manualshive.com logo in svg

Cradlepoint COR IBR600, Product Manual

The Cradlepoint COR IBR600 is a versatile and reliable networking solution that keeps you connected on the go. Need help setting it up? Look no further! Download your free Product Manual, packed with instructions and troubleshooting tips, exclusively from our website.

Share
Download
background image

  

 

Summary of Contents for COR IBR600

Page 1: ......

Page 2: ...12 Updated for Firmware version 3 5 1 Jeremy Cramer 1 2 June 6 2012 Updated for Firmware version 3 6 1 Jeremy Cramer 1 3 July 23 2012 Updated for Firmware version 3 6 3 updated module information for HSPA LTE HSPA Jeremy Cramer 2 0 Sept 19 2012 Updated for Firmware version 4 0 2 Jeremy Cramer 2 1 Jan 15 2013 Updated for Firmware version 4 1 1 Jeremy Cramer 2 2 Feb 26 2013 Updated for Firmware vers...

Page 3: ...Inc in the United States and other countries All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies Copyright 2013 by CradlePoint Inc All rights reserved This publication may not be reproduced in whole or in part without prior expressed written consent by CradlePoint Inc ...

Page 4: ...4 CONFIGURATION PAGES 30 4 5 ENTERPRISE CLOUD MANAGER REGISTRATION 32 4 6 IP PASSTHROUGH SETUP 33 5 STATUS 34 5 1 CLIENT LIST 35 5 2 CP CONNECT 37 5 3 DASHBOARD 38 5 4 GPS 41 5 5 GRE TUNNELS 42 5 6 HOTSPOT CLIENTS IBR600 43 5 7 INTERNET CONNECTIONS 44 5 8 ROUTING 54 5 9 STATISTICS 55 5 10 SYSTEM LOGS 58 5 11 VPN TUNNELS 59 5 12 WIPIPE QOS 60 6 NETWORK SETTINGS 61 6 1 CONTENT FILTERING 62 6 2 DHCP ...

Page 5: ...NELS 167 7 10 WIFI AS WAN BRIDGE IBR600 179 7 11 WAN AFFINITY LOAD BALANCING 184 8 SYSTEM SETTINGS 188 8 1 ADMINISTRATION 189 8 2 DEVICE ALERTS 208 8 3 GPIO CONNECTOR 211 8 4 ENTERPRISE CLOUD MANAGER 213 8 5 FEATURE LICENSES 215 8 6 HOTSPOT SERVICES IBR600 216 8 7 SERIAL REDIRECTOR 220 8 8 SNMP CONFIGURATION 222 8 9 SYSTEM CONTROL 225 8 10 SYSTEM SOFTWARE 226 9 GLOSSARY 228 10 APPENDIX 242 10 1 PR...

Page 6: ... 0 or higher Firefox v2 0 or higher Safari v1 0 or higher 1 3 IBR600 IBR650 Overview The CradlePoint COR is a highly featured compact and robust router designed for deployment in critical business and enterprise applications that require 24x7 connectivity via Ethernet and or WiFi The router features a built in high speed modem 4G LTE 3G EVDO WiMAX HSPA LTE HSPA modem as well as support for wired n...

Page 7: ...the administration and monitoring of distributed routers using CradlePoint Enterprise Cloud Manager ENHANCED WIFI IBR600 500 feet of WiFi Range Wireless N WiFi 802 11n legacy 802 11b g external 2x2 MIMO antenna system 2 4 GHz WiFi broadcast Maximum security with both Public and Private networks Dual SSIDs Create a customized Hotspot with our captive portal feature include Terms of Service advertis...

Page 8: ...ee http www cradlepoint com eel for more information about the Extended Enterprise License 1 3 1 Active GPS Support on PWD Models The following PWD models include an active GPS connection at 3 3 V and 100 mA max COR IBR600LE PWD Verizon COR IBR600LP AT PWD AT T COR IBR600LP2 EU PWD Europe 1 COR IBR600LP PWD2 Canada 1 1 Requires minimum order quantity MOQ To enable purchase and connect an active GP...

Page 9: ...lows you to dedicate more time to what s important your business Support CradleCare Support Agreement 24 7 technical support software upgrades and advanced hardware exchange 1 3 and 5 year options CradleCare Extended Warranty extends the standard warranty to 3 or 5 years On Site Services CradleCare Standard 3G 4G Site Survey Comprehensive carrier analysis for optimal performance CradleCare Standar...

Page 10: ...rnational P AT HSPA AT T 2 W WiMAX CLEAR E VZ EVDO Verizon E SP EVDO Sprint NM no modem 1 PWD version available IBR600LE VZ PWD IBR600LP AT PWD IBR600LP2 EU PWD IBR600LP PWD2 that comes with an active GPS connection at 3 3 V and 100 mA max IBR600LP2 EU PWD IBR600LP PWD2 versions require MOQ 2 Requires minimum order quantity MOQ CradlePoint products with the EU and INTL SKUs enable and disable WiFi...

Page 11: ...CRADLEPOINT COR USER MANUAL Firmware ver 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 8 2 HARDWAREOVERVIEW ...

Page 12: ...or power and two pins for GPIO General Purpose Input Output functionality The included power adapter however only connects to the power pins You will need a separate adapter for GPIO functionality Reset You can return your router to factory default settings by pressing and holding the Reset button This button is recessed so it requires a pointed object such as a paper clip to press Press and hold ...

Page 13: ...s Ethernet LED Solid Green connected Blinking Green data transfer activity USB Port Standard A This port can be used for an external USB modem or to attach a direct firmware upgrade to enable manual firmware upgrades if necessary Hardware version 1 3 changed from a micro USB port to a full size Standard A USB port WiFi Antennas IBR600 only The IBR600 comes with two 2 4 GHz WiFi antennas Reverse SM...

Page 14: ... HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 11 Modem Antennas The CradlePoint COR comes with two modem antennas to enhance reception for the embedded modem These antennas are simple to attach and adjust Power On Off I On O Off Power LED Blue On No light Off ...

Page 15: ...een On and operating normally No light Off Modem LED Green On and operating normally Blinking Green Connecting Amber Not available idle for example Blinking Amber Cellular data connection error No light Off Additional LED Indications Factory reset button detected WiFi and modem LEDs blink amber twice Error during USB firmware upgrade WiFi and modem LEDs blink red ...

Page 16: ...CRADLEPOINT COR USER MANUAL Firmware ver 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 13 2 2 Mounting Bracket ...

Page 17: ...E 14 2 2 1 Attaching the COR to the Mounting Bracket 1 Attach the bracket to the wall or other surface with screws NOTE Screws are not provided because the type of screw required depends on the mounting surface 2 Place the router s edge against the bottom of the bracket 3 Press the router down firmly then push it inside the bracket It should latch ...

Page 18: ... CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 15 2 2 2 Removing the COR from the Mounting Bracket From the top of the bracket press down firmly on the router using your thumb s and pull the device out ...

Page 19: ...are available from wireless carriers such as AT T Sprint Verizon and Vodafone A new line of service can be added or a data plan can be transferred from an existing account You will need the ESN IMEI or similar number from your product label on your router to add or transfer a line of service After adding a data plan to the modem the modem may need to be activated To activate the modem 1 Log in to ...

Page 20: ...The IBR600 network will appear on the list select this network 2 Log in You will need to input the Default Password when prompted The Default Password is provided on the product label found on the bottom of your router this password is the last eight digits of the router s MAC address which can be found on the product box or on the product label NOTE If more than one IBR600 wireless router is visi...

Page 21: ...our router you will need to log in to the administration pages Access your router s Administrator Login screen by opening a web browser window and typing cp your router s default hostname or the IP address 192 168 0 1 into the address bar Enter your Default Password This password can be found on the bottom of the router Then click the LOGIN button When you log in for the first time you will be aut...

Page 22: ...i Network Name or the Security Mode password If so you will need to reconnect your device s to the IBR600 network Find the network Look for your new personalized network name or the default SSID of the form IBR600 xxx Log in using your new personalized WiFi security password or the Default Password found the bottom of the router Your network should now be up and running and users who have the secu...

Page 23: ...d from an existing account You will need the ESN number from your product label on your router to add or transfer a line of service After adding a data plan to the modem you must activate the modem 1 Log into the router s administration pages see Accessing the Administration Pages 2 Select Internet from the top navigation bar and Connection Manager from the dropdown menu Internet Connection Manage...

Page 24: ...stration of all features The interface is organized with 5 tabs at the top of the screen Getting Started Status Network Settings Internet System Settings Web Interface Essentials contains the following sections to help you more quickly and easy navigate these administration pages 4 1 Administrator Login 4 2 Getting Started First Time Setup 4 3 Quick Links 4 4 Configuration Pages 4 5 Enterprise Clo...

Page 25: ...access the administration pages open a Web browser and type the hostname cp or IP address http 192 168 0 1 into the address bar The Administrator Login page will appear Log in using your administrator password Initially this password can be found on the bottom of the IBR600 IBR650 unit as the Default Password This password is also the last eight digits of the unit s MAC address ...

Page 26: ...ash Approximately 10 15 seconds You can then log in using the Default Password found on the bottom of your router 4 1 1 Router Details The Administrator Login page includes a quick reference section that shows the following information Router Details Model Number IBR600 IBR650 Internet Connection Connected Disconnected Wireless Details IBR600 Status Enabled Disabled Clients The number of attached ...

Page 27: ... type the eight character Default Password found on the product label on the bottom of the router this is also the last 8 digits of the router s MAC address 3 When you log in for the first time you will be automatically directed to the FIRST TIME SETUP WIZARD Otherwise go to Getting Started First Time Setup 4 CradlePoint recommends that you change the router s ADMINISTRATOR PASSWORD which is used ...

Page 28: ...vices and is the most secure but may not connect to older devices or some handheld devices such as a PSP GOOD WPA1 WPA2 Select this option if your wireless adapters support WPA or WPA2 This is the most compatible with modern devices and PCs POOR WEP Select this option if your wireless adapters only support WEP This should only be used if a legacy device that only supports WEP will be connected to ...

Page 29: ... of 10 or 26 characters Click NEXT 7 Configuring Your Access Point Name APN If you are using a SIM based modem LTE GSM HSPA with your CradlePoint router you may need to configure the APN before it will properly connect to your carrier Wireless carriers offer several APNs so check with your carrier to confirm the appropriate one to use Some examples include AT T broadband T Mobile epc tmobile com R...

Page 30: ...ll available Default 30 seconds Range 10 3600 seconds Monitor while connected Select from the dropdown menu Default Off Active Ping A ping request will be sent to the Ping Target If no data is received the ping request will be retried 4 times at 5 second intervals If still no data is received the device will be disconnected and failover will occur When Active Ping is selected the next line gives a...

Page 31: ...istrative password and WPA password or WEP key Move your mouse over your WiFi password to reveal it Please record these settings for future access You may need this information to configure other wireless devices NOTE If you are currently using this network reconnect your devices to the network using the new wireless network name and security password Click APPLY to save the settings and update th...

Page 32: ...net Connection This links to Status Internet Connections where you can view in depth information about your Internet sources Click on this green dot to link to Internet Connection Manager where you can manage your WAN interfaces Click on the image of four signal bars to open a Modem Connection Quality popup window that shows the strength of your Internet signal WiFi Clients Click to view a signal ...

Page 33: ...iPipe QoS Connection Manager CP Connect Client Data Usage Data Usage GRE Tunnels L2TP Tunnels Network Mobility NEMO NHRP Interfaces VPN Tunnels WiFi as WAN Bridge WAN Affinity Load Balancing Administration Device Alerts GPIO Connector Enterprise Cloud Manager Feature Licenses Hotspot Services Serial Redirector SNMP Configuration System Control System Software Status Displays various types of infor...

Page 34: ...n or upgrade firmware System Software 4 4 1 Network Settings vs Internet When using the Web interface it will be important to pay attention to the difference between the Internet source for your IBR600 IBR650 and the network created by the router The Internet tab broadly refers to the router s source of Internet while the Network Settings tab broadly refers to the network created by the router Int...

Page 35: ...stration To register your device with CradlePoint Enterprise Cloud navigate to Getting Started Enterprise Cloud Manager Registration Input your ECM Username and ECM Password and click Register You have now registered the device with Enterprise Cloud Manager If you do not have ECM credentials see http www cradlepoint com ecm for details or sign up at http www cradlepoint com ecm signup ...

Page 36: ... page For further configuration options see Network Settings WiFi Local Networks Review the list of changes to ensure they are compatible with your router needs All Ethernet ports will be set to LAN i e you cannot use Ethernet as an Internet source for your router All WAN devices will have Load Balance disabled and the highest priority device will be used All network groups except the primary netw...

Page 37: ... COM FOR MORE HELP AND RESOURCES PAGE 34 5 STATUS The Status tab displays information about many different aspects of the router It provides access to these submenu options Client List CP Connect Dashboard GPS GRE Tunnels Hotspot Clients Internet Connections Routing Statistics System Logs VPN Tunnels WiPipe QoS ...

Page 38: ...Hz 130 Mbps 26 dBm 802 11n The transmission standard being used by the client Possible values include 802 11a 802 11b 802 11g and 802 11n 802 11n is the newest and best standard but some older devices may not support it 20 MHz This is the channel width that defines the theoretical data rate in megahertz that the attached computer or device can send to or receive from the router The channel width i...

Page 39: ...oretical best quality The value is given as a negative exponent 20 is a very good value while 80 is relatively poor Signal quality can be reduced by distance by interference from other radio frequency sources such as cordless telephones or neighboring wireless networks and by obstacles between the router and the wireless device Time Online Simply the amount of time the device has been connected to...

Page 40: ...EDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 37 5 2 CP Connect View the status of configured CP Connect tunnels To set up or edit a CP Connect tunnel go to Internet CP Connect NOTE CP Connect requires a feature license Go to System Settings Feature Licenses to enable this feature ...

Page 41: ... information and or configuration options click on the Detailed Info link beside the category title For each category this links to Router Information System Settings Administration Internet Internet Connection Manager Local Networks Network Settings WiFi Local Networks WiFi Networks Network Settings WiFi Local Networks After the initial setup of the router every time you log in you will automatic...

Page 42: ... time for current session Clock Current local date and time To check for Firmware upgrades see System Settings System Software Internet Detailed Info links to Internet Connection Manager State Connected Disconnected Signal Strength Expressed as a percentage Signal Strength is not included if Ethernet is the WAN type WAN Type Ethernet Modem or WiFi as WAN Connection Type Possibilities include DHCP ...

Page 43: ...WiFi Local Networks WiFi Radio Channel 1 11 Transmit Power Expressed as a percentage Channel Contention Displayed as a bar graph by percentage Lower numbers are better lower numbers mean that there are few competing signals For each WiFi network the following information is displayed SSID Service Set Identifier an identifier or name for a wireless network o Security WPA2 WPA1 WEP Personal Enterpri...

Page 44: ...a graphical view of your router s location See the GPS section in System Settings Administration to enable GPS support GPS information is only displayed if 1 the modem supports GPS 2 your carrier allows the GPS functionality and 3 the modem has sufficient GPS signal strength If no information is displayed check that both the modem and your carrier support GPS If GPS is supported make sure the mode...

Page 45: ...SE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 42 5 5 GRE Tunnels View the status of configured GRE Tunnels To set up or edit a GRE tunnel go to Internet GRE Tunnels Included information Name Status Transmit packets bytes Receive packets bytes ...

Page 46: ...NT COM FOR MORE HELP AND RESOURCES PAGE 43 5 6 Hotspot Clients IBR600 View the status of the clients that have logged in through the Hotspot Captive Portal View Hostname IP address MAC address Data Usage both IN and OUT Time Online You may revoke a client s access to the Internet by clicking the Revoke button ...

Page 47: ...d information about that particular device For each type of device different information will be included in the Device Information section Possible devices include Ethernet LTE EVDO Modem embedded modem LTE HSPA Modem embedded modem HSPA Modem embedded modem EVDO Modem embedded modem WiFi Depending on the device possible information will be in the following sections Diagnostics General Informatio...

Page 48: ...ASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 45 5 7 1 Ethernet General Information Unique Identifier wan Model Type ethernet Port IP Information DNS Servers IP Address Gateway Statistics Incoming Bytes Outgoing Bytes Connection Uptime secs ...

Page 49: ... Diagnostics Signal Error Rate MN HA SPI Modem Firmware Version Battery Status CGSN MN HA SS Network Address Identifier NAI SINR Service Display LTE MN AAA SS Carrier Status MN AAA SPI PIN Status GSN Home Address Product Internal LTE EVDO Signal Strength dBm DEFPDP Model Internal LTE EVDO Manufacturer CradlePoint Inc Rev Tun Battery Level Secondary Home Agent Primary Home Agent ...

Page 50: ...EDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 47 General Information Unique Identifier Port int1 Profile 3 VZWINTERNET Model Internal LTE EVDO Type lte IP Information DNS Servers IP Address Gateway Statistics Incoming Bytes Outgoing Bytes Load Balance score Connection Uptime secs ...

Page 51: ...s Signal Error Rate Modem Firmware Version Battery Status CGSN Service Display HSPA Carrier Status MDN PIN Status ESN IMEI Product Internal LTE HSPA Signal Strength dBm Default Profile Model Internal LTE GSM Manufacturer CradlePoint Inc Battery Level General Information Model Internal LTE GSM Unique Identifier Port int1 Profile 1 Broadband Type lte IP Information DNS Servers IP Address ...

Page 52: ... COR USER MANUAL Firmware ver 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 49 Gateway Statistics Incoming Bytes Outgoing Bytes Connection Uptime secs ...

Page 53: ...nternal HSPA Diagnostics Product Internal HSPA Modem Firmware Version DEFPDP Model Internal LTE EVDO Manufacturer CradlePoint Inc Carrier ID Service Display HSPA Signal Strength dBm GSN PIN Status Connection Type General Information Unique Identifier Port int1 Profile 1 Profile 2 Profile 3 broadband Profile 4 Profile 5 Profile 6 Model Internal HSPA Type modem ...

Page 54: ...r 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 51 IP Information DNS Servers IP Address Gateway Statistics Incoming Bytes Outgoing Bytes Load Balance score Connection Uptime secs ...

Page 55: ...h dBm PRL Version Service Display 1xEV DO 1X Carrier Status UP or DOWN Connection Type CDMA Connection State connected idle etc Connection Uptime General Information Product EVDO Modem Protocol PPP Unique Identifier ESN IMEI Model MC100E VZ Type modem Port 1 Manufacturer CradlePoint Inc IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second Incoming Bits Second Incoming Bytes Ou...

Page 56: ...NC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 53 5 7 6 WiFi as WAN Diagnostics Connection State connected idle etc General Information Product Wireless As WAN Unique Identifier Type wwan IP Information Netmask IP Address Gateway ...

Page 57: ...Routes displays routes associated with networks connected to the router as well as routes learned from routing protocols such as RIP or BGP Static Routes displays user specified routes configured in Network Settings Routing There are also tables displaying information for GRE Routes VPN Routes and NEMO Routes Configure the settings for these routes under the Internet tab ...

Page 58: ...SOURCES PAGE 55 5 9 Statistics The Statistics submenu option displays basic traffic statistics Wireless Statistics View the signal strength and other wireless modem information The wireless device s signal strength will only be displayed as long as it supports Live Diagnostics Sample rate and size can be adjusted from the dropdown boxes ...

Page 59: ...NT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 56 Data Usage A measure of the amount of information that is currently being sent or received through the network Sample rate and size can be adjusted from the dropdown boxes ...

Page 60: ...VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 57 Failover Failback Load Balance An easy way to view current connective states of the devices plugged into the router as compared to the past Sample rate and size can be adjusted from the dropdown boxes ...

Page 61: ...nd relevant messages This router also has external Syslog Server support so you can send the log files to a computer on your network that is running a Syslog utility Auto Update The logs automatically refresh whenever the router creates a new message Update Click to check for new router messages Clear Log Clear the log file Save Log This will open a dialog in your browser that will allow you to sa...

Page 62: ...TTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 59 5 11 VPN Tunnels View the status of configured VPN tunnels To set up or edit a VPN tunnel go to Internet VPN Tunnels Included information Name Connections Status Protocols Transferred Direction Time Online Control ...

Page 63: ...rmware ver 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 60 5 12 WiPipe QoS View the breakdown of packets and bytes sent and received associated with each WiPipe QoS rule ...

Page 64: ... AND RESOURCES PAGE 61 6 NETWORKSETTINGS The Network Settings tab provides access to these submenu options for administering the following functions tasks which all relate to managing the LAN Local Area Networks Content Filtering DHCP Server DNS Firewall MAC Filter Logging Routing Routing Protocols WiFi Local Networks WiPipe QoS ...

Page 65: ...er Rules allow you to control access from your network to external domains or websites Rules are assigned to a specific LAN network or all networks The highest priority rule will have precedence when there is a conflict Addresses can be added by URL Domain name or by IP address Exceptions to existing rules can be created by adding another rule with higher priority For example if access to espn go ...

Page 66: ...bsite you wish to control access for e g www google com To make sure the full domain is blocked enter the most inclusive domain e g google com will effectively block www google com as well as maps google com and images google com Alternatively you can use an IP address e g 8 8 8 8 or address range written in CIDR notation e g 8 8 8 0 24 Filter Action Select Block or Allow Rule Priority Higher numb...

Page 67: ...following dropdown options Allow Access default Block Access When a network is set to Allow Access it will allow access to sites not specifically blocked in the WebFilter Rules When a network is set to Block Access it will block access to sites not specifically allowed in the WebFilter Rules Filter URLs by IP Address Default No Changing this option to Yes will cause the router to perform a DNS loo...

Page 68: ...ilter Rules MAC Address WebFilter Rules allow you to control access from a specific MAC address to external domains or websites The settings for the MAC Address WebFilter Rules section match those for the Network WebFilter Rules except that you must assign a MAC address instead of a network to each rule See the Network WebFilter Rules section for more configuration details ...

Page 69: ... By default each MAC address is allowed website access Click Add Edit to change this setting for a MAC address Input the MAC address and default action you would like to apply to that MAC address Default Action Select from the following dropdown options Allow Access default Block Access When a network is set to Allow Access it will allow access to sites not specifically blocked in the WebFilter Ru...

Page 70: ...rity solution that protects you online by filtering websites Go to http www opendns com business security for information about Umbrella Enter your Umbrella account information in order to use these content filtering settings OpenDNS ISP Filter Bypass Algorithm It is possible that your Internet Service Provider ISP uses the port that OpenDNS is configured to access port 53 which will prevent OpenD...

Page 71: ...nd its IP address to the list of Reservations Reservations This option lets you reserve IP addresses you can assign the same IP address to the network device with the specified MAC address any time it requests an IP address This is almost the same as when a device has a static IP address except that the device must still request an IP address from the router The router will provide the device the ...

Page 72: ...inter scanner laptop etc to an IP address of a device on the network 6 3 1 DNS Settings You have the option to choose specific DNS servers for your network instead of using the DNS servers assigned by your Internet provider The default DNS servers are usually adequate You may want to assign DNS servers if the default DNS servers are performing poorly if you want WiFi clients to access DNS servers ...

Page 73: ... Dynamic DNS service provider you can enter your host name to connect to your server no matter what your IP address is Enable Dynamic DNS Service Enable this option only if you have purchased your own domain name and registered with a Dynamic DNS service provider Server Type Select a Dynamic DNS service provider from the pull down list www DynDNS org www DNSomatic com www ChangeIP com www NO IP co...

Page 74: ...ternal IP address will have to be manually configured in this field You may find out what your external IP address is by going to http myip dnsomatic com in a web browser 6 3 4 Known Hosts Configuration The Known Hosts Configuration feature allows you to map a name printer scanner laptop etc to an IP address of a device on the network This assigns a new hostname that can be used to conveniently id...

Page 75: ... 4 1 Port Forwarding Rules A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network For example a port forwarding rule might be used to run a Web server Exercise caution when adding new rules as they impact the security of your network Click Add to create a new port forwarding rule or select an existing rule and click Edit Add Edit Port Forwarding R...

Page 76: ...ld to open a port for a Web server on a computer within your network The Internet Port s field could then also be 80 or you could choose another port number that will be used across the Internet to access your Web server If you choose a number other than 80 for the Internet Port connections to that number will be mapped to 80 and therefore the Web server within your network Protocol Select from th...

Page 77: ...ot recommended for use by the IETF NPT can help to keep internal network ranges consistent across various IPv6 providers but it cannot be used effectively in all situations The primary purpose for CradlePoint s NPT implementation is for failover failback and load balancing setups LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition wh...

Page 78: ...ge For example in order to host a server you might have opened ports with a port forwarding rule that could expose your LAN to cyber attacks With an incoming IP filter rule you can restrict the access to your LAN to only known devices Name Name your rule Enabled Selected by default Log When checked each packet matching this filter rule will be logged in the System Logs Action Allow or Deny Protoco...

Page 79: ...ou leave these values blank then all IP addresses and ports will be included IP Source and IP Destination options can be used to differentiate between the directions that packets go You could permit packets to come from particular IP addresses but then not allow packets to return to those addresses Example of an IP Filter Rule Suppose you have opened a port in your firewall in order to run a serve...

Page 80: ...n under Network Settings DHCP Server and reserve the IP address for the device As with port forwarding use caution when enabling the DMZ feature as it can threaten the security of your network Only use DMZ as a last resort 6 4 5 Application Gateways Advanced Enabling an application gateway makes pinholes thru the firewall This may be required for some applications to function or for an application...

Page 81: ...dress they can launch a network attack without revealing the true source of the attack or attempt to gain access to network services that are restricted to certain addresses 6 4 7 Remote Administration Access Control Advanced Enable Remote Administration Access Control Selecting this option allows you to make remote administration tools available to only the specified IP addresses Access from all ...

Page 82: ...ccess Control Editor IP Address The IP address that will be allowed to access administrative services through the WAN Netmask Optional The netmask allows you to specify what IP address sets will be allowed access If this field is left empty a netmask of 255 255 255 255 will be used which means that only the single specified IP address would have remote administration access ...

Page 83: ...to create a list of devices that have either exclusive access whitelist or no access blacklist to your wireless LAN Enabled Click to allow MAC Filter options Whitelist Select either Whitelist or Blacklist from a dropdown menu In Whitelist mode the router will restrict WiFi access to all computers except those contained in the MAC Filter List panel In Blacklist mode listed devices are completely bl...

Page 84: ...ystem Settings Device Alerts to set up these email alerts Ignored MAC Addresses This is the list of MAC addresses that will not produce an alert or a log entry when they are connected to the router These should be MAC addresses that you expect to be connected to the router To add MAC addresses to this list simply select devices shown in the MAC Address Log and click Ignore You can also add address...

Page 85: ...puter belongs to and which other IP addresses the computer can see in the same LAN An IP address of 192 168 0 1 along with a Netmask of 255 255 255 0 defines a network with 256 available IP addresses from 192 168 0 0 to 192 168 0 255 NOTE 255 255 255 255 is used to signify only the host that was entered in the IP Network Address field Gateway Specifies the next hop to be taken if this route is use...

Page 86: ...bors and then throughout the network This way routers gain knowledge of the topology of the network Choose from the following tabs to configure routing protocols BGP Routing OSPF Routing RIP Routing RIPNG Routing Route Maps and Filters 6 7 1 BGP Routing The latest version of BGP Border Gateway Protocol is version 4 BGP 4 is one of the Exterior Gateway Protocols and de facto standard of Inter Domai...

Page 87: ... IP address and netmask to assign networks to this ASN Neighbor Options Creates a new neighbor identified by remote ASN and IP address Redistribute Routes Redistribute routes of the specified protocol or kind into BGP with the metric type and metric set if specified filtering the routes using the given route map if specified Redistributed routes may also be filtered with distribute lists Type The ...

Page 88: ...OSPF process The router ID may be an IP address of the router but need not be it can be any arbitrary 32bit number However it MUST be unique within the entire OSPF domain to the OSPF speaker bad things will happen if multiple OSPF speakers are configured with the same router ID Authentication Key Set OSPF authentication key to a simple password After setting authentication key all OSPF packets are...

Page 89: ...ormation Protocol is a widely deployed interior gateway protocol RIP is a distance vector protocol based on the Bellman Ford algorithms As a distance vector protocol RIP sends updates from one router to its neighbors periodically allowing the convergence to a known topology In each update the distance to any given network will be broadcast to its neighboring router The router supports RIP version ...

Page 90: ...used to specify neighbors In some cases not all routers will be able to understand multicasting where packets are sent to a network or a group of addresses In a situation where a neighbor cannot process multicast packets it is necessary to establish a direct link between routers The neighbor command allows the network administrator to specify a router as a RIP neighbor The no neighbor a b c d comm...

Page 91: ...IPNG Editor Name Unique name of the policy Metric RIPng metric is a value for distance for the network Usually RIP increments the metric when the network information is received The metric for redistributed routes is set to 1 Enabled Click to enable disable the policy Default enabled Networks Set the RIPng enabled interfaces by network using IPv6 addresses RIPng is enabled on the interfaces that h...

Page 92: ...d into BGP with the metric type and metric set if specified filtering the routes using the given route map if specified Redistributed routes may also be filtered with distribute lists Type The type is the source of the route Select from Main Connected Static RIP OSPF Metric Numerical priority of the route Route Map Route maps provide a means to filter and or apply actions to routes allowing polici...

Page 93: ...want permitted or denied Netmask Use this along with IP Address to specify a range of IP Addresses associated with this Access Lists rule Route Map Route maps provide a means to filter and or apply actions to routes allowing policies to be applied to routes Route maps define rules for transferring between different routing protocols Each statement in a route map is ordered Once there is a match to...

Page 94: ...nown communities value 0 o no export alias for well known communities value NO_EXPORT 0xffffff01 o no advertise alias for well known communities value NO_ADVERTISE 0xffffff02 o local AS alias for well known communities value NO_EXPORT_SUBCONFED 0xffffff03 Match This specifies the policy implied if the Matching Conditions are met or not met and which actions of the route map are to be taken if any ...

Page 95: ...work For example if you change a LAN s IP address devices within that network will lose connection They will have to reconnect to the network The user can set up multiple networks on the IBR600 IBR650 each with its own unique configuration and its own selection of interfaces Each local network can be attached to any of the following types of interfaces WiFi IBR600 only Ethernet VLAN For example on...

Page 96: ...ateway LAN Isolation Attached Interfaces Ethernet ports WiFi VLAN Click Add to configure a new network or select an existing network and click Edit to view configuration options HotSpot Captive Portal When you set a network as a Hotspot under Routing Mode you will also need to 1 Configure hotspot settings under System Settings Hotspot Services This is where you can configure a Terms of Service agr...

Page 97: ...ing Multicast Proxy Schedule VRRP STP and Wired 802 1X General Settings Enabled Push to manually disable a network Also some settings could cause a network to be automatically disabled click here to re enable the network Name This primarily helps to identify this network during other administration tasks Hostname Default cp for CradlePoint The hostname is the DNS name associated with the router s ...

Page 98: ...following options in the dropdown list NAT Network Address Translation hides private IP addresses behind the router s IP address This is the simplest and most common choice for users because NAT does the translation work for you Standard NAT less routing If you select Standard you must separately configure your IP addresses so that they will be publically accessible Typically you will not select t...

Page 99: ...ings IPv6 must be enabled through the WAN initially go to Internet Connection Manager to enable IPv6 IPv6 Address Source By default this is set to Delegated which means the IPv6 address range for the LAN is passed through from the WAN side Change this to Static to input your own IPv6 address range here or select None to explicitly disable IPv6 LAN connectivity ...

Page 100: ...ces shown on the left in the Available section to move them to the Selected section on the right or highlight an interface and click the button To deselect an interface double click on an interface in the Selected section or highlight the interface and click the button If you want more interface options you must configure additional WiFi Ethernet ports and VLAN interfaces separately See the Local ...

Page 101: ...is network to match the intended use Simply select or deselect any of the following LAN Isolation When checked this network will NOT be allowed to communicate with other local networks UPnP Gateway Select the UPnP Universal Plug and Play option if you want to enable the UPnP Gateway service for computers on this network Admin Access When enabled users may access these administration pages on this ...

Page 102: ... and Range End These designate the range of values in the reserved pool of IP addresses for the DHCP server Values within this range will be given to any DHCP enabled computers on your network The default values are almost always sufficient default 72 to 200 as in 192 168 0 72 to 192 168 0 200 Example The router uses an IP address of 192 168 0 1 for its primary network by default A computer design...

Page 103: ...option A complete list of options is available from IANA Value Generally this field should be a string IP address or numeric value Some fields can accept both IP addresses and hostnames in these cases you may need to wrap this value in quotes For example option 66 Server name requires quotes around IP addresses DHCP Relay DHCP Relay communicates with a DHCP server and acts as a proxy for DHCP broa...

Page 104: ...provides an additional client configuration method and is regularly combined with SLAAC to provide DNS servers a shortcoming in the original SLAAC specification and additional options not supported by SLAAC By defaulting to SLAAC with DHCPv6 all IPv6 capable clients on the network should be configurable with IPv6 connectivity DHCP Range Start The beginning of the range that will be used for IPV6 D...

Page 105: ...t Proxy Select to enable IGMP proxy support to allow multicast streams to flow across this network Quick Leave Mode Disable quick leave mode if it s vital that the daemon should act exactly as a real multicast client on the upstream interface However disabling this function increases the risk of bandwidth saturation By default enabling multicast proxy enables a multicast connection with devices wi...

Page 106: ... use this to limit a Hotspot network to business hours Schedule Service Default Disabled Select to enable This will open a configurable chart for setting the schedule Each hour of the week is represented by a black or gray square Black represents disabled while gray represents enabled Hover over a square to reveal the hour it represents Click on the squares to toggle between black and gray In the ...

Page 107: ...l router associated with the virtual router Virtual Router ID Identifying number of the virtual router Range 1 255 Router Priority Failover priority level of this physical router The physical router with the highest priority number will have primary ownership of the virtual router Range 1 254 WAN Fault Priority This optional value sets the failover priority of this router when no WAN connection is...

Page 108: ...RRP group password Provide Virtual IP in DHCP leases Select this to automatically set the DHCP default gateway address and DNS server address to the virtual IP in DHCP leases provided on this network STP NOTE STP requires a feature license Go to System Settings Feature Licenses to enable this feature Spanning Tree Protocol STP allows a network design to include redundant paths while preventing bro...

Page 109: ...on period in seconds Authentication settings Auth Server IP Address This is the IP address of the connected RADIUS server Auth Server MAC Address This is the hardware address of the connected RADIUS server s interface NOTE If you don t know the MAC address for the RADIUS server enter 00 00 00 00 00 00 and the service will try to find the MAC address from the given IP address Port 1812 is common fo...

Page 110: ... to a network in the Local Network Editor see above Select from the following tabs Wireless WiFi Network Settings Ethernet Port Configuration VLAN Interfaces Wireless WiFi Network Settings The IBR600 can broadcast two SSIDs service set identifiers the names for WiFi networks One primary WiFi network is enabled by default while you may have enabled a second guest network when using the First Time S...

Page 111: ...ter broadcasts its SSID It is somewhat harder for hackers to find and attack a router that is not broadcasting its SSID which adds to the wireless security but it is also more difficult for friendly users to attach to a WiFi network with a hidden SSID Isolate Select this to isolate all wireless clients so they cannot directly communicate with each other on the wireless network WMM WiFi Multimedia ...

Page 112: ... to a RADIUS server and require RADIUS authentication IP Port and Shared Key WPA2 Personal or Enterprise forces AES as the WPA Cipher WPA WPA2 and WPA Personal or Enterprise allow AES TKIP AES and TKIP WEP Auto requires a WEP Key Open has no password or other security measures NOTE If you don t know whether you should choose Personal or Enterprise assume Personal since you need to know RADIUS auth...

Page 113: ...ty to control Mode WAN or LAN and Link Speed Additional controls for WAN ports are available in Internet Ethernet Settings Mode WAN or LAN Internet WAN is used to connect to another network such as a hotel or office wired network The WAN connection is used as a possible source of Internet for the router Local Network LAN is for connecting a computer or similar device directly to the router with an...

Page 114: ... the LAN mode you must separately ensure that this logical interface is attached to a Local IP Network in the top panel of this page Port Group ID The Group ID field provides a reference to this grouping of ports to be used in other parts of the router configuration For example this ID is referenced in the Local IP Networks configuration to attach this logical group of Ethernet ports with a networ...

Page 115: ...nd a group of Ethernet ports through which users can access the VLAN Then go back up to the Local Network Editor to attach your new VLAN to a network To use a VLAN the VID must be shared with another router or similar device so that multiple physical networks have access to the one virtual network Click Add to create a new VLAN interface VLAN Editor VID An integer value that is the Virtual LAN ID ...

Page 116: ...ction Method This controls how a WiFi channel is selected User Selection Manually set the channel Random Selection The router randomly sets the channel Smart Selection Default Scans to determine the lowest interference WiFi channel Channel Shows if User Selection is selected The WiFi channel corresponds to a frequency the router uses to communicate with other devices The range is 1 to 11 and 1 6 a...

Page 117: ...ue Fragmentation Threshold Wireless frames can be divided into smaller units fragments to improve performance in the presence of RF interference and at the limits of RF coverage Fragmentation will occur when frame size in bytes is greater than the Fragmentation Threshold This setting should remain at its default value Setting the Fragmentation value too low may result in poor performance DTIM A DT...

Page 118: ...dulation Coding Schemes to enable higher throughput in various environments Since clients can dynamically change rates depending on environment selecting Auto is generally best Short GI Short GI is an optimization for shortening the interval between transmissions May be incompatible with older clients Greenfield Mode Greenfield mode uses an 802 11n only preamble to transmit packets that older wire...

Page 119: ...box to open options for controlling Internet traffic You can assign maximum Upload Speed and Download Speed values and define your own Traffic Shaping rules Upload Speed and Download Speed Setting the Upload Speed and Download Speed is required to control traffic flow accurately Adjust the sliding bar to restrict the maximum upload and or download speed for the Internet source s you are using For ...

Page 120: ...l queue Restrict the bandwidth available for less important functions with the secondary queue Assign percentages of both upload and download bandwidth to each queue If you assign 80 download bandwidth to the first queue the next queue will be forced to be 20 or less Click Add to create a new Traffic Shaping QoS queue Queue Name Choose a name that is meaningful to you Upload Bandwidth Enable Uploa...

Page 121: ...est Click Next to continue to the next page Download Bandwidth Enable Download QoS Default Enabled Deselect if you want your rule to apply to upload traffic only Leave this selected to include download restrictions with this queue Borrow Spare Bandwidth Default Enabled When this is enabled the interfaces protocols associated with this rule will borrow unused bandwidth from other rules Disabling bo...

Page 122: ...ns Default Normal Lowest Lower Below Normal Normal Above Normal High Higher Highest DSCP DiffServ Tag Differentiated Services Code Point DSCP is the successor to TOS Type of Service Use this field to tag the traffic by putting the value in the DSCP header of each IP packet that flows through this queue Use the value of 0 to clear the existing DSCP value in the packet header DSCP Tagging is sometim...

Page 123: ...T INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 120 6 9 2 Rules A traffic shaping rule identifies a specific message flow and assigns that flow to one of the queues created above Click Add to create a new Traffic Shaping rule ...

Page 124: ...iate the rule with Rule Enabled Default Enabled Deselect this to disable this rule This can be useful for quickly changing configurations If both upload QoS and download QoS are disabled then the rule will disable automatically Rule Name Create a name for the rule that is meaningful to you Protocol The protocol used by the messages TCP UDP TCP UDP or ICMP Select Any if your rule does not control a...

Page 125: ... IP address with a netmask for either source or destination or both Source vs destination is defined by traffic flow Leave these blank to include all IP addresses such as if your rule is defined by a particular port instead EXAMPLE If you want to associate this rule with your guest LAN you could input the IP address and netmask for the guest LAN here leaving the last slot 0 to allow for any user a...

Page 126: ...ELP AND RESOURCES PAGE 123 7 INTERNET The Internet tab provides access to these submenu items for managing a variety of Internet connection options Connection Manager CP Connect Client Data Usage Data Usage GRE Tunnels L2TP Tunnels Network Mobility NEMO NHRP Interfaces VPN Tunnels WiFi as WAN Bridge WAN Affinity Load Balancing ...

Page 127: ... interface you can set the interface the router uses by default and the order that it allows failover In the example shown Ethernet is set as the primary Internet source while the internal modem is set for failover The Ethernet is Unplugged while the modem is Connected Load Balance If this is enabled the router will use multiple WAN interfaces to increase the data transfer throughput by using any ...

Page 128: ...icking on a device reveals the following information State Connected Available etc Port UID Unique identifier This could be a name or number letter combination IP Address Gateway Netmask Stats bytes in bytes out Uptime in seconds Click Edit to view configuration options for the selected device For 3G 4G modems select the modem and click Control to view options to activate or update ...

Page 129: ...y and the more use the device will get This number will change when you move devices around with the priority arrows in the WAN Interfaces list Load Balance Select to allow this device to be available for the Load Balance pool Download bandwidth Defines the default download bandwidth for use in Load Balance and QoS quality of service or traffic shaping algorithms Range 128 Kb s to 1 Gb s Upload ba...

Page 130: ...modem only A DNS request will be sent to the DNS servers If no data is received the DNS request will be retried 4 times at 5 second intervals The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server If still no data is received the device will be disconnected and failover will occur Active Ping A ping request will be sen...

Page 131: ...n be made High Rate 80 KB s Time Period 30 seconds Normal Rate 20 KB s Time Period 90 seconds Low Rate 10 KB s Time Period 240 seconds Custom Rate range 1 100 KB s Time Period range 10 300 seconds Time Fail back only after a set period of time Default 90 seconds Range 10 300 seconds This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired ...

Page 132: ...FOR MORE HELP AND RESOURCES PAGE 129 7 1 4 IP Overrides IP overrides allow you to override IP settings after a device s IP settings have been configured Only the fields that are filled out will be overridden Override any of the following fields IP Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server ...

Page 133: ...re RADIUS TACACS accounting for wireless clients and admin CLI login IP Passthrough not needed with IPv6 NAT not needed with IPv6 Bounce pages UPnP Network Mobility DHCP Relay VRRP GRE GRE over IPSec OSPF NHRP Syslog SNMP over the WAN LAN works There are two main types of IPv6 WAN connectivity native Auto and Static and tunneling over IPv4 6to4 6in4 and 6rd Native Auto and Static The upstream ISP ...

Page 134: ...s it to a relay server provided by your ISP When you configure IPv6 you have the option to designate DNS Servers and Delegated Networks Because of the dual stack setup these settings are optional when configured for IPv6 the router will fall back to IPv4 settings when necessary DNS Servers Each WAN device is required to connect IPv4 before connecting IPv6 Because of this DNS servers are optional a...

Page 135: ...will be requested from the ISP to delegate to LAN networks Default 63 Primary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on your provide...

Page 136: ...ateway IP Input the IPv6 remote gateway IP address provided by your ISP Primary IPv6 DNS Server optional Depending on your provider setup this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on your...

Page 137: ...ary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on your provider this may be required Prefixes specified here only take effect if those s...

Page 138: ... the tunnel Tunnel Server IP Input the tunnel server IP address provided by your tunnel service Local IPv6 Address Input the local IPv6 address provided by your tunnel service Primary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS...

Page 139: ...should be supplied by your ISP IPv4 Border Router Address This address should be supplied by your ISP IPv4 Common Prefix Mask Input the number of common prefix bits that you can mask off of the WAN s IPv4 address Primary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Add...

Page 140: ...C s MAC Address Connect Method Select the connection type that you need for this WAN connection You may need to check with your ISP or system administrator for this information DHCP Dynamic Host Configuration Protocol is the most common configuration Your router s Ethernet ports are automatically configured for DHCP connection DHCP automatically assigns dynamic IP addresses to devices in your netw...

Page 141: ...EPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 138 Static Manual IPv4 Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server PPPoE Username Password Password Confirm Service Auth Type None PAP CHAP ...

Page 142: ...int network can disconnect the modem to apply updates such as for PRL modem firmware or configuration events These activities do not change any router settings but the modem connection may be unavailable for periods of time while these updates occur The modem may also require a reset after a modem firmware update is complete Disabled The request to update will be refused When Disconnected The requ...

Page 143: ...et the modem decide which network to use Auto 3G 3G or less Let the modem decide which 2G or 3G network to use Do not attempt to connect to LTE Force LTE Connect to LTE only and do not attempt to connect to 3G or WiMAX Force 3G EVDO UMTS HSPA Connect to 3G network only Force 2G 1xRTT EDGE GPRS Connect to 2G network only See the following tables for a breakdown of the technologies used with various...

Page 144: ...BASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 141 GSM Technology Auto Auto 3G Force 4G Force 3G module auto selects Force 2G module auto selects 3G LTE HSPA 4G 3 5G HSPA 3G EDGE 2 75G GPRS 2 5G IBR6x0LP Sierra Wireless MC7700 IBR6x0LP2 Sierra Wireless MC7710 IBR6x0P Sierra Wireless MC8705 ...

Page 145: ...ere were no errors NOTE AT Config Script should not be used unless told to do so by your modem s cellular provider or by a support technician AT Dial Script This is included for legacy devices only Most users will not use this option Go to SIM APN Auth Settings instead if you need to select a specific Access Point Name If you do need this option for older devices enter the AT commands to be used i...

Page 146: ...Warner Cable mobile rr com Comcast mob comcast net TTLS Authentication Mode TTLS inner authentication protocol Select from the following dropdown options MSCHAPv2 MD5 Microsoft Challenge Handshake Authentication Protocol version2 Message Digest Algorithm 5 PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol TTLS Username Username for TTLS authentication TTLS Passw...

Page 147: ... the modem is re plugged Active Profile Select a number from 0 5 from the dropdown list This selects a Profile to apply the following settings to You need to get the correct profile index from your carrier and set it here NAI Username realm Network Access Identifier NAI is a standard system of identifying users who attempt to connect to a network AAA Shared Secret Password Authentication Authoriza...

Page 148: ...sername and password Access Point Configuration Some wireless carriers provide multiple Access Point configurations that a modem can connect to Some APN examples are isp cingular and vpn com Default Let the router choose an APN automatically Manual Enter an APN by hand Select This opens a table with 16 slots for APNs each of which can be set as IP IPV4V6 or IPV6 The default APN is marked with an a...

Page 149: ...Activation or FUMO The modem supports Update Activate methods A message will display showing options for each supported method Modem Activation Update Activate Reactivate or Upgrade Configuration Preferred Roaming List PRL Update Firmware Update Management Object FUMO Click the appropriate icon to start the process If the modem is connected when you start an operation the router will automatically...

Page 150: ... Update Modem Firmware Click on the Firmware button to open the Modem Firmware Upgrade window This will show whether there is new modem firmware available If you select Automatic Internet the firmware will be updated automatically Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device NOTE Only CradlePoint integrated modems have this firmware upgrade option...

Page 151: ...ems or a rule that only applies to an Internet source with a particular MAC address The Configuration Rules list shows all rules that you have created as well as all of the default rules These are listed in the order they will be applied The most general rules are listed at the top and the most specific rules are at the bottom The router goes down the list and applies all rules that fit for attach...

Page 152: ... rule Create a name for your rule and the condition for which the rule applies Rule Name Create a name meaningful to you This name is optional Select each of the following to create a condition for your rule When Port Internal USB Port or External USB Port Manufacturer Select by the manufacturer such as Sierra Wireless Model Set your rule according to the specific model of modem Type Ethernet LTE ...

Page 153: ...he condition will be of the following form When is is not value For example Type is not WiMAX Port is Internal USB Port Once you have established the condition for your configuration rule choose from the other tabs to set the desired configuration All of the tab options General Settings IP Overrides IPv6 Settings Ethernet Settings Modem Settings WiMAX Settings CDMA Settings and SIM APN Auth Settin...

Page 154: ...0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 151 7 2 CP Connect Beta CP Connect is a licensable feature used to create a connection to a private network CP Connect is currently in beta ...

Page 155: ...g this information This data is not retained between router reboots For each client this shows Name IP address MAC address amount of data MB and number of packets uploaded amount of data and number of packets downloaded and when traffic was last sent or received for that client Last Traffic The names that are shown are received during a DHCP exchange If a client disconnects and reconnects with a n...

Page 156: ...own use of a modem and or send a message when you reach a data usage amount you set Enable Data Usage Enabled Disabled Default Disabled When you select Enabled you will see the Data Usage Agreement shown to the right The purpose of this agreement is to ensure that you understand that the data numbers for your router might not perfectly match those of your carrier CradlePoint cannot be held respons...

Page 157: ...s an amount in MB as a percentage of the cap and in a bar graph Click Add to configure a new Data Usage Rule Data Usage Rule page 1 Rule Name Give your rule a name for later recognition WAN Selection Select from the dropdown list of currently attached WAN devices Assigned Usage in MB Enter a cap amount in megabytes 1024 megabytes equals 1 gigabyte Rule Enabled Default Enabled Click to disable Use ...

Page 158: ...t at the end of each cycle Select the length of a cycle from a dropdown menu with the following choices Daily Weekly Monthly Cycle Start Date Select the date you wish the rule to begin This date will be used to track when the rule will be reset Shutdown WAN on Cap If selected the WAN device will shut down when the assigned usage is reached A cycle reset or a rule deletion will re enable the device...

Page 159: ...h WAN device that matches a template will automatically have its own rule created Click Add to configure a new Template rule Create a Template Name that you can recognize The template will apply to one of the following WAN types All WAN All Ethernet All Modems Select one of these types The rest of the rule settings options match those in the Data Usage Rules See the section above for additional in...

Page 160: ...re In order to set up a tunnel you must know the following Local Network and Remote Network addresses for the Glue Network the network that is created by the administrator that serves as the glue between the networks of the tunnel Each address must be a different IP address from the same private network and these addresses together form the endpoints of the tunnel Remote Gateway the public facing ...

Page 161: ...ther Choose any private IP address from the following three ranges that doesn t match either network 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 Remote Network This is the remote side of the Glue Network Again the user must create an IP address that is distinct from the IP addresses of the networks that are being glued together The Remote Network and Local Network...

Page 162: ...of network traffic from the local host or hosts will be allowed through the tunnel Click Add Route to configure a new route You will need to input the following information defined by the remote network Network Address Netmask Default 255 255 255 0 You can set the tunnel to connect to a range of IP addresses or to a single IP address For example you could input 192 168 0 0 and 255 255 255 0 to con...

Page 163: ...E HELP AND RESOURCES PAGE 160 7 6 L2TP Tunnels NOTE L2TP requires a feature license Go to System Settings Feature Licenses to enable this feature Layer 2 Tunneling Protocol L2TP tunnels can be used to create a connection between two private networks Once you have a valid feature license click Add to create a new L2TP tunnel ...

Page 164: ... Set the maximum transmission unit MTU of the L2TP tunnel MRU Set the maximum receive unit MRU to request from the tunnel peer Tunnel Enabled Click to enable disable this tunnel Default Enabled Authentication More authentication options and overrides are available in the next section Username Username for user specific authorization Leave blank to disable Password Shared secret or password used to...

Page 165: ...tunnel can negotiate a common scheme Some times this negotiation fails or the implementation on one end is incompatible with the other To solve those authentication issues enable the overrides as needed Authentication Username for user specific authorization Leave blank to disable CHAP Choose from Allowed Refused or Required PAP Choose from Allowed Refused or Required Name Override names used to a...

Page 166: ...DMNR Dynamic Mobile Network Routing Your NEMO service provider will define many of the settings for your NEMO configuration Once you have a NEMO service provider and a valid feature license add networks to the Networks Routed by NEMO section by first clicking Add In the popup window input Network Address Netmask The Network Address and Netmask or subnet mask together define a range of IP addresses...

Page 167: ...ES PAGE 164 Renew Registration The NEMO network regularly re registers with the home agent e g every 30 seconds Specify the number of seconds between each check in MTU Override the MTU maximum transmission unit of the NEMO tunnel The TCP MSS maximum segment size is automatically derived from the MTU Leave blank to rely on Path MTU Discovery ...

Page 168: ... technologies that allow shortcutting between spokes With NHRP systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network allowing these systems to directly communicate without requiring an intermediate hop The NHRP Configuration table displays the following fields for each configured NHRP interface Name Name of the GRE tunnel that NHR...

Page 169: ...password to outgoing NHRP packets Incoming NHRP packets on this interface are discarded unless this password is present Max length 8 characters Holding Time Specifies the holding time for NHRP registration requests and resolution replies Shortcut Destination Reply with authoritative answers on NHRP resolution requests destined to addresses in this interface instead of forwarding the packets Non Ca...

Page 170: ...ols The IBR600 IBR650 uses IPsec Internet Protocol security to authenticate and encrypt packets exchanged across the tunnel To set up a VPN tunnel with the IBR600 IBR650 on one end there must be another device usually a router that also supports IPsec on the other end IKE Internet Key Exchange is the security protocol in IPsec IKE has two phases Phase 1 and Phase 2 The IBR600 IBR650 has several di...

Page 171: ... tunnel is configured to expect an identifier then both must match in order for the negotiation to succeed If NAT T is being used a single word instead of an address can be used if a DynDNS connection is not being used Remote Identity This can be left blank for most users If left blank it will default to the IP address of the WAN connection Currently we only support identifiers in the form of an I...

Page 172: ...hoices than they do in the MBR1200 so it is more complex to configure Check this box to simplify setup by streamlining your options WAN Binding WAN Binding is an advanced optional parameter used to configure a VPN tunnel to ONLY operate when the specified WAN device s are available and connected An example use case is a router with both a primary and backup WAN connection and the VPN tunnel should...

Page 173: ...ces connected simultaneously with either Load Balancing or more likely WAN Affinity then you may consider using the Invert WAN Binding option which will invert the expression to only establish the VPN tunnel when the specified WAN Binding devices are NOT connected Invert WAN Binding Advanced option that inverts the meaning of WAN Binding to only establish this tunnel when the specified WAN Binding...

Page 174: ...o only some of the devices in your network NOTE The local network IP address must be different from the remote network IP address Remote Network Enter the remote Gateway s IP address or fully qualified domain name my domain com It is recommended you use a dynamic DNS host name instead of the static IP address By using the dynamic DNS host name updates of the remote WAN IP are compensated for while...

Page 175: ...the most secure options that your devices support Exchange Mode The IKE protocol has 2 modes of negotiating phase 1 Main also called Identity Protection and Aggressive In Main mode IKE separates the key information from the identities allowing for the identities of peers to be secure at the expense of extra packet exchanges In Aggressive mode IKE tries to combine as much information into fewer pac...

Page 176: ...etermined by the strength of the DH Group Group 5 for instance has greater strength than Group 2 o DH group 1 768 bit key o DH group 2 1024 bit key o DH group 5 1536 bit key In Phase 1 only one DH group can be selected while using Aggressive exchange mode By default all the algorithms encryption hash and DH groups supported by the IBR600 IBR650 are checked which means they are allowed for any give...

Page 177: ...rated in Phase 1 Additionally the new keys generated in Phase 2 with this option enabled are exchanged in an encrypted session Enabling this feature affords the policy greater security Key Lifetime The lifetime of the generated keys of Phase 2 of the IPsec negotiation from IKE After the time has expired IKE will renegotiate a new set of Phase 2 keys Phase 2 has the same selection of Encryption Has...

Page 178: ...licy is in use Connection Idle Time allows you to configure how long the router will allow an IPsec session to be idle before beginning to send Dead Peer Detection DPD packets to the peer machine Request Frequency allows you to adjust the delay between these DPD packets to send as quickly as every 2 seconds up to 30 seconds apart Additionally you can specify how many Maximum Requests to send at th...

Page 179: ...specially helpful for matching this information with the router or similar device at the other end of the tunnel Tunnel Name Mode Initiation Mode Pre shared Key Local Network Remote Gateway Remote Network IKE Phase 1 o Exchange Mode o Key Lifetime Secs o Encryption o Hash o DH Groups IKE Phase 2 o PFS o Key Lifetime Secs o Encryption o Hash o DH Groups DPD Click Yes at the bottom of the Tunnel Sum...

Page 180: ... certificate on a local device Disabling certificate support will no longer use any previously loaded certificate but will not delete it from the router Only one certificate at a time is supported IKE ISAKMP Port Internet Key Exchange Internet Security Association and Key Management Protocol port Default 500 This is a standard VPN port that usually does not need to be changed IKE ISAKMP NAT T Port...

Page 181: ... side of a planned VPN tunnel is behind a NAT network address translation firewall the setup of your tunnel requires the following specifications 1 Each side of the tunnel must use both a Local Identity and a Remote Identity These must match the identities on the other side The Local Identity must match the Remote Identity on the other side of the tunnel and vice versa In this case these identitie...

Page 182: ...and WiFi Bridge features cannot both be used at the same time When either WiFi as WAN or WiFi Bridge is enabled the IBR600 will find other WiFi networks that you can select and connect to Unless a selected WiFi source is on an unprotected network you will need to know its password or key All CradlePoint routers and some other routers use the same default IP address for the primary network 192 168 ...

Page 183: ...ess of this router and the attached WiFi access point cannot be the same address To set up WiFi Bridge follow these steps 1 In Internet WiFi as WAN Bridge under WiFi Client Mode click on WiFi Bridge to enable this mode 2 Your bridge network must be enabled under Saved Profiles Either import the desired network from Site Survey or click Add to configure it 3 Once WiFi Bridge is enabled and a bridge...

Page 184: ...e Set Identifier This parameter is required when trying to connect to a hidden network using WiFi as WAN It is optional when connecting to a visible network If it is set in a profile both the SSID and BSSID must match to connect to an access point If the BSSID is not set in a profile then the router will connect to any access point that matches the given SSID Auth Mode The type of encryption that ...

Page 185: ...rates on the 2 4 GHz band You have the option to manually add network profiles but it is usually much easier to import them from Site Survey Either click on Add under Saved Profiles or select a WiFi network in Site Survey and click Import If you import a network from Site Survey most of the information about the network will already be completed You need to input the password if there is one and t...

Page 186: ...7 10 4 Wireless Scan Settings Scan Interval How often WiFi as WAN scans the environment for updates Default 60 seconds Range 5 3600 seconds Scan While Connected Continue to scan for WiFi as WAN profile updates when connected Each time a scan occurs the wireless communication of the router will be temporarily interrupted Normally this should be disabled ...

Page 187: ...et Data Usage The router will make a best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the Data Usage rule for each interface rather than distributing sessions based solely on bandwidth For proper function you need to create data usage rules for each WAN device you will be load balancing Make certain to select the Use with Load Balancing checkbox...

Page 188: ...t from the dropdown list to specify the protocol for a particular data use Otherwise leave Any selected Any ICMP TCP UDP GRE ESP SCTP Source IP Address Source Netmask Destination IP Address and Destination Netmask Specify an IP address or range of IP addresses by combining an IP address with a netmask for either source or destination or both Source vs destination is defined by traffic flow Leave t...

Page 189: ...h isn t starts with ends with or contains Port Select from the dropdown list of possible WAN ports on the router o WAN Ethernet o LAN Ethernet o Undefined Manufacturer Select from a dropdown list of attached devices Model Select from a dropdown list of attached devices Type Select from the dropdown list of possible WAN types o WiMAX o Modem o LTE o Ethernet o Wireless As WAN Serial Number Select f...

Page 190: ...d configuration values and the observed capabilities of the device Data Usage This mode works in concert with the Data Usage feature Internet Data Usage The router will make a best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the Data Usage rule for each interface rather than distributing sessions based solely on bandwidth For proper function you...

Page 191: ...ES PAGE 188 8 SYSTEMSETTINGS The System Settings tab has the following submenu options that provide access to tools for broad administrative control of the CradlePoint COR Administration Device Alerts GPIO Connector Enterprise Cloud Manager Feature Licenses Hotspot Services Serial Redirector SNMP Configuration System Control System Software ...

Page 192: ...figured to use the advanced security mode several aspects of the router s configuration and networking functionality will be extended to support high security environments This includes support for multiple user accounts increased password security and additional network spoofing filters If you plan to use your router in a PCI DSS compliant environment this option is mandatory See below for more d...

Page 193: ... can t delete the user you are currently signed in as In TACACS and RADIUS modes if the servers cannot be reached either because the WAN is down or a response is not received within the selected Server Timeout the router will automatically fall back to using Local Users mode to prevent any potential of being locked out TACACS TACACS stands for Terminal Access Controller Access Control System plus ...

Page 194: ...ADIUS RADIUS stands for Remote Authentication Dial In User Service The router will use a RADIUS server or two optionally to authorize administration Server Timeout If the servers are not reached within the set time possibly because the WAN is down the router will automatically fall back to using Local Users mode to prevent users from being locked out Server Address This can be either an IP address...

Page 195: ...rnet connection is re established and once a week thereafter the router will ask the server for the current time so it can correct itself You then have the option of selecting an NTP server and adjusting the NTP server port Select the NTP server from the dropdown list Any of the given NTP servers will be sufficient unless for example you need to synchronize your router s time with other devices in...

Page 196: ...cal Domain The local domain is used as the suffix for DNS entries of local hosts This is tied to the hostnames of DHCP clients as DHCP_HOSTNAME LOCAL_DOMAIN System Identifier This is a customizable identity that will be used in router reporting and alerting The default value is the MAC address of the router Require HTTPS Connection Check this box if you want to encrypt all router administration co...

Page 197: ... administration website For security remote access is usually done via a non standard http port Additionally encrypted connections can be required for an added level of security Require HTTPS Connection Requiring a secure https connection is recommended HTTP Port Default 8080 This option is disabled if you select Require Secure Connection Secure HTTPS Port Default 8443 NOTE You can restrict remote...

Page 198: ...lar to sending reports to a remote server but without consuming the network bandwidth Include System ID Include the router s System ID sentence with every NMEA message This can be useful when a single remote client or server is handling NMEA position reports from multiple routers Report NMEA GGA sentences Report GPS fix using NMEA GGA sentence format if available Report NMEA RMC sentences Report G...

Page 199: ...Remote server hostname or IP o Remote server port o UDP remote server Using UDP instead of TCP reduces the load on the router and may save bandwidth However UDP does not provide any guarantee for delivery The router will typically assume sentences have been received by the remote UDP server and will not buffer those sentences o Report only over specific time interval Restricts the NMEA sentence re...

Page 200: ...0 N Latitude 49 deg 16 450 min North 12311 127 W Longitude 123 deg 11 127 min West 2 Fix quality 0 fix not available 1 GPS fix 2 Differential GPS fix 3 PPS fix 4 Real Time Kinematic 5 Float RTK 6 estimated dead reckoning 7 Manual input mode 8 Simulation mode 06 Number of satellites being tracked 1 5 Horizontal dilution of precision HDOP relative accuracy of horizontal position 117 312 M Altitude i...

Page 201: ...ceiver warning A OK V warning 4916 45 N Latitude 49 deg 16 45 min North 12311 12 W Longitude 123 deg 11 12 min West 000 5 Speed over ground knots 054 7 Course made good true 191194 Date of fix 19 November 1994 020 3 E Magnetic variation 20 3 degrees East 68 Checksum is mandatory for RMC VTG GPVTG Vector track and speed over ground GPVTG 054 7 T 034 4 M 005 5 N 010 2 K 054 7 T Track degrees relativ...

Page 202: ...r back online SMS is enabled on the router by default However it only works if SMS is supported and enabled on the modem Most modems have SMS enabled by default but the carrier may charge a fee for each text message sent or received Contact your carrier to review these fees and or to enable an SMS plan Important notes about SMS Messages are limited to 160 characters SMS is not a guaranteed deliver...

Page 203: ...o anything between 1 and 16 characters It should be long enough to be useful for security but short enough to easily type into your phone or other texting client White List This list is blank by default which means that the router will accept SMS messages from any phone number Leaving this blank is unsecure so CradlePoint recommends that you add phone numbers to this list Once any numbers are list...

Page 204: ... the text messaging tool on your phone and start a new message 2 In the To field enter the modem s MDN 3 In the Subject field enter the SMS password and command 4 Click Send How to Text from an Email NOTE There are limitations with sending texts via email The SMS engine is currently only compatible with GSM based carrier operators 1 Start a new email message 2 In the To field enter the modem s MDN...

Page 205: ...access the modem via SMS Command syntax password command arg1 arg2 All commands start with the password either the default of the last 8 digits of the router s MAC address or the administrator configured password Commands can have an optional number of arguments NOTE The trailing comma on the command is important to allow the SMS engine to distinguish the final argument from other information the ...

Page 206: ...Get modem status Syntax password mstatus port Example 1234 mstatus return status of highest priority modem Example 1234 mstatus usb1 return status of modem plugged into port usb1 This command returns info about the indicated modem s status The resulting data reflects the modem model number service type and connection status and values Example of response Model MC200P Service HSPA SIM Status READY ...

Page 207: ...t information on modem in port usb3 simpin Set the SIM s PIN Syntax password simpin pin port Example 1234 simpin 5678 set simpin in highest priority modem Example 1234 simpin 5678 usb2 set simpin in modem on port usb2 log Return a portion of the router log Syntax password log start Example 1234 log return the first 10 items of the log items 0 through 9 Example 1234 log 10 return items 10 through 1...

Page 208: ...mple of a debug session to discover a modem s APN is misconfigured and needs to be set Figure out the state of the modems on the router 1234 rstatus Receive the modem s status and settings 1234 mstatus Set the modem s APN to the correct setting 1234 apn broadband Verify the APN was set properly 1234 mstatus Continue to verify the status periodically to ensure that the modem connects 1234 rstatus ...

Page 209: ...stem ID This option will include the router s System ID at the beginning of every log message This is often useful when a single remote Syslog server is handling logs for several routers Include UTF8 Byte Order Mark The log message is sent using UTF 8 encoding By default the router will attach the Unicode Byte Order Mark BOM to the Syslog message in compliance with the Syslog protocol RFC5424 Some...

Page 210: ...nd another router you may not want to use 3G 4G data unnecessarily Select Use LAN Gateway to set your router services to connect via the LAN LAN Gateway Address Input the IP address of the LAN side connection If this is a 3G 4G failover router operating behind another router the LAN Gateway Address is the IP address of that other router DNS Server and Secondary DNS Server The primary and secondary...

Page 211: ...C Address Used with the MAC monitoring lists An alert is sent when a new unrecognized MAC address is connected to the router WAN Device Status Change An attached WAN device has changed status The possible statuses are plugged unplugged connected and disconnected Configuration Change A change to the router configuration Login Failure A failed login attempt has been detected VPN Tunnel Goes Down Sen...

Page 212: ...ve different specifications for setup so you have to look those up separately The following is an example using Gmail Server Address smtp gmail com Server Port 587 for TLS or Transport Layer Security port the IBR600 IBR650 does not support SSL Authentication Required For Gmail mark this checkbox User Name Your full email address Password Your Gmail password From Address Your email address To Addre...

Page 213: ...0 Advanced Delivery Options Email Subject Prefix This optional string is prefixed to the alert subject It can be customized to help you identify alerts from specific routers Retry Attempts The number of attempts made to send an alert to the mail server After the attempts are exhausted the alert is discarded Retry Delay The delay between retry attempts ...

Page 214: ...output These pins are ESD protected and the input is 5V tolerant NOTE GPIO functionality requires a separate adapter to connect to the I O pins Pin Definition 1 Ground 2 12VDC Power 3 Input LVTTL Digital Input with 50K ohm pullup to 3 3VDC 5V tolerant 4 Output LVTTL Digital Output capable of source sink of 50mA This section is used to configure these Input and Output General Purpose I O pins Curre...

Page 215: ...r Reset In this mode an external device can reset the router by holding the input low for 10 seconds Output Pin The Output Pin can be used to allow an external device to read either whether the router is running or whether the modem is connected Select one of the following options from the dropdown menu Default Low In this mode the output pin is not used and is at 0V ground potential Set High Rout...

Page 216: ...CradlePoint ECM If you do not have ECM credentials sign up at http www cradlepoint com ecm signup Registering Your Router Once you have signed up for ECM click on the Register Router button to begin managing the router through ECM Input your ECM Username and ECM Password and click Register You have now registered the device with Enterprise Cloud Manager Suspending the ECM Client Click on the Suspe...

Page 217: ...is a starting point for an internal backoff timer that prevents superfluous retries during connectivity loss Unmanaged Checkin Timer How often in seconds the router checks with ECM to see if the router is remotely activated Note that this value is a starting point for an internal backoff timer that reduces network usage over time Maximum Alerts Buffer The maximum number of alerts to buffer when of...

Page 218: ...RCES PAGE 215 8 5 Feature Licenses Some CradlePoint features may require a license These features are disabled by default To obtain a feature license contact your CradlePoint sales representative Once you have obtained the feature license file upload the file to enable the feature A reboot is required after uploading a feature license file ...

Page 219: ...s tab Select a network in Network Settings WiFi Local Networks and click Edit to open the Local Network Editor The IP Settings tab will already be open the Routing Mode dropdown menu is at the bottom Allow Service on 3G 4G Modems Allows you to enable or disable hotspot access to the Internet over a modem This is often used if the router has a main wired link and a secondary modem for failover typi...

Page 220: ... user will be directed After the user accepts the terms you can either let him her continue to the URL they were trying to reach or you can force the user to go to a specified URL once before continuing on To the URL the user intended to visit To an administrator defined URL Redirect URL If you have chosen to send users to an administrator defined URL you will need to specify the address Session T...

Page 221: ...ient Accounting Port The standard port number 1813 will usually be sufficient Shared Secret Assigned by RADIUS service Redirection On Successful Authentication Choose from the dropdown list of options for redirection o Redirect to the UAM Server o Redirect to the URL that the user intends to visit o Redirect to the following URL input the desired URL Session Timeout Default 60 minutes The amount o...

Page 222: ...ecret Optional depending on the UAM service NAS Gateway ID Assigned by UAM service 8 6 3 Allowed Hosts Prior to Authentication Adding host names to this list will allow access from your network to any external domain or website prior to being authenticated For example a hotel might allow access to its own website prior to authentication Click Add to enter new hostnames you wish to allow Enter the ...

Page 223: ...abled Enabling Telnet to Serial will start a Telnet server that passes its connection to the serial adapter Enabling this service is not necessary when accessing serial through SSH LAN Enable serial redirector for LAN connections Authenticated LAN Enable serial redirector for Authenticated LAN connections You must be logged into the router to use the redirector WAN Enable serial redirector for WAN...

Page 224: ...ons None No parity checking Default Even parity bit will always be even Odd parity bit will always be odd Mark parity bit will always be odd and always 1 Space parity bit will always be even and always 0 Stop Bits Number of bits to initiate the stop period Select from these dropdown values 1 1 5 and 2 Hardware RTS CTS Use RTS Request To Send CTS Clear To Send to enable flow control Software XON XO...

Page 225: ...etworks provided by this router SNMP will not be available on guest or virtual networks that do not have administrative access LAN port Use the LAN port field to configure the LAN port number you wish to access SNMP services on Default 161 Enable SNMP on WAN Enabling SNMP on WAN will make SNMP services available to the WAN interfaces of the router WAN port Use the WAN port field to configure which...

Page 226: ... the Get community string 8 8 1 SNMPv3 If you select SNMPv3 you have several additional configuration options for added security Authentication type Select the authentication and encryption type that will be used when connecting to the router from the following dropdown list These settings must match the configuration used on any SNMP clients MD5 with no encryption SHA with no encryption MD5 with ...

Page 227: ...ddress for trap server Enter the address of the host system that you want trap alerts sent to Trap server port Enter the port number that the remote host will be listening for trap alerts on Default 162 NOTE System information via SNMP is by default Read Writable However if the value is set here that field will become Read Only System Contact Enter in an email address System Name Enter in the rout...

Page 228: ... all settings back to their default values Reboot The Device This causes the router to restart Scheduled Reboot This causes the router to restart at a user determined time Watchdog Reboot This causes the router to automatically restart when it determines an unrecoverable error condition has occurred Ping Test A simple test to check Internet connectivity Type the Hostname or IP address of the compu...

Page 229: ...ows the number of the current firmware and the date it was updated Available Firmware Version If there is a new firmware version available this will list the version number Click Check Again to have the router check the newest firmware Factory Reset Set default settings to match the new firmware This is safest as settings may have changed You should back up your current settings and restore them a...

Page 230: ...Save Restore Backup Current Settings Click on Save to disk to save your current settings to a file on a computer Restore Settings Click on Upload from file to restore your previous settings from a file on a computer 8 10 3 Firmware Upgrade and System Config Restore Load new firmware and restore your previous settings from a file on a computer without rebooting between steps ...

Page 231: ...resses so that conversions can be made in both directions ADSL Asymmetric Digital Subscriber Line Advanced Encryption Standard AES Government encryption standard Alphanumeric Characters A Z and 0 9 Antenna Used to transmit and receive RF signals AppleTalk A set of Local Area Network protocols developed by Apple for their computer systems AppleTalk Address Resolution Protocol AARP Used to map the M...

Page 232: ...Input Output System BIOS A program that the processor of a computer uses to startup the system once it is turned on Baud Data transmission speed Beacon A data frame by which one of the stations in a WiFi network periodically broadcasts network control data to other wireless stations Bit rate The amount of bits that pass in given amount of time Bit sec Bits per second BOOTP Bootstrap Protocol Allow...

Page 233: ... into binary so that it can be processed or moved to another device Data Encryption Standard Uses a randomly selected 56 bit key that must be known by both the sender and the receiver when information is exchanged Data Link layer The second layer of the OSI model Controls the movement of data on the physical link of a network Database Organizes information so that it can be managed updated as well...

Page 234: ...r s security mechanisms for the convenience of being directly addressable from the Internet DNS Domain Name System Translates Domain Names to IP addresses Domain name A name that is associated with an IP address Download To send a request from one computer to another and have the file transmitted back to the requesting computer DSL Digital Subscriber Line High bandwidth Internet connection over te...

Page 235: ...ts Firewall A device that protects resources of the Local Area Network from unauthorized users outside of the local network Firmware Programming that is inserted into a hardware device that tells it how to function Fragmentation Breaking up data into smaller pieces to make it easier to store FTP File Transfer Protocol Easiest way to transfer files between computers on the Internet Full duplex Send...

Page 236: ...vice that connects multiple devices together ICMP Internet Control Message Protocol IEEE Institute of Electrical and Electronics Engineers IGMP Internet Group Management Protocol is used to make sure that computers can report their multicast group membership to adjacent routers IIS Internet Information Server is a WEB server and FTP server provided by Microsoft IKE Internet Key Exchange is used to...

Page 237: ...t Internet Protocol Version 4 that identifies each computer that transmits data on the Internet or on an intranet IPsec Internet Protocol Security IPX Internetwork Packet Exchange is a networking protocol developed by Novell to enable their Netware clients and servers to communicate ISP Internet Service Provider Java A programming language used to create programs and applets for web pages Kbps Kil...

Page 238: ...al signals from a computer to an analog signal in order to transmit the signal over phone lines It also demodulates the analog signals coming from the phone lines to digital signals for your computer MPPE Microsoft Point to Point Encryption is used to secure data transmissions over PPTP connections MTU Maximum Transmission Unit is the largest packet that can be transmitted on a packet based networ...

Page 239: ...sed more than RIP in larger scale networks because only changes to the routing table are sent to all the other routers in the network as opposed to sending the entire routing table at a regular interval which is how RIP functions Password A sequence of characters that is used to authenticate requests to resources on a network Personal Area Network The interconnection of networking devices within a...

Page 240: ...ce allows for remote users to dial into a central server and be authenticated in order to access resources on a network Reboot To restart a computer and reload its operating software or firmware from nonvolatile storage Rendezvous Apple s version of UPnP which allows for devices on a network to discover each other and be connected without the need to configure any settings Repeater Retransmits the...

Page 241: ...l SNMP Simple Network Management Protocol SOHO Small Office Home Office SPI Stateful Packet Inspection SSH Secure Shell is a command line interface that allows for secure connections to remote computers SSID Service Set Identifier is a name for a wireless network Stateful Packet Inspection A feature of a firewall that monitors outgoing and incoming traffic to make sure that only valid responses to...

Page 242: ... allows network devices to discover each other and configure themselves to be a part of the network Update To install a more recent version of a software or firmware product Upgrade To install a more recent version of a software or firmware product Upload To send a request from one computer to another and have a file transmitted from the requesting computer to the other UPnP Universal Plug and Pla...

Page 243: ...orks that is supposed to be comparable to that of a wired network WiFi Wireless Fidelity Used to describe any of the 802 11 wireless networking specifications WiFi Protected Access An updated version of security for wireless networks that provides authentication as well as encryption Wide Area Network The larger network that your LAN is connected to which may be the Internet itself or a regional o...

Page 244: ...NUAL Firmware ver 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 241 Yagi antenna A directional antenna used to concentrate wireless signals on a specific location ...

Page 245: ...e or loss or personal injury of any kind including death to the user or to any other party CradlePoint expressly disclaims liability for damages of any kind resulting from a delays errors or losses of any data transmitted or received using the device or b any failure of the device to transmit or receive such data Warning This product is only to be installed by qualified personnel To comply with FC...

Page 246: ...ited to a repair or replacement of the product at CradlePoint s discretion CradlePoint does not warrant that the operation of the device will meet your requirements or be error free Within thirty 30 days of receipt should the product fail for any reason other than damage due to customer negligence purchaser may return the product to the point of purchase for a full refund of the purchase price If ...

Page 247: ...3 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 244 www cradlepoint com legal Please read these documents carefully CradlePoint the CradlePoint logo and IBR600 IBR650 are trademarks of CradlePoint Inc ...

Page 248: ...S WAN Security NAT SPI ALG inbound filtering of IP Addresses future Port Blocking Service Filtering FTP SMTP HTTP RPL SNMP DNS ICMP NNTP POP3 SSH Protocol filtering WAN ping allow ignore Redundancy and Load Balancing Failover Failback with 3G 4G Ethernet Load Balancing WAN Failure Detection via ping Intelligent Routing UPnP DMZ Virtual Server Port Forwarding Routing Rules Route Management Content ...

Page 249: ... USER MANUAL Firmware ver 5 0 0 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 246 http www cradlepoint com Copyright 2013 by CradlePoint Inc All rights reserved ...

Reviews:

No comments

Related manuals for COR IBR600

Mazda 2011 Tribute Brochure & Specs preview
2011 Tribute
Brand: Mazda Pages: 4
Lauterbach C6000 Manual preview
C6000
Brand: Lauterbach Pages: 67
Banner iVu Plus BCR Gen2 Series Quick Start Manual preview
iVu Plus BCR Gen2 Series
Brand: Banner Pages: 12
Banner iVu Plus BCR Instruction Manual preview
iVu Plus BCR
Brand: Banner Pages: 28
Banner iVu Plus BCR User Manual preview
iVu Plus BCR
Brand: Banner Pages: 155
Banner D10 Series Manual preview
D10 Series
Brand: Banner Pages: 64
Banner L-GAGE LTF Quick Start Manual preview
L-GAGE LTF
Brand: Banner Pages: 8
Banner Q3X Installation preview
Q3X
Brand: Banner Pages: 2
Banner U-GAGE Q45U Quick Start Manual preview
U-GAGE Q45U
Brand: Banner Pages: 8
Banner Q4X Series Quick Start Manual preview
Q4X Series
Brand: Banner Pages: 12
Danfoss AKS 41 Instructions preview
AKS 41
Brand: Danfoss Pages: 4
Toyota 2016 RAV4 Quick Reference Manual preview
2016 RAV4
Brand: Toyota Pages: 56
ipf electronic UT129023 Quick Start Manual preview
UT129023
Brand: ipf electronic Pages: 4
Magnus VPH-10P Owner'S Manual preview
VPH-10P
Brand: Magnus Pages: 6
IFM Electronic efector 190 DTE820 Operating Instructions Manual preview
efector 190 DTE820
Brand: IFM Electronic Pages: 16
LU-VE BHDN Installation And Maintenance Instruction preview
BHDN
Brand: LU-VE Pages: 8
Obelink HARTLAND 280 Pitching Instruction preview
HARTLAND 280
Brand: Obelink Pages: 2
Hama Fun 70 BT Operating Instructions Manual preview
Fun 70 BT
Brand: Hama Pages: 14

Brands by name

Popular brands

Load more brands