The mobility gateway uses four virtual network interfaces, which can occupy a single physical interface (multiple port groups) or be split across four physical network interfaces (multiple vSwitches and port groups). The interfaces are as follows:
Management Interface (MGMT0): Allows access to the local GUI/CLI from where you can configure a username/password for the NetCloud Manager registration. In deployments where High Availability (HA) is enabled, the systems use MGMT0 to determine which mobility gateway should be primary and secondary.
Packet Data Network Interface (PDN0): Allows User Equipment (UE) traffic to ingress and egress the enterprise LAN. When the mobility gateway is operating in Bridge mode, DHCP requests are sent via PDN0. PDN0 must be fully open to allow data to flow between the LAN and UEs. PDN0 access is determined by the use case and customer security policies.
Security Gateway Interface (SECGW0): Cellular APs connect to the mobility gateway using SECGW0. It is the termination point of the IPSec tunnel that secures the S1 connection.
WAN Interface (WAN0): The mobility gateway uses WAN0 to make its (outbound) connection to NetCloud Manager, which allows the mobility gateway to register with NetCloud Manager for orchestration, licensing, and troubleshooting purposes.
The following table lists the port requirements for each interface. Your specific configuration determines which interfaces require external connectivity. For example, if the mobility gateway and all the Cellular APs are at the same location, external connectivity may only be required for WAN0.
Interface | Port | Protocol | Direction | URL/Purpose |
|---|---|---|---|---|
MGMT0 | 22 (SSH) | TCP | Inbound | (Optional) Only required for local administration. |
80 (HTTP) | TCP | Inbound | (Optional) Only required for local administration. | |
443 (HTTPS) | TCP | Inbound | (Optional) Only required for local administration. | |
500 | UPD | Inbound | Required if HA is enabled. | |
4500 | IPsec | Inbound | ||
PDN0 | Requirements for the PDN0 interface are determined by the customer. | |||
SECGW0 | 500 | UDP | Inbound | Connections from Cellular APs |
4500 | IPsec | Inbound | ||
WAN0 | 123 (NTP) | UDP | Outbound | Required |
53 (DNS) | UDP | Outbound | Required | |
8001 | TCP | Outbound | Required Device connectivity and management from NetCloud Manager: stream.cradlepointecm.com stream-shard.cradlepointecm.com | |
30000 | TCP | Outbound | Required Remote Connect: remoteconnect.cradlepointecm.com | |
443 | TCP | Outbound | Required Web UI/API Services: www.cradlepointecm.com NetCloud OS for Mobility Gateway upgrades: firmware.cradlepointecm.com |