manualshive.com logo in svg

Cradlepoint COR IBR350, Manual

Share
Download
Cradlepoint COR IBR350 Manual Download Page 107

ResponderMode

: When enabled, the router will not initiate negotiation with peers, otherwise start negotiations as soon as possible.

LocalIdentity

: Specifies the identifier sent to the remote host during phase 1 negotiation. If left blank it will default to the IP address of the WAN

connection. Currently we only support identifiers in the form of an IP address, a user-fully qualified domain name ([email protected]) or just a
fully qualified domain name (www.mydomain.com). If the remote side of the tunnel is configured to expect an identifier, then both must match in
order for the negotiation to succeed. If NAT-T is being used, a single word (instead of an address) can be used if a DynDNS connection is not being
used.

RemoteIdentity

: Specifies the identifier we expect to receive from the remote host during phase 1 negotiation. If no identifier is defined then no

verification of the remote peer’s identification will be done. Currently we only support identifiers in the form of an IP address, a user-fully qualified
domain name ([email protected]) or just a fully qualified domain name (www.mydomain.com). If left blank we will default to the IP address of
the WAN connection. If NAT-T is being used, a single word (instead of an address) can be used if a DynDNS connection is not being used.

AuthenticationMode

: Select from

Pre-SharedKey

and

Certificate

.

Pre-SharedKey

is used when there is a single key common to both ends

of the VPN.

Certificate

requires the creation of a set of certificates and a private key that can be uploaded to the router. Select

EnableCertificate

Support

in the

GlobalVPN Settings

section to upload a single set of certificates for the router to use.

Pre-SharedKey

: Create a password or key. The routers on both sides of the tunnel must use this same key.

Mode

:

Tunnel

or

Transport

.

TunnelMode

is used for protecting traffic between different networks, when traffic must pass through an intermediate,

untrusted network.

TransportMode

is used for end-to-end communications (for example, for communications between a client and a server).

InitiationMode

:

AlwaysOn

or

OnDemand

.

AlwaysOn

is used if you want the tunnel to initiate the tunnel connection whenever the WAN

becomes available. Select

OnDemand

if you want the tunnel to initiate a connection if and only if there is data traffic bound for the remote side

of the tunnel.

TunnelEnabled

: Enabled or Disabled.

MBR1200QuickConnect

: VPN tunnels in more advanced Cradlepoint devices have more choices than they did in the MBR1200, so they are more

complex to configure now. Check this box to simplify setup by streamlining your options to match the old settings from the Cradlepoint MBR1200.

Figure 136: Add/Edit VPN Tunnel Local Gateway

Add/EditTunnel–LocalGateway IP Version

: Select

IPv4

or

IPv6

.

WAN Binding

: WAN Binding is an optional parameter used to configure the VPN tunnel to ONLY operate when the specified WAN device(s) are

available and connected. An example use case is when there is a router with both a primary and failover WAN device and the tunnel should only
be used when the system has failed over to the backup connection.

Make a selection for “When,” “Condition,” and “Value” to create a WAN Binding. The condition will be in the form of these examples:

When

Condition

Value

Port

is

USB Port 1

Type

is not

WiMAX

107

Summary of Contents for COR IBR350

Page 1: ...anaged solution provides organizations the ability to scale deployments quickly and manage their distributed networks easily in real time Designed with form function in mind for the cost conscious consumer COR IBR350 is perfect to get your applications online Key Features Cloud managed for zero touch deployment and intelligent management Internal Verizon LTE modem Compact Integrated mounting holes...

Page 2: ...ctions is generic across multiple devices Therefore some details may not apply to the COR IBR350 because they are specific to another device For example CP Secure Threat Management is only available for the AER 2100 Also the configuration pages within Enterprise Cloud Manager ECM are very similar to the local router administration pages but some items are missing because they are not relevant in the...

Page 3: ...oS Routing Internet Connection Manager Client Data Usage Data Usage GRE Tunnels Network Mobility NEMO VPN Tunnels System Settings Administration Certificate Management Device Alerts Enterprise Cloud Manager Feature Licenses SNMP Configuration System Control System Software Introduction Package Contents System Requirements Specifications Hardware LEDs 3 ...

Page 4: ...ow for several power and antenna options System Requirements At least one Internet source a CradlePoint integrated 3G 4G modem with an active data plan or an Ethernet based modem Windows 2000 XP 7 8 Mac OS X or Linux computer Internet Explorer v6 0 or higher Firefox v2 0 or higher Safari v1 0 or higher or Google Chrome Specifications WAN Integrated 4G LTE modem LAN One LAN 10 100 Ethernet port PORT...

Page 5: ... platform subscription based web based GUI local management optional RADIUS or TACACS username password remote WAN web based management w access control HTTP HTTPS SNMP v1 v2c v3 CLI over SSH SSH to serial SSH to telnet API one button firmware upgrade modem configuration update and management modem data usage w alerts per client data usage custom AT scripting to modems Performance Health Monitoring ...

Page 6: ...Uplink Rates LTE 50 Mbps theoretical Frequency Bands LTE Band 4 AWS 1700 2100 MHz Band 13 700 MHz Power LTE 23 dBm 1 typical conducted Antennas two SMA male plug finger tighten only maximum torque spec is 7 kgf cm Industry Standards Certs FCC Verizon Hardware Ports LEDs ANTENNA CONNECTORS There are two antenna connectors for the integrated 3G 4G modem SMA The MAIN modem connector may have better pe...

Page 7: ...Figure 3 COR IBR350 Lights Ports Figure 4 COR IBR350 SIM Door USB Antenna Connectors 7 ...

Page 8: ...m is connecting Amber Modem is not active Blinking Amber Data connection error No modem connection possible Blinking Red Modem is in the process of resetting SIGNAL STRENGTH Blue LED bars indicate the active modem s signal strength 4 Solid Bars Strongest signal 1 Blinking Bar Weakest signal A blinking bar indicates half of a bar ADDITIONAL LED INDICATIONS The USB and modem lights turn amber and bl...

Page 9: ...d Be sure to insert the card with the notch end first and the gold contacts facing down it will click into place Figure 5 SIM Card Once you have inserted the card slide the cover closed Insert the security screw if desired 2 Attach modem antennas Attach the included modem antennas finger tight only 3 Connect to a power source The Cradlepoint COR IBR350 includes a 12VDC 1A power adapter Plug this int...

Page 10: ...figuration changes through Cradlepoint Enterprise Cloud Manager ECM without logging into the local administration pages Set up a group of routers and set the configuration for all of them at once See below for more information about ECM First Time Setup Wizard When you log in for the first time you will be automatically directed to the FIRST TIME SETUP WIZARD which will walk you through the steps to ...

Page 11: ...egistered your device go to cradlepointecm com and log in using your ECM credentials For more information about how to use Cradlepoint Enterprise Cloud Manager see the following Getting Started ECM on the Knowledge Base Navigating the Administration Pages To access the administration pages open a web browser and type the hostname cp or IP address http 192 168 0 1 into the address bar The Administr...

Page 12: ...Figure 9 Enterprise Cloud Manager Login Page Figure 10 Enterprise Cloud Manager Registration Page 12 ...

Page 13: ...erfaces This is green when there is an active WAN connection and red when there is no active WAN connection Click on the green image of signal strength bars to open a Modem Connection Quality popup window that shows the strength of your Internet signal WiFi Clients Click to view a signal strength indicator for your network WiFi Connection Strength The number listed in the orange block shows the nu...

Page 14: ...Figure 12 Router UI Figure 13 Cradlepoint logo Figure 14 Quick links 14 ...

Page 15: ...ion pages Click on the tabs along the top bar to reveal the following dropdown menus Figure 17 Admin Page Tabs NOTE These contents vary by product Not all items are shown for all products Getting Started Status Network Settings Internet System Settings Enterprise Cloud Manager Registration First Time Setup IP Passthrough Setup Client List Dashboard GPS 15 ...

Page 16: ...arted Enable fundamental functionality through these setup wizards including the First Time Setup Wizard Status Displays various types of information about your router such as a list of clients that are attached to your networks Client List the details of each Internet source your router is using Internet Connections and a map of your router s location GPS Very few changes can be made from this ta...

Page 17: ...oint devices to improve productivity increase reliability reduce costs and enhance the intelligence of your network and business operations Click here to learn more and sign up for a free 30 day ECM trial Depending on your ordering process your devices may have already been bulk loaded into ECM If so simply log in at cradlepointecm com using your ECM credentials and begin managing your devices sea...

Page 18: ...Figure 19 Enterprise Cloud Manager Login Page 18 ...

Page 19: ...rd Cradlepoint recommends that you change the router s ADMINISTRATOR PASSWORD which is used to log into the administration pages The administrator password is separate from the WiFi security password although initially the Default Password is used for both Figure 20 COR IBR350 Administrator Login Page NOTE If you plan to use your router in a PCI DSS compliant environment do not use this setting Us...

Page 20: ... the Default setting or select Manual and input a specific APN If your specific modem or SIM already has APNs programmed into it you should leave this on the Default setting After finishing this Wizard go to Internet Connection Manager select your modem and edit the settings The SIM PIN APN tab has more available settings than are provided here Modem Authentication Some modems require a username and ...

Page 21: ...nge 10 3600 seconds Monitor while connected Select from the dropdown menu Default Off Active Ping A ping request will be sent to the Ping Target If no data is received the ping request will be retried 4 times at 5 second intervals If still no data is received the device will be disconnected and failover will occur When Active Ping is selected the next line gives an estimate of data usage in this fo...

Page 22: ...devices NOTE If you are currently using the device s WiFi network reconnect to the network using the new wireless network name and security password Click APPLY to save the settings and update them to your router IP Passthrough Setup You can quickly enable IP passthrough with the IP Passthrough Setup Wizard available under Getting Started IP Passthrough Setup IP passthrough takes a 3G 4G WAN data ...

Page 23: ...k Editor under IP Settings The Subnet Selection Mode will be set to Automatically Create Subnet Network Settings WiFi Local Networks in the Local Network Editor under IP Settings this shows once IP Passthrough is set as the Routing Mode You have the option to override this and select Force 24 Subnet which forces a subnet of 255 255 255 0 and uses the first available address in the network as the ga...

Page 24: ...r is set to act as a whitelist then the address will be removed from the list of allowed clients Clients may remain visible in the Client List after being blocked but traffic for that client is blocked immediately To restore access edit the list of MAC addresses under Network Settings MAC Filter Logging Dashboard The Dashboard shows fundamental information about your router divided into the followin...

Page 25: ...Figure 27 COR IBR350 Status Dashboard Figure 28 Cradlepoint Logo 25 ...

Page 26: ...ternet source WAN has been connected IP Address Gateway DNS Servers The IP address and gateway describe your active WAN source For configuration options see Internet Connection Manager For DNS server configuration options see Network Settings DNS Local Networks Detailed Info links to Network Settings Local Networks Clients The number of current clients For each network the following information is d...

Page 27: ...gs Administration to enable GPS support Figure 30 GPS Status Map GPS information is only displayed if 1 the modem supports GPS 2 your carrier allows the GPS functionality and 3 the modem has sufficient GPS signal strength If no information is displayed check that both the modem and your carrier support GPS If GPS is supported make sure the modem is in an area where it can receive a signal from the G...

Page 28: ...nternet source for the router Select the device to see detailed information about it There is only one possible device on the IBR350 LTE Modem The information displayed varies greatly depending on the technology especially for 3G 4G modems Cradlepoint passes on the information provided by the modems which is specific to the carrier e g Verizon and technology e g LTE LTE modem example QoS View the b...

Page 29: ...Figure 32 Internet Connection Status Figure 33 Modem Status Figure 34 QoS Status 29 ...

Page 30: ... Figure 35 System Routes Static Routes displays user specified routes configured in Network Settings Routing Figure 36 Static Routes There are also tables displaying information for GRE Routes VPN Routes and NEMO Routes Configure the settings for these routes under the Internet tab Statistics The Statistics submenu option displays basic traffic statistics 30 ...

Page 31: ...past Sample rate and size can be adjusted from the dropdown boxes System Logs The router automatically logs records events of possible interest in its internal memory If there is not enough internal memory for all events logs of older events are deleted but logs of the latest events are retained The log options allow you to filter the router logs so you can easily find relevant messages This router ...

Page 32: ...Figure 39 Failover Failback Load Banlance Statistics Figure 40 System Log 32 ...

Page 33: ... tunnels Included information Name Connections Status Protocols Transferred Direction Time Online Control To set up or edit a VPN tunnel go to Internet VPN Tunnels Network Settings The Network Settings section of the Administration Pages provides access to tools for controlling the LAN Local Area Networks The Network Settings tab has the following dropdown menu items Content Filtering DHCP Server ...

Page 34: ...Figure 41 VPN Tunnel Status 34 ...

Page 35: ...ks The highest priority rule will have precedence when there is a conflict Addresses can be added by URL Domain name or by IP address Exceptions to existing rules can be created by adding another rule with higher priority For example if access to espn go com is desired but go com is blocked with a priority of 50 the addition of an Allow rule for espn go com with a priority of 51 or greater will all...

Page 36: ...gs together with Network WebFilter Rules to control website access All of your networks are set to allow website access by default Select a network and click Edit to change the default filter settings Figure 45 Change Default Network Filter Settings Default Action Select from the following dropdown options Allow Access default Block Access When a network is set to Allow Access it will allow access ...

Page 37: ...ebFilters Editor See the Network WebFilter Rules section above for more configuration details MAC Address WebFilter Defaults Figure 48 MAC Address WebFiler Defaults Use MAC Address WebFilter Defaults together with MAC Address WebFilter Rules to control website access for specific MAC addresses By default each MAC address is allowed website access Click Add Edit to change this setting for a MAC addre...

Page 38: ...lla WebFiltering Force All DNS Requests To Router Enabling this will redirect all DNS requests from LAN clients to the router s DNS server This will allow the router even more control over IP Addresses even when the client might have their own DNS servers statically set OpenDNS ISP Filter Bypass Algorithm It is possible that your Internet Service Provider ISP uses the port that OpenDNS is configure...

Page 39: ...ut the information to reserve an IP address Hostname Hardware Addr IP Addr it is much simpler to select a device under the Active Leases section and click Reserve The selected device s information will automatically be added under Reservations DNS DNS or Domain Name System is a naming system that translates between domain names www cradlepoint com for example and Internet IP addresses 206 207 82 1...

Page 40: ...router even more control over IP addresses even when clients have their own DNS servers statically set Dynamic DNS Configuration The Dynamic DNS feature allows you to host a server Web FTP etc using a domain name that you have purchased www yourname com with your dynamically assigned IP address Most broadband Internet Service Providers assign dynamic changing IP addresses When you use a Dynamic DNS...

Page 41: ...red in this field You may find out what your external IP address is by going to in a web browser Known Hosts Configuration The Known Hosts Configuration feature allows you to map a name printer scanner laptop etc to an IP address of a device on the network This assigns a new hostname that can be used to conveniently identify a device within the network such as an office printer Figure 55 Known Host Confi...

Page 42: ...figuration Port Forwarding Rules Network Prefix Translation DMZ DeMilitarized Zone Remote Admin Access Application Gateways Firewall Options Zone Firewall Port Forwarding Rules A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network For example a port forwarding rule might be used to run a Web server NOTE Exercise caution when adding new rules as they ...

Page 43: ...Figure 57 Zone Firewall Settings Figure 58 Port Forwarding Rules 43 ...

Page 44: ...on is used in IPv6 networks to translate one IPv6 prefix to another IPv6 prefix translation is an experimental specification RFC 6296 trying to achieve address independence similar to NAT in IPv4 Unlike NAT however NPT is stateless and preserves the IPv6 prin ciple that each device has a routable public address But it still breaks any protocol embedding IPv6 addresses e g IPsec and is generally not r...

Page 45: ...consistent go to the Reservations section under Network Settings DHCP Server and reserve the IP address for the device Use caution when enabling the DMZ feature as it can threaten the security of your network Only use DMZ as a last resort Remote Admin Access Enable Remote Administration Access Control Selecting this option allows you to make remote administration tools available to only the specifi...

Page 46: ...Figure 62 Remote Admin Access Figure 63 Add Edit Remote Admin Access 46 ...

Page 47: ...e 64 Application Gateways Enable any of the following types of application gateways PPTP For virtual private network access using Point to Point Tunneling Protocol This is enabled by default SIP For VoIP voice over IP using Session Initiation Protocol TFTP Enables file transfer using Trivial File Transfer Protocol FTP To allow normal mode when using File Transfer Protocol This is not needed for pas...

Page 48: ...Administration and select the System Logging tab Zone Firewall A zone is a group of network interfaces By default all interfaces within a zone are allowed to initialize network communication with each other but any network traffic initialized outside of a zone to the interfaces within the zone is denied Forwardings are used to allow traffic to traverse zones Filter Policies are used to define how traffic...

Page 49: ...f a router services setup Set up This zone cannot be removed and can only be altered by router services Click Add to create a new zone Figure 67 Add Network Zone Choose a Name meaningful to you and then click on the Add button to reveal options for attaching interfaces WAN LAN or GRE to this zone LAN and GRE Interfaces Attach LAN and GRE interfaces to a zone by selecting the Config Name for those i...

Page 50: ...cal port on the router e g Modem 1 Manufacturer Select by the modem manufacturer e g Cradlepoint Inc Model Select according to the specific model of modem Type Select by type of Internet source Ethernet LTE Modem Wireless as WAN WiMAX Serial Number Select a 3G or LTE modem by the serial number MAC Address Select from a dropdown list of attached devices Unique ID Select by ID This is generated by th...

Page 51: ...The state of the connection is tracked to allow responses to traverse the zones back to the source LAN to WAN forwardings use this policy by default The policy can be removed or altered to filter the traffic flow Default Deny All is a preconfigured policy to deny all traffic initialized from one zone to be blocked to another zone WAN to LAN forwardings use this policy by default The policy can be removed...

Page 52: ...Figure 70 Add Network Filter Policy 52 ...

Page 53: ...Figure 71 Filter Rule Editer 53 ...

Page 54: ...55 255 255 0 or a single address 255 255 255 255 If you leave these values blank then all IP addresses and ports will be included IP Source and IP Destination options can be used to differentiate between the directions that packets go You could permit packets to come from particular IP addresses but then not allow packets to return to those addresses Forwardings Forwardings define how Filter Policie...

Page 55: ...erfaces Each local network can be attached to any of the following types of interfaces Ethernet VLAN For example one network might be just an isolated WiFi hotspot for guests while another might be the main network with administrative access an Ethernet port a password protected WiFi SSID and a VLAN interface Local IP Networks Local IP Networks displays the following information for each network N...

Page 56: ...Figure 74 Local IP Networks 56 ...

Page 57: ... network to be automatically disabled click here to re enable the network Name This primarily helps to identify this network during other administration tasks Hostname Default cp for Cradlepoint The hostname is the DNS name associated with the router s local area network IP address NOTE You can access the router s administration pages by typing the hostname into your browser so if you change cp to...

Page 58: ...Figure 76 IPv4 Settings Editor 58 ...

Page 59: ... click on any of the interfaces shown on the left in the Available section to move them to the Selected section on the right or highlight an interface and click the button To deselect an interface double click on an interface in the Selected section or highlight the interface and click the button If you want more interface options you must configure additional WiFi Ethernet ports and VLAN interface...

Page 60: ...Figure 77 IPv6 Settings Editor 60 ...

Page 61: ...Figure 78 Network Interface Editor 61 ...

Page 62: ...Figure 79 Local Network Access Editor 62 ...

Page 63: ...Figure 80 IPv4 DHCP Editor 63 ...

Page 64: ... autogenerate an address and start communicating on the network Clients utilize neighbor discovery protocols to ensure multiple clients on the subnet have not chosen an identical address SLAAC with DHCP Default IPv6 DHCP provides an additional client configuration method and is regularly combined with SLAAC to provide DNS servers a shortcoming in the original SLAAC specification and additional optio...

Page 65: ...Figure 82 IPv6 Network Adressing Editor 65 ...

Page 66: ...Figure 83 Multicast Proxy Editor Figure 84 Add Multicast Proxy 66 ...

Page 67: ...sts from devices attached to wired Ethernet ports IEEE 802 1X defines the encapsulations of the Extensible Authentication Protocol EAP Click Enable 802 1X to require IEEE 802 1X authorization for the Ethernet ports associated with this network Reauthentication Period EAP re authentication period in seconds Authentication settings Auth Server IP Address This is the IP address of the connected RADIUS...

Page 68: ... EACH INTERFACE SEPARATELY in order to create the desired interface options for a network You can then select these interfaces to add to a network in the Local Network Editor see above Figure 87 Local Network Interfaces Select from the following tabs Ethernet Port Configuration VLAN Interfaces Ethernet Port Configuration Ethernet Port Configuration provides the ability to control Enabled or Disabled ...

Page 69: ...create a port group that you can subsequently attach to a network in the Local Network Editor Double click on any of the Ethernet ports shown on the left in the Available section to move them to the Selected section on the right or highlight a port and click the button To deselect an Ethernet port double click on an interface in the Selected section or highlight the port and click the button VLAN ...

Page 70: ...at are connected to the router MAC addresses that you do not want to have logged addresses that you expect to be connected should be added to the Ignored MAC Addresses list You can configure the router to send an alert if a connected device has a MAC address that the router doesn t recognize Go to System Settings Device Alerts to set up these email alerts Ignored MAC Addresses This is the list of M...

Page 71: ...ad Speed and Download Speed Setting the Upload Speed and Download Speed is required to control traffic flow accurately Adjust the sliding bar to restrict the maximum upload and or download speed for the Internet source s you are using For example you might restrict the upload speed to prioritize available bandwidth for download or to reduce overall bandwidth use in order to lower costs It is recommen...

Page 72: ...o you Figure 94 WAN QoS Upload Bandwidth Upload Bandwidth Enable Upload QoS Default Enabled Deselect if you want your rule to apply to download traffic only Leave this selected to include upload restrictions with this queue Borrow Spare Bandwidth Default Enabled When this is enabled the interfaces protocols associated with this rule will borrow unused band width from other rules Disabling borrowing ...

Page 73: ...e connected WAN upload bandwidth that will be reserved for the specified traffic The maximum value is adjusted to the remaining percentage after other queues receive their share Download Priority The priority value has two different effects on traffic Higher priority traffic is handled before lower priority traffic which can lead to shorter response times Also when spare bandwidth is available it is offered t...

Page 74: ...tor The first page of the Traffic Shaping QoS Rule Editor allows you enable disable the rule name the rule specify a protocol for the rule and select a queue to associate the rule with Figure 97 QoS Traffic Shaping Rule Editor Rule Enabled Default Enabled Deselect this to disable this rule This can be useful for quickly changing configurations If both upload QoS and download QoS are disabled then the ru...

Page 75: ...his rule with your guest LAN you could input the IP address and netmask for the guest LAN here leaving the last slot 0 to allow for any user attached to the guest network Source IP Address 192 168 10 0 Source Netmask 255 255 255 0 DSCP DiffServ Differentiated Services Code Point DSCP is the successor to TOS Type of Service Use this field to select traffic based on the DSCP header in each IP packet This...

Page 76: ...Figure 99 Static Routes Figure 100 Static Route Editor 76 ...

Page 77: ...efining the IP address especially in cases when the IP address is changing Metric Set the numerical priority of the route Lower numbers have higher priority Allow Network Access Default Deselected Some static routes will need an IP Filter Rule via the Firewall to allow packets through the route without being blocked Selecting this option automatically creates this IP Filter Rule If the IP Network A...

Page 78: ...ailable Figure 101 WAN Interfaces Load Balance If this is enabled the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively Selecting Load Balance will automatically start the WAN interface and add it to the pool of WAN interfaces to use for data transfer Turning off Load Balance for an active WAN interface may require th...

Page 79: ...ime Click Edit to view configuration options for the selected device For 3G 4G modems click Control to view options to activate or update the device WAN Configuration Select a WAN interface and click on Edit to open the WAN Configuration editor The tabs available in this editor are specific to the particular WAN interface types Figure 103 WAN Configuration Editor 79 ...

Page 80: ...ill switch to the next highest priority interface available If this is not selected the router will still failover to the next highest priority interface but only after the user has attempted to get out to the Internet and failed Figure 104 IPv4 Failure Check Settings Idle Check Interval The amount of time between each check Default 30 seconds Range 10 3600 seconds Monitor while connected Default ...

Page 81: ... Check match those for IPv4 Failure Check except that the IP address for Active Ping is an IPv6 address Failback Configuration Advanced This is used to configure failback which is the ability to go back to a higher priority WAN interface if it regains connection to its network Figure 106 Failback Configuration Select the Failback Mode from the following options Usage Time Disabled Usage Fail back bas...

Page 82: ...ge or Time modes IP Overrides IP overrides allow you to override IP settings after a device s IP settings have been configured Figure 107 IP Overrides Only the fields that you fill out will be overridden Override any of the following fields IP Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server IPv6 Settings The IPv6 configuration allows you to enable and configure IPv6 for a WAN devi...

Page 83: ...to map hostnames to the IPv6 address of the host if requested If no IPv6 DNS servers are configured the system will fall back to the DNS servers provided by the IPv4 configuration Delegated Networks A delegated network is an IPv6 network that is inherently provided by or closely tied to a WAN IP configuration The IPv6 model is for each device to have end to end IP connectivity without relying on any ...

Page 84: ...is only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on your provider this may be required Prefixes specified here only take effect if those supplied by the connection are insufficient to configure your LANs Delegated IPv6 Netwo...

Page 85: ...t 6rd infrastructure that handles the IPv4 IPv6 translation within the ISP network 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network 6rd Prefix The 6rd prefix and prefix length should be supplied by your ISP IPv4 Border Router Address This address should be supplied by your ISP IPv4 Common Prefix Mask Input t...

Page 86: ...Figure 111 Modem Settings 86 ...

Page 87: ...ct to the network Not all options are available for all modems this will default to Auto if an incompatible mode is selected Auto all modes Let the modem decide which network to use Auto 3G 3G or less Let the modem decide which 2G or 3G network to use Do not attempt to connect to LTE Force LTE Connect to LTE only and do not attempt to connect to 3G or WiMAX Force WiMAX Connect to WiMAX only and do...

Page 88: ...a support technician AT Dial Script Enter the AT commands to be used in establishing a network connection Each command must be entered on a separate line All command responses must include OK except the final command response which must include CONNECT Example AT ATDT 99 2 Figure 112 SIM APN Settings SIM APN Auth Settings SIM PIN PIN number for a GSM modem with a locked SIM Authentication Protocol ...

Page 89: ...rted method Modem Activation Update Activate Reactivate or Upgrade Configuration Preferred Roaming List PRL Update Firmware Update Management Object FUMO Click the appropriate icon to start the process If the modem is connected when you start an operation the router will automatically disconnect it The router may start another modem as a failover measure When the operation is done the modem will go...

Page 90: ...Figure 115 Modem Update Activation Figure 116 Modem Update Error 90 ...

Page 91: ...e general or very specific For example you could create a rule that applies to all 3G 4G modems or a rule that only applies to an Internet source with a particular MAC address The Configuration Rules list shows all rules that you have created as well as all of the default rules These are listed in the order they will be applied The most general rules are listed at the top and the most specific rules ...

Page 92: ...Figure 118 WAN Configuration Rules 92 ...

Page 93: ...er Criteria If you are creating a new rule begin by setting the Filter Criteria Create a name for your rule and the condition for which the rule applies Rule Name Create a name meaningful to you This name is optional Make a selection for When Condition and Value to create a condition for your rule The condition will be in the form of these examples When 93 ...

Page 94: ...ut the value Once you have established the condition for your configuration rule choose from the other tabs to set the desired configuration All of the tabs have the same configuration options shown above in the WAN Configuration section i e the options for Configuration Rules are the same as they are for individual devices Client Data Usage Client Data Usage displays upload and download traffic for each...

Page 95: ...our carrier Data Usage Rules The Date Usage Rule display shows basic information for each rule you have created including rules created with a template The following information is displayed Rule Name Enabled True False Date for Rule Reset Cycle Type Daily Weekly or Monthly Cap Amount in MB Current Usage Shown as an amount in MB as a percentage of the cap and in a bar graph Click Add to configure a...

Page 96: ...Figure 122 Data Usage Rules Figure 123 Data Usage Rule Editor Page 1 96 ...

Page 97: ...n the rule will reset Shutdown WAN on Cap If selected the WAN device will shut down when the assigned usage is reached A cycle reset or a rule deletion will re enable the device Send Alert on Cap An email alert will be generated and sent when the assigned usage is reached WARNING The SMTP mail server must be configured in System Settings Device Alerts Custom Alert When checked you enable a second e...

Page 98: ...ct one of these types The rest of the rule settings options match those in the Data Usage Rules See the section above for additional information about how to configure your template usage rules Historical Data The Historical Data graph displays if you have a Data Usage Rule enabled for an active WAN device This graph shows the MB sec trend for the last day In this section you also have the ability ...

Page 99: ...Figure 127 Historical Data Usage Figure 128 Add Historical Data Usage 99 ...

Page 100: ...of a tunnel and more accurately determine if the tunnel is alive or not Click Add to configure a new GRE tunnel click Edit to make changes to an existing tunnel Add Edit Tunnel General Tunnel Name Give the tunnel a name that uniquely identifies it Tunnel Key Enables an ID key for a GRE tunnel which can be used as an identifier for mGRE Multipoint GRE Local Network This is the local side of the Glue N...

Page 101: ...Figure 130 GRE Tunnel Editor 101 ...

Page 102: ...the dropdown list You may need to manually input the value Invert WAN Binding Advanced option that inverts the meaning of WAN Binding to only establish this tunnel when the specified WAN Binding device s are NOT connected Tunnel Enabled Select to activate the tunnel Add Edit Tunnel Routes Adding routes allows you to configure what types of network traffic from the local host or hosts will be allowed t...

Page 103: ...Figure 131 GRE Tunnel Toute Editor Figure 132 Keep Alive GRE TUnnel 103 ...

Page 104: ...n continuity for every node in a mobile network as the network moves NEMO requires a service provider e g Verizon Wireless Private Network with DMNR Dynamic Mobile Network Routing Your NEMO service provider will define many of the settings for your NEMO configuration Once you have a NEMO service provider and a valid feature license add networks to the Networks Routed by NEMO section by first clicking...

Page 105: ...here must be another device usually a router that also supports IPsec on the other end IKE Internet Key Exchange is the security protocol in IPsec IKE has two phases Phase 1 and Phase 2 The router has several different security protocol options for each phase but the default selections will be sufficient for most users The VPN tunnel status page allows you to view the state of the VPN tunnels If a tu...

Page 106: ...Figure 135 Add VPN Tunnel 106 ...

Page 107: ...Enable Certificate Support in the Global VPN Settings section to upload a single set of certificates for the router to use Pre Shared Key Create a password or key The routers on both sides of the tunnel must use this same key Mode Tunnel or Transport Tunnel Mode is used for protecting traffic between different networks when traffic must pass through an intermediate untrusted network Transport Mode is use...

Page 108: ...ding to only establish this tunnel when the specified WAN Binding device s are NOT connected Figure 137 Add Edit VPN Tunnel Local Network Add Edit Tunnel Local Networks IP Version Select IPv4 or IPv6 The Network Address and the Netmask define what local devices have access to or can be accessed from the VPN tunnel NOTE the local network IP address MUST be different from the remote network IP address ...

Page 109: ...Figure 138 Add Edit VPN Tunnel Remote Gateway Figure 139 Add Edit VPN Tunnel Remote Netowrk 109 ...

Page 110: ... phases Phase 1 and Phase 2 You have the ability to distinctly configure each phase but the default settings will be sufficient for most users To set up a tunnel with a remote site you need to match your tunnel s IKE negotiation parameters with the remote site By selecting several encryption hash and DH group options you improve your chances for a successful tunnel negotiation For greatest compatibil...

Page 111: ...combinations e g 3DES with SHA2 384 512 are computationally expensive impacting WAN performance AES is as strong an encryption and performs much better than 3DES DH Groups The DH Diffie Hellman Group is a property of IKE and is used to determine the length of prime numbers associated with key generation The strength of the key generated is partially determined by the strength of the DH Group Group 5...

Page 112: ...Figure 141 Add Edit VPN Tunnel IKE Phase 2 112 ...

Page 113: ...has expired IKE will renegotiate a new set of Phase 2 keys Phase 2 has the same selection of Encryption Hash and DH Groups as Phase 1 but you are restricted to only one DH Group Phase 2 and Phase 1 selections do not have to match Add Edit Tunnel Dead Peer Detection Dead Peer Detection DPD defines how the router will detect when one end of the IPsec session loses connection while a policy is in use ...

Page 114: ... Peer Detection page set the Failback Tunnel to your primary tunnel Global VPN Settings These settings apply to all configured VPN tunnels Figure 143 Global VPN Settings Enable Certificate Support Enabling Certificate Support will allow you to load a certificate for VPN to the router Click the Upload Certificate button to browse for a certificate on a local device Disabling certificate support will no lo...

Page 115: ... that is not behind the NAT firewall must be anonymous 3 The VPN tunnel must be initiated from the side that is behind the NAT firewall System Settings The System Settings section of the Administration Pages provides access to tools for broad administrative control of the router The System Settings tab has the following dropdown menu items Administration Certificate Management Device Alerts Enterpris...

Page 116: ...an create a custom Administrator Password Advanced Security Mode When you enable Advanced Security Mode you have three different options for the Authentication Mode Local Users TACACS RADIUS Local Users Create users with administrative privileges by inputting usernames and passwords in the Advanced User Management table The default username is admin but you can edit this name or delete it once you ...

Page 117: ...Figure 145 Local User Settings Figure 146 TACACS Settings 117 ...

Page 118: ...eached within the set time possibly because the WAN is down the router will automatically fall back to using Local Users mode to prevent users from being locked out Server Address This can be either an IP address in the form of 1 2 3 4 or a DNS name in form of host domain com Only lower case letters are allowed for a DNS name Port Port 1812 is common for RADIUS servers Shared Secret System Clock E...

Page 119: ...ser timeout In the normal case when the router is connected to the Internet you don t see them at all Disable Attention LED This disables the Attention LED This will take effect at the next reboot Local Domain The local domain is used as the suffix for DNS entries of local hosts This is tied to the hostnames of DHCP clients as DHCP_HOSTNAME LOCAL_DOMAIN System Identifier This is a customizable identit...

Page 120: ...s option is disabled if you select Require Secure Connection Secure HTTPS Port Default 8443 NOTE You can restrict remote access to only specified IP addresses in Network Settings Firewall under Remote Administration Access Control Allow Remote SSH Access This will enable SSH access to the router from the Internet It is only available when SSH access is enabled in the Local Management tab Some carri...

Page 121: ...Figure 151 GPS Settings 121 ...

Page 122: ... listen query for NMEA or TAIP sentences The router must either act as a GPS server which separate clients can connect to or as a GPS client which reports to a server Set up a GPS Server or GPS Client on the device by clicking on the Add button in the appropriate table GPS Servers Use this to set up a local server Clients can connect to and receive GPS sentences from this server GPS Clients Use th...

Page 123: ...ports from multiple routers This creates a custom GPS sentence with the System ID as part of the sentence and the checksum Prepend System ID Include the router s System ID sentence with every GPS message This can be useful when a single remote client is handling GPS position reports from multiple routers This simply prepends the system id and a comma ahead of the GPS sentence Report NMEA GGA sente...

Page 124: ...the following types Report TAIP AL sentences Altitude Up Velocity Report TAIP CP sentences Compact Position Solution Report TAIP ID sentences Identification Number Report TAIP LN sentences Long Navigation Message Report TAIP PV sentences Position Velocity Solution Reporting Intervals The device sends GPS sentence reports at either a specified time interval or specified distance interval for Default T...

Page 125: ...Active Keep the GPS receiver active at all times even if no destination exists for position messages This will place additional load on the router similar to sending reports to a remote server but without consuming the network bandwidth Client Name Create a name for this client Only letters numbers and underscores are allowed Server This client must have a remote server to report to Enter a hostna...

Page 126: ...Figure 156 GPS Client Settings 126 ...

Page 127: ...rs above mean sea level 26 574 M Geoidal separation height of mean sea level above WGS 84 earth ellipsoid negative 6 0 Time in seconds since last update from differential reference stations 0138 Differential reference station ID number 47 Checksum used by program to check for transmission errors RMC GPRMC Recommended minimum specific GPS transit data Example GPRMC 225446 A 4916 45 N 12311 12 W 000 5 ...

Page 128: ...elivered SMS messages are not encrypted they are sent in full readable text over the network Figure 157 SMS Alert Settings Enable SMS support SMS support is enabled by default on the router Deselect this to disable Password By default the password is the last 8 characters of the router s MAC address i e the Default Password on the product label You can change this password to anything between 1 an...

Page 129: ...h to using the body instead SMS Commands Below is a list of supported SMS messages and the syntax format Due to security concerns the set of commands are intentionally limited to those that can configure a modem s connection but cannot lock the administrator out due to malicious modem changes Therefore if an unsolicited request adjusts the modem s configuration via SMS an administrator can still acc...

Page 130: ...into port usb1 This command returns info about the indicated modem s status The resulting data reflects the modem model number service type and connection status and values Sample response Model MC200P Service HSPA SIM Status READY RSSI 62 dbm ECIO 4 APN wwan ccs IP Addr 166 136 142 172 mreboot Reboot the modem port parameter optional Syntax password mreboot port Examples 1234 mreboot reboot the hi...

Page 131: ...x password simpin pin port Examples 1234 simpin 5678 set simpin in highest priority modem 1234 simpin 5678 usb2 set simpin in modem on port usb2 log Return a portion of the router log Syntax password log start Examples 1234 log return the first 10 items of the log items 0 through 9 1234 log 10 return items 10 through 19 of the log 1234 log 20 return items 20 through 29 of the log Sending log infor...

Page 132: ...System Logging Figure 158 System Logging Settings Logging Level Setting the log level controls which messages are stored or filtered out A log level of Debug will record the most information while a log level of Critical will only record the most urgent messages Each level includes all messages from all of the levels below it on the list e g Warning includes all Error and Critical messages as well ...

Page 133: ... Services By default router services Enterprise Cloud Manager NTP etc connect to the router via the WAN In some setups it makes sense to use the LAN instead For example if your router is used strictly for 3G 4G failover behind another router you may not want to use 3G 4G data unnecessarily Select Use LAN Gateway to set your router services to connect via the LAN Figure 159 Router Service Connectio...

Page 134: ...re 160 Import PKCS12 Format Certificates Not all Certificate Management options displayed here are currently available via the Enterprise Cloud Manager configuration pages Create Certificates Complete the following fields to create certificates locally including CA certificate authority certificates To create local certificates without sending signature requests to a third party CA first create a CA certific...

Page 135: ...Figure 161 Create PKCS12 Format Certificates 135 ...

Page 136: ...ollowing cryptographic hash functions are listed in order of increasing security More security requires more router resources MD5 SHA 128 SHA 256 Bits A greater bit size is more secure but requires more router resources Some devices do not support 2048 bits so ensure compatibility 1024 2048 Certificate Signing Request Request a certificate signature from a remote CA Using an established third party ...

Page 137: ...t for encoding data in this case X 509 certificates PEM was originally designed for encoding email PEM stands for Privacy enhanced Electronic Mail but it has never been widely used for that purpose The format is much more common for encoding digital certificates The PEM format uses Base64 and DER Distinguished Encoding Rules encoding Import Choose a certificate file in PEM format from your computer or...

Page 138: ...Figure 163 Local Certificates Figure 164 Import PEM CA Certificate 138 ...

Page 139: ...you export this file you must create a passphrase to protect it This key is required for future use of the file NOTE This article may contain links that direct you to non Cradlepoint Inc owned websites and these links are not under the control of Cradlepoint Inc or any of its representatives Cradlepoint Inc is not responsible for the content of any linked site or any link contained in a linked site ...

Page 140: ... VPN tunnel goes down Feature License Expiration Sends an alert when a feature license is about to expire Full System Log The system log has filled This alert contains the contents of the system log Recurring System Log The system log is sent periodically This alert contains all of the system events since the last recurring alert It can be scheduled for daily weekly and monthly reports Frequency Yo...

Page 141: ...Figure 168 Device Alert Configuration Figure 169 SMTP Mail Server Configuration 141 ...

Page 142: ...ts Enterprise Cloud Manager Cradlepoint Enterprise Cloud Manager ECM is a cloud based management service for configuring monitoring and organizing your Cradlepoint routers Key features include the following Group based configuration management Health monitoring of router connectivity and data usage Remote management and control of routers Historical record keeping of device logs and status Visit ecm...

Page 143: ... com Session Retry Timer How long to wait in seconds before starting a new ECM session following a connection drop or connectivity failure Note that this value is a starting point for an internal backoff timer that prevents superfluous retries during connectivity loss Unmanaged Checkin Timer How often in seconds the router checks with ECM to see if the router is remotely activated Note that this val...

Page 144: ...of SNMP SNMPv1 will configure the router to transmit with settings compatible with SNMP version 1 protocols SNMPv2c SNMP version 2c has the same features as v1 with some additional commands SNMPv2c will configure the router to use settings and data formatting compatible with SNMP version 2c SNMPv3 SNMP version 3 includes all prior features with security available SNMPv3 is the most secure setting fo...

Page 145: ...remote host will be listening for trap alerts on Default 162 System Information System information via SNMP is Read Writable by default However if a value is set here that field will become Read Only System Contact Input the email address of the system administrator System Name Input the router s hostname System Location Input the physical location of the router This is simply a string for your own...

Page 146: ...Figure 175 Device Control Figure 176 System Ping 146 ...

Page 147: ...ew firmware This is safest as settings may have changed You should back up your current settings and restore them after the new firmware is loaded Automatically check for new firmware Check for an available firmware update once a day Automatic Internet Have the router download the file and perform the upgrade with no user interaction Manual Firmware Upload Upload the router firmware from an attached com...

Page 148: ...Figure 179 Firmware System Config Restore Page 148 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands