User Manual AER3100/AER3150 TABLE OF CONTENTS INTRODUCTION WHAT’S IN THE BOX KEY FEATURES WIFI (ONLY ON AER3100) MANAGEMENT VPN AND ROUTING SECURITY CLOUD OPTIMIZED IP COMMUNICATIONS SYSTEM REQUIREMENTS SPECIFICATIONS ACCESSORIES BUSINESS-GRADE MODEM SPECIFICATIONS HARDWARE LEDS SUPPORT AND WARRANTY QUICK START...
• Dual SIM slots in each modem • Most models include support for active GPS • 13 10/100/1000 Ethernet ports (WAN/LAN switchable) • WiFi as WAN (only on AER3100) • Failover/Failback • Load Balancing • Advance Modem Failure Check •...
Support SYSTEM REQUIREMENTS • At least one Internet source: a Cradlepoint integrated 3G/4G modem with an active data plan, an Ethernet-based modem, or WiFi as WAN • Windows 7/8, Mac OS X, or Linux computer (with WiFi adapter – 802.11n recommended – for WiFi functionality) •...
4” Mini mag-mount antenna (Part # 170606-000) BUSINESS-GRADE MODEM SPECIFICATIONS AER3100/AER3150 models include an internal 4G LTE modem (MC400); specific model names include a specific modem (e.g., the AER3100LPE-VZ includes an MC400LPE-VZ modem for Verizon). Please note that LPE models are flexible and support bands for multiple cellular providers; however, only the frequency bands in bold below are supported by the listed provider.
VPN Indicates information about a VPN data source. • Green = Active VPN tunnel. 2.4GHz WiFi BROADCAST (only on AER3100) These two LEDs indicate activity on the WiFi broadcast 5GHz for both the 2.4 GHz and 5 GHz bands. •...
BASIC SETUP 1. Insert an activated SIM A wireless broadband data plan must be added to your Cradlepoint AER3100. Wireless broadband data plans are available from wireless carriers such as Verizon, AT&T, Sprint, EE, and Vodafone. The SIM must be provisioned with the carrier.
Page 14
Ethernet LAN ports (numbered 1–12). The default WiFi network names broadcast are “AER3100-xxx” and “AER3100-xxx-5g”, where “xxx” is the last three characters of your router’s MAC address (this is the SSID on the product label). To connect to the WiFi, you will need to input the DEFAULT PASSWORD when prompted.
User Manual AER3100/AER3150 ACCESSING THE ADMINISTRATION PAGES Once you are connected, open the Cradlepoint AER3100’s GUI-based administration pages to make configuration changes to your router. 1. Open a browser window and type “cp/” or “192.168.0.1” in the address bar. Press ENTER/RETURN.
When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your Cradlepoint AER3100. You have the ability to configure any of the following: •...
This name is referred to as the SSID (service set identifier). For security purposes, Cradlepoint highly recommends that you change this from the pre-configured name. Hidden: This shows whether the router broadcasts its SSID. It is...
Page 32
NOTE: If you don’t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, Cradlepoint highly recommends WPA2/AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
Page 41
User Manual AER3100/AER3150 The AER3100 is compatible with the IEEE802.3af/ at standard(s) and supports a 62W total power budget that can be used across up to four Ethernet ports to support various compliant Class I, II, III and IV devices (PD).
(Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnels. To set up a VPN tunnel with a Cradlepoint router on one end, there must be another device (usually a router) that also supports IPsec on the other end.
Page 45
Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”). • Model – Set your rule according to the specific model of modem.
Page 47
DH Group. Phase 2 and phase 1 selections do not have to match. For the Hash selection an added value of SHA 256_128 (128-bit truncation) is avaliable. The original specification and the Cradlepoint default is 96-bit truncation, but RFC4868 requires 128-bit. A VPN to newer Cisco or Juniper devices will typically require 128-bit.
Page 50
Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. Most Cradlepoint routers are enabled for both GRE and VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
Page 51
Port – Select by the physical port on the router into which you are plugging the modem (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”) • Model – Set your rule according to the specific model of modem •...
Click Finish to save this rule. DNS SERVERS DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint. com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers.
WiFi Radio #1 (2.4 GHz) • WiFi Radio #2 (5 GHz) All Cradlepoint routers and some other routers use the same default IP address for the primary network: 192.168.0.1. If you attempt to set up WiFi as WAN and there is an “IP conflict,”...
Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”). • Model – Set your rule according to the specific model of modem.
IP addresses are entered using CIDR notation, e.g. 1.2.3.4/32 and 0123:4567::CDEF/128. FQDN addresses are entered with at least one dot separating a top-level domain from a root zone, e.g. cradlepoint.com. To add a Host Address Identity, click Add. PORTS A port identity member can be entered as a single Start port number or as a port range by entering both a Start and End port number.
Page 74
The primary purpose for Cradlepoint’s NPT implementation is for failover/failback and load balancing setups. LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition when WAN connectivity changes than if not utilizing NPT.
HTTPS Port (Optional): The port for the proxy to forward HTTPS traffic to. HTTPS is not transparently intercepted and must have the LAN clients configured to use the Cradlepoint router as a proxy for HTTPS to work properly. MAC WEB FILTER RULES...
User Manual AER3100/AER3150 THREAT MANAGEMENT NOTE: Threat Management is only available for the AER family or Cradlepoint products, and requires a feature license. Enable this feature through Enterprise Cloud Manager. Cradlepoint Secure Threat Management leverages Trend Micro’s security experience and expertise in this...
Page 81
Application ID Logging: (Disabled by default.) The DPI engine can identify network traffic applications and send this information to the system logs. Depending on your network traffic uses, application ID logging may send huge amounts of data to the system logs. Cradlepoint recommends enabling a syslog server to manage this information.
Page 86
If a ping to the router’s WAN port does not work, it is unlikely that remote SSH access will work. FEATURE LICENSES Some Cradlepoint features may require a license. These features are disabled by default. To obtain a feature license, contact your Cradlepoint sales representative.
Page 89
If this occurs, disable this option. Log to attached USB stick: Only enable this option if instructed by a Cradlepoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.
(Default: Enabled) • Server Host:Port: The DNS hostname and port number for your ECM server. (Default: stream.cradlepoint.com) • Session Retry Timer: How long to wait, in seconds, before starting a new ECM session following a connection drop or connectivity failure.
SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management. You might use this instead of Enterprise Cloud Manager if you want to remotely manage a set of routers that include both Cradlepoint and non-Cradlepoint products. SNMP Configuration •...
If you are happy with the operation of the router, you may not want to upgrade just because a new version is available. Check the firmware release notes (cradlepoint.com/firmware) for information to decide if you should upgrade.
Type the Hostname or IP address of the computer you want to ping and click the ‘Ping’ button. Speed Test • Tests Against Cradlepoint Server - Up to ten speed tests are permitted against a Cradlepoint server. • WAN Device - The WAN Device that is selected will have the test run on it.
Page 99
Configuring Your APN and Modem Authentication If you are using a SIM-based modem (LTE/GSM/HSPA) with your Cradlepoint router you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs so check with your carrier to confirm the appropriate one to use.
Model: S4A530A AER3100 AER3150 Cradlepoint, Inc. declares that this device is in compliance with the essential requirements of the R&TTE Directive 1999/5/EC, Energy Related Products Directive 2009/125/EC, Electromagnetic Compatibility Directive 2004/108/EC, Low Voltage Directive 2006/95/EC, and RoHS2 Directive 2011/65/EU. A copy of the original European DoC may be obtained from cradlepoint.com/product-certifications.
(i.e., contain errors), or totally lost. The device is not intended for (and Cradlepoint recommends the device not be used in any) critical applications where failure to transmit or receive data could result in property damage or loss or personal injury of any kind (including death) to the user or to any other party.