manualshive.com logo in svg

Cradlepoint MBR1400 Series, Product Manual

The Cradlepoint MBR1400 Series' comprehensive Product Manual is available for free download from manualshive.com. This invaluable resource provides users with detailed instructions and insights for optimal usage. Get the most out of your Cradlepoint MBR1400 Series device by accessing the manual today!

Share
Download
background image

  

 

Summary of Contents for MBR1400 Series

Page 1: ......

Page 2: ...rsion 3 3 0 Jeremy Cramer 1 2 Jan 20 2012 Added features for Firmware version 3 4 1 and updated for ARC Jeremy Cramer 1 3 May 1 2012 Added features for Firmware version 3 5 0 Jeremy Cramer Trademarks CradlePoint and the CradlePoint logo are registered trademarks of CradlePoint Inc in the United States and other countries All other company or product names mentioned herein are trademarks or registe...

Page 3: ...RTED FIRST TIME SETUP 26 4 3 QUICK LINKS 31 4 4 CONFIGURATION PAGES 32 5 STATUS 34 5 1 CLIENT LIST 35 5 2 DASHBOARD 37 5 3 GPS 40 5 4 GRE TUNNELS 41 5 5 HOTSPOT CLIENTS 42 5 6 INTERNET CONNECTIONS 43 5 7 STATISTICS 54 5 8 SYSTEM LOGS 57 5 9 VPN TUNNELS 58 6 NETWORK SETTINGS 59 6 1 CONTENT FILTERING 60 6 2 DHCP SERVER 63 6 3 DNS 64 6 4 FIREWALL 67 6 5 MAC FILTER 72 6 6 ROUTING 73 6 7 WIFI LOCAL NET...

Page 4: ... MORE HELP AND RESOURCES PAGE 2 8 3 HOTSPOT SERVICES 157 8 4 MANAGED SERVICES ASK YOUR CRADLEPOINT SALES REPRESENTATIVE FOR DETAILS 162 8 5 SERIAL REDIRECTOR 165 8 6 SYSTEM CONTROL 167 8 7 SYSTEM SOFTWARE 168 9 GLOSSARY 169 10 APPENDIX 183 10 1 REGULATORY INFORMATION 183 10 2 WARRANTY INFORMATION 183 10 3 SPECIFICATIONS 184 ...

Page 5: ...or Verizon o MBR1400W 4G WiMAX for Sprint o MBR1400E VZ 3G EVDO for Verizon o MBR1400E SP 3G EVDO for Sprint 1 2 System Requirements At least one Internet source a CradlePoint 3G 4G Business Grade Modem an Ethernet based modem a broadband data modem with active subscription USB ExpressCard or WiFi as WAN Windows 2000 XP 7 Mac OS X or Linux computer with WiFi adapter 802 11n recommended for WiFi fu...

Page 6: ...tralized remote management Up to 20 concurrent VPN endpoint sessions Compatible with Cisco SonicWall and other VPN termination systems Establish continuous uptime with optimum total cost of ownership for broad deployment Centralize the administration and monitoring of distributed routers using WiPipe Central Simple to install configure and maintain with minimal impact on IT Virtual LAN capabilitie...

Page 7: ... for deployed units CradlePoint provides enterprise grade performance security and the modem reliability businesses need to ensure continuous uptime Create an instant network today with LTE WiMAX or any other wireless broadband technology 1 3 1 Captive Portal The Captive Portal solution provided by CradlePoint routers enables businesses to provide their customers with a public WiFi hotspot with ac...

Page 8: ...lePoint Integrated Business Grade Modems are specifically designed to provide the highest level of performance reliability and security for 24x7 business critical applications Modems can be located and oriented to receive the highest signal strength They also intelligently manage the co existence between the mobile broadband signal and the WiFi broadcast of the router Choose from the following ARC...

Page 9: ...DO 3 1 Mbps theoretical Uplink Rates LTE 50 Mbps EVDO 1 8 Mbps theoretical Frequency Band LTE Band 13 700MHz Cellular PCS 800MHz 1 900 MHz Power LTE 23 1 dBm EVDO 24 1dBm typical conducted Module Sierra Wireless MC7750 Antennas Two SMA male plug 1 dBi LTE 2 dBi Cellular PCS gain Industry Standards Certs Modem Model MC200LE Verizon FCC Part 15 22 24 27 TIA EIA IS 2000 IS 95 B 3GPP Rel 8 Modem Certi...

Page 10: ...eoretical Uplink Rates 1 8 Mbps theoretical Frequency Band Cellular PCS 800MHz 1 900 MHz Power 24 0 5dBm typical conducted Module Sierra Wireless 5728v Antennas Two SMA male plug 2 dBi gain Industry Standards Certs Modem Model MC100E Verizon IOT FCC Part 15 22 24 CDG Stages 1 2 IS 2000IA 98D E IS 134 IS 637B IS 683A IS 707A IS 856 IS 866 JESD22 A114 B JESD22 C101 Modem Certification Model Number M...

Page 11: ...theoretical Uplink Rates 1 8 Mbps theoretical Frequency Band Cellular PCS 800MHz 1 900 MHz Power 24 0 5dBm typical conducted Module Sierra Wireless 5728v Antennas Two SMA male plug 2 dBi gain Industry Standards Certs Modem Model MC100E Sprint FCC Part 15 22 24 CDG Stages 1 2 IS 2000IA 98D E IS 134 IS 637B IS 683A IS 707A IS 856 IS 866 JESD22 A114 B JESD22 C101 Modem Certification Model Number MC10...

Page 12: ... 5 Mbps peak 1 2 Mbps average Frequency Band 2 500 MHz band Power 23 5 0 5 dBm RSU CPE Module Beceem 250 chipset Antennas Two SMA male plug 5 dBi gain Industry Standards Certs Modem Model MC100W Sprint FCC Part 15 subpart C Modem Certification Model Number MC100W Modem Certification Part Number MC100W For optimum performance antennas on the MBR1400W SP should be pointed in opposite directions as s...

Page 13: ...CRADLEPOINT MBR1400 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 11 2 HARDWAREOVERVIEW ...

Page 14: ...CRADLEPOINT MBR1400 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 12 2 1 Ports Buttons and Switches ...

Page 15: ... your router to factory default settings by pressing and holding the Reset button This button is recessed so it requires a pointed object such as a paper clip to press Press and hold for 10 seconds to initiate reset WPS Button WiFi Protected Setup When you press the WPS button for five seconds it allows you to use WPS for WiFi security The LED will illuminate blue to indicate WPS status Devices mu...

Page 16: ...ADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 14 2 2 LEDs LAN and WAN LEDs The default settings are shown LAN ports can be reconfigured to function as WAN ports and vice versa the LEDs will function accordingly ...

Page 17: ...xample one Ethernet source and one USB modem 1 Attach the three included WiFi antennas to the connectors for maximum WiFi broadcast To attach hold the antenna straight and twist the base of the antenna to connect folding the joint if needed Please note that 2 4 GHz antennas are provided 5 GHz antennas are available as an accessory Connect the 12v DC power adapter to the router and a power source F...

Page 18: ... select this network 2 Log in You will need to input the Default Password when prompted The Default Password is provided on the product label found on the bottom of your router this password is the last eight digits of the router s MAC address which can be found on the product box or on the product label NOTE If more than one MBR1400 wireless router is visible you can find the correct unit by chec...

Page 19: ... the MBR1400 you will need to log in to the administration pages Access your router s Administrator Login screen by opening a web browser window and typing cp your router s default hostname or the IP address 192 168 0 1 into the address bar Enter your Default Password This password can be found on the bottom of the MBR1400 Then click the LOGIN button When you log in for the first time you will be ...

Page 20: ...e WiFi Network Name or the Security Mode password If so you will need to reconnect to the MBR1400 network Find the network Look for your new personalized network name or the default SSID of the form MBR1400 xxx Log in using your new personalized WiFi security password or the Default Password found the bottom of the router Your network should now be up and running and users who have the security pa...

Page 21: ...ata plan can be transferred from an existing account You will need the ESN number or SIM IMEI number depending on your carrier plan from the product label on your modem to add or transfer a line of service After adding a data plan to the modem you may need to activate the modem 1 Log in to the MBR1400 administration pages see Accessing the Administration Pages 2 Select Internet from the top naviga...

Page 22: ...net If you are using a 4G WiMAX modem you need to set the WiMAX Realm This can be done on the administration pages Log in using the hostname cp or IP address http 192 168 0 1 in your browser On page 3 of the First Time Setup Wizard go to Getting Started First Time Setup you can set the WiMAX Realm Be sure to click Apply on page 4 to save the change Some wireless carriers provide more than one Acce...

Page 23: ...P AND RESOURCES PAGE 21 of the page Then log in to the router administration pages and manually upload the firmware Go to System Settings System Software and click on Manual Firmware Upload If you are still unable to access the Internet after following the above directions contact CradlePoint Technical Support for further assistance ...

Page 24: ...s LEDs of your router will give you an indication whether or not a proper connection is being made See the LED STATUS definitions below If the data modem LEDs are not illuminated your modem is not connected and online You may need to update firmware Refer to the previous section Your USB or ExpressCard Modem Does Not Work With The Router If you are still not online after updating call CradlePoint ...

Page 25: ...res The interface is organized with a button for toggling between Basic Mode and Advanced Mode and 5 tabs at the top of the screen Getting Started Status Network Settings Internet System Settings Web Interface Essentials contains the following sections to help you more quickly and easy navigate these administration pages 4 1 Administrator Login 4 2 Getting Started First Time Setup 4 3 Quick Links ...

Page 26: ...n To access the administration pages open a Web browser and type the hostname cp or IP address http 192 168 0 1 into the address bar The Administrator Login page will appear Log in using your administrator password Initially this password can be found on the bottom of the MBR1400 unit as the Default Password This password is also the last eight digits of the unit s MAC address ...

Page 27: ...ghts flash Approximately 10 15 seconds You can then log in using the Default Password 4 1 1 Router Details The Administrator Login page includes a quick reference section that shows the following information Router Details Model Number MBR1400 Internet Connection Connected Disconnected Wireless Details Status Enabled Disabled Clients The number of attached users Channel The channel number Name The...

Page 28: ... Press enter return 2 When prompted for your password type the eight character Default Password found on the product label on the bottom of the MBR1400 this is also the last 8 digits of the router s MAC address 3 When you log in for the first time you will be automatically directed to the FIRST TIME SETUP WIZARD Otherwise go to Getting Started First Time Setup 4 CradlePoint recommends that you cha...

Page 29: ...devices and is the most secure but may not connect to older devices or some handheld devices such as a PSP GOOD WPA1 WPA2 Select this option if your wireless adapters support WPA or WPA2 This is the most compatible with modern devices and PCs POOR WEP Select this option if your wireless adapters only support WEP This should only be used if a legacy device that only supports WEP will be connected t...

Page 30: ...ct devices to the router s WiFi broadcast once the security settings have been saved WPA Password The WPA Password must be between 8 and 64 characters long A combination of upper and lower case letters along with numbers and special characters is recommended to prevent hackers from gaining access to your network WEP Key A WEP Key must be either a hexadecimal value of 5 or 13 characters or a text v...

Page 31: ...ures that the modem when attached to the router will properly connect to your carrier s wireless broadband service The MBR1400 will default to the Sprint Realm Select your carrier from the dropdown menu options shown below Clear clearwire wmx net Rover rover wmx net Sprint 3G 4G sprintpcs com Xohm xohm com BridgeMAXX bridgeMAXX com Time Warner Cable mobile rr com Comcast mob comcast net NOTE If yo...

Page 32: ...sword and WPA password or WEP key Move your mouse over the passwords to selectively reveal each password Please record these settings for future access You may need this information to configure other wireless devices NOTE If you are currently using the MBR1400 WiFi network reconnect your devices to the network using the new wireless network name and security password Click APPLY to save the setti...

Page 33: ... the router The black bar across the top provides quick access to important information and controls Internet Connection This links to the Internet Connections page Status Internet Connections where you can view in depth information about your Internet sources Click on the image of four signal bars to open a Modem Connection Quality popup window that shows the strength of your Internet signal WiFi...

Page 34: ...rial Redirector System Control System Software Status Displays various types of information about your router such as a list of clients that are attached to your networks Client List the details of each Internet source your router is using Internet Connections and a map of your router s location GPS Very few changes can be made from this tab because the primary purpose is to display information Ne...

Page 35: ...t source for your MBR1400 and the network created by the MBR1400 The Internet tab broadly refers to the router s source of Internet while the Network Settings tab broadly refers to the network created by the router The following chart highlights this difference Internet tab Internet input Source for MBR1400 WAN Wide Area Network Network Settings tab Internet output Network created by MBR1400 LAN L...

Page 36: ...P KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 34 5 STATUS The Status tab displays information about many different aspects of the router It provides access to 8 submenu options Client List Dashboard GPS GRE Tunnels Internet Connections Statistics System Logs VPN Tunnels ...

Page 37: ...11n 20 MHz 130 Mbps 26 dBm 802 11n The transmission standard being used by the client Possible values include 802 11a 802 11b 802 11g and 802 11n 802 11n is the newest and best standard but some older devices may not support it 20 MHz This is the channel width that defines the theoretical data rate in megahertz that the attached computer or device can send to or receive from the router The channel...

Page 38: ...heoretical best quality The value is given as a negative exponent 20 is a very good value while 80 is relatively poor Signal quality can be reduced by distance by interference from other radio frequency sources such as cordless telephones or neighboring wireless networks and by obstacles between the router and the wireless device Time Online Simply the amount of time the device has been connected ...

Page 39: ...nformation and or configuration options click on the Detailed Info link beside the category title For each category this links to Router Information o System Settings Administration Internet o Internet Connection Manager Local Networks o Network Settings WiFi Local Networks WiFi Networks o Network Settings WiFi Local Networks After the initial setup of the router every time you log in you will aut...

Page 40: ...m Settings System Software Internet Detailed Info links to Internet Connection Manager State Connected Disconnected Signal Strength Expressed as a percentage Signal Strength is not included if Ethernet is the WAN type WAN Type Ethernet Modem or WiFi as WAN Connected Time The time the current Internet source WAN has been connected IP Address Gateway DNS Servers For general configuration options see...

Page 41: ...ccess Admin Access LAN Isolation UPnP Universal Plug and Play and or DHCP To configure a network see Network Settings WiFi Local Networks WiFi Networks Detailed Info links to Network Settings WiFi Local Networks WiFi Radio Channel 1 11 for 2 4 GHz 36 40 44 48 149 153 157 161 or 165 for 5 GHz Transmit Power Expressed as a percentage For each WiFi network the following information is displayed SSID ...

Page 42: ...See the GPS section in System Settings Administration to enable GPS support GPS information is only displayed if 1 the modem supports GPS 2 your carrier allows the GPS functionality and 3 the modem has sufficient GPS signal strength If no information is displayed check that both the modem and your carrier support GPS 1 If GPS is supported make sure the modem is in an area where it can receive a si...

Page 43: ...EASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 41 5 4 GRE Tunnels View the status of configured GRE Tunnels To set up or edit a GRE tunnel go to Internet GRE Tunnels Included information Name Status Transmit packets bytes Receive packets bytes ...

Page 44: ...DLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 42 5 5 Hotspot Clients View the status of the clients that have logged in through the Hotspot Captive Portal View Hostname IP address MAC address Data Usage both IN and OUT Time Online You may revoke a client s access to the Internet by clicking the Revoke button ...

Page 45: ...ne of these devices to see detailed information about that particular device For each type of device different information will be included in the Device Information section Possible devices include Ethernet WiFi GSM Modem EVDO Modem WiMAX Modem LTE Modem Depending on the device possible information will be in the following sections Diagnostics General Information IP Information and Statistics For...

Page 46: ...LEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 44 5 6 1 Ethernet General Information Unique Identifier wan Model Type ethernet Port IP Information DNS Servers IP Address Gateway Statistics Incoming Bytes Outgoing Bytes Connection Uptime secs ...

Page 47: ... INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 45 5 6 2 WiFi as WAN Diagnostics Connection State connected idle etc General Information Product Wireless As WAN Unique Identifier Type wwan IP Information Netmask IP Address Gateway ...

Page 48: ...Diagnostics Signal Error Rate Modem Firmware Version Battery Status Battery Level Carrier Status Signal Strength dBm PIN Status Connection State connected idle etc General Information Product Nokia Datacard Protocol PPP Unique Identifier ESN IMEI Model Nokia Internet Stick CS 18 Type modem Port Manufacturer Nokia IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second ...

Page 49: ...ADLEPOINT MBR1400 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 47 Incoming Bits Second Incoming Bytes Outgoing Bytes ...

Page 50: ...m Firmware Version PRL Version Service Display EVDO Carrier Status Signal Strength dBm Connection Type CDMA Connection State connected idle etc General Information Product MC769 COMCAST Protocol PPP Unique Identifier ESN IMEI Model MC760 COMCAST Type modem Port Manufacturer Novatel Wireless Inc IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second Incoming Bits Second Incoming ...

Page 51: ...CRADLEPOINT MBR1400 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 49 Outgoing Bytes ...

Page 52: ...h data the router can download or send You can place the router in different locations to see where you get better signal You can also see a LED display of the current signal strength Pressing the router s Signal Strength button will toggle the LED display on and off Base Station ID BSID Signal Strength dBm Center Frequency Calibration Status Don t worry if this says the modem is not calibrated Mo...

Page 53: ... 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 51 Type WiMAX Port Manufacturer Franklin Wireless Corporation Statistics Outgoing Bits Second Incoming Bits Second Incoming Bytes Outgoing Bytes ...

Page 54: ...ES PAGE 52 5 6 6 LTE Modem PANTECH UML290 Diagnostics Home Address MN HA SPI Modem Firmware Version Battery Status MN HA SS Network Address Identifier NAI Signal Strength dBm Rev Tun Battery Level Secondary Home Agent Service Display LTE Primary Home Agent Carrier Status Profile MN AAA SPI PIN Status MN AAA SS Connection State connected idle etc ...

Page 55: ... COM FOR MORE HELP AND RESOURCES PAGE 53 General Information Product PANTECH UML290 Protocol IP DHCP Unique Identifier ESN IMEI Model UML290VW Type modem Port Manufacturer Pantech Incorporated IP Information Netmask IP Address Gateway Statistics Outgoing Bits Second Incoming Bits Second Incoming Bytes Outgoing Bytes ...

Page 56: ...RESOURCES PAGE 54 5 7 Statistics The Statistics submenu option displays basic traffic statistics Wireless Statistics View the signal strength and other wireless modem information The wireless device s signal strength will only be displayed as long as it supports Live Diagnostics Sample rate and size can be adjusted from the dropdown boxes ...

Page 57: ...EPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 55 Data Usage A measure of amount of information that is currently being sent or received through the network Sample rate and size can be adjusted from the dropdown boxes ...

Page 58: ...E VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 56 Failover Failback Load Balance An easy way to view current connective states of the devices plugged into the router as compared to the past Sample rate and size can be adjusted from the dropdown boxes ...

Page 59: ...n easily find relevant messages This router also has external Syslog Server support so you can send the log files to a computer on your network that is running a Syslog utility Auto Update The logs automatically refresh whenever the router creates a new message Update Click to check for new router messages Save log to a file This will open a dialog in your browser that will allow you to save the r...

Page 60: ...T HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 58 5 9 VPN Tunnels View the status of configured VPN tunnels To set up or edit a VPN tunnel go to Internet VPN Tunnels Included information Name Connections Status Protocols Transferred Direction Time Online Control ...

Page 61: ...ES PAGE 59 6 NETWORKSETTINGS The Network Settings tab provides access to 8 submenu options for administering the following functions tasks These functions are all related to controlling the LAN Local Area Networks the networks you set up with the MBR1400 Content Filtering DHCP Server DNS Firewall MAC Filter Routing WiFi Local Networks WiPipe QoS ...

Page 62: ... Domain URL filters allow you to block access from your network to any external domain or website Enabling this as a Whitelist instead will allow access to only those sites in the list blocking all other websites Some sites use multiple domains so each of them would need to be added to the list to get full site functionality The default behavior enables the Whitelist for URLs only Select Filter by...

Page 63: ...and tasteless content Best Filters more nudity sexuality and tasteless content Selecting Best will filter all content that is deemed adult content by OpenDNS Custom Custom OpenDNS settings See below for more information In addition to the standard filtering levels you have the following options for filter control Custom OpenDNS To use the Custom OpenDNS setting you need to first create an OpenDNS ...

Page 64: ...DNS O MATIC using your OpenDNS credentials and Add A Service for the network specified above Enable OpenDNS ISP Filter Bypass Algorithm It is possible that your Internet Service Provider ISP uses the port that OpenDNS is configured to access port 53 which will prevent OpenDNS filtering If OpenDNS does not appear to be working correctly enabling this will attempt to bypass those ports when using an...

Page 65: ...eservations This option lets you reserve IP addresses you can assign the same IP address to the network device with the specified MAC address any time it requests an IP address This is almost the same as when a device has a static IP address except that the device must still request an IP address from the router The router will provide the device the same IP address every time DHCP Reservations ar...

Page 66: ...nter scanner laptop etc to an IP address of a device on the network 6 3 1 DNS Settings You have the option to choose specific DNS servers for your network instead of using the DNS servers assigned by your Internet provider The default DNS servers are usually adequate You may want to assign DNS servers if the default DNS servers are performing poorly if you want WiFi clients to access DNS servers t...

Page 67: ... use a Dynamic DNS service provider you can enter your host name to connect to your server no matter what your IP address is Enable Dynamic DNS Enable this option only if you have purchased your own domain name and registered with a Dynamic DNS service provider Server Type Select a Dynamic DNS service provider from the pull down list www DynDNS org www DNSomatic com www ChangeIP com www NO IP com ...

Page 68: ...outer the network s external IP address will have to be manually configured in this field You may find out what your external IP address is by going to http myip dnsomatic com in a web browser 6 3 4 Known Hosts Configuration The Known Hosts Configuration feature allows you to map a name printer scanner laptop etc to an IP address of a device on the network This assigns a new hostname that can be u...

Page 69: ... 6 4 1 Port Forwarding Rules A port forwarding rule allows traffic from the Internet to reach a computer on the inside of your network For example a port forwarding rule might be used to run a Web server Exercise caution when adding new rules as they impact the security of your network Click Add to create a new port forwarding rule or select an existing rule and click Edit Add Edit Port Forwarding...

Page 70: ...ield to open a port for a Web server on a computer within your network The Internet Port s field could then also be 80 or you could choose another port number that will be used across the Internet to access your Web server If you choose a number other than 80 for the Internet Port connections to that number will be mapped to 80 and therefore the Web server within your network Protocol Select from ...

Page 71: ...rule that could expose your LAN to cyber attacks With an incoming IP filter rule you can restrict the access to your LAN to only known devices Name Name your rule Enabled Selected by default Direction Any Incoming or Outgoing Action Allow or Deny Protocol Any ICMP TCP UDP GRE ESP or SCTP IP Source IP Destination Network IP Optional field to specify a matching network IP address for this rule to ma...

Page 72: ... to come from particular IP addresses but then not allow packets to return to those addresses Example of an IP Filter Rule Suppose you have opened a port in your firewall in order to run a server Someone Johnny is abusing that opening so you would like to restrict his access Create a rule that will deny Johnny s IP address Add IP Filter Rule Name No more Johnny Enabled Selected Direction Incoming ...

Page 73: ...ork Only use DMZ as a last resort 6 4 4 Firewall Options Advanced Anti Spoof Anti Spoof checks help protect against malicious users faking the source address in packets they transmit in order to either hide themselves or to impersonate someone else Once the user has spoofed their address they can launch a network attack without revealing the true source of the attack or attempt to gain access to n...

Page 74: ...llow MAC Filter options Whitelist Select either Whitelist or Blacklist from a dropdown menu In Whitelist mode the router will restrict WiFi access to all computers except those contained in the MAC Filter List panel In Blacklist mode listed devices are completely blocked from WiFi access MAC Filter List Whitelist or Blacklist Add devices to either your whitelist or blacklist simply by inputting ea...

Page 75: ...n Click Add to create a new static route IP Network Address The IP address of the target network or host Type Select from a dropdown list to specify the type of the target Network Host Netmask The Netmask along with the IP address defines the network the computer belongs to and which other IP addresses the computer can see in the same LAN An IP address of 192 168 0 1 along with a Netmask of 255 25...

Page 76: ...ey will have to reconnect to the network Firmware 3 3 0 introduced significant changes to the WiFi Local Networks page creating much more flexibility and control for the user The MBR1400 now includes these options VLAN virtual LAN As many as four WiFi networks SSIDs NAT less routing The user can now set up multiple networks each with its own unique configuration and its own selection of interfaces...

Page 77: ...onfigure a new network or select an existing network and click Edit to view configuration options HotSpot Captive Portal When you set a network as a Hotspot under Routing Mode you will also need to make sure to 1 Configure hotspot settings under System Settings Hotspot Services Click on Configure to link to that page 2 If you want a hotspot that includes WiFi set one of your WiFi interfaces to Ope...

Page 78: ... new hostname IP Address This is the address used by the router for local area network communication Changes to this parameter may require a restart to computers on this network Each network must have a distinct IP address Most users will want an address from one of the following private IP ranges 10 0 0 1 10 255 255 1 172 16 0 1 172 31 255 1 192 168 0 1 192 168 255 1 NOTE The final number does no...

Page 79: ... authentication before WAN access will occur on both wireless and wired LAN connections To enable a Hotspot you must also configure your Hotspot settings under System Settings Hotspot Services Disabled Disable this network Interfaces Select network interfaces to attach to this network Choose from WiFi Ethernet ports and VLAN interfaces Double click on any of the interfaces shown on the left in the...

Page 80: ...this network to match the intended use Simply select or deselect any of the following LAN Isolation When checked this network will NOT be allowed to communicate with other local networks UPnP Gateway Select the UPnP Universal Plug and Play option if you want to enable the UPnP Gateway service for computers on this network Admin Access When enabled users may access these administration pages on thi...

Page 81: ... and Range End These designate the range of values in the reserved pool of IP addresses for the DHCP server Values within this range will be given to any DHCP enabled computers on your network The default values are almost always sufficient default 72 to 200 as in 192 168 0 72 to 192 168 0 200 Example The MBR1400 uses an IP address of 192 168 0 1 for its primary network by default A computer desig...

Page 82: ...of the more common uses is to assign a VoIP phone server using option 66 Server name Option Select an option from the dropdown list or manually enter the number of an option A complete list of options is available from IANA Value Generally this field should be a string IP address or numeric value Some fields can accept both IP addresses and hostnames in these cases you may need to wrap this value ...

Page 83: ...e use this to limit a Hotspot network to business hours Schedule Service Default Disabled Select to enable This will open a configurable chart for setting the schedule Each hour of the week is represented by a black or gray square Black represents disabled while gray represents enabled Hover over a square to reveal the hour it represents Click on the squares to toggle between black and gray In the...

Page 84: ...al Network Editor see above Select from the following tabs Wireless WiFi Network Settings Ethernet Port Configuration VLAN Interfaces Wireless WiFi Network Settings The MBR1400 can broadcast as many as four SSIDs service set identifiers the names for WiFi networks One primary WiFi network is enabled by default while you may have enabled a second guest network when using the First Time Setup Wizard...

Page 85: ...s somewhat harder for hackers to find and attack a router that is not broadcasting its SSID which adds to the wireless security but it is also more difficult for friendly users to attach to a WiFi network with a hidden SSID Isolate Select this to isolate all wireless clients so they cannot directly communicate with each other on the wireless network WMM WiFi Multimedia This is a basic traffic shap...

Page 86: ...al security modes require passwords Enterprise security modes are linked to a RADIUS server and require RADIUS authentication IP Port and Shared Key Secondary IP and NAS ID optional WPA2 Personal or Enterprise forces AES as the WPA Cipher WPA WPA2 and WPA Personal or Enterprise allow AES TKIP AES and TKIP WEP Auto requires a WEP Key Open has no password or other security measures NOTE If you don t...

Page 87: ...HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 85 NOTE If you select one of the security modes and are unable to connect to the router afterwards you can use the reset buttons to reset the router to its factory default state and try a different security mode instead ...

Page 88: ...dditional controls for WAN ports are available in Internet Ethernet Settings Mode WAN or LAN Default setting is WAN Wide Area Network for the blue port and LAN Local Area Network for the four orange ports Internet WAN is used to connect to another network such as a hotel or office wired network The WAN connection is used as a possible source of Internet for the MBR1400 Local Network LAN is for con...

Page 89: ...ical interface is attached to a Local IP Network in the top panel of this page Port Group ID The Group ID field provides a reference to this grouping of ports to be used in other parts of the router configuration For example this ID is referenced in the Local IP Networks configuration to attach this logical group of Ethernet ports with a network configuration Use a simple short text phrase to desc...

Page 90: ...and a group of Ethernet ports through which users can access the VLAN Then go back up to the Local Network Editor to attach your new VLAN to a network To use a VLAN the VID must be shared with another router or similar device so that multiple physical networks have access to the one virtual network Click Add to create a new VLAN interface VLAN Editor VID An integer value that is the Virtual LAN ID...

Page 91: ...el Random Selection The router randomly sets the channel Smart Selection Default Scans to determine the lowest interference WiFi channel Channel Selection Schedule When using the Smart channel selection this controls whether the router will periodically rescan for a better channel and change to it Select from Once Daily Weekly or Monthly Note that there may be a momentary WiFi disconnection while ...

Page 92: ...onflict with each other which may result in lower throughput Select a channel from the dropdown list 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 2437 MHz 7 2442 MHz 8 2447 MHz 9 2452 MHz 10 2457 MHz 11 2462 MHz For 5 0 GHz the ranges are 36 to 64 and 149 to 165 These channels do not interfere with a WiMAX modem If you choose to use 5 0 GHz you should consider switching antennas The de...

Page 93: ...e in bytes is greater than the Fragmentation Threshold This setting should remain at its default value Setting the Fragmentation value too low may result in poor performance DTIM A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages When the wireless router has buffered broadcast or multicast messages for associated clients it sends the next D...

Page 94: ...ultiple Modulation Coding Schemes to enable higher throughput in various environments Since clients can dynamically change rates depending on environment selecting Auto is generally best Short GI Short GI is an optimization for shortening the interval between transmissions May be incompatible with older clients Greenfield Mode Greenfield mode uses an 802 11n only preamble to transmit packets that ...

Page 95: ... and define your own Traffic Shaping rules Upload Speed and Download Speed Setting the Upload Speed and Download Speed is required to control traffic flow accurately Adjust the sliding bar to restrict the maximum upload and or download speed for the Internet source s you are using For example you might restrict the upload speed to prioritize available bandwidth for download or to reduce overall ba...

Page 96: ... IP addresses EXAMPLE You can restrict the bandwidth of your guest network in order to reserve crucial bandwidth for your primary network Create a rule associated with the IP address range and appropriate netmask for the quest network Then set upload download bandwidth limits as a percentage of your available bandwidth Traffic Shaping supports overlap between rules where more than one rule can mat...

Page 97: ...rotocol for the rule Rule Enabled Default Enabled Deselect this to disable this rule This can be useful for quickly changing configurations If both upload QoS and download QoS are disabled then the rule will disable automatically Rule Name Create a name and or description for the rule that is meaningful to you Protocol The protocol used by the messages TCP UDP or ICMP Select Any if your rule does ...

Page 98: ...dth This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic The maximum value is adjusted to the remaining percentage after other rules receive their share For example if one rule reserves 10 of bandwidth for VoIP the next rule will be limited to a maximum of 90 Upload Priority The priority value has two different effects on traffic Higher prior...

Page 99: ...h This is the percentage of the connected WAN upload bandwidth that will be reserved for the specified traffic The maximum value is adjusted to the remaining percentage after other rules receive their share For example if one rule reserves 10 of the bandwidth for VoIP the next rule will be limited to a maximum of 90 Download Priority The priority value has two different effects on traffic Higher p...

Page 100: ... Source IP Address Source Netmask Destination IP Address and Destination Netmask Specify an IP address or range of IP addresses by combining an IP address with a netmask for either source or destination or both Source vs destination is defined by traffic flow Leave these blank to include all IP addresses such as if your rule is defined by a particular port instead EXAMPLE If you want to associate ...

Page 101: ...PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 99 7 INTERNET The Internet tab provides access to 5 submenu items for managing a variety of Internet connection options Connection Manager Data Usage GRE Tunnels VPN Tunnels WiFi as WAN Bridge ...

Page 102: ... available interface you can set the interface the router uses by default and the order that it allows failover In the example shown Ethernet is set as the primary Internet source while a USB modem is attached for failover The Ethernet is Unplugged while the modem is Connected Load Balance If this is enabled the router will use multiple WAN interfaces to increase the data transfer throughput by us...

Page 103: ...icking on a device reveals the following information State Connected Available etc Port UID Unique identifier This could be a name or number letter combination IP Address Gateway Netmask Stats bytes in bytes out Uptime in seconds Click Edit to view configuration options for the selected device For USB or ExpressCard modems click Control to view options to activate or update the device ...

Page 104: ...to be available for the Load Balance pool LB default bandwidth Defines the default bandwidth for use in Load Balance algorithms Range 100 Kilobits second to 49 Megabits second QOS default bandwidth Defines the default bandwidth for use in QoS quality of service or traffic shaping algorithms MTU Maximum transmission unit This is the size of the largest protocol data unit that the device can pass Ra...

Page 105: ...econds If no data is received the router behaves as described below under Active DNS Active DNS modem only A DNS request will be sent to the DNS servers If no data is received the DNS request will be retried 4 times at 5 second intervals The first 2 requests will be directed at the Primary DNS server and the second 2 requests will be directed at the Secondary DNS server If still no data is receive...

Page 106: ... KB s Time Period 90 seconds Low Rate 10 KB s Time Period 240 seconds Custom Rate range 1 100 KB s Time Period range 10 300 seconds Time Fail back only after a set period of time Default 90 seconds Range 10 300 seconds This is a good setting if you have a primary wired WAN connection and only use a modem for failover when your wired connection goes down This ensures that the higher priority interf...

Page 107: ... PC s MAC Address Connect Method Select the connection type that you need for this WAN connection You may need to check with your ISP or system administrator for this information DHCP Dynamic Host Configuration Protocol is the most common configuration Your router s Ethernet ports are automatically configured for DHCP connection DHCP automatically assigns dynamic IP addresses to devices in your ne...

Page 108: ...ADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 106 Static Manual IP Address Subnet Mask Gateway IP Primary DNS Server Secondary DNS Server PPPoE Username Password Password Confirm Service Auth Type None PAP CHAP ...

Page 109: ...ion If the Internet has been unreachable for a period of time a reset of the modem will occur in attempt to re establish the connection LTE Connection Mode Specify how the LTE Multi Mode modem should connect to the network Auto Let the modem decide which network to use Auto EVDO 1xRTT Connect to CDMA letting the modem decide which 3G network to use Do not attempt to connect to LTE Force LTE Connec...

Page 110: ... AT CGDCONT 2 IP isp cingular ATCT 99 2 PPP Authentication Protocol Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one Auto PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol PPP Password Password for PPP authentication PPP Username Username for PPP authentication ...

Page 111: ...ollowing fields can be left blank If left blank they will remain unchanged in the modem NAI Username realm Network Access Identifier NAI is a standard system of identifying users who attempt to connect to a network AAA Shared Secret Password Authentication Authorization and Accounting password Verify AAA Shared Secret HA Shared Secret Home Agent shared secret Primary HA Secondary HA AAA SPI AAA Se...

Page 112: ...Settings SIM PIN PIN number for a GSM modem with a locked SIM Access Point Name APN Some wireless carriers provide multiple Access Point Names that a modem can connect to Some APN examples are isp cingular and vpn com Default Let the router choose an APN automatically Manual Enter an APN by hand Select Select from a dropdown menu of the profiles already on the SIM ...

Page 113: ...arner Cable mobile rr com Comcast mob comcast net TTLS Authentication Mode TTLS inner authentication protocol Select from the following dropdown options MSCHAPv2 MD5 Microsoft Challenge Handshake Authentication Protocol version2 Message Digest Algorithm 5 PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol TTLS Username Username for TTLS authentication TTLS Passwo...

Page 114: ... or FUMO The modem supports Update Activate methods A message will display showing options for each supported method Modem Activation Update Activate Reactivate or Upgrade Configuration Preferred Roaming List PRL Update Firmware Update Management Object FUMO Click the appropriate icon to start the process If the modem is connected when you start an operation the router will automatically disconnec...

Page 115: ...al or very specific For example you could create a rule that applies to all WiMAX modems or a rule that only applies to an Internet source with a particular MAC address The Configuration Rules list shows all rules that you have created as well as all of the default rules These are listed in the order they will be applied The most general rules are listed at the top and the most specific rules are ...

Page 116: ...ia if you are creating a new rule Create a name for your rule and the condition for which the rule applies Rule Name Create a name meaningful to you This name is optional Select each of the following to create a condition for your rule When Port USB Port 1 2 3 ExpressPort 1 2 Select by the port that you are plugging the modem into Manufacturer Select by the manufacturer such as Sierra Wireless Mod...

Page 117: ...he following form When is is not value For example Type is not WiMAX Port is USB Port 1 Once you have established the condition for your configuration rule choose from the other tabs to set the desired configuration Use the arrow buttons along the top to reveal more tab options All of the tab options General Settings Ethernet Settings Modem Settings WiMAX Settings CDMA Settings and SIM APN Setting...

Page 118: ...t down use of a modem and or send a message when you reach a data usage amount you set Enable Data Usage Enabled Disabled Default Disabled When you select Enabled you will see the Data Usage Agreement shown to the right The purpose of this agreement is to ensure that you understand that the data numbers for the MBR1400 may not perfectly match those of your carrier CradlePoint cannot be held respon...

Page 119: ...e Name Enabled True False Date for Rule Reset Cycle Type Daily Weekly or Monthly Cap Amount in MB Current Usage Shown as an amount in MB as a percentage of the cap and in a bar graph Click Add to configure a new Data Usage Rule Data Usage Rule page 1 Rule Name Give your rule a name for later recognition WAN Selection Select from the dropdown list of currently attached WAN devices Assigned Usage in...

Page 120: ...l reset Shutdown WAN on Cap If selected the WAN device will shut down when the assigned usage is reached A cycle reset or a rule deletion will re enable the device Send Alert on Cap An email alert will be generated and sent when the assigned usage is reached WARNING The SMTP mail server must be configured in System Settings Device Alerts Extra Email Alert When checked you enable a second email to ...

Page 121: ...ems that causes your router to send an alert after 1000 MB of usage in a month When you attach a new 4G USB modem your template will immediately create a new Data Usage Rule for the attached modem that sends the alert as specified Click Add to configure a new Template rule Create a Template Name that you can recognize The template will apply to one of the following WAN types All WAN All Ethernet A...

Page 122: ...ched WAN source that has an assigned Data Usage Rule The graph shows the usage trend for one day Click Add Usage to manually input additional usage for an attached data source You might do this if you used your modem while not attached to your router and you want to keep an accurate count of your data usage Enter the date of usage by using the pop up calendar Then enter the total data in MB both i...

Page 123: ...e In order to set up a tunnel you must know the following Local Network and Remote Network addresses for the Glue Network the network that is created by the administrator that serves as the glue between the networks of the tunnel Each address must be a different IP address from the same private network and these addresses together form the endpoints of the tunnel Remote Gateway the public facing W...

Page 124: ... match either network 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 Remote Network This is the remote side of the Glue Network Again the user must create an IP address that is distinct from the IP addresses of the networks that are being glued together The Remote Network and Local Network values will be flipped when inputted for the other side of the tunnel configur...

Page 125: ... traffic from the local host or hosts will be allowed through the tunnel Click Add Route to configure a new route You will need to input the following information defined by the remote network Network Address Netmask Default 255 255 255 0 You can set the tunnel to connect to a range of IP addresses or to a single IP address For example you could input 192 168 0 0 and 255 255 255 0 to connect your ...

Page 126: ...s WAN Binding Type You have several options for specifying the type of WAN interface s you want associated with GRE Tunnels Designate the interface s by Port Manufacturer Model Type Serial Number MAC Address or Unique ID This selection will create a dropdown list of options to complete a sentence with the following form When ____ is ____ such as When Port is Blue Ethernet You also have the option ...

Page 127: ...elect from a dropdown list of attached devices Model Select from a dropdown list of attached devices Type Select from the dropdown list of possible WAN types o WiMAX o Modem o LTE o Ethernet o Wireless As WAN Serial Number Select from a dropdown list of attached devices MAC Address Select from a dropdown list of attached devices Unique ID Select from a dropdown list of attached devices ...

Page 128: ...tion protocols The MBR1400 uses IPsec Internet Protocol security to authenticate and encrypt packets exchanged across the tunnel To set up a VPN tunnel with the MBR1400 on one end there must be another device usually a router that also supports IPsec on the other end IKE Internet Key Exchange is the security protocol in IPsec IKE has two phases Phase 1 and Phase 2 The MBR1400 has several different...

Page 129: ...an address can be used if a DynDNS connection is not being used Remote Identity Specifies the identifier we expect to receive from the remote host during phase 1 negotiation If no identifier is defined then no verification of the remote peer s identification will be done Currently we only support identifiers in the form of an IP address a user fully qualified domain name user mydomain com or just ...

Page 130: ...ote Networks Local Network The Network Address and the Netmask define what local devices have access to or can be accessed from the VPN tunnel The MBR1400 will automatically fill in the values for your network but you can change the values to limit the tunnel to only some of the devices in your network NOTE The local network IP address must be different from the remote network IP address Remote Ne...

Page 131: ...y the most secure options that your devices support Exchange Mode The IKE protocol has 2 modes of negotiating phase 1 Main also called Identity Protection and Aggressive In Main mode IKE separates the key information from the identities allowing for the identities of peers to be secure at the expense of extra packet exchanges In Aggressive mode IKE tries to combine as much information into fewer p...

Page 132: ...y determined by the strength of the DH Group Group 5 for instance has greater strength than Group 2 o DH group 1 768 bit key o DH group 2 1024 bit key o DH group 5 1536 bit key In Phase 1 only one DH group can be selected while using Aggressive exchange mode By default all the algorithms encryption hash and DH groups supported by the MBR1400 are checked which means they are allowed for any given e...

Page 133: ...nerated in Phase 1 Additionally the new keys generated in Phase 2 with this option enabled are exchanged in an encrypted session Enabling this feature affords the policy greater security Key Lifetime The lifetime of the generated keys of Phase 2 of the IPsec negotiation from IKE After the time has expired IKE will renegotiate a new set of Phase 2 keys Phase 2 has the same selection of Encryption H...

Page 134: ...policy is in use Connection Idle Time allows you to configure how long the router will allow an IPsec session to be idle before beginning to send Dead Peer Detection DPD packets to the peer machine Request Frequency allows you to adjust the delay between these DPD packets to send as quickly as every 2 seconds up to 30 seconds apart Additionally you can specify how many Maximum Requests to send at ...

Page 135: ... especially helpful for matching this information with the router or similar device at the other end of the tunnel Tunnel Name Mode Initiation Mode Pre shared Key Local Network Remote Gateway Remote Network IKE Phase 1 o Exchange Mode o Key Lifetime Secs o Encryption o Hash o DH Groups IKE Phase 2 o PFS o Key Lifetime Secs o Encryption o Hash o DH Groups DPD Click Yes at the bottom of the Tunnel S...

Page 136: ...ticular WAN deselect the box and selecting the appropriate WAN WAN Binding Type This is only available when Use Primary WAN is deselected You have several options for specifying the type of WAN interface s you want associated with VPN Tunnels Designate the interface s by Port Manufacturer Model Type Serial Number MAC Address or Unique ID This selection will create a dropdown list of options to com...

Page 137: ...ed devices MAC Address Select from a dropdown list of attached devices Unique ID Select from a dropdown list of attached devices IKE ISAKMP Port Internet Key Exchange Internet Security Association and Key Management Protocol port Default 500 This is a standard VPN port that usually does not need to be changed IKE ISAKMP NAT T Port Internet Key Exchange Internet Security Association and Key Managem...

Page 138: ...uires the following specifications 1 Each side of the tunnel must use both a Local Identity and a Remote Identity These must match the identities on the other side The Local Identity must match the Remote Identity on the other side of the tunnel and vice versa In this case these identities can each be a simple word 2 The Tunnel Name for the side of the tunnel that is not behind the NAT firewall mu...

Page 139: ...d WiFi Bridge features cannot both be used at the same time When either WiFi as WAN or WiFi Bridge is enabled the MBR1400 will find other WiFi networks that you can select and connect to Unless a selected WiFi source is on an unprotected network you will need to know its password or key All CradlePoint routers and some other routers use the same default IP address for the primary network 192 168 0...

Page 140: ...ress of this router and the attached WiFi access point cannot be the same address To set up WiFi Bridge follow these steps 1 In Internet WiFi as WAN Bridge under WiFi Client Mode click on WiFi Bridge to enable this mode 2 Your bridge network must be enabled under Saved Profiles Either import the desired network from Site Survey or click Add to configure it 3 Once WiFi Bridge is enabled and a bridg...

Page 141: ...ice Set Identifier This parameter is required when trying to connect to a hidden network using WiFi as WAN It is optional when connecting to a visible network If it is set in a profile both the SSID and BSSID must match to connect to an access point If the BSSID is not set in a profile then the router will connect to any access point that matches the given SSID Auth Mode The type of encryption tha...

Page 142: ...connect to networks in a different band first switch the WiFi settings to that band Network Settings WiFi Local Networks in Advanced Mode You have the option to manually add network profiles but it is usually much easier to import them from Site Survey Either click on Add under Saved Profiles or select a WiFi network in Site Survey and click Import If you import a network from Site Survey most of ...

Page 143: ...41 7 5 4 Wireless Scan Settings Scan Interval How often WiFi as WAN scans the environment for updates Default 60 seconds Range 5 3600 seconds Scan While Connected Continue to scan for WiFi as WAN profile updates when connected Each time a scan occurs the wireless communication of the router will be temporarily interrupted Normally this should be disabled ...

Page 144: ...ur Ethernet connection goes down and you have a USB modem for failover for your primary LAN your guest LAN will not take bandwidth from your primary LAN saving you money Click Add to open the WAN Affinity Policy Editor and create a new WAN Affinity rule Name Give a name for your rule that is meaningful to you Protocol Select from the dropdown list to specify the protocol for a particular data use ...

Page 145: ...including 80 and 90 themselves Failover Default Selected When this is selected and traffic from the chosen WAN device for this rule is interrupted the router will fail over to another available WAN device Deselect this option to restrict this traffic to only the selected WAN interface WAN Binding Type You have several options for specifying the type of WAN interface s you want associated with your...

Page 146: ...PAGE 144 Model Select from a dropdown list of attached devices Type Select from the dropdown list of possible WAN types o WiMAX o Modem o LTE o Ethernet o Wireless As WAN Serial Number Select from a dropdown list of attached devices MAC Address Select from a dropdown list of attached devices Unique ID Select from a dropdown list of attached devices ...

Page 147: ...E CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 145 8 SYSTEMSETTINGS The System Settings tab has 6 submenu items that provide access to tools for broad administrative control of the MBR1400 Administration Device Alerts Hotspot Services Managed Services Serial Redirector System Control System Software ...

Page 148: ...s configured to use the advanced security mode several aspects of the router s configuration and networking functionality will be extended to support high security environments This includes support for multiple user accounts increased password security and additional network spoofing filters If you plan to use your router in a PCI DSS compliant environment this option is mandatory Admin Password ...

Page 149: ...ternet connection is re established and once a week thereafter the router will ask the server for the current time so it can correct itself You then have the option of selecting an NTP server and adjusting the NTP server port Select the NTP server from the dropdown list Any of the given NTP servers will be sufficient unless for example you need to synchronize your router s time with other devices ...

Page 150: ...st get the usual browser timeout In the normal case when the router is connected to the Internet you don t see them at all Local Domain The local domain is used as the suffix for DNS entries of local hosts This is tied to the hostnames of DHCP clients as DHCP_HOSTNAME LOCAL_DOMAIN System Identifier This is a customizable identity that will be used in router reporting and alerting The default value...

Page 151: ... access the administration website For security remote access is usually done via a non standard http port Additionally encrypted connections can be required for an added level of security Require HTTPS Connection Requiring a secure https connection is recommended HTTP Port Default 8080 This option is disabled if you select Require Secure Connection Secure HTTPS Port Default 8443 Enable SSH Server...

Page 152: ...your carrier and ensure that GPS is supported Enable GPS support Enables support for querying GPS information from supported modems Enable GPS server on WAN Enables a TCP server on the WAN side of the firewall which will periodically send GPS NMEA sentences to connected clients Enable GPS server on LAN Enables a TCP server on the LAN side of the firewall which will periodically send GPS NMEA sente...

Page 153: ...me Example Data Description Sentence Identifier GPGGA Global Positioning System Fix Data Time 170834 17 08 34 Z Latitude 4124 8963 N 41d 24 8963 N or 41d 24 54 N Longitude 08151 6838 W 81d 51 6838 W or 81d 51 41 W Fix Quality 0 Invalid 1 GPS fix 2 DGPS fix 1 Data is from a GPS fix Number of Satellites 05 5 Satellites are in view Horizontal Dilution of Precision HDOP 1 5 Relative accuracy of horizo...

Page 154: ... x x M x x xxxx hhmmss ss UTC of position llll ll latitude of position a N or S yyyyy yy Longitude of position a E or W x GPS Quality indicator 0 no fix 1 GPS fix 2 Dif GPS fix xx number of satellites in use x x horizontal dilution of precision x x Antenna altitude above mean sea level M units of antenna altitude meters x x Geoidal separation M units of geoidal separation meters x x Age of Differe...

Page 155: ...mean sea level geoid 10 Meters Antenna height unit 11 Geoidal separation Diff between WGS 84 earth ellipsoid and mean sea level geoid is below WGS 84 ellipsoid 12 Meters Units of geoidal separation 13 Age in seconds since last update from diff reference station 14 Diff reference station ID 15 Checksum 8 1 7 System Logging Enable Logging to a Syslog Server Enabling this option will send log message...

Page 156: ...e Byte Order Mark BOM to the Syslog message in compliance with the Syslog protocol RFC5424 Some Syslog servers may not fully support RFC5424 and will treat the BOM as ASCII text which will appear as garbled characters in the log If this occurs disable this option Log to attached USB stick Only enable this option if instructed by a CradlePoint support agent This will write a very verbose log file t...

Page 157: ... possible statuses are plugged unplugged connected and disconnected Configuration Change A change to the router configuration Login Failure A failed login attempt has been detected Full System Log The system log has filled This alert contains the contents of the system log Recurring System Log The system log is sent periodically This alert contains all of the system events since the last recurring...

Page 158: ... Gmail password From Address Your email address To Address Your email address Once you have filled in the information for the SMTP server click on the Verify SMTP Settings button You should receive a test email at your account Advanced Delivery Options Email Subject Prefix This optional string is prefixed to the alert subject It can be customized to help you identify alerts from specific routers R...

Page 159: ... tab Select a network in Network Settings WiFi Local Networks and click Edit to open the Local Network Editor The IP Settings tab will already be open the Routing Mode dropdown menu is at the bottom Allow Service on 3G 4G Modems Allows you to enable or disable hotspot access to the Internet over a modem This is often used if the router has a main wired link and a secondary modem for failover typic...

Page 160: ...CRADLEPOINT MBR1400 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 158 ...

Page 161: ...go to a specified URL once before continuing on To the URL the user intended to visit To an administrator defined URL Redirect URL If you have chosen to send users to an administrator defined URL you will need to specify the address Session Timeout Default 60 minutes The amount of time the user may use the router before being forced to authenticate again Idle Timeout Default 15 minutes If the user...

Page 162: ...n Choose from the dropdown list of options for redirection o Redirect to the UAM Server o Redirect to the URL that the user intends to visit o Redirect to the following URL input the desired URL Session Timeout Default 60 minutes The amount of time the user may use the router before being forced to authenticate again This value can be overwritten by the RADIUS server Idle Timeout Default 15 minute...

Page 163: ...owed Hosts Prior to Authentication Adding host names to this list will allow access from your network to any external domain or website prior to being authenticated For example a hotel might allow access to its own website prior to authentication Click Add to enter new hostnames you wish to allow Enter the Host or Domain Name of the website you wish to allow i e www company com or company com To a...

Page 164: ...client will not start unless the WAN is Ethernet Registration URL Register your router using the code provided by CradlePoint when you purchase WiPipe Central 8 4 1 SNMP Configuration SNMP or Simple Network Management Protocol is an Internet standard protocol for remote management You might use this instead of WiPipe Central if you want to remotely manage a set of routers that include both CradleP...

Page 165: ... use settings and data formatting compatible with SNMP version 2c SNMPv3 SNMP version 3 includes all prior features with security available SNMPv3 is the most secure setting for SNMP If you wish to configure traps then you must use SNMP version 3 Get community string The Get community string is used to read SNMP information from the router This string is like a password that is transmitted in regu...

Page 166: ...assword and verify password fields This password must be at least 8 characters long Enable SNMP traps Enabling traps will allow you to configure a destination server community and port for trap notifications Trap notifications are returned to the server with SNMPv1 Trap community string The trap notifications will be returned to the trap server using this SNMPv1 trap community name Address for tra...

Page 167: ...lar device Through a telnet session over the RS232 interface you can monitor health pass data or configure the attached device Enabled Select to reveal serial configuration options LAN Enable serial redirector for LAN connections Authenticated LAN Enable serial redirector for Authenticated LAN connections you must be logged into the router to use the redirector WAN Enable serial redirector for WAN...

Page 168: ...ptions None No parity checking Default Even parity bit will always be even Odd parity bit will always be odd Mark parity bit will always be odd and always 1 Space parity bit will always be even and always 0 Stop Bits Number of bits to initiate the stop period Select from these dropdown values 1 1 5 and 2 Hardware RTS CTS Use RTS Request To Send CTS Clear To Send to enable flow control Software XON...

Page 169: ...es all settings back to their default values Reboot The Device This causes the router to restart Scheduled Reboot This causes the router to restart at a user determined time Watchdog Reboot This causes the router to automatically restart when it determines an unrecoverable error condition has occurred Ping Test A simple test to check Internet connectivity Type the Hostname or IP address of the com...

Page 170: ...is a new firmware version available this will list the version number Click Check Again to have the router check the newest firmware Factory Reset Set default settings to match the new firmware This is safest as settings may have changed You should back up your current settings and restore them after the new firmware is loaded Automatically check for new firmware Check for an available firmware up...

Page 171: ...ddresses so that conversions can be made in both directions ADSL Asymmetric Digital Subscriber Line Advanced Encryption Standard AES Government encryption standard Alphanumeric Characters A Z and 0 9 Antenna Used to transmit and receive RF signals AppleTalk A set of Local Area Network protocols developed by Apple for their computer systems AppleTalk Address Resolution Protocol AARP Used to map the...

Page 172: ...c Input Output System BIOS A program that the processor of a computer uses to startup the system once it is turned on Baud Data transmission speed Beacon A data frame by which one of the stations in a WiFi network periodically broadcasts network control data to other wireless stations Bit rate The amount of bits that pass in given amount of time Bit sec Bits per second BOOTP Bootstrap Protocol All...

Page 173: ...ed into binary so that it can be processed or moved to another device Data Encryption Standard Uses a randomly selected 56 bit key that must be known by both the sender and the receiver when information is exchanged Data Link layer The second layer of the OSI model Controls the movement of data on the physical link of a network Database Organizes information so that it can be managed updated as we...

Page 174: ...ter s security mechanisms for the convenience of being directly addressable from the Internet DNS Domain Name System Translates Domain Names to IP addresses Domain name A name that is associated with an IP address Download To send a request from one computer to another and have the file transmitted back to the requesting computer DSL Digital Subscriber Line High bandwidth Internet connection over ...

Page 175: ...ghts Firewall A device that protects resources of the Local Area Network from unauthorized users outside of the local network Firmware Programming that is inserted into a hardware device that tells it how to function Fragmentation Breaking up data into smaller pieces to make it easier to store FTP File Transfer Protocol Easiest way to transfer files between computers on the Internet Full duplex Se...

Page 176: ...device that connects multiple devices together ICMP Internet Control Message Protocol IEEE Institute of Electrical and Electronics Engineers IGMP Internet Group Management Protocol is used to make sure that computers can report their multicast group membership to adjacent routers IIS Internet Information Server is a WEB server and FTP server provided by Microsoft IKE Internet Key Exchange is used ...

Page 177: ...out Internet Protocol Version 4 that identifies each computer that transmits data on the Internet or on an intranet IPsec Internet Protocol Security IPX Internetwork Packet Exchange is a networking protocol developed by Novell to enable their Netware clients and servers to communicate ISP Internet Service Provider Java A programming language used to create programs and applets for web pages Kbps K...

Page 178: ...ital signals from a computer to an analog signal in order to transmit the signal over phone lines It also demodulates the analog signals coming from the phone lines to digital signals for your computer MPPE Microsoft Point to Point Encryption is used to secure data transmissions over PPTP connections MTU Maximum Transmission Unit is the largest packet that can be transmitted on a packet based netw...

Page 179: ... used more than RIP in larger scale networks because only changes to the routing table are sent to all the other routers in the network as opposed to sending the entire routing table at a regular interval which is how RIP functions Password A sequence of characters that is used to authenticate requests to resources on a network Personal Area Network The interconnection of networking devices within...

Page 180: ...vice allows for remote users to dial into a central server and be authenticated in order to access resources on a network Reboot To restart a computer and reload its operating software or firmware from nonvolatile storage Rendezvous Apple s version of UPnP which allows for devices on a network to discover each other and be connected without the need to configure any settings Repeater Retransmits t...

Page 181: ...col SNMP Simple Network Management Protocol SOHO Small Office Home Office SPI Stateful Packet Inspection SSH Secure Shell is a command line interface that allows for secure connections to remote computers SSID Service Set Identifier is a name for a wireless network Stateful Packet Inspection A feature of a firewall that monitors outgoing and incoming traffic to make sure that only valid responses ...

Page 182: ...at allows network devices to discover each other and configure themselves to be a part of the network Update To install a more recent version of a software or firmware product Upgrade To install a more recent version of a software or firmware product Upload To send a request from one computer to another and have a file transmitted from the requesting computer to the other UPnP Universal Plug and P...

Page 183: ...tworks that is supposed to be comparable to that of a wired network WiFi Wireless Fidelity Used to describe any of the 802 11 wireless networking specifications WiFi Protected Access An updated version of security for wireless networks that provides authentication as well as encryption Wide Area Network The larger network that your LAN is connected to which may be the Internet itself or a regional...

Page 184: ...MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 182 Yagi antenna A directional antenna used to concentrate wireless signals on a specific location ...

Page 185: ...erference Requirement Canada This Class B digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe B est conforme à la norme NMB 003 du Canada 10 2Warranty Information CradlePoint Inc warrants this product against defects in materials and workmanship to the original purchases or the first purchaser in the case of resale by an authorized distributor for a period of one ...

Page 186: ...dem Status 5 WPS WiFi Protected Setup Signal Strength DIMENSIONS 9 x 5 1 x 1 57 230mm x 130mm x 40mm CERTIFICATIONS FCC IC CE WiFi Alliance OPERATING TEMPERATURE 0o C to 40o C DETAILS 2 412 to 2 484 GHz WiFi Frequency Band Operation Compliant with IEEE 802 3 and 3u Standards Supports OFDM and CCK Modulation Supports Cable DSL modems with Dynamic IP Static IP PPPoE PPTP or L2TP Connection Types Tra...

Page 187: ...400 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 185 Keying automatic using IKE 1 0 or manual Authentication Method Pre Shared Key ...

Page 188: ...00 USER MANUAL Firmware ver 3 5 0 2012 CRADLEPOINT INC PLEASE VISIT HTTP KNOWLEDGEBASE CRADLEPOINT COM FOR MORE HELP AND RESOURCES PAGE 186 http www cradlepoint com Copyright 2012 by CradlePoint Inc All rights reserved ...

Reviews:

No comments

Related manuals for MBR1400 Series

Idis DR-4100P Series Installation Manual preview
DR-4100P Series
Brand: Idis Pages: 30
H3C S10500 Series Mpls Configuration Manual preview
S10500 Series
Brand: H3C Pages: 400
Xyclop XC-4CH-NVR-1TB User Manual preview
XC-4CH-NVR-1TB
Brand: Xyclop Pages: 144
Silvertel Ag102 User Manual preview
Ag102
Brand: Silvertel Pages: 9
Allied Telesis CentreCOM AT-3716XL Quick Install Manual preview
CentreCOM AT-3716XL
Brand: Allied Telesis Pages: 2
B&B Electronics IASW5P Quick Start Manual preview
IASW5P
Brand: B&B Electronics Pages: 2
Telit Wireless Solutions WE866C3 User Manual preview
WE866C3
Brand: Telit Wireless Solutions Pages: 37
ENKHO 154699.01 Original Instructions Manual preview
154699.01
Brand: ENKHO Pages: 48
H3C WT2024-U-PWR Compliance And Safety Manual preview
WT2024-U-PWR
Brand: H3C Pages: 51
NETGEAR DG834GUV5 User Manual preview
DG834GUV5
Brand: NETGEAR Pages: 120
SMC Networks EZ Switch SMC-1026DT V.2 User Manual preview
EZ Switch SMC-1026DT V.2
Brand: SMC Networks Pages: 27
IOGear GEU302 Quick Start Manual preview
GEU302
Brand: IOGear Pages: 8
Billion BiPAC 7300GX Quick Start Manual preview
BiPAC 7300GX
Brand: Billion Pages: 8
Digi ConnectPort WAN GPS Quick Start Manual preview
ConnectPort WAN GPS
Brand: Digi Pages: 2
Digi Transport DR64-C Installation Manual preview
Transport DR64-C
Brand: Digi Pages: 16
Digi TransPort WR44 Installation Manual preview
TransPort WR44
Brand: Digi Pages: 20
Johnson Controls TL-BRTRP-0 Installation Instructions Manual preview
TL-BRTRP-0
Brand: Johnson Controls Pages: 10
Hitachi F1500 Hardware Manual preview
F1500
Brand: Hitachi Pages: 208

Brands by name

Popular brands

Load more brands