CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Preface CradlePoint reserves the right to revise this publication and to make changes in the content thereof without obligation to notify any person or organization of any revisions or changes. Manual Revisions Revision...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.2 D ) ......131 EVICE LERTS DVANCED ODE ONLY 8.3 H ) ....... 133 OTSPOT ERVICES DVANCED ODE ONLY 8.4 M ) ASK YOUR ANAGED ERVICES DVANCED ODE ONLY CRADLEPOINT SALES REPRESENTATIVE FOR DETAILS ... 137 8.5 S...
Machine-to-Machine (M2M) applications. FEATURE RICH The CBR400 is a feature-rich business router in a small package. Built for business applications like travel, mobile workgroups, or stationary remote internet access, you can rely on CradlePoint‘s advanced networking features like WiPipe Security, VPN Termination, and Failover/Failback (which protects network uptime in case primary data service fails) - keeping your business online.
Page 6
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT EXTENSIVE MODEM SUPPORT CradlePoint routers are built to work with most popular 4G/3G Modems from: AT&T, Bell Canada, Clearwire, Cricket, Rogers, Sprint, T-Mobile, Telus, US Cellular, Verizon Wireless, & Virgin Mobile (modem and service sold separately). ENHANCED WIFI ...
Page 7
WiPipe Central CradlePoint‘s cloud-based router management service allows for remote monitoring, configuration, and firmware updates of deployed routers like the CBR400. WiPipe Central drastically simplifies router administration for businesses using multiple routers. WiPipe Central can be purchased separately at http://cradlepoint.com/support/wipipe-central.
Page 10
LAN setting, or connect to an Ethernet-based modem with the WAN setting. Power 12v DC: Connect the included power supply to the wall and your CBR400. ExpressCard Modem Port: Insert a modem with an active data plan as one possible internet source.
Page 11
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Factory Default Reset: You can return your router to factory default settings by pressing and holding the Reset button. This button is recessed, so it requires a pointed object such as a paper clip to press. Press and hold for 10 seconds to initiate reset.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 2.2 LEDs Power: Green = Router on No light = Router off Ethernet: Green = Ethernet connected Blinking green = Ethernet activity No light = Ethernet disconnected or link failure WiFi: ...
Page 13
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT ExpressCard Status: Green = Active data connection Blinking green = Connecting Blinking amber = Cellular data connection error No light = Modem disconnected Modem Signal Strength: Green = Active data connection ...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 3 QUICK START 3.1 Basic Setup Your router requires an internet source. Insert a supported USB or ExpressCard modem, connect a Cable or DSL modem to the Ethernet port (this requires a settings change because the Ethernet port is not set as WAN by default;...
1) Find the network. On a WiFi-enabled computer or device, open the window or dropdown menu that allows you to access wireless networks. The CBR400 network will appear on the list: select this network. 2) Log in. You will need to input the Default Password when prompted. The Default Password is the last eight digits of the router‘s MAC address, which can be found on the product box or on the product label on the bottom of the router.
Page 16
Enter your Default Password. This password can be found on the bottom of the CBR400 as the last eight digits of the MAC address. Then click the LOGIN button. When you log in for the first time, you will be automatically directed to the First Time Setup Wizard. Follow the Getting Started –...
Page 17
If you used the First Time Setup Wizard, you might have changed the ―WiFi Network Name‖ or the ―Security Mode‖ password. If so, you will need to reconnect to the CBR400 network. Find the network. Look for your new personalized network name (or the default SSID of the form ―CBR400-...
If your USB Modem has not been updated recently, it is recommended that you do so if it is having trouble connecting to the CBR400. Insert your USB data modem into your PC and access the internet using the software provided by your cellular carrier.
4 WEB INTERFACE -- ESSENTIALS The CBR400 has a Web interface for configuration and administration of all features. The interface is organized with a button for toggling between Basic Mode and Advanced Mode and 5 tabs at the top of the screen: ...
Page 22
To access the administration pages, open a Web browser and type the hostname ―cp/‖ or IP address ―http://192.168.0.1‖ into the address bar. The Administrator Login page will appear. Log in using your administrator password. Initially, this password can be found on the bottom of the CBR400 unit as the last eight digits of the unit‘s MAC address.
Page 23
If you have forgotten your personalized password, you can reset the CBR400 to factory defaults. When you reset the router, the administrator password will revert back to the Default Password. Press and hold the reset button on the router unit until the lights flash (10 seconds).
The First Time Setup Wizard will help you customize the name of your wireless network, change passwords to something you choose, and establish an optimal WiFi security mode. The CBR400 comes out of the box with a unique password at WPA1/WPA2 WiFi security level.
Page 25
The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited. NONE (OPEN): Select this option if you do not want to activate any security features. CradlePoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.
Page 26
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Choose a personalized WPA PASSWORD or WEP KEY. This password will be used to connect devices to the router‘s WiFi broadcast once the security settings have been saved. WPA Password: The WPA Password must be between 8 and 64 characters long. A combination of upper and lower case letters along with numbers and special characters is recommended to prevent hackers from gaining access to your network.
Page 27
Realm for your carrier. This setting ensures that the modem, when attached to the router, will properly connect to your carrier‘s wireless broadband service. The CBR400 will default to the Sprint Realm. Select your carrier from the dropdown menu (options shown below).
Page 28
Please record these settings for future access. You may need this information to configure other wireless devices. NOTE: If you are currently using the CBR400 WiFi network, reconnect your devices to the network using the new wireless network name and security password.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 4.3 Quick Links The CradlePoint logo in the upper left-hand corner of all the administration pages is a link to the Dashboard (Status → Dashboard), which displays fundamental information about the router. The black bar across the top provides quick access to important information and controls.
CRADLEPOINT 4.4 Basic Mode vs. Advanced Mode For less complex uses, the CBR400 can be controlled within Basic Mode. Clicking on the Basic Mode button switches the complete Web interface to Advanced Mode. Advanced Mode provides several additional features. The following chart shows the complete list of features found in Basic Mode and found exclusively in Advanced Mode:...
WAN (Wide Area Network) Examples: If you want to change the content filtering settings for the network created by the CBR400, go to the Network Settings tab. If you have multiple internet sources (such as a USB modem and an Ethernet connection) for which you would like to set priority levels, go to the Internet tab.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5 STATUS The Status tab displays information—no adjustments can be made from within these pages. It provides access to 8 submenu options: Client List Dashboard GPS GRE Tunnels Internet Connections ...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.1 Client List The Client List displays the specifications of each device connected to your router, including Wireless and Wired clients. Wireless Clients. For each device using a wireless connection to your CBR400, the following information is displayed: Hostname, IP, MAC, Connection, and Time Online.
Page 34
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT -26 dBm: A relative measure of wireless signal quality (decibels relative to one milliwatt). This expresses theoretical best quality. The value is given as a negative exponent: -20 is a very good value while -80 is relatively poor.
After the initial setup of the router, every time you log in you will automatically be directed to this Dashboard. Also, you can click on the CradlePoint logo in the upper left-hand corner to return to the Dashboard from any page.
Page 36
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Router Information: “Detailed Info‖ links to System Settings → Administration. Product: CBR400 Firmware: Gives the number of the current firmware version. Build Date: Year-month-day-hours-minutes-seconds for the most recent firmware upgrade.
Page 37
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Local Networks: “Detailed Info‖ links to Network Settings → WiFi / Local Networks. Clients: The number of current clients. For each network, the following information is displayed: Network Name: IP Address/Netmask o Route Mode: NAT (Network Address Translation), Standard (NAT-less), IP Passthrough, Hotspot, or Disabled.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.3 GPS If GPS support is enabled and a modem capable of providing GPS coordinates is connected, this page will show a graphical view of your router's location. See the GPS section in System Settings →...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.4 GRE Tunnels (Advanced Mode only) View the status of configured GRE Tunnels. To set up or edit a GRE tunnel, go to Internet → GRE Tunnels. Included information: Name Status ...
The Internet Connections submenu option provides a list of attached WAN devices used as the internet source for the CBR400. Select one of these devices to see detailed information about that particular device. For each type of device, different information will be included in the Device Information section. Possible devices include: ...
Page 41
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.5.1 Ethernet Diagnostics Connection State (connected, idle, etc.) Connection Uptime General Information Type Ethernet Product Built-in Ethernet Protocol Ethernet Static Unique Identifier Port IP Information Netmask ...
Page 45
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.5.4 EVDO Modem: (MC760 Comcast) Diagnostics Modem Firmware Version PRL Version Service Display EVDO Carrier Status Signal Strength(dBm) Connection Type CDMA Connection State (connected, idle, etc.) General Information ...
Page 47
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT WiMAX Modem (U300 – 4G) 5.5.5 Diagnostics For a WiMAX modem, the CINR and Signal Strength values are important as they show how strong the signal is and that has significant effects on how much data the router can download or send.
Page 49
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.5.6 LTE Modem (PANTECH UML290) Diagnostics Home Address MN-HA SPI Modem Firmware Version Battery Status MN-HA SS Network Address Identifier (NAI) Signal Strength(dBm) Rev Tun ...
Page 50
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT General Information Product PANTECH UML290 Protocol IP DHCP Unique Identifier ESN/IMEI Model UML290VW Type modem Port Manufacturer Pantech, Incorporated IP Information Netmask IP Address ...
LAN, or Local Area Network, is the network you have created through the CBR400. WAN, or Wide Area Network, is the internet source the CBR400 is using to create a new LAN. Possible WAN sources include: Ethernet, WiFi, USB modems, and ExpressCard modems.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.7 System Logs The router automatically logs (records) events of possible interest in its internal memory. If there is not enough internal memory for all events, logs of older events are deleted, but logs of the latest events are retained.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 5.8 VPN Tunnels (Advanced Mode only) View the status of configured VPN tunnels. To set up or edit a VPN tunnel, go to Internet → VPN Tunnels. Included information: Name Connections ...
6 NETWORK SETTINGS The Network Settings tab provides access to 8 submenu options for administering the following functions/tasks. These functions are all related to controlling the LAN (Local Area Network), the network you set up with the CBR400. Content Filtering ...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.1 Content Filtering You have two main options for filtering content in a network created through your CBR400. 1) Domain / URL Filter Rules: Create a list of websites that will be either disallowed (facebook.com, for...
Page 56
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.1.1 OpenDNS OpenDNS is a service that protects you online by filtering websites. OpenDNS protects you from phishing websites and URL typos once you select a filtering level. None: Disables Web filtering that uses OpenDNS, ...
Page 57
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT OpenDNS network. In order for Custom settings to work you need to login to DNS-O-MATIC using your OpenDNS credentials and "Add A Service" for the network specified above. Enable OpenDNS ISP Filter Bypass Algorithm: It is possible that your Internet Service Provider (ISP) uses the port that OpenDNS is configured to access, port 53, which will prevent OpenDNS filtering.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.2 DHCP Server (Advanced Mode only) DHCP stands for Dynamic Host Configuration Protocol. The built-in DHCP server automatically assigns IP addresses to the computers and other devices on each local area network (LAN). In this section you can view a list of assigned IP addresses and reserve IP addresses for particular devices.
DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint.com, for example) and internet IP addresses (206.207.82.197). A DNS server acts as an internet phone book, translating between names that make sense to people and the more complex numerical identifiers. The DNS page for the CBR400 has these distinct functions: ...
Page 60
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.3.2 Dynamic DNS Configuration The Dynamic DNS feature allows you to host a server (Web, FTP, etc.) using a domain name that you have purchased (www.yourname.com) with your dynamically assigned IP address. Most broadband Internet Service Providers assign dynamic (changing) IP addresses.
Page 61
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.3.3 Advanced Dynamic DNS Settings Update period (hours). (Default: 576) The time between periodic updates to the Dynamic DNS, if your dynamic IP address has not changed. The timeout period is entered in hours so valid values are from 1 to 8760.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.4 Firewall (Advanced Mode only) The router automatically provides a firewall. Unless you configure the router to the contrary, the router does not respond to unsolicited incoming requests on any port, thereby making your LAN invisible to cyber attackers.
Page 63
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Add New Port Forwarding Rule: page 2 Use Port Range: Changes the selection options to allow you to input a range of ports (if desired). Internet Port(s): The port number(s) as you want it defined on the internet.
Page 64
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.4.2 IP Filter Rules An "Incoming" IP filter rule restricts remote access to computers on your local network. "Outgoing" filter rules prevent computers on your local network from initiating communication to the address range specified in the rule.
Page 66
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.4.3 DMZ (DeMilitarized Zone) A DMZ host is effectively not firewalled in the sense that any computer on the internet may attempt to remotely access network services at the DMZ IP address. Typical uses involve running a public Web server or sharing files.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.5 MAC Filter The MAC Filter allows you to create a list of devices that have either exclusive access (whitelist) or no access (blacklist) to your wireless LAN. Enabled: Click to allow MAC Filter options.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.6 Routing (Advanced Mode only) Add a new static route to the IP routing table or edit/remove an existing route. Static routes are unnecessary for most users. They are typically only used in networks with more than one layer, such as when there is a network within a network so that packet destinations are hidden behind an additional router.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7 WiFi / Local Networks This section is used to configure the settings for networks created by your router. Note that changes made in this section may also need to be duplicated on devices that you want to connect to your networks.
Page 70
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7.1 Local IP Networks Local IP Networks displays the following information for each network: Network Name IP address/Netmask DHCP Server (Enabled/Disabled) Routing Mode (NAT, Standard, IP Passthrough, Hotspot, Disabled) ...
Page 71
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7.2 Local Network Editor The Local Network Editor contains the following tabs: IP Settings, Interfaces, Access Control, and DHCP Server. IP Settings: Name: This primarily helps to identify this network during other administration tasks.
Page 72
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT NAT: Network Address Translation hides private IP addresses behind the router's IP address. This is the simplest and most common choice for users, because NAT does the translation work for you. Standard: NAT-less routing. If you select Standard, you must separately configure your IP addresses so that they will be publically accessible.
Page 73
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Access Control: Tune the access control settings of this network to match the intended use. Simply select or deselect any of the following: LAN Isolation: When checked, this network will NOT be allowed to communicate with other local networks.
Page 74
(default: 72 to 200, as in 192.168.0.72 to 192.168.0.200). Example: The CBR400 uses an IP address of 192.168.0.1 for its primary network by default. A computer designated as a Web server has a static IP address of 192.168.0.3. Another computer is designated as an FTP server with a static IP address of 192.168.0.4.
Page 75
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7.3 Local Network Interfaces Each LAN type—WiFi, Ethernet, and VLAN—has a separate section with configuration options. Unless the default configuration is sufficient, YOU MUST CONFIGURE EACH INTERFACE SEPARATELY in order to create the desired interface options for a network.
Page 76
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wireless Network Editor WiFi Name (SSID): When you are browsing for available wireless networks, this is the name that will be broadcast from this router for the selected network. This name is referred to as the SSID (service set identifier). For security purposes, CradlePoint highly recommends that you change this from the pre-configured name.
Page 77
NOTE: If you don‘t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, CradlePoint highly recommends WPA2/AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
Page 78
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT NOTE: If you select one of the security modes and are unable to connect to the router afterwards, you can use the reset buttons to reset the router to its factory default state and try a different security mode instead.
Page 79
Internet (WAN) is used to connect to another network such as a hotel or office wired network. The WAN connection is used as a possible source of internet for the CBR400. Local Network (LAN) is for connecting a computer or similar device directly to the router with an Ethernet cable.
Page 80
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Ethernet Port Group Editor Port groups are less relevant for the CBR400 than for some other CradlePoint routers because it has only one port. However, you can still change the port group ID for your Ethernet port.
Page 81
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT VLAN Interfaces A virtual local area network, or VLAN, functions as any other physical LAN, but it enables computers and other devices to be grouped together even if they are not physically attached to the same network switch.
Page 82
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.7.4 WiFi Settings (Advanced Mode only) When you select the Wireless (WiFi) Networks Settings tab in the Local Network Interfaces section, you have several additional options for configuring your wireless LANs under the WiFi Settings heading.
Page 83
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Channel: (Shows if Random Channel is deselected.) The WiFi channel corresponds to a frequency the router uses to communicate with other devices. The range is 1 to 11, and 1, 6, and 11 do not overlap each other. If a WiMAX modem is attached, a higher number channel will increase the chance the router's WiFi and modem's WiMAX radios will conflict with each other, which may result in lower throughput.
Page 84
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT than the Fragmentation Threshold. This setting should remain at its default value. Setting the Fragmentation value too low may result in poor performance. DTIM: A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages.
Page 85
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Extended Channel: When operating in 40 MHz mode the access point will use an extended channel either below or above the current channel. Optimal selection will depend on the channels of other networks in the area.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 6.8 WiPipe QoS (Advanced Mode only) When WiPipe QoS (Quality of Service/Traffic Shaping) is enabled, the router will control the flow of internet traffic according to the user- defined rules. In other words, Traffic Shaping improves performance by allowing the user to prioritize applications.
Page 87
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT automatic classification will be adequate, and specific Traffic Shaping Rules will not be required. Traffic Shaping supports overlap between rules, where more than one rule can match for a specific message flow. If more than one rule matches, the rule with the highest priority will be used.
Page 88
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT The second page allows you to designate the computer(s) on the local network for which you want to adjust traffic priority. NOTE: Leaving a field empty will match any IP address and/or any port number.
Page 89
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT The third and last page allows you to designate the network or server on the internet for which you want to shape traffic. NOTE: Leaving a field empty will match any IP address and/or any port number.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7 INTERNET The Internet tab provides access to 8 submenu items for managing a variety of internet connection options. Connection Manager Data Usage Ethernet Settings GRE Tunnels Load Balance ...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.1 Connection Manager The router can establish an uplink via the Ethernet port, WiFi as WAN, or modems plugged into a modem port. If the primary WAN connection fails the router will automatically attempt to bring up a new link on another device. This feature is called failover.
Page 92
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.1.2 Failure Check (Advanced Mode Only) If this is enabled, the router will check that the highest priority active WAN interface can get to the internet even if the WAN connection is not actively being used.
Page 93
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.1.3 Failback Configuration (Advanced Mode Only) This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network. Usage: Fail back based on the amount of data passed over time.
Agreement shown to the right. The purpose of this agreement is to ensure that you understand that the data numbers for the CBR400 may not perfectly match those of your carrier: CradlePoint cannot be held responsible. You must accept the agreement by clicking Yes in order to begin creating data usage rules.
Page 95
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.2.1 Data Usage Rules The Date Usage Rule display shows basic information for each rule you have created (including rules created with a template). The following information is displayed: Rule Name Enabled: True/False ...
Page 96
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Usage Rule Configuration – page 2 Cycle Type: How often the rule will reset. The data usage amount will be reset at the end of each cycle. Select the length of a cycle from a dropdown menu with the following choices: ...
Page 97
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Template Configuration 7.2.2 Templates allow you to control multiple WAN devices with the same rule. Each WAN device that matches a template will automatically have its own rule created. For example, you can set a template rule for all mobile data modems that causes your router to send an alert after 1000 MB of usage in a month.
Page 98
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Historical Data 7.2.3 Historical Data shows a graph of data usage for each attached WAN source that has an assigned Data Usage Rule. The graph shows the usage trend for one day. Click Add Usage to manually input additional usage for an attached data source.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.3 Ethernet Manager Ethernet Manager provides controls for your router‘s Ethernet WAN port. By default, the only port is set as a LAN port, but it can be reconfigured as a WAN port in Network Settings → WiFi / Local Networks.
Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. The CBR400 is enabled for either GRE or VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
Page 102
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Page 1: General Tunnel Name: Choose a name that is meaningful to you. Local Network: This is the local side of the ―Glue Network,‖ a network created by the administrator to form the tunnel. The user creates the IP address inputted here.
Page 103
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Keep Alive: This feature monitors the status of a tunnel. This will more accurately determine if the tunnel is alive or not. Choose the length of time in seconds of the Period for each check (Default: 10 seconds. Range: 2 – 3600 seconds) and the number of Retry attempts (Default: 3.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.5 Load Balance (Advanced Mode only) When enabled in Connection Manager (Internet → Connection Manager), the router will use multiple WAN interfaces to increase the data transfer throughput by using any connected WAN interface consecutively. Connections are load balanced between interfaces based on a dynamic measurement of bandwidth available.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.6 Modem Settings This section shows all attached modems and allows you to change settings. If you have a 3G/4G dual-mode modem it will show both modems using the same USB port. Update/Activate a Modem 7.6.1...
Page 106
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT The modem supports Update/Activate methods: A message will display showing options for each supported method: Modem Activation / Update: Activate, Reactivate, or Upgrade Configuration. Preferred Roaming List (PRL) Update Firmware Update Management Object (FUMO) Click the appropriate icon to start the process.
Page 107
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Modem Connection Settings (Advanced Mode Only) 7.6.2 This section changes settings that affect how all modems attempt to connect to the service provider's network. Connection Mode: Typically modem connections are not set to remain on. The router allows you to set the type of reconnection mode.
Page 108
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: First page. Create a name for your rule and the condition for which the rule applies. Rule Name: Create a name meaningful to you. Select each of the following to create a condition for your rule.
Page 109
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: WiMAX Settings WiMAX Realm: Select from the following dropdown options: Clear – clearwire-wmx.net Rover – rover-wmx.net Sprint 3G/4G – sprintpcs.com Xohm –xohm.com BridgeMAXX – bridgeMAXX.com Time Warner Cable – mobile.rr.com ...
Page 110
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: Modem Settings AT Dial Script: Enter the AT commands to be used in establishing a network connection. Each command must be entered on a separate line. All command responses must include ―OK‖ except the final command response, which must include ―CONNECT‖.
Page 111
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Configuration Rule: SIM/APN Settings SIM PIN: PIN number for a GSM modem with a locked SIM. Access Point Name (APN): Some wireless carriers provide multiple Access Point Names that a modem can connect to.
The CBR400 uses IPsec (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnel. To set up a VPN tunnel with the CBR400 on one end, there must be another device (usually a router) that also supports IPsec on the other end.
Page 113
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Page 1: General 7.7.1 Tunnel Name: Choose a name meaningful to you. Local Identity: This can be left blank for most users. If left blank it will default to the IP address of the WAN connection. Currently we only support identifiers in the form of an IP address, a user fully qualified domain name (user@mydomain.com) or just a...
Page 114
CRADLEPOINT Tunnel Enabled: Enabled or Disabled. MBR1200 Quick Connect: VPN tunnels in the CBR400 have more choices than they do in the MBR1200, so it is more complex to configure. Check this box to simplify setup by streamlining your options.
Page 115
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.3 Page 3: IKE Phase 1 IKE security has two phases, Phase 1 and Phase 2. You have the ability to distinctly configure each phase, but the default settings will be sufficient for most users.
Page 116
In Phase 1, only one DH group can be selected while using Aggressive exchange mode. By default, all the algorithms (encryption, hash, and DH groups) supported by the CBR400 are checked, which means they are allowed for any given exchange. Deselect these options to limit which algorithms will be accepted. Be sure to check that the router (or similar device) at the other end of the tunnel has matching algorithms.
Page 117
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.4 Page 4: IKE Phase 2 Perfect Forward Secrecy (PFS): Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1.
Page 118
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.5 Page 5: Dead Peer Detection Dead Peer Detection (DPD) defines how the router will detect when one end of the IPsec session loses connection while a policy is in use. Connection Idle Time allows you to configure how long the router will allow an IPsec session to be idle before beginning to send Dead Peer Detection (DPD) packets to the peer machine.
Page 119
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Page 6: Tunnel Summary 7.7.6 The final page of the tunnel configuration interface is a summary of the tunnel specifications. This is especially helpful for matching this information with the router (or similar device) at the other end of the tunnel.
Page 120
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.7 Global VPN Settings These settings apply to all configured VPN tunnels. Changing the Global VPN Settings is rarely necessary; the default values are almost always sufficient. IKE / ISAKMP Port: Internet Key Exchange / Internet Security Association and Key Management Protocol port.
Page 121
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 7.7.8 VPN with NAT-T If one side of a planned VPN tunnel is behind a NAT (network address translation) firewall, the setup of your tunnel requires the following specifications: 1. Each side of the tunnel must use both a Local Identity and a Remote Identity. These must match the identities on the other side: The Local Identity must match the Remote Identity on the other side of the tunnel, and vice versa.
WiFi—from a hotel for example—can be used as the internet source for your own private network. When enabled in the WiFi as WAN Settings page, the CBR400 will find possible WiFi sources that you can select and add.
Page 123
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Network Name (SSID): The name that is broadcast from each access point. Network ID (BSSID): The numeric ID of the network. This parameter is required when trying to connect to a hidden network using WiFi as WAN.
Page 124
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wireless Scan Settings 7.8.3 Scan Interval: How often WiFi as WAN scans the environment for updates. (Default: 60 seconds. Range: 5-3600 seconds.) Scan While Connected: Continue to scan for WiFi as WAN profile updates when connected. Each time a scan occurs the wireless communication of the router will be temporarily interrupted.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8 SYSTEM SETTINGS The System Settings tab has 6 submenu items that provide access to tools for broad administrative control of the CBR400: Administration Device Alerts Hotspot Services Managed Services ...
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.1 Administration Select the Administration submenu item in order to control any of the following functions: Web Login Network Time Protocol Timezone Bounce Pages UPnP Remote Management ...
Page 127
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.1.3 Timezone This is the time zone and daylight savings setting used by the router for its own clock. This can also be controlled in the First Time Setup Wizard. Daylight Savings Time: Select this checkbox if your location observes daylight savings time.
Page 129
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.1.7 If you have an attached device with GPS support, you can enable a graphical view of your router‘s location which will appear in Status → GPS Status. Users can configure GPS NMEA GGA format sentence reporting, available through a router- based server and/or a remote server.
Page 130
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT $GPGGA – Global Positioning System Fix Data 8.1.8 Name Example Data Description Sentence Identifier $GPGGA Global Positioning System Fix Data Time 170834 17:08:34 Z Latitude 4124.8963, N 41d 24.8963' N or 41d 24' 54" N Longitude 08151.6838, W 81d 51.6838' W or 81d 51' 41"...
Page 131
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT eg2. $--GGA,hhmmss.ss,llll.ll,a,yyyyy.yy,a,x,xx,x.x,x.x,M,x.x,M,x.x,xxxx hhmmss.ss = UTC of position llll.ll = latitude of position a = N or S yyyyy.yy = Longitude of position a = E or W x = GPS Quality indicator (0=no fix, 1=GPS fix, 2=Dif. GPS fix) xx = number of satellites in use x.x = horizontal dilution of precision...
Page 132
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 13 = Age in seconds since last update from diff. reference station 14 = Diff. reference station ID# 15 = Checksum 8.1.9 Syslog Settings Enabling this option will send log messages to a specified Syslog server.
Page 134
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Server Address: smtp.gmail.com Server Port: 587 (for TLS, or Transport Layer Security port; the CBR400 does not support SSL). Authentication Required: Gmail, mark this checkbox. User Name: Your full email address ...
Network Settings → WiFi / Local Networks. NOTE: Although any network can be a hotspot, the CBR400 allows only one hotspot. Enable Hotspot Services: Disabled by default. Click Enabled to activate Hotspot options.
Page 136
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.3.1 Simple Mode Settings Display: This section allows you to choose if a "Terms of Use" page will be given to the user connecting to the hotspot. Internal Terms of Use. Fill in your own terms of use.
Page 137
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.3.2 RADIUS/UAM Settings This section allows you to configure a RADIUS or Universal Access Method server. After the user accepts the terms, you can either let him/her continue to the URL they were trying to reach or you can force the user to go to a specified UAM Server or URL once before continuing on.
Page 138
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.3.3 Host/Domain Name Adding Host / Domain names gives you the ability to allow access from your network to any external domain or website prior to being authenticated. For example, a hotel might allow access to its own website prior to authentication.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.4 Managed Services (Advanced Mode only) ASK YOUR CRADLEPOINT SALES REPRESENTATIVE FOR DETAILS Managed Services allow you to centralize your router configuration using the WiPipe Central server. WiPipe Central services must be purchased separately.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.5 System Control Restore to Factory Defaults: This changes all settings back to their default values. Reboot The Device: This causes the router to restart. Advanced: System Automatic Reboot and Ping Test Scheduled Reboot: This causes the router to restart at a user-determined time.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 8.6 System Software Firmware Upgrade: This allows the administrator to load new firmware onto the router to add new features or fix defects. If you are happy with the operation of the router, you may not want to upgrade just because a new version is available.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 9 GLOSSARY 802.11 Alphanumeric A family of specifications for wireless local area networks Characters A-Z and 0-9. (WLANs) developed by a working group of the Institute of Antenna Electrical and Electronics Engineers (IEEE).
Page 143
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Authentication Bit rate To provide credentials, like a Password, in order to verify The amount of bits that pass in given amount of time. that the person or device is really who they are claiming Bit/sec to be.
Page 144
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT CardBus Data-Link layer A newer version of the PC Card or PCMCIA interface. It The second layer of the OSI model. Controls the supports a 32- bit data path, DMA, and consumes less movement of data on the physical link of a network.
Page 145
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Demilitarized zone Download DMZ: A single computer or group of computers that can To send a request from one computer to another and be accessed by both users on the internet as well as have the file transmitted back to the requesting computer.
Page 146
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Encryption Fragmentation Converting data into cyphertext so that it cannot be easily Breaking up data into smaller pieces to make it easier to read. store. Ethernet The most widely used technology for Local Area File Transfer Protocol.
Page 147
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Half-duplex IEEE Data cannot be transmitted and received at the same Institute of Electrical and Electronics Engineers. time. IGMP Hashing Internet Group Management Protocol is used to make Transforming a string of characters into a shorter string sure that computers can report their multicast group with a predefined length.
Page 148
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Internet Protocol Security Java IPsec provides security at the packet processing layer of A programming language used to create programs and network communication. applets for web pages. Internet Service Provider Kbps An ISP provides access to the internet to individuals or Kilobits per second.
Page 149
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT LPR/LPD MPPE ―Line Printer Requestor‖/‖Line Printer Daemon‖. A Microsoft Point-to-Point Encryption is used to secure data TCP/IP protocol for transmitting streams of printer data. transmissions over PPTP connections. MAC Address A unique hardware ID assigned to every Ethernet Maximum Transmission Unit is the largest packet that adapter by the manufacturer.
Page 150
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Network Interface Card routers in the network as opposed to sending the entire routing table at a regular interval, which is how RIP NIC. A card installed in a computer or built onto the functions.
Page 151
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT channel) but can have multiple ports (logical channels) Rendezvous each identified by a number. Apple‘s version of UPnP, which allows for devices on a network to discover each other and be connected without the need to configure any settings.
Page 152
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Session key An encryption and decryption key that is generated for Secure Shell is a command line interface that allows for every communication session between two computers. secure connections to remote computers. Session layer...
Page 153
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT TFTP Upload Trivial File Transfer Protocol is a utility used for To send a request from one computer to another and transferring files that is simpler to use than FTP but with have a file transmitted from the requesting computer to less features.
Page 154
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT Wake on LAN WiFi Protected Access Allows you to power up a computer through it‘s Network An updated version of security for wireless networks that Interface Card. provides authentication as well as encryption.
If the purchaser wishes to upgrade or convert to another CradlePoint, Inc. product within the thirty (30) day period, purchaser may return the product and apply the full purchase price toward the purchase of the other product. Any other return will be subject to CradlePoint, Inc.‘s existing return policy.
CBR400| USER MANUAL Firmware ver. 3.3.0 CRADLEPOINT 10.3 Specifications MODEL NAME DETAILS CBR400 Compact Broadband Router 2.412 to 2.484 GHz WiFi Frequency Band Operation WAN / INTERNET Compliant with IEEE 802.3 and 3u Standards 3G/4G via two modem ports (1 USB 2.0, 1 ExpressCard); one Supports OFDM and CCK Modulation ...