Cradlepoint IBR350 User Manual
  1. Manuals
  2. Brands
  3. Cradlepoint Manuals
  4. Wireless Router
  5. IBR350
  6. User manual

Cradlepoint IBR350 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
User Manual
/
IBR350
5/6/16
COR Series
Router
IBR350
User Manual
1
©2016 Cradlepoint. All Rights Reserved.
|
+1.855.813.3385
|
cradlepoint.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IBR350 and is the answer not in the manual?

Questions and answers

Related Manuals for Cradlepoint IBR350

Summary of Contents for Cradlepoint IBR350

  • Page 1 User Manual IBR350 5/6/16 COR Series Router IBR350 User Manual ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 2: Table Of Contents

    BASIC SETUP ACCESSING THE ADMINISTRATION PAGES FIRST TIME SETUP WIZARD USING ENTERPRISE CLOUD MANAGER ADMINISTRATION PAGES QUICK LINKS DASHBOARD CONNECTION MANAGER WAN INTERFACE PROFILES & PRIORITY STATUS INTERNET CLIENT LIST TUNNELS FIREWALL ROUTING ETHERNET ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 3 CLIENT DATA USAGE SECURITY IDENTITIES ZONE FIREWALL CONTENT FILTERING CERTIFICATE MANAGEMENT SYSTEM ADMINISTRATION ENTERPRISE CLOUD MANAGER DEVICE ALERTS SNMP CONFIGURATION SYSTEM CONTROL DIAGNOSTICS SETUP WIZARDS APPENDIX SAFETY, REGULATORY, AND WARRANTY GUIDE ROUTER COMMUNICATION/DATA USAGE ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 4: Introduction

    • IPsec Tunnel – up to two concurrent sessions • • GRE Tunnel • • Routing Rules • • NAT-less Routing • • Virtual Server/Port Forwarding • • IPv6 • • CP Secure VPN compatible* ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 5: Security

    User Manual IBR350 5/6/16 *-Cradlepoint Secure VPN-NAT configuration only SECURITY • RADIUS and TACACS+ support* • 802.1x authentication for Ethernet • Certificate support • ALGs • MAC Address Filtering • Advanced Security Mode (local user management only) • Per-Client Web Filtering •...

  • Page 6: Accessories

    Installation Guide, available as a PDF in the Resources section of antenna and router product pages. BUSINESS-GRADE MODEM SPECIFICATIONS COR IBR350 models include an integrated 4G LTE or HSPA+ or LTE/HSPA+/EVDO modem – specific model names include a specific modem (e.g., the COR IBR350L-VZ includes a Verizon LTE modem).
  • Page 7 Module Antennas: two SMA male (plug), 2 dBi gain; finger tighten only; maximum torque spec is 7 kgf-cm • Industry Standards & Certs: PTCRB, GCF-CC, FCC, IC, CE; (others pending) • Model: S3A519A • SIM: two 2FF slots *-Includes International Adapter Clips (US, UK, EU, AU) ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 8: Support And Warranty

    HARDWARE LEDs 10/100 Ethernet Port Power Port USB port (not 3G/4G Antenna on LTE-only 3G/4G Antenna Connector (SMA) model Connector (SMA) Dual SIM slots Power Switch Reset Button (single on LTE- only model ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 9: Leds

    • Several different LEDs flash when the factory reset button is detected. • Two of the modem LEDs blink red in unison for 10 seconds when there is an error during firmware upgrade. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 10: Quick Start

    BASIC SETUP 1. Insert an activated SIM A wireless broadband data plan must be added to your Cradlepoint IBR350. Wireless broadband data plans are available from wireless carriers such as Verizon, AT&T, Sprint, EE, and Vodafone. The SIM must be provisioned with the carrier.

  • Page 11: First Time Setup Wizard

    When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your Cradlepoint IBR350. You have the ability to configure any of the following: •...

  • Page 12: Quick Links

    ( ) in the top-right of the desired dialog box. You may return to the Dashboard at any time by clicking on DASHBOARD from the left menu or by clicking on the Cradlepoint logo at the top-left of the screen. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385...

  • Page 13: Connection Manager

    Typically, modem connections are not always on. When the On Demand mode is selected a connection to the Internet is made as needed. When On Demand is not selected a connection to the Internet is always maintained. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 14 EVDO connection to check if a WiMAX connection can be made. • High (Rate: 80 KB/s. Time Period: 30 seconds.) • Normal (Rate: 20 KB/s. Time Period: 90 seconds.) • Low (Rate: 10 KB/s. Time Period: 240 seconds.) ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 15 Custom Alert Percentages: Example: “50,80,90,110” (values can exceed 100%) (Triggers alerts when 50, 80, 90, 110% of usage cap is used) NOTE: To enable data usage, check Data Usage Enabled from WAN Management. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 16: Status

    Ethernet LLDP System Logs INTERNET CONNECTIONS Select your device to reveal detailed information about the following device properties: • Summary • Modem • Cellular Network • General Information • IPv4 Information • Statistics ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 17 User Manual IBR350 5/6/16 ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 18 User Manual IBR350 5/6/16 ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 19 Data Downloaded • Last Traffic To reset information, click Reset Statistics. STATISTICS Statistics can be gathered at variable Sample Rate and Sample Size for the following areas: • Data Usage • Failover/Failback/Load Balance ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 20 User Manual IBR350 5/6/16 Displays packets and bytes transmitted and received by your Quality of Service (QoS) queues. To enable and configure QoS, go to NETWORKING > QoS. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 21: Client List

    Tunnels. To add and configure IPSec VPN Tunnels, go to NETWORKING > Tunnels > IPSec VPN. OPEN VPN Displays status of your OpenVPN Tunnels. To add and configure OpenVPN Tunnels, go to NETWORKING > Tunnels > OpenVPN. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 22: Firewall

    Displays information about your Firewall Connection Tracking States. To configure your firewall, select SECURITY from the left navigation. ROUTING Displays information about your System, GRE, and NEMO Routes. To configure these routes, go to NETWORKING > Tunnels. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 23: Ethernet

    Displays GPS location and status. To enable and configure GPS, go to SYSTEM > Administration > GPS. SYSTEM LOGS Displays System Log information. To configure System Logging, go to SYSTEM > Administration > System Logging. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 24: Networking

    This list will not include any devices that have static IP addresses on the network. Select a device and click Reserve to add the device and its IP address to the list of Reservations. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385...
  • Page 25 Netmask: The netmask controls how many IP addresses can be used in this network. The default value is usually acceptable for most situations. IPv4 Routing Mode: Each network can use a unique routing mode to connect to the Internet. The default of NAT is desirable in most configurations. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 26 Range Start: The starting IP address in the DHCP Server range is the beginning of the reserved pool of IP addresses which will be given to any DHCP enabled computers on your network. The default value is almost always sufficient. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 27 MAC address for the RADIUS server, enter 00:00:00:00:00:00, and the service will try to find the MAC address from the given IP address. Port Password Acct Server IP Address: IP address of the connected RADIUS server. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 28 The time/date that is logged is the time of the first connection. The page may need to be refreshed to show the most recent log entries. Double-clicking on entries from this list will add them to the Ignored MAC Addresses list. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 29: Vlan Interfaces

    CP Secure VPN allows IT managers to secure their expanding Edge Networks using architectures that scale quickly and are easy to maintain. For more information, visit cradlepoint.com. NOTE: CP Secure VPN requires an ECM Prime subscription. For more information, visit cradlepoint.com.
  • Page 30 (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnels. To set up a VPN tunnel with a Cradlepoint router on one end, there must be another device (usually a router) that also supports IPsec on the other end.
  • Page 31 Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”). • Model – Set your rule according to the specific model of modem.
  • Page 32 Encryption, Hash, and DH Groups Each IKE exchange uses one encryption algorithm, one hash function, and one DH group to make a secure exchange. Encryption: Used to encrypt messages sent and received by IPsec. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 33 DH Group. Phase 2 and phase 1 selections do not have to match. For the Hash selection an added value of SHA 256_128 (128-bit truncation) is avaliable. The original specification and the Cradlepoint default is 96-bit truncation, but RFC4868 requires 128-bit. A VPN to newer Cisco or Juniper devices will typically require 128-bit.
  • Page 34 (Default: 20 seconds. Range: 0-3600 seconds. 20 seconds will be sufficient in almost all cases.) Tunnel Connect Retry: Number of seconds between connection attempts. (Default: 30 seconds. Range: 10-255 seconds. 30 seconds will be sufficient in almost all cases.) ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 35 Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. Most Cradlepoint routers are enabled for both GRE and VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
  • Page 36 Port – Select by the physical port on the router into which you are plugging the modem (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”) • Model – Set your rule according to the specific model of modem •...
  • Page 37 Home IP Address and Home Netmask – These may be provided by your NEMO service provider. The IP address is a placeholder, “dummy” address; any IP address can be used (1.2.3.4 is common). ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 38: Routing

    Selecting this option automatically creates this IP Filter Rule. If the IP/Network Address falls outside the LAN IP range, you probably need to select this option. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385...

  • Page 39: Qos

    Click Add to create a new Traffic Shaping/QoS queue. Queue Name: Choose a name that is meaningful to you. DSCP (DiffServ) Tag: Differentiated Services Code Point (DSCP) is the successor to TOS (Type of ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 40 Also, when spare bandwidth is available it is offered to higher priority queues first. Move the slider to select from the following options (Default: Normal): • Lowest • Lower • Below Normal • Normal • Above Normal ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 41 “source” or “destination” (or both). Source vs. destination is defined by traffic flow. Leave these blank to include all IP addresses (such as if your rule is defined by a particular port instead). ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 42: Dns Servers

    Click Finish to save this rule. DNS SERVERS DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint. com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers.
  • Page 43 Update period (hours): (Default: 576) The time between periodic updates to the dynamic DNS, if your dynamic IP address has not changed. The timeout period is entered in hours so valid values are from 1 to 8760. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385...

  • Page 44: Client Data Usage

    The names that are shown are received during a DHCP exchange. If a client disconnects and reconnects with a new IP address there will be an additional entry in this list. Pressing Reset Statistics will restart all counters at 0. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 45: Security

    FQDN addresses in the same identity. IP addresses are entered using CIDR notation, e.g. 1.2.3.4/32 and 0123:4567::CDEF/128. FQDN addresses are entered with at least one dot separating a top-level domain from a root zone, e.g. cradlepoint.com. To add a Host Address Identity, click Add. PORTS A port identity member can be entered as a single Start port number or as a port range by entering both a Start and End port number.
  • Page 46 MAC address columns to match the destination of the traffic. See Source for the column definitions. • Protocols: Select protocols (such as TCP, UDP, GRE, etc) from the defined list or enter a numeric code for other protocols to match traffic of that protocol. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 47 DMZ IP address. Typical uses involve running a public web server, supporting older games, or sharing files. NOTE: As with port forwarding, caution should be used when enabling the DMZ feature as it can threaten the security of your network. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 48 The primary purpose for Cradlepoint’s NPT implementation is for failover/failback and load balancing setups. LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition when WAN connectivity changes than if not utilizing NPT.
  • Page 49 One-to-One NAT can be accomplished by specifying a host address or a /32 cidr address. Click Add to create a Dynamic 1:1 NAT. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 50: Content Filtering

    HTTPS Port (Optional): The port for the proxy to forward HTTPS traffic to. HTTPS is not transparently intercepted and must have the LAN clients configured to use the Cradlepoint router as a proxy for HTTPS to work properly. MAC WEB FILTER RULES...
  • Page 51 The settings can be changed by selecting a network and clicking the Edit button. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 52: Certificate Management

    • Organization Information: The organization to which the certificate issuer belongs • Common Name: Name used to match authentication credentials To add a local certificate, click Add. Remove a local certificate by selecting the certificate and clicking the Remove button. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 53 PEM or PKCS #12 format. When you export the CSR, select a Digest, or cryptographic hash function. These are listed in order of increasing security. More security requires more router resources. • • SHA-128 • SHA-256 ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 54 PKCS #12 format. When you export this file, you must create a passphrase to protect it. This key is required for future use of the file. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 55: System

    Additionally, encrypted connections can be required for an added level of security. • Require HTTPS Connection – Requiring a secure (https) connection is recommended • HTTP Port: Default – 8080. This option is disabled if you select “Require Secure Connection” ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 56 WAN port does not work, it is unlikely that remote SSH access will work. FEATURE LICENSES Some Cradlepoint features may require a license. These features are disabled by default. To obtain a feature license, contact your Cradlepoint sales representative.
  • Page 57 Enable GPS server on WAN - Enables a server on the WAN side of the firewall which will periodically send GPS sentences to TCP connected clients. • Port - Choose a port between 1 and 65535. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
  • Page 58 White List – This list is blank by default, which means that the router will accept SMS messages from any phone number. Leaving this blank is unsecure, so Cradlepoint recommends that you add phone numbers to this list. Once any numbers are listed, only those numbers have the ability to connect to the router via SMS.
  • Page 59 If this occurs, disable this option. Log to attached USB stick: Only enable this option if instructed by a Cradlepoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.

  • Page 60: Enterprise Cloud Manager

    ENTERPRISE CLOUD MANAGER Cradlepoint Enterprise Cloud Manager (ECM) is a cloud-based management service for configuring, monitoring, and organizing your Cradlepoint routers. Key features include the following: • Group based configuration management • Health monitoring of router connectivity and data usage •...
  • Page 61 Retry Attempts: The number of attempts made to send an alert to the mail server. After the attempts are exhausted, the alert is discarded. Retry Delay: The delay between retry attempts. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 62: Snmp Configuration

    SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management. You might use this instead of Enterprise Cloud Manager if you want to remotely manage a set of routers that include both Cradlepoint and non-Cradlepoint products. SNMP Configuration •...
  • Page 63 System Contact: Input the email address of the system administrator. • System Name: Input the router’s hostname. • System Location: Input the physical location of the router. This is simply a string for your own information. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 64: System Control

    With other select modems (such as LP6), more than one modem firmware image may be locally stored within the device’s memory. You must first select the Cradlepoint modem you would like to update. Once selected, the appropriate modem firmware update options will display.
  • Page 65 File: Click this button to manually upload a modem firmware file. Type the path/file or click Select Firmware File to browse to the local file location. Once entered, click Begin Firmware Upgrade. Note: For modems which support manual carrier switching, find the appropriate modem firmware package file via ECM or the Cradlepoint portal.

  • Page 66: Diagnostics

    Type the Hostname or IP address of the computer you want to ping and click the ‘Ping’ button. Speed Test • Tests Against Cradlepoint Server - Up to ten speed tests are permitted against a Cradlepoint server. • WAN Device - The WAN Device that is selected will have the test run on it.

  • Page 67: Setup Wizards

    Configuring Your APN and Modem Authentication If you are using a SIM-based modem (LTE/GSM/HSPA) with your Cradlepoint router you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs so check with your carrier to confirm the appropriate one to use.
  • Page 68 WAN connection (modem/Ethernet). Some ISPs/Carriers block certain addresses, so choose an address that all of your WAN connections can use. Summary Review your settings and click Finish to exit or Back to edit. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...

  • Page 69: Appendix

    These devices have been designed to operate with cellular antennas having a maximum gain of 3 dBi. Antennas having a higher gain are strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms. ©2016 Cradlepoint. All Rights Reserved. +1.855.813.3385...

  • Page 70: Safety And Hazards

    (i.e., contain errors), or totally lost. The device is not intended for (and Cradlepoint recommends the device not be used in any) critical applications where failure to transmit or receive data could result in property damage or loss or personal injury of any kind (including death) to the user or to any other party.

  • Page 71: Router Communication/Data Usage

    OTHER BINDING DOCUMENTS; TRADEMARKS; COPYRIGHT By activating or using your IBR350 device, you agree to be bound by Cradlepoint’s Terms of Use, User License and other Legal Policies, all as posted at cradlepoint.com/legal. Please read these documents carefully. © 2015 Cradlepoint, Inc. All rights reserved. Cradlepoint is not responsible for omissions or errors in typography or photography.

Table of Contents