Category     

Manual: System Settings → Administration

« Go Back

Information

 
Content

Administration


Select the Administration submenu item in order to control any of the following functions:

Router Security

image

Advanced Security Mode – Select to enable the following additional security features and options:

  • TACACS+ and RADIUS server authentication options
  • Option for multiple users
  • Increase password security:
    • minimum 7 characters
    • at least 1 alpha and 1 numeric character
    • 30-minute lockout after 6 failed login attempts

Admin Password – Enter a password for the administrator who will have full access to the router's management interface. You can use the default password on the back of your product, or you can create a custom Administrator Password.

Advanced Security Mode

When you enable Advanced Security Mode, you have three different options for the Authentication Mode:

  • Local Users
  • TACACS+
  • RADIUS

Local Users

Create users with administrative privileges by inputting usernames and passwords in the Advanced User Management table. The default username is “admin,” but you can edit this name, or delete it once you create other users (you can’t delete the user you are currently signed in as).

image

In TACACS+ and RADIUS modes, if the servers cannot be reached, either because the WAN is down or a response is not received within the selected Server Timeout, the router will automatically fall back to using Local Users mode to prevent any potential of being locked out.

TACACS+

TACACS+ stands for “Terminal Access Controller Access-Control System plus”. The router will use a TACACS+ server (or two, optionally) to authorize administration.

image

  • Server Timeout – If the servers are not reached within the set time (possibly because the WAN is down), the router will automatically fall back to using Local Users mode to prevent users from being locked out.
  • Authentication Service – Choose from:
    • ASCII / Login
    • PAP
    • CHAP
  • Server Address – This can be either an IP address in the form of "1.2.3.4", or a DNS name in form of "host.domain.com". Only lower case letters are allowed for a DNS name.
  • Port – Port 49 is default for TACACS+.
  • Shared Secret

RADIUS

RADIUS stands for “Remote Authentication Dial In User Service”. The router will use a RADIUS server (or two, optionally) to authorize administration.

image

  • Server Timeout – If the servers are not reached within the set time (possibly because the WAN is down), the router will automatically fall back to using Local Users mode to prevent users from being locked out.
  • Server Address – This can be either an IP address in the form of "1.2.3.4", or a DNS name in form of "host.domain.com". Only lower case letters are allowed for a DNS name.
  • Port – Port 1812 is common for RADIUS servers.
  • Shared Secret

System Clock

image

Enabling NTP will tell the router to get its system time from a remote server on the Internet. If you do not enable NTP then the router time will be based on when the router firmware was built, which is guaranteed to be wrong. Whenever the Internet connection is re-established and once a week thereafter the router will ask the server for the current time so it can correct itself.

You then have the option of selecting an NTP server and adjusting the NTP server port. Select the NTP server from the dropdown list. Any of the given NTP servers will be sufficient unless, for example, you need to synchronize your router’s time with other devices in a network.

  • Time Zone – Select from a dropdown list. Setting your Time Zone is required to properly show time in your router log.
  • Daylight Savings Time – Select this checkbox if your location observes daylight savings time.

Local Management

image

  • Enable Internet Bounce Pages – Bounce pages show up in your web browser when the router is not connected to the Internet. They inform you that you are not connected and try to explain why. If you disable bounce pages then you will just get the usual browser timeout. In the normal case when the router is connected to the Internet you don't see them at all.
  • Disable Attention LED – This disables the Attention LED. This will take effect at the next reboot.
  • Local Domain – The local domain is used as the suffix for DNS entries of local hosts. This is tied to the hostnames of DHCP clients as DHCP_HOSTNAME.LOCAL_DOMAIN.
  • System Identifier – This is a customizable identity that will be used in router reporting and alerting. The default value is the product name and the last three characters of the MAC address of the router.
  • Require HTTPS Connection – Check this box if you want to encrypt all router administration communication.
  • Secure HTTPS Port – Enter the port number you want to use. The default is 443.
  • Enable SSH Server – When the router's SSH server is enabled you may access the router's command line interface (CLI) using the standards-based SSH protocol. Use the username "admin" and the standard system password to log in.
  • SSH Server Port – Default: 22.

Remote Management

Remote Management allows a user to enable incoming WAN pings or change settings for the router from the Internet using the router's Internet address.

image

Allow WAN pings – When enabled the functionality allows an external WAN client to ping the router.

Allow Remote Web Administration – When remote administration is enabled it allows access to these administration web pages from the Internet. With it disabled, you must be a client on the local network to access the administration website. For security, remote access is usually done via a non-standard http port. Additionally, encrypted connections can be required for an added level of security.

  • Require HTTPS Connection – Requiring a secure (https) connection is recommended.
  • HTTP Port: Default – 8080. This option is disabled if you select “Require Secure Connection”.
  • Secure HTTPS Port – Default: 8443.

NOTE: You can restrict remote access to only specified IP addresses in Network Settings → Firewall under Remote Administration Access Control.

Allow Remote SSH Access – This will enable SSH access to the router from the Internet. It is only available when SSH access is enabled in the Local Management tab.

Some carriers block the remote SSH access ports. If a ping to the router's WAN port does not work, it is unlikely that remote SSH access will work.

GPS

If you have an attached device with GPS support, you can enable a graphical view of your router’s location, which appears in Status → GPS. You can also enable GPS NMEA format sentence reporting (or TAIP for the COR IBR1100/IBR1150) to a server (LAN, WAN, or remote). This GPS reporting functionality requires a separate software client to listen/query for these sentences.

SIM-based models with GPS support require that the SIM be inserted. Some carriers disable GPS support in otherwise supported modems. If you encounter issues with obtaining a fix, contact your carrier and ensure that GPS is supported.

Some of the following GPS options are specific to Cradlepoint COR devices, particularly the COR IBR1100 Series.

image

General Settings

  • Enable GPS – Enable support for querying GPS information from capable modems.
  • TAIP Vehicle ID # – Assign a 4-character ID (default ID is 0000) to use with TAIP. TAIP options are available for the COR IBR1100 Series only. See the TAIP section below for more information.

GPS Servers and GPS Clients

GPS reporting requires separate software to listen/query for NMEA (or TAIP) sentences. The router must either act as a GPS server (which separate clients can connect to) or as a GPS client (which reports to a server). Set up a GPS Server or GPS Client on the device by clicking on the Add button in the appropriate table.

  • GPS Servers – Use this to set up a local server. Clients can connect to and query GPS sentences from this server.
  • GPS Clients – Use this to set up a local client. This client will send periodic reports of GPS sentences to a remote server.

GPS Servers

Server Details

image

  • Enable this Server – Select to enable.
  • Server Name – Create a name for this server. Only letters, numbers, and underscores are allowed.
  • Enable GPS server on LAN – Enables a TCP server on the LAN side of the firewall, which will allow poling from the clients from the LAN.
  • Enable GPS server on WAN – Enables a TCP server on the WAN side of the firewall, which will allow poling from the clients from the WAN. 
  • Port – Choose a port between 1 and 65535.

COR IBR1100 Series models include additional GPS options, including a choice between NMEA sentences and TAIP sentences. Select one of these in the Choose Language field.

NMEA

image

  • Include System ID – Include the router’s "System ID" sentence with every data message. This can be useful when a single remote client is handling NMEA position reports from multiple routers. This creates a custom GPS sentence with the System ID as part of the sentence and the checksum.
  • Prepend System ID – Include the router's "System ID" sentence with every GPS message. This can be useful when a single remote client is handling GPS position reports from multiple routers. This simply prepends the system id and a comma ahead of the GPS sentence.
  • Report NMEA GGA sentences – Report GPS fix using NMEA GGA sentence format (if available).
  • Report NMEA RMC sentences – Report GPS fix using NMEA RMC sentence format (if available).
  • Report NMEA VTG sentences – Report GPS fix using NMEA VTG sentence format (if available).

Depending on your selections (and other possible factors), reporting may include proprietary sentences. For example, if you select Include System ID, the report will include proprietary sentences of the following format (in addition to the standard sentences):

$PCPTI,{System ID},{router timestamp},{GGA timestamp},{GGA checksum}*{checksum}

“PCPTI” stands for Proprietary, CradlePoinT, Identification (P-CPT-I).

TAIP

The Trimble ASCII Interface Protocol (TAIP) was designed for vehicle tracking. For more information about TAIP, see these instructions from Trimble.

image

  • Enable Vehicle ID Reporting – Include a 4 character vehicle identifier
  • Enable TAIP message checksum reporting – Include a 2 digit checksum
  • Prepend a newline character to each TAIP sentence – Add a carriage return and line feed to each TAIP sentence

TAIP allows for several different types of messages. For typical uses, select one of the following types:

  • Report TAIP AL sentences – Altitude/Up Velocity
  • Report TAIP CP sentences – Compact Position Solution
  • Report TAIP ID sentences – Identification Number
  • Report TAIP LN sentences – Long Navigation Message
  • Report TAIP PV sentences – Position/Velocity Solution
 

GPS Clients

image

 

  • Enable this client – Select to enable.
  • Keep GPS Active – Keep the GPS receiver active at all times, even if no destination exists for position messages. This will place additional load on the router similar to sending reports to a remote server, but without consuming the network bandwidth.
  • Client Name – Create a name for this client. Only letters, numbers, and underscores are allowed.
  • Server – This client must have a remote server to report to. Enter a hostname or IP address.
  • Port – Port number for the remote server (between 1 and 65535).
  • Use UDP – Using UDP instead of TCP reduces the load on the router and may save bandwidth. However UDP does not provide any guarantee for delivery. The router will typically assume sentences have been received by the remote UDP server and will not buffer those sentences.
  • Number of stored sentences – Set the maximum number of sentences that can be stored when the router does not have a connection to a server.
  • Specify Time Interval – This restricts the GPS sentence reporting to a remote server to a specific time interval.
Reporting Intervals

The device sends GPS sentence reports at either a specified time interval or specified distance interval for

image

  • Default Time Interval (seconds) – Set the interval in seconds between periodic GPS sentence reports. Select the longest interval practical for your application. A shorter interval uses more router resources and bandwidth; frequent reports may cause performance and/or availability issues. (Disable by setting this value to 0.)
  • Stationary Time Interval (seconds) – Set the interval in seconds between periodic GPS sentence reports when the device is stationary. This overrides the Default Time Interval as long as the unit is stationary. Use this with the Stationary Distance Threshold to define "stationary". (Disable by setting this value to 0.)
  • Stationary Distance Threshold (meters) – Set this threshold for use with the Stationary Time Interval. A device is no longer considered "stationary" when consecutive GPS fixes are above this distance threshold. Low thresholds increase the possibility of incorrectly detecting movement due to GPS "jitter." (Range: 20–65535 meters.)
  • Distance Interval (meters) – Set the interval in meters that the device has to travel to trigger GPS sentence reporting. Low values increase the possibility of incorrectly detecting movement due to GPS "jitter." (Disable by setting this value to 0.)

COR models include additional options related to GPS sentence types and reporting intervals. These options match those in the GPS Servers section above:

NMEA GGA, RMC, and VTG sentences

Some devices report GPS information with multiple NMEA (National Marine Electronics Association) sentence formats: GGA, RMC, and VTG. See the examples below. For more examples and information about NMEA sentences, see the following websites:

GGA

$GPGGA – Essential fix data including 3D location and accuracy information
Example: $GPGGA,1753405,4916.450,N,12311.127,W,2,06,1.5,117.3,M,−26.574,M,6.0,0138*47

Sample DataDescription
1753405Time of fix – 17:34:05 UTC
4916.450,NLatitude 49 deg. 16.450 min North
12311.127,WLongitude 123 deg. 11.127 min West
2Fix quality: 0 = fix not available; 1 = GPS fix; 2 = Differential GPS fix; 3 = PPS fix; 4 = Real Time Kinematic; 5 = Float RTK; 6 = estimated (dead reckoning); 7 = Manual input mode; 8 = Simulation mode
06Number of satellites being tracked
1.5Horizontal dilution of precision (HDOP) – relative accuracy of horizontal position
117.312,MAltitude in meters above mean sea level
−26.574,MGeoidal separation: height of mean sea level above WGS-84 earth ellipsoid (negative value means mean sea level is below ellipsoid)
6.0Time in seconds since last update from differential reference stations
0138Differential reference station ID number
*47Checksum – used by program to check for transmission errors
RMC

$GPRMC – Recommended minimum specific GPS/transit data
Example: $GPRMC,225446,A,4916.45,N,12311.12,W,000.5,054.7,191194,020.3,E*68

Sample DataDescription
225446Time of fix – 22:54:46 UTC
ANavigation receiver warning A = OK, V = warning
4916.45,NLatitude 49 deg. 16.45 min North
12311.12,WLongitude 123 deg. 11.12 min West
000.5Speed over ground, knots
054.7Course made good, true
191194Date of fix – 19 November 1994
020.3,EMagnetic variation: 20.3 degrees East
*68Checksum is mandatory for RMC
VTG

$GPVTG – Vector track and speed over ground
Example: $GPVTG,054.7,T,034.4,M,005.5,N,010.2,K

Sample DataDescription
054.7,TTrack, degrees relative to true north
034.4,MTrack, degrees relative to magnetic north
005.5,NGround speed, knots
010.2,KGround speed, kilometers per hour

SMS

SMS (Short Message Service, or text messaging) requires a cellular modem with an active data plan. SMS is not designed to be a full remote management feature: SMS allows you to connect to the router for a few simple queries or commands with a text messaging service (e.g., from your phone). A modem that does not have an active data connection may still be reachable by SMS because Internet traffic and SMS traffic operate on separate channels, so SMS can be used to bring on offline router back online.

SMS is enabled on the router by default. However, it only works if SMS is supported and enabled on the modem. Most modems have SMS enabled by default, but the carrier may charge a fee for each text message sent or received. Contact your carrier to review these fees and/or to enable an SMS plan.

Important notes about SMS:

  • Messages are limited to 160 characters.
  • SMS is not a guaranteed delivery protocol. The carriers do not guarantee that the SMS message will be delivered to the modem or that the modem’s response will be delivered to the sender. This means an administrator might have to send messages multiple times before the desired action is performed.
  • SMS is a slow protocol. It can take seconds or up to a few minutes for messages to be delivered.
  • SMS messages are not encrypted; they are sent in full readable text over the network.

image

Enable SMS support – SMS support is enabled by default on the router. Deselect this to disable.

Password – By default, the password is the last 8 characters of the router’s MAC address (i.e., the Default Password on the product label). You can change this password to anything between 1 and 16 characters. It should be long enough to be useful for security but short enough to easily type into your phone (or other texting client).

White List – This list is blank by default, which means that the router will accept SMS messages from any phone number. Leaving this blank is unsecure, so Cradlepoint recommends that you add phone numbers to this list. Once any numbers are listed, only those numbers have the ability to connect to the router via SMS.

NOTE: You cannot add email addresses to the White list. When a phone number is added to the White List, email SMS messages will be rejected.

How to Send an SMS Message

You can send SMS messages to the router via phone or email. The key elements are:

  1. the modem’s MDN
  2. the SMS password (defined above)
  3. the command

You must know the MDN (Mobile Directory Number) of the modem to send SMS messages to the router. This is a phone number that can be found under Status → Internet Connections in the router administration pages or under Devices → Network Interfaces in Enterprise Cloud Manager.

How to Text from a Phone
  1. Open the text messaging tool on your phone and start a new message.
  2. In the To field, enter the modem’s MDN.
  3. In the Subject field, enter the SMS password and command.
  4. Click Send.
How to Text from an Email Account

NOTE: There are limitations with sending texts via email. The SMS engine is currently only compatible with GSM-based carrier operators.

  1. Start a new email message.
  2. In the To field, enter the modem’s MDN plus the modem’s carrier domain name (e.g., 2085555555@txt.att.net).
  3. Enter the password and command in either the Subject field or Body of the email message. If you use the subject field, leave the body blank, and if you use the body, leave the subject blank.

NOTE: The subject field may be limited to a certain number of characters, so if you get an error when sending the command on the subject line, switch to using the body instead.)

SMS Commands

Below is a list of supported SMS messages and the syntax format.

Due to security concerns, the set of commands are intentionally limited to those that can configure a modem’s connection, but cannot lock the administrator out due to malicious modem changes. Therefore, if an unsolicited request adjusts the modem’s configuration via SMS, an administrator can still access the modem via SMS.

Command syntax:

<password>,<command>,[arg1,][arg2,]

All commands start with the password – either the default of the last 8 digits of the router's MAC address or the administrator-configured password. Commands can have an optional number of arguments.

NOTE: The trailing comma on the command is important to allow the SMS engine to distinguish the final argument from other information the SMS client might append to the message without your knowledge.

Supported Commands

reboot – Reboot the router (not the modem)

Syntax:

<password>,reboot,

Example:

1234,reboot,

restore – Restore the router to factory defaults

Syntax:

<password>,restore,

Example:

1234,restore,

rstatus – Get router status

Syntax:

<password>,rstatus,

Example:

1234,rstatus,

mstatus – Get modem status (port parameter optional)

Syntax:

<password>,mstatus,[port,]

Examples:

1234,mstatus,           //return status of highest priority modem
1234,mstatus,usb1,      //return status of modem plugged into port usb1

This command returns info about the indicated modem’s status. The resulting data reflects the modem model number, service type, and connection status and values.

Sample response:

Model: MC200P
Service: HSPA+
SIM Status: READY
RSSI: -62 dbm
ECIO: -4
APN: wwan.ccs
IP Addr: 166.136.142.172

mreboot – Reboot the modem (port parameter optional)

Syntax:

<password>,mreboot,[port,]

Examples:

1234,mreboot,           //reboot the highest priority modem
1234,mreboot,usb1,      //reboot the modem plugged into port usb1

apn – Reboot the modem (port parameter optional)

Syntax:

<password>,apn,<new APN>,[port,]

Examples:

1234,apn,myapn@apn.com,         //set APN of highest priority modem
1234,apn,myapn@apn.com,usb1,    //set APN for modem in port usb1

userpass – Set the modem's authentication username and password (port parameter optional)

Syntax:

<password>,userpass,<username>,<userpassword>,[port,]

Examples:

1234,userpass,joe,mypassword,           //set information of highest priority modem
1234,userpass,joe,mypassword,usb3,      //set information on modem in port usb3

simpin – Set the SIM's PIN (port parameter optional)

Syntax:

<password>,simpin,<pin>,[port,]     

Examples:

1234,simpin,5678,           //set simpin in highest priority modem
1234,simpin,5678,usb2       //set simpin in modem on port usb2

log – Return a portion of the router log

Syntax:

<password>,log,[start,]

Examples:

1234,log,           //return the first 10 items of the log (items 0 through 9)
1234,log,10,        //return items 10 through 19 of the log
1234,log,20,        //return items 20 through 29 of the log 

Sending log information via SMS messages likely results in several resulting texts. Please be aware of the costs of text messages on the modem’s account, and use this command only if necessary.

* The “port” parameter is optional. It specifies which port – and therefore which modem – to perform the action on. If not given, the action will happen on the highest priority modem.

Sample Debug Session

The following is an example of a debug session to discover a modem’s APN is misconfigured and needs to be set.

Figure out the state of the modems on the router:

1234,rstatus,

Receive the modem’s status and settings:

1234,mstatus,

Set the modem’s APN to the correct setting:

1234,apn,broadband,

Verify the APN was set properly:

1234,mstatus,

Continue to verify the status periodically to ensure that the modem connects:

1234,rstatus,

LLDP

The Link Layer Discovery Protocol (LLDP) is a standard method for network devices to share information about themselves among their neighbors. The router stores the information it receives from its neighbors, which can be viewed on the Status → LLDP page.

Enable LLDP for Ethernet on the WAN and/or LAN.

image

System Logging

image

Logging Level: Setting the log level controls which messages are stored or filtered out. A log level of Debug will record the most information while a log level of Critical will only record the most urgent messages. Each level includes all messages from all of the levels below it on the list (e.g. “Warning” includes all “Error” and “Critical” messages as well).

  • Debug
  • Info
  • Warning
  • Error
  • Critical

Enable Logging to a Syslog Server: Enabling this option will send log messages to a specified Syslog server. After enabling, type the Hostname or IP address of the Syslog server (or select from the dropdown menu).

  • Syslog Server Address: Select the Hostname or IP address from the dropdown menu, or type this in manually.
  • Include System ID: This option will include the router’s "System ID" at the beginning of every log message. This is often useful when a single remote Syslog server is handling logs for several routers.
  • Include UTF8 Byte Order Mark: The log message is sent using UTF-8 encoding. By default the router will attach the Unicode Byte Order Mark (BOM) to the Syslog message in compliance with the Syslog protocol, RFC5424. Some Syslog servers may not fully support RFC5424 and will treat the BOM as ASCII text, which will appear as garbled characters in the log. If this occurs, disable this option.

Log to attached USB stick: Only enable this option if instructed by a Cradlepoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.

Verbose modem logging: Only enable this option if instructed by a Cradlepoint support agent.

Create support log: This functionality allows for a quick collection of system logging. Create this log file when instructed by a Cradlepoint support agent.

Router Services

By default, router services (Enterprise Cloud Manager, NTP, etc.) connect to the router via the WAN. In some setups it makes sense to use the LAN instead. For example, if your router is used strictly for 3G/4G failover behind another router, you may not want to use 3G/4G data unnecessarily. Select Use LAN Gateway to set your router services to connect via the LAN.

image

LAN Gateway Address: Input the IP address of the LAN side connection. If this is a 3G/4G failover router operating behind another router, the LAN Gateway Address is the IP address of that other router.

DNS Server and Secondary DNS Server: The primary and secondary DNS server numbers match the static DNS values (set at Network Settings → DNS). You can leave the default values or set them manually here. (Changing these values also changes the static DNS values.)

Temperature (COR IBR1100/1150 only)

The COR IBR1100/IBR1150 includes an internal temperature sensor. Use this to track the internal temperature with alerts/logging. The router also has a mechanism to shut down functions when the internal temperature is dangerously high (80 °C).

image

Router Temperature (°C), Modem Temperature (°C): These display the router or modem's current temperature in degrees Celsius. To convert these values to Fahrenheit, multiply by 9, divide by 5, and then add 32 (i.e, F = 95C + 32). You can also use an online conversion tool.

The table below gives a few reference points:

°C°FDescription
100212Boiling point of water
3798.6Body temperature
2170Approximate room temperature
032Freezing point of water

Minimum Temperature: (Default: 10 °C.) If the device drops to this temperature, an alert will automatically be generated.
Maximum Temperature: (Default: 70 °C.) If the device reaches this temperature, an alert will automatically be generated.

To configure minimum and maximum temperature alerts, use one of the following methods:

  1. Enable these alerts in Enterprise Cloud Manager.
  2. Set up an SMTP email server in System Settings → Device Alerts.
This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at suggestions@cradlepoint.com.

 
Knowledge Home | Product