FAQs

CradlePoint Services (24)

View category →

Summary

Upgrading the modem firmware regularly is important to keep a secure and reliable internet connection. This can be done manually or through ECM, this document focuses on upgrading through ECM.

Please note that this only upgrades the modem firmware, to upgrade the router firmware click here. To connect with this modem you must also have an activated SIM from the carrier in the device. During the upgrade process the modem will restart: the router may go offline for a few minutes if this modem is it’s primary WAN connection.

Although a single Cradlepoint modem may have two SIM card slots (e.g., IBR1100 integrated modem), it is one modem module and can only have one modem firmware version, and therefore only one carrier at a time. The exception is that the AER 2100 could have two distinct integrated MC400 modems, each with two SIM slots. So while each modem by itself can only have one firmware version, the AER 2100 can support two integrated modems – on distinct carriers- simultaneously.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Log in to Enterprise Cloud Manager.
  • Step 2: Select the Devices tab and then Network Interfaces from the drop down menu at the top.

User-added image

  • Step 3: Next we need to locate the modem we want to upgrade. The easiest way to do this is by sorting the Router Name or Router ID column, or to search by a specific router name using the search tool.
  • Step 4: In the example shown below, the grid is filtered using the search tool (searched by a specific router name, IBR1100LPE) and the filter tool (selected Modems) in the top toolbar so that only the two relevant interfaces display.

User-added image

  • Step 5: To check if the modem firmware is current, first select the desired interface. *Note that integrated modems with two SIM slots show two interfaces in the grid. Both will always have the same modem firmware, so selecting either one will have the same results.
  • Step 6: Once you have selected an interface, click Commands in the top toolbar and Upgrade Modem Firmware in the drop down menu. *Note that you can also check if your modem has the latest firmware by selecting Check for New Modem Firmware

User-added image

  • Step 7: Please review the agreement notes before proceeding. The modem will restart after this point.

User-added image

  • Step 8: Once you click the OK button, the firmware upgrade will begin.
  • Step 9: The modem firmware upgrade takes a few minutes. The Modem FW Status column shows the state of the update, e.g., “Downloading (38%),” and the Modem FW column shows the update that is in process.

User-added image

  • Step 11: Once complete, the Modem FW Status column says, “Upgrade Successful” and the Modem FW column is updated with the new firmware version:

User-added image

  • Step 12: If the update fails for some reason, reboot the router before trying again.

Troubleshooting

  • You may also need to make sure you are trying to use the same interface and SIM slot. Some products contain two SIM slots, and therefore there are two “Internal LPE” interfaces displayed in Connection Manager. If your active SIM is in slot 1, the “Internal LPE (SIM1)” will be the one to connect with that SIM; SIM slot 2 will correspond to “Internal LPE (SIM2)”.
  • If the modem is unable to complete the upgrade and no internet connection remains, local access to update the modem will be necessary. Click here to upgrade the modem firmware manually.

Permalink

0 Comments - Leave a Comment

Cradlepoint 6.0 Firmware Upgrade

Products Supported: AER31x0, AER21x0, MBR1400v2, MBR1400, MBR1200B, CBA850, CBA750B, IBR11x0, IBR6x0, and IBR350.

Summary

Firmware version 6.0 has been released and introduces a vastly improved GUI for all routers. The new GUI takes the look and feel of Enterprise Cloud Manager (ECM) and brings it to the router. The menus have been reworked to be more intuitive and discoverable, and yet the configuration experience in itself has stayed similar to the previous UI. In short, finding the menus is easier and configuration has stayed as easy as always.

ECM users will immediately be displayed the new router GUI when configuring a router or group of routers with FW 6.0 or greater providing an improved and consistent user experience across the platform.

Along with the new UI, some notable new functionality is now available in FW 6.0:

  • Object Firewall
    • Independently create identities and policies, then match them to create rules
    • Easier to configure and more flexible
  • Connection Manager has been revamped, and now easily configurable in ECM
    • Manage all WAN connections remotely in a single, intuitive UI
  • WiFi-as-WAN Improvements
    • Intelligent AP handover capability

Cradlepoint recommends upgrading a few routers and take some time to get familiar with the UI, the new firewall, Connection Manager, and other important configuration elements, before moving their entire fleet.

Firmware 6.0 will comes with more extensive documentation to ease the transition.

Permalink

0 Comments - Leave a Comment

Summary

This article describes the process of enabling modem Data Usage tracking through Enterprise Cloud Manager (ECM).

Data usage information is initially tracked within the routers, and then sent to ECM at specified intervals. ECM has multiple options for displaying the received modem data usage statistics:

  • Dashboard provides a quick, visual overview of your devices’ data usage
  • Reports will generate a CSV file containing the data usage information
  • Alerts can be configured to send an email whenever modems reach user-defined data thresholds

Note: There is a potential for some loss of data between the router and ECM if, for example, the router reboots before sending a usage sample. The data usage numbers in ECM are strictly estimates and are dependent on information provided by the modem through the router: these may not match the carrier numbers. The carrier is the final authority for billing purposes.


Configuration

Adjust Reporting Interval or Disable Usage Reporting

Configuration Difficulty: Intermediate

Data Usage Reporting is enabled by default, with an interval of 1 hour. This interval can be as increased to full 24 hours, or decreased to mere 5 minutes. A shorter reporting interval will provide a more accurate depiction of data usage at a given moment. Please keep in mind that the process of sending each report to ECM also uses up data, so setting a short reporting interval will result in greater overall data usage.

Note: The user-defined interval is a minimum: there are some event triggers that could cause additional data usage reports to be sent to ECM, such as heavy data usage.

To change the reporting interval, follow the directions listed below:

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Click on the Groups tab.

User-added image

  • Step 4: Select the group for which you wish to adjust data usage reporting setting, and click Settings.
    • Note: For this change to apply to multiple groups, each group has to be edited individually.

User-added image

  • Step 5: Move the slider next to Enable Data Usage Reporting to adjust the reporting interval.
  • Click OK to save the changes.

User-added image

Note: From the same interface, it is possible to completely disable data usage monitoring. To do so, simply remove the check-mark from the box next to Enable Data Usage Reporting.

User-added image

View Data Usage through the Dashboard

Configuration Difficulty: Beginner

With ECM it is possible review modem data usage at a glance, both on the group level and for each individual router.

  • To view aggregated data usage information, pulled from all interfaces of routers registered under your account, log into your ECM account, and click on the Dashboard tab in the menu on the left.
  • To view router-specific information, click on the Devices tab on the left, and then click on the name of the router to open its individual Dashboard.

Generate CSV Report

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
    • Note: There will be no historical data available for any devices that were not in groups or were in groups that had data usage reporting disabled.
  • Step 3: Click on the Reports tab.
  • Step 4: Click the arrow icon in the Report Type field and select Data Usage.

User-added image

  • Step 5: Specify a report date range by manually selecting start and end dates and times, or by clicking one of the quick option buttons.

User-added image

  • Step 6: Specify a data source by clicking within either the Accounts or Groups fields and then click OK.
    • Note: Selecting the accounts without specifying groups will pull data from all routers within all groups under the selected accounts.

User-added image

User-added image

  • Step 7: Select any additional fields to be displayed in your report from the list within the Router, Network Interface, or Modem Information sections.
  • Step 8: Click Run Report to generate a CSV file with the specified information.

User-added image

  • Step 9: Click OK to close the report notification.
  • Step 10: Within a few seconds your browser will ask what to do with the generated file. Pick the option to either open the file or to save it, and then click OK.
    • Note: If you do not get this option, please check your browser security settings.

User-added image
Optional:

  • Step 11: Click Create Saved Report to tell ECM to remember the selected time interval, data source, and any additional information fields selected.
    • For a saved report, it is recommended to use a time interval, like 1 Week, instead of hard start and end dates.
  • Step 12: To run a saved report at a later time, select it in the Saved Reports drop-down menu at the top of the Reports page, and click the Run Report button.

Configure Usage Alerts

Configuration Difficulty: Intermediate

Data Usage Alerts ignore the defined data usage report interval and get sent out immediately. CradlePoint recommends setting up data threshold Alerts for the most accurate, consistent information: receive an email whenever you reach one of your thresholds. For example, configure ECM to email you when your modem reaches 85% and 100% of your monthly data plan.

  • Step 1: Log into your ECM account.
  • Step 2: If your router is not already part of a group, refer to this article for help with moving the router to a group. Otherwise, skip to the next step.
  • Step 3: Navigate to the Groups tab and select the group that will have the ability to generate data usage alerts. ClickConfiguration and choose Edit in the drop-down menu.

User-added image

  • Step 4: In the Edit Configuration window, click Internet and choose Data Usage in the drop-down.

User-added image

  • Step 5: Make sure Enable Data Usage is checked, and then click Add within the Template configuration section.

User-added image

  • Step 6: Define the data usage rule. Click here for an in-depth explanation of available options.
    • We recommend setting the thresholds lower than the billing allowances and regularly comparing the numbers ECM reports with those from the carrier.
  • Step 7: Click Submit to save the rule.

User-added image

  • Step 8: Click Commit Changes to send the the setting to the router, then click OK to close the warning message.
User-added image
  • Step 9: Click the Alerts tab in the menu on the left, then click the drop-down arrow next to Log and choose Settings.
User-added image
  • Step 10: Click Add to create a new alert.
User-added image
  • Step 11: Define the alert parameters and Save the rule.
    • Specify the groups and/or accounts that will generate the data usage alerts.
    • Choose Data Cap Threshold and any additional events that should generate an alert.
    • Optional: Select users that will receive alerts by email. If a user is not selected, alert events will be displayed on the Alerts>Log page, but no email will be sent out.
    • Optional: Set interval. By default, every alert event will immediately be processed, but this functionality can be adjusted to send a batch of alert events in an hourly or daily digest.

User-added image


Troubleshooting

There are No Data Usage Statistics Displayed

If you are running a report, or viewing data usage on the Dashboard, and there is nothing displayed, please check the following:

  • Data Usage Reporting might be disabled for the group
  • The modem might not be reporting any usage
    • The WAN connection could be completely unused for the selected time period
    • The modem is disconnected and is not sending data usage statistics to ECM

Permalink

0 Comments - Leave a Comment

Summary

ECM provides the ability to be alerted to the presence of an Access Point that is unrecognized. This article details how to configure this functionality. After configuration the alert displays after running a WiFi site survey when a rogue access point not marked as known is detected broadcasting the same SSID as the device running the site survey.  This helps identify potential access point hijacking, evil twin, and man-in-the-middle WiFi attacks.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Log into your ECM account.
  • Step 2: Place a checkmark next to the router.
  • Step 3: Select Commands and then WiFi Site Survey.

img1

  • Step 4: If you are ready to proceed, click Yes.
    • Note: Performing a WiFi Site Survey may temporarily cause some wireless clients to lose their connection or stall their network traffic while the survey is being completed. It is recommended that this operation is performed during off hours.
  • Step 5: Next to Devices click Device and select Rogue AP.

img2

  • Step 6: Place a check mark next to any SSID’s you control or trust.
  • Step 7: Press Mark as Known to trust these SSID’s.
    • Note: Trusted/Known SSID’s are displayed with a green Thumbs Up icon. Untrusted/Unknown SSID’s are displayed with a red Thumbs Down icon.

img3

  • Step 8: Select Alerts in the navigation menu.
  • Step 9: Next to Alerts click Log and select Settings.

img4

  • Step 10: Click Add to create a new Alert.
  • Step 11: Select the Accounts/Groups to be monitored.
  • Step 12: Under Alerts expand the Security section and select Rogue Access Point Detected.

img5

  • Step 13: Configure the Users to be alerted and the Interval for when to alert.
  • Step 14: Click Save.

Permalink

0 Comments - Leave a Comment

May 19, 2015

Notice

On June 19, 2015, Cradlepoint will be changing the IP Address for Enterprise Cloud Manager (ECM).  This change will require assigning a new IP Address to cradlepointecm.com, www.cradlepointecm.com and stream.cradlepointecm.com.  Most ECM customers will not notice any changes as the new DNS settings will be implemented automatically.  Please read further to understand if you are affected by this change.

Who is NOT affected

Customers who have not added a firewall rule, or use DNS names for accessing ECM, are not affected.

Who is affected

Customers who have added a firewall rule to allow access to ECM using the IP Address 198.61.136.185, are affected.

Actions to take if you are affected

Customers who have implemented specific IP addresses into their firewall systems will need to update their firewall rules, adding the following new IP addresses, in order to access ECM after June 19th.

It is recommended that customers not use the actual IP addresses for ECM, but use the DNS names as this prevents access problems when changes are made to IP addresses.

This email is being sent to all ECM Administrators who Cradlepoint has on record. Please forward this communication to all appropriate personnel within your company.

New IP addresses effective June 19, 2015

52.24.50.2

52.25.11.64

52.24.203.54 – (reserved for future use)

52.25.11.71 – (reserved for future use)

In order to allow for full availability, all four addresses should be used.

Permalink

0 Comments - Leave a Comment

General M2M Question (24)

View category →

The Sierra Wireless GX400/440 has two visible Ethernet LEDs on the rear panel of the GX400 and GX440 devices:

  • Left LED (Activity) – Blinks Yellow when there is activity
  • Right LED (Link Speed):
    • Green – 100 Mbps
    • Orange – 10 Mbps

AirLink GX400 + GX440 FAQ

Permalink


Four LEDs are visible from the front and top of the AirLink GX400. Labeled (from left to right) Network, Signal, Activity, and Power, each LED can display one of three colors: green, yellow, or red.

  • LED Operation:
  • Off – No activity
  • Green – Full function
  • Yellow – Limited Function
  • Red – Not functional
  • Blinking – Where needed, blinking is used to indicate altered functionality
  • Network LED:
  • Green – On the network
  • Flashing Green – Roaming
  • Yellow – Found service, attempting to connect
  • Flashing Yellow – Link down
  • Red – No data connection available
  • Signal LED – Light shows the strength of the signal and may be nearly solid
    (strong signal) or flashing (weaker signal). A slow flash indicates a very weak
    signal
  • Green – Good signal
  • Yellow – Marginal signal
  • Red – Bad signal
  • Flashing Red – No signal
  • ActivityLED – Pulse green on packet transmit/receive on radio link.
    Otherwise, LED is off
  • Power LED:
  • Off – No power (or above 36V or below 7.5V)
  • Red – System not operational
  • Green – Normal operation
  • Green, Occasional Yellow – GPS Lock
  • Yellow – Low power mode or system booting

Caution: If you need to reset the device configuration using the Reset button, hold the button depressed until the LEDs start cycling yellow, and then release the button.

Light Patterns

The LEDs on the front of the device respond with different light patterns to indicate device states.

    Normal – Each LED is lit as applicable

  • Start up and Device Reboot – All LEDS simultaneously cycle red, yellow, and green at the start. Various light patterns continue until the Power LED turns yellow, and then a solid green, to indicate an active device
  • Radio Passthrough (H/W) – Network LED is a solid red
  • Factory Reset – All LEDs cycle yellow back and forth when the Reset pin is briefly depressed and released. Returns the device’s software to the factory default state
  • Data Retry, Failed Auth, and Retrying – The Network LED blinks red every 3 seconds

Permalink

0 Comments - Leave a Comment

The Sierra Wireless GX400/440 can be reset to factory defaults by pressing and holding the “Reset” button continuously for 7 – 8 seconds. When all LEDs start flashing Yellow, release the Reset button and the unit will re-boot with the factory default options.

Permalink


ALEOS Application Framework (ALEOS AF) provides developers a complete set of building blocks and tools for creating applications that run inside Sierra Wireless AirLink GX gateways. ALEOS AF builds on the proven ALEOS built-in embedded intelligence and integrates with the AirVantage M2M Cloud Platform in order to offer developers and customers a platform for creating tailored end-to-end M2M solution.

ALEOS AF provides M2M and network protocol stacks, remote application and data management, access to existing ALEOS services, and direct access to hardware interfaces for building custom M2M applications.

ALEOS AF gets solutions to market faster, simplifies deployment, and allows for specialized features that yield cheaper and more focused solutions. Intelligence at the edge reduces hardware and communication costs by preprocessing and transmitting only necessary data.

For a visual introduction to what is ALEOS AF and what it enables please see the ALEOS AF video below.

Permalink


Briefly press the Reset button to initiate a power up or reboot. All LEDs turn Red, then Yellow, then Green, and then light in the configurations below. After the kernel has booted, while the ALEOS software is initializing, the Power LED turns Yellow, then Green, and the Network LED will flash Yellow, change to a solid Yellow, and finally turn Green.

Permalink


Cradlepoint Products (7)

View category →

Connection Manager


The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.

WAN Interfaces

This is a list of the available interfaces used to access the Internet. You can enable, stop, or start devices from this section. By using the priority arrows (the arrows in the boxes to the left – these show if you have more than one available interface), you can set the interface the router uses by default and the order that it allows failover.

In the example shown, Ethernet is set as the primary Internet source, while a 4G LTE modem is attached for failover. The Ethernet is “Connected” while the LTE modem is “Available” for failover. A WiFi-as-WAN interface is also attached and “Available”.

  • Load Balance: If this is enabled, the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session.
  • Enabled: Selected by default. Deselect to disable an interface.

Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled.

Click on a device in the list to reveal additional information about that device.

Selecting a device reveals the following information:

  • State (Connected, Available, etc.)
  • Port
  • UID (Unique identifier. This could be a name or number/letter combination.)
  • IP Address
  • Gateway
  • Netmask
  • Stats: bytes in, bytes out
  • Uptime

Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device.

WAN Configuration

Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types.

General Settings

Device Settings
  • Enabled: Select/deselect to enable/disable.
  • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks. Select this option to force NAT whenever this WAN device is being used.
  • Priority: This number controls failover and failback order. The lower the number, the higher the priority and the more use the device will get. This number will change when you move devices around with the priority arrows in the WAN Interfaces list.
  • Load Balance: Select to allow this device to be available for the Load Balance pool.
  • Download bandwidth: Defines the default download bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • Upload bandwidth: Defines the default upload bandwidth for use in Load Balance and QoS (quality of service, or traffic shaping) algorithms. (Range: 128 Kb/s to 1 Gb/s.)
  • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.)
  • Hostname (This only shows for certain devices.)
IPv4 Failure Check (Advanced)

If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used. If the interface goes down, the router will switch to the next highest priority interface available. If this is not selected, the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed.

Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.)

Monitor while connected: (Default: Off) Select from the following dropdown options:

  • Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds. If no data is received the router behaves as described below under Active DNS.
  • Active DNS (modem only): A DNS request will be sent to the DNS servers. If no data is received, the DNS request will be retried 4 times at 5-second intervals. (The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server.) If still no data is received, the device will be disconnected and failover will occur.
  • Active Ping: A ping request will be sent to the Ping Target. If no data is received, the ping request will be retried 4 times at 5-second intervals. If still no data is received, the device will be disconnected and failover will occur. When “Active Ping” is selected, the next line gives an estimate of data usage in this form: “Active Ping could use as much as 9.3 MB of data per month.” This amount depends on the Idle Check Interval.
  • Off: Once the link is established the router takes no action to verify that it is still up.

Ping IP Address: If you selected “Active Ping”, you will need to input an IP address. This must be an address that can be reached through your WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2.

IPv6 Failure Check (Advanced)

The settings for IPv6 Failure Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address.

Failback Configuration (Advanced)

This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network.

Select the Failback Mode from the following options:

  • Usage
  • Time
  • Disabled

Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made.

  • High (Rate: 80 KB/s. Time Period: 30 seconds.)
  • Normal (Rate: 20 KB/s. Time Period: 90 seconds.)
  • Low (Rate: 10 KB/s. Time Period: 240 seconds.)
  • Custom (Rate range: 1-100 KB/s. Time Period range: 10-300 seconds.)

Time: Fail back only after a set period of time. (Default: 90 seconds. Range: 10-300 seconds.) This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down. This ensures that the higher priority interface has remained online for a set period of time before it becomes active (in case the connection is dropping in and out, for example).

Disabled: Deactivate failback mode.

Immediate Mode: Fail back immediately whenever a higher priority interface is plugged in or when there is a priority change. Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes.

IP Overrides

IP overrides allow you to override IP settings after a device’s IP settings have been configured.

Only the fields that you fill out will be overridden. Override any of the following fields:

  • IP Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

IPv6 Settings

The IPv6 configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.

This is a dual-stacked implementation of IPv6, so IPv6 and IPv4 are used alongside each other. If you enable IPv6, the router will not allow connections via IPv4. When IPv6 is enabled, some router features are no longer supported. These are:

  • RADIUS/TACACS+ accounting for wireless clients and admin/CLI login
  • IP Passthrough (not needed with IPv6)
  • NAT (not needed with IPv6)
  • Bounce pages
  • UPnP
  • Network Mobility
  • DHCP Relay
  • VRRP, GRE, GRE over IPSec, OSPF, NHRP
  • Syslog
  • SNMP over the WAN (LAN works)

There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd).

  • Native – (Auto and Static) The upstream ISP routes IPv6 packets directly.
  • IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively. The reply is encapsulated by the tunnel endpoint in an IPv4 packet and routed back over an IPv4 route. Some tunnel modes do not require upstream ISPs to route or even be aware of IPv6 traffic at all. Some modes are utilized by upstream ISPs to simplify the configuration and rollout of IPv6.

Enable IPv6 and select the desired IPv6 connection method for this WAN interface.

  • Disabled (default) – IPv6 disabled on this interface.
  • Auto – IPv6 will use automatic connection settings (if available).
  • Static – Input a specific IPv6 address for your WAN connection. This is provided by the ISP if it is supported.
  • 6to4 Tunnel – Encapsulates the IPv6 data and transfers it to an automatic tunnel provider (if your ISP supports it).
  • 6in4 Tunnel – Encapsulates the IPv6 data and sends it to the configured tunnel provider.
  • 6rd Tunnel (IPv6 rapid deployment) – Encapsulates the IPv6 data and sends it to a relay server provided by your ISP.

When you configure IPv6, you have the option to designate DNS Servers and Delegated Networks. Because of the dual-stack setup, these settings are optional: when configured for IPv6, the router will fall back to IPv4 settings when necessary.

DNS Servers

Each WAN device is required to connect IPv4 before connecting IPv6. Because of this, DNS servers are optional, as most IPv4 DNS servers will respond with AAAA records (128-bit IPv6 DNS records, most commonly used to map hostnames to the IPv6 address of the host) if requested. If no IPv6 DNS servers are configured, the system will fall back to the DNS servers provided by the IPv4 configuration.

Delegated Networks

A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration. The IPv6 model is for each device to have end-to-end IP connectivity without relying on any translation mechanism. In order to achieve this, each client device on the LAN network needs to have a publicly routable IPv6 address.

Auto

IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements):

  • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks. (Default: 63)
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Static

As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed.

  • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR).
  • IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP.
  • Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6to4 Tunnel

Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.

  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6in4 Tunnel

The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.

  • Tunnel Server IP – Input the tunnel server IP address provided by your tunnel service.
  • Local IPv6 Address – Input the local IPv6 address provided by your tunnel service.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

6rd Tunnel

IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.

  • 6rd Prefix – The 6rd prefix and prefix length should be supplied by your ISP.
  • IPv4 Border Router Address – This address should be supplied by your ISP.
  • IPv4 Common Prefix Mask – Input the number of common prefix bits that you can mask off of the WAN’s IPv4 address.
  • Primary IPv6 DNS Server – (optional) Depending on your provider, this may be required. This only takes effect if the default global DNS setting on the Network Settings → DNS page is “Automatic”.
  • Additional IPv6 DNS Server – Secondary DNS server.
  • Delegated IPv6 Network – (optional) Network available for delegation to LANs. Depending on your provider, this may be required. Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs.
  • Delegated IPv6 Network – Additional network available for delegation to LANs.

Example Configuration:

Ethernet Settings

While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following:

  • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
  • MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.

Connect Method

Select the connection type that you need for this WAN connection. You may need to check with your ISP or system administrator for this information.

  • DHCP (Dynamic Host Configuration Protocol) is the most common configuration. Your router’s Ethernet ports are automatically configured for DHCP connection. DHCP automatically assigns dynamic IP addresses to devices in your networks. This is preferable in most circumstances.
  • Static allows you to input a specific IP address for your WAN connection; this should be provided by the ISP if supported.
  • PPPoE should be configured with the username, password, and other settings provided by your ISP.

If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information.

Static (Manual):

  • IPv4 Address
  • Subnet Mask
  • Gateway IP
  • Primary DNS Server
  • Secondary DNS Server

PPPoE:

  • Username
  • Password
  • Password Confirm
  • Service
  • Auth Type: None, PAP, or CHAP

Modem Settings

Not all modems will have all of the options shown below; the available options are specific to the modem type.

On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained.

IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask).

Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection. If the Internet has been unreachable for a period of time, a reset of the modem will occur in attempt to re-establish the connection.

Automatically check for new firmware: (Default: selected) The modem will automatically check for firmware updates by default.

Enable Aux Antenna: (Default: selected) Enable or disable the modem’s auxiliary diversity antenna. This should normally be left enabled.

GPS Signal Source: Select the antenna to be used for receiving GPS coordinates. Some products support a dedicated GPS antenna, while others use the auxiliary diversity antenna only (and some products support both).

Enable eHRPD: (Default: selected) Enable or disable the modem’s ability to connect via eHRPD (enhanced High Rate Packet Data) when connecting to a 3G EVDO network on Sprint. eHRPD routes EVDO traffic through the LTE systems, enabling easy transitions between LTE and EVDO. In rare cases it may make sense to bypass the LTE core, so this field allows you to disable eHRPD.

Modem Connection Mode: Specify how the modem should connect to the network. Not all options are available for all modems; this will default to Auto if an incompatible mode is selected.

  • Auto (all modes): Let the modem decide which network to use.
  • Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE.
  • Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX.
  • Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE.
  • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only.
  • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.

Network Selection Mode: Wireless carriers are assigned unique network identifying codes known as PLMN (Public Land Mobile Network). To manually select a particular carrier, select the Manual radio button and enter the network PLMN. Choose from the following options:

  • None/No Change
  • Auto: Selected by default
  • Home only
  • Manual: Input the PLMN code

Functional Mode: Selects the functional mode of the modem. IPPT (IP passthrough) mode causes the modem to act as a transport, passing Internet data and IP address information between the modem and the Internet directly. NAT mode causes the modem to NAT the IP address information. Consequently, IPPT mode does not allow user access to the modem web UI and NAT mode does allow user access to the modem web UI.

  • None/No Change
  • IPPT
  • NAT

Network-Initiated Alerts: This field controls whether the Sprint network can disconnect the modem to apply updates, such as for PRL, modem firmware, or configuration events. These activities do not change any router settings, but the modem connection may be unavailable for periods of time while these updates occur. The modem may also require a reset after a modem firmware update is complete.

  • Disabled: The request to update will be refused.
  • When Disconnected: The request to update will only be performed when the modem is either in a disconnected state or dormant state. If the modem is not in one of these states when the request is received, then the router will remember the request and perform the update when the modem becomes disconnected/dormant.
  • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is.

Network-Initiated Schedule: When you select “On Schedule” for Network-Initiated Alerts, you also select a time from this dropdown list. Modem updates will take place at this scheduled time.

AT Config Script: Enter the AT commands to be used for carrier specific modem configuration settings. Each command must be entered on a separate line. The command and associated response will be logged, so you should check the system log to make sure there were no errors.

NOTE: AT Config Script should not be used unless told to do so by your modem’s cellular provider or by a support technician.

AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include “OK”, except the final command response, which must include “CONNECT”.

Example:

AT
ATDT*99***2#

WiMAX Settings

WiMAX Realm: Select from the following dropdown options:

  • Clear – clearwire-wmx.net
  • Rover – rover-wmx.net
  • Sprint 3G/4G – sprintpcs.com
  • Xohm –xohm.com
  • BridgeMAXX – bridgeMAXX.com
  • Time Warner Cable – mobile.rr.com
  • Comcast – mob.comcast.net

TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options:

  • MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5)
  • PAP (Password Authentication Protocol)
  • CHAP (Challenge Handshake Authentication Protocol)

TTLS Username: Username for TTLS authentication.

TTLS Password: Password for TTLS authentication.

WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise.

CDMA Settings

These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.

  • Persist Settings: If this is not checked, these settings will only be in place until the router is rebooted or the modem is unplugged.
  • Active Profile: Select a number from 0-5 from the dropdown list.

The following fields can be left blank. If left blank they will remain unchanged in the modem.

  • NAI (Username@realm): Network Access Identifier. NAI is a standard system of identifying users who attempt to connect to a network.
  • AAA Shared Secret (Password): “Authentication, Authorization, and Accounting” password.
  • Verify AAA Shared Secret
  • HA Shared Secret: “Home Agent” shared secret.
  • Primary HA
  • Secondary HA
  • AAA SPI: AAA Security Parameter Index.
  • HA SPI: HA Security Parameter Index.

SIM/APN/Auth Settings

SIM PIN: PIN number for a GSM modem with a locked SIM.

Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password.

Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.

  • Default: Let the router choose an APN automatically.
  • Default Override: Enter an APN by hand.
  • Select: This opens a table with 16 slots for APNs, each of which can be set as IP, IPV4V6, or IPV6. The default APN is marked with an asterisk (*). You can change the APN names, select a different APN, etc. For Verizon modems, only the third slot is editable. Changes made here are written to the modem, so a factory reset of the router will not impact these settings.

Update/Activate a Modem

Some 3G/4G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control” to open the “Update/Activate” window. If no methods are displayed for your device then you will need to update and activate your device externally.

To update or activate a modem, select the modem in the WAN Interfaces table and click “Control”.

The modem does not support Update/Activate methods: A message will state that there is no support for PRL Update, Activation, or FUMO.

The modem supports Update/Activate methods: A message will display showing options for each supported method:

  • Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration.
  • Preferred Roaming List (PRL) Update
  • Firmware Update Management Object (FUMO)

Click the appropriate icon to start the process.

If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure. When the operation is done the modem will go back to an idle state, at which point the router may restart it depending on failover and failback settings.

NOTE: Only one operation is supported at a time. If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done. However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation.

Process Timeout: If the process fails an error message will display.

Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout.

Update Modem Firmware

Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available.

If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device.

Reset the Modem

Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.

Configuration Rules (Advanced)

This section allows you to create general rules that apply to the Internet connections of a particular type. These can be general or very specific. For example, you could create a rule that applies to all 3G/4G modems, or a rule that only applies to an Internet source with a particular MAC address.

The Configuration Rules list shows all rules that you have created, as well as all of the default rules. These are listed in the order they will be applied. The most general rules are listed at the top, and the most specific rules are at the bottom. The router goes down the list and applies all rules that fit for attached Internet sources. Configuration settings farther down the list will override previous settings.

Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.”

WAN Configuration Rule Editor

After clicking “Add” or “Edit,” you will see a popup with the following tabs:

  • Filter Criteria
  • General Settings
  • IP Overrides
  • IPv6 Settings
  • Ethernet Settings
  • Modem Settings
  • WiMAX Settings
  • CDMA Settings
  • SIM/APN/Auth Settings

Filter Criteria

If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies:

  • Rule Name: Create a name meaningful to you. This name is optional.

Make a selection for “When,” “Condition,” and “Value” to create a condition for your rule. The condition will be in the form of these examples:

When Condition Value
Port is USB Port 1
Type is not WiMAX
  • When:
    • Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”).
    • Manufacturer – Select by the modem manufacturer, such as Sierra Wireless.
    • Model – Set your rule according to the specific model of modem.
    • Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
    • Serial Number – Select 3G or LTE modem by the serial number.
    • MAC Address – Select WiMAX modem by MAC Address.
    • Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
  • Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
  • Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.

Once you have established the condition for your configuration rule, choose from the other tabs to set the desired configuration. All of the tabs have the same configuration options shown above in the WAN Configuration section (i.e., the options for Configuration Rules are the same as they are for individual devices).

Permalink


Router Firmware Upgrade: Best Practices

Products Supported: Series 3 Click here to identify your router.


Quick Links

Summary

Configuration

Best Practices

Related Articles


Summary

This article provides instructions on how to upgrade your Series 3 Cradlepoint router through the local device and through Enterprise Cloud Manager(ECM). Best practices regarding firmware upgrades are also listed within this article.

Caution: Updating the firmware can permanently damage your router. The upgrade process will take several minutes. Do not unplug your router from the provided power supply during this process.

Note: Downgrading firmware to a version lower than 5.2.0 will require resetting the router to factory default settings.


Configuration

Configuration Difficulty: Easy

Local Router Upgrade

Automatically Upgrading from 5.4.x or Earlier

Note: The device has to be on the internet to update automatically

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the top menus to System Settings>System Software
User-added image
  • Step 3: Press the Automatic(Internet) button.
User-added image

Automatically Upgrading from 6.0.x or Later

Note: The device has to be on the internet to update automatically

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the left-hand menus to System>System Control>System Firmware
User-added image
  • Step 3: Press the Automatic(Internet) button.
User-added image

Downloading Firmware for Manual Upgrade

Note: These instructions are only for manual firmware upgrades. You do not need to download firmware when upgrading automatically or with ECM.

  • Step 1: Log into your Connect Portal account. The login page can be found here.
  • Step 2: Click the menu button. Hover over My Support and click Firmware Downloads.
User-added image
  • Step 3: Select the model of your router from the drop down menu.
User-added image
  • Step 4: Click download on the firmware version you are updating to
User-added image

Manually Upgrading from 5.4.x or Earlier
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the top menus to System Settings>System Software
User-added image
  • Step 3: Press the Manual Firmware Upload button.
User-added image
  • Step 4: In the box that appears press Choose File and use the pop up window to navigate to the firmware file
User-added image
  • Step 5: Press Begin Firmware Update
User-added image

Manually Upgrading from 6.0.x or Later
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Navigate across the left-hand menu to System>System Control>System Firmware
User-added image
  • Step 3: Press the Manual Firmware Upload button.
User-added image
  • Step 4: In the box that appears press Select Firmware File and use the pop up window to navigate to the firmware file
User-added image
  • Step 5: Press Begin Firmware Update
User-added image

ECM Upgrade

  • Step 1: Log into your Enterprise Cloud Manager account. The login page can be found here.
  • Step 2: Navigate across the left-hand menu to Groups.
User-added image
  • Step 3: Create a new group for the device using the firmware the device is currently on.
User-added image
  • Step 4: Navigate to Devices and select the router. Press the move button and put it in the new group.
User-added image
User-added image
  • Step 5: Navigate back to the groups page and press firmware. Select the firmware you would like to upgrade to.
User-added image
  • Step 6: Press Run Now
User-added image

Best Practices

Configuration Backup

It is recommended that before upgrade you backup your configuration. Click here for help making backups.

Firmware Testing

Before upgrading routers in a live deployment, it is a good idea to test the firmware before updating all your devices. Testing beforehand also helps to have a smoother time when upgrading all your devices.

The best way to test is to have a lab environment where you can create a situation similar to your live network and test how your configuration will work with different firmware.

The next step would be to test a small controlled group of devices in production on the prospective firmware to ensure a smooth transition for that firmware to your network.

Stair Stepping

When upgrading firmware between major and minor versions, it is highly recommended to perform a stair-step upgrade. A stair step upgrade entails making short jumps between firmware versions as shown below.

           Example: From 5.1.1 to 6.1.0
                   Start:___5.1.1
                Update 1:_________5.2.0
                Update 2:_______________5.2.4
                Update 3:_____________________5.3.4
                Update 4:__________________________ 5.4.1 
                Update 5:_________________________________6.0.1
                     End:_______________________________________6.1.0

Permalink


Products Affected: AER31x0, AER2100, AER16x0, IBR11x0, IBR9x0, IBR6x0, IBR6x0B, IBR6x0C, IBR350, CBA850, and MBR1200B. Click here to identify your router.

Summary

Cradlepoint was notified of critical security vulnerabilities discovered in the dnsmasq network service (CVE-2017-14491 and others); in response Cradlepoint has taken steps to incorporate the dnsmasq version 2.78 into its latest NetCloud OS.

If exploited, this vulnerability could allow attackers to remotely execute code, forward the contents of process memory, or disrupt service on an affected router. As described in various sources, this flaw is difficult to trigger, requiring an attacker who controls a specific domain to send DNS requests to dnsmasq requiring it to cache replies from that domain. Through carefully constructing DNS requests and responses, dnsmasq could cause an internal buffer overflow using content influenced by the attacker.

More details can be found here: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html.


Affected Products

Cradlepoint recommends customers immediately upgrade products to the upcoming NetCloud OS versions (available 10/30/17) to mitigate this vulnerability. All router products are affected, including:

• AER3100 / AER3150
• AER2100
• AER1600 / AER1650
• IBR1100 / IBR1150
• IBR900 / IBR950
• IBR600 / IBR650
• IBR600B / IBR650B
• IBR600C / IBR650C
• IBR350
• MBR1200B
• CBA850

NOTE: Routers used in default configuration were not exposed on their WAN interfaces. Routers were exposed to their Local Network, including the Guest LAN (if enabled).

NetCloud Manager has been patched for all its own affected services. Usernames and passwords are not at risk.


NetCloud OS Patch

6.4.2 (Available 10/30/17) – All products listed above

6.4.3 (Available 12/11/17) – IBR900/IBR950 – FIPS

Remote NetCloud OS Upgrades

For remote devices, Cradlepoint recommends using NetCloud Manager to upgrade NetCloud OS, manage networks intelligently, and avoid costly truck rolls. If you haven’t deployed NetCloud Manager, you can start a free 30-day trial of NetCloud Manager today.
Local NetCloud OS Upgrades

For information on updating NCOS locally on the Cradlepoint please consult the below articles.

NCOS: Automatic NetCloud OS Update

NCOS: How to update the NCOS of a Cradlepoint router.


Interim Mitigation Until NetCloud OS Release

Because malicious tools could be used to obtain passwords during this period, Cradlepoint recommends the following steps to protect your network during the interim:

  1. Disable Guest Access via the NETWORKING > Local Networks > Local IP Networks tab.

Once NetCloud OS 6.4.2 or 6.4.3 is Available
1. Upgrade to the latest NetCloud OS version
2. Re-enable Guest Access if it was disabled

Permalink


Summary

Two new vulnerabilities that affect many modern microprocessors were published on January 3rd, 2018. These vulnerabilities could allow attackers to read the contents of memory used by other applications on the same server or even processes running in other virtual machines (VMs).

The first vulnerability, called Meltdown, affects only Intel CPUs and can be fixed with an operating system patch.

The second, called Spectre, affects CPUs from AMD and ARM. It requires a CPU design change and cannot be fixed in software.

Cradlepoint routers are not affected by either vulnerability.  However, Cradlepoint services like NetCloud Manager (NCM) and NetCloud Perimeter (NCP) run on servers that may be vulnerable.

What is it?

Both vulnerabilities are based on a CPU optimization called “speculative execution”. Both also require an attacker to install malware on the target system.

With Meltdown, an attacker — who can install and run a program on the target machine — can access the memory of all other programs running on that machine.

With Spectre, an attacker can “read” memory of other programs through indirect means.

For more information, please see

  1. https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
  2. https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
  3. https://meltdownattack.com

 

 

The related CVEs are shown below:

CVE-2017-5715 (Spectre) “branch target injection” mitigated by CPU microcode update from CPU vendor
CVE-2017-5753 (Spectre) “bounds check bypass”
CVE-2017-5754 (Meltdown) “rogue data cache load” fixed with OS update

What Cradlepoint devices or services may be affected?

All NCM and NCP services run on cloud servers which may be affected. However, most NCM services run on multi-tenant servers and Cradlepoint’s primary cloud provider has patched their servers so that NCM is not vulnerable to Meltdown attacks running in other tenant spaces.

 

NCM could still be vulnerable to Meltdown exploits which manage to install malware on the NCM VMs. The operating system patch to fix Meltdown is expected to be released soon.  Cradlepoint will then begin immediate execution of its plans to apply the patch to all NCM systems.

 

No Cradlepoint routers use CPU’s vulnerable to Meltdown.

 

For Spectre, Cradlepoint does not support installing compiled applications on any routers with the Spectre vulnerability. An attacker would need to install malware that exploits certain CPU instruction patterns. Such patterns can only exist in compiled programs and Cradlepoint does not support compiling SDK apps.

Published Date: 01/08/2018

Permalink


Products Supported: AER31x0, AER2200 as Hubs. Click here to identify your router.

NCOS Version: 6.5.4  – for information on upgrading NCOS Versions, click here.


Quick Links

Summary

Configuration

Related Articles

Summary

The 6.5.3 NCOS release introduces a simple to configure Auto VPN feature. This feature provides secure, resilient VPN sessions that can withstand drops in connectivity and the failover transition from one WAN interface to another. Auto VPN is a GRE over certificate based IPSec tunnel configuration between a Cradlepoint Hub and Cradlepoint Spoke routers. Traffic from selected spoke LANs can be directed as full or split tunnel.

Configuration

Configuration Difficulty: Easy
  • Step 1: If Cradlepoint routers are not new, perform a factory reset on the hub and each spoke.
  • Step 2: On each spoke router set the WAN interfaces to be used for Auto VPN to Always On.

Always On

  • Step 3: Change the Local IP Networks of each router to non-conflicting subnets.

LAN Edit

  • Step 4: In NCM navigate to the Networks on the left side and then VPN on the top
  • Step 5: Click on Add, name your VPN network.

New Auto VPN

  • Step 6: Select your encryption profile and tunnel mode of full or split.
  • Step 7: Click on Add for Hub. Choose a Hub router and interface. Click Add

New Hub

  • Step 8: Click on Add Spoke. Choose Spokes for your VPN. Conflicting networks will be flagged. Click Add

New Spoke

  • Step 9: Click Build. It can take up to 10 minutes for Auto VPN to complete building your VPN.

Permalink


Cradlepoint Series 3 (105)

View category →

If you are unsure what Model or Series CradlePoint router you have, please click here.

This article was written based upon the 4.1.1 firmware version.

Description:

CradlePoint’s Series 3 routers support modem connections to Sprint’s private Data Link network, rather than connecting to the Internet.  These directions will walk you through configuring the CradlePoint to connect to your private Sprint Data Link network.  NOTE: When using the Sprint Plug-in-Connect Tri-Mode USB (Franklin U770) modem, all Data Link settings must be configured in the modem’s GUI, not in CradlePoint’s GUI.  Please consult Sprint for the appropriate configuration of this modem.

To configure the router, you will need to make sure that you have this account information from Sprint:

  • The “Network Access Identifier” (NAI)
  • The “AAA Password”
  • The “AAA Shared Secret”
  • The “Primary Home Agent” address (Primary HA)
  • The “Secondary Home Agent” address (Secondary HA)

Before starting, you will also need to make sure that both the CradlePoint router’s firmware is up-to-date, as well as the modem’s firmware.  Instructions to update the router’s firmware can be found here.  The modem’s firmware can be updated by placing the modem into a computer with the SprintView software, then checking for any available PRL or FUMO updates and installing them.

3G- Directions:

After you have verified that the modem and router have been updated to the newest firmware versions, follow these directions to configure the router with your Sprint Data Link settings:

  1. Log into the routers administration page (login instructions).
  2. Go to Internet -> Connection Manager                                                                           User-added image
  3. Under WAN Interfaces, highlight the 3G Sprint modem and click Edit User-added image
  4. On the WAN Configuration page, click on the CDMA Settings tab. User-added image
  5. On the CDMA Settings tab, place a check mark next to Persist Settings, then change the Active Profile to “0.”  Next, enter your NAI, AAA password, AAA shared secret, and primary and secondary home agents.  For the “AAA SPI” and “HA SPI” enter “1234” without the quotes. User-added image
  6. Click Submit to save the settings.

WiMAX- Directions

  1. Log into the router’s administration page.
  2. Go to Internet>Connection Manager.
  3. Under WAN Interfaces, highlight the WiMAX Sprint modem and click Edit.            User-added image
  4. In the WAN Configuration window, click WiMAX Settings.                                        User-added image
  5. On the WiMAX Setting tab, enter your realm, TTLS Authenication Mode, TTLS Username, TTLS Password and Verify.  The WiMAX Authentication Identity may not be provided or needed.                                                    User-added image
  6. Click Submit.


After making this change, the router will now be configured to connect to your Sprint private Data Link network instead of to the Internet.

Permalink

0 Comments - Leave a Comment

If you are not sure what model CradlePoint router you have, please click here.

This firmware was written based upon firmware version 5.0.0.


Description:

By default, the CradlePoint runs a DHCP server on the LAN IP Address of 192.168.0.1 on the 192.168.0.0/24 network, with a default DHCP IP Address range of 192.168.0.100 through 192.168.0.199.  It can sometimes be necessary to expand or shrink the size of the DHCP address pool to have less or more addresses than the router uses by default.

Follow these directions to change the DHCP Server’s IP Address range.

Directions:

  1. Log into the CradlePoint’s administrative console, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the administration pages.
  2. Click Network Settings and WiFi / Local Network from the drop-down menu.                              User-added image
  3. Place a checkmark next to the LAN you would like to change the DHCP range on, then click Edit.User-added image
  4. At the Local Network Editor page, click the DHCP Server tab.
  5. At the DHCP Server tab, change the Range Start and/or Range End to what you would like for the DHCP server to use. In this example, the DHCP range has been changed to 192.168.0.50 through 192.168.0.250  Click Submit at the bottom of the box to save your settings.

​                                               User-added image

After making these changes, the DHCP server will now provide IP addresses from the range you have specified. 

Permalink


If you are not sure what model CradlePoint router you have, please click here.

This article is based on the 5.0.0 firmware for Series 3 CradlePoint routers.


Description: 

In areas where the 4G WiMAX signal is low, unavailable, and/or unstable the modem may bounce between a good 3G connection and an unstable4G WiMAX connection.  While the modem disconnects from 3G service and attempts the 4G WiMAX connection, the internet is not available.  By default, the CradlePoint router is set to have the modem connect to the highest speed network available.  This scenario is common in fringe 4G WiMAX coverage areas.  For cases such as this, it is advantageous to restrict a 3G/4G WiMAX modem to a 3G connection only.

 
Directions:

It is advised that your router has the most recent Firmware version loaded.  For instructions to check the router Firmware version see How to check Firmware version and How to Update Series 3 Firmware.

  1. Log into the setup pages, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the setup pages.
  2. Select the Internet tab then click Connection Manager or Modem Settings.                                                User-added image
  3. In the WAN Interfaces section un-check the Enabled check box for the 4G WiMAX modem.                                   User-added image

 
After disabling the 4G WiMAX connection, the CradlePoint router will ignore the 4G WiMAX modem connection and use the 3G modem connection.
 
Note:  If WiMAX 4G signal becomes available or you change to a location where WiMAX 4G signal is available you may want to re-enable the WiMAX 4G connection by rechecking the Enable check box.

Permalink


Series 3: How to set up and use multiple (3 or 4) wireless networks on a capable CradlePoint router

If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 5.0.0

Symptom:

Use more than the two default wireless networks on the CBR400, IBR600, MBR1200B or MBR1400.


Cause:

The additional wireless networks must be enabled and attached to a LAN.


Resolution:

  1. Log into the administration pages of the CradlePoint router (how to log into Series 3 routers)
  2. Click on the Network Settings tab.
  3. Click Wi-Fi/Local Network from the Network Settings drop-down menu.
  4. Locate the Local Network Interfaces section and find an unconfigured WiFi Name (SSID).
  5. Click the check box next to one of the unconfigured wireless networks.                                   User-added image
  6. Then click Edit button to modify the unconfigured WiFi Network.  A Wireless Network Editor window will open.
  7. Place a check in the box next Enabled to turn on this WiFi Network (SSID).                           User-added image
  8. To create a network for the purpose of end users connecting to the Internet.  Leave Isolate checked.  To create a network to connect clients together uncheck the box next to Isolate.
  9. To enable security for this network click the Security Mode drop down menu then select the desired security mode.  This example usesWPA/WPA 2–Personal.                                                                User-added image
  10. Create a unique password 8 to 63 characters in length.  The password can be any combination of upper or lower case letters, numbers, special characters, or spaces.  Enter the password in both the WPA Password and WPA Password (confirm).
  11. Click Submit to save the changes.
  12. Scroll to the top of the page and in the Local IP Networks section, click the Add button.  NOTE:  This example illustrates creating a new LAN to connect to the new SSID, however the same settings can be used to connect the new SSID to an existing LAN.                              User-added image
  13. In the Local Network Editor, click on the Interfaces tab in the tabs along the top of the box.
  14. Select the new SSID from the Available list then click the plus (+) button.                                   User-added image
  15. Then click the IP Settings tab in the Local Network Editor window.                                      User-added image
  16. Now enter a name for the network, any name can be assigned.                                               User-added image
  17. Enter an IP Address for the network.  Any private addressing scheme and subnet can be used.  This example uses192.168.20.1/24.                                                                                                          User-added image
  18. Click the Submit button to save the changes.
  19. The new SSID should now be displayed and active in the Local IP Networks sections.User-added image

Permalink


If you are not sure what Series CradlePoint router you have, please click here.

This article was written based on firmware version 4.3.0.

Description:

By default, the CradlePoint router will not favor any kind of Internet traffic over any another – all users, ports, applications, sources and destinations are treated equally.  There are times when it is highly desirable to prioritize the Internet traffic for specific users or devices over the needs of other users of the network.

CradlePoint’s Enterprise routers (MBR1400, CBR400, CBR450, IBR600 and IBR650) include a feature called WiPipe QoS (Quality of Service) that allows the administrator to configure traffic shaping/quality of service rules to ensure time-critical applications are given appropriate priority over less-important network usage.

The types of applications that benefit the most from defined WiPipe QoS rules are those that rely on the timely delivery of real-time data packets, for example:

VoIP telephony
Videoconferencing
Real-time streaming media
Online video gaming

These types of real-time applications will quickly become unusable when there is too much latency (lag or delay) created in its connection because of other network use.  For example, spoken words over a VoIP phone call may be delayed for a half-second because other users are checking e-mail or visiting a web site.  WiPipe QoS rules allow the router to set simple or complex rules to prioritize or restrict incoming and outgoing traffic based on a variety of criteria.

The CradlePoint’s WiPipe QoS implementation divides the available upload and download bandwidths into 1% pieces, allowing the CradlePoint to reserve bandwidth to only be used by specific users or applications.  QoS rules can also be configured to borrow unused bandwidth from other rules if desired, and also supports overlap between rules.  If more than one rule matches, the rule with the highest priority will be used.

Directions:

  1. Log into the CradlePoint’s Setup pages, the default location is http://192.168.0.1.  Click here if you are unsure of how to access the Setup pages.
  2. Click Network Settings and then WiPipe QoS from the drop-down menu.                                                                                                                                                                                                                                                                                                  User-added image
  3. Place a checkmark next to the Enable WiPipe QoS option.
  4. In the WAN Interface Speed section, set the approximate upload and download speed for each WAN Interface.  This can be also used to restrict the maximum upload and/or download speed for the Internet sources you are using.  It is recommended that you experiment with different values for your particular Internet connection for best results.
  5. In this example, the Upload Speed is set to 1Mb/s and the Download Speed is set to 20Mb/s.
  6. Click Apply at the bottom of the section to save your settings.                                                                                                                                                                                                                                                                                                                          User-added image
  7. Click Add to bring up the Add Traffic Shaping / QoS Queue page.                                                                                                                                                                                                                                                                                                                   User-added image
  8. In the Add Traffic Shaping / QoS Queue editor, give the Queue a unique name.  In our example, we are creating a Queue to prioritize VoIP traffic, so we’ll name the rule “VoIP” and set the Upload Bandwidth parameters.                                                                                                                                                                                                                                     User-added image
    • If you would like this rule to be able to borrow unused bandwidth from other rules, leave the Borrow Spare Bandwidth option checked.  If you prefer to restrict the upload traffic to the Upload Bandwidth specified below, uncheck this box.
    • Set the Upload Bandwidth to reserve a percentage of your bandwidth for this rule.  The maximum value is adjusted to the remaining percentage after other rules receive their share.
    • Increasing the Upload Priority will cause the traffic to be handled before lower priority traffic which can lead to shorter response times.  Additionally, when spare bandwidth is available it is offered to higher priority classes first.  There are a total of eight priority classes: Lowest, Lower, Below Normal, Normal, Above Normal, High, Higher, and Highest.
    • In this example, we have reserved 25% of the upload bandwidth for this rule.  This will leave a maximum of 75% remaining for other rules.  We have enabled it to borrow spare bandwidth from other rules and set to Upload Priority to Higher
  9. On this page you will specify the Download Bandwidth for your Queue.                                                                                                                                                                                                                                                                                                        User-added image
    • If you would like this rule to be able to borrow unused bandwidth from other rules, leave the Borrow Spare Bandwidth option checked.  If you prefer to restrict the download traffic to the Download Bandwidth specified below, uncheck this box.
    • Set the Download Bandwidth to reserve a percentage of your bandwidth for this rule.  The maximum value is adjusted to the remaining percentage after other rules receive their share.
    • Increasing the Download Priority will cause the traffic to be handled before lower priority traffic which can lead to shorter response times.  Additionally, when spare bandwidth is available it is offered to higher priority classes first.  There are a total of eight priority classes: Lowest, Lower, Below Normal, Normal, Above Normal, High, Higher, and Highest.
    • In this example, we have reserved 40% of the download bandwidth for this rule.  This will leave a maximum of 60% remaining for other rules.  We have enabled it to borrow spare bandwidth from other rules and set to Download Priority to Highest.
    • There is also the option to specify a DSCP (DiffServ) Tag.  You can use this option if you want the DSCP header of each IP packet that comes through this queue to be ‘tagged’ so that other networking equipment upstream or post-NAT can do traffic shaping based on these DSCP tags as opposed to using ports.
  10. Click Finish when you are done.
  11. Click Add under Rules to create rules for your Queues to follow.                                                                                                                                                                                                                                                                                                                    User-added image
  12. Make sure the Rule is Enabled, give your rule a name, in this case we will call it “VoIP Rule”, select your Protocol, and then select theQueue to apply the rule to.                                                                                                                                         User-added image
  13. At this screen you will describe the network or server on the Internet for which you want to shape traffic.  Leaving a field empty will match any IP address and/or port number.  All fields are optional.
    1. This example applies for traffic between a VoIP telephone using local IP address 192.168.0.150 from any port when connecting to a VoIP server on IP address 172.16.0.25 on any port.  Your settings will be different than the settings entered here.                                                                                                                                                                                                                                                                                                                                                                             User-added image
  14. Click Finish to save the rule.
  15. You will now be returned to the Network Settings / WiPipe QoS page where you can see the rule you entered.  If you have multiple rules you can use the up and down arrows to change the priority.
    User-added image

After saving this rule, 250 Kb/s (25% of 1 Mb/s) of upload bandwidth and 8 Mb/s (40% of 20Mb/s) of download bandwidth will be reserved for this rule, and bandwidth would also be borrowed from other rules (if there were any) if necessary.  The rule would apply for traffic originating from 192.168.0.150 with a destination IP address of 172.16.0.25.

Another example would be to restrict the bandwidth of your guest network in order to reserve crucial bandwidth for your primary network.  Create a rule associated with the IP address range and appropriate netmask for the guest network.  Then set upload/download bandwidth limits as a percentage of your available bandwidth.  For example:

User-added image

You can view the status of your WiPipe QoS Queues by clicking Status and then WiPipe QoS from the drop-down.

User-added image

Note:

As routers have no control regarding when they receive packets, but do have control when they send packets, QoS rules created for outbound connections are significantly more effective than rules created for inbound connections.

Permalink


Cradlepoint Series 2 (49)

View category →

If you are unsure of which CradlePoint Series or Model number you have, please click here.

This article was written based on the 2.0.0 series 2 firmware version.

Overview:

For information on what Aggressive Modem Reset is, please visit the article “What is Aggressive Modem Reset“.

Instructions:

  1. Connect to your router, Login to its admin pages (192.168.0.1 by default)
  2. Click on MODEM in the red bar, then click on SETTINGS in the left column
  3. Scroll down to the Global Reset Settings section.
  4. Place a checkmark in the Aggressive Modem Reset box.
  5. Go to the top of the page and click Save Setting, click Reboot Now when prompted.
aggressive modem reset

Permalink


If you are unsure of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0

Symptom
You are unable to access the internet with a Cable, DSL or Satellite modem connected to a CradlePoint router.


Cause

Some Cable, DSL, or Satellite modems use the same default IP address as the CradlePoint router.  This causes an IP conflict when connecting the router to the modem.  Changing the CradlePoint router’s IP address will eliminate this IP address conflict.


Resolution

  1. Disconnect the Ethernet cable from the Cable/DSL modem from the CradlePoint router, if connected.
  2. Log into the router’s setup page. If you are unsure how, click here.
  3. Click the BASIC tab, then click WAN in the gray sub-menu on the left.
  4. In the WIRED WAN SETTINGS section, locate the Dynamic IP Internet Connection Type area, then click Clone Your PC’s MAC Address.                                                                                                                                        User-added image
  5. Click Save Settings at the top of the page, then click Reboot Later or Continue when prompted.
  6. Click NETWORK on the gray sub-menu on the left.
  7. Locate the NETWORK SETTINGS section then change the Router IP address to 192.168.50.1.                        User-added image
  8. Click Save Settings at the top of the page, then click Reboot Now when prompted.
  9. Unplug the power cables from both the Cable/DSL/Satellite modem and CradlePoint router.
  10. Plug the Cable/DSL/Satellite modem power back in and wait approximately 30 seconds for the modem to boot, stabilize, and connect to the ISP.
  11. After the modem connects to the ISP, plug the Cable/DSL modem Ethernet cable back into the blue port on the CradlePoint router.
  12. Reconnect the power cord for the CradlePoint, allow approximately 30 seconds for the router to boot and stabilize.
  13. Reconnect a computer to the CradlePoint, via Ethernet or Wi-Fi. The internet should now be available.

Permalink


If you are not sure what model CradlePoint router you have, please click here.

Description:

CradlePoint routers are capable of using a supported Blackberry to create shareable WiFi hotspot, which is also known as tethering.  The router will create and share the internet with all WiFi-enabled devices using your established data + tethering plan.  If you do not have a tethering plan on your phone, contact your carrier to have it added (most carriers do charge an additional fee for this service)

How To Establish Connection:

1)  Connect your computer to the CradlePoint Router.
   How do I connect my computer to a CradlePoint router?

2)  Connect the Blackberry using its USB cable to the CradlePoint router.  Your phone should show Modem Mode Enabled if you have the required data + tethering plan from your cellular carrier.  The modem LED on the router will become active, and your WiFi network will become available.

3)  If you have trouble connecting, you may need to update your firmware.
   How do I update the firmware on my CradlePoint router?

TROUBLESHOOTING STEPS:

If your Blackberry does not connect, you may need to adjust the following settings.

 PHONES ON ALL CARRIERS

If your Blackberry is not detected, you may need to enter your Blackberry password into the router.

1)   Log in to the Administrative Pages of the CradlePoint (click here for help logging into the Administrative Pages of the CradlePoint).
2)   Select MODEM from the top navigation bar and then SETTINGS from the left menu
3)   Look for Modem Specific Settings
4)   If applicable, change the Modem Interface to the USB (CTR500, MBR1000, MBR1200 only)
5)   In Modem Password, enter your Blackberry/Smartphone password
6)   Click SAVE SETTINGS at the top of the page and REBOOT
7)   Disconnect and then reconnect your Blackberry to the CradlePoint router.  Allow a few moments for it to complete its connection.
8)   Click the MODEM tab to check your connection status

AT&T SPECIFIC SETTINGS

1)   Log into the Administrative Pages of the CradlePoint (click here for help logging into the Administrative Pages of the CradlePoint).
2)   Select MODEM from the top navigation bar and then SETTINGS from the left menu
3)   Look for Modem Specific Settings
4)   If applicable, change the Modem Interface to the USB (CTR500, MBR1000, MBR1200 only)
5)   In Access Point Name (APN) field, type  isp.cingular  or   wap.cingular
6)   Click SAVE SETTINGS at the top of the page and REBOOT
7)   Disconnect and then reconnect your Blackberry to the CradlePoint router.  Allow a few moments for it to complete its connection.
8)   Click the MODEM tab to check your connection status

If your AT&T Blackberry is detected, but not connecting, try the following:

1)   Log into the Administrative Pages of the CradlePoint (click here for help logging into the Administrative Pages of the CradlePoint).
2)   Select BASIC in the top navigation, then WAN in the left menu.
3)   Under Cellular PPP Authentication, select the Modem Interface that corresponds to your carrier.

  Username: isp@cingulargprs.com

  Password: cingular1

  Or

  Username: wap@cingulargprs.com

  Password: cingular1

4)   Click SAVE SETTINGS at the top of the page and REBOOT
Note: passwords are not case sensitive

VERIZON-SPECIFIC SETTINGS

If your Verizon Blackberry is detected, but not connecting, try the following:

1)   Log into the Administrative Pages of the CradlePoint (click here for help logging into the Administrative Pages of the CradlePoint).
2)   Select BASIC in the top navigation, then WAN in the left menu.
3)   Under Cellular PPP Authentication, select the Modem Interface that corresponds to your carrier.

Username:  “your_10_digit_phone_number”@vzw3g.com

Password:  vzw

4)   Click SAVE SETTINGS at the top of the page and REBOOT

YOU MAY ALSO NEED TO ENTER THESE SETTINGS

A)  AT Command 

What is AT Command and How Do I Use It? 

AT
AT+CGDCONT=1,”IP”,”Carrier Access Point Name(APN)”   Known APNs
ATDT*99***1#

B)  Disable Aggressive Modem Reset

If your Blackberry is displaying Modem Mode Enabled but your are not able to get connect, try the following steps.

1)   Log into the Administrative Pages of the CradlePoint (click here for help logging into the Administrative Pages of the CradlePoint).
2)   Select MODEM from the top navigation bar and then SETTINGS from the left menu
3)   Look for Modem Specific Settings

4)   Uncheck the Aggressive Modem Reset box
5)   Click SAVE SETTINGS at the top of the page and REBOOT

Note: If you have tried all the above suggestions without success, try to connect using another USB cable.

 UNSUPPORTED BLACKBERRYMODELS

If your Blackberry phone is not on the CradlePoint supported devices list, it may work using the settings outlined in this document.

If your carrier uses CDMA technology, follow the Verizon settings.

If your carrier uses GSM technology, use the AT&T settings.  Access Point Name and Cellular PPP Authentication information will be unique to your particular carrier.

GSM CARRIER OPTIONAL SETTINGS

1)   Log into the Administrative Pages of the CradlePoint (click here for help logging into the Administrative Pages of the CradlePoint).
2)   Select MODEM from the top navigation bar and then SETTINGS from the left menu
3)   Look for Modem Specific Settings
4)   In Access Point Name (APN) field, type  the APN
5)   Click SAVE SETTINGS at the top of the page and REBOOT
6)   Disconnect and then reconnect your Blackberry to the CradlePoint router.
Allow a few moments for it to complete its connection.
7)   Click the MODEM tab to check your connection status

Permalink

0 Comments - Leave a Comment

If you are unsure or unaware of your CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.0.0

Symptom:

Inability to connect to the Internet with a supported modem through a Series 2 CradlePoint router.

Click this link to identify the current firmware version loaded in your Series 2 CradlePoint router.

Cause:

Outdated Firmware and/or outdated WiMAX modem driver (WiMAX 4G only).

Conceptual Plan:  Since the Internet connection cannot be established through the router, the modem will need to be connected directly to the computer in order to access www.cradlepoint.com and obtain the correct firmware files.  After saving the necessary firmware files on your computer the modem will need to be removed from the computer, and the CradlePoint router will need to be connected.  To connect a computer to the router and update firmware, no internet connection is required, only a connection between the computer and router. Once the router is connected to a computer, the files will be uploaded to the router and installed.

Resolution:

  1. Disconnect the Cradlepoint router from the modem and computer.
  2. Connect the cellular or broadband modem directly to your computer and establish an internet connection using your carrier/ISP connection instructions.
  3. Open a web browser (Internet Explorer, Chrome, Firefox, Safari, etc.) and enter www.cradlepoint.com into the browser address bar.
  4. From the CradlePoint home page, click on the SUPPORT heading at the top of the page.                                                                                                                                                               User-added image
  5. Click either Home & Small Business Support or Enterprise & System Integrators Support (either will work for our purpose).                                User-added image
  6. On the left side of the screen in the third red box down labeled Find and Download Firmware select your Cradlepoint from the drop down.                                                                                                                                                    User-added image
  7. Click on the Download vx.x.x link for the most recent firmware version. (“x” represents a numerical value).  The most recent firmware release will be at the top of the list.                                                                                   User-added image
  8. A download file dialog should appear depending on your browser and browser settings.  The example below illustrates Internet Explorer version 9 dialog.                                                                                                     User-added image
  9. When using Internet Explorer click the down arrow next to the Save button.                                                           User-added image
  10. Click Save As from the selection menu.                                                                                                                          User-added image
  11. In the Save-As window that pops up, select Desktop then click Save.  The file download should begin.User-added image
  12. Once the download is complete you should be returned to the firmware page.  Click on “Download 4G Modem Firmware vx.x.x” (“x” represents a numerical value).
    User-added image
  13. A download file dialog should appear depending on your browser and browser settings.  The example below illustrates Internet Explorer version 9 dialog.                                                                                                      User-added image
  14. When using Internet Explorer click on the down arrow next to the Save button.                                                      User-added image
  15. Click Save As from the selection menu.                                                                                                                       User-added image
  16. In the Save-As window that pops up, select Desktop then click Save.  The file download should begin.User-added image
  17. Once the download has completed, disconnect the modem from your computer.  Disregard the modem at this time.
  18. Connect your computer to the CradlePoint router via Ethernet or Wi-Fi.  For computer-router, connection assistance follow this link.
  19. Once the connection between the computer and router has been established, open a web browser (Internet Explorer, Chrome, Firefox, Safari, etc.) and type http://192.168.0.1 into the address bar.  User-added image
  20. Enter the administrative password into the Enter Password field on the login page.  Note: the default password is the last six characters of the MAC address from the bottom of the CradlePoint.User-added image
  21. Once you are logged into the router administration pages click on TOOLS.                                                            User-added image
  22. Then click on FIRMWARE on the gray sub-menu on the left.                                                                                       User-added image
  23. In the MANUALLY UPGRADE FIRMWARE section click “Browse” or “Choose File”                                               User-added image
  24. Click Desktop then chose the firmware file, in this case the file is named u_mbr1200_2011_10_31.bin (Note: the firmware files are named u_[the model of the CradlePoint]_2011_10_31.bin).  Then click Open.User-added image
  25. The file name will populate into the dialog box, then click Upload.                                                                            User-added image
  26. When the warning dialog pops up, click OK.                                                                                                                  User-added image
  27. The upload process will take up to one minute, after which the CradlePoint router will go offline to unpack and install the new firmware version.                                                                                                                               User-added imageUser-added image
  28. Once the firmware update is complete, if connected via Ethernet cable, you will be returned to the CradlePoint administrative login page.  If connected Wi-Fi you will need to re-connect to the router and access the router administration login page.
  29. Log back in to the router administration pages.                                                                                                            User-added image
  30. Once logged in click TOOLS.                                                                                                                                             User-added image
  31. Then click on FIRMWARE in the gray sub-menu on the left.                                                                                        User-added image
  32. Verify that the Current Firmware Version is now the version you updated to.                                                            User-added image
  33. On the same page, scroll down to the MANUALLY UPGRADE WiMAX MODEM DRIVER FILE section.User-added image
  34. Click Browse or Choose File.                                                                                                                                          User-added image
  35. Click Desktop, select the WiMAX driver file, in this case the file is named u_modem_6_1_2.bin.  Then click Open.                                                                                                                                                                                      User-added image
  36. The file name will populate the dialog box, click Upload.                                                                                             User-added image
  37. The following messages will appear as the driver is installed in the CradlePoint router.                                     User-added imageUser-added image
  38. Once the WiMAX modem driver update is complete, if connected via Ethernet cable, you will be returned to the CradlePoint administrative login page. If connected Wi-Fi you will need to re-connect to the router and access the router administration login page.
  39. Log back in to the routes administration pages.                                                                                                             User-added image
  40. Once you are logged into the router administration pages click TOOLS.                                                                 User-added image
  41. Verify that the current WiMAX modem driver version is now the version you updated to.                                      User-added image

Permalink


If you are unsure of CradlePoint Series or Model number, please click here.

This article was written based on firmware version 2.2.1

Symptom:

IP address conflict.

Cause:

Connecting the CradlePoint router to existing networks or some modems may cause an IP conflict.  This requires that the default CradlePoint router IP address be changed.

Resolution:

  1. Log into the routers setup page (login instructions).
  2. Click the BASIC tab then select NETWORK from the gray sub-menu on the left.                      User-added image
  3. Locate the NETWORK SETTINGS section then change the Router IP Address to 192.168.1.1 (or any IP address you prefer). User-added image
  4. Click Save Settings”at the top of the page then click Reboot Now if prompted                       User-added image

Note:  After changing the default router IP address you will now need to access the CradlePoint’s administrative console using the new address, as well as refresh the IP address on your computer or device by disconnecting from the CradlePoint and reconnecting.

 

Permalink


Sierra Wireless Products (45)

View category →

Designing a photovoltaic solar system destined to supply the energy needs of a transmitting and receive wireless radio modem involved elements very different than a system designed as grid tied, or to connect to AC power devices. The attached devices have low energy demands, energy remains in DC (no invertor is used to create AC power), panel mounting space is minimal, and environmental conditions can be harsh.

Choosing A Solar PV Panel

The Solar PV or photovoltaic panel harvests electricity from the sun. Quality and efficiency vary widely from manufacturer to manufacturer. Panels often use polycrystalline silicon, monocrystalline silicon, amorphous silicon, cadmium telluride, and copper indium (di)selenide/sulfide (CIGS). CIGS has the highest absorption coefficient of solar modules and is useful in harvesting energy in sub-optimal conditions such as on cloudy and overcast days and has high efficiency and carry a high cost per watt. Monocrystalline thin film solar cells are often more expensive than multi-crystalline or polycrystalline based cells, but have a greater efficiency which is useful for wireless off-grid installations and provide a balanced price to performance.
While researching ratings be mindful of whether the wattage is rated as PTC or STC. PTC or PVUSA Test Conditions uses a known constant developed by NREL (National Renewable Energy Labs). STC, or Standard Test Conditions, uses a methodology which produces higher results. Generally PTC is held to be more reflective of real-world solar and climatic conditions.

Understand the efficiency of the panel. On a pole mounted system , an efficient panel should be used to ensure that the system can be powered by one or two panels.

The panel must have its performance characteristics available, and these should follow a know standard such as PTC mentioned above.

The panel needs to be paired with a proper solar charge controller. USAT technical service engineers can help differentiate the balance between panel productivity and charge controller efficiency. If you are limited on panel space, and have a heavy demand, then we need to maximize panel yield along with using a highly efficient Maximum Power Point Tracking charge controller. On a recent deployment USAT leveraged these performance attributes along with an optimal battery array to meet a DOT requirement of 10 days runtime, without sun.

Along with the panel size, the power demand must be taken into account. USAT has demand requirements in varying loads on transmitting and receives wireless radios such as those in the Sierra Wireless AirLink® Raven, Sierra Wireless AirLink® PinPoint, Sierra Wireless AirLink® GX-400 and GX-440, Encore Bandit, Cradlepoint MBR and COR, Digi Connect, Digi WR, and Digi Transport, CalAmps, Multitech and Red Lion Sixnet Bluetree.

Permalink


Briefly press the Reset button to initiate a power up or reboot. All LEDs turn Red, then Yellow, then Green, and then light in the configurations below. After the kernel has booted, while the ALEOS software is initializing, the Power LED turns Yellow, then Green, and the Network LED will flash Yellow, change to a solid Yellow, and finally turn Green.

Permalink


No A Verizon 4G LTE SIM will not work in a devices designated for the AT&T network. Conversely, an AT&T 4G LTE SIM will not work in a Verizon designated device. SIM’s must be paired with devices designed to operate on their network. Please contact your USAT Sales Manager if you have any questions concerning network interchangeability.

 

Learn More about the Sierra Wireless Gx440

 

Permalink


The Sierra Wireless AirLink® products that support ALEOS Application Framework or AAF are the Sierra Wireless AirLink® GX440, the Sierra Wireless AirLink® GX400 and the Sierra Wireless AirLink® LS-300. USAT carries these products designed for the Verizon, AT&T, and Sprint carrier networks as well as through USAT’s Express M2M network services (ExpressM2M.com).

USAT has ALEOS Application Framework engineering teams on staff. Bring us your project for AAF, and we will bring intelligence to the edge for you.

You can view our Sierra Wireless AirLink GX440 and GX400 and LS300 products in the USAT web store.

Permalink


The Sierra Wireless GX400/440 can be reset to factory defaults by pressing and holding the “Reset” button continuously for 7 – 8 seconds. When all LEDs start flashing Yellow, release the Reset button and the unit will re-boot with the factory default options.

Permalink


Digi Products (3)

View category →

Cloud services can be used for applications built around Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).

Digi International has a platform called iDigi. iDigi is a cloud platform for both device network management and for data management. The iDigi Device Cloud is designed using a high-availability architecture, with redundancy and failover characteristics. It is a highly scalable system that can host single units to tens of thousands of Digi devices. It also has web services APIs for secure application integration and data messaging. iDigi device clouds are located in Chicago and in London and you can select to which cloud your data is subscribed.

Device management also include the ability to send commands to remote devices. Standard web service calls are available to manage traditional device settings. An optional Server Command Interface / Remote Command Interface (SCI/RCI) mechanism is available for any custom device or application commands that may be required.

iDigi Manager Pro is a pay-as-you-go model, starting at $1.59 per registered device, per month. Sending data to and from the iDigi Device Cloud is billed on a transactional basis and are available at different usage levels. Data is managed through iDigi, which means that iDigi provides a collection point of data. iDigi is not a (long-term) data storage solution–Digi Dia data is stored for 1 day, and iDigi files are stored for 7 days.

Permalink


Unlike the ConnectPort WAN, the serial ports on the standard builds of the Digi Transport line are DTE not DCE serial, this means that a null modem cable should be used instead of a cross-over cable.

Null modem is a communication method to connect two DTEs (computer, terminal, printer etc.) directly using an RS-232 serial cable. The name stems from the historical use of the RS-232 cable to connect two teleprinter devices to modems in order to communicate with one another; null modem communication was possible by instead using RS-232 to connect the teleprinters directly to one another.

Permalink


Firewall concerns:
Firewalls (and the IT security people that maintain them) are generally concerned with protecting a location’s Local Area Network from unauthorized use – both from traffic coming at the network from the outside world, and traffic from within the local area network going outward.  A Remote Management-capable Digi product falls into the latter category, because the Digi device creates an outbound TCP socket connection to the Device Cloud or Remote Manager server.  This  EDP (easy device protocol) socket connection is tunnel through which data gets pushed from your Gateway to to the Device Cloud, so that data can be accessed from anywhere in the world.

The following article describes:

  • The IP socket connections used when a Digi RF Gateway,TransPort Router, or edp-capable device (using Digi Cloud Connector) makes a Remote Management connection to Device Cloud or Remote Manager
  • How to determine the IP address in use for a given Device Cloud or Remote Manager DNS name

Locations where it is likely that Firewall Rules will be needed:

Those who are trying to connect to Device Cloud or Remote Manager from a location which has strict outbound firewall rules will especially need the guidance found within this article.  Some likely examples for this type of network security environment include:  Government offices/buildings and institutions, Schools, Universities, and some Businesses (especially ones that do government contract work).

 

What network port(s) does a Gateway or Connect-capable device use to connect to Device Cloud?

By default, the TCP and/or UDP port(s) your Device Cloud-capable Gateway or device uses to connect with Device Cloud will depend in part on the age/default configuration of your Gateway, the device’s configuration, as well as the particular model.

TCP Port 3197:  The outbound EDP/non-SSL (non-secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway (especially if the product hasolder firmware), which may still be configured to create an un-encrypted Device Cloud socket connection.

Note:  If possible, the firmware of older products should be updated so that the Device Cloud configuration settings can changed to use of SSL socket connections into the Device Cloud instead (see next entry below).

TCP Port 3199:   The outbound EDP/SSL (secure) socket connection from NDS-based products like the ConnectPort X2 / X4 / X5 / X8 Gateways, and ERT/Ethernet Gateway with newer firmware which are configured to create a secure SSL socket connection into Device Cloud.  Required on ALL Linux-based Gateways, examples:  XBee Gateway ZB andConnectPort X2e for Smart Energy.  Can also be required if the Device Cloud account is configured to accept SSL connections only (new Device Cloud option as of version 2.16)

UDP Port 53:  Outbound DNS (Domain Name Service) name recognition service, i.e. translates the my.devicecloud.com name for Device Cloud connectivity.

Note:  DNS service is not a requirement.  If access to DNS service is not allowed or possible from your network, the device’s remote connectivity address would need to use the IP address of my.devicecloud.com (52.73.23.137), rather than the DNS name itself (see below under What IP address is needed for outbound Firewall rule(s)? for more details).

UDP Port 123:  The outbound socket connection to an NTP (time) server is required for ALL Linux-based Gateways such as the XBee Gateway and ConnectPort X2e, as well as  gateways and devices configured for NTP time management.

Important Note for all XBee and ConnectPort X2e Gateways (and Gateways configured for NTP Time Management)

The XBee Gateway and ConnectPort X2e are Linux-based gateways which require outbound access to UDP port 123 (NTP), in order to generate the secure (SSL) TCP socket connection into Device Cloud.  Any Gateways which are configured for NTP time management will have this requirement as well, since the Gateway connects to an NTP server in order to to keep an accurate date/time.

If your XBee (or CP-X2e) Gateway is added to your Device Cloud account but never shows up in a Connected state, check to ensure that outbound NTP access is available for the Gateway through your local network Firewall.  ConnectPort X2 and X4 gateways would still connect to Device Cloud (assuming TCP port 3199 isn’t blocked), but the Gateway might show an epoch 1970-based date/time if no other Time Sources are configured.
What IP address is needed for outbound Firewall rule(s)?

The best way to determine that is to do an nslookup of the DNS name for the Remote Management server you want your device(s) to connect to.  As of the date of this article (6/16/2015), here is how this looked from my Windows 7 commandline (Start – Run – CMD) prompt when doing nslookup of our various Remote Management and NTP ring servers:

Digi Device Cloud and Remote Manager device connectivity address:

C:\>nslookup my.devicecloud.com

Name:    my.devicecloud.com
Address:  52.73.23.137

Past Device Cloud connectivity addresses which may still be in use on devices (all device configurations should be updated to use of the my.devicecloud.com address, then re-connected to the server at the new address):

devicecloud.digi.com
login.etherios.com
my.idigi.com
app.idigi.com

devicecloud-uk.digi.com
login.etherios.co.uk
my.idigi.co.uk

Digi Primary NTP Time Server Ring addresses:

C:\>nslookup time.devicecloud.com

Name:     time.devicecloud.com
Addresses:  52.25.29.129, 52.2.40.158

Secondary/Tertiary NTP Time Server addresses for pool usage:

C:\>nslookup 0.time.devicecloud.com

Name:     0.time.devicecloud.com
Addresses:  52.2.40.158

C:\>nslookup 1.time.devicecloud.com

Name:     1.time.devicecloud.com
Addresses:  52.25.29.129

Deprecated NTP/Time server addresses which may still be in use on devices (all devices should be updated to use time.devicecloud.com within their configuration):

time.digi.com
time.etherios.com

time.etherios.co.uk
0.idigi.pool.ntp.org
1.idigi.pool.ntp.org
2.idigi.pool.ntp.org

Making the Firewall Rules:

If the IP address of the DNS name ever changes (before this article is updated to reflect it), a Windows CLI command can be used to determine the IP address of our server:

nslookup <DNS name of server>

The Name and Address fields will be the DNS name and IP address for the Remote Management or Time server listed.  Your firewall rule will need to allow access for the appropriate network port used based on your Gateway’s Device Management configuration, as well as UDP port 123 if NTP Time Management is in use.

Important Note regarding deprecated DNS names:

If your Gateway is configured to use an idigi.* or etherios.* DNS name, it should be re-configured to use the my.devicecloud.com url at your earliest convenience. You will need to create firewall rules for all IP addresses/ports used, for all Remote Management and Time (NTP) DNS server names used within your device.

Permalink


Digi Transport (18)

View category →

Recommendations

It is recommended that a switch be used between the PC that will be uploading the files to the TransPort and the TransPort itself. Issues may occur in the file transfer and/or IP addressing if a switch is not used, and the process will need to start over to recover the TransPort.

Recovery Process

1) FlashWriter will first need to be downloaded and installed. You can download the latest version of FlashWriter from the Digi support site under the TransPort family of products:
http://www.digi.com/support/

2) The proper firmware file will also need to be downloaded to the local PC. Download the FlashWriter version of the firmware file with the .zip file extension from the Digi Support site at the below link:

http://transport.digi.com/digi/firmware/

NOTE: If you are unsure which firmware file to use, please contact Digi Technical Support for further assistance.

3) Extract the downloaded .zip file, which will give you the .all and .ini files needed to perform the upgrade.

4) Launch FlashWriter to view the first screen below, using the options shown below:

5) Click Advanced in the upper left corner, and choose Set remote TFTP IP address. With the most recent version of FlashWriter you will not need to perform steps 5 and 6).

6) Fill in a temporary IP address that will be used on the Digi TransPort and click OK, as shown in
the image below:

7) Set a Static IP address on your PC that falls within the same subnet range as the temporary IP
address that was assigned to the TransPort. Using the example IP above, the PC could be set to
an IP address of 192.168.1.100/24.

8) Once the IP addresses have been set on both the PC and in FlashWriter, click the Load button.
Click Yes on the first warning pop-up to continue.

9) Fill in the serial number of the TransPort and click OK. This number can be found on the label on
the bottom of the device:

10) A prompt for the location of the .all file will then pop-up. Click OK and browse to the file on the
PC’s hard drive.

11) After choosing the .all file, FlashWriter will ask you to choose the module type that is installed in the TransPort. Choose the appropriate module from the drop down list, and click OK.


12) Depending on the size of the firmware file, this may take a few minutes to complete the process. Once completed, a message should appear at the bottom of FlashWriter indicating so, as shown in the image below:

13) After the process completes, the TransPort will reboot itself and be back to factory defaults with the latest firmware installed.

Permalink


1)  Insert SIM card into a SIM slot 1.

2)  Power up Digi TransPort.

3)  Open a web browser and connect to Digi TransPort using the default IP address of 192.168.1.1.

4)  Once you are logged into the web interface, select Wizards under the home page, and then select radio button for Carrier Switching Wizard, as shown in the screenshot below:

User-added image

5)  Select AT&T on the next screen and then click next:

User-added image

NOTE:  The carrier firmware download may take few minutes to fully complete.  Do not navigate away from the screen while the firmware download is in progress

6)  Once the firmware download completes, navigate to Configuration – Network > Interfaces > Mobile > Mobile Settings, and locate the section titled Service Plan/APN.  In this field, enter in the APN provided by the carrier, as shown below:

User-added image

7)  Click on the Apply button and then Save the changes to flash.

NOTE:  It might take few minutes for device to get an IP address from the carrier when activating the device for the first time.  The Mobile IP address should appear under the Cellular section on the home page once obtained, and the Link/Service LED should go solid on the device:

User-added image

Permalink


There is a reset button on the underside of most routers, holding this button in for 5 seconds will perform a factory reset on the router. When the reset is initiated in this manner, the LEDs on the front of the router will flash to indicate a reset is in progress, the router will automatically reboot once the procedure is complete. Do not remove the power while the router is running this reset procedure. Using this method will not preserve any settings.

Permalink


Digi TransPort routers with Enterprise firmware support:

IPsec in tunnel mode with Pre Shared Key and X.509 digital certificate authentication methods (client and server)
IPsec in transport mode with Pre Shared Key and X.509 digital certificate authentication methods (client and server)

IPsec with ModeCFG and Xauth (client only)

Dynamic multipoint VPN (DMVPN) spoke (client only)

L2TP over IPsec with Pre Shared Key and X.509 digital certificate authentication methods, usually known as L2TP/IPsec (client and server)

PPTP with or without MPPE encryption (client and server)

OpenVPN 2.1 & 2.2 (client and server)

For configuration information and walk-through guides, see: http://www.digi.com/support/productdetail?pid=5501&type=documentation  (opens in new window)
Use the browser search function to search for ‘VPN’, ‘IPsec’, ‘L2TP’, ‘PPTP’ or ‘OpenVPN’.

Permalink


Why use FTP Relay

The FTP Relay agents allow any files to be transferred onto the router by a specified user using the File Transfer Protocol to be temporarily stored in memory and then relayed to a specific FTP Server. This is useful when the router is being used to collect data files from a locally attached device such as a webcam which must then be transferred to a host system over a slower data connection such as W-WAN. In effect, the router acts as a temporary data buffer for the files.

Configure FTP Relay on a TransPort router

Browse to Configuration – Network > FTP Relay> FTP Relay n and configure the agent like in the following screenshot:

User-added image

Please find details for all the fields below:

Relay Files for user: is the name of the local user and should be one of the usernames assigned in the Configuration – Security > Users web page. This name is then used as the FTP login username when the local device needs to relay a file.
To FTP Server: is the name (IP address) of the FTP Server to which the files from the locally attached device are to be relayed.
Server Username: is the username required to log in to the specified FTP Server
Server Password/Confirm Server Password: is the password to be used to log in to the Server.
Remote directory: is the full name of the directory on the FTP Server to which the file is to be saved. Please note that if you use a Filezilla Server and you set for example “C:/” as Home directory for the server, when the transport will connect to it, the server won’t recognize “C:/” as home directory but only “\”, so in this case, this fields should contain only the subdirectories path contained in the Server home directory where you need to save the file. In this example this Path is “TestFTPRelay\T1” that correspond in the Server to the Path “C:/TestFTPRelay/T1”.
Rename file: When checked, this checkbox causes the router to store the uploaded files internally with a filename in the form “relnnnn” where nnnn is a number that is incremented for each new file received. When the file is relayed to the FTP Server the original filename is used. When unchecked, the file is stored internally using its original filename. This parameter should be set if it a file having a filename longer than 12 characters is to be uploaded. This is due to the internal file system having the 8.3 filename format (i.e. autoexec.bat).
Transfer Mode ASCII / Binary: These two radio buttons select between the two possible file transfer modes, binary data or ASCII data.
Transfer Command STORE / APPEND: These two radio buttons select between the two possible storage methods, either append to or replace existing file.
Attempt to connect to the FTP Server n times: The value in this text box specifies the number of connection attempts that the router should make if the first attempt is not successful.
Wait s seconds between attempts: The value in this text box specifies the interval (in seconds) that the router should wait in between successive connections attempts.
Remain connected for s seconds after a file has been transferred: The value in this text box specifies how long (in seconds) that the router will maintain the connection to the FTP host after transferring a file.
If unable to relay file Delete File / Retain file: These two radio buttons select the behavior with respect to storing the file if the router fails to connect to the FTP host (after retrying for the specified number of attempts). Select Delete File if the file should not be stored permanently. If the file is retained, manual intervention will be required to recover it at a later stage. Note:  If the file is not retained, it will be lost if the power is removed from the router.

The correspondent CLI commands for the configuration in this example are:

frelay 0 locuser “username”
frelay 0 ftphost “10.104.1.101”
frelay 0 ftpuser “user1”
frelay 0 ftpepwd “KD5lSVJDVVgD”
frelay 0 ftpdir “TestFTPRelay\T1”

Testing the FTP Relay feature

Configure the remote FTP server with an User (corresponding to the one configured on the TransPort FTP Relay agent), allowed at least to read/write on the Home directory specified:

User-added image

User-added image

Connect the local FTP client to the TransPort FTP server and transfer the file:

User-added image

Check the eventlog on the TransPort browsing to Management – Event Log, you will see the FTP transfer from the Local Host to the TransPort (in orange) and the FTP relay of the file from the TransPort to the remote FTP Server (in red)

User-added image

The successful transfer can be also checked on the FTP remote server:

User-added image

Permalink


Digi Remote Manager (5)

View category →

The groups feature allows you to add or create a group and assign a list of devices to that group. You can create a hierarchical structure of device groups to help organize your device inventory.

To create a group

  1. Click Device Management > Devices.
  2. Click the Groups button and select Add Group. The Add Group dialog appears.
  3. Type a group name.
  4. Choose the folder where you want to place the new group. The default is the root level.
  5. Click the Add Group button. The group name appears in the folder structure under the root directory in the left pane.

To add a device to a group
You can add one or more devices to a device group, and can add up to 500 devices to a group at one time.

  1. Click Device Management > Devices.
  2. Select the device(s) you want to add to a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.
  3. Click Assign to Group. The devices are added to the selected device group.

To move/remove a device from a group

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups you wish to remove the device from.
  3. Select the device(s) you want to remove from a group:
  • Click any device list item to select that device.
  • Use Control-click or Shift-click to select multiple devices or a range of devices.
  1. Click More in the Devices toolbar and select Assign to Groupfrom the Organize category. The Add to Group dialog appears.
  2. Choose a group from the drop-down list.  You may also select the “/” to move it to the root directory.
  3. Click Assign to Group. The devices are added to the selected device group or root.

To edit device group properties
You can edit device group properties, including the group name and its parent in the groups hierarchy.

  1. Click Device Management > Devices.
  2. Click a group name in your list of device groups.
  3. Click Groups and select Edit Group from the drop-down.
  4. Make changes to the group name and location as needed.
  5. Click Edit Group to confirm your changes.

To Remove a device group
Removing a device group removes the group itself and moves all devices in that group to the parent level in your device list.

  1. Click Device Management > Devices.
  2. Click to select the device group you want to remove from the device hierarchy in the left panel under Groups.
  3. Click Groups and select Remove Group from the drop-down. A confirmation dialog appears asking you to confirm that you want to remove that group.
  4. Click Yes to confirm. The group is deleted and any devices in that group move to the parent level in your device hierarchy.

To show or hide device groups
This feature will allow you to toggle the Groups display to hidden or visible.

  1. Click Device Management > Devices.
  2. Click the Show/Hide Groups button on the far left side of theDevices toolbar.

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


Introduction:

This article will discuss how to configure your Digi TransPort router for use with Remote Manager by utilizing the built-in Web User Interface (WebUI) of the Digi TransPort itself.

Changing the Remote Manager connection settings from the WebUI

The Digi TransPort WebUI can be accessed locally via the local IP address (LAN or WAN), or the Cllular Mobile IP address (provided your cellular account is one which supports Mobile Termination, and that you left a pinhole for HTTP or HTTPS through which to get to the WebUI if configured for IP Passthrough).

If you know the Mobile IP address and have met the conditions above, you should be able to open the TransPort’s WebUI by opening a browser to the Mobile IP of your TransPort at this time, but keep in mind that accessing the TransPort WebUI via the Local IP is preferred if available, since it doesn’t affect your cellular bill, is faster, and generally less prone to connection loss.

If you can get to the Local IP of the TransPort (this is an Ethernet or Wi-Fi connected TransPort and you’re at that location), you should access the TransPort’s WebUI using the Local IP address instead. The Digi Device Discovery Tool for Windows can be used to discover the Local IP address of the TransPort, if unknown. If you run the Device Discovery Tool and see a “No devices found?” message, and you’ve verified your TransPort is both powered on and has a solid Link LED present, you may want to check this article for Digi Device Discovery Troubleshooting Tips.

Assuming you can access either the Mobile (WAN) or Local (LAN) IP address and are now looking at the Web User Interface of your Digi TransPort:

1. Open Configuration -> Remote Management -> Remote Manager on the WebUI, then click the check box for “Enable Remote Management and Configuration using Remote Manager”. It should look similar to this:

2. On the page above, from the drop down menu, select the desired Device Cloud server :remotemanager.digi.com for the US Cloud or remotemanager-uk.digi.com for the EU Cloud.

3. Ensure the “Automatically reconnect to the server after being disconnected” box is checked as shown in the example, and configured with the 10 second value listed (or a reasonable alternative), as this is the box that tells your router to re-connect to the Remote Management server, should the connection get broken for some reason

4. Apply any changes by clicking the Apply button, when configuration is complete.

5. Click the blue “here” link to save the configuration, as shown below:

6. Click the “Save All” button from the ensuing page and you should get a message saying “The configuration has been saved successfully!”, then click the OK button.

7. After a minute or so, you should see that your Transport has established (i.e. state = ESTAB) a Remote Management connection to the Remote Manager server by viewing the Management -> Connections -> IP Connections page under the “General Purpose Sockets” listing towards the bottom:

In Closure: If all went well, your Digi TransPort should now be “Connected” on the Remote Manager server you selected in step 1 above.

Permalink


Adding your Digi TransPort to Remote Manager

  1. Log into your Digi Remote Manager account.
  2. Click on the Device Management tab.
  3. Click on the Add Devices button on the tool bar

  4. Add the Digi TransPort by either discovering it locally, or manually adding the Device ID, using either of the the two methods described below:

Discovery method:

  1. After hitting Add Devices (step 3 above), click the Discover >> button.

  2. Click the Discover button on the 2nd Add Devices screen.

  3. Select the Digi TransPort to be added, and click OK.

Manual method:

  1. After hitting Add Devices (step 3 above), click the dropdown which defaults to MAC Address, and select Device ID instead.

  2. Populate the entry field to the right of Device ID with the Device ID of your Digi TransPort.  This can be obtained from the Digi TransPort WebUI Home page if needed.

  3. Click the Add button, then click OK.

Your Digi TransPort should now be added to Remote Manager:

After your device is added, it should show up in the list of devices as disconnected (a Red icon beside the device means Disconnected, see below).

After a minute or so, refresh the device list by clicking the Refresh button, and verify a Connected state as seen below.  A Blue icon indicate the device is connected to Remote Manager.

 

Conclusion:

If you see the Blue/Connected icon next to your TransPort, it means that your device was properly configured, and you can now manage your TransPort on Remote Manager.  If still not connected after a a few minutes, you’ll want to re-check your TransPort Remote Management and Network configurations, as well as make sure you aren’t running into any Firewall issues between the TransPort and Remote Manager.

Permalink


Remote Manager uses tags to categorize devices.  You may want to edit the tags associated with a device if the purpose of a device changes or if you use tags to create a new sub-category of devices. Device tags are stored in Remote manager and not on the device.

To add a tag to a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Enter the name of a tag in the text box and click Add Tag.
  5. Click Save. The new tag is associated with the device.

To edit tags for a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the tag name you want to edit. The tag name appears in the text box.
  5. Edit the tag name as needed and click Change Tag.
  6. Click Save. The new tag is associated with the device.

To remove a tag from a device:

  1. Click Device Management > Devices.
  2. Select the device you want to update.
  3. Click More > Edit Tags. The Edit Tags dialog appears.
  4. Click the red X under action to delete the corresponding tag underStream Name.
  5. Click Save. The new tag is associated with the device.

Permalink


Digi Device Cloud (5)

View category →

The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


This article describes how to configure Digi Device Cloud or Digi Remote Manager to send an E-Mail notification when a device goes offline.

Note: This article assumes that you have already created a Digi Device Cloud account or a Digi Remote Manager account, that your device is configured to connect to the cloud and added to your account.

Guidelines for NDS devices (Digi Connect WAN 3G, ConnectPort X etc..) can be found here : Configure a Digi Connect WAN or ConnectPort Gateway for Device Cloud connection

Guidelines for Digi TransPort can be found here : Configuring a Digi TransPort for Remote Manager connectivity

Guidelines for adding a Digi device to the Digi Device Cloud or Remote Manager platform can be found here : Adding a Digi Device to the Digi Device Cloud or Remote Manager Platform and here Add a Digi TransPort to your Remote Manager account

Create an Alarm

1. Log into your Digi Device Cloud or Digi Remote Manager account.
2. Click on the Device Management tab.
3. Click on the Alarms tab.
4. Click on the Add button

User-added image

The Add Alarm window will open.

1. Select Device Offline in the Alarm Type drop down menu.
2. Chose a name for the Alarm. (default is Device Offline)
3. Chose a description for the Alarm. (default is Detects when a device disconnects from Device Cloud and fails to reconnect within the specified time)
4. Chose for how long the cloud should wait before firing an alarm (defaul is 5 minutes. This is recomended in case of cellular devices that can sometimes lose network connectivity due to bad reception and allow it to reconnect)
5. Resets when device reconnects will allow the alarm status to be reset as soon as the device reconnects to the cloud.
6. Chose the Scope of the alarm. It can be per group or per device. Per Group allows to select the root directory (in this case the alarm will be applied to all devices on this account) or a single group.
7. Click Create to create the Alarm.

User-added image

Create an E-Mail Notification

1. Navigate to Admin Account Settings > Notifications
2. Click on the Add button.

User-added image

1. Chose a name for the Notification
2. Chose a Description for the notification. This will be shown in the “Subject” field of the E-Mail
3. Chose an E-Mail address to send the notification to.
4. Select if you wish to receive a daily summary of your alarms and at which time.
5. Check this box to receive an E-Mail notification each time an alarm triggers (Each time a device goes offline this will trigger an alarm which in result will trigger an E-Mail)

User-added image

6. Select “Send notification for the following alarms” and in the box, type the name of previously created alarm, by default “Device Offline” and press enter.
7. In the list, chose the previously created alarm and click on the “+” icon

User-added image

8. Click Save

User-added image

Testing

To test that the Alarms and notification are working, simply disconnect/turn off one of your devices which are monitored by this alarm. After the selected delay triggers, the alarm should fire and you should receive an E-Mail similar to this one :

User-added image

Permalink


The following example shows how to create a task on Digi’s Device Cloud to change the Remote Management Server Address in a TransPort.
Log into Device Cloud
Click on Device Management > Schedules and then click New Schedule
User-added image

Click Start Walkthrough
Type in the description at the top of the screen for the task
On the left menu, select Command Line Interface
For the first command, enter cloud 0 server my.devicecloud.com
On the left menu, select Command Line Interface, again
For the second command, enter config 0 saveall
Then click Schedule at the bottom right hand corner
User-added image

Either select Immediate or Future to schedule when you wish to apply this change
If you choose Future, you will need to use the drop down buttons to specify the date and time and then you will see the scheduled job on the next screen.
If you choose Immediate, it will simply complete the job.
You will need to select the devices you wish to apply these changes to.  If selecting more than one, use the “Ctrl” button to select these.
Select Run Now at the bottom of the screen if you choose Immediate or Schedule if you choose Future.
User-added image

Here are the results for a scheduled job.
User-added image

After the scheduled event, you can check to see if it performed by going to Device Management  >  Operations.  You should be able to see if it successfully completed or not.  You may also click on Operation Details for each individual device.
User-added image
You can also see the changes in each individual device by going to Device Management > Devices, selecting a particular device by double clicking on it, click on Configuration, Remote Management, Remote Manager, Remote Manager Config, then check the Connect to Device Cloud server.  At first you will see the previous server name, but if you click Refresh at the bottom of the page, it will update.
User-added image

Permalink


One very useful aspect of Device Management on the Digi Device Cloud is the ability to view the Connection History of a device.  This of course refers to the connection history of that device as viewed from Device Cloud, and is a record of a device’s connections and disconnections with the server, for whatever reason.

Device Cloud Connection History (from the device UI):

Getting the Connection History from the Data Streams API:

As seen above, the Connection History of a device is something which Device Cloud keeps track of.  A screen like the one above may be useful when wanting to know the current state of a device or what’s been going on with it, but short of taking a screenshot or copying/pasting that information into a text file, the information isn’t very portable.  The good news is, the Connection History is something which is also tracked as a Data Stream, and each of the Connect/Disconnect events is a separate Data Point within that Stream.

To query the Data Stream Connection History if the same device, we must query for the Data Points which make up that Stream as follows:

/ws/DataPoint/{deviceId}/management/connections/

Example Request:  /ws/DataPoint/00000000-00000000-00409DFF-FF5DF1CB/management/connections/

Response (for a single Data Point of the Stream):

<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<result>
<resultSize>206</resultSize>
<requestedSize>1000</requestedSize>
<pageCursor>27f2d9aa-beab-11e5-92dc-fa163ea15feb</pageCursor>
<requestedStartTime>-1</requestedStartTime>
<requestedEndTime>-1</requestedEndTime>
<DataPoint>
<id>f5e6756c-75c8-11e5-8dc1-fa163ee3abab</id>
<cstId>70</cstId>
<streamId>00000000-00000000-00409DFF-FF5DF1CB/management/connections</streamId>
<timestamp>1445194168409</timestamp>
<timestampISO>2015-10-18T18:49:28.409Z</timestampISO>
<serverTimestamp>1445194168412</serverTimestamp>
<serverTimestampISO>2015-10-18T18:49:28.412Z</serverTimestampISO>
<data>{“connectTime”:”2015-10-18T03:14:07.442Z”,”disconnectTime”:”2015-10-18T18:49:28.409Z”,”type”:”Wi-Fi”,”remoteIp”:”213.35.189.122″,”localIp”:”192.168.82.204″,”bytesSent”:70412,”bytesReceived”:69588,”session”:”6b861b2f-bd52-4455-b9fc-dc92693460db”}</data>
<description/>
<quality>0</quality>
</DataPoint>…
</result>

As can be seen in the <resultSize> field, there were 206 Data Points in the response to the query, so I’ve only listed one Data Point as an example of the type of data retrieved from the Connection History Data Stream.

Permalink


HOW TO: Change the Device Cloud Name on Gateways Using Device Manager from the Device Cloud
To change the server name for the Device Cloud connection from your Device Cloud account, you will navigate to the Device Management tab, right click on the desired Digi device and select Properties.

From the Properties screen, navigate to Advanced Configuration > Remote management connection > Remote management connection 1.  Type in the server name (en://my.devicecloud.com) in the Server address field:

User-added image

Click Save to save the changes.  Your device may disconnect from the Device Cloud and reconnect using the new name.

Permalink


NetCloud Engine (82)

View category →

Summary

This article describes the operating systems supported by NetCloud Engine.


 

Cradlepoint Routers

All Cradlepoint Routers require firmware version 6.2.0 or later

  • AER Series: AER16x0, AER2100, AER31x0
  • COR Series: IBR350, IBR6x0B, IBR11x0
  • ARC Series: CBA850

 

Windows

  • Windows 7 Editions: Home Premium, Professional, Ultimate, Enterprise
  • Windows 8 Editions: All
  • WIndows 10 Editions: All, except Metro UI
  • Windows Server 2008 Editions: All
  • Windows Server 2008 R2 Editions: All
  • Windows Server 2008 SP2 Editions: All
  • Windows Server 2012 Editions: All

 

Mac

  • Mac OS X version 10.7 (Lion)
  • Mac OS X version 10.8 (Mountain Lion)
  • Mac OS X version 10.9 (Mavericks)
  • Mac OS X version 10.10 (Yosemite)
  • Mac OS X version 10.11 (El Capitan)
  • iOS 7.x and higher with iOSConnect Beta

 

Linux

  • Ubuntu Server 12.04 and 14.04
  • CentOS 6.4 and 6.5

 

Android

  • Android 4.2.x (Jelly Bean Only) and higher
    • Minimum screen density 160 dpi (MDPI) and ARMv7-A (32-bit) architecture

Permalink


Summary

This article describes the steps to restart the NetCloud Engine Client service on Windows, MAC, and Linux operating systems.


Configuration

Configuration Difficulty: Easy

Windows PC:

  • Step 1: Open a Command Prompt.
  • Step 2: Enter the command net stop pgateway to stop the service.
  • Step 3: Enter the command net start pgateway to restart the service.

MAC:

  • Step 1: Open a Terminal window.
  • Step 2: Enter the command sudo pkill pGateway to restart the service.

Linux:

  • Step 1: Open a Shell window.
  • Step 2: Enter the command sudo service pgateway restart to restart the service.

Permalink


Summary

This article describes the steps necessary to set up file sharing on a Mac computer.


Configuration

Configuration Difficulty: Intermediate

 

Configuring File sharing:

  • Step 1: From the Apple menu select System Preferences

1860_img1.png

  • Step 2: Select Sharing

1860_img2.png

  • Step 3: Check the box on the left “File Sharing”
  • Step 4: Click the + icon at the bottom of Shared Folders to add shared folders

1860_img3.png

  • Step 5: Add folders that will be shared

1860_img4.png

  • Step 6: Click the plus sign under Users to add users that will have access to the folders

1860_img5.png
1860_img6.png

  • Step 7: Select Options

1860_img7.png

  • Step 8a: To share with Macs, make sure AFP is selected
  • Step 8b: To share with Windows, make sure SMB is selected
  • Step 8c: Select accounts to turn file sharing on for

1860_img8.png

File sharing from one Mac to another Mac:

  • Step 1: Select Go and then Network
  • Step 2: Select the device to access files on and click “Connect As”
  • Step 3: Provide the username and password when prompted
  • Step 4: The shared files will now be displayed

To access the new shared folder from your NetCloud Engine Network:

  • Mac – From Finder, select Go and then Network and Shared. Double-click the name of the Mac and provide the username and password to access the share.
  • Windows – From the Windows File Browser, select Network and on the right pane window double-click the name of the Mac and provide the username and password to access the share.

Permalink


Configuration

Configuration Difficulty: Beginner
  • We don’t have to install anything to enable the remote desktop on Ubuntu. All we have to do is go to System > Preferences > Remote Desktop:
  • In the Remote Desktop Preferences window, you can configure the remote desktop connection. If you want others to just see your desktop, but not be able to make changes, enable “Allow other users to view your desktop only”. If they should be able to change settings (e.g. repair your system if there are problems), enable “Allow other users to control your desktop’ as well. Then you should write down the command that you can use on other Linux clients to connect to your desktop.

Permalink


Summary

After a Fedora 20 machine is rebooted, NetCloud Client does not automatically start. There may be a timing issue when the NetCloud Client service starts on Fedora 20. This can me fixed by adding the line “sleep 60” in the start() function of /etc/init.d/pgateway.


#!/bin/bash

# chkconfig: 345 98 81

# Description: The NetCloud Client provides access to the NetCloud Engine Network.

# pidfile: /opt/pertino/pgateway/run/pgateway.pid

# Source function library.

. /etc/init.d/functions

# Source networking configuration.

./etc/sysconfig/network

progdir=/opt/pertino/pgateway

prog=pGateway

pidfile=/opt/pertino/pgateway/run/pgateway.pid

start() {

[ “$NETWORKING” = “no” ] && exit 1

[ -x $progdir/$prog ] || exit 5

sleep 60

# Start daemons. echo -n $”Starting $prog: ”

cd $progdir

daemon ./$prog -f

Permalink


NetCloud Manager (7)

View category →

NETCloud Manager

The default NCM configuration generates the approximate data usage that is presented below. Protocol and carrier overhead can increase these values but these values do provide a generally good rule of thumb for data generated by use of NCM.

IMPORTANT: Things that could dramatically increase your data usage:

  1. Enabling logging, stats and alerting
  2. A high number of events being logged on the router
  3. Firmware upgrades pushed from NCM
  4. Modem disconnecting and reconnecting loops.

Routers managed through NCM:

  • By default, a Connection Pulse that are approximately 66 bytes is sent to NCM every 2 minutes.
    So 720 heartbeats/day x 66 bytes = 47520 bytes/day, 47520 bytes/day x 30 = 1,425,600 bytes/month (1.43 MB/month).
  • By default Usage Reporting that are approximately 10-20KB per report (depending on how many WAN devices are utilized on the Cradlepoint router) are sent to NCM every hour.
    So 20 KB/hour x 24 = 480 KB/day; 480 KB/day x 30 = 14400 KB/month (.014 GB/month or 14 MB/month)
  • By default Log Reports that are approximately 100KB (depending on how many events are logged on the router) are sent to NCM every hour. These reports can vary in size dramatically depending on events that are logged on the router; client connects/disconnect, modem state, etc.
    So a minimum amount of data sent would be 100 KB/hour x 24 hours = 2400 KB/day; 2400 KB/day x 30 = 72000 KB/month (.069 GB/month or 69 MB/month).

Routers not managed through NCM:

  • Every time the router is powered on it sends a 50 byte heartbeat to the NCM Server and then sends a heartbeat every 86400 seconds, (once per day).
    So the volume of data generated is approximately 50 bytes/day x 30 days = 1500 bytes/month (.0000014 GB/month or .0014 MB/month).

(The timers above can be adjusted higher or lower, depending on your data caps).


Advanced Failure Check

A ping packet is 64 bytes of data. If Advanced Failure Check set to an Idle Check Interval to 3600 (1 ping per hour) would generate 64 bytes/hour x 24 hours = 1536 bytes/day.
Then 1536 bytes/day x 30 days = 46080 bytes/month (.000042 GB/month or .042 MB/month).

NOTE: Increasing the time interval on NCM check in or Advanced Failure Check will cause data generation to increase.

Permalink


Summary

This article describes how to set up alerts, export reports, and export logs from NetCloud Manager (NCM).

NOTE: On July 13, 2017, NetCloud Alerts currently generated from the legacy Enterprise Cloud Manager (ECM) will be updated with the name change to NetCloud Manager (NCM). Automated systems that consume this information may need to be updated accordingly.
Email and API Alert changes include:

  • Alert titles will change from “Cradlepoint ECM Alert Notification” to “Cradlepoint NCM Alert Notification”
  • Alert subjects will change from “ECM Alert: <friendly info>” to “NCM Alert: <friendly info>”
  • Emailed Alert summary report subject will change from “ECM Alert Summary” to “NCM Alert Summary”
  • Connection State Alert name will change from “ECM Connection State” to “NCM Connection State”
  • Firmware Upgrade alert name will change from “Firmware Upgrade” to “NetCloud OS Upgrade” with an alert description changing to “The router NetCloud OS was successfully upgraded to X.X.X”

Setting Up Alerts

The Alerts page has two views for tracking device status changes:

  • The Log view shows a list of alerts sent from the routers to NCM.
  • The Settings view shows rules for alerts, including email notifications.

Toggle between these two views by clicking on the buttons at the top left.

User-added image

Alerts are of the following types (see Definitions below):

  • Configuration Change
  • Configuration Rejected
  • Configuration Unacknowledged
  • Ethernet WAN Disconnected
  • Ethernet WAN Plugged In
  • Ethernet WAN Unplugged
  • Data Cap Threshold
  • Device Location Unknown
  • NCM Connection State
  • Firmware Upgrade
  • Geofence Proximity Change
  • Reboot
  • Temperature Limit Exceeded
  • Modem WAN Connected
  • Modem WAN Device Plugged In
  • Modem WAN Device Unplugged
  • Modem WAN Disconnected
  • WAN Service Type
  • Account Locked
  • Failed Login Attempt
  • Intrusion Activity
  • IP Address Banned
  • IPS Engine Failure
  • Successful Login
  • Unrecognized Client
  • WiFi as WAN Connected
  • WiFi as WAN Disconnected
  • WiFi as WAN Network Available
  • WiFi as WAN Network Unavailable

To enable alerts, including emailed notifications, first select the Settings view and then click on Add at the top left. Create an alert notification rule by completing the fields.

User-added image

Complete the following fields to create an alert notification rule:

  • Accounts/Groups (required) – Choose which sets of devices will follow the notification rule. If you select an account, both grouped and ungrouped devices within that account (including all subaccounts) will be assigned to this rule.
  • Alerts (required) – Select the alert types from the dropdown options.
  • Users (optional) – If you want emailed notifications for these alerts, select users from the list to receive those emails. If you just want these alerts logged, leave this field blank.
  • Interval (optional) – Select a time interval from the dropdown options. If you select “Immediately,” an email notification is sent every time one of the selected types of alerts are logged. Otherwise, the alerts are stored over the course of the time interval and then sent together.

Potential NCM Alert Issues

  • Receiving the Email Alert seem to take longer than expected.
    • Once NCM is aware of the alert, it will verify the alert, and send it out to the configured email address. We do not have control over the alert once we have sent it to its destination address.
      • We have seen some mail servers reject, or display abnormally long delays in the alert deliveries.
        • To trouble shoot/verify if this is the issue, configure a different email address with a different domain and test the behavior of the alerts.
  • Times can also vary depending on the number and type of WAN connections being used for this device.
    • If a device only has one internet source, only one connection to NCM, then you can expect delays in the alerts. The alerts are configured in NCM, then NCM lets the router know what to watch for. If the router experiences any issue pertaining to the configured alerts, the router will then report this back to NCM. However the caveat is if the router loses its internet source or connection to NCM, then the router cannot report the issues to NCM until it regains its connection to NCM.
    • In cases where you have more than one internet connection the alerts should be fairly on queue, so long as the router can check into NCM via its second internet connection to report its alerts.

Exporting Reports

Reports allow you to create a summary of information about groups of devices and export that information as a CSV file. Select from several fields to customize your reports. Select the type of report (Data Usage or Signal Quality), a range of dates, the group(s), and identifying fields and then click Run Report to view the report. You also have the option to save the settings of a report for future use.

1366IMG24.png


Exporting Logs

To export a device’s logs as a CSV file, first enable log reporting for the group the device is in. (This is disabled by default because some users won’t use this functionality – it would unnecessarily use data.) Navigate to the Groups page, select the desired group, and click on Settings.

User-added image

In the popup window that appears, ensure that Enable Log Reporting is selected.

User-added image

Once log reporting is enabled, navigate to the Devices page, select the desired device, and click on Export → Export Logs to export the device’s logs as a CSV file.

User-added image


Alert Definitions

  • Account Locked – If Advanced Security Mode is turned on for a device, the account will lock for 30 minutes after six failed attempts to log into the device. To enable this setting, open the configuration pages in Groups or Devices and go to System Settings → Administration. Open the Router Security tab and select Advanced Security Mode.
  • Configuration Change – This displays when there has been a local configuration change. Sample alert: The device configuration has changed.
  • Configuration Rejected – A configuration change that was sent to the device has been rejected.
  • Configuration Unacknowledged – A configuration change that was sent to the device was not acknowledged by the device.
  • Data Cap Threshold – If you have a data cap threshold set, this sends an alert when the threshold is reached. A data cap threshold must be configured under Internet → Data Usage. Sample alert: The (Internal LTE/EVDO Port:int1) rule exceeded 100 percent of its 150 MB daily cycle.
  • Device Location Unknown – Displays when no location has been reported for 24 hours if the device has GPS enabled. If a manual location is being used the alert will not be generated.
  • NCM Connection State – Displays when the device loses or regains its connection to NCM. Sample alert: The device entered the “online” state.
  • Ethernet WAN Connected – An Ethernet WAN device is now active.
  • Ethernet WAN Disconnected – An Ethernet WAN device is no longer active.
  • Ethernet WAN Plugged In – An Ethernet WAN device is now attached.
  • Ethernet WAN Unplugged – An Ethernet WAN device has been removed.
  • Failed Login Attempt – Someone attempted to log into the device administration pages locally and failed. Sample alert: An attempt to log in as the admin user from 192.168.0.142 has failed.
  • NetCloud OS Upgrade – The device NetCloud OS has been upgraded.
  • Geo-fence Proximity Change – Displays whenever the device enters or exits the specified geo-fence.
  • GPIO State Change – A device GPIO pin has changed state. To update the GPIO configuration, open the configuration pages in Groups or Devices, select the System → GPIO Configuration tab. Requires at least 6.0.2 NetCloud OS.
  • Intrusion Activity – This is only relevant for devices with CP Secure Threat Management. Whenever the Threat Management deep packet inspection engine detects an intrusion, the event is recorded in the logs. These events are grouped together for 15 minutes and then reported in NCM, so even if you select “Immediately” in the Interval field below, an emailed alert might not arrive for approximately 15 minutes after an intrusion. Intrusion Activity alerts include the intrusion details and the action taken by the engine (e.g., “Blocked”). To edit Threat Management settings, open the configuration pages in Groups or Devices and select Network Settings → Threat Management. For more information about Threat Management, visit the Knowledge Base article.
  • IP Address Banned – If the Ban IP Address setting is turned on for a device and someone from a particular IP address attempts and fails to log into the device administration pages six times, that IP address will be banned for 30 minutes. To enable this setting, open the configuration pages in Groups or Devices and go to System Settings → Administration. Open the Router Security tab and click on Advanced Security Mode. Select the Ban IP Address option.
  • IPS Engine Failure – This is only relevant for devices with CP Secure Threat Management. In the unlikely event that the Threat Management engine fails, an alert is logged. You can set the router to either allow or deny traffic with a failed engine: to edit this setting, open the configuration pages in Groups or Devices and select Network Settings → Threat Management. For more information about Threat Management, visit the Knowledge Base article.
  • IPSec Tunnel Down – An IPSec tunnel that was successfully connected has gone down.
  • Modem WAN Connected – A modem WAN device is now active.
  • Modem WAN Device Plugged In – A modem WAN device is now attached.
  • Modem WAN Device Unplugged – A modem WAN device has been removed.
  • Modem WAN Disconnected – A modem WAN device is no longer active.
  • Modem WAN Standby – A modem WAN device is now in standby. This means the modem is connected to the carrier, but is not sending any data. A modem in standby will failover faster than a modem not in standby. Standby can be turned on in the router’s configuration in the Connection Manager grid.
  • Reboot – Displays when the device has been rebooted. Sample alert: The device has been rebooted.
  • Rogue Access Point Detected – Displays after running a WiFi site survey when a rogue access point not marked as known is detected broadcasting the same SSID as the device running the site survey. This helps identify potential access point hijacking, evil twin, and man-in-the-middle WiFi attacks.
  • Router App Custom Alert – A custom alert that is generated by the custom code inside a router app.
  • Router App Execution State Changed – A router app that is running on a group goes into a different execution state (start, stop, error, etc).
  • Unexpected Router App Installed – An unexpected router app is found installed, an expected router app is unexpectedly uninstalled, or a router app unknown to the system is found installed.
  • Successful Login – A user has logged into the router locally (requires at least NetCloud OS 5.0.1).
  • Temperature Limit Exceeded – For products with an internal temperature sensor (COR IBR1100 and IBR1150) and configured temperature limits, this alert displays when one of those limits is reached. To set these temperature limits for the COR IBR1100 Series, open the configuration pages in Groups or Devices, select System Settings → Administration, and click on the Temperature tab.
  • Unrecognized Client – A client with an unrecognized MAC address has attempted to connect to the device. MAC logging must be enabled for this alert to display. In the configuration pages, go to: Network Settings → MAC Filter / Logging to enable MAC logging.
  • WAN Service Type – A WAN device has changed its service type, such as switching from 3G to 4G. Possible service types include: DHCP, LTE, HSPA+, etc. Sample alert: The lte-2ae6ec8e service type has changed to LTE.
  • WiFi as WAN Connected – WiFi as WAN is now active.
  • WiFi as WAN Disconnected – WiFi as WAN is no longer active.
  • WiFi as WAN Network Available – A WiFi as WAN network is now attached.
  • WiFi as WAN Network Unavailable – A WiFi as WAN network has been removed.
  • Zscaler TLS Tunnel State – This displays the state of the Zscaler TLS tunnel when using Zscaler Internet Security in TLS Tunnel mode. If there is a connection error more information can be found in the router’s system log.

Permalink


For customers with NetCloud Manager (NCM), there are three main ways to edit a device’s configuration: in NCM, through Group and Device configurations, and locally, through the router’s own administrative page.

  • NCM Group configuration has the lowest priority.
  • NCOS Local configuration has high priority.
  • NCM Device configuration has the highest priority.

The router’s default configuration is used as a basis for comparison for configuration files. It is overwritten by any custom local configurations or NCM configurations.

The Group configuration in NCM is overwritten by both the custom Local router configuration and the Device configuration in NCM.

The NCM Device and Local router configurations are synonymous in most cases. When making a configuration change at the local level, the changes will then sync with the NCM Device level, and vice versa. The two scenarios where the NCM Device level configuration will override Local changes are:

  • when conflicting changes are made at both the Local and NCM Device level while the device is offline. Once brought online and checks into NCM, the NCM Device level changes will have priority.
  • when a new change is made locally while the NCM Device level configuration is still syncing the previous change. The new change will be overwritten by the last NCM Device level configuration once the sync completes.

In general, the preferred method for managing devices that are registered in NCM is through the Group configuration. If there are more specific settings needed for individual devices, use the Device configuration in NCM. For example, it is possible to make the administration password standard for an entire group, and then create individual SSIDs for each device – both through NCM.

Troubleshooting

If most of the devices in a group are functioning as intended, but one member of the group is not behaving the same as the others, there may be a device level configuration that is overriding the group configuration. To remove the Device configuration and keep the Group configuration, log in to NetCloud Manager, select the Devices tab, highlight your router, click Configuration and select Clear

Clear Device configuration


 

Determining where a router gets its configuration

The individual config symbol found on the NCM Devices page indicates that the router is running a non-default configuration. The same symbol, when found on the NCM Groups pages tells us that the group contains one more routers that are running configuration settings that do not match the router default or the group configuration. (Tip: clicking the individual config symbol on the Groups page will automatically display all routers with unique configurations.)

The Configuration Summary option in NCM displays a color-coded output of the router’s configuration. The target configuration displays the total sum of the different configurations the router is running:

  • settings in purple are pulled from the Group configuration in NCM
  • settings in green are pulled from the Device configuration in NCM
  • settings in grey exist only on the router’s local configuration file, and are not synced to the Device configuration in NCM (possibly because the config sync was suspended, or the router went offline before syncing)

User-added image


 

Resetting a Router Managed in NetCloud

If you factory reset a device that is managed by NetCloud Manager, the Cradlepoint will automatically connect to the internet, check back in with NetCloud Manager and re-apply the Group and Device configuration stored in NetCloud. To get the device to a factory default state, the NetCloud Device and Group configuration need to be removed from the device.

To factory reset a device that is in NetCloud Manager, do the following first before trying a software or hardware reset, otherwise, it will be reverted to its previous configuration.

Step 1: Log in to Netcloud Manager. Open the Devices tab and select your Cradlepoint Router.
Step 2: If the device is in a group: highlight the router, click “Move”, select the parent account, and click “Ok”.

Highlight your router and select "move"
Select the root account and click "ok"

Step 3: Once the device is removed from the group, highlight your router, click “Configuration” and select “Clear”.

Highlight your router, click "Configuration" and select "Clear"

Step 4: Once the router has been removed from its group and the device level configuration has been cleared, you can factory reset by clicking “Commands” and selecting “Restore to Defaults”. You may also use the hardware reset button or System > System Control > Device Options > Factory Reset Router in the local web interface.

Highlight your router, click "Configuration" and select "Clear"

Permalink


NetCloud Manager: Traffic Analytics

The following products do not support Traffic analytics:

  • Series 2 Devices
  • CBA850
  • CBA750B
  • CBA400
  • CBA450
  • MBR1200B
  • MBR1400
  • IBR350
  • IBR1100
  • IBR1150
  • IBR600B
  • IBR650B
  • IBR600
  • IBR650

Click here to identify your router.


Quick Links

Summary

Configuration

Troubleshooting

Related Articles


Summary

This article is intended to guide the user through navigating, configuring, and understanding the NetCloud Manager Traffic Analytics feature.

Enabling the Traffic Analytics feature requires NCM Enterprise.  To learn more about NCM Enterprise, including setting up a demo, please visit Network Management & Applications .


Configuration

Enabling Traffic Analytics Difficulty: Beginner

Traffic analytics can be enabled through NCM under the account dashboard or in the device dashboard after selecting specific device.

To enable Traffic Analytics, follow the directions listed below.

Step 1: Log into your NCM account
Step 2: If your router is not already registered to NCM, refer to this article for help registering your device to NCM.  Otherwise, skip to the next step.

User-added image

Step 3: Click on the Dashboard tab.
Step 4: Click on Traffic tab underneath the Dashboard menu.
Step 5: Click on the Settings button.
User-added image
Step 6: Find the device you wish to enable Traffic Analytics on on (either through the list or through the search bar) and check the associated box.
Step 7: Click on the Enable button above the top of the devices table, and then click on “Client and Traffic”.
User-added image
Step 8: The prompt will ask if you are sure you wish to enable the feature, select Yes.

Note: After enabling Traffic Analytics for a device it will take 24 hours to start showing reported data.

Note: The same process can be completed through the device dashboard by clicking the same Traffic menu button.

Dashboard vs Device Level

Traffic Analytics can be found under both the account dashboard and the device dashboard.
User-added image

Account Traffic Analytics can be viewed by clicking on the Dashboard button and clicking on the Traffic button under the account dashboard menu.
User-added image

Device Traffic Analytics can be viewed by clicking on the Devices button, selecting the desired device from the list, and clicking on the Traffic button under the devices dashboard menu.
Both Client Data Analytics pages will present the same information, but the device level will only present information on clients connected to that particular device.

Adjust Data Range and Category Difficulty: Beginner 

The Traffic Analytics page has settings to specify the desired data range time period, the category of traffic to present on the page and data source information.  This can help present only the relevent information desired for a particular user.  To change these settings follow the directions listed below:

Step 1: Log into your NCM account.
User-added image
Step 2: Access the Traffic Analytics page through the account or device dashboard
User-added image
Step 3: To change the data range, click on the Data Range field and select from YesterdayLast 7 DaysLast 15 DaysLast 30 Days, or Custom Range to specify a broader date range.
User-added image
Step 4: To change the data source, click on the Data Source field and select from AllEthernet, WiFi, or Unknown to specify what types of client data types you want to have displayed.
User-added image
Step 5: You see which categories of data and applications are using what percentage of the total data used by scrolling down to the Top Categories and Top Applications sections.
User-added image
Step 6: You can view what percentage of your data is being used by which category and which application by scrolling down to the Percent of Total Usage and Data Usage by Day sections.
User-added image
Step 7: Filter the type of data displayed by category by clicking on the drop down menu for Category.
User-added image
Step 8: Filter the type of data displayed by application by clicking on the drop down menu for Application.
User-added image
Step 9: The last section of the page shows Data Usage by Category, Application, RouterClient, or Day.  Select one of these filters to view specific data usage numbers such as total data usage, download and upload data for the selected filter.

Troubleshooting

  • No traffic statistics displayed

If you are viewing the Traffic Analytics page on the Dashboard and there is nothing displayed, please check the following:

Traffic Analytics may not have enabled for the device.
The device might have been added recently (within 24 hours) and does not yet have data to display.

  • “Not Available” displayed in app category field

    Traffic category/application may result in “Not Available” when the application engine cannot categorize the traffic.  This may be caused if:

1. Application is not one of the applications identified by the engine; including any home-grown applications

2. Traffic is tunneled/encrypted not allowing the engine to inspect the application

 

Permalink


Summary

The NetCloud Manager Dashboard gives an analytics overview of your devices, particularly your WAN interfaces, using charts and tables. Data is displayed for the last 30 days.


Dashboard Sub-tabs

The dashboard contains the following sub-tabs:

  • Home – displays views of the following:
    • Routers/APs Online
    • Routers/APs Offline
    • Routers/APs Initialized
    • Total (devices)
    • Ethernet WAN Data Usage
    • Modem Data Usage
    • WiFi as WAN Data Usage
    • Connected Modem Count by Home Carrier
    • Connected Modem Count by Service Type
    • Device Count by Product
    • WAN Data Usage by Day
    • Group Status Overview
    • Alerts by Type
    • Modem Devices over 1 GB
  • GeoView – displays a map with the physical locations of the devices in an account which have location services enabled.
  • Uptime – displays uptime views for the following:
    • Total WAN Uptime
    • Daily WAN Uptime
    • Group Uptime
    • Router Uptime
  • Modem Usage – displays modem usage views by the following categories:
    • Connected Modem Count by Home Carrier
    • Data Usage by Carrier
    • Carrier Data Usage by Day (within billing period)
    • Carrier Data Usage Forecast
    • Group Data Usage by Carrier
    • Device Data Usage by Carrier
  • Clients – displays views of client usage by the following:
    • Client Source
    • Clients Connected by Day
    • Average Clients Per Day
    • Total Number of Clients
    • Average Usage Per Client
    • Average Download Per Client
    • Average Upload Per Client
    • Top 10 Clients
    • All Clients
  • Traffic – displays views of traffic data by the following categories:
    • Top Categories
    • Top Applications
    • Percentage of Total Usage
    • Data Usage by Day
    • Average Usage Per Day
    • Average Download Per Day
    • Average Upload Per Day
    • Data Usage by
      • Category
      • Application
      • Router
      • Client
      • Day

 


Hints for using the Dashboard

 

  • Modems without an active connection (e.g., modems that are set for failover) may not always show the carrier or service type in the modem count charts.
  • Click on a group name in Group Status Overview to link to a list of that group’s devices displayed on the DEVICES page.
  • Click on an alert type in Alerts By Type to link to a list of alerts of that type displayed on the ALERTS & LOGS page.

 


WAN Data Usage by Day

 

  • A “day” is defined by a 24-hour period beginning at midnight UTC (Coordinated Universal Time). Depending on the device’s time zone, a “day” might begin at, e.g., 8:00 p.m. local time. (Compare your local time to current UTC.)
  • The data is summarized at the end of each 24-hour period, so today’s data will not appear in this chart until tomorrow, after that summary is completed.
  • Highlight a section of the graph to drill down to view data for just a few dates. Click the Reset zoom button to return to the 30-day view.
  • Click on a WAN type (e.g., “Ethernet”) to toggle its display.

Permalink