manualshive.com logo in svg

Cradlepoint COR IBR1100 series, Manual

Share
Download
Cradlepoint COR IBR1100 series Manual Download Page 52

Exercise caution in enabling application gateways as they impact the security of your network.

Enable any of the following types of application gateways:

PPTP

: For virtual private network access using Point-to-Point Tunneling Protocol. This is enabled by default.

SIP

: For VoIP (voice over IP) using Session Initiation Protocol.

TFTP

: Enables file transfer using Trivial File Transfer Protocol.

FTP

: To allow normal mode when using File Transfer Protocol. This is not needed for passive mode. This is enabled by default.

IRC

: For Direct Client to Client (DCC) transfer when using Internet Relay Chat. You may wish to forward TCP port 113 for incoming identd (RFC 1413) requests.

Firewall Options

Anti-Spoof

: Anti-Spoof checks help protect against malicious users faking the source address in packets they transmit in order to either hide themselves or to impersonate

someone else. Once the user has spoofed their address they can launch a network attack without revealing the true source of the attack or attempt to gain access to network
services that are restricted to certain addresses.

Log Web Access

: Enable this option to create a syslog record of web (IP port 80) access. Each entry will contain the IP address of the server and the client. Note that this

may create a lot of log entries, especially on a busy network. Sending the system log to a syslog server is recommended.

To view the logs, go to 

Status 

 System Logs

. For configuration options, including syslog server setup, go to 

System Settings 

 Administration

 and select the

System Logging

 tab.

Zone Firewall

zone

 is a group of network interfaces. By default, all interfaces within a zone are allowed to initialize network communication with each other, but any network traffic

initialized outside of a zone to the interfaces within the zone is denied. Forwardings are used to allow traffic to traverse zones. Filter Policies are used to define how traffic
passing through a zone forwarding is filtered. Zones can be added, edited, or removed (except for the 

All

 and 

Router

 zone).

Zones

Create, edit, and remove zones (i.e., groups of network interfaces). Once you have defined zones, add rules to the 

Filter Policies

 and 

Forwardings

 sections to define

what traffic is allowed between zones.

CradlePoint COR IBR1100/IBR1150 –  Manual

10/13/2014

52

Summary of Contents for COR IBR1100 series

Page 1: ...treme temperatures humidity shocks vibrations dust water splash reverse polarity and transient voltage Key Features Cloud managed for zero touch deployment and intelligent management Internal 3G 4G modem with secured SIM card access and dual SIM slots LTE support for all major U S carriers and Europe international operators failover to HSPA or EVDO Software defined radio supports multiple carriers...

Page 2: ...ation pages sections is generic across multiple devices Therefore some details may not apply to the COR IBR1100 or COR IBR1150 because they are specific to another device For example CP Secure Threat Management is only available for the AER 2100 Also the configuration pages within Enterprise Cloud Manager ECM are very similar to the local router administration pages but some items are missing beca...

Page 3: ...bility NEMO NHRP Interfaces OpenVPN Tunnels coming Q4 VPN Tunnels WAN Affinity Load Balancing WiFi as WAN Bridge System Settings Administration Certificate Management Device Alerts GPIO Connector Enterprise Cloud Manager Feature Licenses Hotspot Services Serial Redirector SNMP Configuration System Control System Software Introduction Package Contents System Requirements Specifications Hardware LED...

Page 4: ...tchable 10 100 Ethernet ports one default WAN cable DSL T1 satellite Metro Ethernet WiFi as WAN Metro WiFi 2x2 MIMO N 2 4 GHz or 5 GHz 802 11 a b g n ac IBR1100 only LAN Dual band dual concurrent WiFi 802 11 a b g n ac IBR1100 only Three LAN WAN switchable 10 100 Ethernet ports two default LAN Serial console support for out of band management of a connected device PORTS Power 2 wire GPIO USB 2 0 3...

Page 5: ...vice can still detect an in view satellite 50 of the time Operational limits altitude 6000 m or velocity 100 m s either limit may be exceeded but not both Feature Details WAN Security NAT SPI ALG inbound filtering of IP addresses port blocking service filtering FTP SMTP HTTP RPL SNMP DNS ICMP NNTP POP3 SSH protocol filtering WAN ping allow ignore Redundancy and Load Balancing Failover failback wit...

Page 6: ...or UK Part 170623 003 COR 12VDC 2A locking power adapter with 0 C to 40 C temperature range includes US EU and UK plugs Part 170584 002 NOTE CradlePoint primarily recommends the extended temperature adapter because it covers the COR IBR1100 IBR1150 full temperature range of 30 C to 70 C Cost sensitive customers that intend to use the IBR1100 IBR1150 in temperature controlled office environments ca...

Page 7: ...TE HSPA EVDO Rev A Downlink Rates LTE 100 Mbps HSPA 21 1 Mbps EVDO 3 1 Mbps theoretical Uplink Rates LTE 50 Mbps HSPA 5 76 Mbps EVDO 1 8 Mbps theoretical Frequency Bands LTE Band 2 1900 MHz Band 4 AWS 1700 2100 MHz Band 5 850 MHz Band 13 700 MHz Band 17 700 MHz Band 25 1900 MHz HSPA UMTS 850 900 1900 2100 MHz AWS GSM GPRS EDGE 850 900 1800 1900 MHz CDMA EVDO Rev A 1xRTT 800 1900 MHz Power LTE 23 d...

Page 8: ...GCF CC COR IBR1100LPE GN COR IBR1150LPE GN 4G LTE HSPA EVDO generic for use on T Mobile in the U S and Rogers Bell TELUS in Canada Technology LTE HSPA EVDO Rev A Downlink Rates LTE 100 Mbps HSPA 21 1 Mbps EVDO 3 1 Mbps theoretical Uplink Rates LTE 50 Mbps HSPA 5 76 Mbps EVDO 1 8 Mbps theoretical Frequency Bands LTE Band 2 1900 MHz Band 4 AWS Band 5 850 MHz Band 13 700 MHz Band 17 700 MHz Band 25 1...

Page 9: ...Ports LEDs CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 9 ...

Page 10: ... better performance than the AUX connector so attach the better or single modem antenna to the MAIN connector if that is relevant in your setup ETHERNET PORTS By default there are two LAN Ethernet ports and one WAN Ethernet port All three of these ports are LAN WAN configurable POWER GPIO CONNECTOR This connector has four pin slots power ground input and output Connector pinout view into router re...

Page 11: ...ly unecessary the device powers on by default as soon as it receives power and it can be configured to sense vehicle ignition with a timed delay for power off RS 232 serial port This is a serial DE 9 commonly called DB 9 9 pin female connector The pins are numbered from the top right as shown here Pin Signal Type 1 RI 2 TxD 3 RxD 4 DSR 5 GND 6 DTR 7 CTS 8 RTS 9 DCD LEDs POWER Green Powered ON No L...

Page 12: ...S The USB and modem lights turn amber and blink twice to signal factory reset Two of the modem LEDs blink red in unison for 10 seconds when there is an error during firmware upgrade Quick Start Basic Setup Accessing the Administration Pages First Time Setup Wizard Using Enterprise Cloud Manager Basic Setup 1 Insert an activated SIM A wireless broadband data plan must be added to your CradlePoint C...

Page 13: ... 7 Replace the bottom SIM cover NOTE Device will not power on without cover in place 2 Attach modem WiFi GPS antennas Antennas are NOT included in the product package because of the diverse needs of customers Both the COR IBR1100 and COR IBR1150 have two connectors for 3G 4G modem antennas SMA and one connector for GPS SMA Addtionally the COR IBR1100 has two connectors for dual band dual concurren...

Page 14: ... This is a simple standard antenna setup for direct attach antennas for the COR IBR1100 We recommend experimenting with different antenna orientations to see what works best in your environment e g spreading one set of antennas out to a 45 angle Do NOT allow antennas to lie flat on top of each other See the charts below for CradlePoint s default antenna recommendations for some common networking d...

Page 15: ...age If you want to plug into a wall power outlet you ll need to purchase a separate wall power adapter choose between the extended temperature range 30 C to 70 C and standard 0 C to 40 C options Most vehicle installations will use the included direct wire power GPIO cable which can be used to enable the ignition sensing feature but there is also a car adapter option for plugging into a vehicle cig...

Page 16: ...ault Ethernet LAN ports numbered 1 2 The default WiFi network name broadcast is IBR1100 xxx where xxx is the last three characters of your router s MAC address this is the SSID on the product label To connect to the WiFi you will need to input the DEFAULT PASSWORD when prompted The DEFAULT PASSWORD is provided on the product label found on the bottom of your router NOTE The product label below is ...

Page 17: ...found on the product label It s possible and more efficient to do all your configuration changes through CradlePoint Enterprise Cloud Manager ECM without logging into the local administration pages Set up a group of routers and set the configuration for all of them at once See below for more information about ECM CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 17 ...

Page 18: ...elect GETTING STARTED on the top navigation bar and FIRST TIME SETUP in the dropdown menu Using Enterprise Cloud Manager Rapidly deploy and dynamically manage networks at geographically distributed stores and branch locations with Enterprise Cloud Manager CradlePoint s next generation management and application platform Enterprise Cloud Manager ECM integrates cloud management with your CradlePoint...

Page 19: ...ed your device go to cradlepointecm com and log in using your ECM credentials For more information about how to use CradlePoint Enterprise Cloud Manager see the following Getting Started ECM on the Knowledge Base Navigating the Administration Pages To access the administration pages open a web browser and type the hostname cp or IP address http 192 168 0 1 into the address bar The Administrator Lo...

Page 20: ...the top left corner of all the administration pages is a link to the Dashboard Status Dashboard which displays fundamental information about the router The black bar across the top provides quick access to important information and controls Internet Connection This links to Status Internet Connections where you can view in depth information about your Internet sources Click on this green dot to li...

Page 21: ...e details of each Internet source your router is using Internet Connections and a map of your router s location GPS Very few changes can be made from this tab the primary purpose is to display information Network Settings Provides configuration options for the networks or LAN created by your router For example enable a guest WiFi network WiFi Local Networks set up rules to filter websites Content ...

Page 22: ...ed into your ECM account you need to register Log into the device administration pages and go to Getting Started Enterprise Cloud Manager Registration Enter your ECM username and password and click on Register Once you have registered your device go to https cradlepointecm com and log in using your ECM credentials For more information about how to use CradlePoint Enterprise Cloud Manager see the f...

Page 23: ...istrator password is separate from the WiFi security password although initially the Default Password is used for both NOTE If you plan to use your router in a PCI DSS compliant environment do not use this setting Use the Advanced Security Mode settings under the Router Security tab in System Settings Administration instead Time Zone You can select your TIME ZONE from a dropdown list This may be n...

Page 24: ...not use 802 11n modes if WEP is enabled WiFi performance and range will be limited NONE OPEN Select this option if you do not want to activate any security features CradlePoint recommends BEST WPA2 WiFi security Try this option first and switch only if you have a device that is incompatible with WPA2 Choose a personalized WPA PASSWORD or WEP KEY This password will be used to connect devices to the...

Page 25: ...and password to be entered to authenticate with a carrier Do not fill in these fields unless you are sure your modem needs authentication Authentication Protocol Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one Select from Auto Pap Chap Username Password Configuring Failure Check It is possible for a WAN interface to go down without the ...

Page 26: ...ing you will need to input an IP address that will respond to a ping request This IP address must be an address that can be reached through your WAN connection modem Ethernet Some ISPs Carriers block certain addresses so choose an address that all of your WAN connections can use For best results select an established public IP address For example you might ping Google Public DNS at 8 8 8 8 or Leve...

Page 27: ...network All router based VPN and GRE services will be disabled The Routing Mode will be set to IP Passthrough Network Settings WiFi Local Networks in the Local Network Editor under IP Settings The Subnet Selection Mode will be set to Automatically Create Subnet Network Settings WiFi Local Networks in the Local Network Editor under IP Settings this shows once IP Passthrough is set as the Routing Mo...

Page 28: ...o transmit packets from the router to the client This rate changes automatically to match environmental conditions Distance from the router interference etc can impact this value Higher values indicate better performance Devices can still function in the network with as little as 1 Mbps 26 dBm A relative measure of wireless signal quality decibels relative to one milliwatt This expresses theoretic...

Page 29: ...OTE CP Secure Connect requires a feature license Dashboard The Dashboard shows fundamental information about your router divided into the following basic categories Router Information Internet Local Networks WiFi Networks CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 29 ...

Page 30: ...o you can click on the CradlePoint logo in the upper left hand corner to return to the Dashboard from any page Router Information Detailed Info links to System Settings Administration Product Gives the product name Serial Device serial number Firmware Gives the number of the current firmware version Build Date Year month day hours minutes seconds for the most recent firmware upgrade MAC Address Th...

Page 31: ...and Play and or DHCP To configure a network see Network Settings WiFi Local Networks WiFi Networks Detailed Info links to Network Settings WiFi Local Networks For each enabled WiFi radio 2 4 GHz and 5 GHz if available the following information is displayed WiFi Radio Channel 1 11 for 2 4 GHz 36 40 44 48 149 153 157 161 or 165 for 5 GHz Transmit Power expressed as a percentage Channel Contention Di...

Page 32: ...cation See the GPS section in System Settings Administration to enable GPS support GPS information is only displayed if 1 the modem supports GPS 2 your carrier allows the GPS functionality and 3 the modem has sufficient GPS signal strength If no information is displayed check that both the modem and your carrier support GPS If GPS is supported make sure the modem is in an area where it can receive...

Page 33: ...smit packets bytes Receive packets bytes MTU Hotspot Clients View the status of the clients that have logged in through the Hotspot Captive Portal View Hostname IP address MAC address Data Usage both IN and OUT Time Online You may revoke a client s access to the Internet by clicking the Revoke button Internet Connections CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 33 ...

Page 34: ...particular device Possible devices include Ethernet 3G 4G modem WiFi as WAN The information displayed varies greatly depending on the technology especially for 3G 4G modems CradlePoint passes on the information provided by the modems which is specific to the carrier e g Verizon and technology e g LTE Ethernet example 3G 4G modem example CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 34 ...

Page 35: ...WiFi as WAN example CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 35 ...

Page 36: ...e are also tables displaying information for GRE Routes VPN Routes and NEMO Routes Configure the settings for these routes under the Internet tab Statistics The Statistics submenu option displays basic traffic statistics Wireless Statistics View the signal strength and other wireless modem information The wireless device s signal strength will only be displayed as long as it supports Live CradlePo...

Page 37: ... received through the network Sample rate and size can be adjusted from the dropdown boxes Failover Failback Load Balance An easy way to view current connective states of the devices plugged into the router as compared to the past Sample rate and size can be adjusted from the dropdown boxes System Logs CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 37 ...

Page 38: ...ility Auto Update The logs automatically refresh whenever the router creates a new message Update Click to check for new router messages Clear Log Clear the log file Save Log This will open a dialog in your browser that will allow you to save the router s log to your computer Search Enter keywords to find specific events Level Select Deselect from the following levels to filter messages by priorit...

Page 39: ...it a WiPipe QoS rule go to Network Settings WiPipe QoS Network Settings The Network Settings section of the Administration Pages provides access to tools for controlling the LAN Local Area Networks The Network Settings tab has the following dropdown menu items Content Filtering DHCP Server DNS Firewall MAC Filter Logging Routing Routing Protocols WiFi Local Networks WiPipe QoS CradlePoint COR IBR1...

Page 40: ...o espn go com is desired but go com is blocked with a priority of 50 the addition of an Allow rule for espn go com with a priority of 51 or greater will allow access When creating rules keep in mind that some sites use multiple domains so each domain may need a rule added to produce the desired behavior NOTE Websites that use HTTPS will not be blocked by these rules You will need to use OpenDNS to...

Page 41: ...e WebFilter Rules When a network is set to Block Access it will block access to sites not specifically allowed in the WebFilter Rules Filter URLs by IP Address Default No Changing this option to Yes will cause the router to perform a DNS lookup on URL entries and the IP addresses will be appended to the appropriate block allow list This can have the side effect of being very strict sites that are ...

Page 42: ... change this setting for a MAC address Input the MAC address and default action you would like to apply to that MAC address Default Action Select from the following dropdown options Allow Access default Block Access When a network is set to Allow Access it will allow access to sites not specifically blocked in the WebFilter Rules When a network is set to Block Access it will block access to sites ...

Page 43: ... Filter Bypass Algorithm It is possible that your Internet Service Provider ISP uses the port that OpenDNS is configured to access port 53 which will prevent OpenDNS filtering If OpenDNS does not appear to be working correctly enabling this will attempt to bypass those ports when using an OpenDNS content filtering level Zscaler Zscaler is a cloud based web filtering and security provider that offe...

Page 44: ...vice and click Reserve to add the device and its IP address to the list of Reservations Reservations This is a list of devices with reserved IP addresses This reservation is almost the same as when a device has a static IP address except that the device must still request an IP address from the router The router will provide the device the same IP address every time DHCP reservations are helpful f...

Page 45: ...ng or if you have a local DNS server on your network Automatic Config Automatic or Static default Automatic Switching to Static enables you to set specific DNS servers in the Primary DNS and Secondary DNS fields Primary DNS and Secondary DNS If you choose to specify your DNS servers then enter the IP addresses of the servers you want as your primary and secondary DNS servers in these fields The DN...

Page 46: ...word fields Password Enter the password or key provided by the dynamic DNS service provider Advanced Dynamic DNS Settings Update period hours Default 576 The time between periodic updates to the dynamic DNS if your dynamic IP address has not changed The timeout period is entered in hours so valid values are from 1 to 8760 Override External IP The external IP is usually configured automatically dur...

Page 47: ...HCP Server and reserve the IP address for the device by selecting the device in the Active Leases list and clicking Reserve Firewall The router automatically provides a firewall Unless you configure the router to the contrary the router does not respond to unsolicited incoming requests on any port thereby making your LAN invisible to cyber attackers However some network applications cannot run wit...

Page 48: ...ll Port Forwarding Rules A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network For example a port forwarding rule might be used to run a Web server NOTE Exercise caution when adding new rules as they impact the security of your network Click Add to create a new port forwarding rule or select an existing rule and click Edit CradlePoint COR IBR1100...

Page 49: ...r device For example you might input 80 in the Local Port s field to open a port for a Web server on a computer within your network The Internet Port s field could then also be 80 or you could choose another port number that will be used across the Internet to access your Web server If you choose a number other than 80 for the Internet Port connections to that number will be mapped to 80 and there...

Page 50: ...ndence similar to NAT in IPv4 Unlike NAT however NPT is stateless and preserves the IPv6 principle that each device has a routable public address But it still breaks any protocol embedding IPv6 addresses e g IPsec and is generally not recommended for use by the IETF NPT can help to keep internal network ranges consistent across various IPv6 providers but it cannot be used effectively in all situat...

Page 51: ... filters IP addresses you must enable Remote Management separately System Settings Administration The services affected by this include remote HTTP HTTPS SNMP and SSH configuration tools This does not impact LAN based administration i e devices within your network still have administration access The individual remote administration services can be enabled under System Settings Administration sele...

Page 52: ...hat are restricted to certain addresses Log Web Access Enable this option to create a syslog record of web IP port 80 access Each entry will contain the IP address of the server and the client Note that this may create a lot of log entries especially on a busy network Sending the system log to a syslog server is recommended To view the logs go to Status System Logs For configuration options includ...

Page 53: ... is a special zone used to filter traffic initialized from the router e g Enterprise Cloud Manager connection or destined to the router e g SNMP as part of a router services setup Set up This zone cannot be removed and can only be altered by router services Click Add to create a new zone Choose a Name meaningful to you and then click on the Add button to reveal options for attaching interfaces WAN...

Page 54: ...evice is connected to the router Field 3 Select is is not starts with contains or ends with to create your condition Field 4 If the desired values are available select from the dropdown list You may need to manually input the value Sample zone interface assignments WAN WAN Type is Ethernet WAN Port isn t Modem 1 Filter Policies A Filter Policy is a one way filter applied to initialized network tra...

Page 55: ...hoose either Allow or Deny This is the action taken by the firewall if none of the filter policy rules match the traffic being filtered Click Add to create a new rule for this filter policy Rule Editor CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 55 ...

Page 56: ...single address 255 255 255 255 If you leave these values blank then all IP addresses and ports will be included IP Source and IP Destination options can be used to differentiate between the directions that packets go You could permit packets to come from particular IP addresses but then not allow packets to return to those addresses Forwardings Forwardings define how Filter Policies affect traffic...

Page 57: ...nel In Blacklist mode listed devices are completely blocked from local network access MAC Filter List Whitelist or Blacklist Add devices to either your whitelist or blacklist simply by inputting each device s MAC address NOTE Use caution when using the MAC Filter to avoid accidentally blocking yourself from accessing the router MAC Logging Configuration Enable MAC Logging Enabling MAC Logging will...

Page 58: ...e address range IP Network Address or IPv6 Address The IP address of the target network or host The IPv6 address field includes CIDR notation to declare a range of addresses Netmask The Netmask along with the IPv4 address defines the network the computer belongs to and which other IP addresses the computer can see in the same LAN An IP address of 192 168 0 1 along with a Netmask of 255 255 255 0 d...

Page 59: ... configure routing protocols BGP Routing OSPF Routing RIP Routing RIPNG Routing Route Maps and Filters BGP Routing The latest version of BGP Border Gateway Protocol is version 4 BGP 4 is one of the Exterior Gateway Protocols and de facto standard of Inter Domain routing protocol BGP 4 is described in RFC1771 A Border Gateway Protocol 4 BGP 4 BGP is a distance vector routing protocol and the AS Pat...

Page 60: ...o BGP with the metric type and metric set if specified filtering the routes using the given route map if specified Redistributed routes may also be filtered with distribute lists Type The type is the source of the route Select from Main Connected Static RIP and OSPF Metric Numerical priority of the route Route Map Route maps provide a means to filter and or apply actions to routes allowing policie...

Page 61: ...ber However it MUST be unique within the entire OSPF domain to the OSPF speaker bad things will happen if multiple OSPF speakers are configured with the same router ID Authentication Key Set OSPF authentication key to a simple password After setting authentication key all OSPF packets are authenticated The authentication key has a maximum length of eight characters Enabled Click to enable disable ...

Page 62: ...uter supports RIP version 2 as described in RFC2453 and RIP version 1 as described in RFC1058 RIP Editor Name Unique name of the policy Metric RIP metric is a value for distance for the network Usually RIP increments the metric when the network information is received The metric for redistributed routes is set to 1 Protocol Version RIP can be configured to send either Version 1 or Version 2 packet...

Page 63: ... set if specified filtering the routes using the given route map if specified Redistributed routes may also be filtered with distribute lists Type The type is the source of the route Select from Main Connected Static OSPF BGP Metric RIP metric is a value for distance for the network Usually RIP increments the metric when the network information is received The metric for redistributed routes is se...

Page 64: ...f specified Type The type is the source of the route Select from Main Connected Static OSPF BGP Metric RIPng metric is a value for distance for the network Usually the RIP service increments the metric when the network information is received The metric for redistributed routes is set to 1 Route Map Route maps provide a means to filter and or apply actions to routes allowing policies to be applied...

Page 65: ...ist is a user defined BGP communities attribute list The BGP community list can be used for matching or manipulating BGP communities attribute in updates The community attributes are a 32 bit number that also has some aliases internet alias for well known communities value 0 no export alias for well known communities value NO_EXPORT 0xffffff01 no advertise alias for well known communities value NO...

Page 66: ...ple networks on the router each with its own unique configuration and its own selection of interfaces Each local network can be attached to any of the following types of interfaces WiFi Ethernet VLAN For example one network might be just an isolated WiFi hotspot for guests while another might be the main network with administrative access an Ethernet port a password protected WiFi SSID and a VLAN ...

Page 67: ... LAN The Local Network Editor contains the following tabs General Settings IPv4 Settings IPv6 Settings Interfaces Access Control IPv4 DHCP IPv6 Addressing Multicast Proxy Schedule VRRP STP and Wired 802 1X General Settings Enabled Click to manually disable a network Also some settings could cause a network to be automatically disabled click here to re enable the network Name This primarily helps t...

Page 68: ... choice for users because NAT does the translation work for you Standard NAT less routing If you select Standard you must separately configure your IP addresses so that they will be publically accessible Typically you will not select this option unless you have a specific reason to bypass NAT IP Passthrough IP Passthrough passes the IP address given by a cellular modem WAN through the router to Et...

Page 69: ...rfaces Select network interfaces to attach to this network Choose from WiFi Ethernet ports and VLAN interfaces Double click on any of the interfaces shown on the left in the Available section to move them to the Selected section on the right or highlight an interface and click the button To deselect an interface double click on an interface in the Selected section or highlight the interface and cl...

Page 70: ...ngs of this network to match the intended use Simply select or deselect any of the following LAN Isolation When checked this network will NOT be allowed to communicate with other local networks UPnP Gateway Select the UPnP Universal Plug and Play option if you want to enable the UPnP Gateway service for computers on this network Admin Access When enabled users may access these administration pages...

Page 71: ...d as a Web server has a static IP address of 192 168 0 3 Another computer is designated as an FTP server with a static IP address of 192 168 0 4 The starting IP address for the DHCP server needs to be 192 168 0 5 or higher Lease Time Default 720 minutes 12 hours The lease time specifies how long DHCP enabled computers will wait before requesting a new DHCP lease Smaller values are better suited to...

Page 72: ...subnet have not chosen an identical address SLAAC with DHCP Default IPv6 DHCP provides an additional client configuration method and is regularly combined with SLAAC to provide DNS servers a shortcoming in the original SLAAC specification and additional options not supported by SLAAC By defaulting to SLAAC with DHCPv6 all IPv6 capable clients on the network should be configurable with IPv6 connect...

Page 73: ...uration By default enabling multicast proxy enables a multicast connection with devices within the LAN In rare cases additional IP address ranges need access to the multicast streams Click Add and input the IP Address and Netmask for an additional IP address range Schedule Set up a schedule for this network interface This allows an interface to be enabled or disabled during specific hours of a day...

Page 74: ...while gray represents enabled Hover over a square to reveal the hour it represents Click on the squares to toggle between black and gray In the example shown the network is enabled from 8 5 on Monday through Friday but disabled at all other times VRRP NOTE VRRP requires a feature license Go to System Settings Feature Licenses to enable this feature CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014...

Page 75: ...r will always give up ownership of the virtual IP and let a new master take over when no WAN connection is available Advertisement Interval Sets the amount of time in seconds between VRRP advertisements which communicate the router status The default of 1 second is standard Initial Virtual Router State This controls the initial VRRP failover state for this physical router choose Master or Backup T...

Page 76: ...ority Set the priority of the bridge When determining the root bridge of the spanning tree topology the bridge priority is compared first The bridge with the lowest priority value will win If you want this router to be the root bridge then set it to a value less than the default of 32768 A valid priority value is between 0 and 65535 Wired 802 1X CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 76...

Page 77: ...US server enter 00 00 00 00 00 00 and the service will try to find the MAC address from the given IP address Port 1812 is common for the authentication port Password Assigned by the RADIUS server Accounting settings Most of the accounting settings often match the authentication settings depending on whether the RADIUS server is the same for both authentication and accounting Acct Server IP Address...

Page 78: ...mary WiFi network is enabled by default while you may have enabled a second guest network when using the First Time Setup Wizard You have the ability to change the settings for either of these networks and or enable additional networks Wireless Radio Enable Disable Default Enabled Leave enabled unless you don t want any WiFi networks broadcast from your router Select a WiFi network and click Edit ...

Page 79: ...the scenes to set priorities for different types of traffic on your network For example video streams are given higher priority than print jobs since video streams need consistent throughput Enabled Whether the network is available Security Mode You have several options for selecting a security mode The mode you choose depends on the security features your wireless adapters support WPA2 Personal W...

Page 80: ...nt in most circumstances you have the ability to control Mode WAN or LAN and Link Speed Additional controls for WAN ports are available in Internet Ethernet Settings Mode WAN or LAN By default there are four LAN Local Area Network ports and one WAN Wide Area Network port Internet WAN is used as a possible source of Internet for the router Local Network LAN is for connecting a computer or similar d...

Page 81: ...ort and click the button To deselect an Ethernet port double click on an interface in the Selected section or highlight the port and click the button VLAN Interfaces A virtual local area network or VLAN functions as any other physical LAN but it enables computers and other devices to be grouped together even if they are not physically attached to the same network switch To enable a VLAN select a V...

Page 82: ...tter channel and change to it Select from Once Daily Weekly or Monthly Note that there may be a momentary WiFi disconnection while the channel changes Optimize WiFi WiMAX coexistence Shows if Smart Selection or Random Selection is chosen and the WiFi band is 2 4 GHz Setting this will lessen any possible conflict with WiFi in the 2 4 GHz band and an attached WiMAX modem If a WiMAX modem is attached...

Page 83: ...hen frame size in bytes is greater than the Fragmentation Threshold This setting should remain at its default value Setting the Fragmentation value too low may result in poor performance DTIM A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages When the wireless router has buffered broadcast or multicast messages for associated clients it sen...

Page 84: ... of Service also known as Traffic Shaping is enabled the router will control the flow of Internet traffic according to the user defined rules In other words Traffic Shaping improves performance by allowing the user to prioritize applications Enable WiPipe QoS Click on this box to open options for controlling Internet traffic You can assign maximum Upload Speed and Download Speed values and define ...

Page 85: ...ffered excess bandwidth first Upload Bandwidth This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic The maximum value is adjusted to the remaining percentage after other rules receive their share Upload Priority The priority value has two different effects on traffic Higher priority traffic is handled before lower priority traffic which can l...

Page 86: ...ic which can lead to shorter response times Also when spare bandwidth is available it is offered to higher priority queues first Move the slider to select from the following options Default Normal Lowest Lower Below Normal Normal Above Normal High Higher Highest DSCP DiffServ Tag Differentiated Services Code Point DSCP is the successor to TOS Type of Service Use this field to tag the traffic by pu...

Page 87: ...le This can be useful for quickly changing configurations If both upload QoS and download QoS are disabled then the rule will disable automatically Rule Name Create a name for the rule that is meaningful to you Protocol The protocol used by the messages TCP UDP TCP UDP or ICMP Select Any if your rule does not control a specific type of message that uses a specific protocol Queue Name Select a queu...

Page 88: ...this rule with your guest LAN you could input the IP address and netmask for the guest LAN here leaving the last slot 0 to allow for any user attached to the guest network Source IP Address 192 168 10 0 Source Netmask 255 255 255 0 DSCP DiffServ Differentiated Services Code Point DSCP is the successor to TOS Type of Service Use this field to select traffic based on the DSCP header in each IP packe...

Page 89: ...ached for failover The Ethernet is Connected while the LTE modem is Available for failover A WiFi as WAN interface is also attached and Available Load Balance If this is enabled the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively Selecting Load Balance will automatically start the WAN interface and add it to the po...

Page 90: ...alance Select to allow this device to be available for the Load Balance pool Download bandwidth Defines the default download bandwidth for use in Load Balance and QoS quality of service or traffic shaping algorithms Range 128 Kb s to 1 Gb s Upload bandwidth Defines the default upload bandwidth for use in Load Balance and QoS quality of service or traffic shaping algorithms Range 128 Kb s to 1 Gb s...

Page 91: ...e device will be disconnected and failover will occur When Active Ping is selected the next line gives an estimate of data usage in this form Active Ping could use as much as 9 3 MB of data per month This amount depends on the Idle Check Interval Off Once the link is established the router takes no action to verify that it is still up Ping IP Address If you selected Active Ping you will need to in...

Page 92: ...failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan but it may cause more interruptions in your network than Usage or Time modes IP Overrides IP overrides allow you to override IP settings after a device s IP settings have been configured Only the fields that you fill out will be overridden Overr...

Page 93: ...gs when necessary DNS Servers Each WAN device is required to connect IPv4 before connecting IPv6 Because of this DNS servers are optional as most IPv4 DNS servers will respond with AAAA records 128 bit IPv6 DNS records most commonly used to map hostnames to the IPv6 address of the host if requested If no IPv6 DNS servers are configured the system will fall back to the DNS servers provided by the I...

Page 94: ...sufficient to configure your LANs Delegated IPv6 Network Additional network available for delegation to LANs Example Configuration 6to4 Tunnel Out of the box 6to4 is the simplest mode to enable full end to end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers Primary IPv6 DNS Server optional Depending on your provider this m...

Page 95: ...le for delegation to LANs Example Configuration 6rd Tunnel IPv6 Rapid Deployment 6rd is a method of IPv6 site configuration derived from 6to4 It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 IPv6 translation within the ISP network 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 tra...

Page 96: ... You may need to check with your ISP or system administrator for this information DHCP Dynamic Host Configuration Protocol is the most common configuration Your router s Ethernet ports are automatically configured for DHCP connection DHCP automatically assigns dynamic IP addresses to devices in your networks This is preferable in most circumstances Static allows you to input a specific IP address ...

Page 97: ...y DNS Server PPPoE Username Password Password Confirm Service Auth Type None PAP or CHAP Modem Settings Not all modems will have all of the options shown below the available options are specific to the modem type CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 97 ...

Page 98: ...nable or disable the modem s auxiliary diversity antenna This should normally be left enabled GPS Signal Source Select the antenna to be used for receiving GPS coordinates Some products support a dedicated GPS antenna while others use the auxiliary diversity antenna only and some products support both Enable eHRPD Default selected Enable or disable the modem s ability to connect via eHRPD enhanced...

Page 99: ...or periods of time while these updates occur The modem may also require a reset after a modem firmware update is complete Disabled The request to update will be refused When Disconnected The request to update will only be performed when the modem is either in a disconnected state or dormant state If the modem is not in one of these states when the request is received then the router will remember ...

Page 100: ... directed to by a carrier representative If a field below is left blank that particular setting will not be changed in the modem You should only fill in fields that are required by your carrier Persist Settings If this is not checked these settings will only be in place until the router is rebooted or the modem is unplugged Active Profile Select a number from 0 5 from the dropdown list The followi...

Page 101: ...ct a different APN etc For Verizon modems only the third slot is editable Changes made here are written to the modem so a factory reset of the router will not impact these settings Update Activate a Modem Some 3G 4G modems can be updated and activated while plugged into the router Updates and activation methods vary by modem model and service provider Possible methods are PRL Update Activation and...

Page 102: ... go back to an idle state at which point the router may restart it depending on failover and failback settings NOTE Only one operation is supported at a time If you try to start the same operation on the same modem twice the UI will not report failure and the request will finish normally when the original request is done However if you try to start a different operation or use a different modem th...

Page 103: ...rticular type These can be general or very specific For example you could create a rule that applies to all 3G 4G modems or a rule that only applies to an Internet source with a particular MAC address The Configuration Rules list shows all rules that you have created as well as all of the default rules These are listed in the order they will be applied The most general rules are listed at the top ...

Page 104: ...ou This name is optional Make a selection for When Condition and Value to create a condition for your rule The condition will be in the form of these examples When Condition Value Port is USB Port 1 Type is not WiMAX When Port Select by the physical port on the router that you are plugging the modem into e g USB Port 2 Manufacturer Select by the modem manufacturer such as Sierra Wireless Model Set...

Page 105: ...or received for that client Last Traffic The names that are shown are received during a DHCP exchange If a client disconnects and reconnects with a new IP address there will be an additional entry in this list Pressing Reset Statistics will restart all counters at 0 Data Usage Data Usage Management Alerts allows you to create and manage rules that help control the data usage of a modem If you have...

Page 106: ...nabled Default Enabled Click to disable Use with Load Balancing When checked the Load Balancing feature is allowed to use the thresholds and metrics of this rule when making balance decisions This causes Load Balancing to spread the data usage between interfaces according to the assigned usage rather than bandwidth This is a best effort to keep all interfaces with these rules at a similar percenta...

Page 107: ...ert will be generated and sent when the assigned usage is reached WARNING The SMTP mail server must be configured in System Settings Device Alerts Custom Alert When checked you enable a second email to be configured for a percentage of the assigned usage Percent of Usage 1 1000 If selected a custom alert will be sent when your data usage reaches this percentage of your usage cap For example you co...

Page 108: ...cal Data graph displays if you have a Data Usage Rule enabled for an active WAN device This graph shows the MB sec trend for the last day In this section you also have the ability to change the data usage records for a connected WAN device Add Usage or Erase History You may want to add data usage to a device s record if for example you ve used the SIM or data plan with other devices that data usag...

Page 109: ...RE Multipoint GRE Local Network This is the local side of the Glue Network a network created by the administrator to form the tunnel The user creates the IP address inputted here It must be different from the IP addresses of the networks it is gluing together Choose any private IP address from the following three ranges that doesn t match either network 10 0 0 0 10 255 255 255 172 16 0 0 172 31 25...

Page 110: ... Advanced option that inverts the meaning of WAN Binding to only establish this tunnel when the specified WAN Binding device s are NOT connected Tunnel Enabled Select to activate the tunnel Add Edit Tunnel Routes Adding routes allows you to configure what types of network traffic from the local host or hosts will be allowed through the tunnel Click Add Route to configure a new route You will need ...

Page 111: ...ackup Make sure both tunnels have Keep Alive enabled 2 Choose one to be the primary tunnel Open the editor for this tunnel and make sure Tunnel Enabled is selected Then go to the Keep Alive page Under Failover Tunnel select the other tunnel you have created 3 Open the editor for the failover tunnel Make sure Tunnel Enabled is not selected On the Keep Alive page set the Failback Tunnel to your prim...

Page 112: ...s for packets received Tunnel Enabled Click to enable disable this tunnel Default Enabled Authentication More authentication options and overrides are available in the next section Username Username for user specific authorization Leave blank to disable Password Shared secret or password used to authenticate the associated Local and Remote names Redial Enabled When this is selected the tunnel will...

Page 113: ...nel can negotiate a common scheme Sometimes this negotiation fails or the implementation on one end is incompatible with the other To solve those authentication issues enable the overrides as needed Authentication Username for user specific authorization Leave blank to disable CHAP Choose from Allowed Refused or Required PAP Choose from Allowed Refused or Required Name Override names used to authe...

Page 114: ...inuity for every node in a mobile network as the network moves NEMO requires a service provider e g Verizon Wireless Private Network with DMNR Dynamic Mobile Network Routing Your NEMO service provider will define many of the settings for your NEMO configuration Once you have a NEMO service provider and a valid feature license add networks to the Networks Routed by NEMO section by first clicking Ad...

Page 115: ...ure Licenses to enable this feature Next Hop Resolution Protocol is a protocol used to discover addresses of clients on Non Broadcast Multiple Access NBMA networks It is used to create next generation VPN technologies that allow shortcutting between spokes With NHRP systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network allowing th...

Page 116: ...s You also have the option to create static mappings for this interface Click Add in the table to open the static mapping editor Protocol Address Mapped endpoint to from protocol address to NBMA address Protocol Prefix Optional prefix for protocol address NBMA Address Destination mapped address from protocol address prefix Register This optional parameter specifies that a Registration Request shou...

Page 117: ... an IPv6 Tunnel Address and Tunnel Prefix Length for IPv6 Tunnel Protocol Choose UDP or TCP Configuration Mode Simple configuration requires the least amount of configuration for the tunnel while advanced allows for a more detailed setup Ping Displays if the Configuration Mode is Advanced If no packets have been sent in the amount of time entered a ping is sent to the remote endpoint Ping Restart ...

Page 118: ...ngs Generate or upload certificates for OpenVPN If the Configuration Mode is set to Simple you have the option to set the TLS Auth Key If the Configuration Mode is set to Advanced set any of the following Root Certificate Client Certificate Client Key TLS Auth Key DH Parameters CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 118 ...

Page 119: ...end IKE Internet Key Exchange is the security protocol in IPsec IKE has two phases Phase 1 and Phase 2 The router has several different security protocol options for each phase but the default selections will be sufficient for most users The VPN tunnel status page allows you to view the state of the VPN tunnels If a tunnel fails to connect to the remote site check the System Logs for more informat...

Page 120: ...ons for example for communications between a client and a server Initiation Mode Always On or On Demand Always On is used if you want the tunnel to initiate the tunnel connection whenever the WAN becomes available Select On Demand if you want the tunnel to initiate a connection if and only if there is data traffic bound for the remote side of the tunnel Tunnel Enabled Enabled or Disabled MBR1200 Q...

Page 121: ...ny of the following an IPv4 address an IPv6 address or a fully qualified name in the form of host domain com DNS names are case insensitive so only lower case letters are allowed It is recommended that you use a dynamic DNS hostname instead of the static IP address by using the dynamic DNS hostname updates of the remote WAN IP are compensated for while connecting to a VPN tunnel Add Edit Tunnel Re...

Page 122: ...ies allowing for the identities of peers to be secure at the expense of extra packet exchanges In Aggressive mode IKE tries to combine as much information into fewer packets while maintaining security Aggressive mode is slightly faster but less secure Because it has better security Main mode is recommended for most users Key Lifetime The lifetime of the generated keys of Phase 1 of the IPsec negot...

Page 123: ...ms are listed in order by priority You can reorder this priority list by clicking and dragging algorithms up or down Any selected algorithm may be used for IKE exchange but the algorithms on the top of the list are more likely to be used more often Add Edit Tunnel IKE Phase 2 Perfect Forward Secrecy PFS Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than usi...

Page 124: ...ailover Tunnel and Failback Tunnel Use these settings to create two tunnels one as the primary tunnel and one as the backup tunnel To configure tunnel failover failback complete the following steps 1 Create two tunnels one for primary and one for backup Make sure that both tunnels have the same Remote Network and that both have Dead Peer Detection enabled 2 Choose one to be the primary tunnel Open...

Page 125: ...is behind a NAT network address translation firewall the setup of your tunnel requires the following specifications 1 Each side of the tunnel must use both a Local Identity and a Remote Identity These must match the identities on the other side The Local Identity must match the Remote Identity on the other side of the tunnel and vice versa In this case these identities can each be a simple word 2 ...

Page 126: ...lick Add to open the WAN Affinity Policy Editor and create a new WAN Affinity rule Name Give a name for your rule that is meaningful to you DSCP DiffServ Differentiated Services Code Point is the successor to TOS Type of Service Use this field to select traffic based on the DSCP header in each IP packet This field is sometimes set by latency sensitive equipment such as VoIP phones If you know spec...

Page 127: ... s statement Value If the correct values are available select from the dropdown list You may need to manually input the value Load Balance Algorithm Select the Load Balance Algorithm for this WAN Affinity rule from the following dropdown options Round Robin Evenly distribute each session to the available WAN connections Rate Distribute load based on the current upload and download rates A WAN devi...

Page 128: ...the router will connect with the highest priority network Network The name SSID or Service Set Identifier that is broadcast by the access point BSSID The numeric ID of the network Basic Service Set Identifier This parameter is required when trying to connect to a hidden network using WiFi as WAN It is optional when connecting to a visible network If it is set in a profile both the SSID and BSSID m...

Page 129: ... Connected Continue to scan for WiFi as WAN profile updates when connected Each time a scan occurs the wireless communication of the router will be temporarily interrupted Normally this should be disabled System Settings The System Settings section of the Administration Pages provides access to tools for broad administrative control of the router The System Settings tab has the following dropdown ...

Page 130: ...or Password Advanced Security Mode When you enable Advanced Security Mode you have three different options for the Authentication Mode Local Users TACACS RADIUS Local Users Create users with administrative privileges by inputting usernames and passwords in the Advanced User Management table The default username is admin but you can edit this name or delete it once you create other users you can t ...

Page 131: ...ers mode to prevent users from being locked out Authentication Service Choose from ASCII Login PAP CHAP Server Address This can be either an IP address in the form of 1 2 3 4 or a DNS name in form of host domain com Only lower case letters are allowed for a DNS name Port Port 49 is default for TACACS Shared Secret RADIUS RADIUS stands for Remote Authentication Dial In User Service The router will ...

Page 132: ... be based on when the router firmware was built which is guaranteed to be wrong Whenever the Internet connection is re established and once a week thereafter the router will ask the server for the current time so it can correct itself You then have the option of selecting an NTP server and adjusting the NTP server port Select the NTP server from the dropdown list Any of the given NTP servers will ...

Page 133: ...r you want to use The default is 443 Enable SSH Server When the router s SSH server is enabled you may access the router s command line interface CLI using the standards based SSH protocol Use the username admin and the standard system password to log in SSH Server Port Default 22 Remote Management Remote Management allows a user to enable incoming WAN pings or change settings for the router from ...

Page 134: ...nce with every data message This can be useful when a single remote client or server is handling NMEA position reports from multiple routers This creates a custom GPS sentence with the System ID as part of the sentence and the checksum Prepend System ID Include the router s System ID sentence with every GPS message This can be useful when a single remote client or server is handling GPS position r...

Page 135: ...Data Description 1753405 Time of fix 17 34 05 UTC 4916 450 N Latitude 49 deg 16 450 min North 12311 127 W Longitude 123 deg 11 127 min West 2 Fix quality 0 fix not available 1 GPS fix 2 Differential GPS fix 3 PPS fix 4 Real Time Kinematic 5 Float RTK 6 estimated dead reckoning 7 Manual input mode 8 Simulation mode 06 Number of satellites being tracked 1 5 Horizontal dilution of precision HDOP rela...

Page 136: ...d knots 010 2 K Ground speed kilometers per hour TAIP COR IBR1100 IBR1150 only The COR IBR1100 IBR1150 gives you the option to select the GPS language NMEA or TAIP The Trimble ASCII Interface Protocol TAIP was designed for vehicle tracking Selecting TAIP reveals additional options specific to the protocol Enable Vehicle ID Include a 4 character vehicle identifier Vehicle ID Assign a 4 character ID...

Page 137: ...SMS Messages are limited to 160 characters SMS is not a guaranteed delivery protocol The carriers do not guarantee that the SMS message will be delivered to the modem or that the modem s response will be delivered to the sender This means an administrator might have to send messages multiple times before the desired action is performed SMS is a slow protocol It can take seconds or up to a few minu...

Page 138: ...leave the subject blank NOTE The subject field may be limited to a certain number of characters so if you get an error when sending the command on the subject line switch to using the body instead SMS Commands Below is a list of supported SMS messages and the syntax format Due to security concerns the set of commands are intentionally limited to those that can configure a modem s connection but ca...

Page 139: ...st priority modem 1234 mstatus usb1 return status of modem plugged into port usb1 This command returns info about the indicated modem s status The resulting data reflects the modem model number service type and connection status and values Sample response Model MC200P Service HSPA SIM Status READY RSSI 62 dbm ECIO 4 APN wwan ccs IP Addr 166 136 142 172 mreboot Reboot the modem port parameter optio...

Page 140: ...onal Syntax password userpass username userpassword port Examples 1234 userpass joe mypassword set information of highest priority modem 1234 userpass joe mypassword usb3 set information on modem in port usb3 simpin Set the SIM s PIN port parameter optional Syntax password simpin pin port Examples 1234 simpin 5678 set simpin in highest priority modem 1234 simpin 5678 usb2 set simpin in modem on po...

Page 141: ...sconfigured and needs to be set Figure out the state of the modems on the router 1234 rstatus Receive the modem s status and settings 1234 mstatus Set the modem s APN to the correct setting 1234 apn broadband Verify the APN was set properly 1234 mstatus Continue to verify the status periodically to ensure that the modem connects 1234 rstatus System Logging Logging Level Setting the log level contr...

Page 142: ...a Verbose modem logging Only enable this option if instructed by a CradlePoint support agent Create support log This functionality allows for a quick collection of system logging Create this log file when instructed by a CradlePoint support agent Router Services By default router services Enterprise Cloud Manager NTP etc connect to the router via the WAN In some setups it makes sense to use the LA...

Page 143: ...e the ability to create manage sign and import export X 509 certificates frequently referred to as SSL certificates under Network Settings Certificate Management Our implementation integrates an OpenSSL toolkit solution It includes the abiility to create your own CA certificates and self signed certificates For background information on digital certificates see the following Wikipedia articles Pub...

Page 144: ...cates without sending signature requests to a third party CA first create a CA certificate with this interface and then create additional certificates that you sign with your CA Step 1 Create a CA certificate In the Issuer section select Set as CA certificate Step 2 Create additional certificates In the Issuer section select Sign with CA certificate and then select the CA certificate you created i...

Page 145: ...a CA Sign with CA certificate Select to sign this certificate with a CA you created previously Certificate Name Select your CA certificate from the dropdown list of local certificates Subject Country Name 2 letter country code e g AU UK US State or Province Name The name of your state or region CradlePoint COR IBR1100 IBR1150 Manual 10 13 2014 145 ...

Page 146: ... Signing Request Request a certificate signature from a remote CA Using an established third party CA increases the likelihood that your certificate will be trusted by others see security issues for self signed certificates for more information Generate a certificate signing request CSR by selecting a certificate from the dropdown list Name field and downloading the CSR The CSR can then be sent to...

Page 147: ...is a container format for encoding data in this case X 509 certificates PEM was originally designed for encoding email PEM stands for Privacy enhanced Electronic Mail but it has never been widely used for that purpose The format is much more common for encoding digital certificates The PEM format uses Base64 and DER Distinguished Encoding Rules encoding Import Choose a certificate file in PEM form...

Page 148: ...mat When you export this file you must create a passphrase to protect it This key is required for future use of the file NOTE This article may contain links that direct you to non CradlePoint Inc owned websites and these links are not under the control of CradlePoint Inc or any of its representatives CradlePoint Inc is not responsible for the content of any linked site or any link contained in a l...

Page 149: ...ert when a VPN tunnel goes down Feature License Expiration Sends an alert when a feature license is about to expire Full System Log The system log has filled This alert contains the contents of the system log Recurring System Log The system log is sent periodically This alert contains all of the system events since the last recurring alert It can be scheduled for daily weekly and monthly reports F...

Page 150: ... attempts GPIO Connector The power connector includes two pins defined for general purpose input and output These pins are ESD protected The input tolerance varies between products see the chart below This diagram shows the connector pinout This is the view into the router or the rear view of the cable connector Pin Definition COR IBR11x0 COR IBR6x0 Wire Color 1 Ground Black 2 Power 9 36 V DC 9 18...

Page 151: ...d then shut off e g WiFi stays on for an hour during lunch stops Output Pin The Output Pin can be used to allow an external device to read either whether the router is running or whether the modem is connected Current Value Displays HIGH LOW or IGNORED Output Mode Select one of the following options from the dropdown menu Default Low In this mode the output pin is not used and is at 0V ground pote...

Page 152: ...s unchecked the ECM client will never attempt to contact the server Default Enabled Server Host Port The DNS hostname and port number for your ECM server Default stream cradlepoint com Session Retry Timer How long to wait in seconds before starting a new ECM session following a connection drop or connectivity failure Note that this value is a starting point for an internal backoff timer that preve...

Page 153: ...ttings WiFi Local Networks and click Edit to open the Local Network Editor The IP Settings tab will already be open The Routing Mode dropdown menu is at the bottom Allow Service on 3G 4G Modems Allows you to enable or disable hotspot access to the Internet over a modem This is often used if the router has a main wired link and a secondary modem for failover typically with a more expensive limited ...

Page 154: ...strator defined URL Redirect URL If you have chosen to send users to an administrator defined URL you will need to specify the address Session Timeout Default 60 minutes The amount of time the user may use the router before being forced to authenticate again Idle Timeout Default 15 minutes If the user is idle for this amount of time make them re authenticate Bandwidth upload Default 512 Kbits sec ...

Page 155: ...rwritten by the RADIUS server Idle Timeout Default 15 minutes If the user is idle for this amount of time make them re authenticate Bandwidth upload Default 512 Kbits sec The data rate limit for users uploading data through the hotspot Bandwidth download Default 1024 Kbits sec The data rate limit for users downloading data through the hotspot UAM Settings Login URL Assigned by UAM service Splash P...

Page 156: ...nal domain or website prior to being authenticated For example a hotel might allow access to its own website prior to authentication Click Add to enter new hostnames you wish to allow Enter the hostname or domain name of the website you wish to allow e g www company com or company com To allow all domain and sub domain options use a wildcard e g company com Click Submit to save your additions Auth...

Page 157: ...erver Port Enter a port number for the redirector to use Default 7218 USB Serial Adapter Configuration Baud Rate Select from the dropdown list 50 75 110 134 150 200 300 600 1200 1800 2400 4800 9600 19200 Byte Size The number of bits in a byte Select from 5 6 7 and 8 Parity Change this value to enable parity bit checking Select from the following dropdown options None No parity checking Default Eve...

Page 158: ...SNMP on WAN will make SNMP services available to the WAN interfaces of the router WAN port Use the WAN port field to configure which publicly accessible port you wish to make SNMP services available on Default 161 SNMPv1 SNMP version 1 is the most basic version of SNMP SNMPv1 will configure the router to transmit with settings compatible with SNMP version 1 protocols SNMPv2c SNMP version 2c has th...

Page 159: ... server community and port for trap notifications Trap notifications are returned to the server with SNMPv1 Trap community string The trap notifications will be returned to the trap server using this SNMPv1 trap community name Address for trap server Enter the address of the host system that you want trap alerts sent to Trap server port Enter the port number that the remote host will be listening ...

Page 160: ...outer to automatically restart when it determines an unrecoverable error condition has occurred Ping Test A simple test to check Internet connectivity Type the Hostname or IP address of the computer you want to ping and press Enter or click the Ping button System Software This allows the administrator to load new firmware onto the router to add new features or fix defects If you are happy with the...

Page 161: ... the new firmware is loaded Automatically check for new firmware Check for an available firmware update once a day Automatic Internet Have the router download the file and perform the upgrade with no user interaction Manual Firmware Upload Upload the router firmware from an attached computer Go to cradlepoint com firmware to download the firmware System Config Save Restore Backup Current Settings ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands