Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    220

    Default Setup Cradlepoint CBA850 cellular device for WAN Failover

    Hi - I've just setup a new Cradlepoint CBA850 for cellular access in bridge mode (IP Passthrough mode). I'd like to create a new interface on my NGFW and attach the CBA850 device directly to it. How should the new NGFW interface be setup so that it can be used for WAN failover? The CBA850 device is on AT&T LTE network already. I cannot seem to find any instructions on how to setup a new NGFW interface once the cellular modem device is attached to it.

    Thanks.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Google of the provided model number led me here: https://customer.cradlepoint.com/s/a...gh-on-a-CBA850

    Procedure

    Plug client device (router, firewall, managed switch) into the LAN2 port on the CBA850
    Ensure client device is configured to receive its WAN IP via DHCP
    So... you tick the IS WAN box in Untangle, set that interface to dynamic, and plug it into the CBA850?

    Untangle isn't where you need to look to get these details, it's the cellular device and provider. All of Untnagle's interface configurations is under config -> networking. Interfaces not external and internal are disabled by default, you just click edit and configure them to enable them.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    220

    Default

    Thank you. That is how I currently have my NGFW interface setup. It appears putting the CBA850 into IP Passthrough mode must not be the correct method then. I'll have to look further into the CBA850 settings a bit further to determine how to reset it and retry.

  4. #4
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    220

    Default

    Should I be putting the CBA850 cellular router in IP Passthru (aka Bridge) mode and connecting it to a new Interface in NGFW? Or should I instead set the LAN settings of the CBA850 to DHCP, place it in front of the NGFW, create a new NGFW interface and set that interface to Is WAN=Y, Addressed via DHCP? Which I think would then create double NATting.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Both paths technically work, and with the way most cellular providers work the latter would be more like triple NAT.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    220

    Default

    Quote Originally Posted by sky-knight View Post
    Both paths technically work, and with the way most cellular providers work the latter would be more like triple NAT.
    Understood. Then I'll look to set the cellular device up in bridge mode. I guess my question is then, if I connect a client device behind the cellular device while it's in bridge mode. And do a ipconfig /all, it will return an IP address, gateway, dns server and netmask from the cellular network (of the cellular device itself). Should the new WAN 2 interface in the NGFW be setup to be a static interface with these exact values?

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Regardless of the cellular device's configuration, for Untangle's Multi-WAN to work the interface the cellular device is attached to must be addressed. It can be static, or dynamic, but the interface on Untangle has an address.

    You're really over-complicating this... It's just another internet connection. If you put the CBA850 in bridge mode, you can now consider it a cable modem. When Untangle's attached interface comes online, it'll hit up DHCP for an address, get one, and move on with its day.

    The only thing you need to watch out for is WHAT IP address Untangle gets. If it's an Internet address, you're good. If it's an RFC private address, you need to make sure it doesn't conflict with what you're already using.

    And no you can't just pull an IP address and use that as a static, that's a great way to run afoul of the anti-fraud and abuse mechanisms of your ISP. If they serve dynamic addresses, you use a DHCP assigned interface. No, you will not be able to use this connection for VPN, nor publicly hosted services easily, or at all in some cases. It depends on the cellular network.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    220

    Default

    Thanks - that's what I had expected, however actually when I put the CBA850 device into bridge mode in front of the new NGFW WAN interface #2 that is set to Is Way=Y and addressed via DHCP, the NGFW interface doesn't get any IP address. That's where the issue is occurring.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Then you connect a laptop to the CBA850 and see if it can get an address, if it cannot then something is wrong with the CBA...

    Or possibly the ISP doesn't allow you operate the device in bridge mode.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler
    Join Date
    Jan 2019
    Posts
    75

    Default

    I have a CBA850 in that exact setup.

    There is nothing out of the ordinary to do.

    On the CBA850:
    * Pick the correct LAN port (there are 2).
    * Give it an IP address outside of your other LAN addresses so that you can access the modem from the LAN (and you'll need to create a static route in Untangle to make sure that your traffic to the modem itself is always routed to the correct WAN port).
    * choose "IP Passthrough" for IP v4.
    * Choose "automatically create subnet" for DHCP.

    On Untangle:
    * Create the WAN interface with "Auto (DHCP)"
    * Add a route to get to the modem (see above).
    * Install the WAN failover/balancer apps and configure failover to test the main interface and failover if needed.

    If you're not getting a DHCP address in Untangle, verify the model has a WAN address and is properly connected and look at the LAN clients (all in the "status" tab on the left).
    miles267 likes this.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2