Cradlepoint IBR600 User Manual
  1. Manuals
  2. Brands
  3. Cradlepoint Manuals
  4. Wireless Router
  5. COR IBR600
  6. User manual

Cradlepoint IBR600 User Manual

Cor integrated broadband router with vpn support
Hide thumbs Also See for IBR600:
Table of Contents

Advertisement

Quick Links

See also: Installation Manual

Advertisement

Table of Contents
loading

Related Manuals for Cradlepoint IBR600

Summary of Contents for Cradlepoint IBR600

  • Page 2: Manual Revisions

    COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT Preface CradlePoint reserves the right to revise this publication and to make changes in the content thereof without obligation to notify any person or organization of any revisions or changes. Manual Revisions...

  • Page 3: Table Of Contents

    COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT Table of Contents 1   INTRODUCTION   ..............   3   5.5   H ( IBR600)   ..........   3 9   OTSPOT   LIENTS   5.6   I   ............   4 0  ...
  • Page 4 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 7.7   W W AN ( IBR600)   ........   1 51   I   A S       RIDGE   7.8   WAN  ........   1 56    ...

  • Page 5: Introduction

    • At least one Internet source: an active subscription for the embedded modem; an Ethernet-based modem; or WiFi as WAN • Windows 2000/XP/7, Mac OS X, or Linux computer (with WiFi adapter for IBR600 WiFi functionality) • Internet Explorer v6.0 or higher, Firefox v2.0 or higher, Safari v1.0 or higher 1.3 IBR600/IBR650 Overview...
  • Page 6 Site-to-site dynamic VPN with NHRP • The CradlePoint COR is a highly featured, compact, and robust router designed for deployment in critical business and enterprise applications that require 24x7 connectivity via Ethernet and/or WiFi. The router features a built-in high-speed modem (4G LTE, 3G EVDO, WiMAX, HSPA+, LTE/HSPA+) modem as well as support for wired networks such as DSL or Cable.
  • Page 7 CradlePoint’s cloud-based router management service allows for remote monitoring, configuration, and firmware updates of deployed routers like the IBR600 or IBR650. WiPipe Central drastically simplifies router administration for businesses using multiple routers. WiPipe Central can be purchased separately at http://cradlepoint.com/support/wipipe-central.

  • Page 8: Hardware Overview

    COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 2 HARDWARE OVERVIEW © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 6...
  • Page 9 Reset button. This button is recessed, so it requires a pointed object such as a paper clip to press. Press and hold for 10 seconds to initiate reset. Ethernet Ports: By default, the IBR600/IBR650 has one WAN (Wide Area Network— your Internet source) port and one LAN (Local Area Network) port. Each of these ports can be reconfigured, however, if you need two LAN or two WAN Ethernet ports.
  • Page 10 Micro USB: This port can be used to attach a direct firmware upgrade to enable manual firmware upgrades if necessary. WiFi Antennas (IBR600 only): The IBR600 comes with two 2.4 GHz WiFi antennas (Reverse SMA). These antennas are simple to attach and adjust for maximum WiFi broadcast.
  • Page 11 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT Modem Antennas: The CradlePoint COR comes with two modem antennas to enhance reception for the embedded modem. These antennas are simple to attach and adjust. Power On/Off: • I = On • O = Off Power LED: •...
  • Page 12 • No light = Off Additional LED Indications: WiFi and modem LEDs blink amber Factory reset button detected twice Error during USB firmware WiFi and modem LEDs blink red upgrade © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 10...
  • Page 13 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 2.2 Mounting Bracket © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 11...
  • Page 14 2) Place the router’s edge against the bottom of the bracket. 3) Press the router down firmly, then push it inside the bracket. It should latch. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 12...
  • Page 15 2.2.2 Removing the COR from the Mounting Bracket From the top of the bracket, press down firmly on the router using your thumb(s) and pull the device out. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...

  • Page 16: Quick Start

    Activate Your Modem A wireless broadband data plan must be added to your IBR600/IBR650. Wireless broadband data plans are available from wireless carriers such as AT&T, Sprint, and Verizon. A new line of service can be added or a data plan can be transferred from an existing account.
  • Page 17 NOTE: If more than one IBR600 wireless router is visible, you can find the correct unit by checking for its SSID (service set identifier; the unique name of the local network). The default SSID of the primary network has the form IBR600-xxx, where “xxx” is the last 3 digits of the router’s MAC address.
  • Page 18 Accessing the Administration Pages For most users the IBR600/IBR650 can be used immediately without any special configuration changes. If you would like to change your network name or password or configure any of the advanced features of your router, you will need to log in to the administration pages: •...
  • Page 19 If you used the First Time Setup Wizard, you might have changed the “WiFi Network Name” or the “Security Mode” password. If so, you will need to reconnect your device(s) to the IBR600 network. • Find the network. Look for your new personalized network name (or the default SSID of the form “IBR600-xxx”).

  • Page 20: Status

    A wireless broadband data plan must be added to your IBR600/IBR650. Wireless broadband data plans are available from wireless carriers such as AT&T, Sprint, and Verizon. A new line of service can be added or a data plan can be transferred from an existing account.
  • Page 21 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 4 WEB INTERFACE -- ESSENTIALS The CradlePoint COR has a Web interface for configuration and administration of all features. The interface is organized with 5 tabs at the top of the screen: • Getting Started •...

  • Page 22: Administrator Login

    The Administrator Login page will appear. Log in using your administrator password. Initially, this password can be found on the bottom of the IBR600/IBR650 unit as the Default Password. This password is also the last eight digits of the unit’s MAC address.
  • Page 23 • Name: The name of the primary network. If you have more than one wireless network enabled, the additional network names will also be listed here. Modem Details • Manufacturer: The name of the modem manufacturer (CradlePoint). • Model: The name of the modem model (Internal LTE, for example). • Signal: The strength of the signal (dBm).
  • Page 24 The First Time Setup Wizard will help you customize the name of your wireless network, change passwords to something you choose, and establish an optimal WiFi security mode. The CradlePoint COR comes out of the box with a unique password at WPA1/WPA2 WiFi security level.
  • Page 25 The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited. • NONE (OPEN): Select this option if you do not want to activate any security features. CradlePoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.
  • Page 26 Click NEXT. 7) Configuring Your Access Point Name (APN): If you are using a SIM-based modem (LTE/GSM/HSPA) with your CradlePoint router you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs, so check with your carrier to confirm the appropriate one to use.
  • Page 27 ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2. Click NEXT. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 25...
  • Page 28 NOTE: If you are currently using this network, reconnect your devices to the network using the new wireless network name and security password. Click APPLY to save the settings and update them to your router. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 26...
  • Page 29 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 4.3 Quick Links The CradlePoint logo in the upper left-hand corner of all the administration pages is a link to the Dashboard (Status → Dashboard), which displays fundamental information about the router.
  • Page 30 Network Settings – Provides configuration options for the networks, or LAN, created by your router. For example, you can enable a guest WiFi network (WiFi / Local Networks), set up rules to filter websites (Content Filtering), or create a traffic-shaping rule to set bandwidth priorities (WiPipe QoS). © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 31 LAN (Local Area Network) Examples: • If you want to change the content filtering settings for the network created by the IBR600/IBR650, go to the Network Settings tab. • If you have multiple Internet sources (such as the embedded modem and an Ethernet connection) for which you would like to set priority levels, go to the Internet tab.
  • Page 32 • The Routing Mode will be set to IP Passthrough. • The Subnet Selection Mode will be set to "Automatically Create Subnet" Any Ethernet WAN connections should be disconnected before IP Passthrough is enabled. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 33 • Dashboard • GPS • GRE Tunnels • Hotspot Clients • Internet Connections • Routing • Statistics • System Logs • VPN Tunnels • WiPipe QoS © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 31...
  • Page 34 Wireless and Wired clients. Wireless Clients. For each device using a wireless connection to your IBR600, the following information is displayed: Hostname, IP, MAC, Connection, and Time Online. Wired Clients. For each device using a wired connection to your router, the following information is displayed: Hostname, IP, and MAC.
  • Page 35 Time Online: Simply the amount of time the device has been connected to the router. Kick: Click on this button to disconnect a client. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 36 After the initial setup of the router, every time you log in you will automatically be directed to this Dashboard. Also, you can click on the CradlePoint logo in the upper left-hand corner to return to the Dashboard from any page.
  • Page 37 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT Router Information: “Detailed Info” links to System Settings → Administration. • Product: IBR600/IBR650 • Serial: The product serial number. • Firmware: Gives the number of the current firmware version. • Build Date: Year-month-day-hours-minutes-seconds for the most recent firmware upgrade.
  • Page 38 This will inform you about the availability of new firmware, for example. Router Alerts includes links to the System Software page (for new firmware) and the Connection Manager. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 39 GPS. If GPS is supported, make sure the modem is in an area where it can receive a signal from the GPS satellites.     © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 37...

  • Page 40: Gre Tunnels

    View the status of configured GRE Tunnels. To set up or edit a GRE tunnel, go to Internet → GRE Tunnels. Included information: • Name • Status • Transmit (packets/bytes) • Receive (packets/bytes)     © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 38...
  • Page 41 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 5.5 Hotspot Clients (IBR600) View the status of the clients that have logged in through the Hotspot/Captive Portal. View: • Hostname • IP address • MAC address • Data Usage (both IN and OUT) •...

  • Page 42: Internet Connections

    The Internet Connections submenu option provides a list of attached WAN devices used as the Internet source for the IBR600/IBR650. Select one of these devices to see detailed information about that particular device. For each type of device, different information will be included in the Device Information section. Possible devices...
  • Page 43 • Type ethernet • Port IP Information • DNS Servers • IP Address • Gateway Statistics • Incoming Bytes • Outgoing Bytes • Connection Uptime (secs) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 41...
  • Page 44 • GSN • Home Address • Product Internal LTE/EVDO • Signal Strength (dBm) • DEFPDP • Model Internal LTE/EVDO • Manufacturer CradlePoint Inc. • Rev Tun • Battery Level • Secondary Home Agent • Primary Home Agent © 2013 CRADLEPOINT, INC.
  • Page 45 • Type lte IP Information • DNS Servers • IP Address • Gateway Statistics • Incoming Bytes • Outgoing Bytes • Load Balance score • Connection Uptime (secs) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 43...
  • Page 46 • PIN Status • ESN/IMEI • Product Internal LTE/HSPA+ • Signal Strength(dBm) • Default Profile • Model Internal LTE/GSM • Manufacturer CradlePoint Inc. • Battery Level General Information • Model Internal LTE/GSM • Unique Identifier • Port int1 • Profile 1: Broadband •...
  • Page 47 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT • Gateway Statistics • Incoming Bytes • Outgoing Bytes • Connection Uptime (secs) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 45...
  • Page 48 Internal HSPA+ Diagnostics • Product Internal HSPA+ • Modem Firmware Version • DEFPDP • Model Internal LTE/EVDO • Manufacturer CradlePoint Inc. • Carrier ID • Service Display HSPA • Signal Strength (dBm) • GSN • PIN Status • Connection Type General Information •...
  • Page 49 CRADLEPOINT IP Information • DNS Servers • IP Address • Gateway Statistics • Incoming Bytes • Outgoing Bytes • Load Balance score • Connection Uptime (secs) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 47...
  • Page 50 • Product EVDO Modem • Protocol PPP • Unique Identifier • ESN/IMEI • Model MC100E-VZ • Type modem • Port 1 • Manufacturer CradlePoint Inc. IP Information • Netmask • IP Address • Gateway Statistics • Outgoing Bits/Second • Incoming Bits/Second •...
  • Page 51 • Connection State (connected, idle, etc.) General Information • Product Wireless As WAN • Unique Identifier • Type wwan IP Information • Netmask • IP Address • Gateway © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 49...
  • Page 52 System Routes displays routes associated with networks connected to the router as well as routes learned from routing protocols (such as RIP or BGP). Static Routes displays user-specified routes configured in Network Settings → Routing, © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 53 Wireless Statistics: View the signal strength and other wireless modem information. The wireless device’s signal strength will only be displayed as long as it supports “Live Diagnostics.” Sample rate and size can be adjusted from the dropdown boxes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 54 CRADLEPOINT Data Usage: A measure of amount of information that is currently being sent or received through the network. Sample rate and size can be adjusted from the dropdown boxes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 55 Failover/Failback/Load Balance: An easy way to view current connective states of the devices plugged into the router as compared to the past. Sample rate and size can be adjusted from the dropdown boxes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 56: System Logs

    Level: Select/Deselect from the following levels to filter messages by priority. • Critical • Error • Warning • Info NOTE: The logs are erased whenever the router is rebooted or loses power. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 54...
  • Page 57 View the status of configured VPN tunnels. To set up or edit a VPN tunnel, go to Internet → VPN Tunnels. Included information: • Name • Connections • Status • Protocols • Transferred • Direction • Time Online • Control © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 55...
  • Page 58 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT 5.11 WiPipe QoS View the breakdown of packets and bytes sent and received associated with each WiPipe QoS rule. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 56...

  • Page 59: Network Settings

    6 NETWORK SETTINGS The Network Settings tab provides access to 9 submenu options for administering the following functions/tasks. These functions are all related to controlling the LAN (Local Area Network), the network you set up with the IBR600/IBR650. • Content Filtering •...

  • Page 60: Content Filtering

    When creating rules keep in mind that some sites use multiple domains, so each domain may need a rule added to produce the desired behavior. NOTE: Websites that use HTTPS will not be blocked by these rules. You will need to use OpenDNS to block HTTPS websites. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 61 • Rule Priority: Higher number rules overrule lower number rules. • Enabled: A rule can be enabled or disabled by selecting or deselecting the checkbox. Click Submit to save your rule changes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 59...
  • Page 62 This can have the side effect of being very strict; sites that are hosted across many domains may need every domain added to the list for full functionality. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 63 Network WebFilter Rules, except that you must assign a MAC address instead of a network to each rule. See the Network WebFilter Rules section for more configuration details. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 61...
  • Page 64 WebFilter Rules. When a network is set to Block Access, it will block access to sites not specifically allowed in the WebFilter Rules. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 65 OpenDNS is configured to access, port 53, which will prevent OpenDNS filtering. If OpenDNS does not appear to be working correctly, enabling this will attempt to bypass those ports when using an OpenDNS content filtering level. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 66: Dhcp Server

    While you have the option to manually input the information to reserve an IP address (Hostname, Hardware Addr, IP Addr), it is much simpler to select a device under the Active Leases section and click “Reserve.” The selected device’s information will automatically be added under Reservations. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 67: Internet

    DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint.com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers. The DNS page for the IBR600/IBR650 has these distinct functions: •...
  • Page 68 Use HTTPS: Use the more secure HTTPS protocol. This is recommended, but could be disabled if not compatible with the server. Host name: Enter your host name, fully qualified. For example: myhost.mydomain.net. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 69 IP address, go to Network Settings → DHCP Server and reserve the IP address for the device by selecting the device in the Active Leases list and clicking “Reserve”. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 70 These numbers will be mapped to the local port numbers. • Local Computer: Select the IP address of an attached device from the dropdown menu, or manually input the IP address of a device. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 71 • Protocol: Select from the following options in the dropdown menu: o TCP o UDP o TCP & UDP • Click Submit to save your completed port forwarding rule. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 69...
  • Page 72 • Netmask: Use this to define a subnet size this rule will match against. • Port Negation: Match on any port that © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 70...
  • Page 73 Protocol: Any • IP Source Network IP: 172.22.24.160 (Johnny’s IP address) • Netmask: 255.255.255.255 (This netmask restricts the rule to one single address). • Port(s): 80 • © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 71...
  • Page 74 Point to Point Tunneling Protocol. This is enabled by default. • SIP: For Voice over IP using Session Initiation Protocol. • TFTP: Enables file transfer using Trivial File Transfer Protocol. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 75 HTTPS, SNMP, and SSH configuration tools. This does not restrict access to LAN-based administration, i.e. devices within your network still have administration access. The individual remote administration services can be enabled under System Settings → Administration --> Remote Management. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 76 IP address sets will be allowed access. If this field is left empty a netmask of 255.255.255.255 will be used, which means that only the single specified IP address would have remote administration access. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 77 MAC Filter List (Whitelist or Blacklist): Add devices to either your whitelist or blacklist simply by inputting each device’s MAC address. NOTE: Use caution when using the MAC Filter to avoid accidentally blocking yourself from accessing the router. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 78 The page may need to be refreshed to show the most recent log entries. Double-clicking on entries from this list will add them to the Ignored MAC Addresses list. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 79 Rule. If the IP/Network Address falls outside the LAN IP range, you probably need to select this option. Distribute: Allow this static route to be distributed via a routing protocol (Network Settings → Routing Protocols). © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 80: Routing Protocols

    ID may be an IP address of the router, but need not be - it can be any arbitrary 32bit number. However it MUST be unique within the entire BGP domain to the BGP speaker - bad things will happen if © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 81 • Metric: Numerical priority of the route. • Route Map: Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 82 • Enabled: Click to enable/disable the policy. (Default: enabled.) Network Areas: Areas are identified by an ID number. As of 4.1.1, CradlePoint only supports area 0. Use the IP address and netmask fields to associate a network with this policy. Also, choose whether to select Passive (active by default).
  • Page 83 • Protocol Version: RIP can be configured to send either Version 1 or Version 2 packets. The default is to send RIPv2 while accepting both RIPv1 and RIPv2 (and replying with packets of the appropriate © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 84 • Metric: Numerical priority of the route. • Route Map: Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 85 Click Add to create a new route map. • Name: Choose a unique name. • Allow: Select “Permit” or “Deny”. • Order: Input a number to set the order of this policy. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 86 2. Deny: If the entry matches, then finish processing the route-map and deny the route (return `deny'). Set: A route-map entry may, optionally, specify one or more `Set Actions' to set or modify attributes of the route. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 87 They will have to reconnect to the network. The user can set up multiple networks on the IBR600/IBR650, each with its own unique configuration and its own selection of interfaces. Each local network can be...
  • Page 88 Otherwise guests will need to know the password to connect to the WiFi network even before viewing a Terms of Service page (or other hotspot options). Finally, make sure your WiFi interface is “Enabled”. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 89 IP Settings: Name: This primarily helps to identify this network during other administration tasks. Hostname: [Default: cp (for CradlePoint)] The hostname is the DNS name associated with the router's local area network IP address. NOTE: You can access the router’s administration pages by typing the hostname into your browser, so if you change “cp”...
  • Page 90 WiFi, Ethernet ports, and VLAN interfaces separately. See the Local Network Interfaces section below (on this same administration page: Network Settings → WiFi / Local Networks). © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 88...
  • Page 91 Play) option if you want to enable the UPnP Gateway service for computers on this network. • Admin Access: When enabled, users may access these administration pages on this network. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 92 192.168.0.5 or higher. Lease Time: [Default: 720 minutes (12 hours)] The lease time specifies how long DHCP-enabled computers will wait before requesting a new DHCP lease. Smaller values are better suited to busy environments. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 93 DHCP Server Address: An optional DHCP server address if more than one DHCP server is located on the network. This field is only available when DHCP Relay is enabled. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 94 Click on the squares to toggle between black and gray. In the example shown, the network is enabled from 9-5 on Monday through Friday, but disabled at all other times. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 92...
  • Page 95 RFC 3768. Select None or Simple. If you select Simple, input a VRRP group password. Provide Virtual IP in DHCP leases: Select this to automatically set the DHCP default gateway address and DNS server address to the virtual IP in DHCP leases provided on this network. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 96 The bridge with the lowest priority value will win. If you want this router to be the root bridge, then set it to a value less than the default of 32768. A valid priority value is between 0 and 65535. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 97 • Wireless (WiFi) Network Settings • Ethernet Port Configuration • VLAN Interfaces Wireless (WiFi) Network Settings The IBR600 can broadcast two SSIDs (service set identifiers — the names for WiFi networks). One primary WiFi network is enabled by default, while you may have enabled a second guest network when using the First Time Setup Wizard.
  • Page 98 This name is referred to as the SSID (service set identifier). For security purposes, CradlePoint highly recommends that you change this from the pre-configured name. Hidden: This shows whether the router broadcasts its SSID.
  • Page 99 NOTE: If you don’t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, CradlePoint highly recommends WPA2/AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
  • Page 100 • Auto • 10Mbps - Half Duplex • 10Mbps - Full Duplex • 100Mbps - Half Duplex • 100Mbps - Full Duplex • 1000Mbps - Full Duplex © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 98...
  • Page 101 Since the IBR600/IBR650 has only 2 Ethernet ports, this feature will rarely be necessary. It is possible, however, to set both ports as LAN ports (or both ports as WAN ports) and then either separate them or group them together.
  • Page 102 Ethernet Group: Select the LAN ports with which you want to associate the VLAN ID from a dropdown list. Your Ethernet group must be created separately under Ethernet Port Configuration. Click Submit to save your configured VLAN. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 103 • 5 (2432 MHz) • 6 (2437 MHz) • 7 (2442 MHz) • 8 (2447 MHz) • 9 (2452 MHz) • 10 (2457 MHz) • 11 (2462 MHz) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 101...
  • Page 104 Disabling this option forces all clients to use a longer backoff check and thus may reduce network throughput while reducing the number of transmission collisions. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 105 (in seconds) before attempting another query. This helps protect the network from floods of authentication requests if the RADIUS server is temporarily unreachable. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 106 For example, you might restrict the upload speed to prioritize available bandwidth for download or to reduce overall bandwidth use in order to lower costs. It is recommended that you experiment with different values for your particular Internet connection for best results. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 107 Upload Bandwidth: This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic. The maximum value is adjusted to the remaining percentage after other rules receive their share. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 108 Download Bandwidth: This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic. The maximum value is adjusted to the remaining percentage after other queues receive their share. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 109 DSCP Tags as opposed to IP addresses or ports. This setting is optional. For more information see the Differentiated services Wikipedia page. Click Finish to save this queue. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 107...
  • Page 110 Rules A traffic shaping rule identifies a specific message flow and assigns that flow to one of the queues created above. Click Add to create a new Traffic Shaping rule. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 111 Queue Name: Select a queue to associate this rule with. Click Next to continue to the next page. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 112 Differentiated services Wikipedia page. DSCP Negate: When checked this rule will match on any packet that does not match the DSCP field. Click Finish to save this rule. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 113 • Client Data Usage • Data Usage • GRE Tunnels • NHRP Interfaces • VPN Tunnels • WiFi as WAN / Bridge • WAN Affinity / Load Balancing © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 111...
  • Page 114 Click on the small box at the top of the list to select/deselect all devices for either Load Balance or Enabled. Click on a device in the list to reveal additional information about that device and to enable configuration options. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 115 • Stats: bytes in, bytes out • Uptime (in seconds) Click “Edit” to view configuration options for the selected device. For the internal modem, click “Control” to view options to activate or update. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 116 • MTU: Maximum transmission unit. This is the size of the largest protocol data unit that the device can pass. (Range: 46 to 1500 Bytes.) • Hostname (This only shows for certain devices.) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 117 WAN connections can use. For best results, select an established public IP address. For example, you might ping Google Public DNS at 8.8.8.8 or Level 3 Communications at 4.2.2.2. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 118 Immediate failback returns you to the use of your preferred Internet source more quickly which may have advantages such as reducing the cost of a failover data plan, but it may cause more interruptions in your network than Usage or Time modes. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 119 • PPPoE should be configured with the username, password and other settings provided by your ISP. If you want to use a Static (Manual) or PPPoE connection, you will need to fill out additional information. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 120 • Gateway IP • Primary DNS Server • Secondary DNS Server PPPoE: • Username • Password • Password Confirm • Service • Auth Type: None, PAP, CHAP © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 118...
  • Page 121 • On Schedule: The request to update will only be performed at the specified scheduled time, no matter what the state of the modem is. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 122 • Auto • PAP (Password Authentication Protocol) • CHAP (Challenge Handshake Authentication Protocol) PPP Username: Username for PPP authentication. PPP Password: Password for PPP authentication. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 120...
  • Page 123 • AAA SPI: An Authentication, Authorization, and Accounting "Security Parameters Index". Usually a short numeric string. • HA SPI: A Home Agent "Security Parameters Index". Usually a short numeric string. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 124 • Default: Let the router choose an APN automatically. • Manual: Enter an APN by hand. • Select: Select from a dropdown menu of the profiles already on the SIM. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 125 TTLS Username: Username for TTLS authentication. TTLS Password: Password for TTLS authentication. WiMAX Authentication Identity: User ID on the network. Leave this blank unless your provider tells you otherwise. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 126 Override any of the following fields: • IP Address • Subnet Mask • Gateway IP • Primary DNS Server • Secondary DNS Server © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 124...
  • Page 127 However if you try to start a different operation or use a different modem, this second request will fail without interfering with the pending operation. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 128 Select any of these rules and click “Edit” to change the settings for a rule. To create a new rule, click “Add.” © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 129 Select by ID. This is generated by the router and displayed when the device is connected to the router. Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 130 Ethernet Settings, Modem Settings, WiMAX Settings, CDMA Settings, and SIM/APN Settings have the same configuration options shown above in the WAN Configuration section (the options for Configuration Rules are the same as they are for individual devices). © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 131: Client Data Usage

    The names that are shown are received during a DHCP exchange. If a client disconnects and reconnects with a new IP address there will be an additional entry in this list. Pressing Reset Statistics will restart all counters at 0. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 132: Data Usage

    Agreement shown to the right. The purpose of this agreement is to ensure that you understand that the data numbers for the IBR600/IBR650 may not perfectly match those of your carrier: CradlePoint cannot be held responsible. You must accept the agreement by clicking Yes in order to begin creating data usage rules.

  • Page 133: 2013 Cradlepoint, Inc

    Balancing feature is allowed to use the thresholds and metrics of this rule when making balance decisions. This causes Load Balancing to spread the data usage between interfaces according to the assigned usage rather than © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 134 Percent of Usage (1-1000): If selected, a custom alert will be sent when your data usage reaches this percentage of your usage cap. For example, you could set this at 90 percent so that you know when your usage is nearing 100 percent of the cap. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 135 The rest of the rule settings options match those in the Data Usage Rules. See the section above for additional information about how to configure your template usage rules. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 136 Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. The IBR600/IBR650 is enabled for either GRE or VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
  • Page 137 Network. The Local and Remote Network addresses must fit with this mask. 255.255.255.0 is a logical choice for most users. Remote Gateway: This is the public facing, WAN-side IP address of the network that the local gateway is going to connect to. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 138 Netmask of 255.255.255.255. Click Save to record each new route. When you have finished adding routes, click Finish to save your GRE tunnel configuration. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 139 • Peer Authentication: Embeds the secret plaintext password to outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless this password is present. Max length: 8 characters. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 140 • Non-Caching: Disables caching of peer information from forwarded NHRP resolution reply packets. • Shortcut: Enable creation of shortcut routes. • Redirect: Enable sending of proprietary enterprise-style NHRP traffic indication packets. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 141 The IBR600/IBR650 uses IPsec (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnel. To set up a VPN tunnel with the IBR600/IBR650 on one end, there must be another device (usually a router) that also supports IPsec on the other end.
  • Page 142 Authentication Mode: Select from Pre-Shared Key and Certificate. Pre-Shared Key is used when there is a single key common to both ends of the VPN. Certificate requires the creation of a set of certificates and a private key that can be © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 143 Tunnel Enabled: Enabled or Disabled. MBR1200 Quick Connect: VPN tunnels in the IBR600/IBR650 have more choices than they do in the MBR1200, so it is more complex to configure. Check this box to simplify setup by streamlining your options.
  • Page 144 WAN Binding device(s) are NOT connected. This is typically useful when the VPN tunnel is being used as a hot- spare on a router with multiple active WAN connections and the VPN tunnel is only needed in the absence or unavailability of a particular WAN device (an MPLS-based WAN device for example). © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 145 Enter the Network IP address with the Subnet Mask to define the remote network subnet that the local devices will have access to. NOTE: The remote network IP address must be different from the local network IP address. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 146 Phase 1 keys. Encryption, Hash, and DH Groups: Each IKE exchange uses one encryption algorithm, one hash function, and one DH group to make a secure exchange. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 147 In Phase 1, only one DH group can be selected while using Aggressive exchange mode. By default, all the algorithms (encryption, hash, and DH groups) supported by the IBR600/IBR650 are checked, which means they are allowed for any given exchange. Deselect these options to limit which algorithms will be accepted. Be sure to check that the router (or similar device) at the other end of the tunnel has matching algorithms.
  • Page 148 Phase 2 has the same selection of Encryption, Hash, and DH Groups as Phase 1, but you are restricted to only one DH Group. Phase 2 and Phase 1 selections do not have to match. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 149 Additionally, you can specify how many Maximum Requests to send at the selected time interval before the tunnel is considered dead. You must click Finish to save your VPN tunnel. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 150 DH Groups • DPD Click Yes at the bottom of the Tunnel Summary page to save your configuration changes. This will cause active tunnels to restart. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 148...
  • Page 151 IKE / ISAKMP NAT-T Port: Internet Key Exchange / Internet Security Association and Key Management Protocol network address translation traversal port. Default: 4500. This is a standard VPN NAT-T port that usually does not need to be changed. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 152 2. The Tunnel Name for the side of the tunnel that is not behind the NAT firewall must be “anonymous”. 3. The VPN tunnel must be initiated from the side that is behind the NAT firewall. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 153 WiFi as WAN uses another WiFi network as its Internet source and then rebroadcasts its own local network. For example, the IBR600 can create a private LAN using the public WiFi from a hotel as its WAN. WiFi Bridge functions similarly, but it rebroadcasts the original network.
  • Page 154 When in WiFi Bridge mode with a configured profile, a WiFi Bridge device will be added to the local network interfaces, providing a way to bridge two LANs over a WiFi connection. For example, two separate CradlePoint routers linked through WiFi Bridge mode allows you to have one WiFi-connected network in two separated sections of a large office building.
  • Page 155 If you click on a network in the Site Survey, you can import it as a saved profile. You can sort the list based on any of the fields by clicking on the field name. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 156 If you import a network from Site Survey, most of the information about the network will already be completed. You need to input the password (if there is one) and then click submit to save the WiFi as WAN profile. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 157 Scan While Connected: Continue to scan for WiFi as WAN profile updates when connected. Each time a scan occurs the wireless communication of the router will be temporarily interrupted. Normally this should be disabled. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 158 LAN, saving you money. Click “Add” to open the WAN Affinity Policy Editor and create a new WAN Affinity rule. Name: Give a name for your rule that is meaningful to you. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 159 LAN here (leaving the last slot “0” to allow for any user attached to the guest network): Source IP Address: 192.168.10.0 • Source Netmask: 255.255.255.0 • © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 157...
  • Page 160 • Round-Robin: Evenly distribute each session to the available WAN connections. • Rate: Distribute load based on the current upload and download rates. A WAN device's upload and download bandwidth values can be set in Internet → Connection Manager. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 161 Data Usage rule for each interface, rather than distributing sessions based solely on bandwidth. For proper function you need to create data usage rules for each WAN device you will be load balancing. Make certain to select the "Use with Load Balancing" checkbox in the Data Usage rule editor. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...

  • Page 162: System Settings

    The System Settings tab has 8 submenu options that provide access to tools for broad administrative control of the CradlePoint COR: • Administration • Device Alerts • GPIO Connector • Hotspot Services • Managed Services • Serial Redirector • System Control • System Software © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 160...
  • Page 163 Admin Password: Enter a password for the administrator who will have full access to the router's management interface. You can use the default password on the back of your product, or you can create a custom Administrator Password. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 164 • ASCII / Login • PAP • CHAP Server Address: This can be either an IP address in the form of "1.2.3.4", or a DNS name in form of © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 162...
  • Page 165 "1.2.3.4", or a DNS name in form of "host.domain.com". Only lower case letters are allowed for a DNS name. Port: Port 1812 is common for RADIUS servers. Shared Secret © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 163...
  • Page 166 Time Zone: Select from a dropdown list. Setting your Time Zone is required to properly show time in your router log. Daylight Savings Time: Select this checkbox if your location observes daylight savings time. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 167 System Identifier: This is a customizable identity that will be used in router reporting and alerting. The default value is the MAC address of the router. Require HTTPS Connection: Check this box if you want to encrypt all router administration communication. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 168 Enable SSH Server: When the router's SSH server is enabled you may access the router's command line interface (CLI) using the standards-based SSH protocol. Use the username "admin" and the standard system password to log in. SSH Server Port: Default: 22. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 169 SSH access is enabled in the Local Management tab. Some Carriers block the remote SSH Access ports. If a ping to the router's WAN port does not work, it is unlikely that remote SSH Access will work. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 170 NOTE: Some carriers disable GPS support in otherwise supported modems. If you encounter issues with obtaining a fix, contact your carrier and ensure that GPS is supported. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 171 UDP server and will not buffer those sentences. o Report only over specific time interval: Restricts the NMEA sentence reporting to a remote server to a specific time interval. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 172 Time in seconds since last update from differential reference stations 0138 Differential reference station ID number Checksum – used by program to check for transmission errors © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 170...
  • Page 173 $GPVTG – Vector track and speed over ground $GPVTG,054.7,T,034.4,M,005.5,N,010.2,K 054.7,T Track, degrees relative to true north 034.4,M Track, degrees relative to magnetic north 005.5,N Ground speed, knots 010.2,K Ground speed, kilometers per hour © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 171...
  • Page 174 If this occurs, disable this option. Log to attached USB stick: Only enable this option if instructed by a CradlePoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.
  • Page 175 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT Verbose modem logging: Only enable this option if instructed by a CradlePoint support agent. Create support log: This functionality allows for a quick collection of system logging. Create this log file when instructed by a CradlePoint support agent.

  • Page 176: Http://Knowledgebase.cradlepoint.com/ For More Help And Resources

    Alert sent. 8.2.1 SMTP Mail Server Since the IBR600/IBR650 does not have its own email server, to receive alerts you must enable an SMTP server. This is possible through most email services (Gmail, Yahoo, etc.). © 2013 CRADLEPOINT, INC.
  • Page 177 Each SMTP server will have different specifications for setup, so you have to look those up separately. The following is an example using Gmail: • Server Address: smtp.gmail.com • Server Port: 587 (for TLS, or Transport Layer Security port; the IBR600/IBR650 does not support SSL). • Authentication Required: Gmail, mark this checkbox.
  • Page 178 Output: LVTTL Digital Output (capable of source/sink of 50mA) This section is used to configure these Input and Output General Purpose I/O pins. Current Value: Displays HIGH or LOW for both the Input Pin and Output Pin. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 179 • Modem Connected: In this mode the output pin is logic low until the modem has connected to a tower. If the connection drops, this output is set low until the connection is restored. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 180 Network Settings → WiFi / Local Networks. NOTE: Although any network can be a hotspot, the IBR600 allows only one hotspot. Hotspot Mode: Choose from the following dropdown options: •...
  • Page 181 Idle Timeout: (Default: 15 minutes.) If the user is idle for this amount of time, make them re-authenticate. Bandwidth (upload): (Default: 512 Kbits/sec.) The data rate limit for users uploading data through the hotspot. Bandwidth (download): (Default: 1024 Kbits/sec.) The data rate limit for users downloading data through the hotspot. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
  • Page 182 • Bandwidth (upload): (Default: 512 Kbits/sec.) The data rate limit for users uploading data through the hotspot. • Bandwidth (download): (Default: 1024 Kbits/sec.) The data rate limit for users downloading data through the hotspot. • © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 183 Click Submit to save your additions. 8.4.4 Authorized MAC Addresses Add the MAC addresses of trusted machines you want to give automatic access through the Hotspot portal. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 181...

  • Page 184: Representative

    WiPipe Central client will not start unless the WAN is Ethernet. Registration URL: Register your router using the code provided by CradlePoint when you purchase WiPipe Central. 8.5.1 SNMP Configuration SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management.
  • Page 185 These settings must match the configuration used on any SNMP clients. • MD5 with no encryption • SHA with no encryption © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 183...
  • Page 186 NOTE: System information via SNMP is by default Read-Writable. However, if the value is set here, that field will become Read-Only. System Contact: Enter in an email address. System Name: Enter in the router’s host name. System Location: Enter in the physical location of the router. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 184...
  • Page 187 USB Serial Adapter Configuration Baud Rate: Select from the dropdown list. • 50 • 75 • 110 • 134 • 150 • 200 • 300 • 600 © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 185...
  • Page 188 Software (XON/XOFF): Use XON/XOFF to enable flow control. Linefeed: Select how you want linefeeds translated (CR = carriage return and LF = line feed). • Ignore • CR/LF • CR • LF © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 186...
  • Page 189 Ping Test: A simple test to check Internet connectivity. Type the Hostname or IP address of the computer you want to ping and press 'Enter' or click the 'Ping' button. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 190 This allows the administrator to load new firmware onto the router to add new features or fix defects. If you are happy with the operation of the router, you may not want to upgrade just because a new version is available. Check the firmware release notes (www.cradlepoint.com/firmware) for information to decide if you should upgrade. Current Firmware Version: Shows the number of the current firmware and the date it was updated.
  • Page 191 Firmware Upgrade and System Config Restore Load new firmware and restore your previous settings from a file on a computer without rebooting between steps.     © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 189...
  • Page 192 The loss in strength of digital and analog signals. The Advanced Encryption Standard loss is greater when the signal is being transmitted over AES. Government encryption standard. long distances. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 190...
  • Page 193 Internet access from your A data frame by which one of the stations in a WiFi Cable provider. network periodically broadcasts network control data to other wireless stations. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 191...
  • Page 194 Default A predetermined value or setting that is used by a program when no user input has been entered for this value or setting. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 192...
  • Page 195 Domain Name System: Translates Domain Names to IP Email addresses. Electronic Mail is a computer-stored message that is Domain name transmitted over the Internet. A name that is associated with an IP address. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 193...
  • Page 196 Programming that is inserted into a hardware device that H.323 tells it how to function. A standard that provides consistency of voice and video transmissions and compatibility for video conferencing devices. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 194...
  • Page 197 A networking device that connects multiple devices Internet Protocol together. The method of transferring data from one computer to ICMP another on the Internet. Internet Control Message Protocol. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 195...
  • Page 198 LAN. A group of computers in a building that usually developed by Novell to enable their Netware clients and access files from a server. servers to communicate. Internet Service Provider. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 196...
  • Page 199 Determines what portion of an IP address designates the computer. Network and which part designates the Host. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 197...
  • Page 200 A logical channel endpoint in a network. A computer changes to the routing table are sent to all the other might have only one physical channel (its Ethernet © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 201 To restart a computer and reload its operating software A computer on a network that provides services and or firmware from nonvolatile storage. resources to other computers on the network. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
  • Page 202 Simple Network Management Protocol. TCP Raw SOHO A TCP/IP protocol for transmitting streams of printer data. Small Office/Home Office. TCP/IP Transmission Control Protocol/Internet Protocol. Stateful Packet Inspection. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 200...
  • Page 203 Sending voice information over the Internet as opposed product. to the PSTN Upgrade VoIP To install a more recent version of a software or firmware Voice over IP. product. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 201...
  • Page 204 Wireless Fidelity. Used to describe any of the 802.11 A generic term for the family of digital subscriber line wireless networking specifications. (DSL) technologies, such as ADSL, HDSL, RADSL, and SDSL. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 202...
  • Page 205 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT Yagi antenna A directional antenna used to concentrate wireless signals on a specific location. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 203...
  • Page 206 ALL TIMES (since the device otherwise could transmit signals that might interfere with various onboard systems on such aircraft). Furthermore, under no circumstances should the IBR600/IBR650 device be used by the driver or operator of any vehicle. Such use of the device will detract from the driver or operator’s control of that vehicle. In some jurisdictions, use of the IBR600/IBR650 device while driving or operating a vehicle constitutes a civil and/or criminal offense.
  • Page 207 CradlePoint, Inc. warrants this product against defects in materials and workmanship to the original purchaser (or the first purchaser in the case of resale by an authorized distributor) for a period of one (1) year from the date of shipment. This warranty is limited to a repair or replacement of the product, at CradlePoint’s discretion. CradlePoint does not warrant that the operation of the device will meet your requirements or be error free.
  • Page 208 CRADLEPOINT By activating or using your IBR600/IBR650 device, you agree to be bound by CradlePoint’s Terms of Use, User License and other Legal Policies, all as posted at www.cradlepoint.com/legal. Please read these documents carefully. CradlePoint, the CradlePoint logo, and IBR600/IBR650 are trademarks of CradlePoint, Inc.

  • Page 209: Specifications

    Forwarding, Routing Rules, Route Management, Content ANTENNAS Filtering, Website Filtering, Local DHCP server, DHCP 2 external 2.4 GHz WiFi antennas--500+ feet range (IBR600 only); 2 Client, DNS, DNS Proxy. ALGs: PPTP, L2TP, PPPoE pass- external modem antennas through, IPSec pass-through, FTP (passive), FTP (active),...
  • Page 210 COR | USER MANUAL Firmware ver. 4.2.0 CRADLEPOINT http://www.cradlepoint.com/ Copyright © 2013 by CradlePoint, Inc. All rights reserved. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 208...

This manual is also suitable for:

Ibr650Cor ibr650

Table of Contents