CradlePoint AER 2100 – Manual CradlePoint AER 2100 – Manual The All-in-One, Cloud-Managed Networking Platform for the Distributed Enterprise The CradlePoint AER 2100 is the first in a new generation of cloud-managed 4G networking solutions that helps enterprises increase bandwidth and achieve five-nines reliability in a secure, flexible, and open-architecture platform.
CradlePoint AER 2100 – Manual See Navigating the Administration Pages for helpful information about how to use the device's GUI-based management interface. NOTE: The manual content for the following administration pages sections is generic across multiple devices. Therefore, some details may not apply to the AER 2100 because they are specific to another device. For example, some GPS functionality is specific to COR devices.
CradlePoint AER 2100 – Manual WiFi as WAN System Settings Administration Certificate Management Device Alerts Enterprise Cloud Manager Feature Licenses Hotspot Services Serial Redirector SNMP Configuration System Control System Software Introduction Package Contents System Requirements Specifications Hardware LEDs Package Contents AER 2100 with integrated business-class 3G/4G modem External 3G/4G mobile broadband modem antennas (2) (SMA) w/ multiplexing for GPS; finger tighten only External dual-band hi
CradlePoint AER 2100 – Manual The CradlePoint AER 2100 is the first in a new generation of cloud-managed 4G networking solutions that helps enterprises increase bandwidth and achieve five-nines reliability in a secure, flexible, and open-architecture platform. As a cloud-managed solution, the CradlePoint AER is designed for the distributed enterprise to intelligently manage wired and 4G wireless connectivity for a more reliable “connected experience” at the edge.
CradlePoint AER 2100 – Manual Failover/Failback Load Balancing Advance Modem Failure Check WAN Port Speed Control WAN/LAN Affinity IP Passthrough LAN VLAN 802.1Q DHCP Server, Client, Relay DNS and DNS Proxy DynDNS UPnP Zone Firewall DMZ Multicast/Multicast Proxy QoS (DSCP and Priority Queuing) MAC Address Filtering WiFi Dual-Band Dual-Concurrent (3×3 MIMO) 802.11ac (a, b, g, n, ac) Up to 256 connected devices (128 per channel – 2.
CradlePoint AER 2100 – Manual NEMO/DMNR¹ IPv6 VRRP¹ STP¹ NHRP¹ Security RADIUS and TACACS+ 802.
CradlePoint AER 2100 – Manual NEMO/DMNR Failover (Pending Verizon certification) Cloud Security Seamless integration with Zscaler's secure web gateway. Depending on your Zscaler implementation, this could include: Global Cloud Platform Real-Time Reporting Behavioral Analysis URL Filtering Advanced Threat Protection Inline Anti-Virus & Anti-Spyware Web 2.
CradlePoint AER 2100 – Manual Feature Details WAN Security – IPS/IDS & Application Identification (subscription required), NAT, SPI, ALG, inbound filtering of IP addresses, port blocking, service filtering (FTP, SMTP, HTTP, RPL, SNMP, DNS, ICMP, NNTP, POP3, SSH), protocol filtering, WAN ping (allow/ignore) Redundancy and Load Balancing – Failover/failback on all WAN connections with rule selection; advanced load balancing options (round robin, spillover, data usage, rate); WAN failure detection; VRRP (subs
CradlePoint AER 2100 – Manual provider. AER 2100LPE-VZ – 4G LTE/HSPA+/EVDO for Verizon Technology: LTE, HSPA+, EVDO Rev A Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps, EVDO 3.1 Mbps (theoretical) Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps, EVDO 1.
CradlePoint AER 2100 – Manual Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps (theoretical) Uplink Rates: LTE 50 Mbps, HSPA+ 5.
CradlePoint AER 2100 – Manual Front Panel Back Panel Left Side With Cover Cover Removed 07/03/2014 11
CradlePoint AER 2100 – Manual With Two MC400 Integrated Modems (one included by default) Right Side Antennas When connecting the provided antennas, review the connection points: WiFi antennas have flat circular bases (RSMA). Modem antennas have protruding pins (SMA). LEDs – POWER The CradlePoint AER 2100 must be powered using an approved 12V DC power source.
CradlePoint AER 2100 – Manual Green = Powered ON. No Light = Not receiving power. Check the power switch and the power source connection. Flashing Amber = Attention. Open the administration pages (see page 10) and check the router status. – ETHERNET WAN Indicates information about a data source connected to the Ethernet WAN port. Blue = Connected to an active Ethernet WAN interface. – WiFi BROADCAST These two LEDs indicate activity on the WiFi broadcast for both the 2.4 GHz and 5 GHz bands. 2.
CradlePoint AER 2100 – Manual Sprint, EE, and Vodafone. The SIM must be provisioned with the carrier. Contact your carrier for details about selecting a data plan and about the process for provisioning your SIM. Once you have an activated SIM, insert it into the integrated modem. Insert the SIM card into the slot marked SIM 1 (use the other slot, SIM 2, for a secondary/backup SIM). Be sure to insert the card with the notch-end first and the gold contacts facing down – it will click into place. 2.
CradlePoint AER 2100 – Manual 2) Slide the modem into the side of the router. The protruding section of the green board fits into the groove. 3) Reattach the panel cover and screw it back on. (When necessary, remove the cover and modem using the Multipurpose Retaining Tool.) 3. Attach the WiFi and modem antennas. Attach the three WiFi antennas (included) and two modem antennas to the connectors. Antennas are jointed, which enables you to position them for optimal signal.
CradlePoint AER 2100 – Manual Care should be taken to ensure that the router antennas are not near metal or other RF reflective surfaces. 4. Connect the power source. Plug the provided power supply (12V DC wall adapter) into an electrical outlet. Then connect the power supply to the router. Ensure power is switched on: O = OFF I = ON When you set the power switch to the ON ( I ) position, watch for the power LED to illuminate.
CradlePoint AER 2100 – Manual 5. Connect to a computer or other network equipment. Connect wirelessly to the WiFi broadcast or with an Ethernet cable connected to your computer and then plugged into one of the Ethernet LAN ports (numbered 1–4). The default WiFi network name broadcast is “2100-xxx”, where “xxx” is the last three characters of your router’s MAC address (this is the SSID on the product label). To connect to the WiFi, you will need to input the DEFAULT PASSWORD when prompted.
CradlePoint AER 2100 – Manual When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your CradlePoint AER 2100.
CradlePoint AER 2100 – Manual If your device has not yet been loaded into your ECM account, you need to register. Log into the device administration pages and go to Getting Started → Enterprise Cloud Manager Registration. Enter your ECM username and password, and click on “Register”. Once you have registered your device, go to cradlepointecm.com and log in using your ECM credentials.
CradlePoint AER 2100 – Manual appears. Log in using your administrator password. Initially, this password can be found on the bottom of the router as the Default Password (this password is also the last eight digits of the unit’s MAC address). You may have changed the administrator password during initial setup using the First Time Setup Wizard. If so, log in using your personalized administrator password.
CradlePoint AER 2100 – Manual WiFi Clients – Click to view a signal strength indicator for you network, "WiFi Connection Strength": – The number listed in the orange block shows the number of attached clients. Click this to go to the Client List page (Status → Client List). Logout – Click to log out of the administration pages. Configuration Pages The following table shows the navigation layout of the administration pages. Click on the tabs along the top bar to reveal the following dropdown menus.
CradlePoint AER 2100 – Manual Getting Started – Enable fundamental functionality through these setup wizards, including the First Time Setup Wizard. Status – Displays various types of information about your router such as a list of clients that are attached to your networks (Client List), the details of each Internet source your router is using (Internet Connections), and a map of your router’s location (GPS). Very few changes can be made from this tab; the primary purpose is to display information.
CradlePoint AER 2100 – Manual For more information about how to use CradlePoint Enterprise Cloud Manager, see the following: Getting Started ECM on the Knowledge Base First Time Setup When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through basic steps to customize your CradlePoint AER 2100. To return to the First Time Setup Wizard after your initial login, go to Getting Started → First Time Setup in the dropdown menu.
CradlePoint AER 2100 – Manual NOTE: If you plan to use your router in a PCI DSS compliant environment, do not use this setting. Use the “Advanced Security Mode” settings under the Router Security tab in System Settings → Administration instead. Time Zone You can select your TIME ZONE from a dropdown list. (This may be necessary to properly show time in your router log, but typically your router will automatically determine your time zone through your browser.) Click NEXT.
CradlePoint AER 2100 – Manual Choose the WIFI SECURITY MODE that best fits your needs: BEST (WPA2): Select this option if your wireless adapters support WPA2-only mode. This will connect to most new devices and is the most secure, but may not connect to older devices or some handheld devices such as a PSP. GOOD (WPA1 & WPA2): Select this option if your wireless adapters support WPA or WPA2. This is the most compatible with modern devices and PCs.
CradlePoint AER 2100 – Manual Bell: "inet.bell.ca" TELUS: "isp.telus.com" You can either leave this on the Default setting or select Manual and input a specific APN. If your specific modem or SIM already has APNs programmed into it, you should leave this on the Default setting. After finishing this Wizard go to Internet → Connection Manager, select your modem, and edit the settings. The SIM PIN/APN tab has more available settings than are provided here.
CradlePoint AER 2100 – Manual Click NEXT. Summary Review the details and record your wireless network name, administrative password, and WPA password (or WEP key). Move your mouse over your WiFi password to reveal it. Please record these settings for future access. You may need this information to configure other wireless devices. NOTE: If you are currently using the device's WiFi network, reconnect to the network using the new wireless network name and security password.
CradlePoint AER 2100 – Manual Status The Status section of the Administration Pages displays information about many different aspects of the router. The Status tab has the following dropdown menu items: Client List CP Secure Connect Dashboard GPS GRE Tunnels Hotspot Clients Internet Connections Routing Statistics System Logs VPN Tunnels WiPipe QoS Client List The Client List displays the specifications of each device connected to your router, including wireless and wired clients.
CradlePoint AER 2100 – Manual adjacent 20 MHz channels. A wider channel can mean better performance, but not if there is too much interference. Even if 40 MHz is set in the WiFi Channel Width, the router may still fall back to 20 MHz if interference is found. 130 Mbps: The transmit rate (in megabits per second) currently used to transmit packets from the router to the client. This rate changes automatically to match environmental conditions.
CradlePoint AER 2100 – Manual For more in-depth information and/or configuration options, click on the Detailed Info link beside the category title. For each category, this links to: Router Information – System Settings → Administration Internet – Internet → Connection Manager Local Networks – Network Settings → WiFi / Local Networks WiFi Networks – Network Settings → WiFi / Local Networks After the initial setup of the router, every time you log in you will automatically be directed to this Dashboard.
CradlePoint AER 2100 – Manual Internet “Detailed Info” links to Internet → Connection Manager. State – Connected/Disconnected Signal Strength – Expressed as a percentage (Signal Strength is not included if Ethernet is the WAN type) WAN Type – Ethernet, Modem, or WiFi as WAN Connection Type – Possibilities include: DHCP (for Ethernet), HSPA, LTE, WiMAX, etc.
CradlePoint AER 2100 – Manual Router Alerts includes links to System Settings → System Software (for new firmware) and Internet → Connection Manager. GPS If GPS support is enabled and a modem capable of providing GPS coordinates is connected, this page will show a graphical view of your router's location. See the GPS section in System Settings → Administration to enable GPS support.
CradlePoint AER 2100 – Manual from the GPS satellites. GRE Tunnels View the status of configured GRE Tunnels. To set up or edit a GRE tunnel, go to Internet → GRE Tunnels. Included information: Name Status Transmit (packets/bytes) Receive (packets/bytes) MTU Hotspot Clients View the status of the clients that have logged in through the Hotspot/Captive Portal.
CradlePoint AER 2100 – Manual The Internet Connections submenu option provides a list of attached WAN devices used as the Internet source for the router. Select one of these devices to see detailed information about that particular device. Possible devices include: Ethernet 3G/4G modem WiFi as WAN The information displayed varies greatly depending on the technology, especially for 3G/4G modems. CradlePoint passes on the information provided by the modems, which is specific to the carrier (e.g.
CradlePoint AER 2100 – Manual WiFi as WAN example: 07/03/2014 35
CradlePoint AER 2100 – Manual Routing System Routes displays routes associated with networks connected to the router as well as routes learned from routing protocols (such as RIP or BGP). Static Routes displays user-specified routes configured in Network Settings → Routing. There are also tables displaying information for GRE Routes, VPN Routes, and NEMO Routes. Configure the settings for these routes under the Internet tab. Statistics The Statistics submenu option displays basic traffic statistics.
CradlePoint AER 2100 – Manual Diagnostics.” Sample rate and size can be adjusted from the dropdown boxes. Data Usage: A measure of the amount of information that is currently being sent or received through the network. Sample rate and size can be adjusted from the dropdown boxes. Failover/Failback/Load Balance: An easy way to view current connective states of the devices plugged into the router as compared to the past. Sample rate and size can be adjusted from the dropdown boxes.
CradlePoint AER 2100 – Manual The router automatically logs (records) events of possible interest in its internal memory. If there is not enough internal memory for all events, logs of older events are deleted, but logs of the latest events are retained. The log options allow you to filter the router logs so you can easily find relevant messages. This router also has external Syslog Server support so you can send the log files to a computer on your network that is running a Syslog utility.
CradlePoint AER 2100 – Manual Protocols Transferred Direction Time Online Control To set up or edit a VPN tunnel, go to Internet → VPN Tunnels. WiPipe QoS View the breakdown of packets and bytes sent and received associated with each WiPipe QoS rule. To set up or edit a WiPipe QoS rule, go to Network Settings → WiPipe QoS. Network Settings The Network Settings section of the Administration Pages provides access to tools for controlling the LAN (Local Area Networks).
CradlePoint AER 2100 – Manual Content Filtering You have two main options for filtering content for local networks. 1. WebFilter Rules: Create a list of websites that will be either disallowed or allowed. Customize the filter settings for each network and/or each MAC address. (These rules will not block HTTPS websites.) 2.
CradlePoint AER 2100 – Manual Rule Priority: Higher number rules overrule lower number rules. Enabled: A rule can be enabled or disabled by selecting or deselecting the checkbox. Click Submit to save your rule changes. Default Network Filter Settings Use Default Network Filter Settings together with Network WebFilter Rules to control website access. All of your networks are set to allow website access by default. Select a network and click Edit to change the default filter settings.
CradlePoint AER 2100 – Manual network to each rule. See the Network WebFilter Rules section (above) for more configuration details. MAC Address WebFilter Defaults Use MAC Address WebFilter Defaults together with MAC Address WebFilter Rules to control website access for specific MAC addresses. By default, each MAC address is allowed website access. Click Add/Edit to change this setting for a MAC address. Input the MAC address and default action you would like to apply to that MAC address.
CradlePoint AER 2100 – Manual Select a third-party Cloud Provider from the dropdown list. Umbrella by OpenDNS Zscaler Umbrella by OpenDNS Umbrella by OpenDNS is a cloud-based web filtering and security solution that protects you online by filtering websites. Go to http://www.opendns.com/business-security/ for information about Umbrella. Enter your Umbrella account information in order to use these content filtering settings.
CradlePoint AER 2100 – Manual Enter your Zscaler account information to enable these settings. Input local network information (Network Address and Netmask) to assign your Zscaler implementation to one or more local network(s). DHCP Server DHCP stands for Dynamic Host Configuration Protocol. The built-in DHCP server automatically assigns IP addresses to the computers and other devices on each local area network (LAN).
CradlePoint AER 2100 – Manual DNS DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint.com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers.
CradlePoint AER 2100 – Manual Enable Dynamic DNS: Enable this option only if you have purchased your own domain name and registered with a Dynamic DNS service provider. Server Type. Select a dynamic DNS service provider from the dropdown list: DynDNS DNS-O-Matic ChangeIP NO-IP Custom Server (DynDNS clone) Custom Server Address. Only available if you select Custom Server from the Server Address dropdown list. Enter your custom DynDNS clone server address here. For example: www.mydyndns.org.
CradlePoint AER 2100 – Manual Click Add to name a device in your network. Fill in the following fields: Hostname: Choose a name that is meaningful to you. No spaces are allowed in this field. IP address: The address of the device within your network. EXAMPLE: a personal laptop with IP address 192.168.0.164 could be assigned the name “MyLaptop”. Since the assigned name is mapped to an IP address, the device’s IP address should not change.
CradlePoint AER 2100 – Manual Select from the following tabs to edit your firewall configuration: Port Forwarding Rules Port Proxying Rules Network Prefix Translation DMZ (DeMilitarized Zone) Remote Admin. Access Application Gateways Firewall Options Zone Firewall Port Forwarding Rules A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network. For example, a port forwarding rule might be used to run a Web server.
CradlePoint AER 2100 – Manual Add/Edit Port Forwarding Rule Name: Name your rule. Enabled: Toggle whether your rule is enabled. Selected by default. Use Port Range: Changes the selection options to allow you to input a range of ports (if desired). Internet Port(s): The port number(s) as you want it defined on the Internet. Typically these will be the same as the local port numbers, but they do not have to be. These numbers will be mapped to the local port numbers.
CradlePoint AER 2100 – Manual Add/Edit Port Proxying Rule Name: Name your rule. Enabled: Toggle whether your rule is enabled. Selected by default. Use Port Range: Check this box to create a rule which proxies a contiguous range of ports instead of a single port. The remote port(s) will require the same number of contiguous ports. Local Port(s): Specify the IP port(s) on the LAN to proxy to a remote computer. Remote Computer: Specify the remote computer to receive proxied traffic.
CradlePoint AER 2100 – Manual A DMZ host is effectively not firewalled in the sense that any computer on the Internet may attempt to remotely access network services at the DMZ IP address. Typical uses involve running a public Web server or sharing files. Input the IP Address of a single device in your network to create a DeMilitarized Zone for that device.
CradlePoint AER 2100 – Manual Exercise caution in enabling application gateways as they impact the security of your network. Enable any of the following types of application gateways: PPTP: For virtual private network access using Point-to-Point Tunneling Protocol. This is enabled by default. SIP: For VoIP (voice over IP) using Session Initiation Protocol. TFTP: Enables file transfer using Trivial File Transfer Protocol. FTP: To allow normal mode when using File Transfer Protocol.
CradlePoint AER 2100 – Manual The All zone is a special zone used to support legacy firewall configurations. This zone cannot be removed and is reserved for forward-migration of IP Filter Rules from previous firmware versions. The All zone matches any traffic handled by the router. User defined zones are preferred. The Router zone is a special zone used to filter traffic initialized from the router (e.g., Enterprise Cloud Manager connection) or destined to the router (e.g.
CradlePoint AER 2100 – Manual Attach LAN and GRE interfaces to a zone by selecting the Config Name for those interfaces. For LANs, these names are defined in Network Settings → WiFi / Local Networks; for GRE tunnels, these names are defined in Internet → GRE Tunnels.
CradlePoint AER 2100 – Manual Name: Create a name meaningful to you. Default Action: Choose either Allow or Deny. This is the action taken by the firewall if none of the filter policy rules match the traffic being filtered. Click Add to create a new rule for this filter policy.
CradlePoint AER 2100 – Manual Log: When checked each packet matching this filter rule will be logged in the System Logs. Action: “Allow” or “Deny”. Protocol: Any, ICMPv4, TCP, UDP, GRE, ESP, ICMPv6, or SCTP. IP Version: Any, IPv4, or IPv6. IP Source / IP Destination IP Negation: Match on any IP address that is NOT in the specified IP network range. Network IP: Optional field to specify a matching network IP address for this rule to match against.
CradlePoint AER 2100 – Manual MAC Filter / Logging A MAC (Media Access Control) address is a unique identifier for a computer or other device. This page allows you to manage clients by MAC address. You can filter clients by MAC addresses and/or keep a log of devices connected to your router. Filter Configuration The MAC Filter allows you to create a list of devices that have either exclusive access (whitelist) or no access (blacklist) to your local network. Enabled: Click to allow MAC Filter options.
CradlePoint AER 2100 – Manual Ignored MAC Addresses: This is the list of MAC addresses that will not produce an alert or a log entry when they are connected to the router. These should be MAC addresses that you expect to be connected to the router. To add MAC addresses to this list, simply select devices shown in the MAC Address Log and click “Ignore.” You can also add addresses manually.
CradlePoint AER 2100 – Manual Distribute: Allow this static route to be distributed via a routing protocol (Network Settings → Routing Protocols). Routing Protocols NOTE: Routing Protocols require a feature license. Go to System Settings → Feature Licenses to enable these features. A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network.
CradlePoint AER 2100 – Manual same router-ID. Enabled: Click to enable/disable the policy. (Default: enabled.) Networks Associated with ASN or IPv6 Networks Associated with ASN: To configure a BGP router, you need an AS number. An AS number is an identification of autonomous system. BGP protocol uses the AS number for detecting whether the BGP connection is internal one or external one. Use the IPv4 address and netmask or IPv6 address with a CIDR notation prefix length to define the address range.
CradlePoint AER 2100 – Manual Area: Areas are identified by an ID. Default Cost: Set the cost of default-summary LSAs announced to stubby areas. Stub Area: Configure area to be stub area. No-Summary: Prevents ABR from injecting inter-area summaries into the specified stub area OSPF Editor Router ID: This sets the router-ID of the OSPF process. The router-ID may be an IP address of the router, but need not be – it can be any arbitrary 32-bit number.
CradlePoint AER 2100 – Manual Redistribute Routes: Redistribute routes of the specified protocol or kind into BGP, with the metric type and metric set (if specified), filtering the routes using the given route map (if specified). Redistributed routes may also be filtered with distribute lists. Type: The type is the source of the route. Select from: Main, Connected, Static, RIP, OSPF. Metric: Numerical priority of the route.
CradlePoint AER 2100 – Manual Networks: Set the RIP-enabled interfaces by network. RIP is enabled on the interfaces that have addresses within the network range. Neighbors: When a neighbor doesn't understand multicast, this command is used to specify neighbors. In some cases, not all routers will be able to understand multicasting, where packets are sent to a network or a group of addresses.
CradlePoint AER 2100 – Manual Networks: Set the RIPng-enabled interfaces by network using IPv6 addresses. RIPng is enabled on the interfaces that have addresses within the network range. Routes: Set RIPng static routing announcement of specified network address. Redistribute Routes: Redistribute routes of the specified protocol or kind into RIPng, with the metric type and metric set if specified, filtering the routes using the given route-map if specified. Type: The type is the source of the route.
CradlePoint AER 2100 – Manual Name: Choose a unique name. Allow: Select “Permit” or “Deny”. IP Address: Input the IP addresses that you want permitted or denied. Netmask: Use this along with “IP Address” to specify a range of IP Addresses associated with this Access Lists rule. Route Map Route maps provide a means to filter and/or apply actions to routes, allowing policies to be applied to routes. Route maps define rules for transferring between different routing protocols.
CradlePoint AER 2100 – Manual Threat Management NOTE: Threat Management is only available for the AER 2100, and it requires a feature license. Enable this feature through Enterprise Cloud Manager. CradlePoint Secure Threat Management leverages Trend Micro's security experience and expertise in this one-pass Deep Packet Inspection (DPI) solution. Threat Management includes settings for both IPS (intrusion prevention system) and IDS (intrusion detection system), as well as application identification logging.
CradlePoint AER 2100 – Manual Operation Mode: Choose IPS, IDS, or neither. Disabled Detect and Prevent (default) – IPS mode Detect Only – IDS mode Engine Failure/Error Action: In the unlikely event of an error with the Threat Management engine, you have the following options: Allow Traffic (default) Deny Traffic With Allow Traffic selected, the device will act like a typical router without Threat Management enabled and route traffic as usual.
CradlePoint AER 2100 – Manual WiFi / Local Networks This section is used to configure the settings for networks created by your router (LAN). Note that changes made in this section may also need to be duplicated on wireless devices that you want to connect to your wireless network. For example, if you change a wireless LAN’s IP address, devices within that network will lose connection. They will have to reconnect to the network.
CradlePoint AER 2100 – Manual Local IP Networks displays the following information for each network: Network Name and IP address/Netmask (along the top bar) Enabled: Yes/No Multicast Proxy (Enabled/Disabled) DHCP Server (Enabled/Disabled) Schedule (Enabled/Disabled – See the Schedule tab in the Local Network Editor) VRRP Failover State (Disabled, Backup, or Master) IPv4 Routing Mode (NAT, Standard, IP Passthrough, Hotspot, Disabled) IPv6 Addressing Mode (SLAAC Only, SLAAC with DHCP, Disable SLAAC and DHCP)
CradlePoint AER 2100 – Manual Enabled: Click to manually disable a network. Also, some settings could cause a network to be automatically disabled: click here to re-enable the network. Name: This primarily helps to identify this network during other administration tasks. Hostname: [Default: cp (for CradlePoint)] The hostname is the DNS name associated with the router's local area network IP address.
CradlePoint AER 2100 – Manual IP Address: This is the address used by the router for local area network communication. Changes to this parameter may require a restart to computers on this network. Each network must have a distinct IP address. Most users will want an address from one of the following private IP ranges: 10.0.0.1 - 10.255.255.1 172.16.0.1 - 172.31.255.1 192.168.0.1 - 192.168.255.
CradlePoint AER 2100 – Manual IPv6 Address Source: By default, this is set to Delegated, which means the IPv6 address range for the LAN is passed through from the WAN side. Change this to Static to input your own IPv6 address range here, or select None to explicitly disable IPv6 LAN connectivity. Interfaces Select network interfaces to attach to this network. Choose from WiFi, Ethernet ports, and VLAN interfaces.
CradlePoint AER 2100 – Manual If you want more interface options, you must configure additional WiFi, Ethernet ports, and VLAN interfaces separately. See the Local Network Interfaces section below (on this same administration page: Network Settings → WiFi / Local Networks). Access Control Tune the access control settings of this network to match the intended use.
CradlePoint AER 2100 – Manual Changing settings for the IPv4 DHCP server is optional. The default selections are almost always sufficient. DHCP Server: (Default: Enabled) When the DHCP server is enabled, users of your network will be able to automatically connect to the Internet without any special configuration. It is recommended that you leave this enabled. Disabling the DHCP server is only recommended if you have another DHCP server on your network and it is configured properly.
CradlePoint AER 2100 – Manual need to wrap this value in quotes. For example, option 66 (Server name) requires quotes around IP addresses. DHCP Relay: DHCP Relay communicates with a DHCP server and acts as a proxy for DHCP broadcast messages that must be routed to remote segments. This is accomplished by converting broadcast DHCP messages to unicast messages to communicate between clients and servers.
CradlePoint AER 2100 – Manual Multicast Proxy: Select to enable IGMP proxy support to allow multicast streams to flow across this network. Quick Leave Mode: Disable quick leave mode if it's vital that the daemon should act exactly as a real multicast client on the upstream interface. However, disabling this function increases the risk of bandwidth saturation. By default, enabling multicast proxy enables a multicast connection with devices within the LAN.
CradlePoint AER 2100 – Manual Schedule Service: (Default: Disabled.) Select to enable. This will open a configurable chart for setting the schedule. Each hour of the week is represented by a black or gray square. Black represents disabled, while gray represents enabled. Hover over a square to reveal the hour it represents. Click on the squares to toggle between black and gray. In the example shown, the network is enabled from 8-5 on Monday through Friday, but disabled at all other times.
CradlePoint AER 2100 – Manual VRRP (Virtual Router Redundancy Protocol) allows you to associate multiple routers with one LAN so that if the primary physical router fails, the LAN will keep the same settings via the virtual router. Enable VRRP: Select to enable VRRP configuration options. Virtual Router IP: IP address of the virtual router. This must be distinct from the IP address of any physical router associated with the virtual router. Virtual Router ID: Identifying number of the virtual router.
CradlePoint AER 2100 – Manual Spanning Tree Protocol (STP) allows a network design to include redundant paths while preventing broadcast radiation from bridge loops. Enable STP: Enable Spanning Tree Protocol loop detection. Bridge Priority: Set the priority of the bridge. When determining the root bridge of the spanning tree topology, the bridge priority is compared first. The bridge with the lowest priority value will win.
CradlePoint AER 2100 – Manual Wired 802.1X: (requires hardware version 2.0) This allows you to configure an authentication server that will accept authentication requests from devices attached to wired Ethernet ports. IEEE 802.1X defines the encapsulations of the Extensible Authentication Protocol (EAP). Click Enable 802.1X to require IEEE 802.1X authorization for the Ethernet ports associated with this network. Reauthentication Period: EAP re-authentication period in seconds.
CradlePoint AER 2100 – Manual Select from the following tabs: WiFi Radio #1 Settings (2.4 GHz) WiFi Radio #2 Settings (5 GHz) Ethernet Port Configuration VLAN Interfaces Wireless (WiFi) Network Settings Each wireless radio (2.4 GHz and 5 GHz) can broadcast as many as four SSIDs (service set identifiers – the names for WiFi networks). One primary WiFi network is enabled by default, while you may have enabled a second guest network when using the First Time Setup Wizard.
CradlePoint AER 2100 – Manual WiFi Name (SSID): When users browse for available wireless networks, this is the name that they will see. This name is referred to as the SSID (service set identifier). For security purposes, CradlePoint highly recommends that you change this from the pre-configured name. Hidden: This shows whether the router broadcasts its SSID.
CradlePoint AER 2100 – Manual “WPA/WPA2” and “WPA” (Personal or Enterprise) allow AES, TKIP/AES, and TKIP. “WEP Auto” requires a WEP Key. “Open” has no password or other security measures. NOTE: If you don’t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, CradlePoint highly recommends WPA2/AES for security if your attached devices can support it.
CradlePoint AER 2100 – Manual Port Group ID: The Group ID field provides a reference to this grouping of ports to be used in other parts of the router configuration. For example, this ID is referenced in the Local IP Networks configuration to attach this logical group of Ethernet ports with a network configuration. Use a simple short text phrase to describe this group, such as "main", "guestports", "backup_wan", etc. This must be unique.
CradlePoint AER 2100 – Manual Ethernet Group: Select the LAN port(s) with which you want to associate the VLAN ID from a dropdown list. Your Ethernet group must be created separately under Ethernet Port Configuration. Click Submit to save your configured VLAN. WiFi Settings (Advanced) When you select either of the WiFi tabs (2.4 GHz or 5 GHz) in the Local Network Interfaces section, you have several additional options for configuring your wireless LANs under the WiFi Settings heading.
CradlePoint AER 2100 – Manual WiMAX radios will conflict with each other, which may result in lower throughput. Select a channel from the dropdown list: 1 (2412 MHz) 2 (2417 MHz) 3 (2422 MHz) 4 (2427 MHz) 5 (2432 MHz) 6 (2437 MHz) 7 (2442 MHz) 8 (2447 MHz) 9 (2452 MHz) 10 (2457 MHz) 11 (2462 MHz) For 5.0 GHz, the ranges are 36 to 64 and 149 to 165. These channels do not interfere with a WiMAX modem.
CradlePoint AER 2100 – Manual Channel Width: Selects whether the router uses a single 20 MHz channel to send/receive, or uses two adjacent 20 MHz channels to create a 40 MHz channel. Higher performance is possible with the 40 MHz channel. Selecting Auto is generally best. Enabling WiFi as WAN will force 20 MHz only mode. Extended Channel: When operating in 40 MHz mode the access point will use an extended channel either below or above the current channel.
CradlePoint AER 2100 – Manual 20% or less. Click Add to create a new Traffic Shaping/QoS queue. Queue Name: Choose a name that is meaningful to you. Upload Bandwidth Enable Upload QoS: (Default: Enabled.) Deselect if you want your rule to apply to download traffic only. Leave this selected to include upload restrictions with this queue. Borrow Spare Bandwidth: (Default: Enabled.) When this is enabled, the interfaces/protocols associated with this rule will borrow unused bandwidth from other rules.
CradlePoint AER 2100 – Manual Enable Download QoS: (Default: Enabled.) Deselect if you want your rule to apply to upload traffic only. Leave this selected to include download restrictions with this queue. Borrow Spare Bandwidth: (Default: Enabled.) When this is enabled, the interfaces/protocols associated with this rule will borrow unused bandwidth from other rules. Disabling borrowing will restrict the traffic to the specified bandwidth. Higher priority queues will be offered excess bandwidth first.
CradlePoint AER 2100 – Manual Click Add to create a new Traffic Shaping rule. Traffic Shaping / QoS Rule Editor The first page of the Traffic Shaping / QoS Rule Editor allows you enable/disable the rule, name the rule, specify a protocol for the rule, and select a queue to associate the rule with. Rule Enabled: (Default: Enabled.) Deselect this to disable this rule. This can be useful for quickly changing configurations.
CradlePoint AER 2100 – Manual Use ports and/or IP addresses to define the type(s) of traffic attached to this rule. Leaving any field blank will match all values; all fields are optional. Source Port(s) and/or Destination Port(s): Enter a port number between 1 and 65535. To enter a single port number, input the number into the left box. To enter a range of ports, fill in both boxes separated by the colon. For example "80:90" would represent all ports between 80 and 90 including 80 and 90 themselves.
CradlePoint AER 2100 – Manual VPN Tunnels WAN Affinity / Load Balancing WiFi as WAN Connection Manager The router can establish an uplink via Ethernet, WiFi as WAN, or 3G/4G modems (integrated or external USB). If the primary WAN connection fails, the router will automatically attempt to bring up a new link on another device: this feature is called failover. If Load Balance is enabled, multiple WAN devices may establish a link concurrently.
CradlePoint AER 2100 – Manual Stats: bytes in, bytes out Uptime Click “Edit” to view configuration options for the selected device. For 3G/4G modems, click “Control” to view options to activate or update the device. WAN Configuration Select a WAN interface and click on Edit to open the WAN Configuration editor. The tabs available in this editor are specific to the particular WAN interface types. General Settings Device Settings Enabled: Select/deselect to enable/disable.
CradlePoint AER 2100 – Manual Idle Check Interval: The amount of time between each check. (Default: 30 seconds. Range: 10-3600 seconds.) Monitor while connected: (Default: Off) Select from the following dropdown options: Passive DNS (modem only): The router will take no action until data is detected that is destined for the WAN. When this data is detected, the data will be sent and the router will check for received data for 2 seconds.
CradlePoint AER 2100 – Manual Usage: Fail back based on the amount of data passed over time. This is a good setting for when you have a dual-mode EVDO/WiMAX modem and you are going in and out of WiMAX coverage. If the router has failed over to EVDO it will wait until you have low data usage before bringing down the EVDO connection to check if a WiMAX connection can be made. High (Rate: 80 KB/s. Time Period: 30 seconds.) Normal (Rate: 20 KB/s. Time Period: 90 seconds.) Low (Rate: 10 KB/s.
CradlePoint AER 2100 – Manual Syslog SNMP over the WAN (LAN works) There are two main types of IPv6 WAN connectivity: native (Auto and Static) and tunneling over IPv4 (6to4, 6in4, and 6rd). Native – (Auto and Static) The upstream ISP routes IPv6 packets directly. IPv6 tunneling – (6to4, 6in4, and 6rd) Each IPv6 packet is encapsulated by the router in an IPv4 packet and routed over an IPv4 route to a tunnel endpoint that decapsulates it and routes the IPv6 packet natively.
CradlePoint AER 2100 – Manual Static As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed. IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see the Wikipedia explanation of CIDR). IPv6 Gateway IP – Input the IPv6 remote gateway IP address provided by your ISP. Primary IPv6 DNS Server – (optional) Depending on your provider/setup, this may be required.
CradlePoint AER 2100 – Manual 6in4 Tunnel The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets, and provides routing for both egress and ingress IPv6 packets. Most tunnel brokers provide a facility to request delegated networks for use through the tunnel.
CradlePoint AER 2100 – Manual Example Configuration: Ethernet Settings While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control the following: Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet). MAC Address: You have the ability to change the MAC address, but typically this is unnecessary. You can match this address with your device’s address by clicking: “Clone Your PC’s MAC Address”.
CradlePoint AER 2100 – Manual IPv4 Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server PPPoE: Username Password Password Confirm Service Auth Type: None, PAP, or CHAP Modem Settings Not all modems will have all of the options shown below; the available options are specific to the modem type.
CradlePoint AER 2100 – Manual On Demand: When this mode is selected a connection to the Internet is made as needed. When this mode is not selected a connection to the Internet is always maintained. IP WAN Subnet Filter: This feature will filter out any packets going to the modem that do not match the network (address and netmask). Aggressive Reset: When Aggressive Reset is enabled the system will attempt to maintain a good modem connection.
CradlePoint AER 2100 – Manual Auto (all modes): Let the modem decide which network to use. Auto 3G (3G or less): Let the modem decide which 2G or 3G network to use. Do not attempt to connect to LTE. Force LTE: Connect to LTE only and do not attempt to connect to 3G or WiMAX. Force WiMAX: Connect to WiMAX only and do not attempt to connect tot 3G or LTE. Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only. Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only.
CradlePoint AER 2100 – Manual BridgeMAXX – bridgeMAXX.com Time Warner Cable – mobile.rr.com Comcast – mob.comcast.net TTLS Authentication Mode: TTLS inner authentication protocol. Select from the following dropdown options: MSCHAPv2/MD5 (Microsoft Challenge Handshake Authentication Protocol version2/Message-Digest Algorithm 5) PAP (Password Authentication Protocol) CHAP (Challenge Handshake Authentication Protocol) TTLS Username: Username for TTLS authentication.
CradlePoint AER 2100 – Manual SIM/APN/Auth Settings SIM PIN: PIN number for a GSM modem with a locked SIM. Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one. Choose from Auto, PAP, and CHAP and then input your username and password. Access Point Configuration: Some wireless carriers provide multiple Access Point configurations that a modem can connect to. Some APN examples are ‘isp.cingular” and “vpn.com”.
CradlePoint AER 2100 – Manual The modem supports Update/Activate methods: A message will display showing options for each supported method: Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration. Preferred Roaming List (PRL) Update Firmware Update Management Object (FUMO) Click the appropriate icon to start the process. If the modem is connected when you start an operation the router will automatically disconnect it. The router may start another modem as a failover measure.
CradlePoint AER 2100 – Manual Update Modem Firmware Click on the Firmware button to open the Modem Firmware Upgrade window. This will show whether there is new modem firmware available. If you select Automatic (Internet) the firmware will be updated automatically. Use Manual Firmware Upgrade to instead manually upload firmware from a local computer or device. Reset the Modem Click on the Reset button to power cycle the modem. This will have the same effect as unplugging the modem.
CradlePoint AER 2100 – Manual WAN Configuration Rule Editor After clicking “Add” or “Edit,” you will see a popup with the following tabs: Filter Criteria General Settings IP Overrides IPv6 Settings Ethernet Settings Modem Settings WiMAX Settings CDMA Settings SIM/APN/Auth Settings Filter Criteria If you are creating a new rule, begin by setting the Filter Criteria . Create a name for your rule and the condition for which the rule applies: Rule Name: Create a name meaningful to you. This name is optional.
CradlePoint AER 2100 – Manual MAC Address – Select WiMAX modem by MAC Address. Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router. Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement. Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.
CradlePoint AER 2100 – Manual The Date Usage Rule display shows basic information for each rule you have created (including rules created with a template). The following information is displayed: Rule Name Enabled: True/False Date for Rule Reset Cycle Type: Daily, Weekly, or Monthly Cap: Amount in MB. Current Usage: Shown as an amount in MB, as a percentage of the cap, and in a bar graph. Click Add to configure a new Data Usage Rule.
CradlePoint AER 2100 – Manual Data Usage Rule – page 2 Cycle Type: How often the rule will reset. The data usage amount will be reset at the end of each cycle. Select the length of a cycle from a dropdown menu with the following choices: Daily Weekly Monthly Cycle Start Date: Select the date you wish the rule to begin. This date will be used to track when the rule will reset. Shutdown WAN on Cap: If selected, the WAN device will shut down when the assigned usage is reached.
CradlePoint AER 2100 – Manual For example, you can set a template rule for all mobile data modems that causes your router to send an alert after 1000 MB of usage in a month. When you attach a new 4G USB modem, your template will immediately create a new Data Usage Rule for the attached modem that sends the alert as specified. Click Add to configure a new Template rule. Create a Template Name that you can recognize.
CradlePoint AER 2100 – Manual In order to set up a tunnel you must configure the following: Local Network and Remote Network addresses for the “Glue Network,” the network that is created by the administrator that serves as the “glue” between the networks of the tunnel. Each address must be a different IP address from the same private network, and these addresses together form the endpoints of the tunnel. Remote Gateway, the public facing WAN IP address that the local gateway is going to connect to.
CradlePoint AER 2100 – Manual example use case is when there is a router with both a primary and failover WAN device and the tunnel should only be used when the system has failed over to the backup connection. Make a selection for "When," "Condition," and "Value" to create a WAN Binding. The condition will be in the form of these examples: When Condition Value Port is USB Port 1 Type is not WiMAX When: Port – Select by the physical port on the router that you are plugging the modem into (e.g.
CradlePoint AER 2100 – Manual GRE keep-alive packets may be sent from both sides of a tunnel, or from just one side. Enabled: Select to enable GRE Keep Alive to continually send keep-alive packets to the remote peer. Rate: Choose the length of time in seconds for each check (Default: 10 seconds. Range: 2 – 3600 seconds). Retry: Select the number of attempts before the GRE tunnel is considered down or up (Default: 3. Range: 1 – 255).
CradlePoint AER 2100 – Manual Tunnel Name – Enter a name to uniquely identify this tunnel. LNS address – Enter the IP Address of the LNS (tunnel server) peer. MTU – Set the maximum transmission unit (MTU) for the L2TP tunnel. MRU – Set the maximum receive unit (MRU) to request from the tunnel peer. The MRU is very similar to the MTU: MTU is for packets sent and MRU is for packets received. Tunnel Enabled – Click to enable/disable this tunnel. Default: Enabled.
CradlePoint AER 2100 – Manual Remote Name – Authorization name specified by and to the remote system as its identity, sometimes a username or hostname. Leave blank to match any. Local Name – Authorization name specified by and to the remote system as the local system identity; sometimes a username or hostname. Leave blank to match any. Secret – Shared secret (or password) used to authenticate the associated Local and Remote names. Overrides Override Authentication methods/parameters.
CradlePoint AER 2100 – Manual Network Address – This is the network address that is the destination of the route. This should be set to the network address at the remote side of the tunnel. Netmask – This is the corresponding subnet mask of the network being defined. Network Mobility (NEMO) NOTE: NEMO requires a feature license. Go to System Settings → Feature Licenses to enable this feature. Network Mobility (NEMO) is an Internet standards track protocol defined in RFC 5177.
CradlePoint AER 2100 – Manual Network Mobility (NEMO) Settings Home IP Address and Home Netmask – These may be provided by your NEMO service provider. The IP address is a placeholder, “dummy” address; any IP address can be used (1.2.3.4 is common). Home Agent IP Address, Home Agent Password, and Home Agent SPI – Your home agent will be defined by your NEMO service provider. Renew Registration – The NEMO network regularly re-registers with the home agent (e.g., every 30 seconds).
CradlePoint AER 2100 – Manual Enabled: Enable or disable the interface. Name: Give the interface a unique name that matches the mGRE (multipoint GRE) tunnel. Select from configured GRE tunnels or input manually. Peer Authentication: Embeds the secret plaintext password to outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless this password is present. Max length: 8 characters. Holding Time: Specifies the holding time for NHRP registration requests and resolution replies.
CradlePoint AER 2100 – Manual Once you have a valid feature license, click Add to create a new OpenVPN tunnel. Click Edit to make changes to an existing tunnel. Add/Edit Tunnel – General Tunnel Enabled – Click to enable/disable this tunnel. Tunnel Name – Enter a name to uniquely identify this tunnel. Tunnel Mode – Select which mode this tunnel endpoint is required to be. Choose from the following: Client Server Local Tunnel Address – Enter the IP Address of the LNS (tunnel server) peer.
CradlePoint AER 2100 – Manual Host – IP address of the remote server. Port – Specify the port if desired. Protocol – Select UDP or TCP. Add/Edit Tunnel – Certificate Settings Generate or upload certificates for OpenVPN. If the Configuration Mode is set to Simple, you have the option to set the TLS-Auth Key.
CradlePoint AER 2100 – Manual VPN Tunnels VPN (virtual private network) tunnels are used to establish a secure connection to a remote network over a public network. For example, VPN tunnels can be used across the Internet by an individual to connect to an office network while traveling, or by two office networks to function as one network. The two networks set up a secure connection across the (normally) unsecure Internet by assigning VPN encryption protocols.
CradlePoint AER 2100 – Manual Local Identity: Specifies the identifier sent to the remote host during phase 1 negotiation. If left blank it will default to the IP address of the WAN connection. Currently we only support identifiers in the form of an IP address, a user-fully qualified domain name (user@mydomain.com) or just a fully qualified domain name (www.mydomain.com). If the remote side of the tunnel is configured to expect an identifier, then both must match in order for the negotiation to succeed.
CradlePoint AER 2100 – Manual Invert WAN Binding: Advanced option that inverts the meaning of WAN Binding to only establish this tunnel when the specified WAN Binding device(s) are NOT connected. Add/Edit Tunnel – Local Networks IP Version: Select IPv4 or IPv6. The Network Address and the Netmask define what local devices have access to or can be accessed from the VPN tunnel. NOTE: the local network IP address MUST be different from the remote network IP address.
CradlePoint AER 2100 – Manual Add/Edit Tunnel – IKE Phase 1 IKE security has two phases, Phase 1 and Phase 2. You have the ability to distinctly configure each phase, but the default settings will be sufficient for most users. To set up a tunnel with a remote site, you need to match your tunnel's IKE negotiation parameters with the remote site. By selecting several encryption, hash, and DH group options, you improve your chances for a successful tunnel negotiation.
CradlePoint AER 2100 – Manual Note that some Encryption/Hash combinations (e.g., 3DES with SHA2 384/512) are computationally expensive, impacting WAN performance. AES is as strong an encryption and performs much better than 3DES. DH Groups: The DH (Diffie-Hellman) Group is a property of IKE and is used to determine the length of prime numbers associated with key generation. The strength of the key generated is partially determined by the strength of the DH Group.
CradlePoint AER 2100 – Manual Connection Idle Time: Configure how long the router will allow an IPsec session to be idle before beginning to send Dead Peer Detection (DPD) packets to the peer machine. (Default: 30 seconds. Range: 10 – 3600 seconds.) Request Frequency allows you to adjust the delay between these DPD packets. (Default: 15 seconds. Range: 2 – 30 seconds.) Maximum Requests: Specify how many requests to send at the selected time interval before the tunnel is considered dead. (Default: 5.
CradlePoint AER 2100 – Manual Enable Certificate Support: Enabling Certificate Support will allow you to load a certificate for VPN to the router. Click the “Upload Certificate” button to browse for a certificate on a local device. Disabling certificate support will no longer use any previously loaded certificate but will not delete it from the router. Only one certificate at a time is supported. IKE / ISAKMP Port: Internet Key Exchange / Internet Security Association and Key Management Protocol port.
CradlePoint AER 2100 – Manual interfaces at a similar percentage of the assigned data cap in the data usage rule for each interface, rather than distributing sessions based solely on bandwidth. For proper functioning you need to create data usage rules for each WAN device you will be load balancing. Make certain to select the "Use with Load Balancing" checkbox in the data usage rule editor.
CradlePoint AER 2100 – Manual your rule is defined by a particular port instead). EXAMPLE: If you want to associate this rule with your guest LAN, you could input the IP address and netmask for the guest LAN here (leaving the last slot “0” to allow for any user attached to the guest network): Source IP Address: 192.168.10.0 Source Netmask: 255.255.255.0 Failover: (Default: Selected.
CradlePoint AER 2100 – Manual All CradlePoint routers and some other routers use the same default IP address for the primary network: 192.168.0.1. If you attempt to set up WiFi as WAN and there is an “IP conflict,” you need to change the IP address. The router is attempting to use the same IP address for both WAN and LAN, which is impossible. Go to Network Settings → WiFi / Local Networks. Select the network and click Edit. You can change the IP address under IPv4 Settings.
CradlePoint AER 2100 – Manual Site Survey This is a list of WiFi networks that the router can currently find, along with information about the network such as its mode and channel. Click “Refresh” if a WiFi network you want to connect to is invisible. You can sort the list based on any of the fields by clicking on the field name. If you import a network from Site Survey, most of the information about the network will already be completed.
CradlePoint AER 2100 – Manual Router Security Advanced Security Mode – When the router is configured to use the advanced security mode, several aspects of the router’s configuration and networking functionality will be extended to support high security environments. This includes support for multiple user accounts, increased password security, and additional network spoofing filters. If you plan to use your router in a PCI DSS compliant environment this option is mandatory. See below for more details.
CradlePoint AER 2100 – Manual Server Timeout – If the servers are not reached within the set time (possibly because the WAN is down), the router will automatically fall back to using Local Users mode to prevent users from being locked out. Authentication Service – Choose from: ASCII / Login PAP CHAP Server Address – This can be either an IP address in the form of "1.2.3.4", or a DNS name in form of "host.domain.com". Only lower case letters are allowed for a DNS name. Port – Port 49 is default for TACACS+.
CradlePoint AER 2100 – Manual Server Timeout – If the servers are not reached within the set time (possibly because the WAN is down), the router will automatically fall back to using Local Users mode to prevent users from being locked out. Server Address – This can be either an IP address in the form of "1.2.3.4", or a DNS name in form of "host.domain.com". Only lower case letters are allowed for a DNS name. Port – Port 1812 is common for RADIUS servers.
CradlePoint AER 2100 – Manual Require HTTPS Connection – Check this box if you want to encrypt all router administration communication. Secure HTTPS Port – Enter the port number you want to use. The default is 443. Enable SSH Server – When the router's SSH server is enabled you may access the router's command line interface (CLI) using the standards-based SSH protocol. Use the username "admin" and the standard system password to log in. SSH Server Port – Default: 22.
CradlePoint AER 2100 – Manual Enable GPS support – Enables support for querying GPS information from supported modems. Enable GPS server on WAN – Enables a TCP server on the WAN side of the firewall, which will periodically send GPS NMEA sentences to connected clients. Enable GPS server on LAN – Enables a TCP server on the LAN side of the firewall, which will periodically send GPS NMEA sentences to connected clients.
CradlePoint AER 2100 – Manual connection may still be reachable by SMS because Internet traffic and SMS traffic operate on separate channels, so SMS can be used to bring on offline router back online. SMS is enabled on the router by default. However, it only works if SMS is supported and enabled on the modem. Most modems have SMS enabled by default, but the carrier may charge a fee for each text message sent or received. Contact your carrier to review these fees and/or to enable an SMS plan.
CradlePoint AER 2100 – Manual NOTE: There are limitations with sending texts via email. The SMS engine is currently only compatible with GSM-based carrier operators. 1. Start a new email message. 2. In the To field, enter the modem’s MDN plus the modem’s carrier domain name (e.g., 2085555555@txt.att.net). 3. Enter the password and command in either the Subject field or Body of the email message. If you use the subject field, leave the body blank, and if you use the body, leave the subject blank.
CradlePoint AER 2100 – Manual ,rstatus, Example: 1234,rstatus, mstatus – Get modem status (port parameter optional) Syntax: ,mstatus,[port,] Examples: 1234,mstatus, 1234,mstatus,usb1, //return status of highest priority modem //return status of modem plugged into port usb1 This command returns info about the indicated modem’s status. The resulting data reflects the modem model number, service type, and connection status and values.
CradlePoint AER 2100 – Manual 1234,apn,myapn@apn.com, 1234,apn,myapn@apn.
CradlePoint AER 2100 – Manual Receive the modem’s status and settings: 1234,mstatus, Set the modem’s APN to the correct setting: 1234,apn,broadband, Verify the APN was set properly: 1234,mstatus, Continue to verify the status periodically to ensure that the modem connects: 1234,rstatus, System Logging Logging Level: Setting the log level controls which messages are stored or filtered out.
CradlePoint AER 2100 – Manual stick. Please disable the feature before removing the USB stick, or you may lose some logging data. Verbose modem logging: Only enable this option if instructed by a CradlePoint support agent. Create support log: This functionality allows for a quick collection of system logging. Create this log file when instructed by a CradlePoint support agent. Router Services By default, router services (Enterprise Cloud Manager, NTP, etc.) connect to the router via the WAN.
CradlePoint AER 2100 – Manual Not all Certificate Management options displayed here are currently available via the Enterprise Cloud Manager configuration pages. Create Certificates Complete the following fields to create certificates locally, including CA (certificate authority) certificates.
CradlePoint AER 2100 – Manual General Description Name: Choose a name meaningful to you. Issuer Set as CA certificate: Select if the certificate you are creating is intended to be a CA. Sign with CA certificate: Select to sign this certificate with a CA you created previously. Certificate Name: Select your CA certificate from the dropdown list of local certificates. Subject Country Name: 2-letter country code (e.g.
CradlePoint AER 2100 – Manual Local Name: Generally the city or town Organization Name: Company name Organization Unit: Company division name Common Name: Must be unique; if used for authentication, this must match the configured Common Name (CN) on the third-party authenticator Email Address Validity Days: Input the number of days the certificate should remain valid (999 days maximum).
CradlePoint AER 2100 – Manual Name: Friendly description of the certificate. Country: (C) The certificate owner’s country of residence. State or Province: (ST) the certificate owner’s state or province of residence Location: (L) The certificate issuer’s locality (city, town, etc.). Org.: (O) The organization to which the certificate issuer belongs. Org. Unit: (OU) The name of the organizational unit to which the certificate issuer belongs Common Name: (CN) Name used to match authentication credentials.
CradlePoint AER 2100 – Manual Import/Export PKCS #12 Format Certificates PKCS #12 is one of the public-key cryptography standards. PKCS #12 files bundle public and private certificate keys in an archive file format. The PKCS #12 container format is more secure than the PEM container format because it is protected by an encryption key. Import Choose a certificate file in PKCS #12 format from your computer or local device and upload it to the router. Give the certicate a name that is meaningful to you.
CradlePoint AER 2100 – Manual Alerts can be included for the following: Firmware Upgrade Available: A firmware update is available for this device. System Reboot Occurred: This router has rebooted. This depends on NTP being enabled and available to report the correct time. Unrecognized MAC Address: Used with the MAC monitoring lists. An alert is sent when a new unrecognized MAC address is connected to the router. WAN Device Status Change: An attached WAN device has changed status.
CradlePoint AER 2100 – Manual Server Port: 587 (for TLS, or Transport Layer Security port; the router does not support SSL). Authentication Required: For Gmail, mark this checkbox. User Name: Your full email address Password: Your Gmail password From Address: Your email address To Address: Your email address Once you have filled in the information for the SMTP server, click on the “Verify SMTP Settings” button. You should receive a test email at your account.
CradlePoint AER 2100 – Manual Enabled: Enable the ECM client to contact the server. While this box is unchecked, the ECM client will never attempt to contact the server. (Default: Enabled) Server Host:Port: The DNS hostname and port number for your ECM server. (Default: stream.cradlepoint.com) Session Retry Timer: How long to wait, in seconds, before starting a new ECM session following a connection drop or connectivity failure.
CradlePoint AER 2100 – Manual Hotspot Mode: Choose from the following dropdown options: Simple: Allows “Terms of Use” page and timeout settings controlled within the router. RADIUS/UAM: Allows you to set up external authentication servers. Local IP Network: A single LAN Group – including both WiFi and Ethernet – can be configured as your hotspot.
CradlePoint AER 2100 – Manual Display: This section allows you to choose if a "Terms of Use" page will be given to the user connecting to the hotspot. Internal Terms of Use. Fill in your own terms of use. External Terms of Use. Specify a URL that has the Terms of Use page. Users will automatically be directed to this page. No Terms of Use. Redirect Only.
CradlePoint AER 2100 – Manual Server Address 1: Assigned by RADIUS service. Server Address 2: This is an optional backup server. Authentication Port: The standard port number, 1812, will usually be sufficient. Accounting Port: The standard port number, 1813, will usually be sufficient. Shared Secret: Assigned by RADIUS service. Redirection On Successful Authentication: Choose from the dropdown list of options for redirection: Redirect to the UAM Server. Redirect to the URL that the user intends to visit.
CradlePoint AER 2100 – Manual The HeartBeat, when enabled, sends the following information to the specified URL at the specified time interval so the operator managing the hotspot knows if the router is still functioning: mac: The MAC address of the router, i.e. 00-11-22-33-44-55. nasid: The NAS/Gateway ID of the router which should be entered in the UAM Settings. os_date: A string showing the type of router and the firmware version running, e.g. Cradlepoint_4.1.2.
CradlePoint AER 2100 – Manual Enabled: Enabling Telnet to Serial will start a Telnet server that passes its connection to the serial adapter. Enabling this service is not necessary when accessing serial through SSH. LAN: Enable serial redirector for LAN connections. Authenticated LAN: Enable serial redirector for Authenticated LAN connections. You must be logged into the router to use the redirector. WAN: Enable serial redirector for WAN connections.
CradlePoint AER 2100 – Manual Stop Bits: Number of bits to initiate the stop period. Select from these dropdown values: 1, 1.5, and 2. Hardware (RTS/CTS): Use RTS (Request To Send)/CTS (Clear To Send) to enable flow control. Software (XON/XOFF): Use XON/XOFF to enable flow control. Linefeed: Select how you want linefeeds translated (CR = carriage return and LF = line feed).
CradlePoint AER 2100 – Manual Authentication type: Select the authentication and encryption type that will be used when connecting to the router from the following dropdown list. These settings must match the configuration used on any SNMP clients. MD5 with no encryption SHA with no encryption MD5 with DES encryption SHA with DES encryption MD5 with AES encryption SHA with AES encryption Username: Enter the Username configured on your SNMP host in the username field.
CradlePoint AER 2100 – Manual Restore to Factory Defaults: This changes all settings back to their default values. Reboot The Device: This causes the router to restart. Advanced Control: System Automatic Reboot, Ping Test Scheduled Reboot: This causes the router to restart at a user-determined time. Watchdog Reboot: This causes the router to automatically restart when it determines an unrecoverable error condition has occurred. Ping Test: A simple test to check Internet connectivity.
CradlePoint AER 2100 – Manual upgrade just because a new version is available. Check the firmware release notes (cradlepoint.com/firmware) for information to decide if you should upgrade. Current Firmware Version: Shows the number of the current firmware and the date it was updated. Available Firmware Version: If there is a new firmware version available, this will list the version number. Click “Check Again” to have the router check the newest firmware.
