- FIRMWARE VERSION
- GOLDEN CONFIGURATION
- INITIAL CONFGURATION
- ADDITIONAL CONFIGURATION OPTIONS
- DESIGN RECOMMENDATIONS
This document is intended to assist users in configuring a CradlePoint CBA750B in IP Passthrough Mode to act as a transparent bridge and provide the carrier’s IP address to an internal router, firewall (Cisco, Juniper, etc…) or computer. The Cradlepoint CBA750B does have NAT capabilities, but is not designed to function as a NAT router.
- CradlePoint CBA750B
- Modem with SIM card provisioned by a cellular network provider (Verizon, AT&T, Sprint, etc..) – we recommend the enterprise gradeCradlepoint MC200 modem cap.
- Internal router, firewall or computer
The firmware version that was used for the preparation of this document was 5.1.1
This configuration file has Advanced Failure Check set to use Passive DNS in the Common Defaults Advanced Configuration Rule. This will apply the Advanced Failure Check using Passive DNS to all WAN interfaces to force failover in the event of network failure upstream of the router. The Subnet Selection Mode for IP Passthrough is set to “Force 24 Subnet” to hand out a 24 bit subnet mask and a gateway of +1 of WAN IP address.
Download CBA750B Golden Configuration File
Series 3: Backing Up and Restoring CradlePoint Router Config Settings
- Connect the modem to the USB1 port of the CBA750B, then apply power to the CBA750B using the included power supply or a Power-over-Ethernet switch (Cradlepoint implements the 802.1af PoE specification). Connect a computer to the CBA750B’s Ethernet port.
- The CBA750B will attempt to connect using the modem. When the CBA750B’s USB1 LED turns solid green, this indicates the modem has connected. If the USB1 LED continues to flash and does not go solid, you should verify with your carrier that the SIM Card or Modem has been provisioned before calling CradlePoint Support for assistance.
- If you have a static IP address and the modem is not connecting, try setting the APN.
- From the computer connected to the CBA750B, open a browser (we recommend Chrome or Firefox) and access the Administration Pages at http://192.168.0.1. Log in to the CBA750B using the default administrator password (the last 8 characters of the CBA750B’s MAC Address).
- The First Time Setup Wizard is optional – for the purpose of this document, we recommend skipping this step.
- If you have a static IP address, complete the following steps: If not, skip to step #6.
- Navigate to Network Settings > Local Networks, select the Primary LAN and click Edit.
- Select the IPv4 Settings tab and set the Subnet Selection Mode to “Force 24 Subnet” and click Submit.
- Check the modem’s signal strength by going to Status > Internet Connections. Make note of the Service Display, RSSI, and SINR, CINR, or EC/IO which are dependent on connection type as to whether they are displayed. (Information regarding signal values can be located here). If you have a static IP address, verify that the correct IP address is listed.
- Navigate to Internet > Connection Manager, select the modem and click the Edit button.
- Click on Advanced IPv4 Failure Check, select Passive DNS from the “Monitor while connected” drop-down box, click Submit.
- Once the modem is connected with good signal, go to System Settings > System Control > Advanced Ping Test and run the ping test to a URL (e.g. google.com) to verify connectivity.
- You can now disconnect your computer and connect your CBA750B to your router or firewall.
- “Force 24 Subnet” – this setting will alleviate the issue where you are assigned IP addresses in the same network at multiple locations, or an IP address and subnet mask combination that designates the IP address as a non-usable network or broadcast address and is rejected by an internal router.
- “Force 31 Subnet” – this setting is used when you have two CBA750Bs with IP addresses in the same network connected to the same internal router, which would cause overlapping routes. This option also requires that the internal router supports the /31 subnet mask.
- “Custom Subnet” – this setting is used to specify a subnet mask of your choice. One example would be to use a /30 mask if your internal router does not support the /31 mask.
- PoE: Power-over-Ethernet allows you to place the CBA750B in a location where you are able to get optimal signal and not have to worry about an available power outlet. It also eliminates the power cabling, providing for a cleaner installation. Cradlepoint implements the 802.1af PoE specification.
- IP PassThrough Switch: There is a physical switch located on the side of the CAB750B. It was added as a convenience for switching the router from IP Passthrough mode to Config mode. We recommend not using this switch unless absolutely necessary as it does make changes to the configuration that may not be desirable, such as setting the Subnet Selection Mode to “auto”.
The CBA750B uses a MAC binding feature when in IP Passthrough Mode to restrict the IP address being passed through to a single device. When switching between devices connected to the ethernet of the CBA750B, power cycle the CradlePoint to clear this MAC binding to ensure proper functionality to the newly connected device.
LTE spec defines the MTU at 1428. As a best practice you will need to avoid excessive fragmentation for efficient application data traffic flow. It is recommended that you follow the MTU\MSS design guide to avoid fragmentation: http://knowledgebase.cradlepoint.com/articles/Support/MTU-MSS-Design-Considerations
Additionally, IP Source Violations (where the source IP packet is not the IP issued by the cellular carrier) will cause the carrier to briefly disconnect the modem. This disconnect in most cases is quick to recover and has been labeled “structured packet loss” . Since the CBA750B is a transparent bridge you are required to NAT all traffic to the IP address assigned by your carrier on your network hardware. The most common offender of IP source violation is ancillary traffic source directly from the router like NTP, SNMP, TACACS, and Syslog.
IP source violations were fixed in our 5.0.0 firmware by forcing the router to drop packets that are sourced from any IP other than the routers WAN IP (passthrough IP). If you are experiencing modem reconnection loops, make sure you are running firmware 5.0.0 or later.