Call Us at 888-550-8728

Series 3 FW v6.0 and newer: Command Line Interface (CLI) Overview

Products Supported: AER31x0, AER2100, MBR1400, MBR1200B, CBA850, CBA750B, IBR350, IBR6x0, IBR11x0. 


The Cradlepoint router CLI is a captive text-based interface for configuring, managing, and debugging Cradlepoint routers.

This document provides an overview of Cradlepoint’s Command Line Interface (CLI) feature available in Series 3 Cradlepoint routers.


Prompt (or Command Prompt): The input field at the bottom of the CLI interface. This is where “commands” and “arguments” are entered into the system.

Command: A “command” is a single word instruction for the router to process. It is sent to the router as the first word entered at the “Command Prompt”.

Argument: An argument refers to the text that follows the command. Most commands have optional arguments that control in influence the way the command will run. Arguments for each command can typically be discovered by running the command with the “–help” argument or by running “help COMMAND”.


Configuration Difficulty: Intermediate

Enabling SSH Server to use the CLI

Note: By default local SSH is enabled by default. These instructions are only needed for situations where you may have previously disabled SSH access.

  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Click on System then Administration from the navigation menu.
  • Step 3: Click on Local Management.
  • Step 4: Place a checkmark in the box next to Enable SSH Server.
    • The SSH Server Port can be changed away from the default SSH port of 22 to a port of your choosing. This is highly recommended for any situation where Remote SSH will be enabled.
  • Step 5: Click Save.

Optional: Enable Remote SSH Access

  • Step 6: Click on Remote Admin from the navigation menu.
  • Step 7: Place a checkmark next to Allow Remote SSH Access.
  • Step 8: Click Save.

Accessing the CLI

Connecting a Client Computer to the Cradlepoint’s SSH Server

CradlePoint Series 3 routers are designed to support standards-based SSH-2 clients. Many modern operating systems (such as GNU/Linux or Apple OSX) include an SSH client that can be run directly from the computer’s terminal prompt. For these platforms simply locate and execute the Terminal software of your preference, then run the “ssh” command with the username and password of the router:

ssh admin@

For Microsoft Windows computers, we recommend using the free and well-supported PuTTY SSH client, available here.

User-added image

See the PuTTY web page and application help for details on making SSH connections. The only details you should need to provide are the username, password and IP address of the router. The default username is always “admin” as shown above.

User-added image

Connecting to Cradlepoint’s SSH Server console through the UI
  • Step 1: Log into the router’s Setup Page. For help with logging in please click here.
  • Step 2: Click on System, then System Control, and then Device Options.
  • ​​Step 3: Click on the Device Console button. The device console will open up in a new window.

User-added image

User-added image

Connecting to Cradlepoint’s SSH Server console through ECM
  • Step 1: Log into For additional information on ECM, please click here.
  • Step 2: After logging into ECM, click on the Devices tab on the left then select the router you would like to console into on the right.

​          User-added image

  • Step 3: Once the router is selected, click on Commands then Console and this will open up another window as shown below.

​          User-added image
User-added image

  • Note:  CLI Session History can be saved by clicking the checkmark in the menu bar of the Console Session.

CLI Usage

Once you successfully login you will see a command prompt similar to this:

[admin@MBR1400-301: /]$

This shows you your username (admin), the system ID (MBR1400-301 in this case), and the current working directory (/). The working directory is important for many commands, as it represents the “ConfigStore” context for many commands, as shown below.

Navigating Using the CLI

An important part of a command line shell is the notion of a hierarchical file system which is usually backed by a tree structure of directories and files on a hard disk or SSD storage device. In the case of Cradlepoint routers, this file system hierarchy is backed by the routers configuration, status and control system known as the “ConfigStore”.

The ConfigStore is like the central nervous system for the router and acts as a live interactive portal to the routers current state and configuration settings. We will expand on this thought as we move forward, but try to remember that the files and directories that we talk about are live elements of the router. Any changes to those files and directories will result in immediate application and proliferation through the routers internal subsystems. Likewise, when viewing the contents of files, you will always be presented with the most current data.

Basic navigation commands:

|Command|Action|Explanation| |—|—|—| |ls|list|Lists the directories and files| |cd|change directory|changes to the specified directory| |get|get|gets the values of the directories and files|

When you first log in your current working directory will be the “root” directory (/).

[admin@MBR1400-301: /]$

The “ls” command lists the directories and files in your current working directory. Running the “ls” command from the “root” directory returns the “control/, status/, and “config/” directories.

[admin@MBR1400-301: /]$ ls 
control/           status/            config/ 

You can change the working directory using the “cd” command, followed by the directory to change to. Running “cd config” changes the current working directory to “config/”. Notice that the prompt now shows that the current working configuration is now “/config/”

[admin@MBR1400-301: /]$ cd config
[admin@MBR1400-301: /config]$

If you run the “ls” command from the config/ directory, you will see all the directories and files in the “config/” directory.

[admin@MBR1400-301: /config]$ ls
ethernet/  wan/       lan/       shell/     qos/       dns/      
firewall/  failover/  alerts/    system/    hotspot/   wwan/     
gre/       routing/   dhcpd/     webfilter/ wlan/      vpn/      

Like before, you may use the “cd” command to change the current working directory. Typing “cd system” changes the current working directory to “config/system/”.

[admin@MBR1400-301: /config]$ cd system

[admin@MBR1400-301: /config/system]$ ls
mac_monitor/          local_domain          timezone             
at_passthrough_proxy/ serial/               upnp/                
ui_activated          snmp/                 first_boot           
dyndns/               system_id             email/               
gps/                  users/                power/               
ntp/                  pci_dss               wipc/                
qxdmproxy/            logging/              admin/               
watchdog/             disable_leds          reboot_schedule/     

The “get” command by itself may be used to return the values of all files in the current working directory. The “get” command followed by a filename or directory will return only the values for that location.

The “config/system/dstenabled” file represents whether daylight savings time has been enabled in the router. Using the command “get dstenabled” we can find whether daylight savings time is enabled.

[admin@MBR1400-301: /config/system]$ get dst_enabled

To change to the parent directory use the special “..” path. Each directory path must be separated with “/” character. To go up two levels, for example, you would type “cd ../..”.

For example:

[admin@MBR1400-301: /config/system/logging/]$ cd ..
[admin@MBR1400-301: /config/system/]$ cd ../..
[admin@MBR1400-301: /]$

The command line interface supports “tab-completion” ( which can reduce the number of key strokes required to enter a command name or path name. To use this feature simply type the first part of a command or path name and hit the tab key to complete the word. If the word is not unique you can hit the tab key twice to see a list of conflicts.


To see a complete list of commands type “help”. To get detailed help about a specific command simply run “help COMMAND” such as “help ls”. Here is an incomplete list of some basic and important commands:

|Command|Description| |—|—| |wan|Show and configure wan devices. Detailed information about a wan can be obtained by providing the UID of the wan device as the first argument| |lan|Show the current LAN configuration and status| |wireless|Show status of all Access Points on the router and connected wireless clients| |get|Get value for config item(s)| |set|Set a value to a config item| |delete|Delete an item from the config| |inspect|Show the data type definitions for a config path. This is useful for learning the requirements of a particular config resource| |log|Show and search through the system log| |passwd|Changes your password| |factory_reset|Reset the config to factory defaults. Use with caution|

Reading and Writing Values

The “get” and “set” commands are used to read and write values to the router’s ConfigStore. The format for all these values is JSON ( Because the file system in the CLI is also the ConfigStore, you can run “get” on the entire ConfigStore if desired. For example if you run “get” from the root directory you will see the complete contents of the routers ConfigStore. The “get”, “set”, “append”, and “delete” commands all take the current working directory into consideration, so the argument that follows the command should be the path within or with reference to the current directory. Use the “ls” command to view the contents of the current directory when in doubt.

Here are a few examples that illustrate the multiple ways in which you can view the contents of the system.

We can run the get and ls command from any directory we want if we use an absolute path as the argument. An absolute path is any path that begins with a “/” character; this indicates that the path begins at the root directory.

[admin@MBR1400-301: /]$ get /config/system/logging/level

[admin@MBR1400-301: /]$ ls /config/system/logging   
console        level          firewall       enabled       
max_logs       modem_debug    remoteLogging/

Alternatively, we can change our current working directory to the location of interest and run the commands from there.

[admin@MBR1400-301: /]$ cd /config/system/logging/
[admin@MBR1400-301: /config/system/logging]$ ls
console        level          firewall       enabled       
max_logs       modem_debug    remoteLogging/

[admin@MBR1400-301: /config/system/logging]$ get level

The “.” path name refers to the current working directory which can also be used as an argument to the get command. You will notice the output is very similar to the ls commands output, but is formatted as JSON and includes the contents of the sub-directories too.

[admin@MBR1400-301: /config/system/logging]$ get .
    "console": false,
    "enabled": true,
    "firewall": false,
    "level": "info",
    "max_logs": 1000,
    "modem_debug": false,
    "remoteLogging": {
        "enabled": false,
        "system_id": false,
        "utf8_bom": true

If we change to the parent directory we can run the get command again but this time we must provide the relative path to the item we would like to see.

[admin@MBR1400-301: /config/system/logging]$ cd ..
[admin@MBR1400-301: /config/system]$ get logging/level

From those examples we can see that the log level is set to “info” which means only messages of informational priority or higher will be stored in the system log. Let’s say that we want to change this value to something else. We can use the “inspect” command to see what the valid values for this config setting are and then use the “set” command to update the value.

[admin@MBR1400-301: /]$ cd /config/system/logging/    

[admin@MBR1400-301: /config/system/logging]$ inspect level
Path: /config/system/logging/level
Name   Type     Current value   Default Value   Options
level  select   info            info            debug, info, warning, error, critical

We can now see that the default value is “info” and the available options include a “debug” value which we want to set the router to use. Just to verify that the current value is indeed set to “info” we run the get command prior to our change.

[admin@MBR1400-301: /config/system/logging]$ get level

Now we simply run the “set” command with the new value. Remember this value MUST be valid JSON (, so in this case the string value will be encapsulated in double quotes.

[admin@MBR1400-301: /config/system/logging]$ set level "debug"

Running the “get” command again verifies that the change was indeed accepted.

[admin@MBR1400-301: /config/system/logging]$ get level

As a short example of the internal error handling, we can purposely enter invalid values to test the systems validation procedures.

[admin@MBR1400-301: /config/system/logging]$ set level 3.14
Error: invalid value (3.14) at: ['config', 'system', 'logging', 'level']
Reason: invalid option

[admin@MBR1400-301: /config/system/logging]$ set level __not_json__
Invalid value: No JSON object could be decoded

[admin@MBR1400-301: /config/system/logging]$ set level "not_an_option" 
Error: invalid value (not_an_option) at: ['config', 'system', 'logging', 'level']
Reason: invalid option

Category: Cradlepoint Series 3

← FAQs
Secured By miniOrange