All Collections
Applications & Celona certified devices
Routers and edge appliances
Cradlepoint and Celona: Enterprise Network Integration
Cradlepoint and Celona: Enterprise Network Integration

A unique example of traffic management via Celona CBRS network

Team Celona avatar
Written by Team Celona
Updated over a week ago

In this document, we will explain how the rest of the enterprise network can reach hosts behind a Cradlepoint router connected to Celona CBRS. This is enabled by the unique Celona IP domains features and using only Layer 3 routing.

This document will show you how to configure both the Celona network and Cradlepoint router to allow access to hosts behind a connected gateway. This is important in order to support “pub-sub” type relationships common in IoT and IP video installations.

Integrating Celona CBRS LTE wireless with existing enterprise networks

In the diagram above, Enterprise LAN hosts in the 10.1.0.x subnet will be able to access hosts behind the Mobile Router by using the Celona Edge as the gateway to those subnets. As of today, static routes will be required to be configured on the Celona Edge via the Celona Orchestrator dashboard.

Here is a demonstration of the integrated solution in an enterprise environment, with the application and device level QoS in action:


Configuring the IP Domains on Celona Orchestrator

The first step is to configure your IP domain via the Celona Orchestration. For this requirement, we need to create an Internal DHCP domain.

Step 1

Go to the Edge Cluster Details page on the Celona Orchestrator and select the cluster for your new IP Domain.

Configuring Edge Clusters via the Celona Orchestrator

Step 2

Click the '+' icon to create a new IP Domain for Celona Edge. For Type choose Internal, and select Forwarding as the mode.

IP Domain configuration for the Celona Edge via the Celona Orchestrator

All other parameters should be self explanatory. Click Add to save your newly created IP Domain.

Step 3

Go to Device Groups section in the Celona Orchestrator to create a logical group for client devices that will use this new IP Domain.

Step 4

Click Create Device Group to start.

Select your newly created IP Domain from the dropdown and select which devices will be a member of this group. Click Add to save your new group in the Celona Orchestrator.

Your configuration on the Celona Orchestrator is now complete.


Configuring the Cradlepoint router

For configuration, we will be using the Cradlepoint's Netcloud management dashboard. Note that local configuration is possible but could be overridden by the configuration within Netcloud when the router comes online.

Step 1

Go to the Cradlepoint NetCloud Management console and log in. In this example, we have used a Cradlepoint E300. It has been connected to the Celona CBRS network using its default settings. You can find the configuration steps here in this article.

Cradlepoint E300 configuration from Netcloud management console

Step 2

In order to edit the configuration for E300 via Netcloud, select the checkbox next to the gateway you want to configure, click the configuration dropdown and select Edit.

Editing the network configuration for a Cradlepoint router

Step 3

Confirm / edit local area network configuration on the E300 as show in the screenshot below. In this example, we have a primary LAN in the subnet 10.15.0.0/24. Additional LAN subnets can be created here if necessary by reviewing the Cradlepoint documentation on “Local IP Networks”.

Cradlepoint router local IP networks configuration example

For this example we will edit the Primary LAN settings. Note that the settings will not be applied to the gateway until you click Commit Changes.

  • Select the checkbox for Primary LAN and click Edit.

  • Select IPv4 Settings and set to Standard, which disables NAT for this network.

Primary local area network configuration for a Cradlepoint router
  • Confirm which ports of the gateway are members of your Primary LAN by selecting the Interfaces section.

  • The screenshot above shows that Ethernet ports 1-4 and 5GHz WiFi are members of the Primary LAN. You can add and remove port members as necessary.

  • Click Save and you will be taken back to the main Local IP Networks dashboard. We still have a few more configuration changes to make before we Commit so do not close the configuration window just yet.

Step 4

In order for the E300 to properly handle traffic between Primary LAN and the connection to the Celona network, we must make some advanced configuration changes to the CBRS modem interface.

  • Select Connection Manager from the left hand menu, select the correct modem or modem group using the checkbox and click Edit.

  • Select General, and confirm that Force NAT is not selected.

  • Then select “IPv4 Overrides”, and enter a subnet mask and gateway IP for the private network. This overrides the default behavior of the Cradlepoint router selecting a gateway IP address that is 1 IP above or below the IP address it receives dynamically, and is required for proper routing to an internal private network. Use a Subnet Mask and Gateway IP that are appropriate for the private network.

  • Then select Modem, and check the box marked Show Advanced Settings.

WAN interface configuration for CBRS private LTE connection on the Cradlepoint router
  • Then, de-select IP WAN Subnet Filter as per the above screenshot. This step is very important as this filter prohibits RFC1918 IP subnets to egress the WAN interface. Save your settings.

  • Note that the IP WAN Filter setting was important for use cases where the Cradlepoint gateways are connected to Public MNO networks which don’t support private subnets.

Step 5

Next step is to configure filter rules between primary LAN zones and the WAN interface in order to ensure proper traffic forwarding.

  • Go to “Security” and select the “Zone Forwarding” menu item.

Cradlepoint router filter rules between WAN interface on CBRS LTE and primary LAN
  • The first rule in the list will be set to deny all traffic from WAN Zone to Primary LAN Zone. Select this rule via the checkbox and click Edit.

  • At the Filter Policy dropdown, select Allow All.

  • Save your settings and then click Commit Changes to send the new configuration to the gateway.

Wait 2 minutes for the config to be sent and status is updated to Synced and the Gateway is showing as back online.

Committing Cradlepoint router config changes for filtering rules between LAN and WAN interfaces

When the gateway has rebooted it should now have an IP address in the range specified by your new IP Domain.

Step 5

Next, we can confirm that the gateway has acquired an IP address from your new IP Domain. In the NetCloud management console click on the name of the gateway. In this case that is E300-578, which will link you to a status page.

Step 6

In this example, we now need to add static routes within Celona Edge to 10.15.0.0/24. Until this configuration option is available within the Celona Orchestrator dashboard, contact Celona support to get this step completed.

Step 7 (Optional)

It is possible to use DHCP Relay for LAN subnets within the Cradlepoint router, which allows the router to relay DHCP addresses for client devices to an external server. This article provides additional details on the necessary steps for configuration.

Step 8 (Optional)

If your environment has a firewall that restricts Internet access, it may need to be modified to allow the Cradlepoint router to reach the NetCloud management dashboard. For the necessary configuration details, please see this article.

Did this answer your question?