MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Preface CradlePoint reserves the right to revise this publication and to make changes in the content thereof without obligation to notify any person or organization of any revisions or changes. Manual Revisions Revision...
ENTERPRISE PERFORMANCE Targeted for retail locations, branch offices, or small and medium sized businesses Integrates seamlessly with CradlePoint‘s Business Grade modems Load balance multiple data sources (data modems, WiFi as WAN, and wired data services) Compatible with Cisco, Juniper, and other industry-leading network hardware providers ENHANCED WIFI ...
Page 6
In addition to connection options for traditional wired networking solutions like Cable, DSL, Satellite, or T1, the most powerful feature of the MBR1400 is its ability to use USB or ExpressCard Data Modems to create instant networks anywhere you receive a broadband signal.
Page 7
1.3.1 Captive Portal The Captive Portal solution provided by CradlePoint routers enables businesses to provide their customers with a public WiFi hotspot with access controls. The controls can be as simple as requiring acceptance of a Terms of Service agreement, while Advanced features allow administrators to control and monitor usage, require login, direct users to specific web pages, provide revenue through services fees or paid advertising, and more.
Page 10
WAN (Wide Area Network—your internet source) port. Any LAN port, however, can be reconfigured as a WAN port and vice versa. Modem Ports: The MBR1400 has three USB 2.0 ports and two ExpressCard ports. WiFi Antenna Connectors: Your router comes with three 2.4 GHz WiFi antennas (Reverse SMA). 5 GHz antennas are available as an accessory.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 3 QUICK START 3.1 Basic Setup Your router requires an internet source. Attach a CradlePoint Business Grade Modem, insert supported USB or ExpressCard modem/s, connect a Cable or DSL modem to the Blue Ethernet WAN port, or connect to an available WiFi source.
SSID (service set identifier; the unique name of the local network). The SSID can be found on the bottom of the router in the form MBR1400-xxx, where ―xxx‖ is the last 3 digits of the router‘s MAC address.
Page 14
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 3.2.2 Accessing the Administration Pages For most users, the MBR1400 Router can be used immediately without any special configuration changes. If you would like to change your network name or password or configure any of the...
Page 15
If you used the First Time Setup Wizard, you might have changed the ―WiFi Network Name‖ or the ―Security Mode‖ password. If so, you will need to reconnect to the MBR1400 network. Find the network. Look for your new personalized network name (or the default SSID of the form ―MBR1400-xxx‖).
If your USB Modem has not been updated recently, it is recommended that you do so if it is having trouble connecting to the MBR1400. Insert your USB data modem into your PC and access the internet using the software provided by your cellular carrier.
4 WEB INTERFACE -- ESSENTIALS The MBR1400 has a Web interface for configuration and administration of all features. The interface is organized with a button for toggling between Basic Mode and Advanced Mode and 5 tabs at the top of the screen: ...
Page 20
The Administrator Login page will appear. Log in using your administrator password. Initially, this password can be found on the bottom of the MBR1400 unit as the Default Password. This password is also the last eight digits of the unit‘s MAC address.
Page 21
If you have forgotten your personalized password, you can reset the MBR1400 to factory defaults. When you reset the router, the administrator password will revert back to the Default Password. Press and hold the reset button on the router unit until the lights flash (Approximately 10-15 seconds).
The First Time Setup Wizard will help you customize the name of your wireless network, change passwords to something you choose, and establish an optimal WiFi security mode. The MBR1400 comes out of the box with a unique password at WPA1/WPA2 WiFi security level.
Page 23
The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited. NONE (OPEN): Select this option if you do not want to activate any security features. CradlePoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.
Page 24
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Choose a personalized WPA PASSWORD or WEP KEY. This password will be used to connect devices to the router‘s WiFi broadcast once the security settings have been saved. WPA Password: The WPA Password must be between 8 and 64 characters long. A combination of upper and lower case letters along with numbers and special characters is recommended to prevent hackers from gaining access to your network.
Page 25
Realm for your carrier. This setting ensures that the modem, when attached to the router, will properly connect to your carrier‘s wireless broadband service. The MBR1400 will default to the Sprint Realm. Select your carrier from the dropdown menu (options shown below).
Page 26
Please record these settings for future access. You may need this information to configure other wireless devices. NOTE: If you are currently using the MBR1400 WiFi network, reconnect your devices to the network using the new wireless network name and security password.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 4.3 Quick Links The CradlePoint logo in the upper left-hand corner of all the administration pages is a link to the Dashboard (Status → Dashboard), which displays fundamental information about the router. The black bar across the top provides quick access to important information and controls.
CRADLEPOINT 4.4 Basic Mode vs. Advanced Mode For less complex uses, the MBR1400 can be controlled within Basic Mode. Clicking on the Basic Mode button switches the complete Web interface to Advanced Mode. Advanced Mode provides several additional features. The following chart shows the complete list of features found in Basic Mode and found exclusively in Advanced Mode:...
WAN (Wide Area Network) Examples: If you want to change the content filtering settings for the network created by the MBR1400, go to the Network Settings tab. If you have multiple internet sources (such as a USB modem and an Ethernet connection) for which you would like to set priority levels, go to the Internet tab.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5 STATUS The Status tab displays information—no adjustments can be made from within these pages. It provides access to 8 submenu options: Client List Dashboard GPS GRE Tunnels Internet Connections ...
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.1 Client List The Client List displays the specifications of each device connected to your router, including Wireless and Wired clients. Wireless Clients. For each device using a wireless connection to your MBR1400, the following information is displayed: Hostname, IP, MAC, Connection, and Time Online.
Page 32
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT poor. Signal quality can be reduced by distance, by interference from other radio-frequency sources (such as cordless telephones or neighboring wireless networks), and by obstacles between the router and the wireless device. Time Online: Simply the amount of time the device has been connected to the router.
After the initial setup of the router, every time you log in you will automatically be directed to this Dashboard. Also, you can click on the CradlePoint logo in the upper left-hand corner to return to the Dashboard from any page.
Page 34
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Router Information: “Detailed Info‖ links to System Settings → Administration. Product: MBR1400 Firmware: Gives the number of the current firmware version. Build Date: Year-month-day-hours-minutes-seconds for the most recent firmware upgrade.
Page 35
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Local Networks: “Detailed Info‖ links to Network Settings → WiFi / Local Networks. Clients: The number of current clients. For each network, the following information is displayed: Network Name: IP Address/Netmask o Route Mode: NAT (Network Address Translation), Standard (NAT-less), Hotspot, or Disabled.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.3 GPS If GPS support is enabled and a modem capable of providing GPS coordinates is connected, this page will show a graphical view of your router's location. See the GPS section in System Settings →...
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.4 GRE Tunnels (Advanced Mode only) View the status of configured GRE Tunnels. To set up or edit a GRE tunnel, go to Internet → GRE Tunnels. Included information: Name Status ...
The Internet Connections submenu option provides a list of attached WAN devices used as the internet source for the MBR1400. Select one of these devices to see detailed information about that particular device. For each type of device, different information will be included in the Device Information section. Possible devices include: ...
Page 39
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.5.1 Ethernet Diagnostics Connection State (connected, idle, etc.) General Information Protocol Ethernet Static Product Built-in Ethernet Type Ethernet Port Unique Identifier Statistics Outgoing Bits/Second Incoming Bits/Second ...
Page 43
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.5.4 EVDO Modem: (MC760 Comcast) Diagnostics Modem Firmware Version PRL Version Service Display EVDO Carrier Status Signal Strength(dBm) Connection Type CDMA Connection State (connected, idle, etc.) General Information ...
Page 45
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT WiMAX Modem (U300 – 4G) 5.5.5 Diagnostics For a WiMAX modem, the CINR and Signal Strength values are important as they show how strong the signal is and that has significant effects on how much data the router can download or send.
Page 47
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.5.6 LTE Modem (PANTECH UML290) Diagnostics Home Address MN-HA SPI Modem Firmware Version Battery Status MN-HA SS Network Address Identifier (NAI) Signal Strength(dBm) Rev Tun ...
Page 48
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT General Information Product PANTECH UML290 Protocol IP DHCP Unique Identifier ESN/IMEI Model UML290VW Type modem Port Manufacturer Pantech, Incorporated IP Information Netmask IP Address ...
LAN, or Local Area Network, is the network you have created through the MBR1400. WAN, or Wide Area Network, is the internet source the MBR1400 is using to create a new LAN. Possible WAN sources include: Ethernet, WiFi, USB modems, and ExpressCard modems.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.7 System Logs The router automatically logs (records) events of possible interest in its internal memory. If there is not enough internal memory for all events, logs of older events are deleted, but logs of the latest events are retained.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.8 VPN Tunnels (Advanced Mode only) View the status of configured VPN tunnels. To set up or edit a VPN tunnel, go to Internet → VPN Tunnels. Included information: Name Connections ...
6 NETWORK SETTINGS The Network Settings tab provides access to 8 submenu options for administering the following functions/tasks. These functions are all related to controlling the LAN (Local Area Network), the network you set up with the MBR1400. Content Filtering ...
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.1 Content Filtering You have two main options for filtering content in a network created through your MBR1400. 1) Domain / URL Filter Rules: Create a list of websites that will be either disallowed (facebook.com, for...
Page 54
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.1.1 OpenDNS OpenDNS is a service that protects you online by filtering websites. OpenDNS protects you from phishing websites and URL typos once you select a filtering level. None: Disables Web filtering that uses OpenDNS, ...
Page 55
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT OpenDNS network. In order for Custom settings to work you need to login to DNS-O-MATIC using your OpenDNS credentials and "Add A Service" for the network specified above. Enable OpenDNS ISP Filter Bypass Algorithm: It is possible that your Internet Service Provider (ISP) uses the port that OpenDNS is configured to access, port 53, which will prevent OpenDNS filtering.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.2 DHCP Server (Advanced Mode only) DHCP stands for Dynamic Host Configuration Protocol. The built-in DHCP server automatically assigns IP addresses to the computers and other devices on each local area network (LAN). In this section you can view a list of assigned IP addresses and reserve IP addresses for particular devices.
DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint.com, for example) and internet IP addresses (206.207.82.197). A DNS server acts as an internet phone book, translating between names that make sense to people and the more complex numerical identifiers. The DNS page for the MBR1400 has these distinct functions: ...
Page 58
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.3.2 Dynamic DNS Configuration The Dynamic DNS feature allows you to host a server (Web, FTP, etc.) using a domain name that you have purchased (www.yourname.com) with your dynamically assigned IP address. Most broadband Internet Service Providers assign dynamic (changing) IP addresses.
Page 59
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.3.3 Advanced Dynamic DNS Settings Update period (hours). (Default: 576) The time between periodic updates to the Dynamic DNS, if your dynamic IP address has not changed. The timeout period is entered in hours so valid values are from 1 to 8760.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.4 Firewall (Advanced Mode only) The router automatically provides a firewall. Unless you configure the router to the contrary, the router does not respond to unsolicited incoming requests on any port, thereby making your LAN invisible to cyber attackers.
Page 61
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Add New Port Forwarding Rule: page 2 Use Port Range: Changes the selection options to allow you to input a range of ports (if desired). Internet Port(s): The port number(s) as you want it defined on the internet.
Page 62
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.4.2 IP Filter Rules An "Incoming" IP filter rule restricts remote access to computers on your local network. "Outgoing" filter rules prevent computers on your local network from initiating communication to the address range specified in the rule.
Page 64
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.4.3 DMZ (DeMilitarized Zone) A DMZ host is effectively not firewalled in the sense that any computer on the internet may attempt to remotely access network services at the DMZ IP address. Typical uses involve running a public Web server or sharing files.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.5 MAC Filter The MAC Filter allows you to create a list of devices that have either exclusive access (whitelist) or no access (blacklist) to your wireless LAN. Enabled: Click to allow MAC Filter options.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.6 Routing (Advanced Mode only) Add a new static route to the IP routing table or edit/remove an existing route. Static routes are unnecessary for most users. They are typically only used in networks with more than one layer, such as when there is a network within a network so that packet destinations are hidden behind an additional router.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7 WiFi / Local Networks This section is used to configure the settings for wireless networks created by your router. Note that changes made in this section may also need to be duplicated on wireless devices that you want to connect to your wireless network.
Page 68
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7.1 Local IP Networks Local IP Networks displays the following information for each network: Network Name IP address/Netmask DHCP Server (Enabled/Disabled) Routing Mode (NAT, Standard, Hotspot, Disabled) Access Control (Admin Access, UPnP Gateway, LAN Isolation) ...
Page 69
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7.2 Local Network Editor The Local Network Editor contains the following tabs: IP Settings, Interfaces, Access Control, and DHCP Server. IP Settings: Name: This primarily helps to identify this network during other administration tasks.
Page 70
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT NAT: Network Address Translation hides private IP addresses behind the router's IP address. This is the simplest and most common choice for users, because NAT does the translation work for you. Standard: NAT-less routing. If you select Standard, you must separately configure your IP addresses so that they will be publically accessible.
Page 71
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Access Control: Tune the access control settings of this network to match the intended use. Simply select or deselect any of the following: LAN Isolation: When checked, this network will NOT be allowed to communicate with other local networks.
Page 72
(default: 72 to 200, as in 192.168.0.72 to 192.168.0.200). Example: The MBR1400 uses an IP address of 192.168.0.1 for its primary network by default. A computer designated as a Web server has a static IP address of 192.168.0.3. Another computer is designated as an FTP server with a static IP address of 192.168.0.4.
Page 73
Ethernet Port Configuration VLAN Interfaces Wireless (WiFi) Network Settings The MBR1400 can broadcast as many as four SSIDs (service set identifiers — the names for WiFi networks). One primary WiFi network is enabled by default, while you may have enabled a second guest network when using the First Time Setup Wizard.
Page 74
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wireless Network Editor WiFi Name (SSID): When you are browsing for available wireless networks, this is the name that will be broadcast from this router for the selected network. This name is referred to as the SSID (service set identifier). For security purposes, CradlePoint highly recommends that you change this from the pre-configured name.
Page 75
NOTE: If you don‘t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, CradlePoint highly recommends WPA2/AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
Page 76
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT NOTE: If you select one of the security modes and are unable to connect to the router afterwards, you can use the reset buttons to reset the router to its factory default state and try a different security mode instead.
Page 77
MBR1400. Local Network (LAN) is for connecting a computer or similar device directly to the router with an Ethernet cable. Link Speed: Default setting is Auto. The Auto setting is preferred in most cases.
Page 78
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Ethernet Port Group Editor A Port Group represents a logical grouping of Ethernet ports. Any computers physically connected to ports in a group will be allowed to freely communicate with each other. For example, if you leave all four orange ports set...
Page 79
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT VLAN Interfaces A virtual local area network, or VLAN, functions as any other physical LAN, but it enables computers and other devices to be grouped together even if they are not physically attached to the same network switch.
Page 80
LANs under the WiFi Settings heading. WiFi band: Select the range of frequencies the router will use. The MBR1400 can operate in either the 2.4 GHz or the 5.0 GHz ranges. (Default: 2.4 GHz. The included WiFi antennas are 2.4 GHz. 5 GHz antennas are available as an accessory.)
Page 81
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Channel: (Shows if Random Channel is deselected.) The WiFi channel corresponds to a frequency the router uses to communicate with other devices. For 2.4 GHz, the range is 1 to 11, and 1, 6, and 11 do not overlap each other. If a WiMAX modem is attached, a higher number channel will increase the chance the router's WiFi and modem's WiMAX radios will conflict with each other, which may result in lower throughput.
Page 82
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Client Timeout: If the access point is not able to communicate with the client it will disconnect it after this timeout (in seconds). TX Power: Normally the wireless transmitter operates at 100% power. In some circumstances, however, there might be a need to isolate specific frequencies to a smaller area.
Page 83
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wireless Mode: Select the WiFi clients the router will be compatible with. Greater compatibility is a tradeoff with better performance. For greatest compatibility with all WiFi devices, select "802.11 a/b/g/n". For best performance, connect with only other 802.11n-compatible devices and select "802.11 n."...
Page 84
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT RADIUS Retry: (Default: 60 seconds) When using an Enterprise security mode, if a RADIUS query fails to receive a response from the server it will delay by this interval (in seconds) before attempting another query. This helps protect the network from floods of authentication requests if the RADIUS server is temporarily unreachable.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.8 WiPipe QoS (Advanced Mode only) When WiPipe QoS (Quality of Service/Traffic Shaping) is enabled, the router will control the flow of internet traffic according to the user- defined rules. In other words, Traffic Shaping improves performance by allowing the user to prioritize applications.
Page 86
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT automatic classification will be adequate, and specific Traffic Shaping Rules will not be required. Traffic Shaping supports overlap between rules, where more than one rule can match for a specific message flow. If more than one rule matches, the rule with the highest priority will be used.
Page 87
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT The second page allows you to designate the computer(s) on the local network for which you want to adjust traffic priority. NOTE: Leaving a field empty will match any IP address and/or any port number.
Page 88
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT The third and last page allows you to designate the network or server on the internet for which you want to shape traffic. NOTE: Leaving a field empty will match any IP address and/or any port number.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7 INTERNET The Internet tab provides access to 8 submenu items for managing a variety of internet connection options. Connection Manager Data Usage Ethernet Settings GRE Tunnels Load Balance ...
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.1 Connection Manager The router can establish an uplink via the Ethernet WAN port, WiFi as WAN, or modems plugged into a modem port. If the primary WAN connection fails the router will automatically attempt to bring up a new link on another device. This feature is called failover.
Page 91
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.1.2 Failure Check (Advanced Mode Only) If this is enabled, the router will check that the highest priority active WAN interface can get to the internet even if the WAN connection is not actively being used.
Page 92
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.1.3 Failback Configuration (Advanced Mode Only) This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network. Usage: Fail back based on the amount of data passed over time.
Agreement shown to the right. The purpose of this agreement is to ensure that you understand that the data numbers for the MBR1400 may not perfectly match those of your carrier: CradlePoint cannot be held responsible. You must accept the agreement by clicking Yes in order to begin creating data usage rules.
Page 94
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.2.1 Data Usage Rules The Date Usage Rule display shows basic information for each rule you have created (including rules created with a template). The following information is displayed: Rule Name Enabled: True/False ...
Page 95
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Usage Rule Configuration – page 2 Cycle Type: How often the rule will reset. The data usage amount will be reset at the end of each cycle. Select the length of a cycle from a dropdown menu with the following choices: ...
Page 96
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Template Configuration 7.2.2 Templates allow you to control multiple WAN devices with the same rule. Each WAN device that matches a template will automatically have its own rule created. For example, you can set a template rule for all mobile data modems that causes your router to send an alert after 1000 MB of usage in a month.
Page 97
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Historical Data 7.2.3 Historical Data shows a graph of data usage for each attached WAN source that has an assigned Data Usage Rule. The graph shows the usage trend for one day. Click Add Usage to manually input additional usage for an attached data source.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.3 Ethernet Manager Ethernet Manager provides controls for your router‘s Ethernet WAN ports. There are five total ports: one blue port and four numbered orange ports. By default, only the blue port is set as a WAN port, but any of the orange ports can be reconfigured as WAN ports in Network Settings →...
Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. The MBR1400 is enabled for either GRE or VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
Page 101
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Page 1: General Tunnel Name: Choose a name that is meaningful to you. Local Network: This is the local side of the ―Glue Network,‖ a network created by the administrator to form the tunnel. The user creates the IP address inputted here.
Page 102
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Keep Alive: This feature monitors the status of a tunnel. This will more accurately determine if the tunnel is alive or not. Choose the length of time in seconds of the Period for each check (Default: 10 seconds. Range: 2 – 3600 seconds) and the number of Retry attempts (Default: 3.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.5 Load Balance (Advanced Mode only) When enabled in Connection Manager (Internet → Connection Manager), the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Connections are load balanced between interfaces based on a dynamic measurement of bandwidth available.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.6 Modem Settings This section shows all attached modems and allows you to change settings. If you have a 3G/4G dual-mode modem it will show both modems using the same USB port. Update/Activate a Modem 7.6.1...
Page 105
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT The modem supports Update/Activate methods: A message will display showing options for each supported method: Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration. Preferred Roaming List (PRL) Update Firmware Update Management Object (FUMO) Click the appropriate icon to start the process.
Page 106
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Modem Connection Settings (Advanced Mode Only) 7.6.2 This section changes settings that affect how all modems attempt to connect to the service provider's network. Connection Mode: Typically modem connections are not set to remain on. The router allows you to set the type of reconnection mode.
Page 107
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: First page. Create a name for your rule and the condition for which the rule applies. Rule Name: Create a name meaningful to you. Select each of the following to create a condition for your rule.
Page 108
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: WiMAX Settings WiMAX Realm: Select from the following dropdown options: Clear – clearwire-wmx.net Rover – rover-wmx.net Sprint 3G/4G – sprintpcs.com Xohm –xohm.com BridgeMAXX – bridgeMAXX.com Time Warner Cable – mobile.rr.com ...
Page 109
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: Modem Settings AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include ―OK‖ except the final command response, which must include ―CONNECT‖.
Page 110
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: SIM/APN Settings SIM PIN: PIN number for a GSM modem with a locked SIM. Access Point Name (APN): Some wireless carriers provide multiple Access Point Names that a modem can connect to.
The MBR1400 uses IPsec (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnel. To set up a VPN tunnel with the MBR1400 on one end, there must be another device (usually a router) that also supports IPsec on the other end.
Page 112
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Page 1: General 7.7.1 Tunnel Name: Choose a name meaningful to you. Local Identity: This can be left blank for most users. If left blank it will default to the IP address of the WAN connection. Currently we only support identifiers in the form of an IP address, a user fully qualified domain name (user@mydomain.com) or just a...
Page 113
CRADLEPOINT Tunnel Enabled: Enabled or Disabled. MBR1200 Quick Connect: VPN tunnels in the MBR1400 have more choices than they do in the MBR1200, so it is more complex to configure. Check this box to simplify setup by streamlining your options.
Page 114
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.3 Page 3: IKE Phase 1 IKE security has two phases, Phase 1 and Phase 2. You have the ability to distinctly configure each phase, but the default settings will be sufficient for most users.
Page 115
In Phase 1, only one DH group can be selected while using Aggressive exchange mode. By default, all the algorithms (encryption, hash, and DH groups) supported by the MBR1400 are checked, which means they are allowed for any given exchange. Deselect these options to limit which algorithms will be accepted. Be sure to check that the router (or similar device) at the other end of the tunnel has matching algorithms.
Page 116
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.4 Page 4: IKE Phase 2 Perfect Forward Secrecy (PFS): Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1.
Page 117
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.5 Page 5: Dead Peer Detection Dead Peer Detection (DPD) defines how the router will detect when one end of the IPsec session loses connection while a policy is in use. Connection Idle Time allows you to configure how long the router will allow an IPsec session to be idle before beginning to send Dead Peer Detection (DPD) packets to the peer machine.
Page 118
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Page 6: Tunnel Summary 7.7.6 The final page of the tunnel configuration interface is a summary of the tunnel specifications. This is especially helpful for matching this information with the router (or similar device) at the other end of the tunnel.
Page 119
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.7 Global VPN Settings These settings apply to all configured VPN tunnels. Changing the Global VPN Settings is rarely necessary; the default values are almost always sufficient. IKE / ISAKMP Port: Internet Key Exchange / Internet Security Association and Key Management Protocol port.
Page 120
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.8 VPN with NAT-T If one side of a planned VPN tunnel is behind a NAT (network address translation) firewall, the setup of your tunnel requires the following specifications: 1. Each side of the tunnel must use both a Local Identity and a Remote Identity. These must match the identities on the other side: The Local Identity must match the Remote Identity on the other side of the tunnel, and vice versa.
WiFi—from a hotel for example—can be used as the internet source for your own private network. When enabled in the WiFi as WAN Settings page, the MBR1400 will find possible WiFi sources that you can select and add.
Page 122
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Network Name (SSID): The name that is broadcast from each access point. Network ID (BSSID): The numeric ID of the network. This parameter is required when trying to connect to a hidden network using WiFi as WAN.
Page 123
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wireless Scan Settings 7.8.3 Scan Interval: How often WiFi as WAN scans the environment for updates. (Default: 60 seconds. Range: 5-3600 seconds.) Scan While Connected: Continue to scan for WiFi as WAN profile updates when connected. Each time a scan occurs the wireless communication of the router will be temporarily interrupted.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8 SYSTEM SETTINGS The System Settings tab has 6 submenu items that provide access to tools for broad administrative control of the MBR1400: Administration Device Alerts Hotspot Services Managed Services ...
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.1 Administration Select the Administration submenu item in order to control any of the following functions: Web Login Network Time Protocol Timezone Bounce Pages UPnP Remote Management ...
Page 126
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.1.3 Timezone This is the time zone and daylight savings setting used by the router for its own clock. This can also be controlled in the First Time Setup Wizard. Daylight Savings Time: Select this checkbox if your location observes daylight savings time.
Page 128
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.1.7 If you have an attached device with GPS support, you can enable a graphical view of your router‘s location which will appear in Status → GPS Status. Users can configure GPS NMEA GGA format sentence reporting, available through a router- based server and/or a remote server.
Page 129
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT $GPGGA – Global Positioning System Fix Data 8.1.8 Name Example Data Description Sentence Identifier $GPGGA Global Positioning System Fix Data Time 170834 17:08:34 Z Latitude 4124.8963, N 41d 24.8963' N or 41d 24' 54" N Longitude 08151.6838, W 81d 51.6838' W or 81d 51' 41"...
Page 130
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT eg2. $--GGA,hhmmss.ss,llll.ll,a,yyyyy.yy,a,x,xx,x.x,x.x,M,x.x,M,x.x,xxxx hhmmss.ss = UTC of position llll.ll = latitude of position a = N or S yyyyy.yy = Longitude of position a = E or W x = GPS Quality indicator (0=no fix, 1=GPS fix, 2=Dif. GPS fix) xx = number of satellites in use x.x = horizontal dilution of precision...
Page 131
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 13 = Age in seconds since last update from diff. reference station 14 = Diff. reference station ID# 15 = Checksum 8.1.9 Syslog Settings Enabling this option will send log messages to a specified Syslog server.
Page 133
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Server Address: smtp.gmail.com Server Port: 587 (for TLS, or Transport Layer Security port; the MBR1400 does not support SSL). Authentication Required: Gmail, mark this checkbox. User Name: Your full email address ...
Network Settings → WiFi / Local Networks. NOTE: Although any network can be a hotspot, the MBR1400 allows only one hotspot. Enable Hotspot Services: Disabled by default. Click Enabled to activate Hotspot options.
Page 135
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.3.1 Simple Mode Settings Display: This section allows you to choose if a "Terms of Use" page will be given to the user connecting to the hotspot. Internal Terms of Use. Fill in your own terms of use.
Page 136
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.3.2 RADIUS/UAM Settings This section allows you to configure a RADIUS or Universal Access Method server. After the user accepts the terms, you can either let him/her continue to the URL they were trying to reach or you can force the user to go to a specified UAM Server or URL once before continuing on.
Page 137
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.3.3 Host/Domain Name Adding Host / Domain names gives you the ability to allow access from your network to any external domain or website prior to being authenticated. For example, a hotel might allow access to its own website prior to authentication.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.4 Managed Services (Advanced Mode only) ASK YOUR CRADLEPOINT SALES REPRESENTATIVE FOR DETAILS Managed Services allow you to centralize your router configuration using the WiPipe Central server. WiPipe Central services must be purchased separately.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.5 System Control Restore to Factory Defaults: This changes all settings back to their default values. Reboot The Device: This causes the router to restart. Advanced: System Automatic Reboot and Ping Test Scheduled Reboot: This causes the router to restart at a user-determined time.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.6 System Software Firmware Upgrade: This allows the administrator to load new firmware onto the router to add new features or fix defects. If you are happy with the operation of the router, you may not want to upgrade just because a new version is available.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 9 GLOSSARY 802.11 Alphanumeric A family of specifications for wireless local area networks Characters A-Z and 0-9. (WLANs) developed by a working group of the Institute of Antenna Electrical and Electronics Engineers (IEEE).
Page 142
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Authentication Bit rate To provide credentials, like a Password, in order to verify The amount of bits that pass in given amount of time. that the person or device is really who they are claiming Bit/sec to be.
Page 143
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT CardBus Data-Link layer A newer version of the PC Card or PCMCIA interface. It The second layer of the OSI model. Controls the supports a 32- bit data path, DMA, and consumes less movement of data on the physical link of a network.
Page 144
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Demilitarized zone Download DMZ: A single computer or group of computers that can To send a request from one computer to another and be accessed by both users on the internet as well as have the file transmitted back to the requesting computer.
Page 145
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Encryption Fragmentation Converting data into cyphertext so that it cannot be easily Breaking up data into smaller pieces to make it easier to read. store. Ethernet The most widely used technology for Local Area File Transfer Protocol.
Page 146
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Half-duplex IEEE Data cannot be transmitted and received at the same Institute of Electrical and Electronics Engineers. time. IGMP Hashing Internet Group Management Protocol is used to make Transforming a string of characters into a shorter string sure that computers can report their multicast group with a predefined length.
Page 147
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Internet Protocol Security Java IPsec provides security at the packet processing layer of A programming language used to create programs and network communication. applets for web pages. Internet Service Provider Kbps An ISP provides access to the internet to individuals or Kilobits per second.
Page 148
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT LPR/LPD MPPE ―Line Printer Requestor‖/‖Line Printer Daemon‖. A Microsoft Point-to-Point Encryption is used to secure data TCP/IP protocol for transmitting streams of printer data. transmissions over PPTP connections. MAC Address A unique hardware ID assigned to every Ethernet Maximum Transmission Unit is the largest packet that adapter by the manufacturer.
Page 149
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Network Interface Card routers in the network as opposed to sending the entire routing table at a regular interval, which is how RIP NIC. A card installed in a computer or built onto the functions.
Page 150
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT channel) but can have multiple ports (logical channels) Rendezvous each identified by a number. Apple‘s version of UPnP, which allows for devices on a network to discover each other and be connected without the need to configure any settings.
Page 151
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Session key An encryption and decryption key that is generated for Secure Shell is a command line interface that allows for every communication session between two computers. secure connections to remote computers. Session layer...
Page 152
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT TFTP Upload Trivial File Transfer Protocol is a utility used for To send a request from one computer to another and transferring files that is simpler to use than FTP but with have a file transmitted from the requesting computer to less features.
Page 153
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wake on LAN WiFi Protected Access Allows you to power up a computer through it‘s Network An updated version of security for wireless networks that Interface Card. provides authentication as well as encryption.
If the purchaser wishes to upgrade or convert to another CradlePoint, Inc. product within the thirty (30) day period, purchaser may return the product and apply the full purchase price toward the purchase of the other product. Any other return will be subject to CradlePoint, Inc.‘s existing return policy.
MBR1400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 10.3 Specifications MODEL NAME DETAILS MBR1400 Mission-Critical Broadband Router 2.412 to 2.484 GHz WiFi Frequency Band WAN / INTERNET Operation Compliant with IEEE 802.3 and 3u Standards 3G/4G via five modem ports (3 USB 2.0, 2 ExpressCard);...