Cradlepoint
"Founded in 2006, Cradlepoint has grown to become the industry leader in cloud-delivered 4G LTE network solutions for business, service providers, and government organizations, and we are committed to extending our leadership into the emerging 5G space." - https://cradlepoint.com/company/about
Cradlepoint IBR900
- https://cradlepoint.com/products/cor-ibr900-series
- https://cradlepoint.com/sites/default/files/upload-file/cradlepoint_ibr900_manual_0.pdf
The CLI is not a normal shell, but is a minimal appliance type UI.
Get config data
This will get all config data, which can be over 25k lines of JSON.
get
To get just a subset of the data, use something like:
[admin@IBR900-13e: /]$ get config/vlan
[
{
"mode": "wan",
"ports": [],
"uid": "wan",
"vid": 1
},
{
"mode": "lan",
"ports": [
{
"mode": "untagged",
"port": 0
},
{
"mode": "untagged",
"port": 1
},
{
"mode": "untagged",
"port": 2
}
],
"uid": "lan",
"vid": 2
}
]
Set and fetch variables
[admin@IBR900-13e: /]$ set foo/bar: "baz"
[admin@IBR900-13e: /]$ get foo
{
"bar:": "baz"
}
Getting help
[admin@IBR900-13e: /]$ help
Available Commands:
SupportQA adduser append arpdump atterm banner bgp
cd clear clients cpconnect date delete deluser
devices diff edit exit factory_reset find free
get gre grep help inspect ips ipset
lan log ls mkdir nemo netcloud netfilter
netstat nhrp ospf passwd ping ping6 pwd
qos reboot reset resources rip ripng route
rtpolicy serial set sleep sms ssh stp
switch tcpdump telnet threads traceroute uptime vlan
vpn vrrp wan wireless workqueue xfrm zebra
Available Aliases:
cat => get
dir => ls
ll => ls -l 1
more => get
post => append
put => set
quit => exit
rm => delete
To get help for a specific command run: "help CMD"
[admin@IBR900-13e: /]$ help SupportQA
Command to provide debugging data
[admin@IBR900-13e: /]$ help adduser
Add a new user account and set the password for this account.
Usage: adduser USER
[admin@IBR900-13e: /]$ help append
Append new item to an array in the config
append PATH VALUE
[admin@IBR900-13e: /]$ help arpdump
The arpdump command shows the current ARP table.
[admin@IBR900-13e: /]$ help atterm
The atterm command can be used to get direct access to a modem's AT command channel.
If a modem interface is not given then the system will pick the highest priority modem.
To discover a modem's interface to use, use the command 'devices' and use
the value found under the 'SubIface' column.
USAGE: atterm [interface] [-c ATCMD] [-t SOCKET_TIMEOUT]
[admin@IBR900-13e: /]$ help banner
banner [set|unset]
[admin@IBR900-13e: /]$ help bgp
Usage: bgp [cmd]
Excecute and show output of "cmd". If no "cmd" is given then access to the Quagga BGP CLI is given.
Use "bgp list" to see avaliable commands or See the Quagga documentation for details.
*** WARNING: Changes made using the Quagga CLI do not persist! ***
The configuration entered via the Cradlepoint user interface will be restored
after user interface changes and/or a router reboot. If the routing protocol
options in the user interface do not allow a necessary Quagga configuration,
please provide all configuration details to Cradlepoint support.
[admin@IBR900-13e: /]$ help cd
Change to a new config directory
Usage: cd DIR/[DIR...]
[admin@IBR900-13e: /]$ help clear
Clear the screen
[admin@IBR900-13e: /]$ help clients
The clients command can be used to show the currently connected clients,
both wireless and wired as well as hotspot.
USAGE: clients [show | revoke | kick ] [SUBOPTIONS...]
show [CONNECTION TYPE]: Show clients by connection type.
If no connection type option is given, all connection types will be shown.
Connection Types:
all : All Known Clients, both wired and wireless, that the router knows about.
wlan : Wireless LAN Clients
hotspot : Authenticated Hotspot Clients
revoke [-t [ip | mac | hn]]: Revoke a client's Hotspot authentication.
-t : The type of adddress to be used to find the client in the client list
ip : IP address of the client (default)
mac : MAC address of the client
hn : Hostname of the client (cannot be used if client does not have a hostname)
kick [-t [ip | mac | hn]]: Remove wireless access until the router is rebooted.
-t : The type of adddress to be used to find the client in the client list
ip : IP address of the client (default)
mac : MAC address of the client
hn : Hostname of the client (cannot be used if client does not have a hostname)
[admin@IBR900-13e: /]$ help cpconnect
Usage: cpconnect {COMMAND} [OPTIONS]
where COMMAND := { add | remove | show }
OPTIONS := {-n[ame] | -u[ser] | -p[asswd] | -s[server] } [VAR]
example: cpconnect add -n test1 -u user1 -p pass1 -s vpn.accessmylan.com
cpconnect show
[admin@IBR900-13e: /]$ help date
Show system clock.
[admin@IBR900-13e: /]$ help delete
Delete an item from the config
Usage: delete PATH
[admin@IBR900-13e: /]$ help deluser
Delete a user account.
Usage: deluser USER
[admin@IBR900-13e: /]$ help devices
Display network devices connected to the router.
USAGE: devices [-v] Show all devices(s)
devices [-v] [DEVICE_UID...] Show one or more specific devices.
-v Verbose output
[admin@IBR900-13e: /]$ help diff
Show differences between the current and the default configuration.
[admin@IBR900-13e: /]$ help edit
Usage: edit CONFIG_PATH
Examples:
edit /config/system/gps
edit .
[admin@IBR900-13e: /]$ help exit
Exit the shell
[admin@IBR900-13e: /]$ help factory_reset
Reset config to factory defaults
[admin@IBR900-13e: /]$ help find
Find or list files and combine with grep to locate specific files
Usage: find PATH [| grep file]
[admin@IBR900-13e: /]$ help free
Show amount (kilobytes) of free and used system memory.
"free" memory is presently unused, while "available" includes used memory,
typically for cache, that is readily reclaimed for something else when needed.
[admin@IBR900-13e: /]$ help get
Get value for config item(s)
Usage: get PATH [PATH...]
[admin@IBR900-13e: /]$ help gre
Start, stop, or show status of all gre tunnels.
Start, stop or restart a tunnel.
Renew or release the DHCP lease for a tunnel (if DHCP for GRE is enabled).
gre [show|start|stop]
gre [starttunnel|stoptunnel|restarttunnel|renew|release] -n <TUNNEL NAME>
[admin@IBR900-13e: /]$ help grep
Usage: grep PATTERN [FILE]...
[admin@IBR900-13e: /]$ help help
To get help for a specific command run: "help CMD"
[admin@IBR900-13e: /]$ help inspect
Inspect a directory
Usage: inspect [PATH]
[admin@IBR900-13e: /]$ help ips
Interact with the IPS engine.
Usage: ips [load|show|mode|status] [SUBOPTIONS..]
load [-f PATH]: Load a rule file into the IPS engine
-f [PATH]: Load rule file from PATH (Must contain the filename)
show [-o [ids | cats | sec | app | anom]]: Show information from the signatures loaded.
ids: Print all the signatures (default)
cats: Print all the categories
sec: Print only the signatures for the Security rules
app: Print only the signatures for the Application rules
anom: Print only the signatures for the Anomaly rules
mode [-o [off | ips | ids]]: Change the IPS Global mode
off: Set Default IPS mode to 'Disabled'
(If no other Category or Signature is 'Enabled' then the kernel
modules will be unloaded)
ips: Set Default IPS mode to 'Detect and Prevent'
ids: Set Default IPS mode to 'Detect Only'
status: Print the status of the IPS engine
update: Request a Rule File Update
[admin@IBR900-13e: /]$ help ipset
ipset [list {name}]
specify the name of the set to list, or nothing to see the names of the sets
[admin@IBR900-13e: /]$ help lan
Show the current LAN configuration and status.
[admin@IBR900-13e: /]$ help log
Show and manipulate the log system.
Usage: log [show|clear|service|level|msg] [SUBOPTONS...]
show [FILTER] [FILTERN] [[-bhi] -s SEARCH]:
FILTER can be one or more space-separated names or levels.
eg. log show wanmgr kernel DEBUG INFO
-b bold new entries
-h HIGHLIGHT Same usage as searching but does not filter results.
-i makes the search case insensitive.
-s SEARCH can be any string to search for in the log message contents.
eg. log show -s Firmware
-f [LINES_OF_HISTORY] Follow mode with optional argument for number of lines of history to show.
-r recover crash log if one exists.
service [level (DEBUG|INFO|WARNING|ERROR|CRITICAL)]:
Display all service log levels.
level change service log level.
clear: Erase all logs from memory
level [NEW_LEVEL]: View current level or set new log level to: critical, error, warning, info, or debug
msg [-l LEVEL] MESSAGE: Write a message to the logging system. LEVEL defaults to: info
[admin@IBR900-13e: /]$ help ls
List files in the current config directory
[admin@IBR900-13e: /]$ help mkdir
Create an empty container
Usage: mkdir DIRNAME
[admin@IBR900-13e: /]$ help nemo
Show status and configuration of NEMO session
Usage: nemo [-v]
[admin@IBR900-13e: /]$ help netcloud
Manage connection to the Cradlepoint NetCloud.
Usage: netcloud [alert|status|register|stop|start|restart|triggers]
status: [DEFAULT] Show current status information.
register [--username=USER --password=PW]|[--token_id=TID --token_secret=TS]: (Re)register
--username: The NetCloud username that should be used to authenticate.
--password: The NetCloud password that should be used to authenticate.
--token_id: [EXPERT] Token ID for token authentication mode.
--token_secret: [EXPERT] Token secret for token authentication mode.
unregister: Unregister this router from NetCloud and unregister.
stop: Manually stop the NetCloud client.
start: Manually start the NetCloud client.
restart: Manually restart the NetCloud client.
[admin@IBR900-13e: /]$ help netfilter
Show info and debug from netfilter2 rule(s) and trigger(s).
Usage: netfilter [active|all|upnp|triggers|states] [input|routed|output] [ip/ip6] [-v] [-s] [-r RULE_INDEX] [-t TRIGGER_INDEX] [-s STATE_INDEX]
[admin@IBR900-13e: /]$ help netstat
Usage: netstat [-al] [-tuwx] [-enWp]
Display networking information
-a All sockets
-l Listening sockets
Else: connected sockets
-t TCP sockets
-u UDP sockets
-w Raw sockets
-x Unix sockets
Else: all socket types
-e Other/more information
-n Don't resolve names
-W Wide display
-p Show PID/program name for sockets
[admin@IBR900-13e: /]$ help nhrp
Usage: nhrp show
nhrp flush
nhrp flush nbma ip
[admin@IBR900-13e: /]$ help ospf
Usage: ospf [cmd]
Excecute and show output of "cmd". If no "cmd" is given then access to the Quagga OSPF CLI is given.
Use "ospf list" to see avaliable commands or See the Quagga documentation for details.
*** WARNING: Changes made using the Quagga CLI do not persist! ***
The configuration entered via the Cradlepoint user interface will be restored
after user interface changes and/or a router reboot. If the routing protocol
options in the user interface do not allow a necessary Quagga configuration,
please provide all configuration details to Cradlepoint support.
[admin@IBR900-13e: /]$ help passwd
Set the password for a user.
Usage: passwd [USER]
[admin@IBR900-13e: /]$ help ping
Send ICMP echo_request(s) to a networked host
Usage: ping [-w DEADLINE] [-c COUNT] [-i INTERVAL] [-I INTERFACE [-P]] [-M PMTUDISC_OPT] [-s SIZE] HOSTNAME
-w DEADLINE
Stop after a total of DEADLINE seconds, or (if specified) COUNT packets
are sent, whichever comes first.
-c COUNT
Stop after sending COUNT packets, or (if specified) DEADLINE seconds,
whichever comes first
-i INTERVAL
Wait INTERVAL seconds between packet transmissions. Default is 1.
-I INTERFACE
Specify the source of the ICMP requests. If INTERFACE is an IP address,
then source the ICMP requests from that address. If INTERFACE is not
an IP address, treat it as an interface name and source from that
interface. When treated as a name, exact matches of interface "Ifaces"
are chosen first, followed by exact matches of "Device UIDs", and
finally case-insensitive matches to Network names are returned. See
the "devices" command for a list of valid "Ifaces" and "Device UIDs".
-P
Requires the -I INTERFACE option. When -P is present, ping will
source from an IP address on the specified interface, instead of the
interface itself.
-s SIZE
Specifiy the ICMP data length, in bytes. The default is 56 bytes, which
will result in an ICMP packet length of 64 bytes (56 data bytes plus 8
ICMP header bytes)
-M PMTU_OPT
Select Path MTU discovery. PMTU_OPT must be one of: "do", "want" or "dont".
If the PMTU_OPT is "do" (default), then ping will set the Don't Fragment (DF)
flag in the ICMP requests, which will prohibit packet fragmentation. If
PMTU_OPT is "want", then ping will fragment if the ICMP request exceeds
the local outbound interfaces' MTU. Finally if PMTU_OPT is "dont" (do not
set the DF flag), then fragmentation is allowed and ICMP Requests will be
fragmented as necessary in response to ICMP Fragmentation Responses.
[admin@IBR900-13e: /]$ help ping6
Send ICMPv6 echo_request(s) to a networked host
Usage: ping6 [-w DEADLINE] [-c COUNT] [-i INTERVAL] [-I INTERFACE [-P]] [-M PMTUDISC_OPT] [-s SIZE] HOSTNAME
-w DEADLINE
Stop after a total of DEADLINE seconds, or (if specified) COUNT packets
are sent, whichever comes first.
-c COUNT
Stop after sending COUNT packets, or (if specified) DEADLINE seconds,
whichever comes first
-i INTERVAL
Wait INTERVAL seconds between packet transmissions. Default is 1.
-I INTERFACE
Specify the source of the ICMP requests. If INTERFACE is an IP address,
then source the ICMP requests from that address. If INTERFACE is not
an IP address, treat it as an interface name and source from that
interface. When treated as a name, exact matches of interface "Ifaces"
are chosen first, followed by exact matches of "Device UIDs", and
finally case-insensitive matches to Network names are returned. See
the "devices" command for a list of valid "Ifaces" and "Device UIDs".
-P
Requires the -I INTERFACE option. When -P is present, ping will
source from an IP address on the specified interface, instead of the
interface itself.
-s SIZE
Specifiy the ICMP data length, in bytes. The default is 56 bytes, which
will result in an ICMP packet length of 64 bytes (56 data bytes plus 8
ICMP header bytes)
[admin@IBR900-13e: /]$ help pwd
Print the current working directory
[admin@IBR900-13e: /]$ help qos
Show QoS statistics.
Usage: qos
[admin@IBR900-13e: /]$ help reboot
Reboot the router
[admin@IBR900-13e: /]$ help reset
Reset the tty to default settings
[admin@IBR900-13e: /]$ help resources
Report the system resource usage.
[admin@IBR900-13e: /]$ help rip
Usage: rip [cmd]
Excecute and show output of "cmd". If no "cmd" is given then access to the Quagga RIP CLI is given.
Use "rip list" to see avaliable commands or See the Quagga documentation for details.
*** WARNING: Changes made using the Quagga CLI do not persist! ***
The configuration entered via the Cradlepoint user interface will be restored
after user interface changes and/or a router reboot. If the routing protocol
options in the user interface do not allow a necessary Quagga configuration,
please provide all configuration details to Cradlepoint support.
[admin@IBR900-13e: /]$ help ripng
Usage: ripng [cmd]
Excecute and show output of "cmd". If no "cmd" is given then access to the Quagga RIPNG CLI is given.
Use "ripng list" to see avaliable commands or See the Quagga documentation for details.
*** WARNING: Changes made using the Quagga CLI do not persist! ***
The configuration entered via the Cradlepoint user interface will be restored
after user interface changes and/or a router reboot. If the routing protocol
options in the user interface do not allow a necessary Quagga configuration,
please provide all configuration details to Cradlepoint support.
[admin@IBR900-13e: /]$ help route
The route command can be used to show the current routing tables as
well as make changes to the user defined static routing table.
USAGE: route [show [{TABLE}]] Show route(s)
route config {bgp|ospf|rip|ripng|static} Show routing protocol configuration
route add IP/NM [gw IP] [dev UID] [auto] Add new user defined static route
route del IP/NM [gw IP] [dev UID] Remove user defined static route(s)
EXAMPLES: route add 172.0.0.100 dev primarylan
route add 10.0.0.0/8 gw 172.0.0.100
route add 2000::/3 dev guestlan metric 100
NOTE: Only the user defined static routing table may be modified directly.
[admin@IBR900-13e: /]$ help rtpolicy
Show the routing policies used by the router. These policies control which
routing table will be used based on certain packet matching criteria and can
also control certain routing decisions.
USAGE: rtpolicy Show policies(s)
[admin@IBR900-13e: /]$ help serial
The serial command can be used to access a serial adapter connected to the router.
USAGE: serial [--force] Connects to the first serial device using the serial configuration in config/system/serial
USAGE: serial [--force] [number] Connects to the [number] port of a multi-port serial device using the serial configuration in config/system/serial
Only one remote user can be connected to a serial port at a time. The --force option will force quit another user to allow this command to take over.
[admin@IBR900-13e: /]$ help set
Set a value to a config item
Usage: set PATH VALUE
[admin@IBR900-13e: /]$ help sleep
sleep SECONDS
[admin@IBR900-13e: /]$ help sms
The sms command is used to send a msg to the given address (optionally from the modem on port)
Usage: sms addr msg [port]
Example: sms 2081234567 'hello world' usb1
Note: Add a '+' before the addr for international numbers
[admin@IBR900-13e: /]$ help ssh
Create an SSH connection to an SSH server.
usage: ssh [-v] [-C] [-1] [-2] [-l username] [-p port] [-c cipher_spec] [user@]hostname
required arguments:
hostname Either the hostname or a user@hostname pair
optional arguments:
-v Debug level. May be specified up to 3 times (-v, -vv, -vvv).
-C Requests compression of all data.
-1 Force ssh to try protocol version 1 only.
-2 Force ssh to try protocol version 2 only.
-l Specifies login name.
-p Specifies port.
-c Comma separated list of ciphers (e.g. aes256-ctr,aes192-ctr,aes128-ctr,).
Supported ciphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc
Note: Cradlepoint routers support only PCI-compliant ciphers by default.
To relax this behavior, set /config/firewall/ssh_admin/weak_ciphers to true.
Doing so will set the ciphers to the list of supported ciphers (above).
[admin@IBR900-13e: /]$ help stp
Show the current STP configuration and status.
[admin@IBR900-13e: /]$ help switch
Show ethernet switch status.
Usage: switch [-v] [show|set|clearstats]
show [port PORT_NUM]: Only show the port specified
set PORT_NUM [--link_speed=LINK_SPD]
[--enabled=true/false]
[--port_name=PORT_NAME]
clearstats [PORT_NUM]
[admin@IBR900-13e: /]$ help tcpdump
Usage: tcpdump [-aAdDeflLnNOpqRStuvxX] [-c count] [ -E algo:secret ]
[ -i interface ] [ -M secret ] [ -s snaplen ] [ -T type ]
[ -y datalinktype ] [ expression ]
[admin@IBR900-13e: /]$ help telnet
The telnet command can be used to access telnet services located on the routers LAN.
USAGE: telnet [host] [port] [timeout]
[admin@IBR900-13e: /]$ help threads
Show currently active threads.
USAGE: threads [-v]
[admin@IBR900-13e: /]$ help traceroute
Usage: traceroute [options] host [packet_len]
Available options:
-4 Use IPv4
-6 Use IPv6
-F Do not fragment packets
-f Start from the first_ttl hop (instead from 1)
-g Route packets through the specified gateway
-I Use ICMP ECHO for tracerouting
-T Use TCP SYN for tracerouting (default port is 80)
-i Specify a network interface to operate with
-m Set the max number of hops (max TTL to be reached). Default is 30
-n Do not resolve IP addresses to their domain names
-p Set the destination port to use
-t Set the TOS (IPv4 type of service) or TC (IPv6 traffic class) value for outgoing packets
-l Use specified flow_label for IPv6 packets
-w Set the number of seconds to wait for response to a probe (default is 5.0)
-q Set the number of probes per each hop. Default is 3
-r Bypass the normal routing and send directly to a host on an attached network
-s Use source src_addr for outgoing packets
-z Minimal time interval between probes (default 0)
-e Show ICMP extensions (if present), including MPLS
--sport=num Use source port num for outgoing packets. Implies "-N 1"
--fwmark=num Set firewall mark for outgoing packets
-U Use UDP to particular port for tracerouting
-UL Use UDPLITE for tracerouting (default dest port is 53)
-P Use raw packet of protocol prot for tracerouting
--mtu Discover MTU along the path being traced. Implies "-F -N 1"
--back Guess the number of hops in the backward path and print if it differs
-V Print version info and exit
[admin@IBR900-13e: /]$ help uptime
Show system uptime and load avg.
[admin@IBR900-13e: /]$ help vlan
Show VLAN configuration.
[admin@IBR900-13e: /]$ help vpn
Start, stop, or show status of all vpn tunnels.
Start, stop or restart a tunnel.
Adjust logging for various ipsec subsystems. Reset sets the default
and all subsystems to log level 1.
vpn [show|start|stop]
vpn [starttunnel|stoptunnel|restarttunnel] -n <TUNNEL NAME>
vpn config
vpn loglevel reset
vpn loglevel default [-1|0|1|2|3|4]
vpn loglevel [app|asn|cfg|chd|dmn|enc|esp|ike|imc|imv|job|knl|lib|mgr|net|pts|tls|tnc] [-1|0|1|2|3|4]
[admin@IBR900-13e: /]$ help vrrp
Show the current VRRP configuration and status.
[admin@IBR900-13e: /]$ help wan
Show all the attached wan devices and their current state.
Usage: wan [monitor] [UID] [CONFIG...]
CONFIG: Can be any number of --key=[value] pairs as defined in the /config/wan/rules2 config section.
If the optional [value] argument is ommited then the current value (if any) will be printed.
Get example: wan cp1 --ip_mode --static.ip_address
Set example: wan cp1 --ip_mode="static" --static.ip_address="10.0.0.1" --static.netmask="255.0.0.0"
[admin@IBR900-13e: /]$ help wireless
Show the current wireless configuration and status.
Usage: wireless [OPTIONS...]
-w Print information about enabled Access Point profiles
-d Print information about enabled WiFi as WAN / WiFi Bridge profiles
-c Print information about currently associated WiFi clients
-v Print additional driver specific debug when available
-t [CHANNEL] Set wireless channel
-k [MAC ADDRESS] Kick wireless client
-s [OPTIONAL DWELL TIME] Perform a wireless survey
-a [OPTIONAL DWELL TIME] Do a survey and autoselect a channel
-r [RADIO] Radio to operate on (0: first, 1: second)
[admin@IBR900-13e: /]$ help workqueue
Print current workqueue activities and schedules.
USAGE: workqueue [-v] [-t TASKID] [-a]
-v: VERBOSE
-t TASKID: Only show information for a single task
-a: Show information for active tasks (ie. currently executing)
[admin@IBR900-13e: /]$ help xfrm
Usage: xfrm policy list [ SELECTOR ] [ dir DIR ]
[ index INDEX ] [ action ACTION ]
Usage: xfrm policy flush
SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]
UPSPEC := proto { { tcp | udp | sctp | dccp } [ sport PORT ] [ dport PORT ] |
{ icmp | ipv6-icmp | 135 } [ type NUMBER ] [ code NUMBER ] |
gre [ key { DOTTED-QUAD | NUMBER } ] | PROTO }
DIR := in | out | fwd
ACTION := allow | block
Usage: xfrm state list [ ID ] [ mode MODE ]
Usage: xfrm state flush
ID := [ src ADDR ] [ dst ADDR ] [ spi SPI ]
MODE := transport | tunnel
[admin@IBR900-13e: /]$ help zebra
Usage: zebra [cmd]
Excecute and show output of "cmd". If no "cmd" is given then access to the Quagga CLI is given.
Use "zebra list" to see avaliable commands or See the Quagga documentation for details.
*** WARNING: Changes made using the Quagga CLI do not persist! ***
The configuration entered via the Cradlepoint user interface will be restored
after user interface changes and/or a router reboot. If the routing protocol
options in the user interface do not allow a necessary Quagga configuration,
please provide all configuration details to Cradlepoint support.
[admin@IBR900-13e: /]$