.254. As long as the device has an address within that range, it will be able to communicate with the router and any other device connected on the same subnet. For example:

  • You have an IP camera connected to the CradlePoint router that uses a static IP address.
  • You have a computer connected to the same router.
  • You want to view pictures from the IP camera on your computer.
  • You are using default settings.
  • You should set the IP address on the IP camera to an address within the range: 192.168.0.3- 192.168.0.99*
  • You should set the subnet mask of the device to 255.255.255.0
  • You should set the default gateway of the device to 192.168.0.1
  • If you need to configure a DNS server, set it to 192.168.0.1

*Note: CradlePoint routers may occupy both the 192.168.0.1 and 192.168.0.2 addresses by default.  The default DHCP scope on a router is 192.168.0.100 to 192.168.0.199.  You could also use the address range from 192.168.0.200 to 192.168.0.254 without any conflicts.

Permalink

0 Comments - Leave a Comment

QUICK LINKS:


SUMMARY:

This document provides a configuration example for enabling 802.11ac Wi-Fi connectivity on a Cradlepoint router.  802.11ac adds higher bandwidth and reliability and builds upon it’s predecessor 802.11n.  802.11ac is commonly referred to as Gigabit Wi-Fi.  In the 802.11n standard both the 2.4 and 5 GHz frequencies were used simultaneously to enhance throughput, where as 802.11ac utilizes only the 5Ghz frequency, but with multiple channels within the 5Ghz frequency to enhance throughput.

Cradlepoint 802.11ac capable routers support 3×3 MIMO with up to 3 spatial streams over 20, 40 and 80 MHz channels.  With a 3 spatial stream capable client adapter there is a theoretical throughput of up to 1.3Gb/s under optimal conditions.

Administrations setting up 802.11ac should have a basic knowledge of Cradlepoint configuration and a firm understanding of layer 2/3 network concepts and Wi-Fi technologies. 802.11ac provides backwards compatibility with older older 802.11 (n,g,b,a) standards.


SYSTEM REQUIREMENTS:

A Cradlepoint router supporting 802.11ac, at least one 802.11ac capable client device.  802.11ac is supported on following Cradlepoint Products:

  • AER 2100


FIRMWARE VERSION:

This content was created using firmware version 5.1.1


ASSUMPTIONS:

The Cradlepoint administrator has already setup a working LAN network.  Wireless Clients have adapters that support 802.11ac connectivity.


TECHNICAL TERMS:

  • LAN: local area network
  • WLAN: wireless local area network
  • 802.11ac:  a wireless networking standard in the 802.11 family a providing high-throughput wireless local area network (WLAN) on the 5 GHz band.
  • MIMO: Multi-input, multi-output: The use of multiple antennas at both the transmitter and receiver to increase bandwidth availability via multi spatial streams over 20, 40 and 80 MHz channels.
  • Band Steering: A method to direct 2.4 GHz capable devices to connect to the 5GHz frequency for increased performance and capacity
  • WPA/WPA2:  Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) are two security protocols developed by the Wi-Fi Alliance to secure wireless computer networks.
  • AES: The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data and is the replacement encryption protocol for TKIP
  • TKIP:  Temporal Key Integrity Protocol or TKIP was a stopgap security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed as an interim solution to replace WEP.


ENABLING & CONFIGURING 802.11ac CLIENTS:

  1. Log into the CradlePoint Web Administration Interface  http://192.168.0.1 (default)
  2. Under the Network Settings heading, select WiFi / Local Networks.User-added image
  3. Configure the 5GHz Radio Settings:
    • Click the WiFi Radio #2 Settings (5 GHz) tab
    • Click the Enable button
    • Check the box next to the top WiFi name (SSID) (or the one desired) and click the Edit button. User-added image
  4. Configure the WiFi Name (SSID)
    • Set the WiFi Name (can be set to your preference)
    • Set Security mode to WPA2 Personal (WPA2 Enterprise is also supported)
    • Set WPA Cipher to AES (Can be set to AES\TKIP for backwards compatibility, but not   recommended)
    • Set your desired password
    • Click Submit.                                                                                             User-added image
  5. Configure the Advanced WiFi Settings.
    • Click the drop down arrow next to Advanced WiFi Settings
    • Set the TX power at your required level for your desired coverage area
    • Set the wireless mode to 802.11 ac (this mode will only support 802.11ac clients)
    • Set Channel Width to 20/40/80 MHz Auto (This will support up to 3 spatial streams)
    • Other settings can be configured as needed, but the remaining defaults settings are used for this   example.
    • Click Submit.                                                                             User-added image
  6. Associate the Primary LAN (or desired LAN) with the 5GHz WiFi SSID interface (if not already   associated)
    • Check the box next to the Primary LAN, click edit
    • Click on the Interfaces tab
    • Click on the 5GHz WiFi interface that was created previously and click the + button
    • Click Submit.                                                                         User-added image
  7. Connect your 802.11ac client to the SSID created.
Note:  Only 802.11ac clients will be able to connect to this SSID, enabling backwards   compatibility is required to allow non-802.11ac client to connect.

Below is an example of a Windows 7 802.11ac client connected to a Cradlepoint AER2100 router.  The client adapter is a 2×2 MIMO 20/40/80MHz USB adapter.   Maximum theoretical bandwidth with this adapter type is 867Mb/s

User-added image



ENABLING BACKWARDS COMPATIBILITY FOR NON-802.11ac (n,g,b,a) CLIENTS:

  1. Configure Advanced Settings for 5Ghz WiFi  to support additional client types.
    • Click the WiFi Radio #2 Settings (5 GHz) tab
    • Click the drop down arrow next to Advanced WiFi Settings
    • Click the drop down arrow next to Wireless Mode
    • Select the client combination to be supported (recommendation is to select the minimum types necessary for the clients you need to support)
    • Click Submit.                                                                                          User-added image
  2. Configure 2.4 GHz support (this is optional, but is required to fully support n, g and b clients)Note: Enabling a 2.4GHz SSID with the same settings as the 5GHz SSID will automatically   enable beam steering)
    • Click the WiFi Radio #1 Settings (2.4 GHz) tab
    • Click the Enable button for the 2.4GHz wireless radio (unless already enabled)
    • Check the box next to the top WiFi Name (or the one desired) and click the Edit button
    • Set the WiFi Name (SSID) to the same name as the 5GHz WiFi Name (SSID)
    • Set the Security mode, WPA Cipher and WPA password to the same as the 5GHz WiFi Name (SSID)
    • Click Submit.                                                                           User-added image
  3. Configure Advanced Settings for 2.4GHz.
    • Click the WiFi Radio #1 Settings (2.4 GHz) tab
    • Click the drop down arrow next to Advanced WiFi Settings
    • Set the TX power at your required level for your desired coverage area
    • Click the drop down arrow next to Wireless Mode
    • Select the client combination to be supported (recommendation is to select the minimum types necessary for the clients you need to support)
    • Set Channel Width to 20/40 MHz Auto
    • Other settings can be configured as needed, but the remaining defaults settings are used for this   example.
    • Click Submit.                                                                                  User-added image
  4. Associate the Primary LAN (or desired LAN) with the 2.4 GHz WiFi SSID interface (if not already   associated)
    • Check the box next to the Primary LAN, click Edit
    • Click on the Interfaces tab
    • Click on the 2.4GHz WiFi interface that was created previously and click the + button
    • Click Submit.
  5. Connect your non-802.11ac client(s) to the SSID created.

Permalink

0 Comments - Leave a Comment

Note:  Your computer only allows one network connection at a time.  This means that you will have to disconnect (unplug) the cellular modem (aircard) from the computer and close the cellular connection manager tool provided by your cellular carrier or, disconnect from any LAN (wired Ethernet) or Wi-Fi (wireless) connections before you will be able to connect your computer to the router either by Ethernet cable or Wi-Fi.

Please consult the following video for a walk-through, or skip to step one.

 

1. Establishing a Wireless Internet Connection —————————————–

Windows XP 

  1. Click START
  2. Click on CONNECT TO
  3. Click WIRELESS NETWORK CONNECTION  You’ll see a list of available wireless networks
  4. Click the CradlePoint Network
  5. Click CONNECT
xp_network_connections_250x.jpg
NOTE:  If you see a connect screen other than what appears above, you will need to check with the vendor of your Wi-Fi connection software.
Windows Vista 

  1. Click START
  2. Click on CONNECT TO
  3. Click WIRELESS NETWORK CONNECTION  You’ll see a list of available wireless networks
  4. Click the CradlePoint Network
  5. Click CONNECT
vista_network_connections_250x.jpg
NOTE:  If you are asked for an “8-digit PIN”, click CANCEL and retry the above steps.  If prompted to set up your network, click CONNECT TO THE NETWORK WITHOUT SETTING IT UP. 
Windows 7 

  1. Click START
  2. Click CONTROL PANEL
  3. Click NETWORK AND INTERNET
  4. Click CONNECT TO A NETWORK (under network and sharing center)  You’ll see a list of available wireless networks
  5. Click the CradlePoint Network
  6. Click CONNECT
w7_network_connections_250x.jpg
NOTE:  If you are asked for an “8-digit PIN”, click CANCEL and retry the above steps.  If prompted to set up your network, click CONNECT TO THE NETWORK WITHOUT SETTING IT UP. 
Windows 8

  1. Move your mouse to the top left corner of the screen to expose the menu bar.
  2. Click on “Settings”
  3. Click on the wireless signal bars icon.
  4. Select the network you wish to connect to.
User-added image
NOTE:  If you are asked for an “8-digit PIN”, click CANCEL and retry the above steps.  If prompted to set up your network, click CONNECT TO THE NETWORK WITHOUT SETTING IT UP.
Mac OS X

  1. Open your wireless connection list by clicking the AIRPORT wireless icon on your menu bar
  2. Click on the CradlePoint Network
mac_network_connections_250x.jpg

 

2. Establishing a Wired Internet Connection —————————————–

For CradlePoint Products:  

CTR350, CTR500, CTR35, CBR400, CBR450, CBA750, CBA250  
Plug an Ethernet cable from your router to the Ethernet port on your computer.   Connection should be automatic.

 

For CradlePoint Products:  

MBR1400, MBR1200B, MBR1200, MBR1100, MBR1000, MBR900, MBR800, MBR90, MBR95

Plug an Ethernet cable into one of the Yellow or Orange LAN ports on the router.  Plug the other end into the Ethernet port on your computer.   Connection should be automatic.   The Blue WAN port is only for a Cable\DSL/Satellite modem only.

If your computer will not connect to the router, check that your computer has properly configured network settings

Permalink

0 Comments - Leave a Comment

Symptom:

This article explains a possible solution if you get any of the following errors on a computer; IP Address Conflict, Limited or No Connectivity or  Local Only.

Cause:

This issue may occur when your networking devices are not configured to use DHCP or are attempting to use an IP address that is no longer valid.

Resolution:

We recommend ensuring your computer is set to use a dynamic IP address instructions on how to set this and other settings that will work best with a CradlePoint router can be found here. 

Computer Settings that Work Best with CradlePoint Routers.

Permalink

0 Comments - Leave a Comment

The below diagram is intended to provide exact specifications of the Mounting Bracket for the COR IBR600/650 product family.  All measurements are metric (millimeters).
User-added image

 

Permalink

0 Comments - Leave a Comment

Description

This is an example of how to use CradlePoint’s “CP Secure Threat Management” feature to enable the Intrusion Detection Service (IDS) or Intrusion Prevention Service (IPS) functionality between a LAN and the router’s WAN source(s).

This document will explain how to enable CP Secure Threat Management to function as an IDS or IPS, configuring how the service behaves upon failure, application ID logging, updating threat signatures, and how to manually whitelist signatures.


Configuration

  • IMPORTANT: CP Secure Threat Management requires a feature license to use. Please contact your sales representative for pricing information.
  • Navigate to NETWORK SETTINGS > FIREWALL > THREAT MANAGEMENT
    • Note: The “THREAT MANAGEMENT” menu option will be visible, but the service will not function until after the license has been installed. ECM will hide the option until IPS has been enabled on the account.

Default Settings

enter image description here

  • The Threat Management feature’s “Configuration” section uses these default settings:
    • “Operation Mode” set to “Disabled”
    • “Engine Failure/Error Action” set to “Allow Traffic”
    • “Application ID Logging” set to “Disabled”
    • “Signature Update Schedule for Non-Modem WANs”set to “Daily” & “8:00am”
    • “Signature Update Schedule for Modem WANs” set to “Monthly”, “1”, & “8:00am”

enter image description here

  • The Threat Management feature’s “Whistelisted Signatures” section is empty by default.

enter image description here

Operation Mode Options

  • The “Operation Mode” can be changed from “Disabled” to “Detect and Prevent” (IPS functionality) or “Detect Only” (IDS functionality) enter image description here
  • “Detect and Prevent”: The highest form of protection. When attacks are detected, the packets will be dropped, preventing them from accessing your network.
  • “Detect Only”: Commonly referred to as IDS, or Intrusion Detection. Provides network administrators the ability to monitor the network traffic for potential attacks, but does not provide any protection.

After enabling the service, the “Signature Database Version” (shown in the “Status” section) will change from “No Rules Loaded” to show the current signature version loaded.

 For example: 

enter image description here

Engine Failure/Error Action Options

  • The “Engine Failure/Error Action” can be changed from “Allow Traffic” to “Deny Traffic”, depending on how you intend for the router to behave if the Threat Management engine fails for some reason. enter image description here
  • “Allow Traffic”: Allows network traffic to flow normally, as if the Intrusion Prevention system has been disabled.
  • “Deny Traffic”: Denies any network traffic to flow providing protection until the administrator can fix the issue that caused the engine failure.

Application ID Logging

  • If enabled, the Intrusion Prevention packet scanning engine can identify thousands of applications and log the detected applications to the System Log. enter image description here
  • IMPORTANT: Application ID logging can be very verbose and could cause a lot of log entries to be produced.

Signature Update Scheduling

  • These options allow you to set a schedule on when you want the router to check and see if there are updated signatures available and if there is download and install them.
  • To help minimize cellular modem data usage, it is possible to configure separate schedules for modem and non-modem WAN sources. enter image description here
  • You can set the schedule for Never, Daily, Weekly, or Monthy depending on your needs.
  • NOTE: “Non-Modem” WANs refer to Ethernet and WiFi-as-WAN connections.

Whitelisted Signatures

  • Whitelisting signatures allow an administrator to remove signatures that might be causing False Positive alerts when the traffic is actually valid.enter image description here
  • To add signatures to the Whitelist, click the “Add” button. In the “Whitelisted Signature ID” screen, enter the signature to be whitelisted and click “Submit”.                       enter image description here

ECM Threat Management

ECM will display the information similar to the local router, and you can configure it at group or device level.

 User-added image


You can also setup alerts in ECM for intrusion activity, and what potential security threat has been identified.  In the example below, you can see alerts for Denial of Service and Buffer Overflow threats, and how they were dealt with.

User-added image

Permalink

0 Comments - Leave a Comment

QUICKLINKS:

SUMMARY: 

This document is intended to assist users in configuring a CradlePoint AER 2100, ARC MBR1400, CBA750B, or COR 600 Series router for TACACS or RADIUS authentication. We will also review our local authentication features and touch on security best practices.

 

HARDWARE REQUIREMENTS:

  • CradlePoint AER2100, ARC MBR1400, CBA750B or COR600 series router.
  • A WAN or LAN source that can route to the TACACS or RADIUS server for authentication.

 

FIRMWARE VERSION:

The firmware version that was used for the preparation of this document was 5.1.0

User-added image

SECURITY BEST PRACTICES:

  1. It is recommended that you do not use commonly attacked usernames like admin or root.
    • The Admin account is on be default: To remove this account you will need to create a new username and password then log out of the router. Log back in with the new username and password. Then you will have the ability to delete the admin account.
  2. It is recommend that you use complex password that use a combination of upper and lower case letters, numbers and special characters. Use no less then seven characters in a password.
    • Examples of passwords that you should never use:
      • Password, 12345678, any combination of your name, single dictionary words like monkey, baseball, football etc.
  3. Never use plain dictionary words  as they can be exploited by  a brute force attack.
  4. Avoid writing down your complex password by using password phases.
    • Complex password example: 9Hy#b!3nUvL
      • This password is strong but is typically written down somewhere which should be avoided at all cost.
    • Passphrase example: HowCould13DucksKnow?
      • Using a combination of words create an easy to remember phrase that is very difficult to crack due to the complexity and length.
  5. Change your password every 3 months.
The above security practices comply with the Payment Card Industry (PCI) standards.


ADVANCED AUTHENTICATION OPTIONS:

  1. Log into the CradlePoint router and browse to System Settings > Administration: on the column on your right click the tab for Router Security.
  2. You will now have the option to click the Advanced Security Mode box which  will expand the three advanced security options available. The advantages to server authentication is that you can control access to numerous routers using one server-based control point. This provides accountability by logging user activity and allows users to be added, removed, or disabled with ease.

User-added image

Local User Authentication Mode:

Local User Authentication Mode: will allow you to added a unique username and require a password that is a minimum of seven characters. Once you click apply you will now be prompted for both a username and password at the login screen.

User-added image

TACACS+ or Teminal Access Controller Access-Control System Plus:

  1. Using the Authentication Mode: pulldown box  select TACACS+
  2. Select the timeout in seconds that the CradlePoint will wait before ending the authentication session to the TACACS+ server.
  3. Select the Authentication Service:
    • ASCII/Login (Plain text)
    • PAP – Password Authentication Protocol
    • CHAP – Challenge Handshake Authentication Protocol – CHAP provides the best security
  • Server 1:
  1. Can be either IP or Fully Qualified Domain Name FQDN.
    • If you are using a FQDN ensure that you can resolve the DNS name from the CradlePoint by using the Ping tool under System Settings > System Control > Advanced Control > Ping Test. Additionally you should run the same test when configuring an IP address.
  2. TCP port 49 is the common default TACACS+. This can be changed.
  3. Enter the Shared Secret password configured on the TACACS+ server.
  4. Repeat the process for a second server. This is optional but recommended.

NOTE:  The CradlePoint router requires that when a TACACS+ server is challenged for authentication that it returns privileged level “15” or “root”.  All other privileges will fail to allow authentication to the CradlePoint router.

User-added image

RADIUS or Remote Authentication Dial In User Service:

  1. Using the Authentication Mode: pull down box  select RADIUS
  2. Select the timeout in seconds that the CradlePoint will wait before ending the authentication session to the RADIUS server.
  • Server 1:
    1. Server Address can be either IP or Fully Qualified Domain Name FQDN.
      • If you are using a FQDN ensure that you can resolve the DNS name from the CradlePoint by using the Ping tool under System Settings > System Control > Advanced Control > Ping Test. Additionally you should run the same test when configuring an IP address.
    2. UDP port 1812 is the common default used by RADIUS . This can be changed.
    3. Enter the Shared Secret password configured on the RADIUS server.
    4. Repeat the process for a second server. This is optional but recommended.

NOTE:  The CradlePoint router requires the RADIUS server to provide users managing the CradlePoint router full administrative rights.  All other privileges will fail to allow authentications to the CradlePoint router.

User-added image

 

Permalink

0 Comments - Leave a Comment

This Statement Applies to the following products: 

COR IBR600P(-INTL), IBR650P(-INTL), IBR600LP2-EU(-PWD), IBR650LP2-EU
ARC MBR1400LP2-EU, CBA750B-LP2-EU (each includes a certified MC200LP2-EU modem)
ARC MBR1400LP, CBA750B-LP (each includes a certified MC200LP modem)
Canada products include US/Canada power adapter.  Europe products include US, UK, EU power adapter.

 

Geography Products
Canada COR IBR600P, COR IBR650P, COR IBR600LP
ARC MBR1400LP, ARC CBA750B-LP
[Special Order: COR IBR650LP, COR IBR600LP-PWD2]
Europe COR IBR600P-INTL, COR IBR650P-INTL, COR IBR600LP2-EU
ARC MBR1400LP2-EU, ARC CBA750B-LP2-EU
[Special Order: COR IBR650LP2-EU, COR IBR600LP2-EU-PWD]



Certifications:

There are four main types of certifications to consider:
  1. Regulatory/Legal (required): Regulatory certifications include FCC, IC and CE which means it is legal to sell the device into the USA, Canada and the European Economic Area respectively.  Some countries may not have their own regulatory bodies and will accept CE mark but CradlePoint does not provide a comprehensive list of these countries.
  2. Cellular Industry Certification (sometimes required):  Cellular certifications include PTCRB and GCF-CC.  These certifications mean the devices properly connects to UMTS/HSPA+ & EDGE/GPRS/GSM networks.  USA and Canada uses PTCRB, EU uses GCF-CC.
  3. Carrier (usually not required):  Carrier (or operators) certifications are commonly required in the USA and requested in Canada but are rarely required in other countries/regions.  If required, additional operator-specific certifications may be pursued on a business priority basis.  Legally, the devices may be activated on carriers without any additional certification.
  4. Industry standards (not required):  Cradlepoint devices have received WiFi Alliance certification (if applicable) and are RoHS and RoHS-2 compliant.

 
COR IBR600P in-country testing: 

The following are countries/carrier combinations where the “P” version has been tested and is known to connect correctly:

  • United Kingdom: Orange, 3, T-Mobile
  • Canada: Rogers, Bell, TELUS

 
Note:  The IBR600P / IBR600P-AT and IBR600LP / IBR600LP-AT products are considered identical for the purpose of regulatory and cellular industry certifications, however, the –AT versions have AT&T specific settings required by AT&T that can result in undesirable behavior on other networks.  CradlePoint is unable to support the –AT versions of our products on carriers other than AT&T.  It is strongly recommended the generic models be used on any non-AT&T network.
 

Country Certifications:

Legally, we know the following certifications cover the following countries.  Some additional countries may accept one or more of these certifications as well but may not officially be part of their governing body:

  • FCC:  50 States, Guam, Puerto Rico, Virgin Islands
  • IC: Canada, provinces
  • CE: (European Economic Area) Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, England (UK), Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey

 
Certification definitions:

  • FCC:  Federal Communications Commission
  • IC:  Industry Canada
  • CE Marking:  European Community Marking
  • PTCRB:  Certification forum by North American cellular operators
  • GCF-CC:  Global Certification Forum Conformance Certification Criteria
  • WiFi Alliance:  Trade association
  • RoHS:  Restriction of Hazardous Substances Directive

Certifications by Product:

Product Legal Cellular
Industry
Carrier Recommend
Geographies
COR IBR6x0P FCC, IC, CE PTCRB,
GCF-CC
Not Needed.
Pending: TELUS
Canada
COR IBR600LP FCC, IC, CE PTCRB Not Needed.
Pending: Rogers, TELUS
Canada
ARC MBR1400LP
(MC200LP modem)
IC PTCRB Not Needed.
Pending: TELUS, Rogers
Canada
ARC CBA750B-LP
(MC200LP modem)
IC PTCRB Not Needed.
Pending: TELUS, Rogers
Canada
COR IBR6x0P-INTL FCC, IC, CE PTCRB,
GCF-CC
Not Needed Europe
COR IBR6x0LP2-EU CE GCF-CC Not Needed Europe
ARC MBR1400LP2-EU
(MC200LP2-EU modem)
CE GCF-CC Not Needed Europe
ARC CBA750B-LP2-EU
(MC200LP2-EU modem
CE GCF-CC Not Needed Europe

Permalink

0 Comments - Leave a Comment

Installation summary: This document is intended to assist field engineers for configuring a CradlePoint CBA750 in IP pass-through mode to provide the carrier’s IP address to another router or computer.

1.  If possible, make sure prior to installation that your modem or SIM card has been provisioned with your carrier and that the correct APN has been assigned for your region. 

A. If your carrier has provided you with a static IP address, make sure to copy down the IP address and region APN.
B. If you are using a dynamic Ip address, you will use the default such as “vzwinternet (VZW), broadband (AT&T), Sprintpcs.com (Sprint Realm) and Clearwire-wmx.net (Clear Realm).
C. Place the modem in its final resting place before proceeding.
D. Test your modem to confirm it has been provisioned by plugging it directly into your laptop. Using “IPCONFIG/ALL” confirm your IP address? Can you pass traffic across the cellular WAN?
     2.  Ensure that the CBA750’s IP pass-through switch is set to O (NAT/configuration mode) instead of | (IP pass-through mode).


     3.  If External Modem, plug the cellular modem into the CBA750’s USB1 port, connect the AC power adapter and attach an Ethernet cable to a laptop or desktop computer.

4.  If a Modem CAP solution is being used, follow the instructions that are included.

5.  The CBA750 will attempt to connect using a modem.  This process may take up to fifteen minutes.  When the CBA750’s USB1 LED turns solid green, this indicates that the modem has connected.

  • If the USB1 LED remains flashing after fifteen minutes, you should verify with your carrier whether the SIM card (or modem) has been provisioned before calling CradlePoint technical support for assistance.

     6.  From the computer attached to the CradlePoint, use a web browser (we recommend Google Chrome or Mozilla Firefox) to navigate to the CradlePoint’s administration UI at http://192.168.0.1.
7.  Log in using the administrator password (by default the last six characters of the MAC address from the label on the bottom of the router).
8.  Check the modem’s signal strength by going to MODEM and then INFO

  • Make note of the “Service Display,” “Signal Strength (dBm),” “SINR,” “CINR” and “EC/IO” (not all of these will be available for all modems).  The “Service Display” indicates which 3G or 4G technology you are connected at.  For example, an LTE 4G modem should show “Service Display:  LTE” when connecting in a 4G area.

     9.  Acceptable values for these options are as follows:

Signal Strength (dBm):          -85dBm or better           (-40dBm is better than -90dBm)

SINR:                                       7 or greater

CINR:                                       9 or greater

EC/IO:                                    -10 or better                  (-1 is better than -10)


*NOTE: Signal strength and signal noise should always be looked at collectivity. A good signal with bad noise could yield poor connectivity.

10.  If any of your signal values do not meet the above requirements, you will need to physically move the modem to a location that receives a better cellular signal, add external antennas, or replace the USB modem with a CradlePoint modem cap that can receive a better signal.  If your signal values are acceptable, proceed to step 11. Remember the CBA750 has a power over Ethernet port that can be used with any

11.  Verify the Internet connection is working by going to TOOLS and SYSTEM CHECK, and then using the PING TEST box to verify that you are getting ping responses from google.com and 8.8.8.8 (Google’s public DNS server).  If you are connected to the Internet, proceed to step 15.  Otherwise, follow steps 10, 11, & 12 for assistance getting the modem connected.

12.  If using a 4G LTE modem in a 3G-only area, follow these directions to force the modem to connect at 3G or less.

13.  If using a 4G WiMAX modem in a 3G-only area, follow these directions to force the modem to connect at 3G or less.

14.  If your carrier requires you to input an Access Point Name (APN), follow these directions.

15.  Verify the CBA750’s WAN IP address from STATUS -> WAN locate the IP Address.  This is the IP address that will be passed-through to the connected device.

  • If this IP does not match the static IP assigned by your carrier, contact them for assistance before proceeding.

    16.  If you are using a static IP address, follow the below directions to configure the CBA750.  This setting is not needed for dynamic IP addresses.

  1. In the CBA750’s web UI, go to BASIC -> IP PASSTHRU
  2. For the IP Passthru Subnet Mode, place a dot next to “Custom subnet mask and gateway
  3. For the “Subnet Mask,” enter “255.255.255.0″
  4. For the “Gateway Address,” enter X.X.X.1 where X.X.X are the first three octets of your static IP address.
  5. Click Save Settings and then Reboot Now when prompted.
  6. Flip the CBA750’s IP pass-through switch from the circle “O” to the line “|.”  The CradlePoint will reset itself.  Your computer should obtain a new IP address from the CradlePoint.  Verify that your computer is now receiving the same static IP address that the CBA750 showed earlier on the STATUS -> WAN page.  Verify that you still have Internet connectivity.

    17.  The CradlePoint CBA750 has now been configured for IP pass-through mode and will pass through the cellular carrier’s IP address to the device connected to its Ethernet port.

  • After making these changes, the CBA750 will act as a transparent bridge to allow the device connected behind it (such as a Cisco or Juniper router) to obtain the carrier’s IP address via DHCP, or by manually specifying the carrier’s IP address with a 255.255.255.0 subnet mask and an X.X.X.1 default gateway IP address (where X.X.X are the first three octets of your static IP).  Remember that the CBA750 must be rebooted any time that you change the device connected to its Ethernet port.  Also be aware that many LTE carriers use low MTU frame sizes (commonly 1428 MTU) and will immediately drop the LTE connection if enough fragmented packets are sent within a short period. It is recommended that an MTU of 1350 be used on the customer’s device (Cisco, Adran, Juniper, Fortigate) and an MTU size of 1400 be set on the Cradlepoint.  


Wipipe Managed Services

  1. If the device is managed by Wipipe, check with your system manager to confirm the credentials for the customer account and verify that the device reports into Wipipe. It will need to be implemented into the proper group or into the “unassigned” group.
  2. If this is a large rollout, request the MAC addresses from Operations and import into Wipipe per the customer’s instructions.

Permalink

0 Comments - Leave a Comment

Frequently Asked Questions

How do I access CradlePoint Enterprise Cloud Manager?

You can access CradlePoint Enterprise Cloud Manager (ECM) by going to cradlepointecm.com.

 

What is CradlePoint Enterprise Cloud Manager?

Enterprise Cloud Manager is CradlePoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with Enterprise Cloud Manager, CradlePoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.

 

What level of redundancy and reliability features do the Enterprise Cloud Manager Servers have?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:

Datacenter Redundancy and Reliability:

  • 24x7x365 onsite staff
  • Dual power circuits tied to N+1 redundant datacenter UPS systems
  • Onsite diesel backup power generators
  • Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
  • Fiber carriers enter datacenters at disparate points to guard against service failure
  • N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering

Server and Software Redundancy:

  • Redundant load balanced application servers
  • Master database in isolated private network with one-hour replacement
  • Full nightly backups
  • Rackspace SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.

 

What are the security measures for the Enterprise Cloud Manager Servers?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:

Datacenter Security:

  • CradlePoint servers are located in a secured area within a Tier IV datacenter.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
  • 24x7x365 onsite staff
  • Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.

Hardware and Software Security:

  • CISCO ASA Firewall
  • Only authorized Rackspace operations personnel are allowed physical access to production ECM servers.
  • Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.
  • Event and Log Management:
    • All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
    • Automated logs track and log changes, including backups of this data.

 

Does CradlePoint perform vulnerability assessment of the ECM servers?

CradlePoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the ECM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.

 

How does a router register and communicate with ECM?

An embedded ECM management agent exists on the device to communicate with ECM. A device-initiated protocol, designed for the variable characteristics of 3G/4G network connections, is used for support of devices with dynamic IP addresses located behind a firewall.

There are two ways a router registers with ECM:

  1. Local at the CradlePoint Router: At the time of the initial registration using the routers local management UI, a user provides ECM username and password, and the device securely attaches to ECM and shows up in the ECM Devices list.
  2. CradlePoint Operations Registration for Customer: Using a list of router serial numbers or MAC addresses, an authorized CradlePoint ECM admin creates a registration in a user’s account. The device checks in to see if it is managed by ECM. If it is, the device provides status and remains connected to ECM. If it is not, it checks in on a regular basis in case it is added later.

The device connection and communication uses secure, signed key technologies: SSL over TCP.

 

How many devices can your system support and how many do you have on the system now?

CradlePoint manages more than 80,000 devices on WiPipe Central today. ECM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.

 

As a System Integrator, can I have multiple primary accounts that I can use to manage my customers’ devices, and can I see all of my customers’ devices?

Yes, with ECM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).

 

Do you have an API (application program interface) for ECM?

Yes, an open RESTful XML/JSON API is available for ECM (see our API documentation). The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. The ECM API is much more powerful and extensible than the previous WiPipe Central API, so any development done using the WiPipe Central system API will have to be modified to work with the new ECM API.

 

When an ECM account password is lost, how is it reset?

The user navigates to the “Request new password” page (link on the ECM central login page) where an email address is entered. If the email address entered matches an email address associated with an ECM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.

CradlePoint support personnel do not have access to ECM user passwords and thus cannot provide any passwords over the phone.

 

How strong are ECM passwords and how long do they last?

The following password options are available:

  • Password minimum length (default = 8)
  • Require one or more CAPITALIZED letters in the password (default = yes)
  • Require one or more symbols or numbers in the password (default = yes)

The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.

 

How are passwords stored within the ECM Servers?

All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses the PBKDF2 algorithm with a SHA-256 hash.

 

Is User Data stored within the CradlePoint devices?

No user data is stored on the CradlePoint devices.

 

Do new users receive a unique password?

When a new account is set up, the Account Administrator will receive an email from CradlePoint with a unique link to take them to a page to select a new password for their account.

When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.

 

How do you integrate with Network Management Systems?

Enterprise Cloud Manager can be integrated with any Network Management System via the Enterprise Cloud Manager API. The ECM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.

 

How many levels of user account privileges does ECM support?

ECM supports three levels of user access privileges for a customer.

  • Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
  • Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
  • Read-Only User – has read-only access for their account and any sub-account(s) below their account.

 

How much data does being connected to Enterprise Cloud Manager consume?

Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in “typical” scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore CradlePoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.

 

How do you support Private Networks (cellular or wired)?

ECM can support a customer’s Private Network (3G/4G or wired networks). For device management, ECM uses a full-duplex, asynchronous SSL protocol to manage the CradlePoint routers over a single TCP connection (port 8001).

Support for Private Networks can be achieve by either of the following:

  • Customers create a firewall rule to allow ECM management SSL traffic routed over the Internet to the CradlePoint cloud datacenter (single TCP connection – port 8001).
  • Extend the customer’s private network over VPN or private circuit to the CradlePoint cloud datacenter firewall.
ECM Private Network Support

 

Why is ECM saying that my device is offline when it’s passing data?

If ECM reports that a device is offline, either 1) the device doesn’t have an active WAN connection, or 2) it has lost connection to ECM. 

If the device has an active WAN connection but ECM is reporting that it is offline, then it has (temporarily?) lost its connection to ECM. This could happen for one of the following reasons:

  1. A user has suspended the connection via the router administration pages.
  2. The router has not yet checked in after an ECM maintenance window. This will be for a maximum of 45 minutes: it is dependent on the state of the router’s Session Retry Timer when the ECM maintenance window ended.

 

Why does ECM require devices to sync with a time server?

ECM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century – but the routers boot up at Unix epoch 0 (January 1, 1970). The TLS client thinks the certificate is invalid without a time sync.

Permalink

0 Comments - Leave a Comment

Summary

Upgrading the modem firmware regularly is important to keep a secure and reliable internet connection. This can be done manually or through ECM, this document focuses on upgrading through ECM.

Please note that this only upgrades the modem firmware, to upgrade the router firmware click here. To connect with this modem you must also have an activated SIM from the carrier in the device. During the upgrade process the modem will restart: the router may go offline for a few minutes if this modem is it’s primary WAN connection.

Although a single Cradlepoint modem may have two SIM card slots (e.g., IBR1100 integrated modem), it is one modem module and can only have one modem firmware version, and therefore only one carrier at a time. The exception is that the AER 2100 could have two distinct integrated MC400 modems, each with two SIM slots. So while each modem by itself can only have one firmware version, the AER 2100 can support two integrated modems – on distinct carriers- simultaneously.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Log in to Enterprise Cloud Manager.
  • Step 2: Select the Devices tab and then Network Interfaces from the drop down menu at the top.

User-added image

  • Step 3: Next we need to locate the modem we want to upgrade. The easiest way to do this is by sorting the Router Name or Router ID column, or to search by a specific router name using the search tool.
  • Step 4: In the example shown below, the grid is filtered using the search tool (searched by a specific router name, IBR1100LPE) and the filter tool (selected Modems) in the top toolbar so that only the two relevant interfaces display.

User-added image

  • Step 5: To check if the modem firmware is current, first select the desired interface. *Note that integrated modems with two SIM slots show two interfaces in the grid. Both will always have the same modem firmware, so selecting either one will have the same results.
  • Step 6: Once you have selected an interface, click Commands in the top toolbar and Upgrade Modem Firmware in the drop down menu. *Note that you can also check if your modem has the latest firmware by selecting Check for New Modem Firmware

User-added image

  • Step 7: Please review the agreement notes before proceeding. The modem will restart after this point.

User-added image

  • Step 8: Once you click the OK button, the firmware upgrade will begin.
  • Step 9: The modem firmware upgrade takes a few minutes. The Modem FW Status column shows the state of the update, e.g., “Downloading (38%),” and the Modem FW column shows the update that is in process.

User-added image

  • Step 11: Once complete, the Modem FW Status column says, “Upgrade Successful” and the Modem FW column is updated with the new firmware version:

User-added image

  • Step 12: If the update fails for some reason, reboot the router before trying again.

Troubleshooting

  • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and therefore there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
  • If the modem is unable to complete the upgrade and no internet connection remains, local access to update the modem will be necessary. Click here to upgrade the modem firmware manually.

Permalink

0 Comments - Leave a Comment

Summary

This article describes the process of enabling modem Data Usage tracking through Enterprise Cloud Manager (ECM).

Data usage information is initially tracked within the routers, and then sent to ECM at specified intervals. ECM has multiple options for displaying the received modem data usage statistics:

  • Dashboard provides a quick, visual overview of your devices’ data usage
  • Reports will generate a CSV file containing the data usage information
  • Alerts can be configured to send an email whenever modems reach user-defined data thresholds

Note: There is a potential for some loss of data between the router and ECM if, for example, the router reboots before sending a usage sample. The data usage numbers in ECM are strictly estimates and are dependent on information provided by the modem through the router: these may not match the carrier numbers. The carrier is the final authority for billing purposes.


Configuration

Adjust Reporting Interval or Disable Usage Reporting

Configuration Difficulty: Intermediate

Data Usage Reporting is enabled by default, with an interval of 1 hour. This interval can be as increased to full 24 hours, or decreased to mere 5 minutes. A shorter reporting interval will provide a more accurate depiction of data usage at a given moment. Please keep in mind that the process of sending each report to ECM also uses up data, so setting a short reporting interval will result in greater overall data usage.

Note: The user-defined interval is a minimum: there are some event triggers that could cause additional data usage reports to be sent to ECM, such as heavy data usage.

To change the reporting interval, follow the directions listed below:

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Click on the Groups tab.

User-added image

  • Step 4: Select the group for which you wish to adjust data usage reporting setting, and click Settings.
    • Note: For this change to apply to multiple groups, each group has to be edited individually.

User-added image

  • Step 5: Move the slider next to Enable Data Usage Reporting to adjust the reporting interval.
  • Click OK to save the changes.

User-added image

Note: From the same interface, it is possible to completely disable data usage monitoring. To do so, simply remove the check-mark from the box next to Enable Data Usage Reporting.

User-added image

View Data Usage through the Dashboard

Configuration Difficulty: Beginner

With ECM it is possible review modem data usage at a glance, both on the group level and for each individual router.

  • To view aggregated data usage information, pulled from all interfaces of routers registered under your account, log into your ECM account, and click on the Dashboard tab in the menu on the left.
  • To view router-specific information, click on the Devices tab on the left, and then click on the name of the router to open its individual Dashboard.

Generate CSV Report

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
    • Note: There will be no historical data available for any devices that were not in groups or were in groups that had data usage reporting disabled.
  • Step 3: Click on the Reports tab.
  • Step 4: Click the arrow icon in the Report Type field and select Data Usage.

User-added image

  • Step 5: Specify a report date range by manually selecting start and end dates and times, or by clicking one of the quick option buttons.

User-added image

  • Step 6: Specify a data source by clicking within either the Accounts or Groups fields and then click OK.
    • Note: Selecting the accounts without specifying groups will pull data from all routers within all groups under the selected accounts.

User-added image

User-added image

  • Step 7: Select any additional fields to be displayed in your report from the list within the Router, Network Interface, or Modem Information sections.
  • Step 8: Click Run Report to generate a CSV file with the specified information.

User-added image

  • Step 9: Click OK to close the report notification.
  • Step 10: Within a few seconds your browser will ask what to do with the generated file. Pick the option to either open the file or to save it, and then click OK.
    • Note: If you do not get this option, please check your browser security settings.

User-added image
Optional:

  • Step 11: Click Create Saved Report to tell ECM to remember the selected time interval, data source, and any additional information fields selected.
    • For a saved report, it is recommended to use a time interval, like 1 Week, instead of hard start and end dates.
  • Step 12: To run a saved report at a later time, select it in the Saved Reports drop-down menu at the top of the Reports page, and click the Run Report button.

Configure Usage Alerts

Configuration Difficulty: Intermediate

Data Usage Alerts ignore the defined data usage report interval and get sent out immediately. CradlePoint recommends setting up data threshold Alerts for the most accurate, consistent information: receive an email whenever you reach one of your thresholds. For example, configure ECM to email you when your modem reaches 85% and 100% of your monthly data plan.

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Navigate to the Groups tab and select the group that will have the ability to generate data usage alerts. ClickConfiguration and choose Edit in the drop-down menu.

User-added image

  • Step 4: In the Edit Configuration window, click Internet and choose Data Usage in the drop-down.

User-added image

  • Step 5: Make sure Enable Data Usage is checked, and then click Add within the Template configuration section.

User-added image

  • Step 6: Define the data usage rule. Click here for an in-depth explanation of available options.
    • We recommend setting the thresholds lower than the billing allowances and regularly comparing the numbers ECM reports with those from the carrier.
  • Step 7: Click Submit to save the rule.

User-added image

  • Step 8: Click Commit Changes to send the the setting to the router, then click OK to close the warning message.
User-added image
  • Step 9: Click the Alerts tab in the menu on the left, then click the drop-down arrow next to Log and choose Settings.
User-added image
  • Step 10: Click Add to create a new alert.
User-added image
  • Step 11: Define the alert parameters and Save the rule.
    • Specify the groups and/or accounts that will generate the data usage alerts.
    • Choose Data Cap Threshold and any additional events that should generate an alert.
    • Optional: Select users that will receive alerts by email. If a user is not selected, alert events will be displayed on the Alerts>Log page, but no email will be sent out.
    • Optional: Set interval. By default, every alert event will immediately be processed, but this functionality can be adjusted to send a batch of alert events in an hourly or daily digest.

User-added image


Troubleshooting

There are No Data Usage Statistics Displayed

If you are running a report, or viewing data usage on the Dashboard, and there is nothing displayed, please check the following:

  • Data Usage Reporting might be disabled for the group
  • The modem might not be reporting any usage
    • The WAN connection could be completely unused for the selected time period
    • The modem is disconnected and is not sending data usage statistics to ECM

Permalink

0 Comments - Leave a Comment

August 18, 2014

Features

  • Added router support for firmware 5.2.2
  • Replaced the WAN Status Change alert type with 12 more specific alert types, simplifying assessment and potentially reducing the volume of alerts (set up alerts to only send the most important alert types related to WAN status changes, instead of all 12 types)
  • Added an alert that reports successful logins to a router locally (for security)

Bug Fixes

  • Removed the unhelpful “Trace” option from verbose modem logging

July 31, 2014

Features/Bug Fixes

  • Updated the session expiration timer so that changes don’t require the user to log out
  • Added a new banner image for CP Secure Threat Management
  • Disabled verbose modem logging on groups
  • Made several miscellaneous UI bug fixes

June 30, 2014

Features

Bug Fixes

  • Limited the Description field in Devices to 255 characters

Known Issues

  • Group migrations to firmware 5.2.0 won’t attach additional LANs to a zone in the zone firewall
  • Upgrading to 5.2.0 and then downgrading back will erase old IP Filter rules
  • There can be a suspended configuration when moving a router out of a group that contains a mixed array of Content Filtering rules

June 9, 2014

Features

  • Added a router “Serial Number” field in Devices and Reports
  • Added an “IMSI” (International Mobile Subscriber Identity) field in Devices and Reports
  • Emailed Alerts will now be sent in an improved HTML format (formerly plain text)
  • Released Beta version for Series 2 support

Bug Fixes

  • Fixed a naming inconsistency for modem serial numbers

Known Issues

  • Changes made to the Timestamp column in Alerts do not persist after navigating away from the page.

May 12, 2014

Features

  • Added router support for firmware 5.1.2
  • Added “Asset Identifier” field in Devices list and Reports
  • Added the ability to remove unused network interfaces (Devices → Network Interfaces)

Bug Fixes

  • Applied several UI/usability fixes in Reports and Alerts and for search functionality
  • The most common fields are now selected by default in Reports
  • Enabled search by modem carrier name

April 21, 2014

Features

  • Simplified Reports: now select between a “Data Usage” or “Signal Quality” report that automatically selects relevant fields
  • Devices → Network Interfaces now defaults to show all devices
  • You can now Resume Updates for multiple devices at the same time
  • Updated Device name behavior in the grid to be consistent with individual device configuration
  • Usage data in the dashboards are summarized nightly, according to UTC (Coordinated Universal Time)
  • Notification intervals for Alerts have been simplified to the following: Immediate, 1 hour, and 1 day

Bug Fixes

  • Improved performance for dashboard loads
  • Fixed an issue with bulk-loaded devices not being able to be moved into groups
  • Enabled searches on the firmware version in Groups
  • Sometimes the Devices page was showing only the devices from a particular Group after navigating from that Group Dashboard

April 17, 2014 – Infrastructure Improvements

To ensure continued performance and scalability of the Enterprise Cloud Manager solution, we are enhancing our infrastructure during a scheduled maintenance on Thursday, April 17 from 7:00 p.m. to 1:00 a.m. EDT. The changes made at this time will not affect current functionality.


April 14, 2014 – OpenSSL “Heartbleed” Response

In response to the critical security vulnerability discovered in the OpenSSL cryptography software library (CVE-2014-0160), nicknamed “Heartbleed,” CradlePoint has taken steps to incorporate the OpenSSL version 1.0.1g into its latest firmware and Enterprise Cloud Manager:

  • Updated ECM certificate
  • Support for firmware 5.1.1 (AER 2100, MBR1400, MBR1400v2, MBR1200B, CBA750B, IBR600, and IBR650)
  • Support for firmware 4.3.3 (CBR400 and CBR450)
For more information about CradlePoint’s response to the OpenSSL Heartbleed, see this Knowledge Base article.

 


April 9, 2014 – OpenSSL “Heartbleed” Response

In response to the critical security vulnerability discovered in the OpenSSL cryptography software library (CVE-2014-0160), nicknamed “Heartbleed,” CradlePoint has taken steps to incorporate the OpenSSL version 1.0.1g into its latest firmware and Enterprise Cloud Manager:

  • Patched CradlePoint Enterprise Cloud Manager stream servers
  • Enterprise Cloud Manager web servers were not affected; usernames and passwords are not at risk
For more information about CradlePoint’s response to the OpenSSL Heartbleed, see this Knowledge Base article.

March 3, 2014

Features

  • Added router support for firmware 5.1 – includes certificate management support (certificate import and export; not certificate generation or signing)

Bug Fixes

  • Dashboard charts were intermittently not drawing
  • Signal Strength chart was not resizing
  • Alerts did not populate for devices after they were moved to a new sub account until the device was rebooted
  • In Devices → Network Interfaces, the Modem FW Status column was sorting backwards
  • Clicking the CradlePoint logo from the password reset page was not returning users to cradlepointecm.com
  • Refreshing Dashboard was not showing all items updated

Known Issues

  • When clearing a device’s individual configuration, if CP Secure Connect values are set, only some are cleared

February 10, 2014

Features

  • Added group dashboards (click on a group name in the Groups list to navigate to that group’s dashboard)
  • Added individual router dashboards (click on a router name in Devices → Routers to navigate to that router’s dashboard)
  • Changed the name of the “Version” column on the Devices → Network Interfaces list to “Modem FW Version”
  • Alert email notifications are now reported in router local time (i.e. the timestamp is relative to the router’s configured time zone)
  • Added router support for firmware 5.0.2

Bug Fixes

  • Alerts were not populating in ECM when a device was moved to a subaccount
  • Updating the Items per page setting wasn’t updating the active grid
  • Removed the Last Connect tooltip for a device with an unknown connected time
  • A configuration change alert was unnecessarily being generated when a device was rebooted with Enable Reboot Count selected

Known Issues

  • Dashboard graphs are intermittently not drawing: a workaround is to refresh your browser (F5 on Windows or Command-R on Mac)
  • Check boxes and images are sometimes missing in Chrome: a workaround is to force a browser cache reload (Shift+F5 on Windows or Command-Shift-R on Mac)

January 9, 2014

Features

  • Added a new analytics Dashboard
  • Added rogue AP detection and device site survey
  • Updated login screen to show new major features
  • Updated navigation and added a dashboard view for groups and devices
  • Added “Cell ID,” the number used to identify the base transceiver, to the Reports and Devices → Network Interfaces fields
  • Updated the Terms of Service to align with the Extended Enterprise License ToS
  • Updated copyright dates
  • Added “Account” field to Devices → Network Interfaces

Bug Fixes

  • Adding new subaccount names now doesn’t require a refresh to view
  • Fixed a rare alignment issue in Accounts & Users
  • Fixed a problem with some Unrecognized Client alerts having blank lines

December 17, 2013

Features

  • Updated status icons
  • Added router support for firmware 5.0.1
  • Gave users access to Terms of Service after they have accepted
  • Gave users access to Privacy Policy
  • Improved the Alerts → Details view
  • When user has the latest modem firmware, we now report that their modem firmware is “Up-to-date.”
  • Added the ability to clear configurations

Bug Fixes

  • Fixed an issue that caused an intermittent firmware upgrade install timeout
  • Byte counters on network interfaces grid view now show cumulative usage of a device since the device was last reset
  • Fixed an issue that caused routers to stay in a pending state after a configuration change
  • Updated System ID validation in the Devices grid to match router firmware
  • Removed check-boxes from the interval field in Alerts → Settings because there is no multi-select option
  • Removed the Search option from Alerts → Settings
  • The Modem Firmware Upgrade button is now disabled for read-only users
  • Fixed an issue with grid sorting not persisting consistently
  • Status column now resizes as expected

Known Issues

  • There are rare cases when clearing a group or device configuration will cause the configuration to be rejected or suspended. We expect this issue to be resolved after an upcoming router firmware release (firmware 5.1).

November 18, 2013

Features

  • Added “Last Connect” column to the Devices list
  • Enabled setup for pre-loaded devices before they have checked in
  • Refreshed the user login page
  • Updated Alerts settings dialog box for more intuitive selection
  • Simplified configuration for Alerts (see Significant Changes to Alerts below)
  • Improved naming system for reports and exported logs
  • Improved Reports fields selection layout
  • Added a print button for the Terms of Service
  • Enabled a popup response when users complete the “Suggest a Feature” form
  • Added router support for firmware 5.0

Bug Fixes

  • Moving a router out of a group now clears its target firmware version
  • Eliminated edit boxes for read-only users
  • Removed “Service Display” column because the “Service Type” column has better information
  • Fixed problem with search when lots of alerts are present
  • Enabled search for device MAC in Alerts

Known Issues

  • The Service Display column has been removed. If a user previously had this column in their network interfaces view, it will be removed. There is a column with more accurate data (Service Type) that users should use for their service type (or mode) information.
  • While simplifying Alerts, we changed some of the default settings. See the following for details:

Significant Changes to Alerts

We are simplifying the process for setting up alerts, making it more intuitive. Previously a user had to navigate to two different locations to get emailed notifications set up properly – now this will all be done on the Alerts → Settings page.

Due to this simplification, there are some items to be aware of:

  • Log-only alerts will need to be re-configured after this update.
    • Log-only alerts for groupsThese will not be migrated as this could cause duplicate settings. You can re-create these by navigating to Alerts → Settings and selecting Add. Then specify your accounts/groups and desired alerts. Leave ‘Users’ empty to create log-only alerts.
    • Log-only alerts for ungrouped devices: Previously ECM enabled some log-only alerts by default but provided no way for a user to remove them for ungrouped devices. These settings will not be migrated forward. To continue receiving those alerts, enable the following alert types in Alerts → Settings:
      • Login Failure
      • Data Cap Threshold
      • WAN Status Change
      • WAN Service Type
  • Email notifications will continue to work, or start to work (if previously configured incorrectly).
    • A user could have signed up for email notifications but if the alerts were not also enabled for the group, the user would never receive the email notifications. After the update, these will start working as expected.

NOTES:

Alerts can be sent to two places:

  1. the alerts log in ECM
  2. users’ email (notifications) – emailed alerts are also logged
Now log-only alerts appear in the Alerts → Log page (previously Monitoring → Alerts). Settings for both log-only alerts and email notifications are now configured in Alerts → Settings (previously this page was Monitoring → Notifications, but the configuration also required changes under Groups → Settings).Alerts logged before this update will remain in the log, but new alerts require the correct configuration.

October 28, 2013

Features

  • Added ability to upgrade modem firmware
  • Added ability to print the configuration summary of a group or device
  • Added popup warning of danger to modem when downgrading router firmware (see Knowledge Base article)
  • Column settings now persist across browsers, devices, etc.
  • When copying a device configuration to a group, the device name and description are now filtered out

Bug Fixes

  • Fixed problem when read-only users attempt to suggest a feature
  • Re-registered routers now have the correct configuration version
  • Fixed problem with footer display on IE9

October 7, 2013

Features

  • Support backward migrations
  • Selecting group name goes to devices tab with list of devices in the group
  • Ability to detect transitions between connection types
  • ARC/COR embedded modem enhanced data for reporting and analytics
  • New Reports fields

Bug Fixes

  • Fixed problem with reports in IE8
  • Fixed “400 Bad Request: Request Header Or Cookie Too Large” error
  • Removed unused “Modem State” from Alerts list
  • Deleting a page of Alerts used to appear to delete all Alerts
  • Name changed in Reports fields from “GSN” to “Serial Number”
  • “No records found!” message added to an empty report
  • Enabled searching on firmware version
  • Fixed column alignment issues after customizations
  • Added tool tips for online status column
  • Local settings were persisting after factory reset
  • Fixed online status sorting order

Known Issues

  • Downgrading from 4.4.2 to 4.4.0 with some WAN configuration rules causes a “pending” loop
  • Two users with the same name but different passwords can cause a configuration change loop
  • With some settings the configuration gets suspended after factory reset

September 11, 2013

Features

  • Support router firmware 4.4.0
  • Add a link to create ECM demo account from the login page
  • Improved maintenance notifications
    • Add maintenance notifications (with intelligence) to the login page UI
    • Proactively notify users of upcoming maintenance windows
  • Tree view in routers and groups pages
  • Custom fields for routers available in grid
    • Add two additional columns to be used for customer comments
    • Add linking ability to the two additional columns
  • “Select All” checkbox added to report and alert headings
  • Show bulk-loaded devices in ECM before device has connected
  • New online indicator icons: green/hollow green/red indicator
    • New pending state on devices shown as hollow green circle icon indicates the device is unavailable but anticipated online
  • Performance enhancements for router connect/disconnect
    • Under load performance and memory improvements for router connect/disconnect

Bug Fixes

  • Fixed problem with data alignment in the grid after switching views
  • Fixed IE8 display problem on Devices and Monitoring pages
  • Read-Only users were unable to re-edit their own user settings
  • Fixed problem with copying group configuration and applying to new group

Known Issues

  • Connection manager: removing multiple rules results in server log exception
  • Online/offline column shows up as the last column in default view or when sorting by this column
  • Changes to firmware network interface don’t take effect immediately

Firmware 4.3.2 Deprecation

There have been problems with devices downgrading from 4.4.0 to 4.3.2: devices sometimes get stuck in a suspended state. Therefore, we are deprecating 4.3.2. This means that:

  • If you have a group with 4.3.2 already, it will continue to work as expected.
  • If you upgrade a group from 4.3.2 to 4.4.0, you will not be able to downgrade it back to 4.3.2.
  • You cannot move a 4.4.0 device into a 4.3.2 group.
  • You can add and configure 4.3.2 devices.
  • You cannot create new 4.3.2 groups.
  • 4.3.2 will still be available for CBR400/CBR450 until a future firmware is released for them. At that time, 4.3.2 will be deprecated for those products.

August 19, 2013

Features

  • Reports usability enhancements
    • Clear/reset added to Reports form
    • Group fields available for reporting
  • UI enhancements to config summary and alert details
  • “Suggest a Feature” link added to the bottom of the main page

Bug Fixes

  • Moving a device and the device’s data now syncs properly
  • Enabled devices to register when an activation already exists in the database
  • Alert notification subject now displays router name correctly
  • Allow email address for username
  • Fixed problem with editing user passwords
  • Fixed problem with auto-refresh pausing unnecessarily

Known Issues

  • We encountered an issue with the management of our system messages. In order to avoid a code roll to fix the issue, we are asking customers to accept the Terms of Service again (the Terms of Service have not changed). This issue will be addressed in the next production update.

Permalink

0 Comments - Leave a Comment

The LED lights on the router will display different colors depending on the equipment plugged in and router state..

LED lights:

User-added image
Indicates the CradlePoint is being supplied power.

1 – 4 
Indicates a connection has been made on the respective the LAN port, blinking indicates traffic over the port.

User-added image
Indicates a connection has been made on the routers WAN port, blinking indicates traffic over the port.

Note: The WAN port will turn on even if plugged into a computer however, the WAN port is for Internet connections only, i.e. DSL/Cable modems.

User-added image
Indicates the Wi-Fi radio of the router is “On.” Blinking indicates traffic over the radio.

User-added image
Indicates the router is in (Wireless Protected Setup) WPS mode. This indicator will blink for 2 minutes orange then 2 minutes red.

User-added image
Indicates that a recognizable cellular device is connected to the router.

  • Red:  No connection is being attempted, or an error has occured
  • Orange (Solid):  Modem is recognized, not connecting to tower
  • Orange (Blinking):  Modem is dialing out to cell tower
  • Green (Blinking):  Modem is negotiating connection with cell tower
  • Green (Solid):  Modem is connected with cell tower
  • OFF:   Modem is not detected or connected.

Permalink

0 Comments - Leave a Comment

Newer modem firmware versions are not always supported by older router firmware versions. If you downgrade your router firmware, you risk knocking your modem offline if the modem firmware is newer than the router firmware. This is possible even for CradlePoint integrated modems.

The following chart shows the compatibility between CradlePoint modem firmware versions and CradlePoint router firmware versions.

CradlePoint Modem Products
MC100E-SP/VZ
IBR6x0E-SP/VZ
MC200LE-VZ
IBR6x0LE-VZ
MC200LP-AT
IBR6x0LP-AT
IBR6x0P-AT IBR600P MC200LP2-EU
IBR6x0LP2-EU
MC200LP
IBR6x0LP
CradlePoint
Router
Firmware
Versions
4.4.x 1.33.1
1.56.0-VZ Only
1.00.09.03
3.05.10.06
3.05.10.09
1.00.03.01
3.05.20.03
1.00.03.02 1.00.03.02 3.05.19.04 3.05.14.00
4.3.x 1.33.1
1.56.0-VZ Only
1.00.09.03
3.05.10.06
3.05.10.09
1.00.03.01
3.05.20.03
1.00.03.02 1.00.03.02 3.05.19.04 3.05.14.00
4.2.x 1.33.1 1.00.09.03
3.05.10.06
1.00.03.01 1.00.03.02 1.00.03.02 x x
4.0.x 1.33.1 1.00.09.03 1.00.03.01 1.00.03.02 1.00.03.02 x x
3.6.x 1.33.1 1.00.09.03 1.00.03.01 1.00.03.02 1.00.03.02 x x
3.5.x 1.33.1 1.00.09.03 x x x x x
3.2.x 1.33.1 x x x x x x
3.1.x x x x x x x x
3.0.x x x x x x x x

Downgrading Firmware? Back Up Your Settings First

If you are about to downgrade firmware, you may want to save your settings first:

  1. Log into your router’s administration pages.
  2. Go to System Settings → System Software.
  3. In the System Config Save/Restore section, click on Save to disk.
Save to disk option


If anything goes wrong with your firmware downgrade, you can use this saved file to restore your settings (also on the System Settings → System Software page).

Permalink

0 Comments - Leave a Comment

Below you will find a list of every CradlePoint product and a link to the corresponding product page.  All documentation available for each CradlePoint product will be located on the “Resources” tab under the picture of each product.


Series 1 & 2:

 

CradlePoint Model Number Product Page
CTR350 View Product Page
CTR500 View Product Page
PHS300 View Product Page
CBA250 View Product Page
CBA750 View Product Page
MBR800 View Product Page
MBR90 View Product Page
MBR900 View Product Page
MBR1000 View Product Page
MBR1100 View Product Page
MBR1200 View Product Page


Series 3:

2100 View Product Page
CTR35 View Product Page
MBR95 View Product Page
MBR1200B View Product Page
MBR1400 View Product Page
CBR400 View Product Page
CBR450 View Product Page
IBR600 View Product Page
IBR650 View Product Page
CBA750B View Product Page

Permalink

0 Comments - Leave a Comment

If you are unsure of your CradlePoint Series or Model number, please click here.


Symptom:

When attempting to login to the router’s setup pages at http://192.168.0.1, you are prompted for a username and password, but you do not know your username.

Cause:

Some router firmware versions require both a username and a password.

Resolution:

  • If you have not configured the router to use a username then by default, the username is “Admin.”
  • If you think you may have set up a username, but cannot remember what it is, you can perform a hard reset to get the settings back to factory default.
  • If you are not sure how to do a reset and have a series 1 or 2 router, please click here.
  • If you are not sure how to do a reset and have a series 3 router, please click here.

Permalink

0 Comments - Leave a Comment

POWER SUPPLY INFORMATION:

AER2100

  • Input: 100-240V 50/60Hz 1.5A
  • Output: 12V 3A (optional 4A version can be purchased to support additional modems)
  • Barrel Connector Size: 2.1mm, center pin positive


CBA750, MBR800, MBR1000, MBR1100, MBR1200
CTR35, MBR95, MBR1200B, MBR1400, CBR400, CBR450

  • Input: 100-240V 50/60Hz 0.6A
  • Output: 12V 1.5A
  • Barrel Connector Size: 2.1mm, center pin positive


IBR600, IBR650

  • Input: 100-240V 50/60Hz 0.6A
  • Output: 12V 1.5A


CTR350, PHS300, CTR500

  • Input: 100-240V 50/60Hz 0.5A
  • Output: 5V 2.5A
  • Barrel Connector Size: 2.3mm, center pin positive


MBR90, MBR900

  • Input: 120V 50/60Hz 0.3A
  • Output: 12V 1.0A
  • Barrel Connector Size: 2.1mm, center pin positive

Vehicle Adapters

CTR350, PHS300, CTR500

  • Input: 12VDC
  • Output: 5V 2.5A
  • Barrel Connector Size: 2.3mm, center pin positive


CBA750, MBR90, MBR800, MBR900, MBR1000, MBR1100
MBR1200, CTR35, MBR95, MBR1200B, MBR1400, CBR400
CBR450

  • Input: 12VDC
  • Output: 12V 1.5A
  • Barrel Connector Size: 2.1mm, center pin positive

Permalink

0 Comments - Leave a Comment

All CradlePoint Routers occupy a primary and secondary IP address when they are in operation.  This allows things like DNS services and HTTP redirects for User Login, Error messages, etc. to function properly on the CradlePoint router.

By default the CradlePoint router IP address is set to 192.168.0.1, this means that it automatically occupies 192.168.0.2 as well due to it being the next available IP address.  The router can be configured to use different IP addresses by following this link for Series 1 or 2 products and this link for Series 3 products.

When changing the router IP address, it’s important to note that it will always occupy the IP you set it to, as well as the next IP address.  No other device attached to the router can be set to that address.

 Also, the router’s IP addresses must not fall outside the usable range of IP addresses.  By default, the router is set to use a network that goes from 192.168.0.1 to 192.168.0.254.  So the router couldn’t be set to use any IP above 192.168.0.253 because it would also need to use 192.168.0.254 as a secondary IP address.

Permalink

0 Comments - Leave a Comment


Getting Started

Status Menus

Router Configuration

Enterprise Cloud Manager

Troubleshooting


Getting Started

Take it out of the box and plug it in!

Connecting a Computer to a CradlePoint Router

Accessing the CradlePoint Admin Pages

Enterprise Cloud Manager Registration

Product Manual – First Time Setup Wizard

Product Manual – Status – Dashboard


Status Menus


Router Config

Network Settings

Internet

System Settings


Enterprise Cloud Manager

Enterprise Cloud Manager Main Page

Enterprise Cloud Manager FAQ

Perparing to migrate from WPC to ECM

How to migrate GROUPS from WPC to ECM

How to migrate DEVICES from WPC to ECM

Upgrading router firmware for ECM compatibility

Tracking modem data usage with ECM

Using a LAN gateway to connect a device to ECM

Configuration priority in ECM

Multi-Factor Authentication


Troubleshooting

Troubleshooting DNS

Troubleshooting wired WAN problems

Troubleshooting WiFi as WAN

Troubleshooting prior to RMA

Gaming console firewall problems

Permalink

0 Comments - Leave a Comment

Summary:

The following steps are required, but not limited to, to verify that the CradlePoint product is indeed defective or has suffered a hardware failure and needs replaced.  If the product is deemed defective/failed, a replacement RMA will be processed as long as the product is still within the CradlePoint warranty.  To view the CradlePoint Warranty, please consult this link.  CradlePoint will not issue an RMA without going through these steps. CradlePoint finds that 99% of the time when an RMA is requested, the router is functioning as intended.


Troubleshooting: 

  1. Inspect the lights on the router for connectivity, basic signal strength and hardware failure. Most of the time, this step will tell us immediately if it’s a hardware issue.
  2. Power LED: On: OK – Off: if power adaptor has been checked, and switch is on, hardware failure
  3. Ethernet LED: On: Ok – Off: physical connection confirmed, Ethernet cable (Cat5 or 5e) swapped, Ethernet port failure
  4. Modem (USB1-3, EC): Solid Green: Connected, Blinking Green: Connecting, Cycling Green/Amber: Attempting connection and retrying, No LED: Confirm modem is plugged, unplug and replug, if no LED activate, likely dead USB port.
  5. Remove the modem from the router and plug it into a laptop. This will help determine if the problem is the modem, the router, or the carrier.
  6. Review the signal information within the router
  7. Reset the router to factory defaults then attempt connectivity again.
  8. Review the logs from the router.
  9. Review the configuration from the router
  10. Verify the installation date of the device to check against out of warranty devices.
  11. If after all of this the tech or engineer determines a faulty device, and it’s still in warranty, then we issue an RMA.

For further information regarding CradlePoint Technical Support or troubleshooting steps, please consult the Support section of our website or email: support@cradlepoint.com

Permalink

0 Comments - Leave a Comment

Installation Summary: 

This paper will provide background on the problems and solutions as well as guidance for the installation of CradlePoint devices. We’ll recommend some commercially available products to help minimize the effects of the harsh automotive power environment.



Please click the following link to open a PDF of the article.

CradlePoint Vehicle Best Practices Installation Guide

Permalink

0 Comments - Leave a Comment

CradlePoint, Inc. warrants this product against defects in materials and workmanship to the original purchaser (or the first purchaser in the case of resale by an authorized distributor) for a period of one (1) year from the date of shipment.  This warranty is limited to a repair or replacement of the product, at CradlePoint’s discretion.

Within thirty (30) days of receipt should the product fail for any reason other than damage due to customer negligence, purchaser may return the product to the point of purchase for a full refund of the purchase price.

If the purchaser wishes to upgrade or convert to another CradlePoint, Inc. product within the thirty (30) day period, purchaser may return the product and apply the full purchase price toward the purchase of the other product.  Any other return will be subject to CradlePoint, Inc.’s existing return policy.

Permalink

0 Comments - Leave a Comment

Frequently Asked Questions when migrating from CradlePoint WiPipe Central to Enterprise Cloud Manager

 

Why should I migrate my CradlePoint routers to the Enterprise Cloud Manager platform?

CradlePoint Enterprise Cloud Manager offers many advantages over WiPipe Central. Some of these benefits are listed below.
  • Configuration changes, and firmware updates made in ECM are pushed to your devices immediately – near real-time connectivity
  • More robust and scalable platform than WPC
  • Open and robust API
Paid WiPipe Central subscribers are eligible to migrate to ECM at no extra charge for the term of their contract. To learn more about ECM, go to the product page for an overview and links to the data sheet and in-depth FAQ.

Do I have to migrate? And why?

Yes, all current WiPipe Central customers will need to migrate to the new ECM platform. We will continue to support WiPipe Central through 2014, but it will eventually be discontinued.

When can I migrate?

The ECM Migration tools have been released to all WPC customers.  Accounts with less than 100 devices are invited to migrate at their earliest convenience.  Large accounts are encouraged to contact the WPC to ECM Migration Coordinator (ECMmigration@cradlepoint.com) to schedule a migration planning session to review the ECM migration best practices and to identify considerations specific to that account.

How will the migration process work?

The migration process can be adjusted for each customer’s unique setup. The tools are available for use and there are 5 phases to the migration:
  • Discovery – Identify how many devices need migrated, which devices are supported, what firmware versions they are running, and what configurations are in use.  If requested, CradlePoint will work with you to gather information about your existing devices and help develop your migration plan.
  • Test – Pick a few test devices (ideally not in production), review the migration documentation, get familiar with the migration tools, and migrate a device with the desired configuration from WPC to ECM. Review the device(s) for any unexpected behavior.  Make any adjustments to configurations or new ECM settings as needed.
  • Pilot – Choose a small group of production devices to execute the process from testing. Migrate these devices and review for correct behavior.
  • Roll-out – Now that the migration steps are well established, migrate the remaining devices.  This is can be done in small or large device groups, depending on the customers requirements, or migration plan if one was established.
  • Follow-up – Once all devices are migrated, contact the ECM Migration Coordinator (ECMmigration@cradlepoint.com) to convert the existing WPC licences over to ECM and close out the unnecessary WPC account, just be sure to download any desired historical data beforehand.

If there are questions at any point during migration, please contact  the ECM Migration Coordinator (ECMmigration@cradlepoint.com) for assistance.

How long will it take?

The migration schedule will vary greatly depending on the number of devices on the account and what version of firmware the routers are currently running; upgrading a device’s firmware will take longer than migrating to ECM.  Once a router is on supported firmware (version 4.4.0 is recommended) an individual device will migrate on its next configuration sync plus the time it takes to perform a reboot.  In order to ensure a seamless transition, we recommend thoroughly testing a few devices before migrating the entire account.  Small accounts can be completed in a few hours, larger accounts may take several weeks.

How do I initiate the migration process?

Assign a main Point of Contact (POC) from your organization to work with us and contact CradlePoint’s WPC to ECM Migration Coordinator (ECMmigration@cradlepoint.com) to plan the ECM migration. We recommend the following steps:

  • Set up an ECM trial account with your CradlePoint Sales representative so you can see the new user interface and become familiar with the new capabilities, and how you will use them in your environment.
  • Review the CradlePoint Knowledge Base article that details ECM migration requirements.
  • Upgrade firmware to 4.4.0 (4.3.2 for CBR400/450). For devices on older firmware (before 4.1.0), a large jump in firmware can cause issues. Follow this guide to minimize losses to connectivity and configurations.

Can I migrate both my Series 2 and Series 3 products?

Migrations are currently only available for Series 3 products. To see which products are Series 2 and Series 3, please consult this link.

When will I be able to migrate Series 2 devices?

Look for the finalized Series 2 migration process in early 2014.

Can I continue to use WiPipe Central? How long will it be supported?

Yes, you can continue to use and add new routers to WiPipe Central for the near term.  WPC End-of-Sale date is September 1, 2014, End-of-Support date is October 31, 2014.

Permalink

0 Comments - Leave a Comment

OVERVIEW:

This article describes how to visually distinguish between HW v1.2 and HW v1.3 on the COR IBR600’s and IBR650’s.  Note the only physical difference is that the micro USB has been replaced with the full-sized USB A Connector.  Other than that, the firmware, form, fit and function are identical.

DETAILS:

  • The Part Number remains the same
  • The Model Number remains the same
  • Hardware Version 1.2, the top is branded as CradlePoint Technology  (see figure 1)
  • Hardware Version 1.3, the top is branded as CradlePoint  (see figure 2)
  • The H/W Version (on the label, see figures 3 and 4 respectively) changes from 1.2 to 1.3.

 

COR IBR600/IBR650 Hardware v1.2 Identifiers COR IBR600/IBR650 Hardware v1.3 Identifiers
COR COR
HW Version 1.2 Top Branding  (Figure 1) HW Version 1.3 Top Branding  (Figure 2)
User-added image User-added image
HW Version 1.2 Label  (Figure 3) HW Version 1.3 Label  (Figure 4)
User-added image User-added image
HW Version 1.2 Micro USB  (Figure 5) HW Version 1.3 Full-Size USB  (Figure 6)

Permalink

0 Comments - Leave a Comment

Overview:

This article describes how to visually distinguish the two versions of the MBR1400.  To download firmware for the MBR1400 Hardware Version 2.0, please click here.

Details:

  • The Part Number remains the same between the two versions of the MBR1400
  • The H/W Version (on the label see figures 3 and 4 respectively) says 1.0 or 2.0, respectively
  • The Model Number changes from MBR1400 to MBR1400v2
  • On the Hardware Version 1.0, the top is branded as CradlePoint Technology  (see figure 1)
  • On the Hardware Version 2.0, the top is branded as CradlePoint  (see figure 2)
  • In the User Interface, the MBR1400v2 is identified as such.
  • On the CradlePoint website, the Version 2 will be listed as MBR1400 HW v2.0


User-added image
Version 1 Top Branding (Figure 1)

Figure 2
Version 2 Top Branding (Figure 2)

User-added image
Version 1 Label (Figure 3)

User-added image

Permalink

0 Comments - Leave a Comment

Differences Between Series 2 and Series 3 Support in Enterprise Cloud Manager

CradlePoint is adding Enterprise Cloud Manager (ECM) support for Series 2 devices. The functionality available to Series 2 devices in ECM is on par with the functionality available in WiPipe Central (WPC). The stream protocol that connects Enterprise Cloud Manager to the router works exclusively with the technology available in Series 3 devices. Together, Series 3 devices connected to ECM represent breakthrough technology in real-time router information with the lightest possible cellular data usage. We recommend customers upgrade to Series 3 devices whenever possible to experience the real-time nature of this breakthrough technology.

For customers unable to upgrade at this time, Series 2 devices will be supported in Enterprise Cloud Manager, but with a similar latency to that experienced in WiPipe Central.

Series 2 devices need to have firmware version 2.0 or higher to work with Enterprise Cloud Manager.

NOTE: For a breakdown of which devices are in Series 2 and in Series 3 and their projected ECM compatibility, see the ECM Compatibility List in this article.

Key Differences

  • Interval settings (e.g., heartbeat, logs) have an assigned time that is not configurable in ECM.
  • A device status that has recently changed will experience a delay before being updated in ECM.
  • When editing a device configuration, users will see configuration pages that look like those from WiPipe Central.
  • Some of the column selection options are different.

 


 

Interval Settings

Setting Description / Usage ECM Configuration System-Wide Interval Setting
Heartbeat How frequently a device sends its ‘heartbeat’ to ECM to indicate whether it’s still online Not configurable via ECM 5 minutes
Heartbeat Timeout Based on the number of allowed missed heartbeats before a device’s status switches from online to offline Not configurable via ECM ~15 minutes
Logs Setting that indicates whether a device sends logs to ECM, and how frequently Can enable/disable through ECM, but interval is fixed 1 hour or 200 messages
Usage Reports Setting that indicates whether a device sends usage reports to ECM, and how frequently Can enable/disable through ECM, but interval is fixed 1 hour
Sync Interval How often a device should check with ECM to verify its managed status, session configuration values, and firmware and configuration versions Not configurable via ECM 15 minutes

Permalink

0 Comments - Leave a Comment

This document describes the options for provisioning Extended Enterprise License (EEL) on supported CradlePoint routers for customers who choose not to utilize Enterprise Cloud Manager.
 
For customers utilizing CradlePoint Enterprise Cloud Manager (ECM), EEL is automatically provisioned on the routers for which it was purchased, via ECM.

Overview
CradlePoint offers the Extended Enterprise License (EEL), which enables advanced routing features on the AER 2100, ARC MBR1400 (including non-integrated versions), and all COR Series routers. When the EEL subscription is purchased (1, 3, or 5-year terms), the License entitlement is set up in our systems, and an EEL Key File must be uploaded locally via a direct connection to each router for which it was purchased.

Option 1: Customer Self-Load – no charge

  • Once the entitlement is set up in CradlePoint systems, an Entitlement Notification email is sent to the purchasing customer and includes contact information to request an EEL Key File for individual router self-loading.
  • The Key File email includes the Key File, and instructions on how to directly connect to each router via WiFi or Ethernet cable with specific steps on how to upload the Key File.
  • A single Key File is good for all routers included on the EEL Purchase Order (Serial numbers or MAC addresses of routers to be enabled must be included on the purchase order, or provided to CradlePoint in a CSV file).

Option 2: CradlePoint Factory Load – $32 per router

Since it can be cumbersome to connect to each router when deploying hundreds of routers, CradlePoint offers an option to pre-load EEL at our factory before the routers are shipped to the customer. To take advantage of this service…

  • The PO must indicate “Drop Ship Only” and include the following:
    • Router SKUs that support EEL
    • EEL subscription SKU (quantity = router quantity)
    • EEL factory load SKU (quantity = router quantity)
  • A drop ship address must be provided for delivery of the fully provisioned routers

For questions contact your CradlePoint Inside Sales Representative. (See SKUs and pricing below.)


Product Pricing Part Number MSRP Description
Feature Licenses (all pricing is per router)
Extended Enterprise License (supported on AER 2100, ARC MBR1400, COR IBR600, COR IBR650)
1-yr Extended Enterprise License EEL-1YR $50 1-yr subscription for advanced routing features
3-yr Extended Enterprise License EEL-3YR $100 3-yr subscription for advanced routing features
5-yr Extended Enterprise License EEL-5YR $150 5-yr subscription for advanced routing features
Feature Licenses are provisioned automatically for customers utilizing Enterprise Cloud Manager. For customers who choose not to utilize Enterprise Cloud Manager…

  • Feature License Key File must be locally uploaded to each router, or
  • CradlePoint can pre-load and drop-ship for $32 per router
EEL Factory Provisioning EEL-LOAD $32 Factory EEL Key File load and drop-ship

Permalink

0 Comments - Leave a Comment

This article applies to the CTR35 and the MBR90.

Symptom:

The Firmware update results in a failure to complete the update process on a CTR35 or MBR90

Cause:

Firmware versions 3.0.4 to 3.0.7 on the CTR35 and Firmware versions 1.8.1 and earlier on the MBR90 require Signed Firmware from CradlePoint Support to update to a newer version.

Resolution:

Upgrading past the 3.0.x firmware versions requires a signed firmware file specific to your device that can be generated by a Technical Support Representative. To get this file, please email support@cradlepoint.com with the MBR90 or CTR35’s serial number and MAC address (these can be found on the label on the bottom of the device).  Also include your First and Last Name, as well as a good email address for the Tech Support Rep to send the file to you.

Permalink

0 Comments - Leave a Comment

Welcome to CradlePoint Enterprise Cloud Manager

Enterprise Cloud Manager is the next generation management and application platform from CradlePoint. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs, and enhance the intelligence of your network and business operations.

Getting Started

Connecting Devices to Enterprise Cloud Manager:
Using Enterprise Cloud Manager:

Connecting Devices to Enterprise Cloud Manager

Upgrading Firmware

NOTE: Currently only Series 3 devices can connect to ECM (see: How to identify the Series of your CradlePoint router).
Connecting devices to CradlePoint Enterprise Cloud Manager requires at least firmware version 4.3.2 – you may need to upgrade firmware. You can upgrade firmware through the individual device’s administration pages or through WiPipe Central.

Upgrading Firmware through the Device Administration Pages

  1. Log into the device administration pages. Open a browser window and type “cp/” or “192.168.0.1” (these are the defaults – you may have changed them) in the address bar. Press ENTER/RETURN.
  2. When prompted for your password, type the eight character DEFAULT PASSWORD found on the product label – this is also the last eight characters of the MAC address. You may have personalized this password.
  3. Once you are logged in, navigate to System Settings → System Software. Under Firmware Upgrade, select the Automatic (Internet)option to upgrade to the newest firmware version. It is recommended that you save your settings using System Config Save/Restore.

Upgrading Firmware through WiPipe Central

  1. Log into WiPipe Central.
  2. Select the group that you want updated firmware for.
  3. Click on Group and select Firmware from the dropdown menu.
User-added image
  1. Select at least firmware version 4.3.2.

Registering Devices

Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”.
User-added image
Your device is now registered in ECM.

Migrating Devices from WiPipe Central

The following articles detail the steps for safely migrating devices from WiPipe Central to Enterprise Cloud Manager:


Using Enterprise Cloud Manager

Navigating the User Interface

Once you have upgraded firmware to at least 4.3.2 and registered your devices, go to https://cradlepointecm.com and log in using your ECM credentials.
ECM login
Once you are logged in, the left navigation menu shows the following tabs:
  • Dashboard – Provides powerful insight into your network through WAN analytics including connectivity, data usage, and performance.
  • Devices – Monitor all the devices loaded into ECM. View statuses, change configurations, and update firmware by device.
  • Groups – Monitor devices by group. Add new groups and view statuses, change configurations, and update firmware by group.
  • Accounts & Users – Add new users and subaccounts and edit the existing ones.
  • Alerts – View a list of alerts generated by your devices and edit settings for alerts, including emailed alerts.
  • Reports – Select the date range, type of report, group(s), and identifier fields and export CSV reports.
  • Applications – Trial, buy, and manage cloud-based applications (e.g., CP Secure Threat Management). This tab is only available for top-level account administrators.

For contextual help, open the Help Panel by clicking on the question mark symbol in the top right corner.

ECM Help Panel
You have the ability to collapse or resize the Help Panel. Also, use your operating system/browser “Find” function to search the help text (e.g. click Ctrl+F or ⌘+F).The DevicesGroups, and Alerts → Log pages all display as grids. The grids are customizable. Reorder columns by dragging and dropping the column headers. Resize columns by dragging the edge of the column headers. Click on the column headers to sort rows by ascending/descending order.
To remove or add columns, click on the “Column Selection” icon in the top right corner of the grid. Select/deselect columns from the popup list that appears.
ECM column selection
To filter the display to show a subset of the grid items, you have two main options:
  1. Some of the fields in the grid are hyperlinks for filtering the grid (e.g. “Product”). From within the grid, click on a hyperlinked field and the grid will be filtered to display only the devices of that type. For example, click on “MBR1400v2” to display only MBR1400v2 devices.
  2. Input a string of characters into the search box (top right) to filter by devices that have that string in one of their fields. You can use partial strings, and the field does not have to start with the partial string. For example, “600” will display devices that have “IBR600” in the Product field. This searches most (but not all) of the fields.
ECM search box

Creating a New User

NOTE: Creating a new user is only available to account administrators.

  1. Click on Accounts & Users in the left menu.
  2. Select the desired account from the table.
  3. Click on Add in the top toolbar. Select “User” from the dropdown menu.
Add User
  1. Enter the information in the “Add User” dialog box. Note that the “Role” will determine the permissions the user will have in the account and all included subaccounts. Choose from the following roles:
    • Administrator: Administrators have full access to the account they are in, along with all subaccounts within that account.
    • Full Access User: Same access as administrators except cannot create/edit other users.
    • Read Only User: Cannot make any configuration changes or change settings; can only view information within Enterprise Cloud Manager (ECM) and run reports.
Add User Dialog Box
  1. Click on “OK” to save the new user.

Creating a Subaccount

NOTE: Creating a new subaccount is only available to account administrators.

  1. Click on Accounts & Users in the left menu.
  2. Select the desired account from the table.
  3. Click on Add in the top toolbar. Select “Subaccount” from the dropdown menu.
Add Subaccount
  1. Enter the name of the subaccount and click “OK”.
Add Subaccount Dialog Box

Managing Devices

Once you have added a device to ECM, you will see it listed in the Devices page. Manage individual devices within this page: view a device’s status, make configuration changes, move devices into a group, etc. The Devices page has three main views: RoutersNetwork Interfaces, and Rogue AP. In the views menu at the top, next to Devices, select one of these options (default view is Routers).
  • Routers displays all the routers.
  • Network Interfaces displays every network interface, including both LAN and WAN (e.g. modems, Ethernet connections, WiFi).
  • Rogue AP shows a list of wireless access points that your devices have seen; use this list to search for Rogue APs that could threaten your networks.

From within the Routers view, click on a device name to view in-depth WAN analytics for that device. This reveals the device dashboard, with charts for data usage, signal strength, and more.

Device dashboard
The most common way of managing devices is in groups. By putting devices in groups you can change the configuration and upgrade firmware by making a change to the group that is applied to all of the devices in that group.To create a group, select Groups in the left menu and click “Add” in the top toolbar.
Add Groups
Enter the Group Name you want to use, select the Product type you will be adding to that group (e.g., MBR1400v2, IBR600), and select theFirmware you want the devices in that group to have. You can also change the Subaccount (if desired). Click on “OK.NOTE: All the devices in a group must have the same type and same firmware.
Add Group Dialog Box
The new group is now listed on the Groups page.Now that the group is created, you can move devices into the group by first selecting them in the Devices page and then clicking “Move” on the top toolbar.
Move Device to Group
A popup window appears. Select a group (only groups with the appropriate device type are displayed) and click OK.
Select a Group
NOTE: The router will IMMEDIATELY be upgraded or downgraded to the version of firmware defined for the group. This could cause a router reboot if the firmware version of the router does not match the firmware version configured for the group.

Upgrading Firmware

Router firmware can be upgraded by group. Select a group from within the Groups page and click on Firmware in the top toolbar. In the dropdown menu, select the firmware version number.
Upgrading Firmware
You will be prompted to accept the firmware version change.
Confirm Firmware Upgrade
Click on “Yes” and the firmware upgrade will be applied IMMEDIATELY to all of the routers in the group.NOTE: The routers in the group will IMMEDIATELY be upgraded (or downgraded) to the version of firmware defined for the group. This will cause a router reboot if the firmware version of the router does not match the firmware version configured for the group.

Configuring Devices

You can apply a configuration change to a group or a specific device within a group (e.g. change failover priority, enable GPS, add a guest WiFi network, etc.). Configuration settings created for a group apply to all the devices within the group. Configuration settings created for a device apply only to that device and override configuration settings defined for the group it is in.1To change the configuration of a group select Group in the Application panel, select the group you want to configure, click “Configuration” in the top toolbar, and select “Edit” in the dropdown menu.
Configuring Devices
The Edit Configuration window shows, allowing you to make configuration changes.
Configuration Window
When making changes in the Edit Configuration window you must select “Apply” on each configuration page before leaving the page in order to save the changes made. Once you have completed all changes, select from the following buttons on the bottom of the window:
  • View Pending Changes – view all of the changes you made on all of the configuration pages
  • Commit  Changes – apply all of the changes made on all of the configuration pages to the group or device(s)
  • Discard Changes – close the configuration window without applying any of the changes made on the configuration pages

To configure an individual device, select Device in the left menu and select the device in the list. Click on “Configuration in the top toolbar” and then select “Edit” from the dropdown menu. The same rules and guidelines apply to device configuration that apply to the group configuration described above.

Setting Up Alerts

The Alerts page has two views for tracking device status changes:
  • The Log view shows a list of alerts sent from the routers to ECM.
  • The Settings view shows rules for alerts, including email notifications.

Toggle between these two views by clicking on the buttons at the top left.

Alerts

Alerts are of the following types:

  • Configuration Change
  • Configuration Rejected
  • Data Cap Threshold
  • ECM Connection State
  • Failed Login Attempt
  • Firmware Upgrade
  • Modem State
  • Reboot
  • Unrecognized Client
  • WAN Service Type
  • WAN Status Change
To enable alerts, including emailed notifications, first select the Settings view and then click on Add at the top left. Create an alert notification rule by completing the fields.
Alert notification rule
Complete the following fields to create an alert notification rule:
  • Accounts/Groups (required) – Choose which sets of devices will follow the notification rule. If you select an account, both grouped and ungrouped devices within that account (including all subaccounts) will be assigned to this rule.
  • Alerts (required) – Select the alert types from the dropdown options.
  • Users (optional) – If you want emailed notifications for these alerts, select users from the list to receive those emails. If you just want these alerts logged, leave this field blank.
  • Interval (optional – Select a time interval from the dropdown options. If you select “Immediately,”  an email notification is sent every time one of the selected types of alerts are logged. Otherwise, the alerts are stored over the course of the time interval and then sent together.

Exporting Reports

Reports allow you to create a summary of information about groups of devices and export that information as a CSV file. Select from several fields to customize your reports. Select the type of report (Data Usage or Signal Quality), a range of dates, the group(s), and identifying fields and then click Run Report to view the report. You also have the option to save the settings of a report for future use.

Reports

Exporting Logs

To export a device’s logs as a CSV file, first enable log reporting for the group the device is in. (This is disabled by default because some users won’t use this functionality – it would unnecessarily use data.) Navigate to the Groups page, select the desired group, and click on Settings.
Enable log reporting
In the popup window that appears, ensure that “Enable Log Reporting” is selected.
Enable Log Reporting
Once log reporting is enabled, navigate to the Devices page, select the desired device, and click on Export → Export Logs to export the device’s logs as a CSV file.
Export logs

 


1  Both group and device settings apply to the device unless they are mutually exclusive, in which case the device settings win. If a configuration update causes an error, the configuration will roll back to the previous configuration, and the device is “suspended:” it will still operate, but new configuration settings are not accepted until the suspension is removed.

Permalink

0 Comments - Leave a Comment

This article is intended to provide a high-level explanation of how the load balancing feature works in a capable CradlePoint router.  First, it is important to understand that the CradlePoint router does not perform aggregate channel bonded load balancing.  CradlePoint routers attempt to balance modem use based on available bandwidth on attached load balanced modems.  However, the CradlePoint router will not sum the available bandwidths of attached load balanced modems nor will summed bandwidth be reflected in an online speed test.

Each modem (air card) attached to the router that is load balanced has an associated bandwidth value.  For example, let’s say modem A has an available bandwidth of 1Mbps and modem B has an available bandwidth of 2Mbps.  When an IP connection (session) is generated from a computer attached to the router, the router will assess the available bandwidth of each modem and place the connection on the modem with the greatest available bandwidth (in this example, this would be modem B), then subtract the connection’s required bandwidth from the available bandwidth on modem B.  Only Modem B will be utilized for this IP connection.  As new IP connections (session) are generated from a computer, the router will again check modem A and modem B for available bandwidth.  If modem B still has more available bandwidth than modem A, then modem B will again be utilized for this new IP connection until the connection is terminated.  The available bandwidth of each modem will be checked each time new IP connections are generated, and modem A will not be ever be utilized unless it has greater available bandwidth than modem B.

Based on the above description, one can see that the attached load balanced modems are not evenly utilized, nor is the available bandwidth of the modems summed together.  This issue can be accentuated when there is a very large difference in the available bandwidth of the two attached modems, for instance, an attached 4G modem in combination with an attached 3G modem.  In cases such as this, the 3G modem may be only slightly utilized, or possibly not at all, depending on the volume of IP connections that are generated from attached computers.  However, services such as bit torrents will usually utilize both modems very well due to the fact that multiple individual IP connections are spawned while a torrent is downloading.

Permalink

0 Comments - Leave a Comment

Symptoms:

The Signal Strength LED’s are not working correctly, or you would like to know how to read the signal strength meter that is built into some CradlePoint routers.


Cause:

If your router doesn’t seem to be registering or showing you the correct intervals when blinking (solid/ flashing), you may be experiencing a signal strength issue.


Resolution:

In order to read the signal strength meter that is built into some CradlePoint routers you must understand that the Signal Strength LED’s work on a Signal Percentage Scale from the Modem placed into the CradlePoint router.

  • The percentages can be found in the administration pages of the router at http//:192.168.0.1
  • Once you have logged into the router, you can find the percentages under the Modem tab à Info Page.

Below are the Percentage breakdown and how that percentage is represented via the LED’s on the router:

 0% – 12% = 1st LED flashing
12% – 25% = 1st LED solid
25% – 38% = 1st LED solid and 2nd LED flashing
38% – 50% = 1st LED and 2nd LED’s solid
50% – 62% = 1st and 2nd LED’s solid and 3rd LED flashing
62% – 75% = 1st, 2nd and 3rd LED’s solid
75% – 88% = 1st, 2nd and 3rd LED’s solid and 4th LED flashing
88% – 100% = all 4 LED’s solid

Permalink

0 Comments - Leave a Comment

 If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0.

Instructions

1.       First you must obtain a properly provisioned SIM from your Verizon or Verizon-reseller sales representative. SIM provisioning is done the same way as USB modem SIM provisioning. The standard plans are “Mobile Broadband”.*

2.       Slide open the SIM bay cover on your IBR600LE. By design this will power off the router. Insert the SIM with the notched end first and 4G logo facing up. Once the SIM clicks into place, close the SIM bay cover. Do not power on the router.

3.       Attach the included WiFi and cellular antennas to the IBR600LE. WiFi antenna connectors are labeled “2.4” on the router. Triangle and square symbols just below the cellular radio connectors will match symbols on both the cellular antennas (they’ll look like paddles), and do not over tighten.

4.       Power on the IBR600LE. 

User-added image

                                     Figure 1 – Modem connection status LED

5.       Observe the modem connection status LED on the back of the unit, as shown in Figure 1. When it goes solid green, this means the modem has successfully established a connection to the Internet. This activation process can take up to 15 minutes minutes to complete, DO NOT POWER OFF THE ROUTER DURING THIS WAITING PERIOD.

User-added image

Figure 2 – Router Dashboard


6.       Log into the router’s setup pages at http://192.168.0.1 by default. Here you can view general information about your router’s status, and begin configuration of the unit.
 
*Note: “Router pricing” plans for B2B customers and “M2M” (small data limits and pooled plans) plans are also available for this product. Note that these plans are available only through Verizon business representatives. Contact your Verizon representative for more information.

Permalink

0 Comments - Leave a Comment

This article was written based on firmware 5.0.0.
VERIZON 3G EVDO
COR IBR600E & COR IBR650E

 
A wireless broadband data plan must be added to your COR product. A new line of service can be added, or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Verizon, and are required to allow your modem to connect and transfer data on their network
 
To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Verizon representative and provide them with the COR IBR600E or COR IBR650E model number and ESN from the product.
 
After adding a data plan to the COR IBR600E or COR IBR650E router, the modem may need to be activated.
To activate the modem.
 
COR IBR600E & COR IBR650E
Login to the COR Setup pages and select Internet from the top navigation bar then Connection Manager from the drop-down menu, find and select the CradlePoint “EVDO Modem” and click Control modem and click Activate.
When modem activation is complete, confirm the modem LED is solid green on the router.
 

Sprint 3G EVDO
COR IBR600E & COR IBR650E

 
A wireless broadband data plan must be added to your COR product. A new line of service can be added, or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Sprint, and are required to allow your modem to connect and transfer data on their network
 
To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Sprint representative and provide them with the COR IBR600E or COR IBR650E model number and ESN from the product.
 
After adding a data plan to the router the first time the COR router is powered on, an Over the Air activation process will start and may take a few minutes.  When modem activation is complete, confirm the modem LED is solid green on the router.

Permalink

0 Comments - Leave a Comment

COR IBR650W
Clear 4G WiMAX

A wireless broadband data plan must be added to your COR IBR650W router. A new line of service can be added or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Clear, and are required to allow your modem to connect and transfer data on their network


To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Clear representative and provide them with the IBR650W model number and WiMAX MAC Address from the product.

VERIFY THE CARRIER REALM

The IBR650W defaults to the Clear network realm. If it has been changed, you will need to revert your WiMAX realm back to Clear

1) Connect the computer to the CradlePoint router with an Ethernet cable
2) Open a browser window and type http://192.168.0.1 in the address bar. Press enter/return.
3) When prompted, enter your password, default is the last eight characters of your MAC address found on the product label.
4) Click First Time Setup Wizard and follow the steps.  When you get to the WiMAX realm selection pick Clear.



ARC MBR1400W, ARC CBA750B-W & ARC CBA750W
 *** Note:  The CradlePoint CBA750 & ARC CBA750W were discontinued as of May 1, 2013 ***
Clear 4G WiMAX

A wireless broadband data plan must be added to your ARC product. A new line of service can be added or a data plan can be transferred from an existing account. Wireless broadband data plans are made available from Clear, and are required to allow your modem to connect and transfer data on their network


To add or transfer a broadband data plan, or to check if your modem has a broadband data plan attached, contact you Clear representative and provide them with the MC100W model number and WiMAX MAC Address from the product. (Note that ARC MBR1400 or ARC CBA750 will not be visible in the Clear system – it will show up as MC100W which is the modem part of the ARC product).

CHANGE THE CARRIER REALM TO CLEAR

CBA750W

You will need to change the WiMAX realm on the CBA750 to Clear before you will be able to connect to the network

  1. Connect your ARC MC100W modem to the ARC CBA750 Adapter.
  2. Connect the computer to the CradlePoint adapter with an Ethernet cable.
  3. Open a browser window and type http://192.168.0.1 in the address bar. Press enter/return.
  4. When prompted, enter your password, default is the last six characters of your MAC address found on the product label.
  5. Click the MODEM tab on the top navigation bar, then SETTINGS in the left menu.
  6. Under MODEM SPECIFIC SETTINGS find WiMAX SETTINGS.
  7. Choose Clear from the Carrier drop-down menu.
  8. Click SAVE SETTINGS at the top of the page.


MBR1400W & CBA750B-W
You will need to change the WiMAX realm on the MBR1400 or CBA750B to Clear before you will be able to connect to the network

  1. Connect your ARC MC100W modem to the ARC MBR1400 or ARC CBA750B.
  2. Connect the computer to the CradlePoint router with an Ethernet cable or WiFi.
  3. Open a browser window and type http://192.168.0.1 in the address bar. Press enter/return.
  4. When prompted, enter your password, default is the last eight characters of your MAC address found on the product label.
  5. Click the Internet tab and then Connection Manager from the drop-down menu.
  6. Select the MC100W modem from the WAN Interfaces list and then click the Edit button.
  7. Select the WiMAX Settings tab.
  8. Choose Clear – clearwire-wmx.net from the Carrier drop-down.
  9. Click Submit at the bottom of the box.

Permalink

0 Comments - Leave a Comment

This article will show you how to attach the WiFi and Cellular Antennas.

The IBR600 ships with 2 sets of antennas.  The IBR650 only ships with 1 set of antennas.

IBR600 WiFi Antenna Connectors
CradlePoint IBR600 WiFi Antenna Connectors

IBR600 WiFi Antennas
CradlePoint IBR600 WiFi Antennas

IBR600 / IBR650 Cellular Antenna Connectors

CradlePoint IBR600/650 Cellular Antenna Connectors

IBR600 / IBR650 Cellular Antennas
CradlePoint IBR600/650 Cellular Antennas

To Install:
1. Match the antenna to the connector.
2. Connect the antenna and tighten by hand.

Permalink

0 Comments - Leave a Comment

Description:

The ARC MBR1400 ships with 2 sets of antennas.  The ARC CBA750 only ships with 1 set of antennas.

MBR1400 WiFi Antenna Conntectors
User-added image

MBR1400 WiFi Antennas (3 are included with the MBR1400)

User-added image

MC200 Modem Cap Cellular Antenna Connectors

User-added image

MC200 Cellular Antennas
CradlePoint IBR600/650 Cellular Antennas

To Install:
1. Match the antenna to the connector.
2. Connect the antenna and tighten by hand.

Permalink

0 Comments - Leave a Comment

Symptom:

Changes made in the CradlePoint router administration pages do not appear to save.

Resolution:

For efficiency, browsers are typically configured to cache pages.  To ensure that a web browser is not displaying a cached CradlePoint router administration page rather than a current administration page the web browser cache must be cleared.

Internet Explorer 8 or earlier Clear Cache:

User-added image

  1. Click “Tools” on the upper right corner and select “Internet Options” from the drop down menu.
  2. Under the “General” tab in browsing history click the “Delete” button.
  3. Place a check mark by “Temporary Internet Files“.
  4. Click “Delete” and close the web browser.

Internet Explorer 9/10 Clear Cache:

  1. On the upper right corner next to the “Star” icon you’ll see a “Gear” icon – Left click the gear.
  2. Select “Internet options” from the drop down list.
  3. Under the “General” tab in browsing history click the “Delete” button.
  4. Place a check mark by “Temporary Internet Files“.
  5. Click “Delete” and close the web browser.

Mozilla FireFox:

User-added image

  1. Click on the “Firefox” icon on the top left of the screen.
  2. Run you mouse over “History“.
  3. Select “Clear Recent History“.
  4. Under pop up window in “Time range to clear” select “Everything“.
  5. Click “Clear Now” and close the web browser.

Safari Clear Cache:

User-added image

  1. In the top menu select “History“.
  2. Scroll to bottom on select “Clear History“.
  3. In the pop up window click “Clear“.

Google Chrome Clear Cache:

Chrome hsitory

  1. Click on the “Three Bars” icon in the upper right corner and select “History“.
  2. Click on “Clear browsing data“.
  3. Make sure “Clear browsing history, Delete cookies and other site and plug-in data, and Empty the cache” are checked and select “The beginning of time” under obliterate the following.
  4. Click “Clear Browsing Data“.

Permalink

0 Comments - Leave a Comment

The PHS300 as of hardware version 2.0 (Click here to learn how to determine your hardware version) is compatible with the PS6U1UPE which allows a LAN connection to the PHS300. This means you can quickly hook it up to any electronic device that has a RJ45 port. The PS6U1UPE would be powered by the PHS300 so you will not be tied down while using it.  

Note: This set-up does not allow an Ethernet WAN connection, i.e. DSL, Cable, Satellite, etc.

Required Equipment:

PHS300
PS6U1UPE
Mini-B to Type A USB Cable
Computer with RJ45 port

Optional:

USB Hub
Cellular Modem Note: The USB Hub is so that you can use the PS6U1UPE while maintaining an Internet connection with a USB Cellular device.  

  1. Connect the USB Hub to the PHS300
  2. Connect the PS6U1UPE to the USB Hub
  3. Connect the PS6U1UPE to your computer
  4. Connect your modem to the USB Hub

Permalink

0 Comments - Leave a Comment

This article applies to all series products on all firmware versions.

Overview:

Most Windows and Mac OSX computers will automatically save the wireless network it has connected to for quick/automatic connection to that network the next time you are in range of that wireless network.  The user, you, can also tell the computer to save your network and automatically reconnect.

If you change any of the WiFi settings in the router, ie- SSID, WiFi Channel, Security Mode, your computer will need to update the settings for your network.  If your network is saved in the computer, it will complain when you attempt to reconnect to router because the network settings have now changed.  For you to reconnect to your network after the router changes, you must delete your old network so your computer can update the settings for the router as it stands now.  Here’s how you do this:

Resolution:

WINDOWS XP –

  1. Click on the Start Menu and select Control Panel  
  2. Click Network Connections, right-click on Wireless Network Connections
  3. Now select View Available Wireless Network Connections
  4. Click the Change Order of Preferred Networkson the left hand side on the box
  5. Go to the Wireless Networks tab, find your wireless network, left-click on the network (it will highlight it) and click Remove.


WINDOWS VISTA –

  1. Open the Start Menu and then Control Panel
  2. Click Network and Internet, then Network and Sharing Center
  3. Click Manage Wireless Networks on the left hand side
  4. Find your network in the list, right click it, and select Remove Network.


WINDOWS 7 –

  1. Open the Start Menu and then Control Panel
  2. Click Network and Internet, then Network and Sharing Center
  3. Click Manage Wireless Networks on the left hand side
  4. Find your network in the list, right click it, and select Remove Network.


WINDOWS 8-

  1. Open the list of WiFi Networks
  2. Right click on the network, and select Forget Network


MAC OS –

  1. Open System Preferences and then Network
  2. Click Airport, then Advanced 
  3. Select the network you want to remove and press the ( — ) minus button


Now you should be able to connect to your router/network.

Permalink

0 Comments - Leave a Comment

Description:

This article describes how to use the ping networking tool in a MAC computer to test an internet connection.  A successful ping response will verify an internet connection.

Directions:

  1. On the computer click  Finder in the dock.
  2. Click Applications.
  3. Click Utilities.
  4. Double-click on Network Utility.
  5. Click the Ping tab.
  6. In the Enter the network address to ping field enter 8.8.8.8.
  7. Click Ping.

A successful ping will show the delay (latency) for a round trip between the computers measured in milliseconds (ms), and shows that all sent packets were received, see below.

User-added image

A successful ping to an Internet IP address (like 8.8.8.8) illustrates that the computer is connected to the Internet.  If you are able to successfully ping 8.8.8.8 but still not able to browse web pages, please consult this article for assistance.

If you received the message “Ping request could not find host…” then you are not connected to the Internet.  Ping 192.168.0.1 to determine if the computer is connected to the CradlePoint router.  If a ping to the router is successful then go to the administrative console of the router to find determine why the Internet (WAN) connection is down. If a ping to the router is unsuccessful please consult this article for assistance.

Permalink

0 Comments - Leave a Comment

Description:

This article describes how to use the ping networking tool in a Windows computer to test an internet connection.  A successful ping response will verify an internet connection.

Directions:

  1. On the computer lick the Start button.
  2. In the Search box (or the Run box on Windows XP) type in cmd then press enter.
  3. In the Command Prompt window type in ping 8.8.8.8 then press enter.

A successful ping will show the delay (latency) for a round trip between the computers measured in milliseconds (ms), and shows that all sent packets were received, see below.

User-added image

A successful ping to an Internet IP address (like 8.8.8.8) illustrates that the computer is connected to the Internet.  If you are able to successfully ping 8.8.8.8 but still not able to browse web pages, please consult this article for assistance.

If you received the message “Ping request could not find host…” then you are not connected to the Internet.  Ping 192.168.0.1 to determine if the computer is connected to the CradlePoint router.  If a ping to the router is successful then go to the administrative console of the router to find determine why the Internet (WAN) connection is down. If a ping to the router is unsuccessful please consult this article for assistance.

Permalink

0 Comments - Leave a Comment

This article was written based upon firmware version 5.0.0 for Series 3 and 2.0.0 for Series 2.

Description:

In order to remotely connect from the Internet into the CradlePoint (or into devices connected behind it), it is necessary  that the connection the CradlePoint receives is publicly routable from the Internet.  If the CradlePoint is receiving a private (non-routable) IP address from a “network address translation” (NAT) router then (unless you have access to the NAT router to forward ports to CradlePoint’s private IP address) you will not be able to route to it from the Internet.

Most wired (DSL; cable) Internet service providers provide (publicly routable) dynamic IP addresses by default and usually offer (publicly routable) static IP addresses for an additional fee.  The only difference between dynamic and static publicly routable IP addresses is that the dynamic IP address will change to a different address every time the modem connects.  

It is common for users of dynamic public IP addresses to use a free or paid “Dynamic DNS” service to update a DNS record each time the address changes.  This allows you to remember a host name rather than needing to know what your current WAN IP address is.  For more information about how to set the CradlePoint to use a dynamic DNS service, refer to this link: (http://knowledgebase.cradlepoint.com/articles/Support/setup-Dynamic-DNS-on-a-Series-3-CradlePoint)

These specific IP address ranges are reserved specifically as non-routable addresses to be used in private networks:

10.0.0.0 through 10.255.255.255
172.16.0.0 through 172.32.255.255
192.168.0.0 through 192.168.255.255

If the CradlePoint receives a WAN IP address within any of these private ranges, this means that connections originating from the Internet will not be able to get past the NAT router (without port forwarding) in order to actually reach the CradlePoint’s WAN interface.

Directions:

These directions will walk you through verifying whether the CradlePoint is receiving a publicly routable IP address or if it is receiving a private IP address from a NAT router.  This is determined by checking to see if the CradlePoint’s WAN IP address is the same address that other computers on the Internet see it as (indicating that you have a routable connection).  If these addresses do not match, then your router is connecting behind a NAT router (which is the device that is connected to the Internet.

Series 1 or 2 CradlePoint follow these steps:

  1. Log into the administrative console, the default location is http://192.168.0.1 Click here if you are unsure how to access the administration pages.
  2. Click on STATUS in the red bar, and then DEVICE INFO in the left-hand column.
  3. Make note of the IP Address in the WAN Interfaces section.
    User-added image
Series 3 CradlePoint follow these steps:
  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Click the Status tab along the top of the page, and then Dashboard from the drop-down menu.
  3. Make note of the IP Address under the Internet section of this page.                                       User-added image
Now that you know the CradlePoint’s WAN IP Address, you will want to surf to an Internet website that indicates which IP address you appear to be connecting from.  A few examples of sites that will show you this information are:
If the CradlePoint’s WAN IP Address is the same IP address that is shown at one of the sites above, then your router is getting a publicly routable IP address.  This would mean that you should be able to use that connection to connect from the Internet to the CradlePoint itself or to computers connected behind the CradlePoint (if you are port forwarding to those devices).
If the CradlePoint’s WAN IP Address is not the same IP address that is shown at one of the sites above, then your router is getting a private non-routable IP address from your ISP’s NAT router.  The IP address shown from a site like http://www.whatismyip.com is the actual NAT router that you (and many other customers of that ISP) connect through.  If you find that the Internet IP address does not match the CradlePoint’s WAN IP Address, you will want to contact your ISP to see if you can get a publicly routable IP address.

Permalink

0 Comments - Leave a Comment

Description:

We can use the command line to ping with specific MTU sizes, and set a flag to tell us when we fragment-out (meaning the MTU at this point it too high).  In doing this, we are able to find the ceiling of your LAN connection, as well as the WAN packets coming from your carrier.  It’s a bit tedious, but it works:

Getting to the Command Line:

In Win XP:
Start -> Run -> type in: cmd -> hit Enter

In Win Vista, Win 7, or Win 8:
Start -> in the search bar type in: cmd -> hit Enter

On a Mac OS:
Go to /Applications/Utilities/Terminal.app

Here are the MTU ceiling sizes you should be around:

For the LAN connection to your computer: 1500

If you are connected to WiMAX (WAN packets from your carrier): 1400

If you are connected to 2G/3G, (WAN packets from your carrier): should be anywhere from 1350 – 1500 (it really does vary this much – it’s carrier dependent).

If you are using a Cable Modem WAN connection: 1500

If you are using a DSL WAN connection: 1492

Sample layout of the command:

$>  ping –f –l (this is a lowercase “L”) [MTU size] [destination]

How to check your LAN connection of your router to your computer:

$>  ping –f –l 1500 192.168.0.1

How to check your WAN connection from your carrier:

Connect to your router and login to its admin pages, go to STATUS -> Device Info, under the blue header WAN, get the IP address for your Default Gateway – we’ll want to ping this but some carriers block WAN pings, so we may not be able to ping the Gateway or DNS Servers of your network, but if you can, try them first.  If you cannot, ping “google.com” instead, or any other website that doesn’t block WAN pings.

$>  ping –f –l 1400 [Default Gateway]

$>  ping –f –l 1400 google.com

When you are testing this, start with the values suggested above, if you get replies, great, increase the MTU value.  When you get “Packet needs to be fragmented but DF set.” Rather than replies, your MTU is too high now, so lower it and you can get the MTU set to the absolute ceiling (where +/- 1 will reply / fragment-out).

Permalink

0 Comments - Leave a Comment

If you are unsure of your CradlePoint Series or Model number, please click here.

Symptoms: 

When the modem (Aircard) is plugged into the router, the computer is able to connect to the Internet but frequently drops connection (Internet becomes unavailable).  When the modem (Aircard) is plugged directly into a computer, using the carrier connection tool such as Sprint Smart View or VZAccess Manager or AT&T Communication Manager, the connection to the Internet seems to be stable.

This issue is primarily caused by the following conditions:

Causes:

  1. Poor cellular signal.  Similar to a cellular telephone, the cellular modem (Aircard) requires adequate cellular signal in order to communicate with the cellular carrier network and Internet.  If the signal is poor, the router may cycle between a connected and unconnected state.  This issue is often identified by slow download speeds while connected to the Internet.
  2. Carrier connection drop.  Often cellular carriers will drop inactive connections to conserve network bandwidth.  The router senses the connection to the modem, but does check the integrity of the connection to the Internet, so the drop is undetected by the router.

Resolution:

Click the following link that corresponds to your router model number to see how to check the modems cellular signal level:

Series 1 & 2:  CTR350, CTR500, PHS300, CBA250, CBA750, MBR90, MBR800, MBR900, MBR1100, MBR1200, click here.

Series 3:  CTR35, MBR95, MBR1400, CBR400, CBR450, IBR600, IBR650, MBR1200B, click here.
Click the following link that corresponds to your router model number to set the routers Failure Check option to overcome carrier drops:

Series 1 & 2:  CTR350, CTR500, PHS300, CBA250, CBA750, MBR90, MBR800, MBR900, MBR1100, MBR1200, click here.

Capable Series 3:  CBR400, CBR450, IBR600, IBR650, MBR1200B, MBR1400, click here.

Permalink

0 Comments - Leave a Comment

Look for a label on the bottom of your router. Find the Part Number or the Model Number and click the matching link in the table below.
Note: If there is no label, but what appears to be a sliding battery door – your device is the PHS300.

User-added image



CradlePoint Series 1 CTR350
PHS300
CradlePoint Series 2 CBA250CBA750
CTR500
MBR800MBR90MBR900MBR1000MBR1100MBR1200
CradlePoint Series 3 CTR35
CBR400CBR450
IBR600IBR650

MBR95MBR1200BMBR1400
CBA750B
AER2100

Permalink

0 Comments - Leave a Comment

Symptom:

The battery life of the PHS-300 needs to be improved.


Cause:

If your PHS-300’s battery does not seem to be giving you the maximum usage, you can change the Transmit Power. The Transmit Power will lower your Wi-Fi transmission output. This will decrease your Wi-Fi range but can give you up to an extra hour of battery life.


Resolution: 

The following steps can be used to change the Transmit Power:
1.    Access the routers administration pages, found at http//:192.168.0.1
2.    Once you are logged into the administration pages, select the Advanced tab at the top of the page.
3.    On the Advanced tab, select Advanced Wireless from the left hand side of the menu.
4.    On the Advanced Wireless page, this is where you can change the Transmit Power from High to Low.
5.    Once you have changed the Transmit Power to Low, click on the Save Settings tab found at the top of the page.
6.    After you have selected to Save Settings the page will ask you if you would like to Reboot Now. Select Reboot Now and once the router is reset, you are finished.

Permalink

0 Comments - Leave a Comment

Symptom: 

Not able to connect to the WiFi at a range that is within the published Wi-Fi Range for said CradlePoint router.


Cause: 

There could be multiple causes for this issue.


Resolution:      

First, keep in mind what type of range your router is CAPABLE of providing. The CTR350, PHS300, and CTR500 all use wireless “G” for their Wi-Fi radio, and most users see a typical range of 60-100 feet, depending on walls and interference. The and MBR1000 and MBR1200, MBR1200B, MBR1400, MBR95, CTR35 and MBR900 have the more powerful wireless “N” radio and can provide several hundred feet of wireless range, depending on walls and interference. While these are just rough averages – using the CTR350 in an open field with zero interference may provide more than 60-100 feet, while folks using an MBR1000 in a building with thick walls around multiple interfering electronic devices may not see their signal travel very far – it is important to recognize what to reasonably expect from your router. The tips below should help you get the most out of your router’s Wi-Fi signal, but there ARE limitations with any router.

  1. Move your router: Sounds obvious, but this is the easiest and often the most effective way to extend your Wi-Fi range! Invest a bit of time by trying a few different locations for your router, and see which spot provides the best performance. The antennas that broadcast the signal (both the internal ones on the CTR350/PHS300/CTR500/MBR1200 and the built-in external antennas on the MBR1000/MBR900) are Omni-directional, meaning they radiate the signal best when centered – try putting the router in a centralized location. Make sure the router is not on the floor – placing it higher up on a table or shelf generally gets better results.  If you need your router in a specific part of the house because the cellular signal is better in one location (by a window, for example), try moving the router around 15°, 45°, 90° (or if you’re using the MBR1000 or MBR900, move the antennas) – minor changes can have drastic effects!
  2. Minimize Obstructions/Interference: Besides obvious obstructions like walls, there is a LOT of other things that can interfere with Wi-Fi signal. Electronics, particularly other routers and devices that operate on the 2.4Ghz frequency like cordless phones, baby monitors, garage door openers, and wireless cameras, can impede signal, but so can microwaves, computer cables, stainless steel refrigerators, mirrors, and even fluorescent lights (really!). Any of these can reduce your Wi-Fi signal or cause pauses or dropouts in the transmission. Try to put your router in a spot where interference is limited (or, if the router can’t be moved, move the offending interferer [the cordless phone, baby monitor, etc.]). If you’re using a USB modem and you have a USB extension cable, use it – this can help minimize the interference that is caused by having the Wi-Fi and cellular radios so close together.  If you’re not sure if electronics are causing interference with your router, you can test by turning off EVERYTHING electronic in the home/office where you’re testing, except for the router and the computer you’re testing with. If the performance is better with everything else off, you will know that something in the home/office is indeed interfering with the signal and you can then work to figure out what it is
  3. Add Wi-Fi antennas to your router if it has external antenna ports: The MBR1200 and MBR1400 feature two ports for adding external Wi-Fi antennas, and there are several options available: the Cradlepoint MBR1200 Wi-Fi Antennas, for example.  Please note these antennas will not work with other routers and that you must use Wi-Fi antennas in PAIRS with the MBR1200 – using just one antenna will NOT work.
  4. Upgrade your computer’s Wi-Fi card to “N” if you’re using an “N” router: The MBR1000, MBR900, and MBR1200 utilize wireless “N” for the Wi-Fi radio, which offers a wider range than the “G” radio used by other routers. Those routers are backwards compatible with wireless “G” and “B”, but to take full advantage of the more powerful “N” signal, the receiving computer should also be wireless “N”. Luckily, it’s super easy to upgrade your computer – you can just attach an “N” adapter to a USB port on your computer and you will be able to take better advantage of the “N” range!
  5. Change the Channel: Try changing the channel on which your Wi-Fi is broadcasting through your router’s configuration page. How to Change the Wireless Channel on a Series 2 CradlePoint or How to Change the Wireless Channel of a Series 3 CradlePoint

Permalink

0 Comments - Leave a Comment

First, please identify your router’s series by clicking here and go down to the appropriate section for your router:

This article was written based on firmware versions 2.5.4 for series 1 routers, 2.0.0 for series 2 routers, and 5.0.0 for series 3 routers.

Symptom:

I am unable to connect to the Wireless (WiFi) of my CradlePoint router, my computer gives me an error message stating the WPA password or WEP key is incorrect.

Cause:

The password that you are entering does not match the password or key set within the CradlePoint.

Resolution:

Series 1 Routers:

  • PHS300 – if you don’t remember your password, try the default password: click here.  If that doesn’t work for you, reset your router: click here.  You may need to delete your network that is saved in your computer before reconnecting to it again.  Click here to read on how to do that.
  • CTR350 – if you don’t remember your password, try the default password: click here.  If that doesn’t help, you can plug an Ethernet cable into the WAN/LAN port of your router and then into the computer.  Login to the router’s setup pages (for help logging in to the router’s Setup Page click here), go to BASIC -> Wireless(Wifi), scroll down to the bottom of the page, you will see your wifi password – now you can try connecting to your router with that password.  If that doesn’t work for you, reset your router: click here.  You may need to delete your network that is saved in your computer before reconnecting to it again.  Click here to read on how to do that.

Series 2 Routers:

  • If you don’t remember your password, try the default password: click here.  If that doesn’t help, you can plug an Ethernet cable into the yellow or orange LAN port of your router (the single WAN/LAN port for the CTR500) and then into the computer, login to the router’s setup pages (for help logging in the router’s Setup Page click here), go to BASIC -> Wireless(Wifi), scroll down to the bottom of the page, you will see your wifi password – now you can try connecting to your router with that password.  If that doesn’t work for you, reset your router: click here.  You may need to delete your network that is saved in your computer before reconnecting to it again.  Click here to read on how to do that.

Series 3 Routers:

  • If you don’t remember your password, try the default password: click here.  If that doesn’t help, you can plug an Ethernet cable into the yellow or orange LAN port of your router (the single WAN/LAN port for the CBR routers) and then into the computer.  Login to the router’s setup pages (for help logging in to the router’s Setup Page click here), go to Network Settings -> Wifi/Local Network, check the box next to your wifi network, click Edit above, at the bottom of the pop-up window you will see your WPA Password – now you can try connecting to your router with that password.  If that doesn’t work for you, reset your router: click here.  You may need to delete your network that is saved in your computer before reconnecting to it again.  Click here to read on how to do that.

Permalink

0 Comments - Leave a Comment

If your are unsure of CradlePoint Series or Model number, please click here

This article was written based on firmware version 5.1.2.

*NOTE* This article pertains to the following routers on 5. firmware: IBR600, MBR1200B, MBR1400 and CBR400 on firmware version 4.3.2

Overview:

Introduced in firmware 3.4.0 for  Series 3 CradlePoint routers, the WiFi Bridge feature allows you to establish a wireless link between two routers, putting them both on the same IP network.  In this example, a WiFi Bridge is established between two CradlePoint Routers but, the configuration can be applied to a non-CradlePoint wireless router and a CradlePoint that is establishing the connection.

User-added image
Figure 1- Example Network using WiFi Bridge

User-added image

Figure 2– Router 1 Information

Above is general router information for Router 1.  This example uses is a Cradlepoint MBR1400v2 router.

  • WiFi SSID: Router1_SSID
  • Primary LAN: 192.168.0.1/255.255.255.0

Steps for Configuring WiFi Bridge:

  1. Verify that the Series 3 CradelPoint router firmware is version 3.4.0 or later (How to verify router firmware version).  Update the router firmware if necessary.  Click here for instructions on updating your firmware.
  2. Log into the Administration pages of Router # 2.   Click here for instructions on logging in to the Administrative Pages of the CradlePoint.
  3. Click on the Internet tab, then select WiFi was WAN / Bridge from the drop down menu.    User-added image
  4. Click on the drop down menu and select Wireless Bridge to switch the WiFi Client Mode to WiFi Bridge.     User-added image*NOTE* FOR THE CBR400 Click on the WiFi Bridge to switch the WiFi Client mode to WiFi Bridge.   User-added image
  5. Select the wireless network you wish to join From the Site Survey section, in this case “Router1_SSID”.  If you do not see any SSID’s please click the Refresh button.                                          User-added image
  6. Click the Import button.                                                                                                                    User-added image
  7. A Profile Editor window will appear, verify all the settings match that of the desired WiFi network, and enter the WiFi Security Password needed to connect to the network (in this case, the WPA Password).
  8. Click Submit.                                                                                                                   
  9. Verify the wireless network is saved and listed under the “Saved Profiles” list.                      User-added image
  10. Select Network Settings > WiFi / Local Networks.                                                                       User-added image
  11. For initial configuration the Guest LAN should be removed. Click the checkbox next to Guest LAN.  User-added image
  12. Click on the Remove button to delete the Guest LAN network. When it prompted on the removal, select Yes.
  13. Select the Primary LAN by clicking the checkbox next to Primary LAN.
  14. Click the Edit button.
    User-added image
  15. Change the last octet of the Router # 2 IP address so that it is not the same as Router 1.  In this example, we’ve changed the Router 2 IP address from 192.168.0.1 to 192.168.0.2.  It is required that the IP addresses for Router 1 and Router # 2 remain on the same network.  For example two routers with IP addresses of 10.0.0.1 and 10.0.0.25 both with 255.255.255.0 netmasks will work but, IP address of 10.0.0.1 and 10.0.1.25 with 255.255.255.0 netmasks will not. Additionally, the routing mode need to be changed from NAT(default) to Standard.User-added image
  16. Select the Interfaces tab.  Move the network interface with the prefix “WiFi Bridge” over from the “Available” list to the “Selected” list.                                                                                                      User-added image
  17. Disable the DHCP server by selecting the DHCP Server tab and unchecking DHCP Server.  This is required for WiFi Bridging.
  18. Click Submit to apply the settings.                                                                                                   User-added image

After the save is complete use 192.168.0.2 to access Router 2, since the Router 2 IP was changed.  Router 1 administration access will be available on its IP address which for this example is 192.168.0.1.

User-added image

Log into the Router 2 administration pages using the new IP address.  Navigate back to  Network Settings > WiFi / Local Networks.  Notice in the Primary LAN data there is an Attached Interface called WiFi Bridge.  Verify that the WiFi Bridge is connected, along with the signal of the connection between the two routers.  Close your web browser at this time.
User-added image

Now, test that your computer can successfully communicate with Router 1 by getting a new IP address assigned by Router 1.
Please review this article on How to renew your IP Address.

Permalink


Overview:

Renewing the IP address of your computer is required after any change to the router’s local IP Address information. Additionally, this is a common troubleshooting step when connection issues occur between your computer and your router.

Directions:

Win XP:

  1. Click Start
  2. Click Run
  3. Type “cmd” into the Run prompt that opens up

Win Vista/7

  1. Click Start
  2. Type “cmd” in the Search Programs and Files field, then press enter
A black window will appear on your screen.  Type the following commands pressing enter after each (note: there is a space before the /)
  • ipconfig /release
  • ipconfig /renew

renew

Mac OS X:

  • Press the Apple Icon in the upper left-hand corner and select System Preferences
  • In the System Preferences window select Network
  • In the left hand, column select your connection (Ethernet for wired or AirPort/WiFi for wireless) and then press the advanced button in the bottom right-hand side of the window
  • Select the TCP/IP tab and the press “Renew DHCP Lease” button

Permalink

0 Comments - Leave a Comment

This article was written based on the 2.0.0 series 2 firmware.

If you are unsure of which CradlePoint Series or Model number you have, please click here

Overview:

The router automatically logs (records) events of possible interest in its internal memory. You can define what types of events you want to view and the level of events to view.

Directions:

Follow these steps prior to power cycling the device:

  1. Access the Administration Pages of the CradlePoint.
  2. After you are logged in, click on the STATUS tab, then select LOGS from the left menu                       logs1.png
  3. In the Log Details section, click on Save Log button.                                                             Router Save Log menu
  4. You will be prompted to save the file. Note the path and file name.

Permalink

0 Comments - Leave a Comment

Summary:

In certain cases a computer may not be able to connect to a CradlePoint router unless it is configured to accept DHCP addressing. To change your computer’s DHCP settings, follow the directions below, specific to your operating system and the way you are connecting to the router.

Contents:

Wireless (WiFi) Connections


Windows XP (Wireless)

  1. Click Start, then click Control Panel, and select Network Connection
  2. Right click on the Wireless Network Connection and select Properties
  3. In the box labeled “This connection uses the following items:” highlight (but do not uncheck) the Internet Protocol(TCP/IP) option and click Properties
  4. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically


Windows Vista (Wireless)

  1. Click Start, then click Control Panel, and select Network and Sharing Center
  2. Under Task find Manage Network Connections 
  3. Right-Click Wireless Network Connection 
  4. Click Properties
  5. Highlight IPv4
  6. Click Properties 
  7. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically


Windows 7 (Wireless)

  1. Click Start, then click Control Panel, and select Network and Sharing Center
  2. Under the left column find Change Adapter Settings
  3. Right-Click Wireless Network Connection
  4. Click Properties 
  5. Highlight IPv4
  6. Click Properties
  7. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically

Windows 8 (Wireless)

  1. Go to Control Panel, and select Network and Sharing Center
  2. Under the left column find Change Adapter Settings
  3. Right-Click Wi-Fi
  4. Click Properties 
  5. Highlight IPv4
  6. Click Properties
  7. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically

Wired (Ethernet) Connections

Windows XP (Wired)

  1. Click Start, then click Control Panel, and select Network Connection
  2. Right click on the Local Area Connection and select Properties
  3. You will see a box with a list of items labeled “This Connection uses the following items” highlight (do not uncheck) Internet Protocol(TCP/IP) and select properties
  4. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically

Windows Vista (Wired)

  1. Click Start, then click Control Panel, and select Network and Sharing Center
  2. Under Task find Manage Network Connections 
  3. Right-Click Local Area Connection 
  4. Click Properties
  5. Highlight IPv4
  6. Click Properties 
  7. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically

Windows 7 (Wired)

  1. Click Start, then click Control Panel, and select Network and Sharing Center
  2. Under the left column find Change Adapter Settings
  3. Right-Click Local Area Connection
  4. Click Properties 
  5. Highlight IPv4
  6. Click Properties
  7. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically

Windows 8 (Wired)

  1. Go to Control Panel, and select Network and Sharing Center
  2. Under the left column find Change Adapter Settings
  3. Right-Click Ethernet
  4. Click Properties 
  5. Highlight IPv4
  6. Click Properties
  7. Select Obtain an IP Address Automatically and Obtain DNS Server Address Automatically

Mac OS X v10.4 (Wired)

  1. From the Apple menu, select System Preferences
  2. Click the Network Icon
  3. Select Ethernet
  4. Click the Advanced button
  5. Select the TCP/IP tab
  6. From the Configure IPv4 drop-down list, select Using DHCP

Mac OS X v10.5 (Wired)

  1. From the Apple menu, select System Preferences
  2. Click the Network Icon
  3. Select Ethernet
  4. From the Configure drop-down list, select Using DHCP

Mac OS X v10.6 (Wired)

  1. From the Apple menu, select System Preferences
  2. Click the Network Icon
  3. Select Ethernet
  4. Click the Advanced button
  5. Select the TCP/IP tab
  6. From the Configure IPv4 drop-down list, select Using DHCP

Permalink

0 Comments - Leave a Comment

Symptom:

I have a supported 4G modem that is not connecting in my PHS300.

Cause:

4G is not supported on PHS300 H/W version 1.x  However PHS300 H/W version 2.0 does support most 4G modems.

Resolution:

To check the hardware version of your PHS300, simply remove the battery door and battery to find the product information sticker.  There you will find either “H/W Rev 1.x” or H/W ver: V2.0”.



Hardware v1.x
phs300_hwv1_label.gif

Hardware v2.0
phs300_hwv2_label.gif.gif


Most modems will work in either Hardware v1.x or v2.0 – but there are some modems that will only function with v2.0 
4G WiMAX modems will not work fully with the router version 1. Dual band, 3G/4G WiMAX modems will only work in 3G mode.


Please see the PHS300 Main Support Page for more information on supported modems.

Permalink

0 Comments - Leave a Comment

Overview:

This article describes how to use the Input and Output General Purpose I/O pins available as part of the power plug.

Description:

Input Pin – Select one of the following options from the drop-down menu:
Default/Ignored:
In this mode, the input pin is not used.
Input Sensing:
In this mode the logic state (high or low) is automatically sensed
by the router and is readable as the Current Value.
Router Reset:
In this mode, an external device can reset the router by holding
the input low for 10-seconds.

Output Pin – Select one of the following options from the dropdown menu:
Default/Low:
In this mode, the output pin is not used and is at
0V (ground potential).
Set High/Router Running:
In these modes, the output pin is logic low while the router is
booting and transitions to logic high when the router is fully
running. If the router is reset, the output returns to low until
the router has fully rebooted.
Modem Connected:
In this mode, the output pin is logic low until the modem has
connected to the tower. If the connection drops, this output
is set low until the connection is restored.

*NOTE: Red – Positive, Black – Negative, Orange – Input, Blue – Output  (Click here for a more detailed description.)

For more information on the GPIO Cable, please review this document.

Permalink

0 Comments - Leave a Comment

If you are unsure of CradlePoint Series or Model number, please click here.

Description:

On CradlePoint routers, the built-in DHCP (Dynamic Host Configuration Protocol) Server is used to assign IP addresses to computers and other devices on your local area network (LAN). Under certain circumstances, it may be necessary to operate the router with DHCP disabled.  This article describes the procedure to configure a CradlePoint router accordingly.

Directions:

Connecting your computer to the router

Sample network settings:

Router Settings:
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0

Computer settings:
IP Address: 192.168.10.(3-254)
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.10.1
Preferred DNS: 192.168.10.1

Disable DHCP:

Series 1 or 2

  1. Login to the Administrative Pages of the CradlePoint (for help logging into the Administrative Pages of the CradlePoint, please click here).
  2. Go to the BASIC tab, then click on DHCP.
  3. Remove the check mark next to Enable DHCP Server.
  4. Click Save SettingsReboot Later.
  5. Go to BASIC, then click NETWORK.
  6. Set the Router IP Address and Subnet Mask.
  7. Scroll up and select Save Settings. Click Reboot Now, when prompted.

Series 3

  1. Login to the Administrative Pages of the CradlePoint (for help logging into the Administrative Pages of the CradlePoint, please click here).
  2. Click on Network Settings, then click on WiFi/Local Network.
  3. Place a check in the box next to the network you would like to disable DHCP on.
  4. Click Edit.
  5. Click on the DHCP Server tab.
  6. Uncheck the box next to DHCP Server.
  7. Click Submit.

Configure Computers Manually:

Windows XP

  1. Go to the Control Panel on your PC and select Network Connections.
  2. Right click on the Local Area Connection or Wireless Network Connection
  3. Select Properties.
  4. Look for the box labeled This connection uses the following items: highlight (not uncheck) Internet Protocol(TCP/IP)
  5. Select Properties.
  6. Select Use the following IP address and Use the following DNS server addresses
  7. Enter the IP information and Click Ok, and then Ok again

Windows Vista

  1. Go to the Network and Sharing Center in the Control Panel.
  2. Under Tasks on the left had side select Manage Network Connections
  3. Right-Click Local Area Connection or Wireless Network Connection
  4. Click Properties
  5. Highlight IPv4
  6. Click Properties
  7. Select Use the following IP address and Use the following DNS server addresses
  8. Enter the IP information and Click Ok, and then Ok again.

Windows 7 and 8

  1. Go to the Network and Sharing Center in the Control Panel.
  2. Under Tasks on the left had side select Change Adapter Settings
  3. Right-Click Local Area Connection or Wireless Network Connection
  4. Click Properties
  5. Highlight IPv4
  6. Click Properties
  7. Select Use the following IP address and Use the following DNS server addresses
  8. Enter the IP information and Click Ok, then Ok again.
  9. You should now be able to connect back to the router at the new IP address

Mac OS X

  1. Open System Preferences and then open Network Preferences.
  2. Select the Airport or Ethernet connect type you want to configure on the left
  3. For Ethernet, select Manually from the IPv4 dropdown
  4. For Airport, select the Advanced button and select the TCP/IP tab then Manually from the IPv4 dropdown
  5. Enter the IP information
  6. Select OK ,if necessary, then Apply

Permalink

0 Comments - Leave a Comment

Purpose:

Determine the version of firmware that was shipped on a CradlePoint router from the device’s packaging.  This will identify if a device requires a firmware upgrade prior to deployment in order to be ECM compatible.

Requirements:

Individual packaging from the CradlePoint router.
OR
Bulk packaging from cartons of CradlePoint routers.

Directions:

To determine the version of firmware that was shipped on a CradlePoint router, look for the following labels:

Individual packaging

For IBR600 and IBR650 devices:
IBR600 Label Firmware Location
For MBR1400, MBR1200B, CBA750B, CBR450 and CBR400 devices:
MBR1400 Label Firmware Location

Bulk packaging

For IBR600 and IBR650 devices:
IBR600 Carton Label Firmware Location
For MBR1400, MBR1200B, CBA750B, CBR450 and CBR400 devices:
MBR1400 Carton Label Firmware Location
Note: For ECM compatibility the minimum firmware version is 4.3.2. It was released on 15 July 2013; most devices shipped after this date should already have firmware that is ECM compatible.  Devices shipped prior to 15 July 2013 will need a firmware update before being registered with ECM.

Permalink

0 Comments - Leave a Comment

The following is a list of USB Flash Drives that have been tested by CradlePoint Support and are known to work for the MC200LE-VZ & IBR600LE-VZ Modem Module Firmware Update. To update the IBR600LE-VZ Modem via USB cable, you will need a Micro USB B to USB A adapter.



Manufacturer Model Number Size File System Format
Transcend TS16GJFV60 16GB FAT32
Lexar LJDS73-16G 16GB FAT32
SanDisk SDC236-008G-A11 8GB FAT32
PNY FDU16G/APPMT-GE 32GB FAT32
HP v310w 32GB FAT32

Permalink

0 Comments - Leave a Comment

It is possible to manage a CradlePoint router through Enterprise Cloud Manager (ECM) with no active WAN connection, such as when it is used a failover device or configured in WiFi Bridge mode on an existing network. With the default settings, the router requires an active WAN connection to connect to ECM or obtain the current date/time from an NTP Server. To instead use the LAN to connect to ECM, you must set the CradlePoint to use the LAN Gateway feature.

  1. Log into the device’s administration pages.
  2. Go to System Settings > Administration.
  3. Select the Router Services tab.
  4. Select Use LAN Gateway and input the LAN Gateway Address. (This is the LAN IP address of the router that the CradlePoint is connected to.)                                                                                                                  Enabling a LAN gateway for Router Services
  5. The DNS server fields might not need to be changed: these match the static DNS values (set at Network Settings > DNS). You can leave the default values or set them manually here.

Once Router Services has been configured to use a LAN gateway, the device can now be managed by ECM via the LAN. However, because the device still does not have an active WAN connection, ECM will report the IP Address for the WAN source of the network the CradlePoint is connected through.



Notes

  • Setting up a LAN gateway for router services can be used to save money when a CradlePoint router is configured for 3G/4G failover behind another router. If your 3G/4G data plan is small/expensive, you can set router services to use the LAN connection (following the above steps) so that ECM doesn’t use 3G/4G data unnecessarily.
  • In addition to ECM, other “router services” also require a WAN connection by default but can be configured to use the LAN instead. For example, the above steps will enable a connection to an NTP (Network Time Protocol) server via the LAN.

Permalink

0 Comments - Leave a Comment

Getting Started


Enterprise Cloud Manager Registration


CradlePoint Enterprise Cloud Manager is CradlePoint’s next generation management and application platform. Enterprise Cloud Manager (ECM) integrates cloud management with your CradlePoint devices to improve productivity, increase reliability, reduce costs and enhance the intelligence of your network and business operations.

Click here to learn more and sign up for a free 30-day ECM trial.

Depending on your ordering process, your devices may have already been bulk-loaded into ECM. If so, simply log in at cradlepointecm.comusing your ECM credentials and begin managing your devices seamlessly from the cloud.

If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register.”

image

Once you have registered your device, go to https://cradlepointecm.com and log in using your ECM credentials.

image

For more information about how to use CradlePoint Enterprise Cloud Manager, see the following:

First Time Setup


When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through basic steps to customize your CradlePoint AER 2100. To return to the First Time Setup Wizard after your initial login, go to Getting Started → First Time Setup in the dropdown menu. You have the ability to configure any of the following:

  • Administrator Password
  • Time Zone
  • WiFi Network Name
  • Security Mode
  • Access Point Name (APN) for SIM-based modems
  • Modem Authentication
  • Failure Check

Administrator Password

CradlePoint recommends that you change the router’s ADMINISTRATOR PASSWORD, which is used to log into the administration pages. The administrator password is separate from the WiFi security password, although initially the Default Password is used for both.

image

NOTE: If you plan to use your router in a PCI DSS compliant environment, do not use this setting. Use the “Advanced Security Mode” settings under the Router Security tab in System Settings → Administration instead.

Time Zone

You can select your TIME ZONE from a dropdown list. (This may be necessary to properly show time in your router log, but typically your router will automatically determine your time zone through your browser.)

image

Click NEXT.

WiFi Network Name

CradlePoint recommends that you customize your WiFi network name. Type in your personalized network name here. You can also enable the Guest Network feature (for more configuration options, see Network Settings → WiFi / Local Networks).

image

WiFi Security Mode

image

Choose the WIFI SECURITY MODE that best fits your needs:

  • BEST (WPA2): Select this option if your wireless adapters support WPA2-only mode. This will connect to newest devices and is the most secure, but may not connect to older devices or some handheld devices such as the PSP.
  • GOOD (WPA1 & WPA2): Select this option if your wireless adapters support WPA or WPA2. This is the most compatible with modern devices and PCs.
  • POOR (WEP): Select this option if your wireless adapters only support WEP. This should only be used if a legacy device that only supports WEP will be connected to the router. WEP is insecure and obsolete and is only supported in the router for legacy reasons. The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited.
  • NONE (OPEN): Select this option if you do not want to activate any security features.

CradlePoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.

Choose a personalized WPA PASSWORD or WEP KEY. This password will be used to connect devices to the router’s WiFi broadcast once the security settings have been saved.

  • WPA Password: The WPA Password must be between 8 and 64 characters long. A combination of upper and lower case letters along with numbers and special characters is recommended to prevent hackers from gaining access to your network.
  • WEP Key: A WEP Key must be either a hexadecimal value of 5 or 13 characters or a text value of 10 or 26 characters.

Click NEXT.

Access Point Name (APN)

image

If you are using a SIM-based modem (LTE/GSM/HSPA) with your CradlePoint router, you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs, so check with your carrier to confirm the appropriate one to use. Some examples include:

  • AT&T: “broadband”
  • T-Mobile: “epc.tmobile.com”
  • Rogers LTE: “lteinternet.apn”
  • Bell: “inet.bell.ca”
  • TELUS: “isp.telus.com”

You can either leave this on the Default setting or select Manual and input a specific APN.

If your specific modem or SIM already has APNs programmed into it, you should leave this on the Default setting. After finishing this Wizard go toInternet → Connection Manager, select your modem, and edit the settings. The SIM PIN/APN tab has more available settings than are provided here.

Modem Authentication

Some modems require a username and password to be entered to authenticate with a carrier. Do not fill in these fields unless you are sure your modem needs authentication.

image

  • Authentication Protocol – Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Select from:
    • Auto
    • Pap
    • Chap
  • Username
  • Password

Configuring Failure Check

It is possible for a WAN interface to go down without the router recognizing the failure. (For example: the carrier for a cellular modem goes dormant, or your Ethernet connection is properly attached to a modem but the modem becomes disconnected from its Internet source.) Enable Failure Check to ensure that you can get out to the Internet via your primary WAN connection. This option is disabled by default because it may use data unnecessarily. Use this in combination with failover. For cellular modems, use this in combination with Aggressive Reset (Internet → Connection Manager under Modem Settings in the interface/rule editor).

image

Idle Check Interval: Set the number of seconds the router will wait between checks to see if the WAN is still available. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: Select from the dropdown menu. (Default: Off.)

  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected, and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping,” you will need to input an IP address that will respond to a ping request. This IP address must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

Click NEXT.

Summary

Review the details and record your wireless network name, administrative password, and WPA password (or WEP key). Move your mouse over your WiFi password to reveal it.

image

Please record these settings for future access. You may need this information to configure other wireless devices.

NOTE: If you are currently using the device’s WiFi network, reconnect to the network using the new wireless network name and security password.

Click APPLY to save the settings and update them to your router.

IP Passthrough Setup


You can quickly enable IP passthrough with the IP Passthrough Setup Wizard available under Getting Started → IP Passthrough Setup. IP passthrough takes a 3G/4G WAN data source (USB, ExpressCard, or CradlePoint business-grade modem) and passes the IP address through to Ethernet LAN.

Using this function requires many changes to your router configuration. The IP Passthrough Setup Wizard will automatically make these changes for you: simply read through the wizard and select Enable IP Passthrough on the second page. For further configuration options, see Network Settings → WiFi / Local Networks.

Review the list of changes to ensure they are compatible with your router needs:

  • All Ethernet ports will be set to LAN (i.e. you cannot use Ethernet as an Internet source for your router).
  • All WAN devices will have Load Balance disabled, and the highest priority device will be used.
  • All network groups except the primary network group will be removed.
  • All wireless interfaces will be removed from the primary network group. (It is possible to have a wireless interface associated with another network.)
  • All router-based VPN and GRE services will be disabled.
  • The Routing Mode will be set to IP Passthrough. (Network Settings → WiFi / Local Networks in the “Local Network Editor” under “IP Settings”)
  • The Subnet Selection Mode will be set to “Automatically Create Subnet” (Network Settings → WiFi / Local Networks in the “Local Network Editor” under “IP Settings” – this shows once IP Passthrough is set as the Routing Mode). You have the option to override this and select Force 24 Subnet, which forces a subnet of 255.255.255.0 and uses the first available address in the network as the gateway. This is for compatibility with equipment that may not handle modem addressing schemes; this should not be used unless necessary.

Any Ethernet WAN connections should be disconnected before IP passthrough is enabled.

Permalink

0 Comments - Leave a Comment

Client Data Usage


Client Data Usage displays upload and download traffic for each LAN client. Click Enable Client Data Usage Monitoring Service to begin tracking this information. This data is not retained between router reboots.

image

For each client this shows: Name, IP address, MAC address, amount of data uploaded (MB), amount of data downloaded (MB), and when traffic was last sent or received for that client (“Last Traffic”).

The names that are shown are received during a DHCP exchange. If a client disconnects and reconnects with a new IP address there will be an additional entry in this list.

Pressing Reset Statistics will restart all counters at 0.

Permalink

0 Comments - Leave a Comment

 The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

IPv6 is disabled by default. To learn about configuration options for IPv6, see this article.

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from AutoPAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


Data Usage


Data Usage Management & Alerts allows you to create and manage rules that help control the data usage of a modem. If you have a limited data plan or a price increase on your plan after a certain amount of usage, a Data Usage Rule can help you track these amounts. You can set a rule to shut down use of a modem and/or send a message when you reach a data usage amount you set.

When you select Enable Data Usage, you will see the Data Usage Agreement shown below. The purpose of this agreement is to ensure that you understand that the data numbers for your router might not perfectly match those of your carrier: CradlePoint cannot be held responsible. You must accept the agreement by clicking “Yes” in order to begin creating data usage rules.

image

Warning: You should set your data limits lower than your carrier data allowance and regularly compare the numbers provided by the router with the numbers from your carrier.

Data Usage Rules

The Date Usage Rule display shows basic information for each rule you have created (including rules created with a template). The following information is displayed:

  • Rule Name
  • Enabled: True/False
  • Date for Rule Reset
  • Cycle Type: Daily, Weekly, or Monthly
  • Cap: Amount in MB.
  • Current Usage: Shown as an amount in MB, as a percentage of the cap, and in a bar graph.

image

Click Add to configure a new Data Usage Rule.

Data Usage Rule – page 1

image

Rule Name: Give your rule a name for later recognition.

WAN Selection: Select from the dropdown list of currently attached WAN devices.

Assigned Usage in MB: Enter a cap amount in megabytes. 1024 megabytes equals 1 gigabyte.

Rule Enabled: (Default: Enabled.) Click to disable.

Use with Load Balancing: When checked, the Load Balancing feature is allowed to use the thresholds and metrics of this rule when making balance decisions. This causes Load Balancing to spread the data usage between interfaces according to the assigned usage rather than bandwidth. This is a best effort to keep all interfaces with these rules at a similar percentage utilization of data (e.g. 10%, 50%, 90%) as the cycle progresses, rather than quickly using 100% of a fast 1 GB capped interface while using only a fraction of a slow 10 GB capped interface, thus leaving the rest of the cycle with only the slow interface. To use this setting, you must also go to the Internet → WAN Affinity / Load Balancingpage. For the Load Balance Algorithm field select “Data Usage”.

Data Usage Rule – page 2

image

Cycle Type: How often the rule will reset. The data usage amount will be reset at the end of each cycle. Select the length of a cycle from a dropdown menu with the following choices:

  • Daily
  • Weekly
  • Monthly

Cycle Start Date: Select the date you wish the rule to begin. This date will be used to track when the rule will reset.

image

Shutdown WAN on Cap: If selected, the WAN device will shut down when the assigned usage is reached. A cycle reset or a rule deletion will re-enable the device.

Send Alert on Cap: An email alert will be generated and sent when the assigned usage is reached.

WARNING: The SMTP mail server must be configured in System Settings → Device Alerts.

Custom Alert: When checked you enable a second email to be configured for a percentage of the assigned usage.

Percent of Usage (1-1000): If selected, a custom alert will be sent when your data usage reaches this percentage of your usage cap. For example, you could set this at 90 percent so that you know when your usage is nearing 100 percent of the cap.

Template Configuration

image

Templates allow you to control multiple WAN devices with the same rule. Each WAN device that matches a template will automatically have its own rule created.

For example, you can set a template rule for all mobile data modems that causes your router to send an alert after 1000 MB of usage in a month. When you attach a new 4G USB modem, your template will immediately create a new Data Usage Rule for the attached modem that sends the alert as specified.

Click Add to configure a new Template rule.

Create a Template Name that you can recognize. The template will apply to one of the following WAN types:

  • All WAN
  • All Ethernet
  • All Modems

Select one of these types.

The rest of the rule settings options match those in the Data Usage Rules. See the section above for additional information about how to configure your template usage rules.

Historical Data

image

The Historical Data graph displays if you have a Data Usage Rule enabled for an active WAN device. This graph shows the MB/sec trend for the last day. In this section you also have the ability to change the data usage records for a connected WAN device: Add Usage or Erase History. You may want to add data usage to a device’s record if, for example, you’ve used the SIM or data plan with other devices – that data usage wouldn’t otherwise be recorded by the router.

Click on Add Usage and then select the date and input additional data amount in MB.

image

Permalink

0 Comments - Leave a Comment

Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. Most CradlePoint routers are enabled for both GRE and VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.

image

In order to set up a tunnel you must configure the following:

  • Local Network and Remote Network addresses for the “Glue Network,” the network that is created by the administrator that serves as the “glue” between the networks of the tunnel. Each address must be a different IP address from the same private network, and these addresses together form the endpoints of the tunnel.
  • Remote Gateway, the public facing WAN IP address that the local gateway is going to connect to.
  • Routes that allow you to configure what network traffic from local host(s) will be allowed through the tunnel.
  • Optionally, you might also want to enable the tunnel Keep Alive feature to monitor the status of a tunnel and more accurately determine if the tunnel is alive or not.

Optionally, you might also want to enable the tunnel Keep Alive feature to monitor the status of a tunnel and more accurately determine if the tunnel is alive or not.

Click Add to configure a new GRE tunnel; click Edit to make changes to an existing tunnel.

Add/Edit Tunnel – General

image

Tunnel Name: Give the tunnel a name that uniquely identifies it.

Tunnel Key: Enables an ID key for a GRE tunnel, which can be used as an identifier for mGRE (Multipoint GRE).

Local Network: This is the local side of the “Glue Network,” a network created by the administrator to form the tunnel. The user creates the IP address inputted here. It must be different from the IP addresses of the networks it is gluing together. Choose any private IP address from the following three ranges that doesn’t match either network:

  • 10.0.0.0 – 10.255.255.255
  • 172.16.0.0 – 172.31.255.255
  • 192.168.0.0 – 192.168.255.255

Remote Network: This is the remote side of the “Glue Network.” Again, the user must create an IP address that is distinct from the IP addresses of the networks that are being glued together. The Remote Network and Local Network values will be flipped when inputted for the other side of the tunnel configuration.

Subnet Mask: This is the subnet mask for the Glue Network. The Local and Remote Network addresses must fit with this mask. 255.255.255.0 is a logical choice for most users.

Remote Gateway: This is the public facing, WAN-side IP address of the network that the local gateway is going to connect to.

TTL: Set the Time to Live (TTL), or hop limit, for the GRE tunnel.

MTU: Set the maximum transmission unit (MTU) for the GRE tunnel.

WAN Binding: WAN Binding is an optional parameter used to configure the GRE tunnel to ONLY operate when the specified WAN device(s) are available and connected. An example use case is when there is a router with both a primary and failover WAN device and the tunnel should only be used when the system has failed over to the backup connection.

Make a selection for “When,” “Condition,” and “Value” to create a WAN Binding. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer (e.g., “CradlePoint Inc.”).
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select a 3G or LTE modem by the serial number.
    • MAC Address – Select a WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Invert WAN Binding: Advanced option that inverts the meaning of WAN Binding to only establish this tunnel when the specified WAN Binding device(s) are NOT connected.

Tunnel Enabled: Select to activate the tunnel.

Add/Edit Tunnel – Routes

Adding routes allows you to configure what types of network traffic from the local host or hosts will be allowed through the tunnel.

image

Click Add Route to configure a new route. You will need to input the following information, defined by the remote network:

  • Network Address – This is the network address that is the destination of the route. This should be set to the network address at the remote side of the tunnel.
  • Netmask – This is the corresponding subnet mask of the network being defined (Default: 255.255.255.0).

You can set the tunnel to connect to a range of IP addresses or to a single IP address. For example, you could input 192.168.0.0 and255.255.255.0 to connect your tunnel to all the addresses of the remote network in the 192.168.0.x range. Alternatively, you could select a single address by inputting that address along with a Netmask of 255.255.255.255.

Add/Edit Tunnel – Keep Alive

GRE keep-alive packets can be enabled to be sent through the tunnel in order to monitor the status of the tunnel and more accurately determine if the tunnel is alive or not.

GRE keep-alive packets may be sent from both sides of a tunnel, or from just one side.

image

Enabled: Select to enable GRE Keep Alive to continually send keep-alive packets to the remote peer.

Rate: Choose the length of time in seconds for each check (Default: 10 seconds. Range: 2 – 3600 seconds).

Retry: Select the number of attempts before the GRE tunnel is considered down or up (Default: 3. Range: 1 – 255).

Failover Tunnel and Failback Tunnel: Use these settings to create two tunnels – one as the primary tunnel and one as the backup tunnel. To configure tunnel failover/failback, complete the following steps:

  1. Create two tunnels: one for primary and one for backup. Make sure both tunnels have Keep Alive enabled.
  2. Choose one to be the primary tunnel. Open the editor for this tunnel and make sure Tunnel Enabled is selected. Then go to the Keep Alive page. Under Failover, Tunnel select the other tunnel you have created.
  3. Open the editor for the failover tunnel. Make sure Tunnel Enabled is not selected. On the Keep Alive page, set the Failback Tunnel to your primary tunnel.

Permalink

0 Comments - Leave a Comment

IPv6 Settings

This is the product manual section for IPv6 Settings for the WAN. To edit these settings, go to Internet → Connection Manager. Select a WAN Interface and click on Edit to open up the WAN Configuration editor. IPv6 Settings is one of the tabs:

IPv6 configuration window


The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to46in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to46in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Permalink

0 Comments - Leave a Comment

NOTE: L2TP Tunnels require a feature license. Go to System Settings → Feature Licenses to enable this feature.

Layer 2 Tunneling Protocol (L2TP) tunnels can be used to create a connection between two private networks.

L2TP tunnels

Once you have a valid feature license, click Add to create a new L2TP tunnel. Click Edit to make changes to an existing tunnel.

Add/Edit Tunnel – General

image

  • Tunnel Name – Enter a name to uniquely identify this tunnel.
  • LNS address – Enter the IP Address of the LNS (tunnel server) peer.
  • MTU – Set the maximum transmission unit (MTU) for the L2TP tunnel.
  • MRU – Set the maximum receive unit (MRU) to request from the tunnel peer. The MRU is very similar to the MTU: MTU is for packets sent and MRU is for packets received.
  • Tunnel Enabled – Click to enable/disable this tunnel. Default: Enabled.
Authentication

More authentication options and overrides are available in the next section.

  • Username – Username for user-specific authorization. Leave blank to disable.
  • Password – Shared secret (or password) used to authenticate the associated Local and Remote names.
Redial
  • Enabled – When this is selected, the tunnel will attempt to reconnect if disconnected.

Add/Edit Tunnel – Authentication

image

  • Remote Name – Authorization name specified by and to the remote system as its identity, sometimes a username or hostname. Leave blank to match any.
  • Local Name – Authorization name specified by and to the remote system as the local system identity; sometimes a username or hostname. Leave blank to match any.
  • Secret – Shared secret (or password) used to authenticate the associated Local and Remote names.
Overrides

Override Authentication methods/parameters. With methods set to Allow the two ends of the tunnel can negotiate a common scheme. Sometimes this negotiation fails, or the implementation on one end is incompatible with the other. To solve those authentication issues, enable the overrides as needed.

  • Authentication – Username for user-specific authorization. Leave blank to disable.
  • CHAP – Choose from Allowed, Refused, or Required.
  • PAP – Choose from Allowed, Refused, or Required.
  • Name – Override names used to authenticate the router. Leave empty to use the default.

Add/Edit Tunnel – Routes

Typically specific routes are unnecessary, but they can be added in this section if needed. You can add or remove routes to be used to funnel packets through the tunnel.

image

  • Network Address – This is the network address that is the destination of the route. This should be set to the network address at the remote side of the tunnel.
  • Netmask – This is the corresponding subnet mask of the network being defined.

Permalink

0 Comments - Leave a Comment

NOTE: NEMO requires a feature license. Go to System Settings → Feature Licenses to enable this feature.

Network Mobility (NEMO) is an Internet standards track protocol defined in RFC 5177. The protocol allows session continuity for every node in a mobile network as the network moves.

NEMO requires a service provider, e.g. Verizon Wireless Private Network with DMNR (Dynamic Mobile Network Routing). Your NEMO service provider will define many of the settings for your NEMO configuration.

Once you have a NEMO service provider and a valid feature license, add networks to the Networks Routed by NEMO section by first clicking Add. In the popup window, input:

  • Network Address
  • Netmask

The Network Address and Netmask, or subnet mask, together define a range of IP addresses that comprise the local network you want associated with the NEMO settings.

image

Network Mobility (NEMO) Settings

Home IP Address and Home Netmask – These may be provided by your NEMO service provider. The IP address is a placeholder, “dummy” address; any IP address can be used (1.2.3.4 is common).

Home Agent IP AddressHome Agent Password, and Home Agent SPI – Your home agent will be defined by your NEMO service provider.

Renew Registration – The NEMO network regularly re-registers with the home agent (e.g., every 30 seconds). Specify the number of seconds between each check-in.

MTU – Override the maximum transmission unit (MTU) of the NEMO tunnel. The TCP MSS (maximum segment size) is automatically derived from the MTU. Leave blank to rely on Path MTU Discovery.

Permalink

0 Comments - Leave a Comment

NOTE: NHRP Configuration requires a feature license. Go to System Settings → Feature Licenses to enable this feature.

Next Hop Resolution Protocol is a protocol used to discover addresses of clients on Non-Broadcast Multiple Access (NBMA) networks. It is used to create next-generation VPN technologies that allow shortcutting between spokes. With NHRP, systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network, allowing these systems to directly communicate without requiring an intermediate hop.

image

The NHRP Supported Interfaces table displays the following fields for each configured NHRP interface.

  • Name: Name of the GRE tunnel that NHRP will use.
  • Protocol Address/Prefix: GRE tunnel endpoint mapping that NHRP associates with the NBMA server.
  • NBMA Address: NBMA server address the protocol address/prefix is associated with.
  • Flags:
    • SD: Shortcut-Destination
    • N: Non-Caching
    • S: Shortcut
    • R: Redirect   Click Add to create a new NHRP interface.

image

  • Enabled: Enable or disable the interface.
  • Name: Give the interface a unique name that matches the mGRE (multipoint GRE) tunnel. Select from configured GRE tunnels or input manually.
  • Peer Authentication: Embeds the secret plaintext password to outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless this password is present. Max length: 8 characters.
  • Holding Time: Specifies the holding time for NHRP registration requests and resolution replies.
  • Shortcut-Destination: Reply with authoritative answers on NHRP resolution requests destined to addresses in this interface (instead of forwarding the packets).
  • Non-Caching: Disables caching of peer information from forwarded NHRP resolution reply packets.
  • Shortcut: Enable creation of shortcut routes.
  • Redirect: Enable sending of proprietary enterprise-style NHRP traffic indication packets.

You also have the option to create static mappings for this interface. Click Add in the table to open the static mapping editor.

image

  • Protocol Address: Mapped endpoint to from protocol address to NBMA address.
  • Protocol Prefix: Optional prefix for protocol address.
  • NBMA Address: Destination mapped address from protocol address/prefix.
  • Register: This optional parameter specifies that a Registration Request should be sent to this peer on startup (displays flag R in the static mapping table if selected).
  • Proprietary OS: This should be enabled if the statically mapped peer is running proprietary OS (displays flag C in the static mapping table if selected).

Permalink

0 Comments - Leave a Comment

NOTE: OpenVPN requires a feature license. Go to System Settings → Feature Licenses to enable this feature.

OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

image

Once you have a valid feature license, click Add to create a new OpenVPN tunnel. Click Edit to make changes to an existing tunnel.

Add/Edit Tunnel – General

image

  • Tunnel Enabled – Click to enable/disable this tunnel.
  • Tunnel Name – Enter a name to uniquely identify this tunnel.
  • Tunnel Mode – Select which mode this tunnel endpoint is required to be. Choose from the following:
    • Client
    • Server
  • Local Tunnel Address – Enter the IP Address of the LNS (tunnel server) peer.
  • Remote Tunnel Address – Enter the IP Address of the LNS (tunnel server) peer.
  • Support IPv6 Tunnels – Allow IPv6 traffic to be forwarded over this tunnel. If you select this option, also input an IPv6 Tunnel Addressand Tunnel Prefix Length for IPv6.
  • Tunnel Protocol – Choose UDP or TCP.
  • Configuration Mode – Simple configuration requires the least amount of configuration for the tunnel, while advanced allows for a more detailed setup.
  • Ping – (Displays if the Configuration Mode is Advanced) If no packets have been sent in the amount of time entered, a ping is sent to the remote endpoint.
  • Ping Restart – (Displays if the Configuration Mode is Advanced) If no pings have been received in the amount of time entered, OpenVPN restarts the tunnel.

Add/Edit Tunnel – Remote Hosts

Create a list of remote server connections to connect to. OpenVPN will try to connect to each host in the list. If a disconnect occurs from a given server, the next server will be tried in a round-robin fashion.

image

  • Host – IP address of the remote server.
  • Port – Specify the port if desired.
  • Protocol – Select UDP or TCP.

Add/Edit Tunnel – Certificate Settings

Generate or upload certificates for OpenVPN.

image

If the Configuration Mode is set to Simple, you have the option to set the TLS-Auth Key.

If the Configuration Mode is set to Advanced, set any of the following:

  • Root Certificate
  • Client Certificate
  • Client Key
  • TLS-Auth Key
  • DH Parameters

Permalink

0 Comments - Leave a Comment

Load Balance

image

Select the Load Balance Algorithm from the following dropdown options:

  • Round-Robin: Evenly distribute each session to the available WAN connections.
  • Rate: Distribute load based on the current upload and download rates. A WAN device’s upload and download bandwidth values can be set in Internet → Connection Manager.
  • Spillover: This was the default algorithm in older (version 3) firmware. Load is always given to devices with the most available bandwidth. The estimated bandwidth rate is based on a combination of the upload and download configuration values and the observed capabilities of the device.
  • Data Usage: This mode works in concert with the Data Usage feature (Internet → Data Usage). The router will make a best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the data usage rule for each interface, rather than distributing sessions based solely on bandwidth. For proper functioning you need to create data usage rules for each WAN device you will be load balancing. Make certain to select the “Use with Load Balancing” checkbox in the data usage rule editor.

WAN Affinity

WAN Affinity rules allow you to manage traffic in your network so that particular bandwidth uses are associated with particular WAN sources. This allows you to prioritize bandwidth.

EXAMPLE: You could specify that your guest LAN is only associated with your Ethernet connection with no failover. Then if your Ethernet connection goes down and the embedded modem connects for failover for your primary LAN, your guest LAN will not take bandwidth from your primary LAN, saving you money.

Click Add to open the WAN Affinity Policy Editor and create a new WAN Affinity rule.

image

Name: Give a name for your rule that is meaningful to you.

DSCP (DiffServ): Differentiated Services Code Point is the successor to TOS (Type of Service). Use this field to select traffic based on the DSCP header in each IP packet. This field is sometimes set by latency sensitive equipment such as VoIP phones. If you know specific DSCP values, you can input one here.

DSCP Negate: When checked this rule will match on any packet that does NOT match the DSCP field.

Protocol: Select from the dropdown list to specify the protocol for a particular data use. Otherwise, leave “Any” selected.

  • Any
  • ICMP
  • TCP
  • UDP
  • GRE
  • ESP
  • SCTP

Source IP AddressSource NetmaskDestination IP Address, and Destination Netmask: Specify an IP address or range of IP addresses by combining an IP address with a netmask for either “source” or “destination” (or both). Source vs. destination is defined by traffic flow. Leave these blank to include all IP addresses (such as if your rule is defined by a particular port instead).

EXAMPLE: If you want to associate this rule with your guest LAN, you could input the IP address and netmask for the guest LAN here (leaving the last slot “0” to allow for any user attached to the guest network):

  • Source IP Address: 192.168.10.0
  • Source Netmask: 255.255.255.0

Failover: (Default: Selected.) When this is selected and traffic from the chosen WAN device for this rule is interrupted, the router will fail over to another available WAN device. Deselect this option to restrict this traffic to only the selected WAN interface.

WAN Binding Type: You have several options for specifying the type of WAN interface(s) you want associated with your rule. Make a selection for “When,” “Condition,” and “Value” to assign a WAN Binding Type. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer (e.g., “CradlePoint Inc.”).
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select a 3G or LTE modem by the serial number.
    • MAC Address – Select from a dropdown list of attached devices.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Load Balance Algorithm: Select the Load Balance Algorithm for this WAN Affinity rule from the following dropdown options:

  • Round-Robin: Evenly distribute each session to the available WAN connections.
  • Rate: Distribute load based on the current upload and download rates. A WAN device’s upload and download bandwidth values can be set in Internet → Connection Manager.
  • Spillover: This was the default algorithm in older (version 3) firmware. Load is always given to devices with the most available bandwidth. The estimated bandwidth rate is based on a combination of the upload and download configuration values and the observed capabilities of the device.
  • Data Usage: This mode works in concert with the Data Usage feature (Internet → Data Usage). The router will make a best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the data usage rule for each interface, rather than distributing sessions based solely on bandwidth. For proper functioning you need to create data usage rules for each WAN device you will be load balancing. Make certain to select the “Use with Load Balancing” checkbox in the data usage rule editor.

Permalink

0 Comments - Leave a Comment

WiFi as WAN uses an outside WiFi network as its Internet source. When WiFi as WAN is enabled, the router will find other WiFi networks that you can select and connect to. Unless a selected WiFi source is on an unprotected network, you will need to know its password or key.

To enable WiFi as WAN, first select the desired WiFi radio:

  • WiFi Radio #1 (2.4 GHz)
  • WiFi Radio #2 (5 GHz)

image

All CradlePoint routers and some other routers use the same default IP address for the primary network: 192.168.0.1. If you attempt to set up WiFi as WAN and there is an “IP conflict,” you need to change the IP address. The router is attempting to use the same IP address for both WAN and LAN, which is impossible. Go to Network Settings → WiFi / Local Networks. Select the network and click Edit. You can change the IP address under IPv4 Settings. For example, you might change 192.168.0.1 to 192.168.1.1.

Saved Profiles

This is a list of WiFi networks that have already been configured as WAN sources. The router will attempt to connect to any of these access points using the password you have configured. If more than one access point is in range, then the router will connect with the highest priority network.

Network: The name (SSID, or Service Set Identifier) that is broadcast by the access point.

BSSID: The numeric ID of the network (Basic Service Set Identifier). This parameter is required when trying to connect to a hidden network using WiFi as WAN. It is optional when connecting to a visible network. If it is set in a profile, both the SSID and BSSID must match to connect to an access point. If the BSSID is not set in a profile, then the router will connect to any access point that matches the given SSID.

Auth Mode: The type of encryption that is used by the network.

  • None
  • WEP Auto
  • WEP Open
  • WEP Shared
  • WPA1 Personal
  • WPA2 Personal
  • WPA1 & WPA2 Personal

You have two options for adding network profiles:

  • Automatic – Select a WiFi network in Site Survey and click Import.
  • Manual – Click on Add under Saved Profiles and input the required information.

Site Survey

This is a list of WiFi networks that the router can currently find, along with information about the network such as its mode and channel. Click “Refresh” if a WiFi network you want to connect to is invisible. You can sort the list based on any of the fields by clicking on the field name.

If you import a network from Site Survey, most of the information about the network will already be completed. You need to input the password (if there is one) and then click submit to save the WiFi as WAN profile.

Wireless Scan Settings

image

Scan Interval: How often WiFi as WAN scans the environment for updates. (Default: 60 seconds. Range: 5–3600 seconds.)

Scan While Connected: Continue to scan for WiFi as WAN profile updates when connected. Each time a scan occurs the wireless communication of the router will be temporarily interrupted. Normally this should be disabled.

Permalink

0 Comments - Leave a Comment

You have two main options for filtering content for local networks.

  1. WebFilter Rules: Create a list of websites that will be either disallowed or allowed. Customize the filter settings for each network and/or each MAC address. (These rules will not block HTTPS websites.)
  2. Cloud Based Filtering/Security: Allows several options for filtering and security using third-party services:
    • Umbrella by OpenDNS
    • Zscaler

Network WebFilter Rules

image

Network WebFilter Rules allow you to control access from your network to external domains or websites. Rules are assigned to a specific LAN network (or all networks). The highest priority rule will have precedence when there is a conflict. Addresses can be added by URL/Domain name or by IP address.

Exceptions to existing rules can be created by adding another rule with higher priority. For example, if access to espn.go.com is desired but go.com is blocked with a priority of 50, the addition of an “Allow” rule for espn.go.com with a priority of 51 or greater will allow access.

When creating rules keep in mind that some sites use multiple domains, so each domain may need a rule added to produce the desired behavior.

NOTE: Websites that use HTTPS will not be blocked by these rules. You will need to use OpenDNS to block HTTPS websites.

Click Add or Edit to open the Filter Rule Editor.

image

  • Assigned Network: Select either “All Networks” or one of your LAN networks from the dropdown list.
  • Domain/URL/IP: Enter the Domain Name or URL (address) of the website you wish to control access for, e.g. www.google.com. To make sure the full domain is blocked, enter the most inclusive domain (e.g. google.com will effectively block www.google.com as well as maps.google.com and images.google.com). Alternatively you can use an IP address, e.g. 8.8.8.8, or address range written in CIDR notation, e.g. 8.8.8.0/24.
  • Filter Action: Select Block or Allow.
  • Rule Priority: Higher number rules overrule lower number rules.
  • Enabled: A rule can be enabled or disabled by selecting or deselecting the checkbox.

Click Submit to save your rule changes.

Default Network Filter Settings

image

Use Default Network Filter Settings together with Network WebFilter Rules to control website access. All of your networks are set to allow website access by default. Select a network and click Edit to change the default filter settings.

image

Default Action: Select from the following dropdown options:

  • Allow Access (default)
  • Block Access

When a network is set to Allow Access, it will allow access to sites not specifically blocked in the WebFilter Rules.
When a network is set to Block Access, it will block access to sites not specifically allowed in the WebFilter Rules.

Filter URLs by IP Address: (Default: No) Changing this option to “Yes” will cause the router to perform a DNS lookup on URL entries, and the IP addresses will be appended to the appropriate block/allow list. This can have the side effect of being very strict; sites that are hosted across many domains may need every domain added to the list for full functionality.

MAC Address WebFilter Rules

MAC Address WebFilter Rules allow you to control access from a specific MAC address to external domains or websites.

image

The settings for the MAC Address WebFilter Rules section match those for the Network WebFilter Rules, except that you must assign a MAC address instead of a network to each rule.

image

See the Network WebFilter Rules section (above) for more configuration details.

MAC Address WebFilter Defaults

image

Use MAC Address WebFilter Defaults together with MAC Address WebFilter Rules to control website access for specific MAC addresses. By default, each MAC address is allowed website access. Click Add/Edit to change this setting for a MAC address.

image

Input the MAC address and default action you would like to apply to that MAC address.

Default Action: Select from the following dropdown options:

  • Allow Access (default)
  • Block Access

When a network is set to Allow Access, it will allow access to sites not specifically blocked in the WebFilter Rules.
When a network is set to Block Access, it will block access to sites not specifically allowed in the WebFilter Rules.

Cloud Based Filtering/Security

Select a third-party Cloud Provider from the dropdown list.

  • Umbrella by OpenDNS
  • Zscaler

Umbrella by OpenDNS

Umbrella by OpenDNS is a cloud-based web filtering and security solution that protects you online by filtering websites. Go tohttp://www.opendns.com/business-security/ for information about Umbrella.

Enter your Umbrella account information in order to use these content filtering settings.

image

Force All DNS Requests To Router: Enabling this will redirect all DNS requests from LAN clients to the router’s DNS server. This will allow the router even more control over IP Addresses even when the client might have their own DNS servers statically set.

OpenDNS ISP Filter Bypass Algorithm: It is possible that your Internet Service Provider (ISP) uses the port that OpenDNS is configured to access, port 53, which will prevent OpenDNS filtering. If OpenDNS does not appear to be working correctly, enabling this will attempt to bypass those ports when using an OpenDNS content filtering level.

Zscaler

Zscaler is a cloud based web filtering and security provider that offers several plan options. Depending on your Zscaler implementation, this could include:

  • Global Cloud Platform
  • Real-Time Reporting
  • Behavioral Analysis
  • URL Filtering
  • Advanced Threat Protection
  • Inline Anti-Virus & Anti-Spyware
  • Web 2.0 Control
  • Data Loss Prevention
  • Bandwidth Management
  • Web Access Control
  • And more…

NOTE: Zscaler requires a feature license. Go to System Settings → Feature Licenses to enable this feature.

image

Enter your Zscaler account information to enable these settings. Input local network information (Network Address and Netmask) to assign your Zscaler implementation to one or more local network(s).

Permalink

0 Comments - Leave a Comment

DHCP stands for Dynamic Host Configuration Protocol. The built-in DHCP server automatically assigns IP addresses to the computers and other devices on each local area network (LAN). In this section you can view a list of assigned IP addresses and reserve IP addresses for particular devices.

image

Active Leases: A list of devices that have been provided DHCP leases. The DHCP server automatically assigns these leases. This list will not include any devices that have static IP addresses on the network. Select a device and click Reserve to add the device and its IP address to the list of Reservations.

image

Reservations: This is a list of devices with reserved IP addresses. This reservation is almost the same as when a device has a static IP address except that the device must still request an IP address from the router. The router will provide the device the same IP address every time. DHCP reservations are helpful for server computers on the local network that are hosting applications such as Web and FTP. Servers on your network should either use a static IP address or a reservation.

While you have the option to manually input the information to reserve an IP address (Hostname, Hardware Addr, IP Addr), it is much simpler to select a device under the Active Leases section and click “Reserve.” The selected device’s information will automatically be added underReservations.

Permalink

0 Comments - Leave a Comment

DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint.com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers. The DNS page for the device has these distinct functions:

  • DNS Settings: By default your router is set to automatically acquire DNS servers through your Internet provider (Automatic). DNS Settings allows you to specify DNS servers of your choosing instead (Static).
  • Dynamic DNS Configuration: Allows you to host a server (Web, FTP, etc.) using a domain name that you have purchased (www.example.com) with your dynamically assigned IP address.
  • Known Hosts Configuration: Allows you to map a name (printer, scanner, laptop, etc.) to an IP address of a device on the network.

DNS Settings

You have the option to choose specific DNS servers for your network instead of using the DNS servers assigned by your Internet provider. The default DNS servers are usually adequate. You may want to assign DNS servers if the default DNS servers are performing poorly, if you want WiFi clients to access DNS servers that you use for customized addressing, or if you have a local DNS server on your network.

image

Automatic Config: Automatic or Static (default: Automatic). Switching to “Static” enables you to set specific DNS servers in the Primary DNS andSecondary DNS fields.

Primary DNS and Secondary DNS: If you choose to specify your DNS servers, then enter the IP addresses of the servers you want as your primary and secondary DNS servers in these fields. The DNS server settings will be pre-populated with public DNS server IP addresses. You can override the IP address with any other DNS server IP address of your choice. For example, Google Public DNS servers have the IP addresses 8.8.8.8 and 8.8.4.4 while 4.2.2.2 and 4.2.2.3 are servers from Level 3 Communications.

Force All DNS Requests To Router: Enabling this will redirect all requests from LAN clients to the router’s DNS server. This will allow the router even more control over IP addresses even when clients have their own DNS servers statically set.

Dynamic DNS Configuration

This feature allows you to host a server (Web, FTP, etc.) using a domain name that you have purchased (www.yourname.com) with your dynamically assigned IP address. Most broadband Internet Service Providers assign dynamic (changing) IP addresses. When you use a Dynamic DNS service provider, you can enter your host name to connect to your server, no matter what your IP address is.

image

  • Enable Dynamic DNS: Enable this option only if you have purchased your own domain name and registered with a Dynamic DNS service provider.
  • Server Type. Select a dynamic DNS service provider from the dropdown list:
    • DynDNS
    • DNS-O-Matic
    • ChangeIP
    • NO-IP
    • Custom Server (DynDNS clone)
  • Custom Server Address. Only available if you select Custom Server from the Server Address dropdown list. Enter your custom DynDNS clone server address here. For example: www.mydyndns.org.
  • Use HTTPS: Use the more secure HTTPS protocol. This is recommended, but could be disabled if not compatible with the server.
  • Host name: Enter your host name, fully qualified. For example: myhost.mydomain.net.
  • User name: Enter the user name or key provided by the dynamic DNS service provider. If the dynamic DNS provider supplies only a key, enter that key for both the User name and Password fields.
  • Password: Enter the password or key provided by the dynamic DNS service provider.

Advanced Dynamic DNS Settings

Update period (hours): (Default: 576) The time between periodic updates to the dynamic DNS, if your dynamic IP address has not changed. The timeout period is entered in hours so valid values are from 1 to 8760.

Override External IP: The external IP is usually configured automatically during connection. However, in situations where the unit is within a private network behind a firewall or router, the network’s external IP address will have to be manually configured in this field.

You may find out what your external IP address is by going to http://myip.dnsomatic.com/ in a web browser.

Known Hosts Configuration

The Known Hosts Configuration feature allows you to map a name (printer, scanner, laptop, etc.) to an IP address of a device on the network. This assigns a new hostname that can be used to conveniently identify a device within the network, such as an office printer.

image

Click Add to name a device in your network.

image

Fill in the following fields:

  • Hostname: Choose a name that is meaningful to you. No spaces are allowed in this field.
  • IP address: The address of the device within your network.

EXAMPLE: a personal laptop with IP address 192.168.0.164 could be assigned the name “MyLaptop”.

Since the assigned name is mapped to an IP address, the device’s IP address should not change. To ensure that the device keeps the same IP address, go to Network Settings → DHCP Server and reserve the IP address for the device by selecting the device in the Active Leases list and clicking “Reserve”.

Permalink

0 Comments - Leave a Comment

The router automatically provides a firewall. Unless you configure the router to the contrary, the router does not respond to unsolicited incoming requests on any port, thereby making your LAN invisible to cyber attackers.

However, some network applications cannot run with a tight firewall. Those applications need to selectively open ports in the firewall to function correctly. The options on this page control ways of opening the firewall to address the needs of specific types of applications.

image

Select from the following tabs to edit your firewall configuration:

Port Forwarding Rules

A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network. For example, a port forwarding rule might be used to run a Web server.

image

NOTE: Exercise caution when adding new rules as they impact the security of your network.

Click Add to create a new port forwarding rule, or select an existing rule and click Edit.

image

Add/Edit Port Forwarding Rule

  • Name: Name your rule.
  • Enabled: Toggle whether your rule is enabled. Selected by default.
  • Use Port Range: Changes the selection options to allow you to input a range of ports (if desired).
  • Internet Port(s): The port number(s) as you want it defined on the Internet. Typically these will be the same as the local port numbers, but they do not have to be. These numbers will be mapped to the local port numbers.
  • Local Computer: Select the IP address of an attached device from the dropdown menu, or manually input the IP address of a device.
  • Local Port(s): The port number(s) that corresponds to the service (Web server, FTP, etc) on a local computer or device. For example, you might input “80” in the Local Port(s) field to open a port for a Web server on a computer within your network. The Internet Port(s)field could then also be 80, or you could choose another port number that will be used across the Internet to access your Web server. If you choose a number other than 80 for the Internet Port, connections to that number will be mapped to 80 – and therefore the Web server – within your network.
  • Protocol: Select from the following options in the dropdown menu:
    • TCP
    • UDP
    • TCP & UDP
  • Click Submit to save your completed port forwarding rule.

Port Proxying Rules

A port proxy rule allows traffic from the local LAN to be redirected to a specific computer/IP address on the Internet.

image

Click Add to create a new port proxying rule, or select an existing rule and click Edit.

image

Add/Edit Port Proxying Rule

  • Name: Name your rule.
  • Enabled: Toggle whether your rule is enabled. Selected by default.
  • Use Port Range: Check this box to create a rule which proxies a contiguous range of ports instead of a single port. The remote port(s) will require the same number of contiguous ports.
  • Local Port(s): Specify the IP port(s) on the LAN to proxy to a remote computer.
  • Remote Computer: Specify the remote computer to receive proxied traffic.
  • Remote Port(s): Specify the IP port (first if a range) on the remote computer to receive proxy traffic.
  • Protocol: Select the IP protocol traffic to proxy from the following options in the dropdown menu:
    • TCP
    • UDP
    • TCP & UDP
  • Click Submit to save your completed port proxying rule.

Network Prefix Translation

Network Prefix Translation is used in IPv6 networks to translate one IPv6 prefix to another. IPv6 prefix translation is an experimental specification (RFC 6296) trying to achieve address independence similar to NAT in IPv4. Unlike NAT, however, NPT is stateless and preserves the IPv6 principle that each device has a routable public address. But it still breaks any protocol embedding IPv6 addresses (e.g. IPsec) and is generally not recommended for use by the IETF. NPT can help to keep internal network ranges consistent across various IPv6 providers, but it cannot be used effectively in all situations.

The primary purpose for CradlePoint’s NPT implementation is for failover/failback and load balancing setups. LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition when WAN connectivity changes than if not utilizing NPT.

image

Mode:

  • None – No translation is performed
  • Load Balance Only – (Default) Only translate networks when actively load balancing
  • First – Use the first IPv6 prefix found
  • Static – Always use a static IPv6 translation (input the prefix here)

Transitioning from short prefix to a longer prefix (such as from /48 to /64) is not without problems, as some of the LANs may lose IPv6 connectivity.

DMZ (DeMilitarized Zone)

A DMZ host is effectively not firewalled in the sense that any computer on the Internet may attempt to remotely access network services at the DMZ IP address. Typical uses involve running a public Web server or sharing files.

image

Input the IP Address of a single device in your network to create a DeMilitarized Zone for that device. To ensure that the IP address of the selected device remains consistent, go to the “Reservations” section under Network Settings → DHCP Server and reserve the IP address for the device.

Use caution when enabling the DMZ feature, as it can threaten the security of your network. Only use DMZ as a last resort.

Remote Admin. Access

Enable Remote Administration Access Control: Selecting this option allows you to make remote administration tools available to only the specified IP addresses. Access from all other IP addresses will be blocked. This option only filters IP addresses: you must enable Remote Management separately (System Settings → Administration).

The services affected by this include remote HTTP, HTTPS, SNMP, and SSH configuration tools. This does not impact LAN-based administration, i.e., devices within your network still have administration access. The individual remote administration services can be enabled under System Settings → Administration: select the Remote Management tab.

image

Add/Edit Allowed Remote Access Addresses

image

IP Address: The IP address that will be allowed to access administrative services through the WAN.

Netmask (Optional): The netmask allows you to specify what IP address sets will be allowed access. If this field is left empty a netmask of 255.255.255.255 is used, which means that only the single specified IP address has remote administration access.

Application Gateways

Enabling an application gateway makes pinholes through the firewall. This may be required for some applications to function, or for an application to improve functionality or add features.

Exercise caution in enabling application gateways as they impact the security of your network.

image

Enable any of the following types of application gateways:

  • PPTP: For virtual private network access using Point-to-Point Tunneling Protocol. This is enabled by default.
  • SIP: For VoIP (voice over IP) using Session Initiation Protocol.
  • TFTP: Enables file transfer using Trivial File Transfer Protocol.
  • FTP: To allow normal mode when using File Transfer Protocol. This is not needed for passive mode. This is enabled by default.
  • IRC: For Direct Client to Client (DCC) transfer when using Internet Relay Chat. You may wish to forward TCP port 113 for incoming identd (RFC 1413) requests.

Firewall Options

image

Anti-Spoof: Anti-Spoof checks help protect against malicious users faking the source address in packets they transmit in order to either hide themselves or to impersonate someone else. Once the user has spoofed their address they can launch a network attack without revealing the true source of the attack or attempt to gain access to network services that are restricted to certain addresses.

Log Web Access: Enable this option to create a syslog record of web (IP port 80) access. Each entry will contain the IP address of the server and the client. Note that this may create a lot of log entries, especially on a busy network. Sending the system log to a syslog server is recommended.

To view the logs, go to Status → System Logs. For configuration options, including syslog server setup, go to System Settings → Administration and select the System Logging tab.

Zone Firewall

zone is a group of network interfaces. By default, all interfaces within a zone are allowed to initialize network communication with each other, but any network traffic initialized outside of a zone to the interfaces within the zone is denied. Forwardings are used to allow traffic to traverse zones. Filter Policies are used to define how traffic passing through a zone forwarding is filtered. Zones can be added, edited, or removed (except for the All and Router zone).

Zones

Create, edit, and remove zones (i.e., groups of network interfaces). Once you have defined zones, add rules to the Filter Policies andForwardings sections to define what traffic is allowed between zones.

image

  • The All zone is a special zone used to support legacy firewall configurations. This zone cannot be removed and is reserved for forward-migration of IP Filter Rules from previous firmware versions. The All zone matches any traffic handled by the router. User defined zones are preferred.
  • The Router zone is a special zone used to filter traffic initialized from the router (e.g., Enterprise Cloud Manager connection) or destined to the router (e.g., SNMP) as part of a router services setup. (Set up This zone cannot be removed and can only be altered by router services.

Click Add to create a new zone.

image

Choose a Name meaningful to you and then click on the Add button to reveal options for attaching interfaces (WAN, LAN, or GRE) to this zone.

image

LAN and GRE Interfaces

Attach LAN and GRE interfaces to a zone by selecting the Config Name for those interfaces. For LANs, these names are defined in Network Settings → WiFi / Local Networks; for GRE tunnels, these names are defined in Internet → GRE Tunnels.

Sample zone interface assignments: LAN & GRE
LAN Config Name is Primary LAN
LAN Config Name isn’t Guest LAN
GRE Config Name is office_tunnel

The third field defaults to “is,” but you can also select “is not,” “starts with,” “contains,” or “ends with” to define the zone.

WAN Interfaces

Attaching WAN interfaces to a zone includes many more options. Select “WAN” in the first field, and then select from each of the following fields to create a statement that defines which WAN interfaces to attach to this zone.

Field 2: Choose one of the following:

  • Port – Select by the physical port on the router (e.g., “Modem 1”).
  • Manufacturer – Select by the modem manufacturer (e.g., “CradlePoint Inc.”).
  • Model – Select according to the specific model of modem.
  • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
  • Serial Number – Select a 3G or LTE modem by the serial number.
  • MAC Address – Select from a dropdown list of attached devices.
  • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.

Field 3: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition.

Field 4: If the desired values are available, select from the dropdown list. You may need to manually input the value.

Sample zone interface assignments: WAN
WAN Type is Ethernet
WAN Port isn’t Modem 1

Filter Policies

A Filter Policy is a one-way filter applied to initialized network traffic flowing from one zone to another. A Filter Policy needs to be assigned to a Forwarding for it to take effect. Filter Policies can either be Added, Edited, Removed, or Cloned. Cloning a Policy will copy the entire policy. The name of the cloned policy will include the name plus “Clone”.

image

  • Default Allow All is a preconfigured policy to allow all traffic initialized from one zone to flow to another zone. The state of the connection is tracked to allow responses to traverse the zones back to the source. LAN to WAN forwardings use this policy by default. The policy can be removed or altered to filter the traffic flow.
  • Default Deny All is a preconfigured policy to deny all traffic initialized from one zone to be blocked to another zone. WAN to LAN forwardings use this policy by default. The policy can be removed or altered to filter the traffic flow.

Click Add to create a new filter policy, or select an existing policy and click Edit to open the filter policy editor.

image

  • Name: Create a name meaningful to you.
  • Default Action: Choose either Allow or Deny. This is the action taken by the firewall if none of the filter policy rules match the traffic being filtered.

Click Add to create a new rule for this filter policy.

Rule Editor

image

  • Log: When checked each packet matching this filter rule will be logged in the System Logs.
  • Action: “Allow” or “Deny”.
  • Protocol: Any, ICMPv4, TCP, UDP, GRE, ESP, ICMPv6, or SCTP.
  • IP Version: Any, IPv4, or IPv6.

IP Source / IP Destination

  • IP Negation: Match on any IP address that is NOT in the specified IP network range.
  • Network IP: Optional field to specify a matching network IP address for this rule to match against.
  • Netmask: Use this to define a subnet size this rule will match against.
  • Port Negation: Match on any port that is NOT in the specified port range.
  • Port(s): Use for a single port or a range of ports. Fill in the left side for a single port.

Use Network IPNetmask, and Port(s) to specify the ports and addresses for which the rule applies. You can specify a range of ports or a single port. Similarly, the netmask can be used to define either a range of addresses (i.e. 255.255.255.0) or a single address (255.255.255.255).

If you leave these values blank, then all IP addresses and ports will be included. IP Source and IP Destination options can be used to differentiate between the directions that packets go. You could permit packets to come from particular IP addresses but then not allow packets to return to those addresses.

Forwardings

Forwardings define how Filter Policies affect traffic flowing between zones in one direction. Simply select the Source Zone, Destination Zone, and Filter Policy to define a Forwarding. Forwardings can either be Added, Edited, Removed, or Toggled. Toggling a Forwarding will either enable or disable the Forwarding.

image

Click Add to create a new Forwarding, or select an existing Forwarding and click Edit to open the Forwardings editor.

image

  • Enabled: Selected by default. Click to deselect.
  • Source Zone: Select from the dropdown list of your defined zones.
  • Destination Zone: Select from the dropdown list of your defined zones.
  • Filter Policy: Select from the dropdown list of your filter policies.

Zone Firewall Use Case Examples

Add forwading between zones
Add a rule to an existing forwarding policy
Add an isolated Local Network
Add a non-isolated Local Network
Using the Router zone
Creating WAN Zones by Type

Permalink

0 Comments - Leave a Comment

A MAC (Media Access Control) address is a unique identifier for a computer or other device. This page allows you to manage clients by MAC address. You can filter clients by MAC addresses and/or keep a log of devices connected to your router.

Filter Configuration

The MAC Filter allows you to create a list of devices that have either exclusive access (whitelist) or no access (blacklist) to your local network.

mac filter

Enabled: Click to allow MAC Filter options.

Whitelist: Select either “Whitelist” or “Blacklist” from a dropdown menu. In “Whitelist” mode, the router will restrict LAN access to all computers except those contained in the “MAC Filter List” panel. In “Blacklist” mode, listed devices are completely blocked from local network access.

MAC Filter List (Whitelist or Blacklist): Add devices to either your whitelist or blacklist simply by inputting each device’s MAC address.

NOTE: Use caution when using the MAC Filter to avoid accidentally blocking yourself from accessing the router.

MAC Logging Configuration

Enable MAC Logging: Enabling MAC Logging will cause the router to log MAC addresses that are connected to the router. MAC addresses that you do not want to have logged (addresses that you expect to be connected) should be added to the “Ignored MAC Addresses” list.

You can configure the router to send an alert if a connected device has a MAC address that the router doesn’t recognize. Go to System Settings → Device Alerts to set up these email alerts.

mac filter

Ignored MAC Addresses: This is the list of MAC addresses that will not produce an alert or a log entry when they are connected to the router. These should be MAC addresses that you expect to be connected to the router. To add MAC addresses to this list, simply select devices shown in the MAC Address Log and click “Ignore.” You can also add addresses manually.

MAC Address Log: This shows the last 64 MAC addresses that have connected to the router, as well as which interface was used to connect. The time/date that is logged is the time of the first connection. The page may need to be refreshed to show the most recent log entries.

Double-clicking on entries from this list will add them to the Ignored MAC Addresses list.

Permalink

0 Comments - Leave a Comment

Add a new static route to the IP routing table or edit/remove an existing route.

Static routes are used in networks with more than one layer, such as when there is a network within a network so that packet destinations are hidden behind an additional router. Adding a static route is a way of telling the router about an additional step that packets will need to take to reach their destination.

image

Click Add to create a new static route.

image

IP Version: Select IPv4 or IPv6. Depending on your selection, you have different options for defining the address range.

IP/Network Address or IPv6 Address: The IP address of the target network or host. The IPv6 address field includes CIDR notation to declare a range of addresses.

Netmask: The Netmask, along with the IPv4 address, defines the network the computer belongs to and which other IP addresses the computer can see in the same LAN. An IP address of 192.168.0.1 along with a Netmask of 255.255.255.0 defines a network with 256 available IP addresses from 192.168.0.0 to 192.168.0.255.

NOTE: 255.255.255.255 is used to signify only the host that was entered in the IP/Network Address field.

Gateway or IPv6 Gateway: Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: LAN or WAN.

Device: Select the network interface from the dropdown menu (e.g. ethernet-wan). You can use this instead of defining the IP address, especially in cases when the IP address is changing.

Metric: Set the numerical priority of the route. Lower numbers have higher priority.

Allow Network Access: (Default: Deselected.) Some static routes will need an IP Filter Rule via the Firewall to allow packets through the route without being blocked. Selecting this option automatically creates this IP Filter Rule. If the IP/Network Address falls outside the LAN IP range, you probably need to select this option.

Distribute: Allow this static route to be distributed via a routing protocol (Netw

Permalink

0 Comments - Leave a Comment

NOTE: Routing Protocols require a feature license. Go to System Settings → Feature Licenses to enable these features.

A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network. Routing algorithms choose the route. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network.

Choose from the following tabs to configure routing protocols:

  • BGP Routing
  • OSPF Routing
  • RIP Routing
  • RIPNG Routing
  • Route Maps and Filters

BGP Routing

The latest version of BGP (Border Gateway Protocol) is version 4. BGP-4 is one of the Exterior Gateway Protocols and de facto standard of Inter Domain routing protocol. BGP-4 is described in RFC1771, A Border Gateway Protocol 4 (BGP-4). BGP is a distance vector routing protocol, and the AS-Path framework provides distance vector metric and loop detection to BGP. RFC1930.

BGP Editor

image

  • Name: Unique name of the policy.
  • ASN: The AS (Autonomous System) number is one of the essential elements of BGP.
  • Router-ID: This sets the router-ID of the BGP process. The router-ID may be an IP address of the router, but need not be – it can be any arbitrary 32-bit number. However it MUST be unique within the entire BGP domain to the BGP speaker: bad things will happen if multiple BGP speakers are configured with the same router-ID.
  • Enabled: Click to enable/disable the policy. (Default: enabled.)

Networks Associated with ASN or IPv6 Networks Associated with ASN: To configure a BGP router, you need an AS number. An AS number is an identification of autonomous system. BGP protocol uses the AS number for detecting whether the BGP connection is internal one or external one. Use the IPv4 address and netmask or IPv6 address with a CIDR notation prefix length to define the address range.

image

Neighbor Options or IPv6 Neighbor Options: Creates a new neighbor identified by remote ASN and IP address.

image

Redistribute Routes: Redistribute routes of the specified protocol or kind into BGP, with the metric type and metric set if specified, filtering the routes using the given route map if specified. Redistributed routes may also be filtered with distribute lists.

  • Type: The type is the source of the route. Select from: Main, Connected, Static, RIP, and OSPF.
  • Metric: Numerical priority of the route.
  • Route Map: Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes.

OSPF Routing

OSPF (Open Shortest Path First) version 2 is a routing protocol described in RFC2328, OSPF Version 2. OSPF is an IGP (Interior Gateway Protocol). Compared with RIP, OSPF can provide more scalable network support and faster convergence times. OSPF is widely used in large networks such as ISP (Internet Service Provider) backbone and enterprise networks.

OSPF Areas

image

  • Area: Areas are identified by an ID.
  • Default Cost: Set the cost of default-summary LSAs announced to stubby areas.
  • Stub Area: Configure area to be stub area.
  • No-Summary: Prevents ABR from injecting inter-area summaries into the specified stub area

OSPF Editor

image

  • Router ID: This sets the router-ID of the OSPF process. The router-ID may be an IP address of the router, but need not be – it can be any arbitrary 32-bit number. However it MUST be unique within the entire OSPF domain to the OSPF speaker – bad things will happen if multiple OSPF speakers are configured with the same router-ID.
  • Authentication Key: Set OSPF authentication key to a simple password. After setting authentication key, all OSPF packets are authenticated. The authentication key has a maximum length of eight characters.
  • Enabled: Click to enable/disable the policy. (Default: enabled.)

image

Network Areas: Areas are identified by an ID number. Use the IP address and netmask fields to associate a network with this policy.

image

Redistribute Routes: Redistribute routes of the specified protocol or kind into BGP, with the metric type and metric set (if specified), filtering the routes using the given route map (if specified). Redistributed routes may also be filtered with distribute lists.

  • Type: The type is the source of the route. Select from: Main, Connected, Static, RIP, OSPF.
  • Metric: Numerical priority of the route.
  • Route Map: Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes.

RIP Routing

RIP (Routing Information Protocol) is a widely deployed interior gateway protocol. RIP is a distance-vector protocol based on the Bellman-Ford algorithms. As a distance-vector protocol, RIP sends updates from one router to its neighbors periodically, allowing the convergence to a known topology. In each update, the distance to any given network will be broadcast to its neighboring router. The router supports RIP version 2 as described in RFC2453 and RIP version 1 as described in RFC1058.

RIP Editor

image

  • Name: Unique name of the policy.
  • Metric: RIP metric is a value for distance for the network. Usually RIP increments the metric when the network information is received. The metric for redistributed routes is set to 1.
  • Protocol Version: RIP can be configured to send either Version 1 or Version 2 packets. The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and replying with packets of the appropriate version for REQUESTS / triggered updates).
  • Password: RIPv2 allows packets to be authenticated via either an insecure plain text password, included with the packet, or a more secure MD5 based HMAC (keyed-Hashing for Message AuthentiCation). RIPv1 cannot be authenticated at all, so when authentication is configured RIP will discard routing updates received via RIPv1 packets.
  • Plain text password: Select to use a plain text password instead of an MD5 HMAC. A plain text password is insecure!
  • Enabled: Click to enable/disable the policy. (Default: enabled.)

image

Networks: Set the RIP-enabled interfaces by network. RIP is enabled on the interfaces that have addresses within the network range.

Neighbors: When a neighbor doesn’t understand multicast, this command is used to specify neighbors. In some cases, not all routers will be able to understand multicasting, where packets are sent to a network or a group of addresses. In a situation where a neighbor cannot process multicast packets, it is necessary to establish a direct link between routers. The neighbor command allows the network administrator to specify a router as a RIP neighbor. The no neighbor a.b.c.d command will disable the RIP neighbor. Assign a neighbor by inputting an IP address.

image

Redistribute Routes: Redistribute routes of the specified protocol or kind into RIP, with the metric type and metric set (if specified), filtering the routes using the given route map (if specified). Redistributed routes may also be filtered with distribute lists.

  • Type: The type is the source of the route. Select from: Main, Connected, Static, OSPF, BGP.
  • Metric: RIP metric is a value for distance for the network. Usually RIP increments the metric when the network information is received. The metric for redistributed routes is set to 1.
  • Route Map: Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes.

RIPNG Routing

RIPng (RIP next generation) extends RIPv2 to support IPv6. See RIPng on Wikipedia and RFC 2080 for details.

RIPNG Editor

image

  • Name: Unique name of the policy.
  • Metric: RIPng metric is a value for distance for the network. Usually the RIP service increments the metric when the network information is received. The metric for redistributed routes is set to 1.
  • Enabled: Click to enable/disable the policy. (Default: enabled.)

image

Networks: Set the RIPng-enabled interfaces by network using IPv6 addresses. RIPng is enabled on the interfaces that have addresses within the network range.

image

Routes: Set RIPng static routing announcement of specified network address.

image

Redistribute Routes: Redistribute routes of the specified protocol or kind into RIPng, with the metric type and metric set if specified, filtering the routes using the given route-map if specified.

  • Type: The type is the source of the route. Select from: Main, Connected, Static, OSPF, BGP.
  • Metric: RIPng metric is a value for distance for the network. Usually the RIP service increments the metric when the network information is received. The metric for redistributed routes is set to 1.
  • Route Map: Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes.

Route Maps and Filters

Access Lists

This option provides for basic filtering based on IP addresses and netmasks.

Click Add to create a filtering rule.

image

  • Name: Choose a unique name.
  • Allow: Select “Permit” or “Deny”.
  • IP Address: Input the IP addresses that you want permitted or denied.
  • Netmask: Use this along with “IP Address” to specify a range of IP Addresses associated with this Access Lists rule.

Route Map

Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes. Route maps define rules for transferring between different routing protocols. Each statement in a route map is ordered. Once there is a match to a statement, the statement is executed and the scan terminates.

Click Add to create a new route map.

image

  • Name: Choose a unique name.
  • Allow: Select “Permit” or “Deny”.
  • Order: Input a number to set the order of this policy.

Match and Set: Both of these have the following configuration options:

image

  • IP address: Input an IP address with this policy.
  • Metric: Numerical priority of the route.
  • Community: The BGP community list is a user-defined BGP communities attribute list. The BGP community list can be used for matching or manipulating BGP communities attribute in updates.The community attributes are a 32-bit number that also has some aliases.
    • internet: alias for well-known communities value 0
    • no-export: alias for well-known communities value NO_EXPORT (0xffffff01)
    • no-advertise: alias for well-known communities value NO_ADVERTISE (0xffffff02)
    • local-AS: alias for well-known communities value NO_EXPORT_SUBCONFED (0xffffff03)

Match: This specifies the policy implied if the “Matching Conditions” are met or not met, and which actions of the route map are to be taken, if any. The two possibilities are:

  1. Permit: If the entry matches, then carry out the “Set Actions”. Then finish processing the route map, permitting the route, unless an “Exit Action” indicates otherwise.
  2. Deny: If the entry matches, then finish processing the route-map and deny the route (return “deny”).

Set: A route-map entry may, optionally, specify one or more `Set Actions’ to set or modify attributes of the route.

Permalink

0 Comments - Leave a Comment

NOTE: Threat Management is only available for the AER 2100, and it requires a feature license. Enable this feature through Enterprise Cloud Manager.

CradlePoint Secure Threat Management leverages Trend Micro‘s security experience and expertise in this one-pass Deep Packet Inspection(DPI) solution. Threat Management includes settings for both IPS (intrusion prevention system) and IDS (intrusion detection system), as well as application identification logging. Use Threat Management to identify and prevent a wide variety of network threats.

This Threat Management solution examines network traffic for both signature matches from Trend Micro’s large signature database of known threats and statistical anomalies to detect previously unknown threats. Trend Micro regularly adds new signatures to its database: update your signature database version to ensure you’re defending yourself against the newest threats. You have the option to update manually or schedule regular updates.

Follow these steps to get started with Threat Management:

  1. To purchase a license or to begin a free trial, log into Enterprise Cloud Manager (ECM) and go to the Applications tab (this is only available to the primary account administrator). Once entitled, the router must be rebooted for Threat Management to begin working.
  2. For complete configuration options, go to Network Settings → Threat Management in the configuration pages (in ECM or locally). See configuration options below.
  3. Set up emailed or logged alerts in the Alerts tab in ECM.
  4. Set up regularly scheduled signature updates in the configuration pages, or update manually in ECM via the Devices or Groups page (click on Commands in the top toolbar and select Update IPS Signatures from the dropdown options).

NOTE: Updating the signature database version causes a network disruption for a couple of seconds. You can schedule these updates to occur during days/times when you expect less traffic on your network.

Status

The Status section shows if Threat Management is enabled. It shows the current signature database version number, the timestamp for the most recent update, and the status of the most recent attempt to update signatures.

image

Click on the Update button to check for a new signature database version.

Configuration

Customize your Threat Management implementation (choose between IPS and IDS, set up a signature update schedule, etc.).

image

Operation Mode: Choose IPSIDS, or neither.

  • Disabled
  • Detect and Prevent (default) – IPS mode
  • Detect Only – IDS mode

Engine Failure/Error Action: In the unlikely event of an error with the Threat Management engine, you have the following options:

  • Allow Traffic (default)
  • Deny Traffic

With Allow Traffic selected, the device will act like a typical router without Threat Management enabled and route traffic as usual. If security is a huge concern, however, you may wish to select Deny Traffic to stop all traffic when Threat Management isn’t working properly.

Application ID Logging: (Disabled by default.) The DPI engine can identify network traffic applications and send this information to the system logs. Depending on your network traffic uses, application ID logging may send huge amounts of data to the system logs. We recommend enabling a syslog server to manage this information.

To view the logs, go to Status → System Logs. For configuration options, including syslog server setup, go to System Settings → Administration and select the System Logging tab.

Signature Update Schedule

You can choose to have a different signature update schedule for modems than for other WANs. This is intended to protect against overages when data usage limits for 3G/4G modems are restricted. For both Non-Modem WANs and Modem WANs, first choose the Frequency for updates:

  • Never
  • Daily
  • Weekly
  • Monthly

Then choose the specifc day and time. These updates cause a minor network disruption, so schedule updates for times with less critical traffic.

Whitelisted Signatures

Specify individual signatures that the Threat Management engine is detecting/preventing when the traffic is actually desired. Click Add and manually input a signature ID to include that signature on the “whitelist.”

image

Permalink

0 Comments - Leave a Comment

WiFi Settings (Advanced)

This is the product manual section for advanced WiFi Settings. To edit these settings, go to Network Settings → WiFi / Local Networks.



When you select either of the WiFi tabs (2.4 GHz or 5 GHz) in the Local Network Interfaces section, you have several additional options for configuring your wireless LANs under the WiFi Settings heading.

wifi

Channel Selection Method: This controls how a WiFi channel is selected.

  • User Selection – Manually set the channel.
  • Random Selection – The router randomly sets the channel.
  • Smart Selection (Default) – Scans to determine the lowest interference WiFi channel.

Channel Selection Schedule: When using the “Smart” channel selection, this controls whether the router will periodically rescan for a better channel and change to it. Select from “Once,” “Daily,” “Weekly,” or “Monthly.” Note that there may be a momentary WiFi disconnection while the channel changes.

Optimize WiFi/WiMAX coexistence: (Shows if Smart Selection or Random Selection is chosen and the WiFi band is 2.4 GHz.) Setting this will lessen any possible conflict with WiFi in the 2.4 GHz band and an attached WiMAX modem. If a WiMAX modem is attached to the router when the WiFi is enabled, the WiFi channel and transmit power will be set to levels that optimize the performance of the WiMAX modem. If no WiMAX modem is attached, then default channel and power settings will be used even if this is selected.

Channel: (Shows if User Selection is selected.) The WiFi channel corresponds to a frequency the router uses to communicate with other devices. For 2.4 GHz, the range is 1 to 11, and 1, 6, and 11 do not overlap each other. If a WiMAX modem is attached, a higher number channel will increase the chance the router’s WiFi and modem’s WiMAX radios will conflict with each other, which may result in lower throughput. Select a channel from the dropdown list:

  • 1 (2412 MHz)
  • 2 (2417 MHz)
  • 3 (2422 MHz)
  • 4 (2427 MHz)
  • 5 (2432 MHz)
  • 6 (2437 MHz)
  • 7 (2442 MHz)
  • 8 (2447 MHz)
  • 9 (2452 MHz)
  • 10 (2457 MHz)
  • 11 (2462 MHz)

For 5.0 GHz, the ranges are 36 to 64 and 149 to 165. These channels do not interfere with a WiMAX modem.

  • 36 (5180 MHz)
  • 40 (5200 MHz)
  • 44 (5220 MHz)
  • 48 (5240 MHz)
  • 149 (5745 MHz)
  • 153 (5765 MHz)
  • 157 (5785 MHz)
  • 161 (5805 MHz)
  • 165 (5825 MHz)

Client Timeout: If the access point is not able to communicate with the client it will disconnect it after this timeout (in seconds).

TX Power: Normally the wireless transmitter operates at 100% power. In some circumstances, however, there might be a need to isolate specific frequencies to a smaller area. By reducing the power of the radio, you can prevent transmissions from reaching beyond your corporate/home office or designated wireless area. RTS Threshold: When an excessive number of wireless packet collisions are occurring, wireless performance can be improved by using the RTS/CTS (Request to Send/Clear to Send) handshake protocol. The wireless transmitter will begin to send RTS frames (and wait for CTS) when data frame size in bytes is greater than the RTS Threshold. This setting should remain at its default value.

Fragmentation Threshold: Wireless frames can be divided into smaller units (fragments) to improve performance in the presence of RF interference and at the limits of RF coverage. Fragmentation will occur when frame size in bytes is greater than the Fragmentation Threshold. This setting should remain at its default value. Setting the Fragmentation value too low may result in poor performance.

DTIM: A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages. When the wireless router has buffered broadcast or multicast messages for associated clients, it sends the next DTIM with a DTIM Interval value. Wireless clients detect the beacons and awaken to receive the broadcast and multicast messages. The default value is 1. Valid settings are between 1 and 255.

Beacon: Beacons are packets sent by a wireless router to synchronize wireless devices. Specify a Beacon Period value between 20 and 1000 milliseconds.

WPS: WiFi Protected Setup is a method for easy and secure establishment of a wireless network. It can be used instead of passwords when connecting clients that support WPS.

Short Slot: Slot Time is the period wireless clients use in determining if the channel is free for transmission. Enabling this value allows clients that can utilize a shorter time to do so. Disabling this option forces all clients to use a longer backoff check and thus may reduce network throughput while reducing the number of transmission collisions.

Wireless Mode: Select the WiFi clients the router will be compatible with. Greater compatibility is a tradeoff with better performance. For greatest compatibility with all WiFi devices, select “802.11 a/b/g/n”. For best performance, connect with only other 802.11n-compatible devices and select “802.11 n.”

  • 802.11 b
  • 802.11 b/g
  • 802.11 a/b/g/n
  • 802.11 b/g/n
  • 802.11 n

Channel Width: Selects whether the router uses a single 20 MHz channel to send/receive, or uses two adjacent 20 MHz channels to create a 40 MHz channel. Higher performance is possible with the 40 MHz channel. Selecting Auto is generally best. Enabling WiFi as WAN will force 20 MHz only mode.

Extended Channel: When operating in 40 MHz mode the access point will use an extended channel either below or above the current channel. Optimal selection will depend on the channels of other networks in the area.

MCS: 802.11n uses multiple Modulation Coding Schemes to enable higher throughput in various environments. Since clients can dynamically change rates depending on environment, selecting Auto is generally best.

Short GI: Short GI is an optimization for shortening the interval between transmissions. May be incompatible with older clients.

Greenfield Mode: Greenfield mode uses an 802.11n-only preamble to transmit packets that older wireless clients cannot interpret. Use of greenfield mode in a mixed 802.11 environment may result in degraded performance but can improve performance if all devices in the area are 802.11n compatible.

RADIUS Timeout: (Default: 3600 seconds) When using an Enterprise security mode clients will be forced to re-authenticate with the RADIUS server at this interval in seconds. This allows administrators to revoke access so when an attached client’s authentication expires, the client must re-authenticate.

RADIUS Retry: (Default: 60 seconds) When using an Enterprise security mode, if a RADIUS query fails to receive a response from the server it will delay by this interval (in seconds) before attempting another query. This helps protect the network from floods of authentication requests if the RADIUS server is temporarily unreachable.

Permalink

0 Comments - Leave a Comment

When WiPipe QoS (Quality of Service, also known as “Traffic Shaping”) is enabled, the router will control the flow of Internet traffic according to the user-defined rules. In other words, Traffic Shaping improves performance by allowing the user to prioritize applications.

Enable WiPipe QoS: Click on this box to open options for controlling Internet traffic. You can assign maximum Upload Speed and Download Speed values and define your own Traffic Shaping rules.

WAN Interface Speeds

image

Upload Speed and Download Speed: Setting the Upload Speed and Download Speed is required to control traffic flow accurately. Adjust the sliding bar to restrict the maximum upload and/or download speed for the Internet source(s) you are using. For example, you might restrict the upload speed to prioritize available bandwidth for download or to reduce overall bandwidth use in order to lower costs. It is recommended that you experiment with different values for your particular Internet connection for best results.

NOTE: Upload speed is the speed at which data can be transferred to your ISP. Download speed is the speed at which data can be transferred to you from your ISP. You can test your connection speeds with a service such as speedtest.net.

Queues

Queues and rules work in conjunction to prioritize bandwidth for the most critical operations. Multiple rules can be associated with one queue. Use rules to associate your more critical operations with queues that have higher bandwidth settings. For example, you might have two queues, one for “critical” and one for “secondary” with critical having most of the bandwidth percentage. Use rules to associate your most important bandwidth needs (POS system, VoIP, etc.) with the critical queue. Restrict the bandwidth available for less important functions with the secondary queue.

Assign percentages of both upload and download bandwidth to each queue. If you assign 80% download bandwidth to the first queue, the next queue will be forced to be 20% or less.

image

Click Add to create a new Traffic Shaping/QoS queue.

Queue Name: Choose a name that is meaningful to you.

Upload Bandwidth

image

Enable Upload QoS: (Default: Enabled.) Deselect if you want your rule to apply to download traffic only. Leave this selected to include upload restrictions with this queue.

Borrow Spare Bandwidth: (Default: Enabled.) When this is enabled, the interfaces/protocols associated with this rule will borrow unused bandwidth from other rules. Disabling borrowing will restrict the traffic to the specified bandwidth. Higher priority queues will be offered excess bandwidth first.

Upload Bandwidth: This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic. The maximum value is adjusted to the remaining percentage after other rules receive their share.

Upload Priority: The priority value has two different effects on traffic. Higher priority traffic is handled before lower priority traffic, which can lead to shorter response times. Also, when spare bandwidth is available it is offered to higher priority queues first. Move the slider to select from the following options (Default: Normal):

  • Lowest
  • Lower
  • Below Normal
  • Normal
  • Above Normal
  • High
  • Higher
  • Highest

Click Next to continue to the next page.

Download Bandwidth

image

Enable Download QoS: (Default: Enabled.) Deselect if you want your rule to apply to upload traffic only. Leave this selected to include download restrictions with this queue.

Borrow Spare Bandwidth: (Default: Enabled.) When this is enabled, the interfaces/protocols associated with this rule will borrow unused bandwidth from other rules. Disabling borrowing will restrict the traffic to the specified bandwidth. Higher priority queues will be offered excess bandwidth first.

Download Bandwidth: This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic. The maximum value is adjusted to the remaining percentage after other queues receive their share.

Download Priority: The priority value has two different effects on traffic. Higher priority traffic is handled before lower priority traffic, which can lead to shorter response times. Also, when spare bandwidth is available it is offered to higher priority queues first. Move the slider to select from the following options (Default: Normal):

  • Lowest
  • Lower
  • Below Normal
  • Normal
  • Above Normal
  • High
  • Higher
  • Highest

DSCP (DiffServ) Tag: Differentiated Services Code Point (DSCP) is the successor to TOS (Type of Service). Use this field to ‘tag’ the traffic by putting the value in the DSCP header of each IP packet that flows through this queue. Use the value of ‘0’ to clear the existing DSCP value in the packet header.

DSCP Tagging is sometimes used so that other networking equipment, upstream or post-NAT, can do traffic shaping based on the DSCP Tags as opposed to IP addresses or ports.

This setting is optional. For more information see the Differentiated services Wikipedia page.

Click Finish to save this queue.

Rules

A traffic shaping rule identifies a specific message flow and assigns that flow to one of the queues created above.

image

Click Add to create a new Traffic Shaping rule.

Traffic Shaping / QoS Rule Editor

The first page of the Traffic Shaping / QoS Rule Editor allows you enable/disable the rule, name the rule, specify a protocol for the rule, and select a queue to associate the rule with.

image

Rule Enabled: (Default: Enabled.) Deselect this to disable this rule. This can be useful for quickly changing configurations. If both upload QoS and download QoS are disabled then the rule will disable automatically.

Rule Name: Create a name for the rule that is meaningful to you.

Protocol: The protocol used by the messages: TCP/UDP, TCP, UDP, or ICMP. Select “Any” if your rule does not control a specific type of message that uses a specific protocol.

Queue Name: Select a queue to associate this rule with.

Click Next to continue to the next page.

image

Use ports and/or IP addresses to define the type(s) of traffic attached to this rule. Leaving any field blank will match all values; all fields are optional.

Source Port(s) and/or Destination Port(s): Enter a port number between 1 and 65535. To enter a single port number, input the number into the left box. To enter a range of ports, fill in both boxes separated by the colon. For example “80:90” would represent all ports between 80 and 90 including 80 and 90 themselves.

Source IP AddressSource NetmaskDestination IP Address, and Destination Netmask: Specify an IP address or range of IP addresses by combining an IP address with a netmask for either “source” or “destination” (or both). Source vs. destination is defined by traffic flow. Leave these blank to include all IP addresses (such as if your rule is defined by a particular port instead).

EXAMPLE: If you want to associate this rule with your guest LAN, you could input the IP address and netmask for the guest LAN here (leaving the last slot “0” to allow for any user attached to the guest network):

  • Source IP Address: 192.168.10.0
  • Source Netmask: 255.255.255.0

DSCP (DiffServ): Differentiated Services Code Point (DSCP) is the successor to TOS (Type of Service). Use this field to select traffic based on the DSCP header in each IP packet. This field is sometimes set by latency sensitive equipment such as VoIP phones.

This setting is optional. For more information see the Differentiated services Wikipedia page.

DSCP Negate: When checked this rule will match on any packet that does not match the DSCP field.

Click Finish to save this rule.

Permalink

0 Comments - Leave a Comment

The Status section of the Administration Pages displays information about many different aspects of the router. The Status tab has the following dropdown menu items:

Client List


The Client List displays the specifications of each device connected to your router, including wireless and wired clients.

Wireless Clients

For each device using a wireless connection to your router, the following information is displayed: Hostname, IP, MAC, Connection, and Time Online.

Wired Clients

For each device using a wired connection to your router, the following information is displayed: Hostname, IP, and MAC.

Client List Fields

Hostname: The name by which each computer or device in a network is known.

IP: The “IP address,” or “Internet Protocol address,” specifies a location for each device.

MAC: This is the “MAC address”, a factory-assigned identifier used to identify a specific attached computer or device.

Connection: Summary of the wireless connection. For example: 802.11n, 20 MHz, 130 Mbps, -26 dBm

  • 802.11n: The transmission standard being used by the client. Possible values include 802.11a, 802.11b, 802.11g, and 802.11n. 802.11n is the newest and best standard, but some older devices may not support it.
  • 20 MHz: This is the channel width that defines the theoretical data rate (in megahertz) that the attached computer or device can send to or receive from the router. The channel width is set in Network Settings → WiFi / Local Networks. Typically this will be 20 MHz, but 40 MHz is possible if the router is set to use two adjacent 20 MHz channels. A wider channel can mean better performance, but not if there is too much interference. Even if 40 MHz is set in the WiFi Channel Width, the router may still fall back to 20 MHz if interference is found.
  • 130 Mbps: The transmit rate (in megabits per second) currently used to transmit packets from the router to the client. This rate changes automatically to match environmental conditions. Distance from the router, interference, etc can impact this value. Higher values indicate better performance. Devices can still function in the network with as little as 1 Mbps.
  • −26 dBm: A relative measure of wireless signal quality (decibels relative to one milliwatt). This expresses theoretical best quality. The value is given as a negative exponent: −20 is a very good value while −80 is relatively poor. Signal quality can be reduced by distance, by interference from other radio-frequency sources (such as cordless telephones or neighboring wireless networks), and by obstacles between the router and the wireless device.

Time Online: Simply the amount of time the device has been connected to the router.

Kick: Click on this button to disconnect a client. This will remove all wireless access for a user. The access will be restored when the router is rebooted. To block a client permanently use the Block MAC option or add the address to the MAC Filter under Network Settings → MAC Filter / Logging.

Block MAC: Click on this button add the MAC address to the list of blocked MAC addresses under Network Settings → MAC Filter / Logging. If the MAC Filter is set to act as a whitelist, then the address will be removed from the list of allowed clients. Clients may remain visible in the Client List after being blocked, but traffic for that client is blocked immediately. To restore access edit the list of MAC addresses under Network Settings → MAC Filter / Logging.

CP Secure Connect


View the status of configured CP Secure Connect tunnels.

image

To set up or edit a CP Secure Connect tunnel, go to Internet → CP Secure Connect.

NOTE: CP Secure Connect requires a feature license.

Dashboard


The Dashboard shows fundamental information about your router, divided into the following basic categories:

  • Router Information
  • Internet
  • Local Networks
  • WiFi Networks

image

For more in-depth information and/or configuration options, click on the Detailed Info link beside the category title. For each category, this links to:

  • Router Information – System Settings → Administration
  • Internet – Internet → Connection Manager
  • Local Networks – Network Settings → WiFi / Local Networks
  • WiFi Networks – Network Settings → WiFi / Local Networks

After the initial setup of the router, every time you log in you will automatically be directed to this Dashboard. Also, you can click on the CradlePoint logo in the upper left-hand corner to return to the Dashboard from any page.

image

Router Information

“Detailed Info” links to System Settings → Administration.

  • Product – Gives the product name
  • Serial – Device serial number
  • Firmware – Gives the number of the current firmware version
  • Build Date – Year-month-day-hours-minutes-seconds for the most recent firmware upgrade
  • MAC Address – The router’s unique identifier
  • CPU Usage – Expressed as a percentage
  • Up Time – Total time for current session
  • Clock – Current local date and time

To check for firmware upgrades, see: System Settings → System Software.

Internet

“Detailed Info” links to Internet → Connection Manager.

  • State – Connected/Disconnected
  • Signal Strength – Expressed as a percentage (Signal Strength is not included if Ethernet is the WAN type)
  • WAN Type – Ethernet, Modem, or WiFi as WAN
  • Connection Type – Possibilities include: DHCP (for Ethernet), HSPA, LTE, WiMAX, etc.
  • Connected Time – The time the current Internet source (WAN) has been connected
  • IP Address
  • Gateway
  • DNS Servers

The IP address and gateway describe your active WAN source. For configuration options, see Internet → Connection Manager. For DNS server configuration options, see: Network Settings → DNS.

Local Networks

“Detailed Info” links to Network Settings → WiFi / Local Networks.

  • Clients – The number of current clients

For each network, the following information is displayed:

  • Network Name: IP Address/Netmask
    • IPv6 Address – Displays if enabled
    • Route Mode – NAT (Network Address Translation), Standard (NAT-less), Hotspot, or Disabled
    • Access – Admin Access, LAN Isolation, UPnP (Universal Plug and Play), and/or DHCP

To configure a network, see: Network Settings → WiFi / Local Networks.

WiFi Networks

“Detailed Info” links to Network Settings → WiFi / Local Networks.

For each enabled WiFi radio (2.4 GHz and 5 GHz if available), the following information is displayed:

  • WiFi Radio: Channel – 1-11 for 2.4 GHz; 36, 40, 44, 48, 149, 153, 157, 161, or 165 for 5 GHz; Transmit Power (expressed as a percentage)
  • Channel Contention – Displayed as a bar graph by percentage (lower numbers are better; lower numbers mean that there are fewer competing signals)

For each WiFi network, the following information is displayed:

  • SSID – Service Set Identifier: an identifier or name for a wireless network
    • Security – WPA2/WPA1/WEP Personal/Enterprise or Open; Isolated Clients
    • Network – Admin Access, LAN Isolation, UPnP (Universal Plug and Play), and/or DHCP

To configure WiFi network settings, see: Network Settings → WiFi / Local Networks.

Router Alerts

On the right side of the Dashboard page is a brief set of “Router Alerts” that state basic information such as whether the router is running properly. This will inform you about the availability of new firmware, for example.

image

Router Alerts includes links to System Settings → System Software (for new firmware) and Internet → Connection Manager.

GPS


If GPS support is enabled and a modem capable of providing GPS coordinates is connected, this page will show a graphical view of your router’s location. See the GPS section in System Settings → Administration to enable GPS support.

image

GPS information is only displayed if 1) the modem supports GPS, 2) your carrier allows the GPS functionality, and 3) the modem has sufficient GPS signal strength. If no information is displayed, check that both the modem and your carrier support GPS. If GPS is supported, make sure the modem is in an area where it can receive a signal from the GPS satellites.

GRE Tunnels


View the status of configured GRE Tunnels. To set up or edit a GRE tunnel, go to Internet → GRE Tunnels.

Included information:

  • Name
  • Status
  • Transmit (packets/bytes)
  • Receive (packets/bytes)
  • MTU

image

Hotspot Clients


View the status of the clients that have logged in through the Hotspot/Captive Portal. View:

  • Hostname
  • IP address
  • MAC address
  • Data Usage (both IN and OUT)
  • Time Online

image

You may revoke a client’s access to the Internet by clicking the ‘Revoke’ button.

Internet Connections


The Internet Connections submenu option provides a list of attached WAN devices used as the Internet source for the router.

image

Select one of these devices to see detailed information about that particular device. Possible devices include:

  • Ethernet
  • 3G/4G modem
  • WiFi as WAN

The information displayed varies greatly depending on the technology, especially for 3G/4G modems. CradlePoint passes on the information provided by the modems, which is specific to the carrier (e.g. Verizon) and technology (e.g. LTE).

Ethernet example:

image

3G/4G modem example:

image

WiFi as WAN example:

image

Routing


System Routes displays routes associated with networks connected to the router as well as routes learned from routing protocols (such as RIP or BGP).

image

Static Routes displays user-specified routes configured in Network Settings → Routing.

image

There are also tables displaying information for GRE RoutesVPN Routes, and NEMO Routes. Configure the settings for these routes under the Internet tab.

Statistics


The Statistics submenu option displays basic traffic statistics.

Wireless Statistics: View the signal strength and other wireless modem information. The wireless device’s signal strength will only be displayed as long as it supports “Live Diagnostics.” Sample rate and size can be adjusted from the dropdown boxes.

image

Data Usage: A measure of the amount of information that is currently being sent or received through the network. Sample rate and size can be adjusted from the dropdown boxes.

image

Failover/Failback/Load Balance: An easy way to view current connective states of the devices plugged into the router as compared to the past. Sample rate and size can be adjusted from the dropdown boxes.

image

System Logs


The router automatically logs (records) events of possible interest in its internal memory. If there is not enough internal memory for all events, logs of older events are deleted, but logs of the latest events are retained. The log options allow you to filter the router logs so you can easily find relevant messages. This router also has external Syslog Server support so you can send the log files to a computer on your network that is running a Syslog utility.

image

Auto Update: The logs automatically refresh whenever the router creates a new message.

Update: Click to check for new router messages.

Clear Log: Clear the log file.

Save Log: This will open a dialog in your browser that will allow you to save the router’s log to your computer.

Search: Enter keywords to find specific events.

Level: Select/Deselect from the following levels to filter messages by priority.

  • Critical
  • Error
  • Warning
  • Info

NOTE: The logs are erased whenever the router is rebooted or loses power.

VPN Tunnels


View the status of configured VPN tunnels. Included information:

  • Name
  • Connections
  • Status
  • Protocols
  • Transferred
  • Direction
  • Time Online
  • Control

image

To set up or edit a VPN tunnel, go to Internet → VPN Tunnels.

WiPipe QoS


View the breakdown of packets and bytes sent and received associated with each WiPipe QoS rule.

image

To set up or edit a WiPipe QoS rule, go to Network Settings → WiPipe QoS.

Permalink

0 Comments - Leave a Comment

Select the Administration submenu item in order to control any of the following functions:

Router Security

image

Advanced Security Mode – When the router is configured to use the advanced security mode, several aspects of the router’s configuration and networking functionality will be extended to support high security environments. This includes support for multiple user accounts, increased password security, and additional network spoofing filters. If you plan to use your router in a PCI DSS compliant environment this option is mandatory. See below for more details.

Admin Password – Enter a password for the administrator who will have full access to the router’s management interface. You can use the default password on the back of your product, or you can create a custom Administrator Password.

Advanced Security Mode

When you enable Advanced Security Mode, you have three different options for the Authentication Mode:

  • Local Users
  • TACACS+
  • RADIUS

Local Users

Create users with administrative privileges by inputting usernames and passwords in the Advanced User Management table. The default username is “admin,” but you can edit this name, or delete it once you create other users (you can’t delete the user you are currently signed in as).

image

In TACACS+ and RADIUS modes, if the servers cannot be reached, either because the WAN is down or a response is not received within the selected Server Timeout, the router will automatically fall back to using Local Users mode to prevent any potential of being locked out.

TACACS+

TACACS+ stands for “Terminal Access Controller Access-Control System plus”. The router will use a TACACS+ server (or two, optionally) to authorize administration.

image

  • Server Timeout – If the servers are not reached within the set time (possibly because the WAN is down), the router will automatically fall back to using Local Users mode to prevent users from being locked out.
  • Authentication Service – Choose from:
    • ASCII / Login
    • PAP
    • CHAP
  • Server Address – This can be either an IP address in the form of “1.2.3.4”, or a DNS name in form of “host.domain.com”. Only lower case letters are allowed for a DNS name.
  • Port – Port 49 is default for TACACS+.
  • Shared Secret

RADIUS

RADIUS stands for “Remote Authentication Dial In User Service”. The router will use a RADIUS server (or two, optionally) to authorize administration.

image

  • Server Timeout – If the servers are not reached within the set time (possibly because the WAN is down), the router will automatically fall back to using Local Users mode to prevent users from being locked out.
  • Server Address – This can be either an IP address in the form of “1.2.3.4”, or a DNS name in form of “host.domain.com”. Only lower case letters are allowed for a DNS name.
  • Port – Port 1812 is common for RADIUS servers.
  • Shared Secret

System Clock

image

Enabling NTP will tell the router to get its system time from a remote server on the Internet. If you do not enable NTP then the router time will be based on when the router firmware was built, which is guaranteed to be wrong. Whenever the Internet connection is re-established and once a week thereafter the router will ask the server for the current time so it can correct itself.

You then have the option of selecting an NTP server and adjusting the NTP server port. Select the NTP server from the dropdown list. Any of the given NTP servers will be sufficient unless, for example, you need to synchronize your router’s time with other devices in a network.

  • Time Zone – Select from a dropdown list. Setting your Time Zone is required to properly show time in your router log.
  • Daylight Savings Time – Select this checkbox if your location observes daylight savings time.

Local Management

functions

  • Enable Internet Bounce Pages – Bounce pages show up in your web browser when the router is not connected to the Internet. They inform you that you are not connected and try to explain why. If you disable bounce pages then you will just get the usual browser timeout. In the normal case when the router is connected to the Internet you don’t see them at all.
  • Disable Attention LED – This disables the Attention LED. This will take effect at the next reboot.
  • Local Domain – The local domain is used as the suffix for DNS entries of local hosts. This is tied to the hostnames of DHCP clients as DHCP_HOSTNAME.LOCAL_DOMAIN.
  • System Identifier – This is a customizable identity that will be used in router reporting and alerting. The default value is the product name and the last three characters of the MAC address of the router.
  • Require HTTPS Connection – Check this box if you want to encrypt all router administration communication.
  • Secure HTTPS Port – Enter the port number you want to use. The default is 443.
  • Enable SSH Server – When the router’s SSH server is enabled you may access the router’s command line interface (CLI) using the standards-based SSH protocol. Use the username “admin” and the standard system password to log in.
  • SSH Server Port – Default: 22.

Remote Management

Remote Management allows a user to enable incoming WAN pings or change settings for the router from the Internet using the router’s Internet address.

functions

Allow WAN pings – When enabled the functionality allows an external WAN client to ping the router.

Allow Remote Web Administration – When remote administration is enabled it allows access to these administration web pages from the Internet. With it disabled, you must be a client on the local network to access the administration website. For security, remote access is usually done via a non-standard http port. Additionally, encrypted connections can be required for an added level of security.

  • Require HTTPS Connection – Requiring a secure (https) connection is recommended.
  • HTTP Port: Default – 8080. This option is disabled if you select “Require Secure Connection”.
  • Secure HTTPS Port – Default: 8443.

NOTE: You can restrict remote access to only specified IP addresses in Network Settings → Firewall under Remote Administration Access Control.

Allow Remote SSH Access – This will enable SSH access to the router from the Internet. It is only available when SSH access is enabled in the Local Management tab.

Some carriers block the remote SSH access ports. If a ping to the router’s WAN port does not work, it is unlikely that remote SSH access will work.

GPS

If you have an attached device with GPS support (SIM-based models with GPS support require that the SIM is inserted), you can enable a graphical view of your router’s location which will appear in Status → GPS.

Users can configure GPS NMEA GGA format sentence reporting, available through a router-based server and/or a remote server.

NOTE: Some carriers disable GPS support in otherwise supported modems. If you encounter issues with obtaining a fix, contact your carrier and ensure that GPS is supported.

image

  • Enable GPS support – Enables support for querying GPS information from supported modems.
  • Enable GPS server on WAN – Enables a TCP server on the WAN side of the firewall, which will periodically send GPS NMEA sentences to connected clients.
  • Enable GPS server on LAN – Enables a TCP server on the LAN side of the firewall, which will periodically send GPS NMEA sentences to connected clients.
    • GPS server port number
  • Enable GPS reporting to remote server – Enables periodic reporting of GPS NMEA sentences to a remote server. The router will buffer NMEA data if errors are encountered or if the Internet connection goes down and send the buffered sentences when the connection is restored.
    • Remote server hostname or IP
    • Remote server port
    • Report only over specific time interval – Restricts the NMEA sentence reporting to a remote server to a specific time interval.

GPS NMEA GGA Reporting

The device reports GPS information with the NMEA (National Marine Electronics Association) GGA sentence format. GGA provides essential fix data.

Example:

$GPGGA,1753405,4916.450,N,12311.127,W,2,06,1.5,117.3,M,−26.574,M,6.0,0138*47

Sample Data Description
1753405 Time of fix – 17:34:05 UTC
4916.450,N Latitude 49 deg. 16.450 min North
12311.127,W Longitude 123 deg. 11.127 min West
2 Fix quality: 0 = fix not available; 1 = GPS fix; 2 = Differential GPS fix; 3 = PPS fix; 4 = Real Time Kinematic; 5 = Float RTK; 6 = estimated (dead reckoning); 7 = Manual input mode; 8 = Simulation mode
06 Number of satellites being tracked
1.5 Horizontal dilution of precision (HDOP) – relative accuracy of horizontal position
117.312,M Altitude in meters above mean sea level
−26.574,M Geoidal separation: height of mean sea level above WGS-84 earth ellipsoid (negative value means mean sea level is below ellipsoid)
6.0 Time in seconds since last update from differential reference stations
0138 Differential reference station ID number
*47 Checksum – used by program to check for transmission errors

For more examples and information about NMEA GGA, see the following websites:

SMS

SMS (Short Message Service, or text messaging) requires a cellular modem with an active data plan. SMS is not designed to be a full remote management feature: SMS allows you to connect to the router for a few simple queries or commands with a text messaging service (e.g., from your phone). A modem that does not have an active data connection may still be reachable by SMS because Internet traffic and SMS traffic operate on separate channels, so SMS can be used to bring on offline router back online.

SMS is enabled on the router by default. However, it only works if SMS is supported and enabled on the modem. Most modems have SMS enabled by default, but the carrier may charge a fee for each text message sent or received. Contact your carrier to review these fees and/or to enable an SMS plan.

Important notes about SMS:

  • Messages are limited to 160 characters.
  • SMS is not a guaranteed delivery protocol. The carriers do not guarantee that the SMS message will be delivered to the modem or that the modem’s response will be delivered to the sender. This means an administrator might have to send messages multiple times before the desired action is performed.
  • SMS is a slow protocol. It can take seconds or up to a few minutes for messages to be delivered.
  • SMS messages are not encrypted; they are sent in full readable text over the network.

image

Enable SMS support – SMS support is enabled by default on the router. Deselect this to disable.

Password – By default, the password is the last 8 characters of the router’s MAC address (i.e., the Default Password on the product label). You can change this password to anything between 1 and 16 characters. It should be long enough to be useful for security but short enough to easily type into your phone (or other texting client).

White List – This list is blank by default, which means that the router will accept SMS messages from any phone number. Leaving this blank is unsecure, so CradlePoint recommends that you add phone numbers to this list. Once any numbers are listed, only those numbers have the ability to connect to the router via SMS.

NOTE: You cannot add email addresses to the White list. When a phone number is added to the White List, email SMS messages will be rejected.

How to Send an SMS Message

You can send SMS messages to the router via phone or email. The key elements are:

  1. the modem’s MDN
  2. the SMS password (defined above)
  3. the command

You must know the MDN (Mobile Directory Number) of the modem to send SMS messages to the router. This is a phone number that can be found under Status → Internet Connections in the router administration pages or under Devices → Network Interfaces in Enterprise Cloud Manager.

How to Text from a Phone
  1. Open the text messaging tool on your phone and start a new message.
  2. In the To field, enter the modem’s MDN.
  3. In the Subject field, enter the SMS password and command.
  4. Click Send.
How to Text from an Email Account

NOTE: There are limitations with sending texts via email. The SMS engine is currently only compatible with GSM-based carrier operators.

  1. Start a new email message.
  2. In the To field, enter the modem’s MDN plus the modem’s carrier domain name (e.g., 2085555555@txt.att.net).
  3. Enter the password and command in either the Subject field or Body of the email message. If you use the subject field, leave the body blank, and if you use the body, leave the subject blank.

NOTE: The subject field may be limited to a certain number of characters, so if you get an error when sending the command on the subject line, switch to using the body instead.)

SMS Commands

Below is a list of supported SMS messages and the syntax format.

Due to security concerns, the set of commands are intentionally limited to those that can configure a modem’s connection, but cannot lock the administrator out due to malicious modem changes. Therefore, if an unsolicited request adjusts the modem’s configuration via SMS, an administrator can still access the modem via SMS.

Command syntax:

<password>,<command>,[arg1,][arg2,] 

All commands start with the password – either the default of the last 8 digits of the router’s MAC address or the administrator-configured password. Commands can have an optional number of arguments.

NOTE: The trailing comma on the command is important to allow the SMS engine to distinguish the final argument from other information the SMS client might append to the message without your knowledge.

Supported Commands

reboot – Reboot the router (not the modem)

Syntax:

<password>,reboot, 

Example:

1234,reboot, 

restore – Restore the router to factory defaults

Syntax:

<password>,restore, 

Example:

1234,restore, 

rstatus – Get router status

Syntax:

<password>,rstatus, 

Example:

1234,rstatus, 

mstatus – Get modem status (port parameter optional)

Syntax:

<password>,mstatus,[port,] 

Examples:

1234,mstatus, //return status of highest priority modem 1234,mstatus,usb1, //return status of modem plugged into port usb1 

This command returns info about the indicated modem’s status. The resulting data reflects the modem model number, service type, and connection status and values.

Sample response:

Model: MC200P Service: HSPA+ SIM Status: READY RSSI: -62 dbm ECIO: -4 APN: wwan.ccs IP Addr: 166.136.142.172 

mreboot – Reboot the modem (port parameter optional)

Syntax:

<password>,mreboot,[port,] 

Examples:

1234,mreboot, //reboot the highest priority modem 1234,mreboot,usb1, //reboot the modem plugged into port usb1 

apn – Reboot the modem (port parameter optional)

Syntax:

<password>,apn,<new APN>,[port,] 

Examples:

1234,apn,myapn@apn.com, //set APN of highest priority modem 1234,apn,myapn@apn.com,usb1, //set APN for modem in port usb1 

userpass – Set the modem’s authentication username and password (port parameter optional)

Syntax:

<password>,userpass,<username>,<userpassword>,[port,] 

Examples:

1234,userpass,joe,mypassword, //set information of highest priority modem 1234,userpass,joe,mypassword,usb3, //set information on modem in port usb3 

simpin – Set the SIM’s PIN (port parameter optional)

Syntax:

<password>,simpin,<pin>,[port,] 

Examples:

1234,simpin,5678, //set simpin in highest priority modem 1234,simpin,5678,usb2 //set simpin in modem on port usb2 

log – Return a portion of the router log

Syntax:

<password>,log,[start,] 

Examples:

1234,log, //return the first 10 items of the log (items 0 through 9) 1234,log,10, //return items 10 through 19 of the log 1234,log,20, //return items 20 through 29 of the log 

Sending log information via SMS messages likely results in several resulting texts. Please be aware of the costs of text messages on the modem’s account, and use this command only if necessary.

* The “port” parameter is optional. It specifies which port – and therefore which modem – to perform the action on. If not given, the action will happen on the highest priority modem.

Sample Debug Session

The following is an example of a debug session to discover a modem’s APN is misconfigured and needs to be set.

Figure out the state of the modems on the router:

1234,rstatus, 

Receive the modem’s status and settings:

1234,mstatus, 

Set the modem’s APN to the correct setting:

1234,apn,broadband, 

Verify the APN was set properly:

1234,mstatus, 

Continue to verify the status periodically to ensure that the modem connects:

1234,rstatus, 

System Logging

image

Logging Level: Setting the log level controls which messages are stored or filtered out. A log level of Debug will record the most information while a log level of Critical will only record the most urgent messages. Each level includes all messages from all of the levels below it on the list (e.g. “Warning” includes all “Error” and “Critical” messages as well).

  • Debug
  • Info
  • Warning
  • Error
  • Critical

Enable Logging to a Syslog Server: Enabling this option will send log messages to a specified Syslog server. After enabling, type the Hostname or IP address of the Syslog server (or select from the dropdown menu).

  • Syslog Server Address: Select the Hostname or IP address from the dropdown menu, or type this in manually.
  • Include System ID: This option will include the router’s “System ID” at the beginning of every log message. This is often useful when a single remote Syslog server is handling logs for several routers.
  • Include UTF8 Byte Order Mark: The log message is sent using UTF-8 encoding. By default the router will attach the Unicode Byte Order Mark (BOM) to the Syslog message in compliance with the Syslog protocol, RFC5424. Some Syslog servers may not fully support RFC5424 and will treat the BOM as ASCII text, which will appear as garbled characters in the log. If this occurs, disable this option.

Log to attached USB stick: Only enable this option if instructed by a CradlePoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.

Verbose modem logging: Only enable this option if instructed by a CradlePoint support agent.

Create support log: This functionality allows for a quick collection of system logging. Create this log file when instructed by a CradlePoint support agent.

Router Services

By default, router services (Enterprise Cloud Manager, NTP, etc.) connect to the router via the WAN. In some setups it makes sense to use the LAN instead. For example, if your router is used strictly for 3G/4G failover behind another router, you may not want to use 3G/4G data unnecessarily. Select Use LAN Gateway to set your router services to connect via the LAN.

image

LAN Gateway Address: Input the IP address of the LAN side connection. If this is a 3G/4G failover router operating behind another router, the LAN Gateway Address is the IP address of that other router.

DNS Server and Secondary DNS Server: The primary and secondary DNS server numbers match the static DNS values (set at Network Settings → DNS). You can leave the default values or set them manually here. (Changing these values also changes the static DNS values.)

Permalink

0 Comments - Leave a Comment

Through the CradlePoint administration pages you now have the ability to create, manage, sign, and import/export X.509 certificates – frequently referred to as SSL certificates – under Network Settings → Certificate Management. Our implementation integrates an OpenSSL toolkit solution. It includes the ability to create your own CA certificates and self-signed certificates.

For background information on digital certificates, see the following Wikipedia articles:

Digital certificates have multiple possible uses in a CradlePoint networking setup. For example, a digital certificate is a much more secure option for VPN tunnel authentication than a pre-shared key.

Go to the following sections for more information about specific certificate management options:

image

Not all Certificate Management options displayed here are currently available via the Enterprise Cloud Manager configuration pages.

Create Certificates

Complete the following fields to create certificates locally, including CA (certificate authority) certificates.

To create local certificates without sending signature requests to a third-party CA, first create a CA certificate with this interface and then create additional certificates that you sign with your CA:

  • Step 1: Create a CA certificate. In the Issuer section select Set as CA certificate.
  • Step 2: Create additional certificates. In the Issuer section select Sign with CA certificate and then select the CA certificate you created in step 1 from the dropdown list.

image

General Description

  • Name: Choose a name meaningful to you.

Issuer

  • Set as CA certificate: Select if the certificate you are creating is intended to be a CA.
  • Sign with CA certificate: Select to sign this certificate with a CA you created previously.
    • Certificate Name: Select your CA certificate from the dropdown list of local certificates.

Subject

  • Country Name2-letter country code (e.g., AU, UK, US)
  • State or Province Name: The name of your state or region
  • Local Name: Generally the city or town
  • Organization Name: Company name
  • Organization Unit: Company division name
  • Common Name: Must be unique; if used for authentication, this must match the configured Common Name (CN) on the third-party authenticator
  • Email Address

Validity

  • Days: Input the number of days the certificate should remain valid (999 days maximum).

Public Key Algorithm

  • Type: Select one of the following:
  • Digest: The following cryptographic hash functions are listed in order of increasing security. More security requires more router resources.
  • Bits: A greater bit size is more secure, but requires more router resources. Some devices do not support 2048 bits, so ensure compatibility.
    • 1024
    • 2048

Certificate Signing Request

Request a certificate signature from a remote CA. Using an established, third-party CA increases the likelihood that your certificate will be trusted by others (see security issues for self-signed certificates for more information).

Generate a certificate signing request (CSR) by selecting a certificate from the dropdown list (Name field) and downloading the CSR. The CSR can then be sent to a remote CA for a signature. Once the certificate has been signed, import the certificate in PEM or PKCS #12 format.

image

When you export the CSR, select a Digest, or cryptographic hash function. These are listed in order of increasing security. More security requires more router resources.

Local Certificates

This is a table of local certificates, including certificate details.

Remove a local certificate by selecting the certificate and clicking the Remove button.

image

  • Name: Friendly description of the certificate.
  • Country: (C) The certificate owner’s country of residence.
  • State or Province: (ST) the certificate owner’s state or province of residence
  • Location: (L) The certificate issuer’s locality (city, town, etc.).
  • Org.: (O) The organization to which the certificate issuer belongs.
  • Org. Unit: (OU) The name of the organizational unit to which the certificate issuer belongs
  • Common Name: (CN) Name used to match authentication credentials.

Import/Export PEM Format Certificates

PEM is a container format for encoding data – in this case, X.509 certificates. PEM was originally designed for encoding email (PEM stands forPrivacy-enhanced Electronic Mail), but it has never been widely used for that purpose. The format is much more common for encoding digital certificates.

The PEM format uses Base64 and DER (Distinguished Encoding Rules) encoding.

Import

Choose a certificate file in PEM format from your computer or local device and upload it to the router. Give the certicate a name that is meaningful to you.

image

Export

Select a local certificate from the dropdown list and download it to your computer or local device in PEM format.

image

Import/Export PKCS #12 Format Certificates

PKCS #12 is one of the public-key cryptography standards. PKCS #12 files bundle public and private certificate keys in an archive file format. The PKCS #12 container format is more secure than the PEM container format because it is protected by an encryption key.

Import

Choose a certificate file in PKCS #12 format from your computer or local device and upload it to the router. Give the certicate a name that is meaningful to you.

PKCS #12 files are protected by a passphrase – you must know this key to import the file.

image

Export

Select a local certificate from the dropdown list and download it to your computer or local device in PKCS #12 format.

When you export this file, you must create a passphrase to protect it. This key is required for future use of the file.

image


NOTE: This article may contain links that direct you to non-CradlePoint, Inc. owned websites, and these links are not under the control of CradlePoint, Inc. or any of its representatives. CradlePoint, Inc. is not responsible for the content of any linked site or any link contained in a linked site or any changes or updates to such sites outside of cradlepoint.com. CradlePoint is providing these links as a convenience, and the inclusion of any link does not imply endorsement of the site by CradlePoint, Inc. or any of its representatives.

Permalink

0 Comments - Leave a Comment

The Device Alerts submenu choice allows you to receive email notifications of specific system events. YOU MUST ENABLE AN SMTP EMAIL SERVER TO RECEIVE ALERTS.

alerts

Alerts can be included for the following:

  • Firmware Upgrade Available: A firmware update is available for this device.
  • System Reboot Occurred: This router has rebooted. This depends on NTP being enabled and available to report the correct time.
  • Unrecognized MAC Address: Used with the MAC monitoring lists. An alert is sent when a new unrecognized MAC address is connected to the router.
  • WAN Device Status Change: An attached WAN device has changed status. The possible statuses are plugged, unplugged, connected, and disconnected.
  • Configuration Change: A change to the router configuration.
  • Login Failure: A failed login attempt has been detected.
  • VPN Tunnel Goes Down: Sends an alert when a VPN tunnel goes down.
  • Feature License Expiration: Sends an alert when a feature license is about to expire.
  • Full System Log: The system log has filled. This alert contains the contents of the system log.
  • Recurring System Log: The system log is sent periodically. This alert contains all of the system events since the last recurring alert. It can be scheduled for daily, weekly and monthly reports (Frequency). You also choose the Time you want the alert sent.

SMTP Mail Server

Since your router does not have its own email server, to receive alerts you must enable an SMTP server. This is possible through most email services (Gmail, Yahoo, etc.)

Each SMTP server will have different specifications for setup, so you have to look those up separately. The following is an example using Gmail:

alerts

  • Server Address: smtp.gmail.com
  • Server Port: 587 (for TLS, or Transport Layer Security port; the router does not support SSL).
  • Authentication Required: For Gmail, mark this checkbox.
  • User Name: Your full email address
  • Password: Your Gmail password
  • From Address: Your email address
  • To Address: Your email address

Once you have filled in the information for the SMTP server, click on the “Verify SMTP Settings” button. You should receive a test email at your account.

Delivery Options (Advanced)

Email Subject Prefix: This optional string is prefixed to the alert subject. It can be customized to help you identify alerts from specific routers.

Retry Attempts: The number of attempts made to send an alert to the mail server. After the attempts are exhausted, the alert is discarded.

Retry Delay: The delay between retry attempts.

Permalink

0 Comments - Leave a Comment

CradlePoint Enterprise Cloud Manager (ECM) is a cloud-based management service for configuring, monitoring, and organizing your CradlePoint routers. Key features include the following:

  • Group based configuration management
  • Health monitoring of router connectivity and data usage
  • Remote management and control of routers
  • Historical record keeping of device logs and status

Visit http://cradlepoint.com/ecm to learn more about CradlePoint ECM. If you do not have ECM credentials, sign up at: http://cradlepoint.com/ecm-signup.

image

Registering Your Router – Once you have signed up for ECM, click on the Register Router button to begin managing the router through ECM. Input your ECM Username and ECM Password and click Register. You have now registered the device with Enterprise Cloud Manager.

Suspending the ECM Client – Click on the Suspend Client button to stop communication between the device and ECM. Suspending the client will make it stop any current activity and go dormant. It will not attempt to contact the server while suspended. This is a temporary setting that will not survive a router reboot; to disable the client altogether use the Advanced Enterprise Cloud Manager Settings panel (below).

Enterprise Cloud Manager Settings (Advanced)

image

  • Enabled: Enable the ECM client to contact the server. While this box is unchecked, the ECM client will never attempt to contact the server. (Default: Enabled)
  • Server Host:Port: The DNS hostname and port number for your ECM server. (Default: stream.cradlepoint.com)
  • Session Retry Timer: How long to wait, in seconds, before starting a new ECM session following a connection drop or connectivity failure. Note that this value is a starting point for an internal backoff timer that prevents superfluous retries during connectivity loss.
  • Unmanaged Checkin Timer: How often, in seconds, the router checks with ECM to see if the router is remotely activated. Note that this value is a starting point for an internal backoff timer that reduces network usage over time.
  • Maximum Alerts Buffer: The maximum number of alerts to buffer when offline.

Permalink

0 Comments - Leave a Comment

Some CradlePoint features may require a license. These features are disabled by default. To obtain a feature license, contact your CradlePoint sales representative.

feature license

Once you have obtained the feature license file, upload the file to enable the feature. A reboot is required after uploading a feature license file.

Permalink

0 Comments - Leave a Comment

Any of your networks can be enabled as a hotspot. To enable a hotspot, you need to select a network and set it as a hotspot in Network Settings → WiFi / Local Networks.

NOTE: Although any network can be a hotspot, the router allows only one hotspot.

image

Hotspot Mode: Choose from the following dropdown options:

  • Simple: Allows “Terms of Use” page and timeout settings controlled within the router.
  • RADIUS/UAM: Allows you to set up external authentication servers.

Local IP Network: A single LAN Group – including both WiFi and Ethernet – can be configured as your hotspot. If you do not already have a LAN Group configured as a hotspot, go to the WiFi / Local Networks page (you can click Configure to link to this page) and set the Routing Mode to “Hotspot” for the LAN Group you want to use.

NOTE: Routing Mode is in the Local Network Editor under the IP Settings tab. Select a network in Network Settings → WiFi / Local Networksand click Edit to open the Local Network Editor. The IP Settings tab will already be open. The Routing Mode dropdown menu is at the bottom.

Allow Service on 3G/4G Modems: Allows you to enable or disable hotspot access to the Internet over a modem. This is often used if the router has a main wired link and a secondary modem for failover (typically with a more expensive/limited data plan). Select this option if you want the router to allow data traffic over the modem if the wired connection goes down.

Disable Service if Ethernet Threshold is met: This will block Hotspot use of the WAN when the threshold is met. This can be used if the router is being used as a backup failover connection to another router with a wired connection. If that other router’s wired connection goes down and it starts using this router for its primary connection, then disable Hotspot use of the WAN connection. Set the limiting Rate (KB/s) and Time Period (seconds).

Redirect HTTPS Requests: This allows initial requests to HTTPS websites to be redirected appropriately.

Hotspot/UAM Authentication Port: Default: 8000. Type in a different port number, or use the slider to change the port.

Simple Mode Settings

image

Display: This section allows you to choose if a “Terms of Use” page will be given to the user connecting to the hotspot.

  • Internal Terms of Use. Fill in your own terms of use.
  • External Terms of Use. Specify a URL that has the Terms of Use page. Users will automatically be directed to this page.
  • No Terms of Use. Redirect Only.

Redirection on Successful Authentication: Depending on your choice for the “Terms of Use” page, your have further options for where the user will be directed. After the user accepts the terms, you can either let him/her continue to the URL they were trying to reach or you can force the user to go to a specified URL once before continuing on.

  • To the URL the user intended to visit.
  • To an administrator-defined URL.

Redirect URL: If you have chosen to send users to an administrator-defined URL, you will need to specify the address.

Session Timeout: (Default: 60 minutes.) The amount of time the user may use the router before being forced to authenticate again.

Idle Timeout: (Default: 15 minutes.) If the user is idle for this amount of time, make them re-authenticate.

Bandwidth (upload): (Default: 512 Kbits/sec.) The data rate limit for users uploading data through the hotspot.

Bandwidth (download): (Default: 1024 Kbits/sec.) The data rate limit for users downloading data through the hotspot.

RADIUS/UAM Settings

This section allows you to configure a RADIUS and Universal Access Method server. After the user accepts the terms, you can either let him/her continue to the URL they were trying to reach or you can force the user to go to a specified UAM Server or URL once before continuing on.

RADIUS Settings

image

  • Server Address 1: Assigned by RADIUS service.
  • Server Address 2: This is an optional backup server.
  • Authentication Port: The standard port number, 1812, will usually be sufficient.
  • Accounting Port: The standard port number, 1813, will usually be sufficient.
  • Shared Secret: Assigned by RADIUS service.
  • Redirection On Successful Authentication: Choose from the dropdown list of options for redirection:
    • Redirect to the UAM Server.
    • Redirect to the URL that the user intends to visit.
    • Redirect to the following URL (input the desired URL).
  • Session Timeout: (Default: 60 minutes.) The amount of time the user may use the router before being forced to authenticate again. This value can be overwritten by the RADIUS server.
  • Idle Timeout: (Default: 15 minutes.) If the user is idle for this amount of time, make them re-authenticate.
  • Bandwidth (upload): (Default: 512 Kbits/sec.) The data rate limit for users uploading data through the hotspot.
  • Bandwidth (download): (Default: 1024 Kbits/sec.) The data rate limit for users downloading data through the hotspot.

UAM Settings

image

  • Login URL: Assigned by UAM service.
  • Splash Page URL: Optional URL that can point to an external page that can provide specific information to the user prior to being authenticated. The page MUST provide a link back to the Login URL in order for the user to be authenticated. For example: http://lan ip address:uam port/prelogin or http://192.168.10.1:8000/prelogin.
  • Shared Secret: Optional, depending on the UAM service.
  • NAS/Gateway ID: Assigned by UAM service.

HeartBeat Settings

image

The HeartBeat, when enabled, sends the following information to the specified URL at the specified time interval so the operator managing the hotspot knows if the router is still functioning:

  • mac: The MAC address of the router, i.e. 00-11-22-33-44-55.
  • nasid: The NAS/Gateway ID of the router which should be entered in the UAM Settings.
  • os_date: A string showing the type of router and the firmware version running, e.g. Cradlepoint_4.1.2.
  • uptime: The uptime and system load average of the router

Allowed Hosts Prior to Authentication

Adding hostnames to this list will allow access from your network to any external domain or website prior to being authenticated. For example, a hotel might allow access to its own website prior to authentication.

image

Click Add to enter new hostnames you wish to allow.

Enter the hostname or domain name of the website you wish to allow, e.g. www.company.com or company.com. To allow all domain and sub-domain options, use a wildcard, e.g. *.company.com.

Click Submit to save your additions.

Authorized MAC Addresses

image

Add the MAC addresses of trusted machines. This gives them automatic access through the Hotspot portal.

Permalink

0 Comments - Leave a Comment

A single USB Serial device can be used to establish a serial link to a host port on the router. The USB Serial device can also be accessed by running “serial” from an SSH session.

Telnet to Serial Configuration

image

  • Enabled: Enabling Telnet to Serial will start a Telnet server that passes its connection to the serial adapter. Enabling this service is not necessary when accessing serial through SSH.
  • LAN: Enable serial redirector for LAN connections.
  • Authenticated LAN: Enable serial redirector for Authenticated LAN connections. You must be logged into the router to use the redirector.
  • WAN: Enable serial redirector for WAN connections.
  • Server Port: Enter a port number for the redirector to use. (Default: 7218)

USB Serial Adapter Configuration

image

  • Baud Rate: Select from the dropdown list.
    • 50
    • 75
    • 110
    • 134
    • 150
    • 200
    • 300
    • 600
    • 1200
    • 1800
    • 2400
    • 4800
    • 9600
    • 19200
  • Byte Size: The number of bits in a byte. Select from: 5, 6, 7, and 8.
  • Parity: Change this value to enable parity bit checking. Select from the following dropdown options:
    • None: No parity checking. (Default)
    • Even: parity bit will always be even.
    • Odd: parity bit will always be odd.
    • Mark: parity bit will always be odd and always 1.
    • Space: parity bit will always be even and always 0.
  • Stop Bits: Number of bits to initiate the stop period. Select from these dropdown values: 1, 1.5, and 2.
  • Hardware (RTS/CTS): Use RTS (Request To Send)/CTS (Clear To Send) to enable flow control.
  • Software (XON/XOFF): Use XON/XOFF to enable flow control.
  • Linefeed: Select how you want linefeeds translated (CR = carriage return and LF = line feed).
    • Ignore
    • CR/LF
    • CR
    • LF

Permalink

0 Comments - Leave a Comment

SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management. You might use this instead of Enterprise Cloud Manager if you want to remotely manage a set of routers that include both CradlePoint and non-CradlePoint products.

image

  • Enable SNMP: Selecting “Enable SNMP” will reveal the router’s SNMP configuration options.
  • Enable SNMP on LAN: Enabling SNMP on LAN will make SNMP services available on the LAN networks provided by this router. SNMP will not be available on guest or virtual networks that do not have administrative access.
  • LAN port #: Use the LAN port # field to configure the LAN port number you wish to access SNMP services on. (Default: 161)
  • Enable SNMP on WAN: Enabling SNMP on WAN will make SNMP services available to the WAN interfaces of the router.
  • WAN port #: Use the WAN port # field to configure which publicly accessible port you wish to make SNMP services available on. (Default: 161)
  • SNMPv1: SNMP version 1 is the most basic version of SNMP. SNMPv1 will configure the router to transmit with settings compatible with SNMP version 1 protocols.
  • SNMPv2c: SNMP version 2c has the same features as v1 with some additional commands. SNMPv2c will configure the router to use settings and data formatting compatible with SNMP version 2c.
  • SNMPv3: SNMP version 3 includes all prior features with security available. SNMPv3 is the most secure setting for SNMP. If you wish to configure traps then you must use SNMP version 3.
  • Get community string: The “Get community string” is used to read SNMP information from the router. This string is like a password that is transmitted in regular text with no protection.
  • Set community string: The “Set community string” is used when writing SNMP settings to the router. This string is like a password. It is a good idea to make it different than the “Get community string.”

SNMPv3

If you select SNMPv3, you have several additional configuration options for added security.

image

  • Authentication type: Select the authentication and encryption type that will be used when connecting to the router from the following dropdown list. These settings must match the configuration used on any SNMP clients.
    • MD5 with no encryption
    • SHA with no encryption
    • MD5 with DES encryption
    • SHA with DES encryption
    • MD5 with AES encryption
    • SHA with AES encryption
  • Username: Enter the Username configured on your SNMP host in the username field.
  • Password: Enter the Password for your SNMP host in the password and verify password fields. This password must be at least 8 characters long.
  • Enable SNMP traps: Enabling traps will allow you to configure a destination server, community, and port for trap notifications. Trap notifications are returned to the server with SNMPv1.
  • Trap community string: The trap notifications will be returned to the trap server using this SNMPv1 trap community name.
  • Address for trap server: Enter the address of the host system that you want trap alerts sent to.
  • Trap server port #: Enter the port number that the remote host will be listening for trap alerts on. (Default: 162)

System Information

System information via SNMP is Read-Writable by default. However, if a value is set here, that field will become Read-Only.

  • System Contact: Input the email address of the system administrator.
  • System Name: Input the router’s hostname.
  • System Location: Input the physical location of the router. This is simply a string for your own information.

Permalink

0 Comments - Leave a Comment

 Control Settings

control

Restore to Factory Defaults: This changes all settings back to their default values.

Reboot The Device: This causes the router to restart.

Advanced Control: System Automatic Reboot, Ping Test

Scheduled Reboot: This causes the router to restart at a user-determined time.

Watchdog Reboot: This causes the router to automatically restart when it determines an unrecoverable error condition has occurred.

Ping Test: A simple test to check Internet connectivity. Type the Hostname or IP address of the computer you want to ping and press ‘Enter’ or click the ‘Ping’ button.

image

Permalink

0 Comments - Leave a Comment

This allows the administrator to load new firmware onto the router to add new features or fix defects. If you are happy with the operation of the router, you may not want to upgrade just because a new version is available. Check the firmware release notes (cradlepoint.com/firmware) for information to decide if you should upgrade.

image

  • Current Firmware Version: Shows the number of the current firmware and the date it was updated.
  • Available Firmware Version: If there is a new firmware version available, this will list the version number. Click “Check Again” to have the router check the newest firmware.
  • Factory Reset: Set default settings to match the new firmware. This is safest, as settings may have changed. You should back up your current settings and restore them after the new firmware is loaded.
  • Automatically check for new firmware: Check for an available firmware update once a day.
  • Automatic (Internet): Have the router download the file and perform the upgrade with no user interaction.
  • Manual Firmware Upload: Upload the router firmware from an attached computer. (Go to cradlepoint.com/firmware to download the firmware.)

System Config Save/Restore

  • Backup Current Settings: Click on “Save to disk” to save your current settings to a file on a computer.
  • Restore Settings: Click on “Upload from file” to restore your previous settings from a file on a computer.

image

Firmware Upgrade and System Config Restore

Load new firmware and restore your previous settings from a file on a computer without rebooting between steps.

Permalink

0 Comments - Leave a Comment

Valid Cellular Data Connections are dependent on a cellular modem’s:

      A.  Signal Strength, and
B.  Signal Quality

A.  Signal Strength

  1. Influences connection to the cellular tower.
  2. Represented by RSSI, measured in dBm.
  3. RSSI is a negative dBm value. Values closer to 0 are stronger signals.
  4. The ‘lower number’ represents better signal strength.
NOTE: Signal Strength must be reviewed by the numeric values, ie. -dBm. The number of signal bars displayed by devices may give inaccurate perception of actual signal strength.
B.  Signal Quality
  1. Influences data throughput speeds on mobile broadband networks.
  2. Represented by signal noise ratios, measured in dBm.
  3. Noise ratio representation varies by mobile broadband technology:
  • LTE:  SINR
  1. SINR is a positive dBm value.
  2. Higher SINR numbers = better quality connection.
  • WiMAX: CINR
  1. CINR is a positive dBm value.
  2. Higher CINR numbers = better quality connection.
  • CDMA EVDO: EC/IO
  1. EC/IO is a negative dBm value.  Values closer to 0 are stronger signals
  2. Lower EC/IO ‘numbers’ = better quality connection.
User-added image
  • Exceptions apply to the following modems in LTE mode only: Pantech UML290 and Novatel 551L.
  • LG VL600 does not report db values, only bars. LG VL600 requires a minimum of 2 bars.
Disclaimers:
  1. Both Signal Strength and Signal Quality must be considered for successful cellular data connection.
  2. Measured or reported values vary by modem, carrier, and network environment.
  3. There is no black/white answer to what constitutes a successful connection.
  4. Although signal strength may appear to be adequate, throughput speeds may vary due to dependencies on cellular tower loads.

Permalink

0 Comments - Leave a Comment

The measure of a connection depends on both the Signal Strength and Signal Quality. RSSI is a measure of Signal Strength, while CINR, SINR, and Ec/Io are measures of Signal Quality for various technologies. The values we report are specific to different technologies (e.g. LTE) and carriers (e.g. Verizon).

NOTE: The following values are approximations; they are solely CradlePoint’s interpretations. Each of these values will vary for different technologies and carriers: contact your carrier for more authoritative information. CradlePoint does not guarantee adequate performance, regardless of the Signal Strength and Signal Quality. An adequate connection depends on many different factors, including:

  • Proximity to the cellular tower
  • Tower load
  • Physical barriers (mountains, buildings, trains, etc.)
  • Competing signals
  • Weather
  • Signal going through a cellular repeater

Signal Strength and Signal Quality numbers do not incorporate all of the relevant factors. In particular, measurements of Signal Strength and Signal Quality for a specific moment do not reflect on the STABILITY of a connection, as these values will vary as conditions change.

Signal Strength

RSSI = Received signal strength indicator (measured in dBm)

Excellent above −65 (closer to 0 is better)
Good −65 to −75
Fair −75 to −85
Poor below −85

Signal Quality

Ec/Io (several technologies including HSPA+ and EVDO; measured in dB)
Excellent above −2 (closer to 0 is better)
Good −2 to −5
Fair −5 to −10
Poor below −10

SINR = Signal to Interference plus Noise Ratio (LTE only; measured in dB)

Excellent above 12.5
Good 10 to 12.5
Fair 7 to 10
Poor below 7

CINR = Carrier to Interference plus Noise Ratio (WiMAX only; measured in dB)

Excellent above 22
Good 16 to 22
Fair 9 to 16
Poor below 9

Additional Disclaimers: 

There is no black and white answer to what constitutes a successful connection. It is possible to disconnect with green values – or connect with red values – for several reasons, including:

1) Modems may vary.

We support hundreds of modems, and not all of them have the same ranges of acceptable values. For example: in our experience the Pantech UML290 and Novatel 551L require minimum RSSI values of −64 for acceptable connections.


2) You must factor in BOTH Signal Strength and Signal Quality.

It is possible to have excellent RSSI but disconnect because of poor quality (and vice versa).


3) Signal Strength and Signal Quality values do not hold constant. 

The variance of a signal is a significant factor in the success of a connection. A particular reading represents one moment, but these values may vary dramatically over time. A stable connection requires consistency. This is a sample graph of RSSI values that shows how much the values jump (from http://radiomobile.pe1mew.nl/):
Sample RSSI graph

4) Other factors: tower load, signal going through a repeater/booster, etc.

Some factors that don’t show up in Signal Strength/Signal Quality values can greatly impact a connection.

Permalink

0 Comments - Leave a Comment