Call Us at 888-550-8728

How do I configure a CradlePoint CBA750B in IP Passthrough Mode?



This document is intended to assist users in configuring a CradlePoint CBA750B in IP Passthrough Mode to act as a transparent bridge and provide the carrier’s IP address to an internal router, firewall (Cisco, Juniper, etc…) or computer.  The Cradlepoint CBA750B does have NAT capabilities, but is not designed to function as a NAT router.


  • CradlePoint CBA750B
  • Modem with SIM card provisioned by a cellular network provider (Verizon, AT&T, Sprint, etc..) – we recommend the enterprise gradeCradlepoint MC200 modem cap.
  • Internal router, firewall or computer


The firmware version that was used for the preparation of this document was 5.1.1


This configuration file has Advanced Failure Check set to use Passive DNS in the Common Defaults Advanced Configuration Rule.  This will apply the Advanced Failure Check using Passive DNS to all WAN interfaces to force failover in the event of network failure upstream of the router.  The Subnet Selection Mode for IP Passthrough is set to “Force 24 Subnet” to hand out a 24 bit subnet mask and a gateway of +1 of WAN IP address.

Download CBA750B Golden Configuration File

Series 3: Backing Up and Restoring CradlePoint Router Config Settings


  1. Connect the modem to the USB1 port of the CBA750B, then apply power to the CBA750B using the included power supply or a Power-over-Ethernet switch (Cradlepoint implements the 802.1af PoE specification).  Connect a computer to the CBA750B’s Ethernet port.
  2. The CBA750B will attempt to connect using the modem. When the CBA750B’s USB1 LED turns solid green, this indicates the modem has connected. If the USB1 LED continues to flash and does not go solid, you should verify with your carrier that the SIM Card or Modem has been provisioned before calling CradlePoint Support for assistance.
    • If you have a static IP address and the modem is not connecting, try setting the APN.
  3. From the computer connected to the CBA750B, open a browser (we recommend Chrome or Firefox) and access the Administration Pages at Log in to the CBA750B using the default administrator password (the last 8 characters of the CBA750B’s MAC Address).
  4. The First Time Setup Wizard is optional – for the purpose of this document, we recommend skipping this step.
  5. If you have a static IP address, complete the following steps:  If not, skip to step #6.
    1. Navigate to Network Settings > Local Networks, select the Primary LAN and click Edit.    User-added image
    2. Select the IPv4 Settings tab and set the Subnet Selection Mode to “Force 24 Subnet” and click Submit. User-added image
  6. Check the modem’s signal strength by going to Status > Internet Connections. Make note of the Service DisplayRSSI, and SINR, CINR, or EC/IO which are dependent on connection type as to whether they are displayed. (Information regarding signal values can be located here).  If you have a static IP address, verify that the correct IP address is listed.                                                            User-added image
  7. Navigate to Internet > Connection Manager, select the modem and click the Edit button. User-added image
  8. Click on Advanced IPv4 Failure Check, select Passive DNS from the “Monitor while connected” drop-down box, click SubmitUser-added image
  9. Once the modem is connected with good signal, go to System Settings > System Control Advanced Ping Test and run the ping test to a URL (e.g. to verify connectivity.User-added image
  10. You can now disconnect your computer and connect your CBA750B to your router or firewall.


Subnet Selection Mode (from Initial Configuration step 6):
This option overrides the subnet mask that is assigned to the modem from the carrier.  In some cases, you may be assigned static IP addresses in the same network at multiple locations, or a subnet mask that would designate that the IP address is a non-usable network or broadcast address and cause the internal router to reject it.  In these cases, it is necessary to force a different subnet mask.
  • Force 24 Subnet” – this setting will alleviate the issue where you are assigned IP addresses in the same network at multiple locations, or an IP address and subnet mask combination that designates the IP address as a non-usable network or broadcast address and is rejected by an internal router.
  • Force 31 Subnet” – this setting is used when you have two CBA750Bs with IP addresses in the same network connected to the same internal router, which would cause overlapping routes.  This option also requires that the internal router supports the /31 subnet mask.
  • Custom Subnet” – this setting is used to specify a subnet mask of your choice.  One example would be to use a /30 mask if your internal router does not support the /31 mask.
  • PoE:  Power-over-Ethernet allows you to place the CBA750B in a location where you are able to get optimal signal and not have to worry about an available power outlet. It also eliminates the power cabling, providing for a cleaner installation. Cradlepoint implements the 802.1af PoE specification.
  • IP PassThrough Switch:  There is a physical switch located on the side of the CAB750B.  It was added as a convenience for switching the router from IP Passthrough mode to Config mode.  We recommend not using this switch unless absolutely necessary as it does make changes to the configuration that may not be desirable, such as setting the Subnet Selection Mode to “auto”.
TROUBLESHOOTING:If after following the instructions on the previous page, you are unable to maintain an internet connection, please review the following information.

The CBA750B uses a MAC binding feature when in IP Passthrough Mode to restrict the IP address being passed through to a single device. When switching between devices connected to the ethernet of the CBA750B, power cycle the CradlePoint to clear this MAC binding to ensure proper functionality to the newly connected device.

LTE spec defines the MTU at 1428.  As a best practice you will need to avoid excessive fragmentation for efficient application data traffic flow. It is recommended that you follow the MTU\MSS design guide to avoid fragmentation:

Additionally, IP Source Violations (where the source IP packet is not the IP issued by the cellular carrier)  will cause the carrier to briefly disconnect the modem. This disconnect in most cases is quick to recover and has been labeled “structured packet loss” . Since the CBA750B is a transparent bridge you are required to NAT all traffic to the IP address assigned by your carrier on your network hardware. The most common offender of IP source violation is ancillary traffic source directly from the router like NTP, SNMP, TACACS, and Syslog.

IP source violations were fixed in our 5.0.0 firmware by forcing the router to drop packets that are sourced from any IP other than the routers WAN IP (passthrough IP).  If you are experiencing modem reconnection loops, make sure you are running firmware 5.0.0 or later.

← FAQs