manualshive.com logo in svg

Cradlepoint MBR1400LE-VZ, Product Manual

The Cradlepoint MBR1400LE-VZ is a powerful networking device designed for high-speed connectivity. To make the most of its features, download the comprehensive Product Manual for free from manualshive.com. This manual provides essential instructions and troubleshooting tips, ensuring seamless usage of this cutting-edge device.

Share
Download
background image

CRADLEPOINT 

MBR1400 | USER MANUAL – Firmware version 4.4

 

© 2013 

CRADLEPOINT, INC.                                        PLEASE VISIT 

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

 FOR MORE HELP AND RESOURCES 

 

 

 

  PAGE 88  

 

 

FTP: 

To allow normal mode when using File Transfer Protocol. This is not needed for passive mode. This is 

enabled by default.

 

 

IRC: 

For Direct Client to Client (DCC) transfer when using Internet Relay Chat. You may wish to forward TCP port 

113 for incoming identd (RFC 1413) requests.

 

6.4.6

 

Firewall Options (Advanced) 

Anti-Spoof: 

Anti-Spoof checks help protect against 

malicious users faking the source address in packets they 
transmit in order to either hide themselves or to 
impersonate someone else. Once the user has spoofed their address they can launch a network attack without revealing 
the true source of the attack or attempt to gain access to network services that are restricted to certain addresses. 

6.4.7

 

Remote Administration Access Control (Advanced) 

Enable Remote Administration Access Control: 

Selecting this option allows you to make remote administration tools 

available to only the specified IP addresses. Access from all other IP addresses will be blocked. This option only filters IP 
addresses: you must enable Remote Management separately (

System Settings 

→ Administration

). 

The services affected by this include remote HTTP, HTTPS, SNMP, and SSH configuration tools. This does not restrict 
access to LAN-based administration, i.e. devices within your network still have administration access. The individual 
remote administration services can be enabled under 

System Settings 

→ Administration

 

→ Remote Management. 

 

 

 

Summary of Contents for MBR1400LE-VZ

Page 1: ......

Page 2: ... 5 0 Jeremy Cramer 1 4 May 15 2012 Added features for Firmware version 3 6 0 Jeremy Cramer 2 0 Dec 28 2012 Added features for Firmware version 4 1 1 and updated for ARC MBR1400LP AT Jeremy Cramer 2 1 Feb 25 2013 Added features for Firmware version 4 2 and hardware version 2 0 Jeremy Cramer 2 2 Aug 26 2013 Added features for Firmware version 4 4 Jeremy Cramer Trademarks CradlePoint and the CradlePo...

Page 3: ...P WIZARD 30 4 3 QUICK LINKS 36 4 4 CONFIGURATION PAGES 37 4 5 ENTERPRISE CLOUD MANAGER REGISTRATION 39 4 6 IP PASSTHROUGH SETUP 40 5 STATUS 41 5 1 CLIENT LIST 42 5 2 DASHBOARD 44 5 3 GPS 47 5 4 GRE TUNNELS 48 5 5 HOTSPOT CLIENTS 49 5 6 INTERNET CONNECTIONS 50 5 7 ROUTING 62 5 8 STATISTICS 65 5 9 SYSTEM LOGS 68 5 10 VPN TUNNELS 69 5 11 WIPIPE QOS 70 6 NETWORK SETTINGS 71 6 1 CONTENT FILTERING 72 6 ...

Page 4: ...NELS 171 7 8 WIFI AS WAN BRIDGE 183 7 9 WAN AFFINITY AND LOAD BALANCING 188 8 SYSTEM SETTINGS 192 8 1 ADMINISTRATION 193 8 2 DEVICE ALERTS 205 8 3 ENTERPRISE CLOUD MANAGER 208 8 4 FEATURE LICENSES 210 8 5 HOTSPOT SERVICES 211 8 6 SERIAL REDIRECTOR 215 8 7 SNMP CONFIGURATION 217 8 8 SYSTEM CONTROL 220 8 9 SYSTEM SOFTWARE 221 9 GLOSSARY 223 10 APPENDIX 237 10 1 PRODUCT INFORMATION AND SAFETY GUIDE 2...

Page 5: ...grated 3G 4G business grade modem o ARC MBR1400LE 4G LTE EVDO for Verizon o ARC MBR1400LP AT 4G LTE HSPA for AT T o ARC MBR1400LP2 EU 4G LTE HSPA for Europe o ARC MBR1400LP 4G LTE HSPA for Canada o ARC MBR1400W 4G WiMAX for Sprint or CLEAR Discontinued o MBR1400E VZ 3G EVDO for Verizon o MBR1400E SP 3G EVDO for Sprint 1 2 System Requirements At least one Internet source a CradlePoint 3G 4G busines...

Page 6: ...l The MBR1400 features failover failback secure VPN multiple encryption modes for maximum security dual band WiFi broadcast private and public networks WiFi as WAN Modem Health Management and remote management options with WiPipe Central for deployed units CradlePoint provides enterprise grade performance security and the modem reliability businesses need to ensure continuous uptime Create an inst...

Page 7: ... that allows users to track and manage modem use relative to data plans NAT less routing and VPN NAT traversal SNMP support USB to serial console passthrough support IP passthrough support OSPF BGP RIPv1 and RIPv2 VRRP and STP requires hardware version 2 0 Site to site dynamic VPN with NHRP requires hardware version 2 0 Network Mobility NEMO available as a licensed feature requires hardware versio...

Page 8: ...on provided by CradlePoint routers enables businesses to provide their customers with a public WiFi hotspot with access controls The controls can be as simple as requiring acceptance of a terms of service agreement while advanced features allow administrators to control and monitor usage require login direct users to specific web pages provide revenue through services fees or paid advertising and ...

Page 9: ...ically designed to provide the highest level of performance reliability and security for 24x7 business critical applications Antennas can be located and oriented to receive the highest signal strength The ARC Series intelligently manages the coexistence between the mobile broadband signal and the WiFi broadcast of the router Choose from the following ARC MBR1400 Products MBR1400LE VZ 4G LTE EVDO f...

Page 10: ...00 Mbps EVDO 3 1 Mbps theoretical Uplink Rates LTE 50 Mbps EVDO 1 8 Mbps theoretical Frequency Band LTE Band 13 700 MHz CDMA EVDO Rev A 1xRTT 800 1 900 MHz Power LTE 23 1 dBm EVDO 24 1dBm typical conducted Module Sierra Wireless MC7750 Module Antennas two SMA male plug 1 dBi LTE 2 dBi Cellular PCS gain finger tighten only maximum torque spec is 7 kgf cm GPS standalone GPS support Industry Standard...

Page 11: ...eoretical Uplink Rates LTE 50 Mbps HSPA 5 76 Mbps theoretical Frequency Bands LTE Band 17 700MHz Band 4 AWS UMTS HSPA 850 1900 2100 MHz EDGE GPRS GSM 850 900 1800 1900 MHz Module Power LTE 23 1 dBm UMTS 23 1 dBm typical conducted Module Sierra Wireless MC7700 Module Antennas two SMA male plug 1 dBi LTE 2 dBi gain finger tighten only support for GPS on aux connection GPS standalone GPS support Indu...

Page 12: ...bps theoretical Uplink Rates LTE 50 Mbps HSPA 5 76 Mbps theoretical Frequency Bands LTE 800 900 1800 2100 2600 MHz HSPA UMTS 900 2100 MHz EDGE GPRS GSM 900 1800 1900 MHz Module Power LTE 23 1 dBm UMTS 23 1 dBm typical conducted Module Sierra Wireless MC7710 Module Antennas two SMA male plug 1 dBi LTE 2 dBi gain finger tighten only support for GPS on aux connection GPS standalone GPS support Indust...

Page 13: ...oretical Uplink Rates LTE 50 Mbps HSPA 5 76 Mbps theoretical Frequency Bands LTE Band 17 700MHz Band 4 AWS UMTS HSPA 850 1900 2100 MHz EDGE GPRS GSM 850 900 1800 1900 MHz Module Power LTE 23 1 dBm UMTS 23 1 dBm typical conducted Module Sierra Wireless MC7700 Module Antennas two SMA male plug 1 dBi LTE 2 dBi gain finger tighten only support for GPS on aux connections GPS standalone GPS support Indu...

Page 14: ...Rates 5 Mbps peak 1 2 Mbps average Frequency Band 2 500 MHz band Power 23 5 0 5 dBm RSU CPE Module Beceem 250 chipset Module Antennas two SMA male plug 5 dBi gain finger tighten only maximum torque spec is 7 kgf cm GPS no GPS support Industry Standards Certs FCC Sprint Clearwire Modem Part Number MC100W For optimum performance antennas on the MBR1400W SP should be pointed in opposite directions as...

Page 15: ...bps theoretical Frequency Band CDMA EVDO Rev A 1xRTT 800 1 900 MHz Power 24 0 5 dBm typical conducted Module Sierra Wireless 5728v Module Antennas two SMA male plug 2 dBi gain Industry Standards Certs modem model MC100E Verizon IOT FCC Part 15 22 24 CDG Stages 1 2 IS 2000IA 98D E IS 134 IS 637B IS 683A IS 707A IS 856 IS 866 JESD22 A114 B JESD22 C101 Modem Certification Model Number MC100E Modem Ce...

Page 16: ...3 1 Mbps theoretical Uplink Rates 1 8 Mbps theoretical Frequency Band CDMA Rev A 1xRTT 800 1 900 MHz Power 24 0 5 dBm typical conducted Module Sierra Wireless 5728v Module Antennas two SMA male plug 2 dBi gain Industry Standards Certs modem model MC100E Sprint FCC Part 15 22 24 CDG Stages 1 2 IS 2000IA 98D E IS 134 IS 637B IS 683A IS 707A IS 856 IS 866 JESD22 A114 B JESD22 C101 Modem Certification...

Page 17: ...CRADLEPOINT MBR1400 USER MANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 15 2 HARDWAREOVERVIEW ...

Page 18: ...CRADLEPOINT MBR1400 USER MANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 16 2 1 Ports Buttons and Switches ...

Page 19: ...can return your router to factory default settings by pressing and holding the Reset button This button is recessed so it requires a pointed object such as a paper clip to press Press and hold for 10 seconds to initiate reset WPS Button WiFi Protected Setup When you press the WPS button for five seconds it allows you to use WPS for WiFi security The LED will illuminate blue to indicate WPS status ...

Page 20: ...RADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 18 2 2 LEDs LAN and WAN LEDs The default settings are shown LAN ports can be reconfigured to function as WAN ports and vice versa the LEDs will function accordingly ...

Page 21: ...he three included WiFi antennas to the connectors for maximum WiFi broadcast To attach hold the antenna straight and twist the base of the antenna to connect folding the joint if needed Please note that 2 4 GHz antennas are provided 5 GHz antennas are available as an accessory Connect the 12v DC power adapter to the router and a power source Flip the power switch to the ON position this illuminate...

Page 22: ...pear on the list select this network 2 Log in Input the Default Password when prompted The Default Password is provided on the product label found on the bottom of your router this password is also the last eight digits of the router s MAC address which can be found on the product box or product label NOTE If more than one MBR1400 wireless router is visible find the correct unit by checking for it...

Page 23: ...res of the MBR1400 you will need to log into the administration pages Access your router s Administrator Login screen by opening a web browser window and typing cp your router s default hostname or the IP address 192 168 0 1 into the address bar Enter your Default Password This password can be found on the bottom of the MBR1400 Then click the LOGIN button When you log in for the first time the Fir...

Page 24: ...ork Name or the Security Mode password If so you will need to reconnect to the MBR1400 network Find the network Look for your new personalized network name or the default SSID of the form MBR1400 xxx Log in using your new personalized WiFi security password or the Default Password found on the product label on the bottom of the router Your network should now be up and running and users who have th...

Page 25: ... data plan can be transferred from an existing account You will need the ESN number or SIM IMEI number depending on your carrier plan from the product label on your modem to add or transfer a line of service After adding a data plan to the modem you may need to activate the modem 1 Log in to the MBR1400 administration pages see Accessing the Administration Pages 2 Select Internet from the top navi...

Page 26: ... are using a WiMAX modem you need to set the WiMAX Realm This can be done in the administration pages Log in using the hostname cp or IP address http 192 168 0 1 in your browser Go to Internet Connection Manager In the WAN Interfaces section select your modem and click Edit Select the WiMAX Settings tab and select input your WiMAX Realm Some wireless carriers provide more than one Access Point Nam...

Page 27: ...P KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 25 pages and manually upload the firmware Go to System Settings System Software and click on Manual Firmware Upload If you are still not online after activating the modem go to knowledgebase cradlepoint com for more information ...

Page 28: ...s of your router will give you an indication whether or not a proper connection is being made See the LED STATUS definitions below If the data modem LEDs are not illuminated your modem is not connected and online You may need to update firmware Refer to the previous section Your USB or ExpressCard modem does not work with the router If you are still not online after activating the modem go to know...

Page 29: ...tration of all features The interface is organized with 5 tabs at the top of the screen Getting Started Status Network Settings Internet System Settings Web Interface Essentials contains the following sections to help you more quickly and easily navigate these administration pages 4 1 Administrator Login 4 2 Getting Started First Time Setup Wizard 4 3 Quick Links 4 4 Configuration Pages 4 5 Enterp...

Page 30: ...in To access the administration pages open a Web browser and type the hostname cp or IP address http 192 168 0 1 into the address bar The Administrator Login page will appear Log in using your administrator password Initially this password can be found on the bottom of the MBR1400 unit as the Default Password This password is also the last eight digits of the unit s MAC address ...

Page 31: ...flash approximately 10 15 seconds You can then log in using the Default Password 4 1 1 Router Details The Administrator Login page includes a quick reference section that shows the following information Router Details Model Number MBR1400 Internet Connection Connected Disconnected Wireless Details Status Enabled Disabled Clients The number of attached users Channel The channel number Name The name...

Page 32: ...s is also the last 8 digits of the router s MAC address 3 When you log in for the first time you will be automatically directed to the FIRST TIME SETUP WIZARD Otherwise go to Getting Started First Time Setup 4 CradlePoint recommends that you change the router s ADMINISTRATOR PASSWORD which is used to log in to the administration pages The administrator password is separate from the WiFi security p...

Page 33: ... devices and is the most secure but may not connect to older devices or some handheld devices such as a PSP GOOD WPA1 WPA2 Select this option if your wireless adapters support WPA or WPA2 This is the most compatible with modern devices and PCs POOR WEP Select this option if your wireless adapters only support WEP This should only be used if a legacy device that only supports WEP will be connected ...

Page 34: ...lue of 10 or 26 characters Click NEXT 7 Configuring Your Access Point Name APN If you are using a SIM based modem LTE GSM HSPA with your CradlePoint router you may need to configure the APN before it will properly connect to your carrier Wireless carriers offer several APNs so check with your carrier to confirm the appropriate one to use Some examples include AT T broadband T Mobile epc tmobile co...

Page 35: ...Authentication Some modems require a username and password to be entered to authenticate with a carrier Do not fill in these fields unless you are sure your modem needs authentication Authentication Protocol Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one Select from o Auto o Pap o Chap Username Password ...

Page 36: ...still available Default 30 seconds Range 10 3600 seconds Monitor while connected Select from the dropdown menu Default Off Active Ping A ping request will be sent to the Ping Target If no data is received the ping request will be retried 4 times at 5 second intervals If still no data is received the device will be disconnected and failover will occur When Active Ping is selected the next line give...

Page 37: ...trative password and WPA password or WEP key Move your mouse over your WiFi password to reveal it Please record these settings for future access You may need this information to configure other wireless devices NOTE If you are currently using the MBR1400 WiFi network reconnect your devices to the network using the new wireless network name and security password Click APPLY to save the settings and...

Page 38: ...ternet Connection This links to Status Internet Connections where you can view in depth information about your Internet sources Click on this green dot to link to Internet Connection Manager where you can manage your WAN interfaces Click on the image of four signal bars to open a Modem Connection Quality popup window that shows the strength of your Internet signal WiFi Clients Click to view a sign...

Page 39: ...tion Manager Client Data Usage Data Usage GRE Tunnels Network Mobility NEMO NHRP Interfaces VPN Tunnels WiFi as WAN Bridge WAN Affinity Load Balancing Administration Device Alerts Enterprise Cloud Manager Feature Licenses Hotspot Services Managed Services Serial Redirector SNMP Configuration System Control System Software Status Displays various types of information about your router such as a lis...

Page 40: ...stration or upgrade firmware System Software 4 4 1 Network Settings vs Internet When using the Web interface it will be important to pay attention to the difference between the Internet source for your MBR1400 and the network created by the MBR1400 The Internet tab broadly refers to the router s source of Internet while the Network Settings tab broadly refers to the network created by the router I...

Page 41: ...egistration To register your device with CradlePoint Enterprise Cloud navigate to Getting Started Enterprise Cloud Manager Registration Input your ECM Username and ECM Password and click Register You have now registered the device with Enterprise Cloud Manager If you do not have ECM credentials see http www cradlepoint com ecm for details or sign up at http www cradlepoint com ecm signup ...

Page 42: ...ks Review the list of changes to ensure they are compatible with your router needs All Ethernet ports will be set to LAN i e you cannot use Ethernet as an Internet source for your router All WAN devices will have Load Balance disabled and the highest priority device will be used All network groups except the primary network group will be removed All wireless interfaces will be removed from the pri...

Page 43: ...RADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 41 5 STATUS The Status tab displays information about many different aspects of the router It provides access to 11 submenu options Client List Dashboard GPS GRE Tunnels Hotspot Clients Internet Connections Routing Statistics System Logs VPN Tunnels WiPipe QoS ...

Page 44: ... 11n 20 MHz 130 Mbps 26 dBm 802 11n The transmission standard being used by the client Possible values include 802 11a 802 11b 802 11g and 802 11n 802 11n is the newest and best standard but some older devices may not support it 20 MHz This is the channel width that defines the theoretical data rate in megahertz that the attached computer or device can send to or receive from the router The channe...

Page 45: ...theoretical best quality The value is given as a negative exponent 20 is a very good value while 80 is relatively poor Signal quality can be reduced by distance by interference from other radio frequency sources such as cordless telephones or neighboring wireless networks and by obstacles between the router and the wireless device Time Online Simply the amount of time the device has been connected...

Page 46: ...pth information and or configuration options click on the Detailed Info link beside the category title For each category this links to Router Information System Settings Administration Internet Internet Connection Manager Local Networks Network Settings WiFi Local Networks WiFi Networks Network Settings WiFi Local Networks After the initial setup of the router every time you log in you will automa...

Page 47: ...current session Clock Current local date and time To check for firmware upgrades see System Settings System Software Internet Detailed Info links to Internet Connection Manager State Connected Disconnected Signal Strength Expressed as a percentage Signal Strength is not included if Ethernet is the WAN type WAN Type Ethernet Modem or WiFi as WAN Connection Type Possibilities include DHCP for Ethern...

Page 48: ...s to Network Settings WiFi Local Networks WiFi Radio Channel 1 11 for 2 4 GHz 36 40 44 48 149 153 157 161 or 165 for 5 GHz Transmit Power expressed as a percentage For each WiFi network the following information is displayed SSID Service Set Identifier an identifier for a wireless network o Security WPA2 WPA1 WEP Personal Enterprise or Open Isolated Clients o Network The name of the local network ...

Page 49: ... a graphical view of your router s location See the GPS section in System Settings Administration to enable GPS support GPS information is only displayed if 1 the modem supports GPS 2 your carrier allows the GPS functionality and 3 the modem has sufficient GPS signal strength If no information is displayed check that both the modem and your carrier support GPS If GPS is supported make sure the mod...

Page 50: ...LEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 48 5 4 GRE Tunnels View the status of configured GRE Tunnels To set up or edit a GRE tunnel go to Internet GRE Tunnels Included information Name Status Transmit packets bytes Receive packets bytes ...

Page 51: ...ADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 49 5 5 Hotspot Clients View the status of the clients that have logged in through the Hotspot Captive Portal View Hostname IP address MAC address Data Usage both IN and OUT Time Online You may revoke a client s access to the Internet by clicking the Revoke button ...

Page 52: ...ese devices to see detailed information about that particular device For each type of device different information will be included in the Device Information section Possible devices include Ethernet LTE Modem HSPA Modem WiMAX Modem GSM Modem EVDO Modem WiFi as WAN Depending on the device possible information will be in the following sections Diagnostics General Information IP Information and Stat...

Page 53: ...PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 51 5 6 1 Ethernet General Information Unique Identifier wan Model Type ethernet Port IP Information DNS Servers IP Address Gateway Statistics Incoming Bytes Outgoing Bytes Connection Uptime secs ...

Page 54: ...CES PAGE 52 5 6 2 LTE Modem PANTECH UML290 Diagnostics Home Address MN HA SPI Modem Firmware Version Battery Status MN HA SS Network Address Identifier NAI Signal Strength dBm Rev Tun Battery Level Secondary Home Agent Service Display LTE Primary Home Agent Carrier Status Profile MN AAA SPI PIN Status MN AAA SS Connection State connected idle etc ...

Page 55: ...T COM FOR MORE HELP AND RESOURCES PAGE 53 General Information Product PANTECH UML290 Protocol IP DHCP Unique Identifier ESN IMEI Model UML290VW Type modem Port Manufacturer Pantech Incorporated IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second Incoming Bits Second Incoming Bytes Outgoing Bytes ...

Page 56: ...E 54 5 6 3 HSPA Modem Nokia Datacard Diagnostics Manufacturer Nokia Product Nokia Datacard Model Nokia Internet Stick CS 18 ESN IMEI Modem Firmware Version Mobile Directory Number Carrier ID AT T Carrier Status Signal Strength Signal Error Rate PIN Status General Information Model Nokia Internet Stick CS 18 Unique Identifier Port Profiles 1 9 Type modem ...

Page 57: ...irmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 55 IP Information DNS Servers IP Address Gateway Statistics Incoming Bytes Outgoing Bytes Connection Uptime secs ...

Page 58: ...ch data the router can download or send You can place the router in different locations to see where you get better signal You can also see a LED display of the current signal strength Pressing the router s Signal Strength button will toggle the LED display on and off Base Station ID BSID Signal Strength dBm Center Frequency Calibration Status Don t worry if this says the modem is not calibrated M...

Page 59: ...4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 57 Type WiMAX Port Manufacturer Franklin Wireless Corporation Statistics Outgoing Bits Second Incoming Bits Second Incoming Bytes Outgoing Bytes ...

Page 60: ... Diagnostics Signal Error Rate Modem Firmware Version Battery Status Battery Level Carrier Status Signal Strength dBm PIN Status Connection State connected idle etc General Information Product Nokia Datacard Protocol PPP Unique Identifier ESN IMEI Model Nokia Internet Stick CS 18 Type modem Port Manufacturer Nokia IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second ...

Page 61: ...DLEPOINT MBR1400 USER MANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 59 Incoming Bits Second Incoming Bytes Outgoing Bytes ...

Page 62: ...are Version PRL Version Service Display EVDO Carrier Status Signal Strength dBm Connection Type CDMA Connection State connected idle etc General Information Product MC769 COMCAST Protocol PPP Unique Identifier ESN IMEI Model MC760 COMCAST Type modem Port Manufacturer Novatel Wireless Inc IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second Incoming Bits Second Incoming Bytes O...

Page 63: ...T INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 61 5 6 7 WiFi as WAN Diagnostics Connection State connected idle etc General Information Product Wireless As WAN Unique Identifier Type wwan IP Information Netmask IP Address Gateway ...

Page 64: ...GEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 62 5 7 Routing System Routes displays routes associated with networks connected to the router as well as routes learned from routing protocols such as RIP or BGP Static Routes displays user specified routes configured in Network Settings Routing ...

Page 65: ...13 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 63 GRE Routes displays user specified routes configured in Internet GRE Tunnels VPN Routes displays user specified routes configured in Internet VPN Tunnels ...

Page 66: ...ER MANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 64 NEMO Routes displays user specified routes configured in Internet Network Mobility NEMO ...

Page 67: ... RESOURCES PAGE 65 5 8 Statistics The Statistics submenu option displays basic traffic statistics Wireless Statistics View the signal strength and other wireless modem information The wireless device s signal strength will only be displayed as long as it supports Live Diagnostics Sample rate and size can be adjusted from the dropdown boxes ...

Page 68: ...LEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 66 Data Usage A measure of amount of information that is currently being sent or received through the network Sample rate and size can be adjusted from the dropdown boxes ...

Page 69: ...SE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 67 Failover Failback Load Balance An easy way to view current connective states of the devices plugged into the router as compared to the past Sample rate and size can be adjusted from the dropdown boxes ...

Page 70: ... find relevant messages This router also has external Syslog Server support so you can send the log files to a computer on your network that is running a Syslog utility Auto Update The logs automatically refresh whenever the router creates a new message Update Click to check for new router messages Clear Log Clear the log file Save Log This will open a dialog in your browser that will allow you to...

Page 71: ...T HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 69 5 10 VPN Tunnels View the status of configured VPN tunnels To set up or edit a VPN tunnel go to Internet VPN Tunnels Included information Name Connections Status Protocols Transferred Direction Time Online Control ...

Page 72: ...irmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 70 5 11 WiPipe QoS View the breakdown of packets and bytes sent and received associated with each WiPipe QoS rule ...

Page 73: ... NETWORKSETTINGS The Network Settings tab provides access to 9 submenu options for administering the following functions tasks These functions are all related to controlling the LAN Local Area Networks the networks you set up with the MBR1400 Content Filtering DHCP Server DNS Firewall MAC Filter Logging Routing Routing Protocols WiFi Local Networks WiPipe QoS ...

Page 74: ...ilter Rules allow you to control access from your network to external domains or websites Rules are assigned to a specific LAN network or all networks The highest priority rule will have precedence when there is a conflict Addresses can be added by URL Domain name or by IP address Exceptions to existing rules can be created by adding another rule with higher priority For example if access to espn ...

Page 75: ... website you wish to control access for e g www google com To make sure the full domain is blocked enter the most inclusive domain e g google com will effectively block www google com as well as maps google com and images google com Alternatively you can use an IP address e g 8 8 8 8 or address range written in CIDR notation e g 8 8 8 0 24 Filter Action Select Block or Allow Rule Priority Higher n...

Page 76: ...he following dropdown options Allow Access default Block Access When a network is set to Allow Access it will allow access to sites not specifically blocked in the WebFilter Rules When a network is set to Block Access it will block access to sites not specifically allowed in the WebFilter Rules Filter URLs by IP Address Default No Changing this option to Yes will cause the router to perform a DNS ...

Page 77: ...ebFilter Rules MAC Address WebFilter Rules allow you to control access from a specific MAC address to external domains or websites The settings for the MAC Address WebFilter Rules section match those for the Network WebFilter Rules except that you must assign a MAC address instead of a network to each rule See the Network WebFilter Rules section for more configuration details ...

Page 78: ...ses By default each MAC address is allowed website access Click Add Edit to change this setting for a MAC address Input the MAC address and default action you would like to apply to that MAC address Default Action Select from the following dropdown options Allow Access default Block Access When a network is set to Allow Access it will allow access to sites not specifically blocked in the WebFilter...

Page 79: ...r to use these content filtering settings Force All DNS Requests To Router Enabling this will redirect all DNS requests from LAN clients to the router s DNS server This will allow the router even more control over IP Addresses even when the client might have their own DNS servers statically set OpenDNS ISP Filter Bypass Algorithm It is possible that your Internet Service Provider ISP uses the port...

Page 80: ...Select a device and click Reserve to add the device and its IP address to the list of Reservations Reservations This is a list of devices with reserved IP addresses This reservation is almost the same as when a device has a static IP address except that the device must still request an IP address from the router The router will provide the device the same IP address every time DHCP reservations ar...

Page 81: ...inter scanner laptop etc to an IP address of a device on the network 6 3 1 DNS Settings You have the option to choose specific DNS servers for your network instead of using the DNS servers assigned by your Internet provider The default DNS servers are usually adequate You may want to assign DNS servers if the default DNS servers are performing poorly if you want WiFi clients to access DNS servers ...

Page 82: ...u use a Dynamic DNS service provider you can enter your host name to connect to your server no matter what your IP address is Enable Dynamic DNS Enable this option only if you have purchased your own domain name and registered with a Dynamic DNS service provider Server Type Select a dynamic DNS service provider from the pull down list DynDNS DNS O Matic ChangeIP NO IP Custom Server DynDNS clone Cu...

Page 83: ...d in this field You may find out what your external IP address is by going to http myip dnsomatic com in a web browser 6 3 4 Known Hosts Configuration The Known Hosts Configuration feature allows you to map a name printer scanner laptop etc to an IP address of a device on the network This assigns a new hostname that can be used to conveniently identify a device within the network such as an office...

Page 84: ...s 6 4 1 Port Forwarding Rules A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network For example a port forwarding rule might be used to run a Web server Exercise caution when adding new rules as they impact the security of your network Click Add to create a new port forwarding rule or select an existing rule and click Edit Add Edit Port Forwardin...

Page 85: ...field to open a port for a Web server on a computer within your network The Internet Port s field could then also be 80 or you could choose another port number that will be used across the Internet to access your Web server If you choose a number other than 80 for the Internet Port connections to that number will be mapped to 80 and therefore the Web server within your network Protocol Select from...

Page 86: ...y not recommended for use by the IETF NPT can help to keep internal network ranges consistent across various IPv6 providers but it cannot be used effectively in all situations The primary purpose for CradlePoint s NPT implementation is for failover failback and load balancing setups LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition...

Page 87: ...k range For example in order to host a server you might have opened ports with a port forwarding rule that could expose your LAN to cyber attacks With an incoming IP filter rule you can restrict the access to your LAN to only known devices Name Name your rule Enabled Selected by default Log When checked each packet matching this filter rule will be logged in the System Logs Action Allow or Deny Pr...

Page 88: ... If you leave these values blank then all IP addresses and ports will be included IP Source and IP Destination options can be used to differentiate between the directions that packets go You could permit packets to come from particular IP addresses but then not allow packets to return to those addresses Example of an IP Filter Rule Suppose you have opened a port in your firewall in order to run a ...

Page 89: ... under Network Settings DHCP Server and reserve the IP address for the device As with port forwarding use caution when enabling the DMZ feature as it can threaten the security of your network Only use DMZ as a last resort 6 4 5 Application Gateways Advanced Enabling an application gateway makes pinholes through the firewall This may be required for some applications to function or for an applicati...

Page 90: ... address they can launch a network attack without revealing the true source of the attack or attempt to gain access to network services that are restricted to certain addresses 6 4 7 Remote Administration Access Control Advanced Enable Remote Administration Access Control Selecting this option allows you to make remote administration tools available to only the specified IP addresses Access from a...

Page 91: ...emote Access Addresses IP Address The IP address that will be allowed to access administrative services through the WAN Netmask Optional The netmask allows you to specify what IP address sets will be allowed access If this field is left empty a netmask of 255 255 255 255 will be used which means that only the single specified IP address would have remote administration access ...

Page 92: ...ou to create a list of devices that have either exclusive access whitelist or no access blacklist to your wireless LAN Enabled Click to allow MAC Filter options Whitelist Select either Whitelist or Blacklist from a dropdown menu In Whitelist mode the router will restrict WiFi access to all computers except those contained in the MAC Filter List panel In Blacklist mode listed devices are completely...

Page 93: ...o System Settings Device Alerts to set up these email alerts Ignored MAC Addresses This is the list of MAC addresses that will not produce an alert or a log entry when they are connected to the router These should be MAC addresses that you expect to be connected to the router To add MAC addresses to this list simply select devices shown in the MAC Address Log and click Ignore You can also add addr...

Page 94: ...computer belongs to and which other IP addresses the computer can see in the same LAN An IP address of 192 168 0 1 along with a Netmask of 255 255 255 0 defines a network with 256 available IP addresses from 192 168 0 0 to 192 168 0 255 NOTE 255 255 255 255 is used to signify only the host that was entered in the IP Network Address field Gateway Specifies the next hop to be taken if this route is ...

Page 95: ...ols require hardware version 2 0 Choose from the following tabs to configure routing protocols BGP Routing Protocol OSPF Routing Protocol RIP Routing Protocol Route Maps and Filters 6 7 1 BGP Routing Protocol The latest version of BGP Border Gateway Protocol is version 4 BGP 4 is one of the Exterior Gateway Protocols and de facto standard of Inter Domain routing protocol BGP 4 is described in RFC1...

Page 96: ...sign networks to this ASN Neighbor Options Creates a new neighbor identified by remote ASN and IP address Redistribute Routes Redistribute routes of the specified protocol or kind into BGP with the metric type and metric set if specified filtering the routes using the given route map if specified Redistributed routes may also be filtered with distribute lists Type The type is the source of the rou...

Page 97: ...uter but need not be it can be any arbitrary 32bit number However it MUST be unique within the entire OSPF domain to the OSPF speaker bad things will happen if multiple OSPF speakers are configured with the same router ID Authentication Key This sets the router ID of the OSPF process The router ID may be an IP address of the router but need not be it can be any arbitrary 32 bit number However it M...

Page 98: ...ing Information Protocol is a widely deployed interior gateway protocol RIP is a distance vector protocol based on the Bellman Ford algorithms As a distance vector protocol RIP sends updates from one router to its neighbors periodically allowing the convergence to a known topology In each update the distance to any given network will be broadcast to its neighboring router The router supports RIP v...

Page 99: ...is used to specify neighbors In some cases not all routers will be able to understand multicasting where packets are sent to a network or a group of addresses In a situation where a neighbor cannot process multicast packets it is necessary to establish a direct link between routers The neighbor command allows the network administrator to specify a router as a RIP neighbor The no neighbor a b c d c...

Page 100: ...ou want permitted or denied Netmask Use this along with IP Address to specify a range of IP Addresses associated with this Access Lists rule Route Map Route maps provide a means to filter and or apply actions to routes allowing policies to be applied to routes Route maps define rules for transferring between different routing protocols Each statement in a route map is ordered Once there is a match...

Page 101: ...l known communities value 0 o no export alias for well known communities value NO_EXPORT 0xffffff01 o no advertise alias for well known communities value NO_ADVERTISE 0xffffff02 o local AS alias for well known communities value NO_EXPORT_SUBCONFED 0xffffff03 Match This specifies the policy implied if the Matching Conditions are met or not met and which actions of the route map are to be taken if a...

Page 102: ...reless network For example if you change a wireless LAN s IP address devices within that network will lose connection They will have to reconnect to the network The user can set up multiple networks on the MBR1400 each with its own unique configuration and its own selection of interfaces Each local network can be attached to any of the following types of interfaces WiFi Ethernet VLAN For example o...

Page 103: ...AC with DHCP Disable SLAAC and DHCP Access Control Admin Access UPnP Gateway LAN Isolation Attached Interfaces Ethernet ports WiFi VLAN Click Add to configure a new network or select an existing network and click Edit to view configuration options HotSpot Captive Portal When you set a network as a Hotspot under Routing Mode you will also need to 1 Configure hotspot settings under System Settings H...

Page 104: ...essing Multicast Proxy Schedule VRRP STP and Wired 802 1X General Settings Enabled Push to manually disable a network Also some settings could cause a network to be automatically disabled click here to re enable the network Name This primarily helps to identify this network during other administration tasks Hostname Default cp for CradlePoint The hostname is the DNS name associated with the router...

Page 105: ...he following options in the dropdown list NAT Network Address Translation hides private IP addresses behind the router s IP address This is the simplest and most common choice for users because NAT does the translation work for you Standard NAT less routing If you select Standard you must separately configure your IP addresses so that they will be publically accessible Typically you will not selec...

Page 106: ...Settings IPv6 must be enabled through the WAN initially go to Internet Connection Manager to enable IPv6 IPv6 Address Source By default this is set to Delegated which means the IPv6 address range for the LAN is passed through from the WAN side Change this to Static to input your own IPv6 address range here or select None to explicitly disable IPv6 LAN connectivity ...

Page 107: ...erfaces shown on the left in the Available section to move them to the Selected section on the right or highlight an interface and click the button To deselect an interface double click on an interface in the Selected section or highlight the interface and click the button If you want more interface options you must configure additional WiFi Ethernet ports and VLAN interfaces separately See the Lo...

Page 108: ... this network to match the intended use Simply select or deselect any of the following LAN Isolation When checked this network will NOT be allowed to communicate with other local networks UPnP Gateway Select the UPnP Universal Plug and Play option if you want to enable the UPnP Gateway service for computers on this network Admin Access When enabled users may access these administration pages on th...

Page 109: ...tart and Range End These designate the range of values in the reserved pool of IP addresses for the DHCP server Values within this range will be given to any DHCP enabled computers on your network The default values are almost always sufficient default 72 to 200 as in 192 168 0 72 to 192 168 0 200 Example The router uses an IP address of 192 168 0 1 for its primary network by default A computer de...

Page 110: ...an option A complete list of options is available from IANA Value Generally this field should be a string IP address or numeric value Some fields can accept both IP addresses and hostnames in these cases you may need to wrap this value in quotes For example option 66 Server name requires quotes around IP addresses DHCP Relay DHCP Relay communicates with a DHCP server and acts as a proxy for DHCP b...

Page 111: ...CP provides an additional client configuration method and is regularly combined with SLAAC to provide DNS servers a shortcoming in the original SLAAC specification and additional options not supported by SLAAC By defaulting to SLAAC with DHCPv6 all IPv6 capable clients on the network should be configurable with IPv6 connectivity DHCP Range Start The beginning of the range that will be used for IPV...

Page 112: ...o multiple destinations see the Wikipedia explanation of multicast This may be used for IPTV for example Multicast Proxy Select to enable IGMP proxy support to allow multicast streams to flow across this network By default enabling multicast proxy enables a multicast connection with devices within the LAN In rare cases additional IP address ranges need access to the multicast streams Click Add and...

Page 113: ...ple use this to limit a Hotspot network to business hours Schedule Service Default Disabled Select to enable This will open a configurable chart for setting the schedule Each hour of the week is represented by a black or gray square Black represents disabled while gray represents enabled Hover over a square to reveal the hour it represents Click on the squares to toggle between black and gray In t...

Page 114: ...er when no WAN connection is available If the value matches the normal router priority WAN connection state will not be considered If the value is empty the default the router will always give up ownership of the virtual IP and let a new master take over when no WAN connection is available Advertisement Interval Sets the amount of time in seconds between VRRP advertisements which communicate the r...

Page 115: ...nt paths while preventing broadcast radiation from bridge loops Enable STP Enable Spanning Tree Protocol loop detection Bridge Priority Set the priority of the bridge When determining the root bridge of the spanning tree topology the bridge priority is compared first The bridge with the lowest priority value will win If you want this router to be the root bridge then set it to a value less than th...

Page 116: ...AP re authentication period in seconds Authentication settings Auth Server IP Address This is the IP address of the connected RADIUS server Auth Server MAC Address This is the hardware address of the connected RADIUS server s interface NOTE If you don t know the MAC address for the RADIUS server enter 00 00 00 00 00 00 and the service will try to find the MAC address from the given IP address Port...

Page 117: ...cal Network Editor see above Select from the following tabs Wireless WiFi Network Settings Ethernet Port Configuration VLAN Interfaces Wireless WiFi Network Settings The MBR1400 can broadcast as many as four SSIDs service set identifiers the names for WiFi networks One primary WiFi network is enabled by default while you may have enabled a second guest network when using the First Time Setup Wizar...

Page 118: ...It is somewhat harder for hackers to find and attack a router that is not broadcasting its SSID which adds to the wireless security but it is also more difficult for friendly users to attach to a WiFi network with a hidden SSID Isolate Select this to isolate all wireless clients so they cannot directly communicate with each other on the wireless network WMM WiFi Multimedia This is a basic traffic ...

Page 119: ...IUS authentication IP Port and Shared Key Secondary IP and NAS ID optional WPA2 Personal or Enterprise forces AES as the WPA Cipher WPA WPA2 and WPA Personal or Enterprise allow AES TKIP AES and TKIP WEP Auto requires a WEP Key Open has no password or other security measures NOTE If you don t know whether you should choose Personal or Enterprise assume Personal since you need to know RADIUS authen...

Page 120: ...Additional controls for WAN ports are available in Internet Ethernet Settings Mode WAN or LAN Default setting is WAN Wide Area Network for the blue port and LAN Local Area Network for the four orange ports Internet WAN is used to connect to another network such as a hotel or office wired network The WAN connection is used as a possible source of Internet for the MBR1400 Local Network LAN is for co...

Page 121: ...ogical interface is attached to a Local IP Network in the top panel of this page Port Group ID The Group ID field provides a reference to this grouping of ports to be used in other parts of the router configuration For example this ID is referenced in the Local IP Networks configuration to attach this logical group of Ethernet ports with a network configuration Use a simple short text phrase to de...

Page 122: ... and a group of Ethernet ports through which users can access the VLAN Then go back up to the Local Network Editor to attach your new VLAN to a network To use a VLAN the VID must be shared with another router or similar device so that multiple physical networks have access to the one virtual network Click Add to create a new VLAN interface VLAN Editor VID An integer value that is the Virtual LAN I...

Page 123: ...nel Random Selection The router randomly sets the channel Smart Selection Default Scans to determine the lowest interference WiFi channel Channel Selection Schedule When using the Smart channel selection this controls whether the router will periodically rescan for a better channel and change to it Select from Once Daily Weekly or Monthly Note that there may be a momentary WiFi disconnection while...

Page 124: ...conflict with each other which may result in lower throughput Select a channel from the dropdown list 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 2437 MHz 7 2442 MHz 8 2447 MHz 9 2452 MHz 10 2457 MHz 11 2462 MHz For 5 0 GHz the ranges are 36 to 64 and 149 to 165 These channels do not interfere with a WiMAX modem If you choose to use 5 0 GHz you should consider switching antennas The d...

Page 125: ...ize in bytes is greater than the Fragmentation Threshold This setting should remain at its default value Setting the Fragmentation value too low may result in poor performance DTIM A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages When the wireless router has buffered broadcast or multicast messages for associated clients it sends the next...

Page 126: ... multiple Modulation Coding Schemes to enable higher throughput in various environments Since clients can dynamically change rates depending on environment selecting Auto is generally best Short GI Short GI is an optimization for shortening the interval between transmissions May be incompatible with older clients Greenfield Mode Greenfield mode uses an 802 11n only preamble to transmit packets tha...

Page 127: ...es and define your own Traffic Shaping rules Upload Speed and Download Speed Setting the Upload Speed and Download Speed is required to control traffic flow accurately Adjust the sliding bar to restrict the maximum upload and or download speed for the Internet source s you are using For example you might restrict the upload speed to prioritize available bandwidth for download or to reduce overall ...

Page 128: ...s of both upload and download bandwidth to each queue If you assign 80 download bandwidth to the first queue the next queue will be forced to be 20 or less Click Add to create a new Traffic Shaping QoS queue Queue Name Choose a name that is meaningful to you Upload Bandwidth Enable Upload QoS Default Enabled Deselect if you want your rule to apply to download traffic only Leave this selected to in...

Page 129: ...ighest Click Next to continue to the next page Download Bandwidth Enable Download QoS Default Enabled Deselect if you want your rule to apply to upload traffic only Leave this selected to include download restrictions with this queue Borrow Spare Bandwidth Default Enabled When this is enabled the interfaces protocols associated with this rule will borrow unused bandwidth from other rules Disabling...

Page 130: ...tions Default Normal Lowest Lower Below Normal Normal Above Normal High Higher Highest DSCP DiffServ Tag Differentiated Services Code Point DSCP is the successor to TOS Type of Service Use this field to tag the traffic by putting the value in the DSCP header of each IP packet that flows through this queue Use the value of 0 to clear the existing DSCP value in the packet header DSCP Tagging is some...

Page 131: ...OINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 129 6 9 2 Rules A traffic shaping rule identifies a specific message flow and assigns that flow to one of the queues created above Click Add to create a new Traffic Shaping rule ...

Page 132: ...sociate the rule with Rule Enabled Default Enabled Deselect this to disable this rule This can be useful for quickly changing configurations If both upload QoS and download QoS are disabled then the rule will disable automatically Rule Name Create a name for the rule that is meaningful to you Protocol The protocol used by the messages TCP UDP TCP UDP or ICMP Select Any if your rule does not contro...

Page 133: ... an IP address with a netmask for either source or destination or both Source vs destination is defined by traffic flow Leave these blank to include all IP addresses such as if your rule is defined by a particular port instead EXAMPLE If you want to associate this rule with your guest LAN you could input the IP address and netmask for the guest LAN here leaving the last slot 0 to allow for any use...

Page 134: ...NT COM FOR MORE HELP AND RESOURCES PAGE 132 7 INTERNET The Internet tab provides access to 9 submenu items for managing a variety of Internet connection options Connection Manager Client Data Usage Data Usage GRE Tunnels Network Mobility NEMO NHRP Interfaces VPN Tunnels WiFi as WAN Bridge WAN Affinity Load Balancing ...

Page 135: ...e available interface you can set the interface the router uses by default and the order that it allows failover In the example shown Ethernet is set as the primary Internet source while a USB modem is attached for failover The Ethernet is Unplugged while the modem is Connected Load Balance If this is enabled the router will use multiple WAN interfaces to increase the data transfer throughput by u...

Page 136: ...licking on a device reveals the following information State Connected Available etc Port UID Unique identifier This could be a name or number letter combination IP Address Gateway Netmask Stats bytes in bytes out Uptime in seconds Click Edit to view configuration options for the selected device For USB or ExpressCard modems click Control to view options to activate or update the device ...

Page 137: ...ority and the more use the device will get This number will change when you move devices around with the priority arrows in the WAN Interfaces list Load Balance Select to allow this device to be available for the Load Balance pool Download bandwidth Defines the default download bandwidth for use in Load Balance or QoS quality of service or traffic shaping algorithms Range 128 Kb s to 1 Gb s Upload...

Page 138: ... modem only A DNS request will be sent to the DNS servers If no data is received the DNS request will be retried 4 times at 5 second intervals The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server If still no data is received the device will be disconnected and failover will occur Active Ping A ping request will be se...

Page 139: ...0 KB s Time Period 90 seconds Low Rate 10 KB s Time Period 240 seconds Custom Rate range 1 100 KB s Time Period range 10 300 seconds Time Fail back only after a set period of time Default 90 seconds Range 10 300 seconds This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down This ensures that the higher priority inter...

Page 140: ...OM FOR MORE HELP AND RESOURCES PAGE 138 7 1 4 IP Overrides IP overrides allow you to override IP settings after a device s IP settings have been configured Only the fields that are filled out will be overridden Override any of the following fields IP Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server ...

Page 141: ...e are RADIUS TACACS accounting for wireless clients and admin CLI login IP Passthrough not needed with IPv6 NAT not needed with IPv6 Bounce pages UPnP Network Mobility DHCP Relay VRRP GRE GRE over IPSec OSPF NHRP Syslog SNMP over the WAN LAN works There are two main types of IPv6 WAN connectivity native Auto and Static and tunneling over IPv4 6to4 6in4 and 6rd Native Auto and Static The upstream I...

Page 142: ...ends it to a relay server provided by your ISP When you configure IPv6 you have the option to designate DNS Servers and Delegated Networks Because of the dual stack setup these settings are optional when configured for IPv6 the router will fall back to IPv4 settings when necessary DNS Servers Each WAN device is required to connect IPv4 before connecting IPv6 Because of this DNS servers are optiona...

Page 143: ...at will be requested from the ISP to delegate to LAN networks Default 63 Primary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on your prov...

Page 144: ...6 Gateway IP Input the IPv6 remote gateway IP address provided by your ISP Primary IPv6 DNS Server optional Depending on your provider setup this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on y...

Page 145: ...rimary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LANs Depending on your provider this may be required Prefixes specified here only take effect if thos...

Page 146: ... Most tunnel brokers provide a facility to request delegated networks for use through the tunnel Primary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic Additional IPv6 DNS Server Secondary DNS server Delegated IPv6 Network optional Network available for delegation to LAN...

Page 147: ...th should be supplied by your ISP IPv4 Border Router Address This address should be supplied by your ISP IPv4 Common Prefix Mask Input the number of common prefix bits that you can mask off of the WAN s IPv4 address Primary IPv6 DNS Server optional Depending on your provider this may be required This only takes effect if the default global DNS setting on the Network Settings DNS page is Automatic ...

Page 148: ...r PC s MAC Address Connect Method Select the connection type that you need for this WAN connection You may need to check with your ISP or system administrator for this information DHCP Dynamic Host Configuration Protocol is the most common configuration Your router s Ethernet ports are automatically configured for DHCP connection DHCP automatically assigns dynamic IP addresses to devices in your n...

Page 149: ...RADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 147 Static Manual IP Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server PPPoE Username Password Password Confirm Service Auth Type None PAP CHAP ...

Page 150: ...Sprint network can disconnect the modem to apply updates such as for PRL modem firmware or configuration events These activities do not change any router settings but the modem connection may be unavailable for periods of time while these updates occur The modem may also require a reset after a modem firmware update is complete Disabled The request to update will be refused When Disconnected The r...

Page 151: ...Auto all modes Let the modem decide which network to use Auto 3G 3G or less Let the modem decide which 2G or 3G network to use Do not attempt to connect to LTE Force LTE Connect to LTE only and do not attempt to connect to 3G or WiMAX Force 3G EVDO UMTS HSPA Connect to 3G network only Force 2G 1xRTT EDGE GPRS Connect to 2G network only See the following tables for a breakdown of the technologies u...

Page 152: ...parate line The command and associated response will be logged so you should check the system log to make sure there were no errors NOTE AT Config Script should not be used unless told to do so by your modem s cellular provider or by a support technician AT Dial Script This is included for legacy devices only Most users will not use this option Go to SIM APN Auth Settings instead if you need to se...

Page 153: ...CRADLEPOINT MBR1400 USER MANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 151 ...

Page 154: ... your carrier Persist Settings If this is not checked these settings will only be in place until the router is rebooted or the modem is unplugged Active Profile Select a number from 0 5 from the dropdown list The following fields can be left blank If left blank they will remain unchanged in the modem NAI Username realm Network Access Identifier NAI is a standard system of identifying users who att...

Page 155: ...me Warner Cable mobile rr com Comcast mob comcast net TTLS Authentication Mode TTLS inner authentication protocol Select from the following dropdown options MSCHAPv2 MD5 Microsoft Challenge Handshake Authentication Protocol version2 Message Digest Algorithm 5 PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol TTLS Username Username for TTLS authentication TTLS Pa...

Page 156: ...r username and password Access Point Configuration Some wireless carriers provide multiple Access Point configurations that a modem can connect to Some APN examples are isp cingular and vpn com Default Let the router choose an APN automatically Manual Enter an APN by hand Select This opens a table with 16 slots for APNs each of which can be set as IP IPV4V6 or IPV6 The default APN is marked with a...

Page 157: ... FUMO The modem supports Update Activate methods A message will display showing options for each supported method Modem Activation Update Activate Reactivate or Upgrade Configuration Preferred Roaming List PRL Update Firmware Update Management Object FUMO Click the appropriate icon to start the process If the modem is connected when you start an operation the router will automatically disconnect i...

Page 158: ...eral or very specific For example you could create a rule that applies to all WiMAX modems or a rule that only applies to an Internet source with a particular MAC address The Configuration Rules list shows all rules that you have created as well as all of the default rules These are listed in the order they will be applied The most general rules are listed at the top and the most specific rules ar...

Page 159: ...reating a new rule Create a name for your rule and the condition for which the rule applies Rule Name Create a name meaningful to you This name is optional Select each of the following to create a condition for your rule When Port USB Port 1 2 3 ExpressPort 1 2 Select by the port that you are plugging the modem into Manufacturer Select by the manufacturer such as Sierra Wireless Model Set your rul...

Page 160: ...value For example Type is not WiMAX Port is USB Port 1 Once you have established the condition for your configuration rule choose from the other tabs to set the desired configuration Use the arrow buttons along the top to reveal more tab options All of the tab options General Settings Ethernet Settings Modem Settings WiMAX Settings CDMA Settings and SIM APN Settings have the same configuration opt...

Page 161: ...king this information This data is not retained between router reboots For each client this shows Name IP address MAC address amount of data MB and number of packets uploaded amount of data and number of packets downloaded and when traffic was last sent or received for that client Last Traffic The names that are shown are received during a DHCP exchange If a client disconnects and reconnects with ...

Page 162: ... down use of a modem and or send a message when you reach a data usage amount you set Enable Data Usage Default Disabled When you select Enable Data Usage you will see the Data Usage Agreement shown to the right The purpose of this agreement is to ensure that you understand that the data numbers for your router might not perfectly match those of your carrier CradlePoint cannot be held responsible ...

Page 163: ...MB as a percentage of the cap and in a bar graph Click Add to configure a new Data Usage Rule Data Usage Rule page 1 Rule Name Give your rule a name for later recognition WAN Selection Select from the dropdown list of currently attached WAN devices Assigned Usage in MB Enter a cap amount in megabytes 1024 megabytes equals 1 gigabyte Rule Enabled Default Enabled Click to disable Use with Load Balan...

Page 164: ...lect the length of a cycle from a dropdown menu with the following choices Daily Weekly Monthly Cycle Start Date Select the date you wish the rule to begin This date will be used to track when the rule will reset Shutdown WAN on Cap If selected the WAN device will shut down when the assigned usage is reached A cycle reset or a rule deletion will re enable the device Send Alert on Cap An email aler...

Page 165: ...dems that causes your router to send an alert after 1000 MB of usage in a month When you attach a new 4G USB modem your template will immediately create a new Data Usage Rule for the attached modem that sends the alert as specified Click Add to configure a new Template rule Create a Template Name that you can recognize The template will apply to one of the following WAN types All WAN All Ethernet ...

Page 166: ...re In order to set up a tunnel you must know the following Local Network and Remote Network addresses for the Glue Network the network that is created by the administrator that serves as the glue between the networks of the tunnel Each address must be a different IP address from the same private network and these addresses together form the endpoints of the tunnel Remote Gateway the public facing ...

Page 167: ...ate IP address from the following three ranges that doesn t match either network 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 Remote Network This is the remote side of the Glue Network Again the user must create an IP address that is distinct from the IP addresses of the networks that are being glued together The Remote Network and Local Network values will be flip...

Page 168: ...k traffic from the local host or hosts will be allowed through the tunnel Click Add Route to configure a new route You will need to input the following information defined by the remote network Network Address Netmask Default 255 255 255 0 You can set the tunnel to connect to a range of IP addresses or to a single IP address For example you could input 192 168 0 0 and 255 255 255 0 to connect your...

Page 169: ...on NEMO requires a service provider e g Verizon Wireless Private Network with DMNR Dynamic Mobile Network Routing Your NEMO service provider will define many of the settings for your NEMO configuration Once you have a NEMO service provider and a valid feature license add networks to the Networks Routed by NEMO section by first clicking Add In the popup window input Network Address Netmask The Netw...

Page 170: ...Home Agent SPI Your home agent will be defined by your NEMO service provider Renew Registration The NEMO network regularly re registers with the home agent e g every 30 seconds Specify the number of seconds between each check in MTU Override the MTU maximum transmission unit of the NEMO tunnel The TCP MSS maximum segment size is automatically derived from the MTU Leave blank to rely on Path MTU Di...

Page 171: ... directly communicate without requiring an intermediate hop The NHRP Configuration table displays the following fields for each configured NHRP interface Name Name of the GRE tunnel that NHRP will use Protocol Address Prefix GRE tunnel endpoint mapping that NHRP associates with the NBMA server NBMA Address NBMA server address the protocol address prefix is associated with Flags o SD Shortcut Desti...

Page 172: ...ime Specifies the holding time for NHRP registration requests and resolution replies Shortcut Destination Reply with authoritative answers on NHRP resolution requests destined to addresses in this interface instead of forwarding the packets Non Caching Disables caching of peer information from forwarded NHRP resolution reply packets Shortcut Enable creation of shortcut routes Redirect Enable sendi...

Page 173: ...ption protocols The MBR1400 uses IPsec Internet Protocol security to authenticate and encrypt packets exchanged across the tunnel To set up a VPN tunnel with the MBR1400 on one end there must be another device usually a router that also supports IPsec on the other end IKE Internet Key Exchange is the security protocol in IPsec IKE has two phases Phase 1 and Phase 2 The MBR1400 has several differen...

Page 174: ...l is configured to expect an identifier then both must match in order for the negotiation to succeed If NAT T is being used a single word instead of an address can be used if a DynDNS connection is not being used Remote Identity Specifies the identifier we expect to receive from the remote host during phase 1 negotiation If no identifier is defined then no verification of the remote peer s identif...

Page 175: ... this box to simplify setup by streamlining your options WAN Binding WAN Binding is an advanced optional parameter used to configure a VPN tunnel to ONLY operate when the specified WAN device s are available and connected An example use case is a router with both a primary and backup WAN connection and the VPN tunnel should only be used when the system has failed over to the backup connection This...

Page 176: ...then you may consider using the Invert WAN Binding option which will invert the expression to only establish the VPN tunnel when the specified WAN Binding devices are NOT connected Invert WAN Binding Advanced option that inverts the meaning of WAN Binding to only establish this tunnel when the specified WAN Binding device s are NOT connected This is typically useful when the VPN tunnel is being us...

Page 177: ...l to only some of the devices in your network NOTE The local network IP address must be different from the remote network IP address Remote Network Enter the remote Gateway s IP address or fully qualified domain name my domain com It is recommended you use a dynamic DNS host name instead of the static IP address By using the dynamic DNS host name updates of the remote WAN IP are compensated for wh...

Page 178: ...ly the most secure options that your devices support Exchange Mode The IKE protocol has 2 modes of negotiating phase 1 Main also called Identity Protection and Aggressive In Main mode IKE separates the key information from the identities allowing for the identities of peers to be secure at the expense of extra packet exchanges In Aggressive mode IKE tries to combine as much information into fewer ...

Page 179: ...ally determined by the strength of the DH Group Group 5 for instance has greater strength than Group 2 o DH group 1 768 bit key o DH group 2 1024 bit key o DH group 5 1536 bit key In Phase 1 only one DH group can be selected while using Aggressive exchange mode By default all the algorithms encryption hash and DH groups supported by the MBR1400 are checked which means they are allowed for any give...

Page 180: ...enerated in Phase 1 Additionally the new keys generated in Phase 2 with this option enabled are exchanged in an encrypted session Enabling this feature affords the policy greater security Key Lifetime The lifetime of the generated keys of Phase 2 of the IPsec negotiation from IKE After the time has expired IKE will renegotiate a new set of Phase 2 keys Phase 2 has the same selection of Encryption ...

Page 181: ... policy is in use Connection Idle Time allows you to configure how long the router will allow an IPsec session to be idle before beginning to send Dead Peer Detection DPD packets to the peer machine Request Frequency allows you to adjust the delay between these DPD packets to send as quickly as every 2 seconds up to 30 seconds apart Additionally you can specify how many Maximum Requests to send at...

Page 182: ...s especially helpful for matching this information with the router or similar device at the other end of the tunnel Tunnel Name Mode Initiation Mode Pre shared Key Local Network Remote Gateway Remote Network IKE Phase 1 o Exchange Mode o Key Lifetime Secs o Encryption o Hash o DH Groups IKE Phase 2 o PFS o Key Lifetime Secs o Encryption o Hash o DH Groups DPD Click Yes at the bottom of the Tunnel ...

Page 183: ...r a certificate on a local device Disabling certificate support will no longer use any previously loaded certificate but will not delete it from the router Only one certificate at a time is supported IKE ISAKMP Port Internet Key Exchange Internet Security Association and Key Management Protocol port Default 500 This is a standard VPN port that usually does not need to be changed IKE ISAKMP NAT T P...

Page 184: ...one side of a planned VPN tunnel is behind a NAT network address translation firewall the setup of your tunnel requires the following specifications 1 Each side of the tunnel must use both a Local Identity and a Remote Identity These must match the identities on the other side The Local Identity must match the Remote Identity on the other side of the tunnel and vice versa In this case these identi...

Page 185: ...i Bridge features cannot both be used at the same time When either WiFi as WAN or WiFi Bridge is enabled the MBR1400 will find other WiFi networks that you can select and connect to Unless a selected WiFi source is on an unprotected network you will need to know its password or key All CradlePoint routers and some other routers use the same default IP address for the primary network 192 168 0 1 If...

Page 186: ...dress of this router and the attached WiFi access point cannot be the same address To set up WiFi Bridge follow these steps 1 In Internet WiFi as WAN Bridge under WiFi Client Mode click on WiFi Bridge to enable this mode 2 Your bridge network must be enabled under Saved Profiles Either import the desired network from Site Survey or click Add to configure it 3 Once WiFi Bridge is enabled and a brid...

Page 187: ...vice Set Identifier This parameter is required when trying to connect to a hidden network using WiFi as WAN It is optional when connecting to a visible network If it is set in a profile both the SSID and BSSID must match to connect to an access point If the BSSID is not set in a profile then the router will connect to any access point that matches the given SSID Auth Mode The type of encryption th...

Page 188: ... connect to networks in a different band first switch the WiFi settings to that band Network Settings WiFi Local Networks in Advanced Mode You have the option to manually add network profiles but it is usually much easier to import them from Site Survey Either click on Add under Saved Profiles or select a WiFi network in Site Survey and click Import If you import a network from Site Survey most of...

Page 189: ...187 7 8 4 Wireless Scan Settings Scan Interval How often WiFi as WAN scans the environment for updates Default 60 seconds Range 5 3600 seconds Scan While Connected Continue to scan for WiFi as WAN profile updates when connected Each time a scan occurs the wireless communication of the router will be temporarily interrupted Normally this should be disabled ...

Page 190: ...ternet Data Usage The router will make a best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the Data Usage rule for each interface rather than distributing sessions based solely on bandwidth For proper function you need to create data usage rules for each WAN device you will be load balancing Make certain to select the Use with Load Balancing chec...

Page 191: ...lect from the dropdown list to specify the protocol for a particular data use Otherwise leave Any selected Any ICMP TCP UDP GRE ESP SCTP Source IP Address Source Netmask Destination IP Address and Destination Netmask Specify an IP address or range of IP addresses by combining an IP address with a netmask for either source or destination or both Source vs destination is defined by traffic flow Leav...

Page 192: ...pe is LTE You also have the option to replace is with isn t starts with ends with or contains Port Select from the dropdown list of possible WAN ports on the router o WAN Ethernet o LAN Ethernet o Undefined Manufacturer Select from a dropdown list of attached devices Model Select from a dropdown list of attached devices Type Select from the dropdown list of possible WAN types o WiMAX o Modem o LTE...

Page 193: ...load configuration values and the observed capabilities of the device Data Usage This mode works in concert with the Data Usage feature Internet Data Usage The router will make a best effort to keep data usage between interfaces at a similar percentage of the assigned data cap in the Data Usage rule for each interface rather than distributing sessions based solely on bandwidth For proper function ...

Page 194: ... MORE HELP AND RESOURCES PAGE 192 8 SYSTEMSETTINGS The System Settings tab has 9 submenu items that provide access to tools for broad administrative control of the MBR1400 Administration Device Alerts Enterprise Cloud Manager Feature Licenses Hotspot Services Serial Redirector SNMP Configuration System Control System Software ...

Page 195: ... router is configured to use the advanced security mode several aspects of the router s configuration and networking functionality will be extended to support high security environments This includes support for multiple user accounts increased password security and additional network spoofing filters If you plan to use your router in a PCI DSS compliant environment this option is mandatory Admin ...

Page 196: ...you can t delete the user you are currently signed in as In TACACS and RADIUS modes if the servers cannot be reached either because the WAN is down or a response is not received within the selected Server Timeout the router will automatically fall back to using Local Users mode to prevent any potential of being locked out TACACS TACACS stands for Terminal Access Controller Access Control System pl...

Page 197: ...t RADIUS RADIUS stands for Remote Authentication Dial In User Service The router will use a RADIUS server or two optionally to authorize administration Server Timeout If the servers are not reached within the set time possibly because the WAN is down the router will automatically fall back to using Local Users mode to prevent users from being locked out Server Address This can be either an IP addr...

Page 198: ...nternet connection is re established and once a week thereafter the router will ask the server for the current time so it can correct itself You then have the option of selecting an NTP server and adjusting the NTP server port Select the NTP server from the dropdown list Any of the given NTP servers will be sufficient unless for example you need to synchronize your router s time with other devices...

Page 199: ...he Signal Strength button on the physical router Local Domain The local domain is used as the suffix for DNS entries of local hosts This is tied to the hostnames of DHCP clients as DHCP_HOSTNAME LOCAL_DOMAIN System Identifier This is a customizable identity that will be used in router reporting and alerting The default value is the MAC address of the router Require HTTPS Connection Check this box ...

Page 200: ...the administration website For security remote access is usually done via a non standard http port Additionally encrypted connections can be required for an added level of security Require HTTPS Connection Requiring a secure https connection is recommended HTTP Port Default 8080 This option is disabled if you select Require Secure Connection Secure HTTPS Port Default 8443 NOTE You can restrict rem...

Page 201: ...ted Enable GPS support Enables support for querying GPS information from supported modems Enable GPS server on WAN Enables a TCP server on the WAN side of the firewall which will periodically send GPS NMEA sentences to connected clients Enable GPS server on LAN Enables a TCP server on the LAN side of the firewall which will periodically send GPS NMEA sentences to connected clients o GPS server por...

Page 202: ...e 4124 8963 N 41d 24 8963 N or 41d 24 54 N Longitude 08151 6838 W 81d 51 6838 W or 81d 51 41 W Fix Quality 0 Invalid 1 GPS fix 2 DGPS fix 1 Data is from a GPS fix Number of Satellites 05 5 Satellites are in view Horizontal Dilution of Precision HDOP 1 5 Relative accuracy of horizontal position Altitude 280 2 M 280 2 meters above mean sea level Height of geoid above WGS84 ellipsoid 34 0 M 34 0 mete...

Page 203: ...S fix 2 Dif GPS fix xx number of satellites in use x x horizontal dilution of precision x x Antenna altitude above mean sea level M units of antenna altitude meters x x Geoidal separation M units of geoidal separation meters x x Age of Differential GPS data seconds xxxx Differential reference station ID eg3 GPGGA hhmmss ss llll ll a yyyyy yy a x xx x x x x M x x M x x xxxx hh 1 UTC of Position 2 L...

Page 204: ...E CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 202 11 Geoidal separation Diff between WGS 84 earth ellipsoid and mean sea level geoid is below WGS 84 ellipsoid 12 Meters Units of geoidal separation 13 Age in seconds since last update from diff reference station 14 Diff reference station ID 15 Checksum ...

Page 205: ... System ID This option will include the router s System ID at the beginning of every log message This is often useful when a single remote Syslog server is handling logs for several routers Include UTF8 Byte Order Mark The log message is sent using UTF 8 encoding By default the router will attach the Unicode Byte Order Mark BOM to the Syslog message in compliance with the Syslog protocol RFC5424 S...

Page 206: ...ehind another router you may not want to use 3G 4G data unnecessarily Select Use LAN Gateway to set your router services to connect via the LAN LAN Gateway Address Input the IP address of the LAN side connection If this is a 3G 4G failover router operating behind another router the LAN Gateway Address is the IP address of that other router DNS Server and Secondary DNS Server The primary and second...

Page 207: ... MAC Address Used with the MAC monitoring lists An alert is sent when a new unrecognized MAC address is connected to the router WAN Device Status Change An attached WAN device has changed status The possible statuses are plugged unplugged connected and disconnected Configuration Change A change to the router configuration Login Failure A failed login attempt has been detected VPN Tunnel Goes Down ...

Page 208: ... have different specifications for setup so you have to look those up separately The following is an example using Gmail Server Address smtp gmail com Server Port 587 for TLS or Transport Layer Security port the MBR1400 does not support SSL Authentication Required For Gmail mark this checkbox User Name Your full email address Password Your Gmail password From Address Your email address To Address ...

Page 209: ... 207 Advanced Delivery Options Email Subject Prefix This optional string is prefixed to the alert subject It can be customized to help you identify alerts from specific routers Retry Attempts The number of attempts made to send an alert to the mail server After the attempts are exhausted the alert is discarded Retry Delay The delay between retry attempts ...

Page 210: ...ut CradlePoint ECM If you do not have ECM credentials sign up at http www cradlepoint com ecm signup Registering Your Router Once you have signed up for ECM click on the Register Router button to begin managing the router through ECM Input your ECM Username and ECM Password and click Register You have now registered the device with Enterprise Cloud Manager Suspending the ECM Client Click on the Su...

Page 211: ...ue is a starting point for an internal backoff timer that prevents superfluous retries during connectivity loss Unmanaged Checkin Timer How often in seconds the router checks with ECM to see if the router is remotely activated Note that this value is a starting point for an internal backoff timer that reduces network usage over time Maximum Alerts Buffer The maximum number of alerts to buffer when...

Page 212: ...SOURCES PAGE 210 8 4 Feature Licenses Some CradlePoint features may require a license These features are disabled by default To obtain a feature license contact your CradlePoint sales representative Once you have obtained the feature license file upload the file to enable the feature A reboot is required after uploading a feature license file ...

Page 213: ...s tab Select a network in Network Settings WiFi Local Networks and click Edit to open the Local Network Editor The IP Settings tab will already be open the Routing Mode dropdown menu is at the bottom Allow Service on 3G 4G Modems Allows you to enable or disable hotspot access to the Internet over a modem This is often used if the router has a main wired link and a secondary modem for failover typi...

Page 214: ...the user will be directed After the user accepts the terms you can either let him her continue to the URL they were trying to reach or you can force the user to go to a specified URL once before continuing on To the URL the user intended to visit To an administrator defined URL Redirect URL If you have chosen to send users to an administrator defined URL you will need to specify the address Sessio...

Page 215: ...ficient Accounting Port The standard port number 1813 will usually be sufficient Shared Secret Assigned by RADIUS service Redirection On Successful Authentication Choose from the dropdown list of options for redirection o Redirect to the UAM Server o Redirect to the URL that the user intends to visit o Redirect to the following URL input the desired URL Session Timeout Default 60 minutes The amoun...

Page 216: ...d Secret Optional depending on the UAM service NAS Gateway ID Assigned by UAM service 8 5 3 Allowed Hosts Prior to Authentication Adding host names to this list will allow access from your network to any external domain or website prior to being authenticated For example a hotel might allow access to its own website prior to authentication Click Add to enter new hostnames you wish to allow Enter t...

Page 217: ... Enabled Enabling Telnet to Serial will start a Telnet server that passes its connection to the serial adapter Enabling this service is not necessary when accessing serial through SSH LAN Enable serial redirector for LAN connections Authenticated LAN Enable serial redirector for Authenticated LAN connections You must be logged into the router to use the redirector WAN Enable serial redirector for ...

Page 218: ...ptions None No parity checking Default Even parity bit will always be even Odd parity bit will always be odd Mark parity bit will always be odd and always 1 Space parity bit will always be even and always 0 Stop Bits Number of bits to initiate the stop period Select from these dropdown values 1 1 5 and 2 Hardware RTS CTS Use RTS Request To Send CTS Clear To Send to enable flow control Software XON...

Page 219: ...provided by this router SNMP will not be available on guest or virtual networks that do not have administrative access LAN port Use the LAN port field to configure the LAN port number you wish to access SNMP services on Default 161 Enable SNMP on WAN Enabling SNMP on WAN will make SNMP services available to the WAN interfaces of the router WAN port Use the WAN port field to configure which publicl...

Page 220: ...han the Get community string 8 7 1 SNMPv3 If you select SNMPv3 you have several additional configuration options for added security Authentication type Select the authentication and encryption type that will be used when connecting to the router from the following dropdown list These settings must match the configuration used on any SNMP clients MD5 with no encryption SHA with no encryption MD5 wi...

Page 221: ... of the host system that you want trap alerts sent to Trap server port Enter the port number that the remote host will be listening for trap alerts on Default 162 8 7 2 System Information System information via SNMP is Read Writable by default However if a value is set here that field will become Read Only System Contact Input the email address of the system administrator System Name Input the rou...

Page 222: ...ges all settings back to their default values Reboot The Device This causes the router to restart Scheduled Reboot This causes the router to restart at a user determined time Watchdog Reboot This causes the router to automatically restart when it determines an unrecoverable error condition has occurred Ping Test A simple test to check Internet connectivity Type the Hostname or IP address of the co...

Page 223: ...Shows the number of the current firmware and the date it was updated Available Firmware Version If there is a new firmware version available this will list the version number Click Check Again to have the router check the newest firmware Factory Reset Set default settings to match the new firmware This is safest as settings may have changed You should back up your current settings and restore them...

Page 224: ...ig Save Restore Backup Current Settings Click on Save to disk to save your current settings to a file on a computer Restore Settings Click on Upload from file to restore your previous settings from a file on a computer 8 9 3 Firmware Upgrade and System Config Restore Load new firmware and restore your previous settings from a file on a computer without rebooting between steps ...

Page 225: ...addresses so that conversions can be made in both directions ADSL Asymmetric Digital Subscriber Line Advanced Encryption Standard AES Government encryption standard Alphanumeric Characters A Z and 0 9 Antenna Used to transmit and receive RF signals AppleTalk A set of Local Area Network protocols developed by Apple for their computer systems AppleTalk Address Resolution Protocol AARP Used to map th...

Page 226: ...ic Input Output System BIOS A program that the processor of a computer uses to startup the system once it is turned on Baud Data transmission speed Beacon A data frame by which one of the stations in a WiFi network periodically broadcasts network control data to other wireless stations Bit rate The amount of bits that pass in given amount of time Bit sec Bits per second BOOTP Bootstrap Protocol Al...

Page 227: ...ted into binary so that it can be processed or moved to another device Data Encryption Standard Uses a randomly selected 56 bit key that must be known by both the sender and the receiver when information is exchanged Data Link layer The second layer of the OSI model Controls the movement of data on the physical link of a network Database Organizes information so that it can be managed updated as w...

Page 228: ...uter s security mechanisms for the convenience of being directly addressable from the Internet DNS Domain Name System Translates Domain Names to IP addresses Domain name A name that is associated with an IP address Download To send a request from one computer to another and have the file transmitted back to the requesting computer DSL Digital Subscriber Line High bandwidth Internet connection over...

Page 229: ...ights Firewall A device that protects resources of the Local Area Network from unauthorized users outside of the local network Firmware Programming that is inserted into a hardware device that tells it how to function Fragmentation Breaking up data into smaller pieces to make it easier to store FTP File Transfer Protocol Easiest way to transfer files between computers on the Internet Full duplex S...

Page 230: ... device that connects multiple devices together ICMP Internet Control Message Protocol IEEE Institute of Electrical and Electronics Engineers IGMP Internet Group Management Protocol is used to make sure that computers can report their multicast group membership to adjacent routers IIS Internet Information Server is a WEB server and FTP server provided by Microsoft IKE Internet Key Exchange is used...

Page 231: ...bout Internet Protocol Version 4 that identifies each computer that transmits data on the Internet or on an intranet IPsec Internet Protocol Security IPX Internetwork Packet Exchange is a networking protocol developed by Novell to enable their Netware clients and servers to communicate ISP Internet Service Provider Java A programming language used to create programs and applets for web pages Kbps ...

Page 232: ...gital signals from a computer to an analog signal in order to transmit the signal over phone lines It also demodulates the analog signals coming from the phone lines to digital signals for your computer MPPE Microsoft Point to Point Encryption is used to secure data transmissions over PPTP connections MTU Maximum Transmission Unit is the largest packet that can be transmitted on a packet based net...

Page 233: ...s used more than RIP in larger scale networks because only changes to the routing table are sent to all the other routers in the network as opposed to sending the entire routing table at a regular interval which is how RIP functions Password A sequence of characters that is used to authenticate requests to resources on a network Personal Area Network The interconnection of networking devices withi...

Page 234: ...rvice allows for remote users to dial into a central server and be authenticated in order to access resources on a network Reboot To restart a computer and reload its operating software or firmware from nonvolatile storage Rendezvous Apple s version of UPnP which allows for devices on a network to discover each other and be connected without the need to configure any settings Repeater Retransmits ...

Page 235: ...ocol SNMP Simple Network Management Protocol SOHO Small Office Home Office SPI Stateful Packet Inspection SSH Secure Shell is a command line interface that allows for secure connections to remote computers SSID Service Set Identifier is a name for a wireless network Stateful Packet Inspection A feature of a firewall that monitors outgoing and incoming traffic to make sure that only valid responses...

Page 236: ...hat allows network devices to discover each other and configure themselves to be a part of the network Update To install a more recent version of a software or firmware product Upgrade To install a more recent version of a software or firmware product Upload To send a request from one computer to another and have a file transmitted from the requesting computer to the other UPnP Universal Plug and ...

Page 237: ...etworks that is supposed to be comparable to that of a wired network WiFi Wireless Fidelity Used to describe any of the 802 11 wireless networking specifications WiFi Protected Access An updated version of security for wireless networks that provides authentication as well as encryption Wide Area Network The larger network that your LAN is connected to which may be the Internet itself or a regiona...

Page 238: ...ANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 236 Yagi antenna A directional antenna used to concentrate wireless signals on a specific location ...

Page 239: ...ould result in property damage or loss or personal injury of any kind including death to the user or to any other party CradlePoint expressly disclaims liability for damages of any kind resulting from a delays errors or losses of any data transmitted or received using the device or b any failure of the device to transmit or receive such data Warning This product is only to be installed by qualifie...

Page 240: ...ip to the original purchaser or the first purchaser in the case of resale by an authorized distributor for a period of one 1 year from the date of shipment This warranty is limited to a repair or replacement of the product at CradlePoint s discretion CradlePoint does not warrant that the operation of the device will meet your requirements or be error free Within thirty 30 days of receipt should th...

Page 241: ...ES PAGE 239 OTHER BINDING DOCUMENTS TRADEMARKS COPYRIGHT By activating or using your MBR1400 device you agree to be bound by CradlePoint s Terms of Use User License and other Legal Policies all as posted at www cradlepoint com legal Please read these documents carefully CradlePoint the CradlePoint logo and MBR1400 are trademarks of CradlePoint Inc ...

Page 242: ...us 5 WPS WiFi Protected Setup Signal Strength DIMENSIONS 9 x 5 1 x 1 57 230mm x 130mm x 40mm CERTIFICATIONS FCC IC CE WiFi Alliance OPERATING TEMPERATURE 0o C to 40o C DETAILS 2 412 to 2 484 GHz WiFi frequency band operation Compliant with IEEE 802 3 and 3u Standards Supports OFDM and CCK modulation Supports Cable DSL modems with Dynamic IP Static IP PPPoE PPTP or L2TP connection types Traffic Con...

Page 243: ...0 USER MANUAL Firmware version 4 4 2013 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 241 http www cradlepoint com Copyright 2013 by CradlePoint Inc All rights reserved ...

Reviews:

No comments

Related manuals for MBR1400LE-VZ

Magnadyne RV2458 User Manual preview
RV2458
Brand: Magnadyne Pages: 13
Avid Technology MediaStream ConnectPlus 1000 Installation And Operation Manual preview
MediaStream ConnectPlus 1000
Brand: Avid Technology Pages: 74
NETGEAR RP334 Installation Manual preview
RP334
Brand: NETGEAR Pages: 2
dixell XT120C Installing And Operating Insructions preview
XT120C
Brand: dixell Pages: 4
Supero 6027R-E1R12N User Manual preview
6027R-E1R12N
Brand: Supero Pages: 112
Internet Security Systems Proventia A1204 User Manual preview
Proventia A1204
Brand: Internet Security Systems Pages: 42
NETGEAR WAG302 Installation Manual preview
WAG302
Brand: NETGEAR Pages: 2
Perle P841 Specifications preview
P841
Brand: Perle Pages: 2
National Instruments SCXI-1120 User Manual preview
SCXI-1120
Brand: National Instruments Pages: 130
GarrettCom Industrial Network Track OSI Brochure preview
Industrial Network Track OSI
Brand: GarrettCom Pages: 10
IBM EtherLink XL User Manual preview
EtherLink XL
Brand: IBM Pages: 72
Cabletron Systems CyberSWITCH CSX101 User'S Information Manual preview
CyberSWITCH CSX101
Brand: Cabletron Systems Pages: 72
B+B SmartWorx SPECTRE v3 LTE User Manual preview
SPECTRE v3 LTE
Brand: B+B SmartWorx Pages: 50
Cradlepoint MBR900 Quick Start Manual preview
MBR900
Brand: Cradlepoint Pages: 2
Comet Labs 24-Port 1000BASE-T User Manual preview
24-Port 1000BASE-T
Brand: Comet Labs Pages: 44
Abocom SDW11B Specification Sheet preview
SDW11B
Brand: Abocom Pages: 1
ADTRAN 1202052L1 User Manual preview
1202052L1
Brand: ADTRAN Pages: 136
LevelOne ServCon FPS-3003 Quick Install Manual preview
ServCon FPS-3003
Brand: LevelOne Pages: 45

Brands by name

Popular brands

Load more brands