At the transportation organization where I work, we employ two Cradlepoint mobile-router models in our vehicles: the industrial IBR-1700 vehicular routers in our 97 buses and eight smaller IBR-900 vehicular routers in maintenance trucks, operations vans, and other multipurpose vans.\nThe reason for these cellular routers in the buses is to provide a WAN connection to systems on the buses including GPS, electronic signage, passenger counters, and fareboxes.\nHow they are networked\nThese information-gathering systems connect to the primary processing device on the vehicles called the medius box, which is part of our computer-aided dispatch\/automatic vehicle location (CAD\/AVL) setup. The medius boxes are connected to the Cradlepoint routers, which link over 4G LTE to a server that collects and manages all of the vehicle\u2019s location and onboard media data.\nIt\u2019s an incredibly solid implementation overall, and when there is a problem with the vehicles, it\u2019s usually a failure of another system, not the Cradlepoints. One consideration Cradlepoint told us about during the planning and setup process was that doing flash upgrades interrupts the routers\u2019 power source, causing a momentary loss of connectivity for location data. That means you can\u2019t do updates while the vehicles are on the road and must plan accordingly.\nOn the trucks and vans, the purpose of the Cradlepoints is similar\u2014providing cellular WAN connectivity to devices in the vehicles, which are generally only ruggedized laptops. The Wi-Fi is typically disabled to prevent people from attempting to hack the devices all day while driving around town and instead hard-wire everything in the vehicle. We have only activated the Wi-Fi on the smaller vehicles to test functionality and feasibility for using it with the laptops but decided that keeping them hardwired via Ethernet was a better option. Allowing wireless connections to the vehicles where it isn't necessary would only increase our attack surface.\nThe primary differences between the IBR-1700 and smaller IBR-900 devices are the number of Ethernet ports, antenna connections, and IOT pins, which are multipurpose pins that can be wired into sensors, triggers, or other devices to allow for input triggers on the router. With those input triggers, you can program automated actions that are triggered by the input of the sensors. All of the automated actions are programmable either in a group setting through the NetCloud Manager (NCM) or individually at each router.\nThe specs\nThe IBR1700 has four Gigabit Ethernet LAN ports, one Gigabit Ethernet WAN port, an RS-232 port, 10 IOT pins, two 5GHz Wi-Fi antenna connections, four 2.4\/5 GHz antenna connections, a USB port, four LTE antenna connections, and one GPS antenna connection.\nThe IBR900 has one Gigabit Ethernet LAN port, one Gigabit Ethernet WAN port, a USB port, two 2.4\/5 GHz Wi-Fi antenna connections, two LTE antenna connections, and a GPS antenna connection.\nBoth use the same router operating system and can be group managed through Cradlepoint\u2019s cloud portal, NetCloud.\nNetworking features\nBoth routers feature dual Gigabit-Class LTE (LTE-Advanced Pro) modems, dual-band Wi-Fi 5, GPS, gigabit Ethernet LAN ports, VLAN support, IDS\/IPD, and multi-zone firewalls.\nMy organization uses a SIM card in each device for cellular WAN, Ethernet connections to the medius box, and laptops. Currently, we are only using the Wi-Fi capabilities of the routers to provide a connection for some diagnostic equipment on our hydrogen-powered electric buses but may end up providing public Wi-Fi for riders in the future using a separate VLAN to keep their traffic separate from ours.\nThe firewalls are configured to allow only remote connections from my organization\u2019s IP address and the addresses of the CAD\/AVL vendor. In the vans, GPS is used to track vehicle location.\nI set up the devices using NCM, a portal available by subscription through which we can perform group configuration of devices.\nThe routers have an ignition-sensing feature that detects when the engines in the vehicles are turned off. My organization uses that to set a timer that shuts off the routers four hours later. We use that window to maintain connectivity to the other devices on board.\nThe routers have multi-protocol VPN support, which we have used to create IPsec v2 tunnels to a SonicWall firewall. To a point, the tunnels were easy to set up through the group-configuration capabilities of the NCM, but the process become a little more complicated. You must specify the subnet you want to use for each device connecting to your firewall because all the IP address issued at the Cradlepoints become internal IP addresses on the host network that the VPN connects to. The subnets are specified on the Cradlepoint and added as a network object within the SonicWall firewall. By adding the ranges as objects you can allow for routing to the internal networks of the domain from the range specified from each Cradlepoint.\nAlso, in order to establish individual tunnels to the Cradlepoints, you have to enter each cellular static IP address in the host-network firewall. Each device must have its own tunnel with separate IP ranges to prevent IP conflicts. (We no longer use the VPN tunnels in favor of a NetMotion SD-WAN.)\nManageability\nAll Cradlepoint routers have built-in NCM connectivity, which provides a single management interface for configuration, grouping, rules, and reporting. Access to NCM is available through tiered licenses. Without NCM the routers can be configured individually either locally or remotely. NCM has content-specific help located on every page--an overview of charts and data on the \u201cDashboard\u201d page; information about what groups are and how to configure them on the \u201cGroups\u201d page; etc.\nI most appreciate the ability to add like-model devices to a group then configure settings for the whole group group--SSIDs, VLAN\/interfaces, and even firmware-version updates. Once a group is configured, you can assign a device to it, and the router automatically pulls down configuration and upgrades itself as needed.\nDurability\nI have field-tested the performance of these devices on the hottest summer days in vehicles with the air-conditioning turned off and the temperatures inside reaching higher than 120\u00b0F and they continued to fully function. Cradlepoint rates them to work up to 158\u00b0F.\nThey are ruggedized for vehicular use with resistance to shock, vibration, dust, and humidity. They have an ingress protection (IP) rating of IP54 which means they protect against water spray from any direction as well as limited dust ingress. Out of the roughly 150 Cradlepoint devices I have dealt with, none have failed irreparably.