Series 3: How do I configure IP Pass-Through on my CradlePoint router?
This article describes how to configure IP Passthrough (Bridge Mode) on a capable Series 3 Cradlepoint router. Additionally, in the Best Practices section, this will assist users in configuring a Series 3 Cradlepoint in IP Passthrough Mode to act as a transparent bridge and provide the carrier’s IP address to an internal router, firewall, or computer.
Configuration Difficulty: Novice
Things to know before getting started: When IP Passthrough (IPPT) is enabled, the first device connected to the router receives the modem’s public IP address. This means that any OTHER devices connected to the router will not be able to access the internet. IP Passthrough cannot be used in conjunction with port forwarding or NAT rules.
Important: Traffic analytics data IS NOT available for devices operating in IP Passthrough mode.
There are two ways to configure IP Passthrough:
- Use the IP Passthrough Setup wizard
- Configure your primary LAN for IP Passthrough
Method One—Use the IP Passthrough Setup Wizard
1. Log into the router’s NCOS Page. For help with logging in see Accessing the Setup Pages of a Cradlepoint router.
2. Navigate to SYSTEM > Setup Wizards > IP Passthrough Setup.
3. Select the Subnet Selection Mode:
- Automatically Create Subnet—The router will dynamically create the subnet mask based on the WAN connection being used. This is the recommended mode.
- Force 24 Subnet—Forces a subnet of 255.255.255.0 and uses the first available address in the network as the gateway. This is for compatibility with equipment that may not handle modem addressing schemes and should not be used unless necessary.
4. Select the I want to enable IP Passthrough checkbox.
5. Click the Enable IP Passthrough button. The IP Passthrough Setup wizard automatically applies the settings for enabling IP Passthrough.
Figure 1: IP Passthrough Setup Wizard
Method Two—Configure the Local IP Network settings
1. Log into the router’s NCOS Page. For help with logging in see NCOS: Accessing the Setup Pages of a Cradlepoint router.
2. Navigate to NETWORKING > Local Networks > Local IP Networks.
Figure 2: Navigate to NETWORKING > Local Networks > Local IP Networks
3. Select the checkbox for Primary LAN, then click the Edit button.
Figure 3: Edit the Primary LAN
4. (This step is only necessary for WiFi capable products) Select the Interfaces tab in the Primary LAN Editor. Under Selected Interfaces move all WiFi interfaces to Available Interfaces using the arrows between. A LAN in IP Passthrough mode cannot have WiFi interfaces attached to it.
Figure 4: Move all WiFi Interfaces
5. Select the IPv4 Settings tab and change the IPv4 Routing Mode to IP Passthrough.
6. Click the Save button.
7. Verify that the Internet is still available on the connected computer.
8. Verify that the IP address is the same as the modem’s IP.
If the connected computer is receiving the passthrough address but the IPPT connection fails when the Cradlepoint is plugged into a different device, consider the following:
- IP Passthrough may require a MAC address bound to it to work properly. Add the MAC address for the device being configured for IPPT to the Passthrough Reservation field on the IPv4 Settings tab in the Primary LAN Editor (see Figure 5: Change the IPv4 Routing Mode) and click the Save button.
If IP Passthrough works (device behind router receives the modem’s IP address) but you are unable to open ports, consider the following:
- Many 4G networks assign private, double-NAT’d private IP addresses. Often these IP addresses start with 10.x.x.x. If you have this type of IP address, no port forwarding or remote access will be possible due to the cellular carrier’s network configuration. This is not a limitation imposed by the Cradlepoint router.
- In IPPT mode the device is not performing any routing, so it is very likely that the cellular carrier is blocking ports.
- If the Cradlepoint router is unable to acquire a connection through the modem it will automatically issue your device a DHCP IP address. This can also occur if the router detects the computer connected BEFORE it connects to the modem. Performing an IP refresh/renew on your device will typically resolve this error.
Series 3: IP Passthrough Best Practices
Configuration Difficulty: Novice
- Step 1: Log into the router’s Setup Page. For help with logging in please view Accessing the Setup Pages of a Cradlepoint router
- Step 2: For Instructions on configuring the Cradlepoint for IP Passthrough, please consult read the first portion of this article.
- Step 3: Ensure the placement of the Cradlepoint gives the optimal signal strength and clarity. For more information on how to determine signal strength please view NCOS: How to determine the signal strength on a cellular modem through a Cradlepoint router. For more information on signal strength values, please consult Minimum Mobile Broadband Data Connection Signal Values.
- Step 4: For 6.0 NCOS, verify the Internet connection is working by going to System > Diagnostics, then using the PING TEST and run the ping test to a URL (e.g. google.com)
- For any NCOS prior to 6.0 navigate to SYSTEM SETTINGS > SYSTEM CONTROL to find the ping test.
Subnet Selection Mode
This option overrides the subnet mask that is assigned to the modem from the carrier. In some cases, the assigned static IP addresses are in the same network at multiple locations, or a subnet mask that would designate that the IP address is a non-usable network or broadcast address and cause the internal router to reject it. In these cases, it is necessary to force a different subnet mask.
- “Force 24 Subnet” – This is the recommended setting. This setting will alleviate the issue where an are assigned IP addresses in the same network at multiple locations, or an IP address and subnet mask combination that designates the IP address as a non-usable network or broadcast address and is rejected by an internal router.
- “Force 31 Subnet” – this setting is used when two IP addresses in the same network are connected to the same internal router, which would cause overlapping routes. This option also requires that the internal router supports the /31 subnet mask.
- “Custom Subnet” – this setting is used to specify a custom subnet, such as a /30 in a scenario where the internal router doesn’t support the /31 subnet mask.
>Ethernet Cycle Time
This option will disable the Ethernet ports on the Cradlepoint by the specified interval (10 seconds is default) when the internet IP address is obtained. This will usually cause the end device to request a new IP address because the physical interface goes down. When the Cradlepoint first boots up a private IP address will be handed out via DHCP (if enabled). For some devices it could be important to set the DHCP lease time to 2 minutes when receiving a dynamic IP address from the Carrier or ISP. If there is only one internet source with a static IP address that the Cradlepoint is receiving, this option can be disabled and then statically set the IP address and Gateway on the end device.
Note: Cisco devices usually will not release the IP address when the interface goes down and is important to lower the DHCP renewal interval as to properly obtain the correct IP from the Cradlepoint.
If after following the above instructions and are unable to maintain an internet connection, please review the following information.
Cradlepoint Routers operating in IP Passthrough mode utilize a MAC binding feature to restrict access to the passed through IP address to a single client device. When moving the ethernet cable between clients a power cycle is required for the Cradlepoint, to ensure full functionality is provided to the new client.
LTE spec defines the MTU at 1428. As a best practice try and avoid excessive fragmentation for efficient application data traffic flow. It is recommended to follow the MTU\MSS design guide to avoid fragmentation: