View
18
Download
0
Category
Preview:
Citation preview
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 1
Release Notes for Cradlepoint Rev 6.3.2 Firmware
Products supported/tested
AER3100/AER3150
AER2100
AER1600/AER1650
IBR1100/IBR1150
IBR900/IBR950
IBR600C/IBR650C
Notes:
Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Modems tested (new 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Cradlepoint AER16x0LPE-SP / Sprint (USA)
Cradlepoint AER16x0LPE-VZ / Verizon (USA)
Cradlepoint AER16x0LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR350L / Verizon (USA)
Cradlepoint IBR350LPE-AT / AT&T (USA)
Cradlepoint IBR350LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR350LPE-SP/ Sprint (USA)
Cradlepoint IBR350LPE-VZ / Verizon (USA)
Cradlepoint IBR350P2 / AT&T (USA); Generic GSM-compatible locations (World)
Cradlepoint IBR6x0B-LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR6x0C-LPE-AT / AT&T (USA)
Cradlepoint IBR6x0C-LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR6x0C-LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0C-LPE-VZ / Verizon (USA)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 2
Cradlepoint IBR6x0LPE-AT / AT&T (USA)
Cradlepoint IBR6x0LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint IBR6x0LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0LP3-EU / Generic (Europe)
Cradlepoint IBR900LPE-VZ / Verizon (USA)
Note: Also certified on AT&T (USA), Sprint (USA), and Generic (North America)
Cradlepoint IBR9x0LP5 / Generic (APAC)
Cradlepoint IBR9x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR11x0LPE-AT / AT&T (USA)
Cradlepoint IBR11x0LPE-GN / C-Spire, T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint IBR11x0LPE-SP / Sprint (USA)
Cradlepoint IBR11x0LPE-VZ / Verizon (USA
Cradlepoint IBR11x0LP3-EU / Generic (Europe), Telstra (Australia)
Cradlepoint IBR11x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint MC400L2 / Public Safety Band 14 only (USA)
Cradlepoint MC400LPE-AT / AT&T (USA)
Cradlepoint MC400LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint MC400LPE-SP / Sprint (USA)
Cradlepoint MC400LPE-VZ / Verizon (USA)
Cradlepoint MC400LP3-EU / Generic (Europe)
Cradlepoint MC400LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint MC400LP5 / Generic (APAC)
Cradlepoint MC400LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Vodafone (Worldwide), Generic (North America, Europe)
3rd Party USB Cellular Modems
Franklin U770 (“Sprint Plug-In-Connect Tri-Mode USB Modem”) / Sprint (USA)
Franklin U772 (“Franklin U772 USB Modem”) / Sprint (USA)
Huawei E3276 / Telus (Canada)
Huawei E368 (“AT&T USBConnect Force 4G”) / AT&T (USA)
Netgear AC340U (“AT&T Beam”) / AT&T (USA)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 3
Netgear AC341U (“NETGEAR® 341U USB Modem”) / Sprint (USA)
*supports Netgear firmware 4.07.01.11 and MR2 firmware 45.04.20.00
Novatel 551L LTE (“Verizon USB551L”) / Verizon (USA)
Novatel U620L (“Verizon MiFi© 4G LTE Global USB Modem U620L”) / Verizon (USA)
Novatel U679 (“4G LTE Novatel Wireless U679 Turbo Stick”) / Bell Mobility (Canada)
Pantech UML295VW (“Verizon 4G LTE USB Modem UML2954G LTE”) / Verizon (USA)
*requires Pantech firmware version L0295VWD821F.B4 or later
Portsmith PSA1U1M ("Portsmith USB Client to Analog Modem Adapter") / POTS phone providers
Sierra Wireless 308 USB (“AT&T USBConnect Shockwave”) / AT&T (USA)
Sierra Wireless 313U (“AT&T USBConnect Momentum 4G”) / AT&T (USA)
Sierra Wireless 320U (“Telstra USB 4G (Sierra AirCard 320U)”) / Telstra (Australia)
Sierra Wireless 330U (“4G LTE Sierra Wireless U330 - Turbo Stick”) / Bell Mobility (Canada)
Sierra Wireless 330U (“LTE Rocket Stick – Sierra Wireless AirCard 330U”) / Rogers (Canada)
ZTE MF683 (“T-Mobile Rocket 3.0 4G Laptop Stick”) / T-Mobile (USA)
Analog Modems
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets)
Added Threat Management support to IBR9x0 and IBR6x0c products. This is enabled under the Security -> Threat Management menu. This is a licensable feature and is not enabled by default.
Additional UI/Usability changes
No UI changes
Defects fixed
AER2100 disconnects and reconnects all IPSec tunnels simultaneously
Router still trying to route through policy-based IPSec tunnel when it is down
6.3.0 ECM Config editors - Attempting to add local certs fails: Unable to verify config store size
WiFi as WAN on hidden SSID not working for IBR1100 or AER1600 on v6.3.0
Excluding Remote Networks in IPSec config blocks all tunnel traffic
Router reboots unexpectedly when using Hotspot Services and a large number of wired clients
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 4
Upstream Proxy Settings: HTTPs isn't being redirected properly
IPSec VPN IPv4 Netmask defined as a IPv4 address instead of netmask
Disabling VPN service, race condition doesn't always tear down service and tunnels
MAC Address Web Filter Defaults of a matching Allow mac address blocks access when non-matching Block rule is added.
Phase 2 IPSec SAs are not being removed during failover/failback VPN tunnels causing issues with RRI on VPN Cisco Hubs
No supported GPS device found message on Status -> GPS page UI, using LP5 and LP6 modems
IPSec VPN: Invalidate specifying the same remote gateway for concurrent VTI and non-VTI tunnels
Identity Type not disabled when selecting cert with asn1dn checked
GRE keep-alive response not getting encrypted in GRE over IPSec tunnel configuration
Route Table Editor should display metric field of listed routes
Feature license banner is confusing when editing Main Route Table
Changing NAT-T port on both ends doesn't bring up VPN tunnel. Work around this by enabling “Force UDP Encapsulation”.
AER3100 Error Applying Settings When Disabling 5Ghz Radio
LP6 / LP5 modems. Extended GPS re-enablement process for modems self-disabling GPS service. Some modems occasionally turn their own GPS off for reasons yet unknown. The driver’s GPS detect and re-enable recovery is a temporary workaround until the modem firmware can address this issue directly.
LP6 / LP5 modems in dual SIM platforms. Modified the modem shutdown process to prevent possible modem corruption seen only when used in a highly stressed modem environment.
Security defects fixed
No security fixes
Known Issues
IPSec UI (6.3.0). In 6.3.0 the restriction of configuring tunnels with duplicate remote gateways was removed. Configuring a combination of VTI-Tunnel and Tunnel mode IPSec with the same remote gateway can lead to unexpected behavior and we recommend avoiding this type of configuration.
On the System -> Administration -> GPS page, an alert will state that a GPS-enabled device isn’t found even if one is connected to the router. The alert will persist until the device gets a GPS lock.
Reputation Services (6.0.1). If you upload a reputation file to the router, save the configuration, factory reset, then reload the configuration file any firewall entries referencing that reputation file will fail. The reputation file is not saved in the exported configuration file.
If any of the router’s WAN connections (Ethernet, Wi-Fi as WAN, modem) connects to a device that has the same IP subnet as the router, the router will disable the interface and provide a
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 5
Bounce Page warning that the WAN interface has a conflict (if bounce pages are enabled). Simply change the LAN IP Address on the Network Settings -> WiFi / Local Network Settings page in the UI.
When using WiFi as WAN or WiFi Client Mode set to “WiFi-as-Client”, enable WAN verify on the WiFi-as-WAN Profile in Connection Manager
LTE
Unless you have a specific service from your carrier, LTE modems will not generally provide an externally-available IP address. Services, such as Remote Management, will not work.
Modem
Franklin U770. The Modem’s Ethernet address conflicts with the default address of the Guest LAN. A warning message is placed in the log and the Guest LAN is disabled. If you change the address of the Guest LAN to a non-conflicting address, this restriction will not occur.
Sierra Wireless 313U, 330U. When these modems connect on 2G or 3G bands, specifically on GSM 850, they will sometimes cause interference on the USB bus, resulting in the modem not plugging properly. If this occurs, attaching the modem to a USB extension cable will generally fix the problem.
The following USB modems contain an embedded web server through which many modem
settings are configured. To access the modem’s web pages, you must be logged in as the router
administrator. Once logged in, you can then access the modem web pages at these given IP
addresses:
Franklin U770, U772 / Sprint (USA) -> 192.168.10.1
Netgear AC341U * / Sprint (USA) -> 192.168.1.1 (address is configurable)
Pantech UML295VW * / Verizon (USA) -> 192.168.32.2
* The modem web pages are available only when the modem is operating in NAT mode.
Release Notes for Cradlepoint Rev 6.3.1 Firmware
Products supported/tested
AER3100/AER3150
AER2100
AER1600/AER1650
IBR1100/IBR1150
IBR900/IBR950
IBR600/IBR650
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 6
IBR600B/IBR650B
IBR600C/IBR650C
IBR350
CBA850
MBR1200B
Notes:
Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Modems tested: (new 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Cradlepoint AER16x0LPE-SP / Sprint (USA)
Cradlepoint AER16x0LPE-VZ / Verizon (USA)
Cradlepoint AER16x0LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR350L / Verizon (USA)
Cradlepoint IBR350LPE-AT / AT&T (USA)
Cradlepoint IBR350LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR350LPE-SP/ Sprint (USA)
Cradlepoint IBR350LPE-VZ / Verizon (USA)
Cradlepoint IBR350P2 / AT&T (USA); Generic GSM-compatible locations (World)
Cradlepoint IBR6x0B-LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR6x0C-LPE-AT / AT&T (USA)
Cradlepoint IBR6x0C-LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR6x0C-LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0C-LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0LPE-AT / AT&T (USA)
Cradlepoint IBR6x0LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint IBR6x0LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0LPE-VZ / Verizon (USA)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 7
Cradlepoint IBR6x0LP3-EU / Generic (Europe)
Cradlepoint IBR900LPE-VZ / Verizon (USA)
Note: Also certified on AT&T (USA), Sprint (USA), and Generic (North America)
Cradlepoint IBR9x0LP5 / Generic (APAC)
Cradlepoint IBR9x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR11x0LPE-AT / AT&T (USA)
Cradlepoint IBR11x0LPE-GN / C-Spire, T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint IBR11x0LPE-SP / Sprint (USA)
Cradlepoint IBR11x0LPE-VZ / Verizon (USA
Cradlepoint IBR11x0LP3-EU / Generic (Europe), Telstra (Australia)
Cradlepoint IBR11x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint MC400L2 / Public Safety Band 14 only (USA)
Cradlepoint MC400LPE-AT / AT&T (USA)
Cradlepoint MC400LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint MC400LPE-SP / Sprint (USA)
Cradlepoint MC400LPE-VZ / Verizon (USA)
Cradlepoint MC400LP3-EU / Generic (Europe)
Cradlepoint MC400LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint MC400LP5 / Generic (APAC)
Cradlepoint MC400LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Vodafone (Worldwide), Generic (North America, Europe)
3rd Party USB Cellular Modems
Franklin U770 (“Sprint Plug-In-Connect Tri-Mode USB Modem”) / Sprint (USA)
Franklin U772 (“Franklin U772 USB Modem”) / Sprint (USA)
Huawei E3276 / Telus (Canada)
Huawei E368 (“AT&T USBConnect Force 4G”) / AT&T (USA)
Netgear AC340U (“AT&T Beam”) / AT&T (USA)
Netgear AC341U (“NETGEAR® 341U USB Modem”) / Sprint (USA)
*supports Netgear firmware 4.07.01.11 and MR2 firmware 45.04.20.00
Novatel 551L LTE (“Verizon USB551L”) / Verizon (USA)
Novatel U620L (“Verizon MiFi© 4G LTE Global USB Modem U620L”) / Verizon (USA)
Novatel U679 (“4G LTE Novatel Wireless U679 Turbo Stick”) / Bell Mobility (Canada)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 8
Pantech UML295VW (“Verizon 4G LTE USB Modem UML2954G LTE”) / Verizon (USA)
*requires Pantech firmware version L0295VWD821F.B4 or later
Portsmith PSA1U1M ("Portsmith USB Client to Analog Modem Adapter") / POTS phone providers
Sierra Wireless 308 USB (“AT&T USBConnect Shockwave”) / AT&T (USA)
Sierra Wireless 313U (“AT&T USBConnect Momentum 4G”) / AT&T (USA)
Sierra Wireless 320U (“Telstra USB 4G (Sierra AirCard 320U)”) / Telstra (Australia)
Sierra Wireless 330U (“4G LTE Sierra Wireless U330 - Turbo Stick”) / Bell Mobility (Canada)
Sierra Wireless 330U (“LTE Rocket Stick – Sierra Wireless AirCard 330U”) / Rogers (Canada)
ZTE MF683 (“T-Mobile Rocket 3.0 4G Laptop Stick”) / T-Mobile (USA)
Analog Modems
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets):
No new feature
Additional UI/Usability changes:
No UI changes
Defects fixed:
Network Mobility (NEMO/DNMR) traffic was blocked by an incorrect priority on a black-hole route used to prevent packet leakage.
Security issues:
No security fixes
Release Notes for Cradlepoint Rev 6.3.0 Firmware
Products supported/tested
AER3100/AER3150
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 9
AER2100
AER1600/AER1650
IBR1100/IBR1150
IBR900/IBR950
IBR600/IBR650
IBR600B/IBR650B
IBR600C/IBR650C
IBR350
CBA850
MBR1200B
Notes:
Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Modems tested: (new 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Cradlepoint AER16x0LPE-SP / Sprint (USA)
Cradlepoint AER16x0LPE-VZ / Verizon (USA)
Cradlepoint AER16x0LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR350L / Verizon (USA)
Cradlepoint IBR350LPE-AT / AT&T (USA)
Cradlepoint IBR350LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR350LPE-SP/ Sprint (USA)
Cradlepoint IBR350LPE-VZ / Verizon (USA)
Cradlepoint IBR350P2 / AT&T (USA); Generic GSM-compatible locations (World)
Cradlepoint IBR6x0B-LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint IBR6x0C-LPE-AT / AT&T (USA)
Cradlepoint IBR6x0C-LPE-GN / T-Mobile (USA); Generic (North America)
Cradlepoint IBR6x0C-LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0C-LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0LPE-AT / AT&T (USA)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 10
Cradlepoint IBR6x0LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint IBR6x0LPE-SP/ Sprint (USA)
Cradlepoint IBR6x0LPE-VZ / Verizon (USA)
Cradlepoint IBR6x0LP3-EU / Generic (Europe)
Cradlepoint IBR900LPE-VZ / Verizon (USA)
Note: Also certified on AT&T (USA), Sprint (USA), and Generic (North America)
Cradlepoint IBR9x0LP5 / Generic (APAC)
Cradlepoint IBR9x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint IBR11x0LPE-AT / AT&T (USA)
Cradlepoint IBR11x0LPE-GN / C-Spire, T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint IBR11x0LPE-SP / Sprint (USA)
Cradlepoint IBR11x0LPE-VZ / Verizon (USA
Cradlepoint IBR11x0LP3-EU / Generic (Europe), Telstra (Australia)
Cradlepoint IBR11x0LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Generic (North America, Europe)
Cradlepoint MC400L2 / Public Safety Band 14 only (USA)
Cradlepoint MC400LPE-AT / AT&T (USA)
Cradlepoint MC400LPE-GN / T-Mobile, US Cellular (USA); Bell Mobility, Rogers, Telus (Canada); Generic (North America)
Cradlepoint MC400LPE-SP / Sprint (USA)
Cradlepoint MC400LPE-VZ / Verizon (USA)
Cradlepoint MC400LP3-EU / Generic (Europe)
Cradlepoint MC400LP4 / AT&T, T-Mobile, Verizon (USA)
Cradlepoint MC400LP5 / Generic (APAC)
Cradlepoint MC400LP6 / AT&T, Sprint, T-Mobile, Verizon (USA); Vodafone (Worldwide), Generic (North America, Europe)
3rd Party USB Cellular Modems
Franklin U770 (“Sprint Plug-In-Connect Tri-Mode USB Modem”) / Sprint (USA)
Franklin U772 (“Franklin U772 USB Modem”) / Sprint (USA)
Huawei E3276 / Telus (Canada)
Huawei E368 (“AT&T USBConnect Force 4G”) / AT&T (USA)
Netgear AC340U (“AT&T Beam”) / AT&T (USA)
Netgear AC341U (“NETGEAR® 341U USB Modem”) / Sprint (USA)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 11
*supports Netgear firmware 4.07.01.11 and MR2 firmware 45.04.20.00
Novatel 551L LTE (“Verizon USB551L”) / Verizon (USA)
Novatel U620L (“Verizon MiFi© 4G LTE Global USB Modem U620L”) / Verizon (USA)
Novatel U679 (“4G LTE Novatel Wireless U679 Turbo Stick”) / Bell Mobility (Canada)
Pantech UML295VW (“Verizon 4G LTE USB Modem UML2954G LTE”) / Verizon (USA)
*requires Pantech firmware version L0295VWD821F.B4 or later
Portsmith PSA1U1M ("Portsmith USB Client to Analog Modem Adapter") / POTS phone providers
Sierra Wireless 308 USB (“AT&T USBConnect Shockwave”) / AT&T (USA)
Sierra Wireless 313U (“AT&T USBConnect Momentum 4G”) / AT&T (USA)
Sierra Wireless 320U (“Telstra USB 4G (Sierra AirCard 320U)”) / Telstra (Australia)
Sierra Wireless 330U (“4G LTE Sierra Wireless U330 - Turbo Stick”) / Bell Mobility (Canada)
Sierra Wireless 330U (“LTE Rocket Stick – Sierra Wireless AirCard 330U”) / Rogers (Canada)
ZTE MF683 (“T-Mobile Rocket 3.0 4G Laptop Stick”) / T-Mobile (USA)
Analog Modems
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets):
IPSec/VPN Tunnels. Support was added for IKEv2 and Suite B cryptographic algorithms and IKEv2 Mobility and Multihoming Protocol (MOBIKE) along with a significant revamp of VPN Tunnel support across the product line.
◦ UI Changes
Networking -> Tunnels -> IPSec VPN has been separated into three tabs. One to configure tunnels, one to configure general settings for all tunnels, and the third to configure logging of VPN tunnel connections.
Status -> Tunnels -> IPSec VPN has also been separated into three tabs. The first page shows the status of all configured tunnels, and the user can select each tunnel to see significant amounts of information about the connection. The second page shows information about the Security Policy Database and Security Association Database. The third page shows configuration information.
NHRP UI Changes
Status -> Tunnels -> GRE/ NHRP
◦ Add a grid with NHRP cache information
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 12
Networking -> NHRP
◦ IPSec VPN Responder Only checkbox removed from NHRP Global Settings. Active creation of VPN tunnels is now done on a per-tunnel basis and can linked to specific VPN configurations
◦ CLI debugging tools added
vpn show
vpn loglevel
xfrm policy
xfrm state
nhrp show
nhrp flush
nhrp flush nbma ip
◦ This change provides significantly faster startup of tunnels
◦ Failover tunnels must be enabled. When upgrading, failover tunnels that were disabled will be automatically enabled to maintain the same functionality. Disabled tunnels are not loaded and will not function as a primary or failover tunnel until enabled.
◦ Additional added VPN options
▪ Networking -> Tunnels -> IPSec VPN -> Global Settings
Permissive IPSec policy firewall – Defaults as enabled. When enabled traffic that matches the IPSec policy is automatically permitted through the firewall.
Allow aggressive mode pre-shared key – Defaults as enabled. Pre-shared keys with aggressive mode VPN is considered unsafe. Disable this to prevent responding to aggressive mode pre-shared key initiation requests.
Legacy HMAC SHA256 bit truncation – Hashing algorithm SHA2 256 with 96 bit truncation has been removed from tunnel configuration and will now use SHA2 256 with 128 bit truncation by default. Enable this to use SHA2 256 with 96 bit truncation instead. This may be required to connect to devices using the legacy algorithm.
▪ Networking>Tunnels>IPSec VPN>Tunnels
Inactivity Timeout – Configure termination of Child Security Associations when traffic is not detected for timeout amount of seconds
QoS changes. Significant changes have been made to automatically support applications such as VOIP without complex QoS configuration changes. Additional changes include:
◦ Direct numeric rate settings on queues in addition to percentage system
◦ QoS Zone Firewall Identity Support
◦ Per-WAN QoS Enable/Disable
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 13
◦ QoS pre-classify support (tunneling)
◦ IP Passthrough with QoS now works in both directions
Smart WAN Selection. Added the ability for the system to automatically select the best WAN connection based on configuration of specific criteria thresholds, including Signal Strength, Data Usage, Latency and Jitter. When Smart WAN Selection is enabled, Failback is automatically disabled. Enablement and configuration of this feature are found in Connection Manager on the new Smart WAN Selection tab.
Note: This feature impacts general Connection Manager functionality which includes failover, failback and load balance processes. These have been improved to follow more intuitive configuration interpretations.
Dual SIM management. Added the ability to more specifically control dual SIM management, such as preferring a primary SIM and enabling/disabling SIM slots per physical port. Configuration of these features is found in Connection Manager on the new Dual SIM tab.
Smart Disconnect. When changing from one WAN connection to another, this feature allows the older session to more gracefully terminate the connection. The disconnect process can be configured with time or data usage-based criteria. Configuration of this feature is found in Connection Manager by clicking the new Smart Disconnect column icon.
(SDK support) Added the ability for an SDK application to provide UI pages, especially when using Hotspot.
Hotspot Services and Hotspot routing was added to the AER3150 and AER1650
Support up to 16 NEMO tunnels
Status -> Firewall -> Hit Count Status was added to allow the admin to see which firewall policies are being triggered
(IBR900/IBR950) Added modem thermal alert support
(IBR1100/IBR600B) Added support for EAP-TLS for WiFi-as-WAN and WiFi Client modes. Added WiFi Client mode support to the 2.4GHz radio as well as the 5GHz radios.
(IBR900) Added support for EAP-TLS for WiFi-as-WAN and WiFi Client modes
Made sure the LAN properly/optimally supports /32 networks
Proxy ARP and true 1-to-1 NAT support. Proxy ARP can be enabled for configured Ethernet WAN or Local IP Network (LAN) interfaces. When enabled, the Cradlepoint router will respond to ARP requests received on the enabled interface if a route exists for the requested destination.
1-to-1 NAT rules have been enhanced to allow specification of Zone binding for each translation in addition to the previous global translation, and the option to add routes useful for Proxy ARP.
Added the ability to define the Source IP address for WiFi authentication RADIUS requests coming from the router
Add Dead Peer Detection to Zscaler Secure Web Gateway support
Added the ability to filter passwords when saving a configuration or creating a Support Log to send to Cradlepoint Support.
Added the ability in the CLI to rename an Ethernet port or add a description
Added the ability to learn the WAN route next hop from DHCP
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 14
Re-enabled Advanced Settings for legacy modem configuration, found in profile/interface Modem menu
Added the ability to immediately reconnect a modem if the unit was offline due to no cellular service (e.g. in a tunnel)
(LP6 modems) Added support for GLONASS and Beidou GNSS systems (in addition to already supported GPS)
(LPE/LP3 modems) Added support for GLONASS (in addition to already supported GPS)
(LP6/LPE/LP3) Extended GPS support to report all incoming GNSS NMEA sentences
Additional UI/Usability changes
Status -> NTP. Added status page for NTP information
Added the ability to copy/paste in status page panels
Status -> Internet -> Client Data Usage. Added Usage Summary tabs to better display the data.
Status -> GPS. Added information about the quality of the GPS fix. Please note that this is the last major firmware version that will provide Google Maps
support within the router UI. The feature will be removed in 6.4.0. Location services will continue to be available using Enterprise Cloud Manager.
Connection Manager>modem interfaces. The configured APN is now displayed in the expanded status.
(LP4 modems) Added channel bandwidth and cell tower ID to diagnostics
(LE modems) Due to Verizon’s change of OTA process, removed OTA retries since they won’t be successful. This modem does not support Verizon’s new OTA process.
Defects fixed
IP Passthrough, QoS affects upload speeds but not download speeds
Static route disappears from the Routing Table when upgrading from 6.0.5 to 6.1.0 on IBR6x0
WiFi / Wired clients disassociated and not passing traffic even though the WAN interface is up and able to be pinged.
Multiple routers DynDNS fail after update to 6.2.2
VPN fails after failback
IPSec VPN, aggressive mode not establishing when an FQDN is used for the tunnel identity
IPSec: Full tunnel behind NAT always on
Policy route lo:ecm isn’t functioning after reboot
Route Policy missing after upgrade to 6.2.1
LAN Schedule causing SSID to not rebroadcast until reboot
NAS-ID on WPA Enterprise not coming through
Select Option for APNs not using the selected APN
Client/Server OpenVPN pushed routes not pushing
Cannot enter IP address/Prefix length format under Security -> Zone Firewall -> Remote Access Restriction
First GPS parse error causes service to halt
6.x.x to 6.2.0, One touch router FW upgrade factory reset does not reset
Certificate Name not listed in Local Certificate CSR dropdown
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 15
NAT-TO doesn’t correctly configure firewall rules on configuration changes
Fixed unable to edit a Connection Manager profile update after router FW upgrade
Removed excessive alerts for a disconnect of a WAN interface that was not connected
Improved general APN management and recovery
(LP4/ATT) Select now works on all profiles (not just default profile)
Fixed several dual SIM issue, such as adding dynamic detection of IMSI changes, and addressing Sprint HFA interruptions
Fixed Modem FW upgrade to add message box on communication failures
Added WAN uptime history if Ethernet was connected at boot time
(LP6) Enable GNSS antenna power when it’s occasionally disabled
Security defects fixed
Sweet32 mitigation. https://sweet32.info/ describes an attack that is unlikely but possible to recover secure HTTP cookies. To mitigate this attack, we changed the default cryptographic algorithms from the Mozilla recommended Intermediate compatibility list to their Modern compatibility list. The list can be modified by changing /config/system/cipher_list in the CLI. https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
Known issues
IPSec UI (6.3.0). In 6.3.0 the restriction of configuring tunnels with duplicate remote gateways was removed. Configuring a combination of VTI-Tunnel and Tunnel mode IPSec with the same remote gateway can lead to unexpected behavior and we recommend avoiding this type of configuration.
GRE keep alive responses are not encrypted using IPSec. This can cause GRE keep alive status to report inaccurate keep alive states between two Cradlepoint routers when GRE over IPSec is configured using "Always On" initiation mode. To work around this issue, configure GRE over IPSec using "On Demand" initiation mode or use another keep alive mechanism such as Dead Peer Detection.
On the System -> Administration -> GPS page, an alert will state that a GPS-enabled device isn’t found even if one is connected to the router. The alert will persist until the device gets a GPS lock.
Reputation Services (6.0.1). If you upload a reputation file to the router, save the configuration, factory reset, then reload the configuration file any firewall entries referencing that reputation file will fail. The reputation file is not saved in the exported configuration file.
If any of the router’s WAN connections (Ethernet, Wi-Fi as WAN, modem) connects to a device that has the same IP subnet as the router, the router will disable the interface and provide a Bounce Page warning that the WAN interface has a conflict (if bounce pages are enabled). Simply change the LAN IP Address on the Network Settings -> WiFi / Local Network Settings page in the UI.
When using WiFi Client Mode set to “WiFi-as-Client”, enable WAN verify on the WiFi-as-WAN Profile in Connection Manager
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 16
LTE
Unless you have a specific service from your carrier, LTE modems will not generally provide an externally-available IP address. Services, such as Remote Management, will not work.
Modem
Franklin U770. The Modem’s Ethernet address conflicts with the default address of the Guest LAN. A warning message is placed in the log and the Guest LAN is disabled. If you change the address of the Guest LAN to a non-conflicting address, this restriction will not occur.
Sierra Wireless 313U, 330U. When these modems connect on 2G or 3G bands, specifically on GSM 850, they will sometimes cause interference on the USB bus, resulting in the modem not plugging properly. If this occurs, attaching the modem to a USB extension cable will generally fix the problem.
The following USB modems contain an embedded web server through which many modem settings
are configured. To access the modem’s web pages, you must be logged in as the router
administrator. Once logged in, you can then access the modem web pages at these given IP
addresses:
Franklin U770, U772 / Sprint (USA) -> 192.168.10.1
Netgear AC341U * / Sprint (USA) -> 192.168.1.1 (address is configurable)
Pantech UML295VW * / Verizon (USA) -> 192.168.32.2
The modem web pages are available only when the modem is operating in NAT mode.
Recommended