In this document, we will explain how the rest of the enterprise network can reach hosts behind a Cradlepoint router connected to Celona CBRS. This is enabled by the unique Celona IP domains features and using only Layer 3 routing.
This document will show you how to configure both the Celona network and Cradlepoint router to allow access to hosts behind a connected gateway. This is important in order to support “pub-sub” type relationships common in IoT and IP video installations.
In the diagram above, Enterprise LAN hosts in the 10.1.0.x subnet will be able to access hosts behind the Mobile Router by using the Celona Edge as the gateway to those subnets. As of today, static routes will be required to be configured on the Celona Edge via the Celona Orchestrator dashboard.
Here is a demonstration of the integrated solution in an enterprise environment, with the application and device level QoS in action:
Configuring the IP Domains on Celona Orchestrator
The first step is to configure your IP domain via the Celona Orchestration. For this requirement, we need to create an
Internal DHCP domain.
Go to the
Edge Cluster Details page on the Celona Orchestrator and select the cluster for your new IP Domain.
'+' icon to create a new IP Domain for Celona Edge. For
Type choose Internal, and select
Forwarding as the mode.
All other parameters should be self explanatory. Click
Add to save your newly created IP Domain.
Device Groups section in the Celona Orchestrator to create a logical group for client devices that will use this new IP Domain.
Create Device Group to start.
Select your newly created IP Domain from the dropdown and select which devices will be a member of this group. Click
Add to save your new group in the Celona Orchestrator.
Your configuration on the Celona Orchestrator is now complete.
Configuring the Cradlepoint router
For configuration, we will be using the Cradlepoint's Netcloud management dashboard. Note that local configuration is possible but could be overridden by the configuration within Netcloud when the router comes online.
Go to the Cradlepoint NetCloud Management console and log in. In this example, we have used a Cradlepoint E300. It has been connected to the Celona CBRS network using its default settings. You can find the configuration steps here in this article.
In order to edit the configuration for E300 via Netcloud, select the checkbox next to the gateway you want to configure, click the configuration dropdown and select
Confirm / edit local area network configuration on the E300 as show in the screenshot below. In this example, we have a primary LAN in the subnet 10.15.0.0/24. Additional LAN subnets can be created here if necessary by reviewing the Cradlepoint documentation on “Local IP Networks”.
For this example we will edit the Primary LAN settings. Note that the settings will not be applied to the gateway until you click
Select the checkbox for Primary LAN and click
Select IPv4 Settings and set to
Standard, which disables NAT for this network.
Confirm which ports of the gateway are members of your
Primary LANby selecting the
The screenshot above shows that Ethernet ports 1-4 and 5GHz WiFi are members of the Primary LAN. You can add and remove port members as necessary.
Saveand you will be taken back to the main
Local IP Networksdashboard. We still have a few more configuration changes to make before we
Commitso do not close the configuration window just yet.
In order for the E300 to properly handle traffic between Primary LAN and the connection to the Celona network, we must make some advanced configuration changes to the CBRS modem interface.
Connection Managerfrom the left hand menu, select the correct modem or modem group using the checkbox and click
General, and confirm that
Force NATis not selected.
Then select “IPv4 Overrides”, and enter a subnet mask and gateway IP for the private network. This overrides the default behavior of the Cradlepoint router selecting a gateway IP address that is 1 IP above or below the IP address it receives dynamically, and is required for proper routing to an internal private network. Use a Subnet Mask and Gateway IP that are appropriate for the private network.
Modem, and check the box marked
Show Advanced Settings.
IP WAN Subnet Filteras per the above screenshot. This step is very important as this filter prohibits RFC1918 IP subnets to egress the WAN interface.
Note that the IP WAN Filter setting was important for use cases where the Cradlepoint gateways are connected to Public MNO networks which don’t support private subnets.
Next step is to configure filter rules between primary LAN zones and the WAN interface in order to ensure proper traffic forwarding.
Go to “Security” and select the “Zone Forwarding” menu item.
The first rule in the list will be set to deny all traffic from WAN Zone to Primary LAN Zone. Select this rule via the checkbox and click
Filter Policydropdown, select
Saveyour settings and then click
Commit Changesto send the new configuration to the gateway.
Wait 2 minutes for the config to be sent and status is updated to
Synced and the Gateway is showing as back online.
When the gateway has rebooted it should now have an IP address in the range specified by your new IP Domain.
Next, we can confirm that the gateway has acquired an IP address from your new IP Domain. In the NetCloud management console click on the name of the gateway. In this case that is
E300-578, which will link you to a status page.
In this example, we now need to add static routes within Celona Edge to
10.15.0.0/24. Until this configuration option is available within the Celona Orchestrator dashboard, contact Celona support to get this step completed.
Step 7 (Optional)
It is possible to use DHCP Relay for LAN subnets within the Cradlepoint router, which allows the router to relay DHCP addresses for client devices to an external server. This article provides additional details on the necessary steps for configuration.
Step 8 (Optional)
If your environment has a firewall that restricts Internet access, it may need to be modified to allow the Cradlepoint router to reach the NetCloud management dashboard. For the necessary configuration details, please see this article.