In this document, we will explain how the rest of the enterprise network can reach hosts behind a Cradlepoint router connected to Celona CBRS. This is enabled by the unique Celona IP domains features and using only Layer 3 routing.
This document will show you how to configure both the Celona network and Cradlepoint router to allow access to hosts behind a connected gateway. This is important in order to support “pub-sub” type relationships common in IoT and IP video installations.
In the diagram above, Enterprise LAN hosts in the 10.1.0.x subnet will be able to access hosts behind the Mobile Router by using the Celona Edge as the gateway to those subnets. As of today, static routes will be required to be configured on the Celona Edge via the Celona Orchestrator dashboard.
Here is a demonstration of the integrated solution in an enterprise environment, with the application and device level QoS in action:
Configuring the IP Domains on Celona Orchestrator
The first step is to configure your IP domain via the Celona Orchestration. For this requirement, we need to create an Internal DHCP
domain.
Step 1
Go to the Edge Cluster Details
page on the Celona Orchestrator and select the cluster for your new IP Domain.
Step 2
Click the '+' icon
to create a new IP Domain for Celona Edge. For Type
choose Internal, and select Forwarding
as the mode.
All other parameters should be self explanatory. Click Add
to save your newly created IP Domain.
Step 3
Go to Device Groups
section in the Celona Orchestrator to create a logical group for client devices that will use this new IP Domain.
Step 4
Click Create Device Group
to start.
Select your newly created IP Domain from the dropdown and select which devices will be a member of this group. Click Add
to save your new group in the Celona Orchestrator.
Your configuration on the Celona Orchestrator is now complete.
Configuring the Cradlepoint router
For configuration, we will be using the Cradlepoint's Netcloud management dashboard. Note that local configuration is possible but could be overridden by the configuration within Netcloud when the router comes online.
Step 1
Go to the Cradlepoint NetCloud Management console and log in. In this example, we have used a Cradlepoint E300. It has been connected to the Celona CBRS network using its default settings. You can find the configuration steps here in this article.
Step 2
In order to edit the configuration for E300 via Netcloud, select the checkbox next to the gateway you want to configure, click the configuration dropdown and select Edit
.
Step 3
Confirm / edit local area network configuration on the E300 as show in the screenshot below. In this example, we have a primary LAN in the subnet 10.15.0.0/24. Additional LAN subnets can be created here if necessary by reviewing the Cradlepoint documentation on “Local IP Networks”.
For this example we will edit the Primary LAN settings. Note that the settings will not be applied to the gateway until you click Commit Changes
.
Select the checkbox for Primary LAN and click
Edit
.Select IPv4 Settings and set to
Standard
, which disables NAT for this network.
Confirm which ports of the gateway are members of your
Primary LAN
by selecting theInterfaces
section.
The screenshot above shows that Ethernet ports 1-4 and 5GHz WiFi are members of the Primary LAN. You can add and remove port members as necessary.
Click
Save
and you will be taken back to the mainLocal IP Networks
dashboard. We still have a few more configuration changes to make before weCommit
so do not close the configuration window just yet.
Step 4
In order for the E300 to properly handle traffic between Primary LAN and the connection to the Celona network, we must make some advanced configuration changes to the CBRS modem interface.
Select
Connection Manager
from the left hand menu, select the correct modem or modem group using the checkbox and clickEdit
.Select
General
, and confirm thatForce NAT
is not selected.Then select “IPv4 Overrides”, and enter a subnet mask and gateway IP for the private network. This overrides the default behavior of the Cradlepoint router selecting a gateway IP address that is 1 IP above or below the IP address it receives dynamically, and is required for proper routing to an internal private network. Use a Subnet Mask and Gateway IP that are appropriate for the private network.
Then select
Modem
, and check the box markedShow Advanced Settings.
Then, de-select
IP WAN Subnet Filter
as per the above screenshot. This step is very important as this filter prohibits RFC1918 IP subnets to egress the WAN interface.Save
your settings.Note that the IP WAN Filter setting was important for use cases where the Cradlepoint gateways are connected to Public MNO networks which don’t support private subnets.
Step 5
Next step is to configure filter rules between primary LAN zones and the WAN interface in order to ensure proper traffic forwarding.
Go to “Security” and select the “Zone Forwarding” menu item.
The first rule in the list will be set to deny all traffic from WAN Zone to Primary LAN Zone. Select this rule via the checkbox and click
Edit
.At the
Filter Policy
dropdown, selectAllow All
.Save
your settings and then clickCommit Changes
to send the new configuration to the gateway.
Wait 2 minutes for the config to be sent and status is updated to Synced
and the Gateway is showing as back online.
When the gateway has rebooted it should now have an IP address in the range specified by your new IP Domain.
Step 5
Next, we can confirm that the gateway has acquired an IP address from your new IP Domain. In the NetCloud management console click on the name of the gateway. In this case that is E300-578
, which will link you to a status page.
Step 6
In this example, we now need to add static routes within Celona Edge to 10.15.0.0/24
. Until this configuration option is available within the Celona Orchestrator dashboard, contact Celona support to get this step completed.
Step 7 (Optional)
It is possible to use DHCP Relay for LAN subnets within the Cradlepoint router, which allows the router to relay DHCP addresses for client devices to an external server. This article provides additional details on the necessary steps for configuration.
Step 8 (Optional)
If your environment has a firewall that restricts Internet access, it may need to be modified to allow the Cradlepoint router to reach the NetCloud management dashboard. For the necessary configuration details, please see this article.