Configuring Out of Band Management

Jesse Rothschild

How to configure out-of-band management on Cradlepoint routers

This document introduces Advanced Out-of-band Management (OOBM) and provides instructions for configuring OOBM on supported Cradlepoint endpoints.

Quick Links

Use the following links to quickly navigate this document.


This document provides information on configuring the Out-of-band via Remote Connect feature on Cradlepoint endpoints for the troubleshooting of attached devices, that can be managed via a standard RS232 console interface. Once enabled, Remote Connect is used to establish a remote session to a Cradlepoint endpoint, which then redirects the SSH or Telnet traffic to the attached console cable.

The Out-of-band Management feature requires a minimum NetCloud OS version of 6.1.0 and above.


To configure OOBM, you must set up the hardware (cabling and connectors) and then configure the endpoint for OOBM via NetCloud Manager (NCM).

Products Supported

Pleas refer to the following table to determine which products support Advanced Out-of-band Management(OOBM).

Connection Type Supported Endpoints Type of Connector Notes
  • IBR1100/IBR1150
  • IBR1700
RS-232 DB9 Female Serial cables are available from 3rd-party suppliers.
  • IBR200
  • IBR600/IBR650
  • IBR600B/IBR650B
  • IBR600C/IBR650C
  • IBR900
  • IBR1100/IBR1150
  • AER1600/AER1650
  • AER2100
  • AER2200
  • CR4250*
  • E300
  • E3000
USB Type-A Female 1, 2, 4, 8-port USB-to-serial hubs can be used for out of band management to multiple devices. USB-to-serial hubs or adapters must use the FTDI chipset to be compatible and are available from 3rd-party suppliers.

* 1, 2, 4 Port USB-to-Serial hubs supported on CR4250 USB3 port only. 8-Port hubs are not supported at present on the CR4250.

RJ45 Serial Console
Outbound Mgmt Only
  • CBA850
Inbound Mgmt Only
  • AER3100/AER3150
  • AER2200
  • CR4250
  • E3000
RJ45 Cradlepoint RJ45 Rollover Serial Console Cable

  • 7ft – Part #170663-000
  • 14ft – Part #170663-001

Note: “Out-of-band Manager” and “Connect to Device UI” are licensed features under Remote Connect. Feature entitlement for Remote Connect is based on the level and the subscription purchased. Please see the following table for license info.

Remote Connect License  Solution Packaging
Essentials Branch Connectivity
Essentials Mobile
Advanced Branch LTE Adapters
Advanced IoT

Serial Redirect Setup

Use the following steps to enable and configure a Cradlepoint router’s software settings for serial redirection.

NOTE: Software setup is not required for Cradlepoint routers using RJ45 console-port connections.

  1. Log into NetCloud Manager.
  2. On the DEVICES dashboard, click the checkbox for the router to connect, and then click on the Remote Connect drop-down menu.
  3. Select Connect to Device UI to open the Remote Connect dialog.
  1. Click on SYSTEM in the left-hand navigation menu, and then select Serial Redirector.
Configure Cradlepoint Out-of-Band Management
  1. Place a check mark next to Enabled in the Telnet to Serial Configuration area, and then click the Save button.
NOTE: If there is a problem with detecting the adapter, the Server Status field will display Starting and never change. This usually means the adapter is not supported by the router.
  1. In the USB Serial Adapter Configuration section, set the values to match those used by your device.
Place 1601_FW6_img4.png here
  1. Click the Submit button again if additional changes were made.

NOTE: Some routers require slightly different settings than the Cradlepoint’s default router settings. If the console window does not display text correctly (such as inserting a blank row between each line of text), change the Cradlepoint’s Linefeed setting to a different value and then try again.

Return to Top

Connection Methods

Client software is required to open SSH/Telnet connections to Cradlepoint routers. The SSH/Telnet client software, PuTTY, is used in the following procedures. For more information on installing and using PuTTY, refer to Download PuTTY.

SSH-to-Serial (Secure Connection)

The recommended, secure method to access your hardware is to first establish an SSH session to the Cradlepoint router. Establishing SSH sessions to Cradlepoint routers can be done in any of the three following ways:

NOTE: To connect to the Cradlepoint router using client software, the router must have a publicly routable WAN IP address. See NCOS: How to determine if you have a publicly routable IP address for more information.
  1. Open your SSH client software (PuTTY, in this example) and type in the public IP address and port for the Cradlepoint router in the Host Name (or IP Address) and Port fields.
    1. Select SSH for the Connection type.
    2. Click the Open button to establish an SSH connection to the Cradlepoint router.
Configure Cradlepoint Out-of-Band Management
  1. Once you have established an SSH connection to the router’s command-line interface (CLI), use the serial command to create a console session from the Cradlepoint router to the serially-connected device.
    • If you are using a 1-to-4 USB-to-Serial adapter, use the serial # command format to initiate a serial connection to a specific client device. For example, to connect serially to a device connected to the third port of USB-to-Serial adapter, use serial 3.
  2. After the session is established, you have access to the console of your device.
Configure Cradlepoint Out-of-Band Management
  1. To exit the session, use either of the following commands:
  • Use CTRL + W to break the connection to the device, but keep the SSH session up
  • Use CTRL + Q to break the connection to the device and end the SSH session

Return to Top

Console Cable Connection (CBA850 only)

The CBA850 router has a console port for Out of Band Management (OOBM) of third-party devices. Using console access from a CBA850 to the CLI of a third-party router/firewall requires the following:

  • An SSH Client installed on your computer (e.g PuTTY)
  • A Public Static/Dynamic IP address with your ISP
  • A router/firewall with a console port

NOTE: The CBA850 console port requires the use of a rollover cable or adapter.

  1. Open your SSH Client (PuTTY, in this example) and type the public IP address for the CBA850 in the Host Name (or IP Address) field.
  2. Select SSH for the Connection type.
Configure Cradlepoint Out-of-Band Management
  1. Click the Open button to establish an SSH connection to the CBA850.
  2. Type the serial command.
  3. At the CBA850’s command line, prompt to start a session from the CBA850 to the device connected to the console port of the CBA850.
Note: Out of Band Management with the console port allows only one connection at a time.
Configure Cradlepoint Out-of-Band Management

Return to Top

Telnet-to-Serial (Direct Connection)

IMPORTANT: Cradlepoint recommends using the SSH-to-Serial connection method whenever possible because it is encrypted and requires a username and password. Cradlepoint does not recommend using Telnet-to-serial access unless the device is on a private network and is not accessible from the Internet.

  1. Open your SSH client software (PuTTY, in this example) and type in the public IP address for the Cradlepoint router in the Host Name (or IP Address) field.
Note: The WAN connection will not work unless WAN is enabled within the router’s system settings (SYSTEM Serial Redirector Telnet to Serial Configuration area).
  1. Type the Telnet port number in the Port field. This port number is listed on the router’s SYSTEM Serial Redirector > Telnet to Serial Configuration area in the Server Port field.
  2. Select Telnet for the Connection type.
Place 1601_FW6_img5.png here
  1. Click the Open button to establish the Telnet session and interact directly with your hardware connected to the Cradlepoint router.
Place 1601_FW6_img6.png here

SSH Hopping

Users are able to SSH into any device on either the WAN or LAN that is running an SSH Server.

  • Configurable Options: Port, login name, data compression, session ciphers
Supported ciphers
  • aes256-ctr
  • aes192-ctr
  • aes128-ctr
  • aes256-cbc
  • aes192-cbc
  • aes128-cbc
  • 3des-cbc
  • blowfish-cbc
Client uses the below ciphers by default for PCI-Compliance:
  • aes256-ctr
  • aes192-ctr
  • aes128-ctr

Required arguments: Hostname (either the hostname or a [email protected] pair)
Optional arguments:

  • -v Debug level. May be specified up to 3 times (-v, -vv, -vvv).
  • -C Requests compression of all data.
  • -1 Force ssh to try protocol version 1 only.
  • -2 Force ssh to try protocol version 2 only.
  • -l Specifies login name.
  • -p Specifies port.
  • -c Comma separated list of ciphers (e.g. aes256-ctr, aes192-ctr, aes128-ctr).
Place 1601_FW6_img8.png here

Important considerations:

  • When prompted if you trust the host key, make sure to type “yes” and not “y.”
  • Only one session can be active at the a time. If a new session is opened (if the device is accessed by a different method, or by a second user) before the original one is stopped, you may receive garbled feedback.

Return to Top

Create an OOBM Connection Profile

This section provides the steps necessary to create and use OOBM connection profiles.

  1. From the Devices dashboard, select the router and then click the Remote Connect menu.
Remote Connect menu
  1. Click Add/Edit for Out of Band Manager.
  2. From the Remote Connect screen, click the Add button in the Out of Band Manager area.
  3. On the Add Serial Profile dialog do the following:
    1. Type a name for the connection profile in the Name field.
    2. Select the serial port that the connection will use, from the Serial drop-down box.
    3. Click the Save button to save the OOBM connection profile.
Configure Cradlepoint Out-of-Band Management

Return to Top

Use an OOBM Connection Profile

OOBM Connection Profiles can be accessed and used with either of the following methods:

  1. From the Remote Connect menu, select the profile from the Out of Band Manager area in the Remote Connect menu.
Remote Connect menu
  1. From the Remote Connect screen, click the Connect button next to the profile.
Remote connect - Connect screen

Return to Top


If you are experiencing issues using OOBM, try the following troubleshooting tips:

  • Reseat the connectors.
  • Disable/re-enable the Serial Redirect feature on the Cradlepoint router.
  • Ensure you are able to access your device’s console directly through the USB-to-Serial adapter.
  • Check the RS232 settings on your device and make sure they match.
  • Reboot the hardware, including the Cradlepoint router and its client serial device.

For More Information: