Significant update: Managing MBR95 Device Connections, 1/23/2016
Most cruising boaters want to “stay in touch” with family, friends and business colleagues who remain captive ashore. Cruisers want to exchange email, research exciting ports-‘o-call, post exploits and pictures of sunsets to social media, blog, shop and even pay bills, and do all this from remote and exotic anchorages. The computer equipment found aboard cruising boats varies widely, from a single computer or tablet PC to a complex mix of multiple computers, tablets, printer/scanners, cameras, and more. Regardless of complexity, US coastal and inland waterway cruisers have only two practical technologies for wirelessly connecting their vessel’s computers to the dirt world. One is the cellular telephone system and the other is wi-fi technology. The two technologies are very different from each other, yet under the right circumstances both can provide reliable connectivity at reasonable cost.
Aboard Sanctuary, our connectivity platform is designed to maximize the probability of obtaining a viable connection. To that end, we have installed both a wi-fi link and a cellular system data link.
Cellular systems offer reliable data connections at far greater distances than wi-fi technology can offer. Cellular data connections are automatically transferred from cell site-to-cell site as we cruise along, and reconnect automatically if the signal is lost. These functions of the cellular system provide virtually continuous Internet connectivity in most US East Coast cruising areas, including to a significant distance from land in our infrequent offshore passages. These benefits are not possible with wi-fi technology. Furthermore, everywhere we’ve cruised, I have observed that open unsecured wi-fi is less-and-less available. Thus, I have come to view wi-fi availability largely as an “amenity.” We installed a wi-fi range extender so that we can enjoy it when it is available, but for our “normal” US near-coastal cruising lifestyle, we cannot and do not rely on having wi-fi available.
This conclusion can be completely opposite in other cruising locales. US cellular data plans are prohibitively expensive when used in Canada. There are availability, compatibility and cost issues with cellular data connectivity in the Bahamas. Inexpensive, sometimes free, access to wi-fi is generally available in these locales, and across the Caribbean. In that set of circumstances, wi-fi clearly emerges as the preferred technology for cruisers wanting to stay connected.
“Mobile connectivity” and “data security” have been the subject of a number of recent “discussions” on the MTOA Llstserv and other boating sites and fora. These discussions frequently delve into technology details and contain a lot of technical jargon. Technical jargon is often used without context, and occasionally misused. Discussion subjects morph off-topic, and discussion threads become disjointed. Such discussions are of little value to lay persons with little or no prior knowledge of the topic. Lay readers interested in the topic quickly become frustrated and lose patience with such discussion threads.
This article is written in two sections:
- a basic orientation to CONNECTIVITY SOLUTIONS and the inescapable underlying technologies that apply to a mobile connectivity platform, and
- an overview of WIRELESS DATA SECURITY issues, considerations and choice options.
I have tried to write to lay readers who consider themselves to be “novices,” or “beginners,” with computer “stuff.” That is, those with little or no technical background but who would nevertheless like to have reliable and reasonably secure wireless Internet connectivity on their boat. I have provided a component diagram that portrays Sanctuary’s connectivity solution. This article is written so the “beginner” can understand the included diagram and use it as a reference in the future to provide context to other discussions and to identify and target additional learning needs. My goal is to “put some boundaries” round the topic. Technical content bits are limited to that which is needed to understand the diagram. I’ve tried to avoid technical language. I take some liberties to avoid non-essential technical “minutia.” Where technical detail is inescapable, I do my best to frame its context and explain the related jargon.
In this article, the term “data” is used to refer to all of the digital messages that move from point-to-point in a network, just as “vehicle” is a term that refers to the motorcycles, cars, trucks and buses that drive on streets. Digital message “data” includes account IDs and passwords, word processor files, spreadsheets, email, photos, videos, web pages, bank and investment statements, ePubs, GRIBs, and many more. Technologically, Small Office Home Office (SOHO) in-home networks are simple, minimal instances of a network. They are private “extensions” of the “World Wide Web” (WWW), in the same way that residential driveways are private extensions of our national network of roads and highways.
ESSENTIAL TECHNICAL BITS (Context):
Connectivity to the World Wide Web (WWW), or “Internet,” is most commonly delivered to a residential subscriber via telephone Digital Subscriber Line (DSL), TV cable, fiberoptic service or satellite dish. WWW connectivity is also delivered to subscribers via cellular telephone system technology. Each delivery technology has unique data handling and control formats. A “Modem” is a device that “translates” utility-unique data formats into the format needed by computers. Modem devices are unique to, and must be compatible with, the specific type of delivery technology used. In cellular telephone systems, USB-stick modems (or a tethered cellphone) join individual computers to the cellular network via a cellular two-way radio link. More advanced cellular “mi-fi” modems include imbedded routers and can attach multiple wi-fi “client devices.” A mi-fi device makes a cellular network connection that it then shares among attached wi-fi clients. For simplicity in the rest of this article, I will use the term “client devices” to mean any device that can attach to a network, such as PCs, tablets, printer/scanners, some cameras, game systems, web servers and many others.
Real-time intelligence is required to manage the arrival and departure of transient network connections. “Operating Systems” (OS) with names like Apple OSX, Apple iOS, Microsoft Windows and Google Android provide the needed intelligence on PCs and tablets. “Firmware” is OS-like software that provides that intelligence for “smart devices” like routers, web servers, printer/scanners, cameras and others. In the same way that operating systems reside within PCs and tablets, firmware is built-into its host device. Sophisticated firmware usually has many user-adjustable settings. These settings for “smart” devices are accessed and changed via a web browser (Firefox, Chrome, Safari) that resides on a PC or tablet.
“Ethernet” is a term that refers to a family of data exchange technologies. There are both wired and wireless Ethernet technologies. Wireless Ethernet connections are known as “Wireless Fidelity” (Wi-Fi) connections. Ethernet technologies are worldwide computer industry standards created by the Institute of Electrical and Electronic Engineers (IEEE). These standards make it possible for an infinite variety of client devices to digitally exchange and share data. The “wireless” Ethernet standards are IEEE802.11 a, b, g and n; the “wired” Ethernet standard is IEEE802.3. This may seem a bit of technology minutia, but is mentioned here because these terms appear on product packaging, in owner’s manuals and in Sanctuary’s installation diagram; they are ubiquitous and inescapable.
A “Router” is a made-for-purpose networking device. In the router function that applies to this article (there are others), the device attaches to a World Wide Web interface (the modem) to share the web with and among multiple client devices. The router’s connection to the modem is designated as it’s “Wide Area Network” (WAN) port. The router’s wired and wi-fi client device connections are designated as its “Local Area Network” (LAN) ports. In some cases, such as cellular mi-fi devices, modem and router functions are packaged together (combined) into a single physical device.
Each client device connects to a network at a unique network address, analogous to a home’s unique postal address. Setting this up is an inescapable owner configuration detail. A technology called “Dynamic Host Configuration Protocol” (DHCP) manages assignment of network addresses as client computers “come and go.” DHCP is a service that runs on both ends of a network link. Whether wired or wi-fi, when a newcomer arrives on a network, it “checks-in” to the host network by making a DHCP-request to get an address. The host network DHCP-server at the other end of the link receives the newcomer’s request. If an address slot is available and client security credentials match, the server assigns the newcomer an address on the network. Thereafter, the newcomer is a “peer” to all other client devices on that network, and competes with its peers for slices of network access time.
During router setup time, it will be necessary for owners to select and configure some WAN and LAN network “addresses” in “TCP/IP version 4” (IPv4) notation. The IPv4 address notation appears in various network configuration windows, each of which is unique to the specific operating system or firmware involved. Skipping much technical minutia, novice computer users will see addresses in the form of four groups of decimal numbers ranging from “1” to “254,” separated by periods. Device addresses will look, as an example, like this: <10.43.219.8>; or like this: <192.168.1.2>. An important detail: the IPv4 standard sets aside several “private” address ranges for uses like home and home-office networks, including <10.nnn.nnn.nnn>, <172.16.nnn.nnn> and <192.168.nnn.nnn>.
Networks can be subdivided into “subnets,” also an inescapable part of SOHO router owner setup. Subnets are analogous to groups of residences within a postal carriers’s route, like “the 600 block of Ocean Ave.,” or “the condos at 4th and Walnut.” A “subnet mask” consisting of four groups of decimal numbers ranging from “0” to “255” is used to define the point in the address where the subnet break occurs. In the example of these two addresses, <192.168.1.nnn> and <192.168.42.nnn>, the first two 3-digit groups are the same, but the third group is different. A subnet mask of <255.255.0.0> means the third group represents two different subnets: subnet “1” and subnet “42.” With a subnet mask of <255.255.255.0>, the address would represent two different devices on the same subnet. In some User Guides, the notation <192.168.1.20:16> might appear. The “16” means a subnet mask of <255.255.0.0>. A notation of <192.168.1.20:24> would mean a mask of <255.255.255.0>.
Routers use a ”Media Access Control Address” (MAC address) to route inbound digital messages from their superior WAN interface to the intended recipient client device (wired or wi-fi) on their LAN side. Client devices attach to the Internet with many different network addresses at many different sites. A MAC address is a characteristic of, and uniquely identifies, each specific wired or wi-fi network port which is able to attach to an Ethernet network. Just as husband and wife each have unique names that do not change when they move about from place-to-place, each network port on a client device has a unique and permanent MAC address. The MAC address is the “name” of the device’s individual wi-fi or wired physical network connection.
An “Access Point” (AP) is the upstream end of a two-way radio link, analogous to an on-ramp at an Interstate Highway interchange. The AP is the portal through which subordinate networks, or client devices themselves, gain access to larger networks. In wi-fi systems, multiple APs can be present in an end-to-end connection path. The two-way wi-fi radio built-into a router (the wireless LAN) is an AP for its attached clients. At a marina, the shoreside device to which the fleet’s mobile platforms connect is an AP. In public places with “free, open wi-fi” systems (Starbucks, local library, Barnes ‘n Noble, marinas and municipal docks), the AP to which client devices connect is part of the host’s infrastructure. When visiting a friend’s boat with your PC or tablet, the AP to which you connect is the host’s onboard router. For an anchored boat, the AP for that mobile platform is any AP ashore (often someone’s home router) that is in-range of the client device’s wi-fi radio. All APs have names. By default, APs broadcast these names to announce their presence to nearby wi-fi capable clients. The AP’s name is known as its “Service Set Identifier” (SSID). The SSID is analogous to your family name, which identifies family members to others. In cellular systems, the shoreside AP is a cell tower to which the USB modem or mi-fi device and associated clients attach to the WWW.
CONNECTIVITY AND NETWORKING ABOARD SANCTUARY:
The following diagram shows the component parts of Sanctuary’s computer connectivity platform. All of the connectivity and network elements mentioned above are shown in relationship to each other:
BOATS AS MOBILE PLATFORMS:
Wireless radio links are subject to a wide variety of atmospheric propagation and radio interference conditions. These variables affect the reliability of the link. Anyone who has ever listened to a short-wave radio broadcast knows how the distant signal alternately strengthens and fades, and sometimes fades into unintelligible noise. The radio transmitters in marina APs are relatively high-powered and have high efficiency antennae. Thus, the radio “downlink” from the shoreside AP to the receiver inside a remote client is usually fairly strong. A connected PC or tablet may show “4 bars” of signal strength, implying a reliable communications link. However, the wi-fi radio transmitter inside a client device is low-powered, and internal antennae are not highly efficient. Thus, the radio “uplink” from the client device to a shoreside AP can actually be quite weak. The AP ashore “shouts” at the boat, but the boat responds to the AP in a “whisper.” This is like a football coach who shouts at a player who’s fumbled, but the response to the disappointed coach is in a barely-audible whisper.
Signal fade-out and radio interference from any source result in data transmission errors that can make the data transfer performance of a wi-fi link frustratingly slow, or effectively impossible. Atmospheric and radio propagation conditions vary from season-to-season, day-to-day and hour-to-hour within a day. Some days (cloudy, rainy) may seem tolerable, even good, but on other days (hazy, hot, humid summer days), effective communications may be impossible. Radio links are often more reliable during hours of darkness. Cellular radio technologies operating over medium and longer distances, particularly in rural settings, are subject to similar adverse effects.
A range extender compensates for any potential weakness or radio interference affecting our AP uplink, thus improving the reliability and effective range of our wi-fi data transmission. A range extender can make all the difference between blissful happiness and total frustration. With regard to range extender devices, one expert [Dave Skolnick of s/v Auspicious] said: “I see the space as having three big players (Ubiquiti Bullet, RedPort Halo, and Microtek Groove) and a number of more minor players (like Radiolabs). Many private labels like Rogue Wave are relabeled Bullets.” I quote him here because I completely agree.
MANAGING MBR95 DEVICE CONNECTIONS:
Managing the Cradlepoint MBR95 and the Ubiquiti BulletM2HP as a “system” can appear complicated, even “cranky.” Let me state furthermore, managing any system made up of multiple components from different commercial sources can be cranky. The more the owner knows about their system and its components, the better the chances of maintaining connectivity. What I have learned through trial and error is, if the MBR95 has the cellular modem in “connected” status on the <Internet Connections> tab of the router, then the browser can’t see the Bullet, and so users cannot logon to it. I suspect this has to do with limitations of the MBR95 firmware.
What I have learned to do is ALWAYS logon to the MBR95 first. I start by selecting the <Internet Connections> tab. There are entries on the connections list for all connections the user has defined. At a minimum, there will be entries for the Bullet and the cellular modem. There are up/down arrows on the left of the page, so the first thing I do is move the Bullet “up” to the top (highest priority). Not sure that is necessary, but I do it. After applying that change, one can wait a couple of minutes for the router to “see” that change. The router will “connect” the Bullet (make it the active Internet connection) and change the modem’s status to “Available.” My “normal state” is to see one device as “connected” and the other as “available.” In order to logon to the Bullet from a browser, the Bullet must be in “connected” status. The browser can’t get to it if it’s only “available.”
If I now wait a bit, the router will eventually detect the change the connection status. However, I can speed that process along. On the <Internet Connections> tab, there are checkboxes that “enable”/”disable” each connection. Instead of waiting for the router to “figure it out,” users can manually change the checkmarks. Just tick the Bullet and un-tick the modem. The router will change the connection right then, and the Bullet will wind up in “Connected” status.
Once the router reports the Bullet is “connected,” the computer/tablet browser can see the Bullet Logon page, and the user can logon to it. At this point, there will not be Internet connectivity, but the wired Ethernet path to the device is now alive and active.
Logon on to the Bullet and select the <Wireless> tab. That tab has a <Scan> button on it. Select <Scan> and choose the desired AP. Then, scroll down to the real bottom of that page (the true bottom may not be visible if there are a lot of APs in the area.) Enter any security credentials required by the AP and select <Change.> Then scroll up to the top of the <Wireless> tab, and in the top righthand corner, select <Apply.> Changes WILL NOT take effect unless <Apply> is pressed. When <Apply> is clicked, the Bullet will re-boot. It takes a minute or so for that to happen, but once it does, the wi-fi connection to the remote AP should be made, and full Internet connectivity available.
There are two distinct approaches one can take to achieving an installation such as ours aboard Sanctuary:
- A “roll-your-own” solution built from separately purchased commercial components.
- A commercial, pre-configured, packaged solution.
Sanctuary’s installation is a self-installed, self-integrated and self-configured “Do-it-Yourself” project comprised of separately-acquired materials and components. I chose that approach because I have the skills to handle the “computer stuff” to get the configuration working. More importantly, over the long term of ownership, it’s my responsibility to keep it working if/when something flakey happens. My DIY approach makes me thoroughly familiar with the reasons for the design and configuration choices involved. If Sanctuary takes a lightening splash in the future, I can deal with component fallout at the unit level without having to ship something – perhaps several somethings – back to a vendor for repair or replacement. Given my personal knowledge and system familiarity, I avoid the inherent costs and delays involved in needing to locate and hire a local professional when something bad happens.
My personal approach notwithstanding, pre-packaged solutions can be a good choice for technical neophytes/beginners/novices. Range extender packages do not always include routers, so those choosing the packaged approach should contact their vendor-of-choice to be sure everything needed is ordered at the same time.
Specific equipment vendors come and go in this ever-changing and dynamic marketplace. Please let me know if there are obsolete links found in this article.
Established companies in this market at the date of writing included:
- IslandTime PC (http://www.islandtimepc.com/),
- WirieAP (http://www.thewirie.com/),
- Wave Wi-Fi (http://www.wavewifi.com/rogue-wave.html), and
- Wilson Electronics. Wilson recently changed their d/b/a name to “WeBoost (https://www.weboost.com).”
All of the above offer packages suitable for marine installations. IslandTimePC has a particularly strong reputation among boaters. The Wirie AP has the external and internal WiFi radios that are physically mounted in the same box. This can lead to co-channel and/or adjacent channel interference, resulting in data transmission errors and retries. As explained earlier, above, transmission errors result in a performance penalty for the simplicity of “just run power to it” solutions.
Other vendors in this market include “WiFi Solutions – A&A Cruising Equipment,” which has strong buyer testimonials, “5milewifi,” “Bad Boy Extreme,” and “Wifi for Boats.” In the RV market, also see “WiFiRanger.” I have no personal experience with any of these vendors. Years ago, I bought a range extender from “Radiolabs”. Its performance was acceptable on my Windows PC. When I upgraded to a Mac with OSX, Radiolabs flatly refused to support the Mac. They were less than gracious about it. I simply cannot recommend them as a dependable business partner. The larger message to Mac users is, don’t buy a product with hard dependencies on vendor supplied device driver software. If interested in any of these vendors, search them out via http://www.DuckDuckGo.com/ (or for those who don’t mind being tracked, you may use http://www.Google.com/ as your search engine.
Installation of a router is optional. A router is needed here only to support concurrent attachment of multiple client devices or other technical reasons. Some boaters may have neither router nor range extender at present. In a case where there is only a desire to improve wi-fi link reliability, only a range extender is needed. Routers which support both wi-fi and 3G/4G cellular interfaces include the Cradlepoint line and pepink’s “Pepwave SOHO.”
For pre-purchase technical consulting advice on these products, I’d suggest contacting Dave Skolnick, of s/v Auspicious. Dave is an experienced sailor and bluewater cruiser. He has his own communications business including Internet and HF Radio connectivity. Dave understands the marine environment, live aboard lifestyle and boater’s communications needs. He can be reached at firstname.lastname@example.org, or (443) 327-9084. Limited pre-purchase advice may also available from the 3GStore (http://3gstore.com/) or PowerfulSignal (http://powerfulsignal.com/). Both stores have Internet testimonials as having knowledge of the needs of mobile users and of having been helpful to beginners. I have no personal experience with either.
HARDWARE CONFIGURATION NOTES:
In our diagram, items that require configuration settings at setup time are highlighted in yellow. Note that there are many, many more settings in the router and range extender firmware than just those shown above. For all settings not shown above, I suggest starting with the manufacturer’s defaults, which are fine for the vast majority of users. To configure router and range extender firmware, see the device user guides. Make note of passwords you change! You will need them in the future.
Some thoughts on range extender installation and setup:
- It is easier to install and configure a range extender by directly connecting to it using a wired Ethernet connection to the computer; that is, temporarily eliminate the router from the system while configuring the range extender.
- Once range extender configuration is completed and shown to be working, add the router back into the system. Then, browse in sequence to the router and the range extender to perform the remaining setup necessary to integrate the two devices.
- Perform final testing of the installation with a real shoreside AP. Make any configuration changes/corrections if/as necessary until the system works as intended.
I have decided against providing screen shots of configuration settings of Sanctuary’s installation. Since manufacturers periodically release OS and firmware updates to introduce new functionality and fix problems, over time screen shots and configuration descriptions age and become obsolete. For novices, use of obsolete descriptions for guidance can create more confusion than insight. Rather than screen shots, I show settings that need to be configured at setup-time, and need to be made compatible. I show the settings that I have implemented, however I leave it to the reader to review their specific product’s user manuals and implement setup details needed by their own selection of installed hardware. A thorough, but in 2014 a slightly aged, guide for setting up the Ubiquiti Bullet is located here: http://dl.ubnt.com/Nano_Quick_Set-up.pdf.
What I’ve done aboard Sanctuary is by no means “the only way.” Many experienced RVers and cruisers have written detailed descriptions on router and range extender configuration. Many descriptions include screen shots of firmware pages, albeit mostly no longer reflective of current release firmware. These articles can easily be found by DuckDuckGo searches.
The purchase price of packaged solutions is generally about twice that of “roll-your-own” solutions, but not terribly expensive in terms of other “marine” instruments and accessories. “Roll-your-own” solutions range around $150.00 – $250.00 vs. maybe $350.00 – $600.00 for packaged solutions. Low vs. high in the range depends on whether or not a router is included in the project. Configuring “roll-your-own” solutions depends on the specific selection of components and vendors. Based on the components selected, there can be a wide variety of wired and wireless solutions. With “roll-your-own” solutions, the burden of product selection, installation, configuration and ongoing technical support is completely the responsibility of the buyer/owner. Each solution has unique configuration issues. Consult your vendor(s) for details.
For Sanctuary’s SOHO Router, I selected the CradlePoint MBR-95 and purchased the router from the Amazon Marketplace ($125) 1. CradlePoint router models have features that are particularly useful to RVers and cruisers. CradlePoint models all support wired and wireless LAN, as well as wired and wireless Ethernet WAN. They include support for cellular USB modem attachments (Verizon Wireless, ATT, etc). One CradlePoint feature is “Wi-Fi As WAN.” In “Wi-Fi as WAN” mode, CradlePoint routers will wirelessly connect to a remote wi-fi shoreside access point, just as a client device would. By itself, this is a range extender with intermediate transmitter power. Additionally, if also using an external higher powered Range Extender with a wireless interface, such as the WirieAP, this allows wireless data connection to the AP in the Range Extender. CradlePoint routers also have a desirable feature called “failover.” At setup time, the device is configured a default relative priority for the WAN and the cellular interfaces. The router will automatically switch to the other network interface if either the WAN or cell interface has a usable signal. If both interfaces have usable signals, it will connect to whichever interface has the highest user-defined priority.
For Sanctuary’s wi-fi range extender, I selected the Ubiquiti Bullet M2 HP. It is a high power wi-fi link device. (http://www.ubnt.com/bullet); $75 (Bullet) + $25 (antenna) + $15 (120VAC Ubiquiti Power Over Ethernet (PoE)) adapter that powers the Bullet. Version are available for 12VDC use. All components are available from http://www.amazon.com/. Add the small cost for needed Ethernet cabling and miscellaneous mounting hardware. Note that the Ubiquiti is the hardware platform of choice for many of the “packaged solutions,” so it’s known in the industry to be a reliable and effective device. I selected an EnGenius model EAG-2408, 8-db wi-fi antenna that physically mounts directly to the Bullet. That eliminates cable losses that affect GHz frequency antenna feedline installations. The Bullet gets it’s power over the Ethernet cable, and I use a Ubiquiti PoE-15 power adapter.
1 Post-purchase follow-up report on my experience with CradlePoint’s “1-Year Unconditional” Factory Warranty.
I am an individual retail consumer/shopper/buyer of a CradlePoint MBR95 SOHO router. Based on two interactions with CradlePoint technical support, I must conclude that customer support for individual buyers does not seem to be a “customer satisfaction” or “customer experience” priority of CradlePoint as a company. CradlePoint technical support is hard to reach and support seems un-enthusiastic at best.
First, the firmware of my router (v5.0.4) does not correctly display connected client devices; specifically, the “Status/Client List” firmware page does not agree with “Network Settings/DHCP Server” firmware page. In March, 2014, I reported that to CradlePoint. I was refused access to an actual tech support rep, but the woman who answered told me show “would ask” about the issue. When she returned, she said tech support had told her that engineering “is aware of the problem and it would be corrected in the upcoming firmware upgrade (v5.0.4).” It was not. Granted, this problem is only an annoyance. It does not seriously affect my day-to-day operation and is not a high severity issue. However, it does make working with multiple client devices more of a challenge.
Second, in July, 2014, I experienced a total wi-fi radio failure with my still within warranty MBR95. In working through that transaction, I learned that CradlePoint uses highly unusual terms around their manufacturer’s warranty. CradlePoint’s 1-year “repair or replace at our option” warranty is not unconditional. The principle surprise is, buyers must purchase the product directly from CradlePoint or from one of their “authorized resellers” to be eligible for the warranty. To me, this just seems to be a policy intended to discourage price shoppers and independent resellers. For buyers who “price-shop the Internet” for computer accessories, it may or may not be obvious that this policy limitation exists at all. If the buyer is aware it exists, it may be impossible to determine if a low-price reseller is, indeed, an “authorized reseller.” The result is, any possible future warranty claim will get summarily denied by CradlePoint. Initially, CradlePoint denied my claim because – in error – my Amazon.com reseller was not listed in their database as an authorized reseller. Being retired, when not cruising, I can waste my “leisure time” pursuing fairness problems. I contacted Amazon.com and the Amazon Marketplace reseller from whom I bought. I found that the reseller is indeed a “branded subsidiary” of a firm that is a CradlePoint “authorized reseller.” Armed with that information, I did eventually achieve satisfaction from CradlePoint. The warranty replacement router is now installed and working very well; maybe better than the original. That said, I am certain other buyers have not been treated properly under this warranty policy. Had I not been persistent, tenacious and assertive in pursuing it, I would have been denied the value of my investment. Again I conclude, the “customer experience,” and “customer satisfaction,” is not a priority for CradlePoint, at least in their retail market. So even though the product functionality is a great match for my needs, the maxim remains: “Buyer Beware!”