Page 2: Manual Revisions
All other company or product names mentioned herein are trademarks or registered trademarks of their respective companies. Copyright © 2013 by Cradlepoint, Inc. All rights reserved. This publication may not be reproduced, in whole or in part, without prior expressed written consent by Cradlepoint, Inc.
Page 3: Table Of Contents
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Table of Contents 1 INTRODUCTION ..............3 5.3 D ..............48 ASHBOARD 5.4 GPS ................. 52 1.1 P ............. 3 ACKAGE ONTENTS 5.5 GRE T ..............53 UNNELS 1.2 S ............3...
Page 4 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.4 D ..............172 SAGE 7.5 GRE T ..............176 UNNELS 7.6 L2TP T ..............179 UNNELS 7.7 N (NEMO) ........... 182 ETWORK OBILITY 7.8 NHRP C ............ 184 ONFIGURATION 7.9 O VPN T ............
Page 5: Introduction
MBR1400E-SP – 3G EVDO for Sprint 1.2 System Requirements • At least one Internet source: a Cradlepoint 3G/4G business-grade modem, an Ethernet-based modem, a broadband data modem with active subscription (USB, ExpressCard), or WiFi as WAN. • Windows 2000/XP/7, Mac OS X, or Linux computer (with WiFi adapter—802.11n recommended—for WiFi functionality).
Page 6: Mbr1400 Overview
Internet. In addition to connection options for traditional wired networking solutions like cable, DSL, satellite, or T1, the most powerful feature of the MBR1400 is its ability to use Cradlepoint business-grade modems or USB or ExpressCard data modems to create instant networks anywhere you receive a broadband signal.
Page 7 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT ADDITIONAL FEATURES • Dual-band WiFi, 3x3 MIMO antenna subsystem, removable external antennas, up to four SSIDs • Plug-and-play support for more than 120 broadband data modems, allowing for site-specific carrier/service selection for broadest deployment •...
Page 8 Captive Portal 1.3.2 The Captive Portal solution provided by Cradlepoint routers enables businesses to provide their customers with a public WiFi hotspot with access controls. The controls can be as simple as requiring acceptance of a terms of service agreement, while advanced features allow administrators to control and monitor usage, require login, direct users to specific web pages, provide revenue through services fees or paid advertising, and more.
Page 9: Cradlepoint Arc Mbr1400 Series
CRADLEPOINT 1.4 Cradlepoint ARC MBR1400 Series The Cradlepoint ARC MBR1400 Series includes a Cradlepoint 3G/4G business-grade modem with the MBR1400 and creates an effortless instant network from high-speed wireless broadband. Cradlepoint integrated business-grade modems are specifically designed to provide the highest level of performance, reliability, and security for 24x7 business-critical applications.
Page 10 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400LE-VZ 4G/3G LTE/EVDO for Verizon Technology: LTE, EVDO Rev A Downlink Rates: LTE 100 Mbps, EVDO 3.1 Mbps (theoretical) Uplink Rates: LTE 50 Mbps, EVDO 1.8 Mbps (theoretical) Frequency Band: LTE Band 13 (700 MHz) CDMA EVDO Rev A/1xRTT (800/1,900 MHz) Power: LTE 23 +/−...
Page 11 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400LP-AT 4G/3G LTE/HSPA+ for AT&T Technology: LTE, HSPA+ Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps (theoretical) Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps (theoretical) Frequency Bands: • LTE Band 17 (700MHz), Band 4 (AWS) •...
Page 12 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400LP2-EU 4G LTE/HSPA+ for Europe Technology: LTE, HSPA+ Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps (theoretical) Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps (theoretical) Frequency Bands: • LTE (800/900/1800/2100/2600 MHz) •...
Page 13 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400LP 4G LTE/HSPA+ for Canada Technology: LTE, HSPA+ Downlink Rates: LTE 100 Mbps, HSPA+ 21.1 Mbps (theoretical) Uplink Rates: LTE 50 Mbps, HSPA+ 5.76 Mbps (theoretical) Frequency Bands: • LTE Band 17 (700MHz), Band 4 (AWS) •...
Page 14 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400W 4G WiMAX for Sprint or CLEAR Technology: WiMAX 802.16e Wave 2 Downlink Rates: 10Mbps peak, 6Mbps average Uplink Rates: 5 Mbps peak, 1.2 Mbps average Frequency Band: 2,500 MHz band Power: 23.5 +/−...
Page 15 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400E-VZ 3G EVDO for Verizon Technology: EVDO Rev A Downlink Rates: 3.1 Mbps (theoretical) Uplink Rates: 1.8 Mbps (theoretical) Frequency Band: CDMA EVDO Rev A/1xRTT (800/1,900 MHz) Power: 24 +/− 0.5 dBm (typical conducted)
Page 16 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MBR1400E-SP 3G EVDO for Sprint Technology: EVDO Rev A Downlink Rates: 3.1 Mbps (theoretical) Uplink Rates: 1.8 Mbps (theoretical) Frequency Band: CDMA Rev A/1xRTT (800/1,900 MHz) Power: 24 +/− 0.5 dBm (typical conducted)
Page 17: Hardware Overview
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 2 HARDWARE OVERVIEW © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 15...
Page 18 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 16...
Page 19: Ports, Buttons, And Switches
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 2.1 Ports, Buttons, and Switches © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 17...
Page 20 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 18...
Page 21 • I = On • O = Off 3G/4G Modem Signal Strength Button: When pressed the bar LEDs indicate signal strength from the Cradlepoint business-grade modem or USB or ExpressCard modem. The signal strength is shown for 10 seconds if the modem does not support concurrent data connection and signal strength measurement.
Page 22: Leds
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 2.2 LEDs LAN and WAN LEDs: The default settings are shown. LAN ports can be reconfigured to function as WAN ports and vice versa; the LEDs will function accordingly. © 2013 CRADLEPOINT, INC.
Page 23: Quick Start
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 3 QUICK START For full 3G/4G functionality, attach one (or more) of the 3.1 Basic Setup following: • Your router requires an Internet source. Attach a Cradlepoint business-grade modem, insert one or...
Page 24: Connect To A Computer Or Other Device
MAC address, which can be found on the product box or product label). NOTE: If more than one MBR1400 wireless router is visible, find the correct unit by checking for its SSID (service set identifier; the unique name of the local network).
Page 25 For many users, the MBR1400 can be used immediately without any special configuration changes. If you would like to change your network name or password or configure any of the advanced features of the MBR1400, you will need to log into the administration pages: •...
Page 26 If you used the First Time Setup Wizard, you might have changed the “WiFi Network Name” or the “Security Mode” password. If so, you will need to reconnect to the MBR1400 network. • Find the network. Look for your new personalized network name (or the default SSID of the form “MBR1400-xxx”).
Page 27: Common Problems
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 3.3 Common Problems This section contains some of the most common issues faced by users of the MBR1400. Please visit the Cradlepoint Knowledge Base at http://knowledgebase.Cradlepoint.com/ for more help and answers to your other questions.
Page 28 If your USB modem has not been updated recently, it is recommended that you do so if it is having trouble connecting to the MBR1400. Insert your USB data modem into your PC and access the Internet using the software provided by your cellular carrier.
Page 29 Go to System Settings → System Software and click on “Manual Firmware Upload”. If you are still not online after activating the modem, go to knowledgebase.Cradlepoint.com for more information. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
Page 30 If the data modem LEDs are not illuminated, your modem is not connected and online. You may need to update firmware. Refer to the previous section, “Your USB or ExpressCard modem does not work with the router.” If you are still not online after activating the modem, go to knowledgebase.Cradlepoint.com for more information. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/...
Page 31: Web Interface - Essentials
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 4 WEB INTERFACE – ESSENTIALS The MBR1400 has a browser-based interface for configuration and administration of all features. The interface is organized with 5 tabs at the top of the screen: • Getting Started •...
Page 32: Administrator Login
The Administrator Login page will appear. Log in using your administrator password. Initially, this password can be found on the bottom of the MBR1400 unit as the Default Password. This password is also the last eight digits of the unit’s MAC address.
Page 33 If you have forgotten your personalized password, you can reset the MBR1400 to factory defaults. When you reset the router, the administrator password will revert back to the Default Password. Press and hold the reset button on the router unit until the lights flash (approximately 10-15 seconds).
Page 34: Getting Started - First Time Setup Wizard
The First Time Setup Wizard will help you customize the name of your wireless network, change passwords to something you choose, and establish an optimal WiFi security mode. The MBR1400 comes out of the box with a unique password at WPA1/WPA2 WiFi security level.
Page 35 The router cannot use 802.11n modes if WEP is enabled; WiFi performance and range will be limited. • NONE (OPEN): Select this option if you do not want to activate any security features. Cradlepoint recommends BEST (WPA2) WiFi security. Try this option first and switch only if you have a device that is incompatible with WPA2.
Page 36 7) Configuring Your Access Point Name (APN): If you are using a SIM-based modem (LTE/GSM/HSPA) with your Cradlepoint router, you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs, so check with your carrier to confirm the appropriate one to use.
Page 37 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8) Modem Authentication: Some modems require a username and password to be entered to authenticate with a carrier. Do not fill in these fields unless you are sure your modem needs authentication.
Page 38 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 9) Configuring Failure Check: It is possible for a WAN interface to go down without the router recognizing the failure. (For example: the carrier for a cellular modem goes dormant, or your...
Page 39 Please record these settings for future access. You may need this information to configure other wireless devices. NOTE: If you are currently using the MBR1400 WiFi network, reconnect your devices to the network using the new wireless network name and security password.
Page 40: Quick Links
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 4.3 Quick Links The Cradlepoint logo in the upper left-hand corner of all the administration pages is a link to the Dashboard (Status → Dashboard), which displays fundamental information about the router.
Page 41 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT WiFi Clients Click to view a signal strength indicator for your network, “WiFi Connection Strength”. The number listed in the orange block shows the number of attached clients. Click this to go to the Client List page (Status →...
Page 42: Configuration
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 4.4 Configuration Pages The following table shows the navigation layout of the administration pages. Click on the tabs along the top bar to reveal the following dropdown menus. Getting Started Status...
Page 43 LAN (Local Area Network) Examples: • If you want to change the content filtering settings for the network created by the MBR1400, go to the Network Settings tab. • If you have multiple Internet sources (such as a Cradlepoint business-grade modem and an Ethernet connection) for which you would like to set priority levels, go to the Internet tab.
Page 44: Enterprise Cloud Manager Registration
CRADLEPOINT 4.5 Enterprise Cloud Manager Registration To register your device with Cradlepoint Enterprise Cloud, navigate to Getting Started → Enterprise Cloud Manager Registration. Input your ECM Username and ECM Password and click Register. You have now registered the device with Enterprise Cloud Manager.
Page 45: Ip Passthrough Setup
You can quickly enable IP passthrough with the IP Passthrough Setup Wizard available under Getting Started → IP Passthrough Setup. IP passthrough takes a 3G/4G WAN data source (USB, ExpressCard, or Cradlepoint business- grade modem) and passes the IP address through to Ethernet LAN.
Page 46: Status
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5 STATUS The Status tab displays information about many different aspects of the router. It provides access to these submenu options: • Client List • CP Connect • Dashboard • GPS •...
Page 47: Client List
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.1 Client List The Client List displays the specifications of each device connected to your router, including Wireless and Wired clients. Wireless Clients. For each device using a wireless connection to your MBR1400, the following information is displayed: Hostname, IP, MAC, Connection, and Time Online.
Page 48 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • -26 dBm: A relative measure of wireless signal quality (decibels relative to one milliwatt). This expresses theoretical best quality. The value is given as a negative exponent: -20 is a very good value while -80 is relatively poor.
Page 49: Cp Connect
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.2 CP Connect View the status of configured CP Connect tunnels. To set up or edit a CP Connect tunnel, go to Internet → VPN Tunnels. NOTE: CP Connect requires a feature license. Go to System Settings → Feature Licenses to enable this feature.
Page 50: Dashboard
After the initial setup of the router, every time you log in you will automatically be directed to this Dashboard. Also, you can click on the Cradlepoint logo in the upper left-hand corner to return to the Dashboard from any page.
Page 51 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Router Information: “Detailed Info” links to System Settings → Administration. • Product: MBR1400 or MBR1400v2 • Firmware: Gives the number of the current firmware version • Build Date: Year-month-day-hours-minutes-seconds for the most recent firmware upgrade •...
Page 52 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Local Networks: “Detailed Info” links to Network Settings → WiFi / Local Networks. • Clients: The number of current clients For each network, the following information is displayed: • Network Name: IP Address/Netmask...
Page 53 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT To configure WiFi network settings see Network Settings → WiFi / Local Networks. Router Alerts 5.3.1 On the right side of the Dashboard page is a brief set of “Router Alerts” that state basic information such as whether the router is running properly.
Page 54: Gps
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.4 GPS If GPS support is enabled and a modem capable of providing GPS coordinates is connected, this page shows a graphical view of your router's location. See the GPS section in System Settings →...
Page 55: Gre Tunnels
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.5 GRE Tunnels View the status of configured GRE Tunnels. To set up or edit a GRE tunnel, go to Internet → GRE Tunnels. Included information: • Name • Status • Transmit (packets/bytes) •...
Page 56: Hotspot Clients
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.6 Hotspot Clients View the status of the clients that have logged in through the Hotspot/Captive Portal. View: • Hostname • IP address • MAC address • Data Usage (both IN and OUT) •...
Page 57: Internet Connections
The Internet Connections submenu option provides a list of attached WAN devices used as the Internet source for the MBR1400. Select one of these devices to see detailed information about that particular device. For each type of device, different information will be included in the Device Information section. Possible devices include: •...
Page 58 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Ethernet 5.7.1 General Information • Unique Identifier wan • Model • Type ethernet • Port IP Information • DNS Servers • IP Address • Gateway Statistics • Incoming Bytes • Outgoing Bytes •...
Page 59 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT LTE Modem (PANTECH UML290) 5.7.2 Diagnostics • Home Address • MN-HA SPI • Modem Firmware Version • Battery Status • MN-HA SS • Network Address Identifier (NAI) • Signal Strength(dBm) • Rev Tun •...
Page 60 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT General Information • Product PANTECH UML290 • Protocol IP DHCP • Unique Identifier • ESN/IMEI • Model UML290VW • Type modem • Port • Manufacturer Pantech, Incorporated IP Information • Netmask •...
Page 61 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT HSPA+ Modem (Nokia Datacard) 5.7.3 Diagnostics • Manufacturer Nokia • Product Nokia Datacard • Model Nokia Internet Stick CS-18 • ESN/IMEI • Modem Firmware Version • Mobile Directory Number • Carrier ID AT&T •...
Page 62 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IP Information • DNS Servers • IP Address • Gateway Statistics • Incoming Bytes • Outgoing Bytes • Connection Uptime (secs) © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
Page 63 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT WiMAX Modem (U300 – 4G) 5.7.4 Diagnostics For a WiMAX modem, the CINR and Signal Strength values are important as they show how strong the signal is and that has significant effects on how much data the router can download or send.
Page 64 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Type WiMAX • Port • Manufacturer Franklin Wireless Corporation Statistics • Outgoing Bits/Second • Incoming Bits/Second • Incoming Bytes • Outgoing Bytes © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
Page 65 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT GSM Modem (Nokia Datacard) 5.7.5 Diagnostics • Signal Error Rate • Modem Firmware Version • Battery Status • Battery Level • Carrier Status • Signal Strength(dBm) • PIN Status • Connection State (connected, idle, etc.)
Page 66 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Incoming Bytes • Outgoing Bytes © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 64...
Page 67 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT EVDO Modem: (MC760 Comcast) 5.7.6 Diagnostics • Modem Firmware Version • PRL Version • Service Display EVDO • Carrier Status • Signal Strength(dBm) • Connection Type CDMA • Connection State (connected, idle, etc.) General Information •...
Page 68 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT WiFi as WAN 5.7.7 Diagnostics • Connection State (connected, idle, etc.) General Information • Product Wireless As WAN • Unique Identifier • Type wwan IP Information • Netmask • IP Address •...
Page 69: Routing
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.8 Routing System Routes displays routes associated with networks connected to the router as well as routes learned from routing protocols (such as RIP or BGP). Static Routes displays user-specified routes configured in Network Settings → Routing.
Page 70 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT GRE Routes displays user-specified routes configured in Internet → GRE Tunnels. VPN Routes displays user-specified routes configured in Internet → VPN Tunnels. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
Page 71 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT NEMO Routes displays user-specified routes configured in Internet → Network Mobility (NEMO). © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 69...
Page 72: Statistics
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.9 Statistics The Statistics submenu option displays basic traffic statistics. Wireless Statistics: View the signal strength and other wireless modem information. The wireless device’s signal strength will only be displayed as long as it supports “Live Diagnostics.” Sample rate and size can be adjusted from the dropdown boxes.
Page 73 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Data Usage: A measure of amount of information that is currently being sent or received through the network. Sample rate and size can be adjusted from the dropdown boxes. © 2013 CRADLEPOINT, INC.
Page 74 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Failover/Failback/Load Balance: An easy way to view current connective states of the devices plugged into the router as compared to the past. Sample rate and size can be adjusted from the dropdown boxes.
Page 75: System Logs
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.10 System Logs The router automatically logs (records) events of possible interest in its internal memory. If there is not enough internal memory for all events, logs of older events are deleted, but logs of the latest events are retained. The log options allow you to filter the router logs so you can easily find relevant messages.
Page 76: Vpn Tunnels
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.11 VPN Tunnels View the status of configured VPN tunnels. To set up or edit a VPN tunnel, go to Internet → VPN Tunnels. Included information: • Name • Connections • Status •...
Page 77: Wipipe Qos
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 5.12 WiPipe QoS View the breakdown of packets and bytes sent and received associated with each WiPipe QoS rule. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
Page 78: Network Settings
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6 NETWORK SETTINGS The Network Settings tab provides access to these submenu options for administering the following functions/tasks, which all relate to managing the LAN (Local Area Networks). • Content Filtering •...
Page 79: Content Filtering
CRADLEPOINT 6.1 Content Filtering You have two main options for filtering content in a network created by your MBR1400. 1) WebFilter Rules: Create a list of websites that will be either disallowed or allowed. Customize the filter settings for each network and/or each MAC address. (These rules will not block HTTPS websites.) 2) Cloud Based Filtering/Security: Allows several options for filtering and security using third-party services: •...
Page 80 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Click Add or Edit to open the Filter Rule Editor. • Assigned Network: Select either “All Networks” or one of your LAN networks from the dropdown list. • Domain/URL/IP: Enter the Domain Name or URL (address) of the website you wish to control access for, e.g.
Page 81 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Default Filter Settings 6.1.2 Use Default Network Filter Settings together with Network WebFilter Rules to control website access. All of your networks are set to allow website access by default. Select a network and click Edit to change the default filter settings.
Page 82 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MAC Address WebFilter Rules 6.1.3 MAC Address WebFilter Rules allow you to control access from a specific MAC address to external domains or websites. The settings for the MAC Address WebFilter Rules section match those for the Network WebFilter Rules, except that you must assign a MAC address instead of a network to each rule.
Page 83 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MAC Address WebFilter Defaults 6.1.4 Use MAC Address WebFilter Defaults together with MAC Address WebFilter Rules to control website access for specific MAC addresses. By default, each MAC address is allowed website access. Click Add/Edit to change this setting for a MAC address.
Page 84 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Cloud Based Filtering/Security 6.1.5 Select a third-party Cloud Provider from the dropdown list. • Umbrella by OpenDNS • Zscaler Umbrella by OpenDNS Umbrella by OpenDNS is a cloud-based web filtering and security solution that protects you online by filtering websites.
Page 85 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Zscaler Zscaler (http://www.zscaler.com) is a cloud based web filtering and security provider that offers several plan options. Depending on your Zscaler implementation, this could include: • Global Cloud Platform © 2013 CRADLEPOINT, INC.
Page 86 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Real-Time Reporting • Behavioral Analysis • URL Filtering • Advanced Threat Protection • Inline Anti-Virus & Anti-Spyware • Web 2.0 Control • Data Loss Prevention • Bandwidth Management • Web Access Control •...
Page 87: Dhcp Server
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.2 DHCP Server DHCP stands for Dynamic Host Configuration Protocol. The built-in DHCP server automatically assigns IP addresses to the computers and other devices on each local area network (LAN). In this section you can view a list of assigned IP addresses and reserve IP addresses for particular devices.
Page 88: Dns
DNS, or Domain Name System, is a naming system that translates between domain names (www.Cradlepoint.com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers. The DNS page for the MBR1400 has these distinct functions: •...
Page 89 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Force All DNS Requests To Router: Enabling this will redirect all DNS requests from LAN clients to the router's DNS server. This will allow the router even more control over IP addresses even when clients have their own DNS servers statically set.
Page 90 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT supplies only a key, enter that key for both the User name and Password fields. Password: Enter the password or key provided by the dynamic DNS service provider. 6.3.3 Advanced Dynamic DNS Settings Update period (hours).
Page 91: Firewall
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.4 Firewall The router automatically provides a firewall. Unless you configure the router to the contrary, the router does not respond to unsolicited incoming requests on any port, thereby making your LAN invisible to cyber attackers.
Page 92 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Local Port(s): The port number(s) that corresponds to the service (Web server, FTP, etc) on a local computer or device. For example, you might input “80” in the Local Port(s) field to open a port for a Web server on a computer within your network.
Page 93 IPv6 providers, but it cannot be used effectively in all situations. The primary purpose for Cradlepoint’s NPT implementation is for failover/failback and load balancing setups. LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition when WAN connectivity changes than if not utilizing NPT.
Page 94 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IP Filter Rules (Advanced) 6.4.3 An "Incoming" IP filter rule restricts remote access to computers on your local network. "Outgoing" filter rules prevent computers on your local network from initiating communication to the address range specified in the rule.
Page 95 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Port Negation: Match on any port that is NOT in the specified port range. • Port(s): Use for a single port or a range of ports. Fill in the left side for a single port.
Page 96 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT DMZ: DeMilitarized Zone (Advanced) 6.4.4 A DMZ host is effectively not firewalled in the sense that any computer on the Internet may attempt to remotely access network services at the DMZ IP address. Typical uses involve running a public Web server or sharing files.
Page 97 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • FTP: To allow normal mode when using File Transfer Protocol. This is not needed for passive mode. This is enabled by default. • IRC: For Direct Client to Client (DCC) transfer when using Internet Relay Chat. You may wish to forward TCP port 113 for incoming identd (RFC 1413) requests.
Page 98 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Add/Edit Allowed Remote Access Addresses IP Address: The IP address that will be allowed to access administrative services through the WAN. Netmask (Optional): The netmask allows you to specify what IP address sets will be allowed access. If this field is left empty a netmask of 255.255.255.255 will be used,...
Page 99: Ilter / Logging
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.5 MAC Filter / Logging A MAC (Media Access Control) address is a unique identifier for a computer or other device. This page allows you to manage clients by MAC address. You can filter clients by MAC addresses and/or keep a log of devices connected to your router.
Page 100 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT MAC Logging Configuration 6.5.2 Enable MAC Logging: Enabling MAC Logging will cause the router to log MAC addresses that are connected to the router. MAC addresses that you do not want to have logged (addresses that you expect to be connected) should be added to the “Ignored MAC Addresses”...
Page 101: Routing
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.6 Routing Add a new static route to the IP routing table or edit/remove an existing route. Static routes are unnecessary for most users. They are typically only used in networks with more than one layer, such as when there is a network within a network so that packet destinations are hidden behind an additional router.
Page 102: Routing Protocols
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.7 Routing Protocols NOTE: Routing Protocols require a feature license. Go to System Settings → Feature Licenses to enable these features. These protocols also require hardware version 2.0. A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network.
Page 103 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT any arbitrary 32bit number. However it MUST be unique within the entire BGP domain to the BGP speaker - bad things will happen if multiple BGP speakers are configured with the same router-ID.
Page 104 • Enabled: Click to enable/disable the policy. (Default: enabled.) Network Areas: Areas are identified by an ID number. As of 4.1.1, Cradlepoint only supports area 0. Use the IP address and netmask fields to associate a network with this policy. Also, choose whether to select Passive (active by default).
Page 105 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Redistribute Routes: Redistribute routes of the specified protocol or kind into BGP, with the metric type and metric set (if specified), filtering the routes using the given route map (if specified). Redistributed routes may also be filtered with distribute lists.
Page 106 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT RIPv2 (and replying with packets of the appropriate version for REQUESTS / triggered updates). • Password: RIPv2 allows packets to be authenticated via either an insecure plain text password, included with the packet, or a more secure MD5 based HMAC (keyed-Hashing for Message AuthentiCation).
Page 107 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT RIPNG Routing 6.7.4 RIP (Routing Information Protocol) RIPng (RIP next generation) extends RIPv2 to support IPv6. See RIPng on Wikipedia and RFC 2080 for details. RIPNG Editor • Name: Unique name of the policy.
Page 108 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Routes: Set RIPng static routing announcement of specified network address. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 106...
Page 109 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Redistribute Routes: Redistribute routes of the specified protocol or kind into BGP, with the metric type and metric set (if specified), filtering the routes using the given route map (if specified). Redistributed routes may also be filtered with distribute lists.
Page 110 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Route Maps and Filters 6.7.5 Access Lists This option provides for basic filtering based on IP addresses and netmasks. Click Add to create a filtering rule. Name: Choose a unique name.
Page 111 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Match and Set: Both of these have the following configuration options: • IP address: Input an IP address with this policy. • Metric: Numerical priority of the route. • Community: The BGP community list is a user- defined BGP communities attribute list.
Page 112: Wifi / Local Networks
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.8 WiFi / Local Networks This section is used to configure the settings for networks created by your router (LAN). Note that changes made in this section may also need to be duplicated on wireless devices that you want to connect to your wireless network.
Page 113 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Local IP Networks 6.8.1 Local IP Networks displays the following information for each network: • Network Name and IP address/Netmask (along the top bar) • Enabled: Yes/No • Multicast Proxy (Enabled/Disabled) •...
Page 114 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Local Network Editor 6.8.2 Click Add or select a network and click Edit to open the Local Network Editor to make configure a LAN. The Local Network Editor contains the following tabs: General Settings, IPv4 Settings, IPv6 Settings, Interfaces, Access Control, IPv4 DHCP, IPv6 Addressing, Multicast Proxy, Schedule, VRRP, STP, and Wired 802.1X.
Page 115 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IPv4 Settings: IP Address: This is the address used by the router for local area network communication. Changes to this parameter may require a restart to computers on this network. Each network must have a distinct IP address. Most users will want an address from one of the following private IP ranges: •...
Page 116 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IPv6 Settings: IPv6 must be enabled through the WAN initially: go to Internet → Connection Manager to enable IPv6. IPv6 Address Source: By default, this is set to Delegated, which means the IPv6 address range for the LAN is passed through from the WAN side.
Page 117 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Interfaces: Select network interfaces to attach to this network. Choose from WiFi, Ethernet ports, and VLAN interfaces. Double-click on any of the interfaces shown on the left in the Available section to move them to the Selected section on the right (or highlight an interface and click the “+”...
Page 118 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Access Control: Tune the access control settings of this network to match the intended use. Simply select or deselect any of the following: • LAN Isolation: When checked, this network will NOT be allowed to communicate with other local networks.
Page 119 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IPv4 DHCP: Changing settings for the IPv4 DHCP server is optional. The default selections are almost always sufficient. DHCP Server: (Default: Enabled) When the DHCP server is enabled, users of your network will be able to automatically connect to the Internet without any special configuration.
Page 120 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Custom Options: Input a custom DHCP option by first clicking the Custom Options field to enable it and then clicking “Add” at the top of the table that appears. There are close to 200 possible DHCP options available. One of the more common uses is to assign a VoIP phone server using option 66 (Server name).
Page 121 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IPv6 Addressing: Address Configuration Mode: SLAAC Only – SLAAC stands for stateless address autoconfiguration. The router regularly generates a router advertisement that includes network prefix and routing information, allowing clients to autogenerate an address and start communicating on the network.
Page 122 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Multicast Proxy: IGMP (Internet Group Management Protocol) multicast proxy allows a single packet to reroute to multiple destinations (see the Wikipedia explanation of multicast). This may be used for IPTV, for example.
Page 123 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Schedule: Set up a schedule for this network interface. This allows an interface to be enabled or disabled during specific hours of a day. For example, use this to limit a Hotspot network to business hours.
Page 124 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT VRRP: NOTE: VRRP requires a feature license. Go to System Settings → Feature Licenses to enable this feature. VRRP also requires hardware version 2.0. VRRP (Virtual Router Redundancy Protocol) allows you to associate multiple routers with one LAN so that if the primary physical router fails, the LAN will keep the same settings via the virtual router.
Page 125 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Initial Virtual Router State: This controls the initial VRRP failover state for this physical router: choose Master or Backup. This sets up the virtual router association more quickly than the Router Priority level, but the Router Priority assignment will eventually overrule this if there is a discrepancy.
Page 126 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Wired 802.1X: (requires hardware version 2.0) This allows you to configure an authentication server that will accept authentication requests from devices attached to wired Ethernet ports. IEEE 802.1X defines the encapsulations of the Extensible Authentication Protocol (EAP).
Page 127 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Local Network Interfaces 6.8.3 Each LAN type—WiFi, Ethernet, and VLAN—has a separate section with configuration options. Unless the default configuration is sufficient, YOU MUST CONFIGURE EACH INTERFACE SEPARATELY in order to create the desired interface options for a network.
Page 128 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Wireless Network Editor WiFi Name (SSID): When users browse for available wireless networks, this is the name that they will see. This name is referred to as the SSID (service set identifier).
Page 129 NOTE: If you don’t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, Cradlepoint highly recommends WPA2/AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
Page 130 The WAN connection is used as a possible source of Internet for the MBR1400. • Local Network (LAN) is for connecting a computer or similar device directly to the router with an Ethernet cable.
Page 131 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Ethernet Port Group Editor A Port Group represents a logical grouping of Ethernet ports. Any computers physically connected to ports in a group will be allowed to freely communicate with each other.
Page 132 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT VLAN Interfaces A virtual local area network, or VLAN, functions as any other physical LAN, but it enables computers and other devices to be grouped together even if they are not physically attached to the same network switch.
Page 133 LANs under the WiFi Settings heading. WiFi band: Select the range of frequencies the router will use. The MBR1400 can operate in either the 2.4 GHz or the 5.0 GHz ranges. (Default: 2.4 GHz. The included WiFi antennas are 2.4 GHz.
Page 134 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Channel: (Shows if User Selection is selected.) The WiFi channel corresponds to a frequency the router uses to communicate with other devices. For 2.4 GHz, the range is 1 to 11, and 1, 6, and 11 do not overlap each other. If a WiMAX modem is attached, a higher number channel will increase the chance the router's WiFi and modem's WiMAX radios will conflict with each other, which may result in lower throughput.
Page 135 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT TX Power: Normally the wireless transmitter operates at 100% power. In some circumstances, however, there might be a need to isolate specific frequencies to a smaller area. By reducing the power of the radio, you can prevent transmissions from reaching beyond your corporate/home office or designated wireless area.
Page 136 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Wireless Mode: Select the WiFi clients the router will be compatible with. Greater compatibility is a tradeoff with better performance. For greatest compatibility with all WiFi devices, select "802.11 a/b/g/n". For best performance, connect with only other 802.11n-compatible devices and select "802.11 n."...
Page 137: Wipipe Qos
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6.9 WiPipe QoS When WiPipe QoS (Quality of Service, also known as “Traffic Shaping”) is enabled, the router will control the flow of Internet traffic according to the user-defined rules. In other words, Traffic Shaping improves performance by allowing the user to prioritize applications.
Page 138 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Queues 6.9.1 Queues and rules work in conjunction to prioritize bandwidth for the most critical operations. Multiple rules can be associated with one queue. Use rules to associate your more critical operations with queues that have higher bandwidth settings.
Page 139 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Upload Priority: The priority value has two different effects on traffic. Higher priority traffic is handled before lower priority traffic, which can lead to shorter response times. Also, when spare bandwidth is available it is offered to higher priority queues first.
Page 140 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Download Priority: The priority value has two different effects on traffic. Higher priority traffic is handled before lower priority traffic, which can lead to shorter response times. Also, when spare bandwidth is available it is offered to higher priority queues first.
Page 141 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Rules 6.9.2 A traffic shaping rule identifies a specific message flow and assigns that flow to one of the queues created above. Click Add to create a new Traffic Shaping rule.
Page 142 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Traffic Shaping / QoS Rule Editor The first page of the Traffic Shaping / QoS Rule Editor allows you enable/disable the rule, name the rule, specify a protocol for the rule, and select a queue to associate the rule with.
Page 143 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Use ports and/or IP addresses to define the type(s) of traffic attached to this rule. Leaving any field blank will match all values; all fields are optional. Source Port(s) and/or Destination Port(s): Enter a port number between 1 and 65535.
Page 144: Internet
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7 INTERNET The Internet tab provides access to these submenu items for managing a variety of Internet connection options. • Connection Manager • CP Connect • Client Data Usage • Data Usage •...
Page 145: Connection Manager
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.1 Connection Manager The router can establish an uplink via the Ethernet WAN port, WiFi as WAN, or modems plugged into a modem port. If the primary WAN connection fails the router will automatically attempt to bring up a new link on another device. This feature is called failover.
Page 146 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Device Configuration 7.1.2 Clicking on a device reveals the following information: • State (Connected, Available, etc.) • Port • UID (Unique identifier. This could be a name or number/letter combination.) • IP Address •...
Page 147 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT General Settings 7.1.3 • Enabled: Select/deselect to enable/disable. • Force NAT: Normally NAT is part of the Routing Mode setting which is selected on the LAN side in Network Settings → WiFi / Local Networks.
Page 148 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Failure Check (Advanced) If this is enabled, the router will check that the highest priority active WAN interface can get to the Internet even if the WAN connection is not actively being used.
Page 149 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Failback Configuration (Advanced) This is used to configure failback, which is the ability to go back to a higher priority WAN interface if it regains connection to its network. Usage: Fail back based on the amount of data passed over time.
Page 150 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IP Overrides 7.1.4 IP overrides allow you to override IP settings after a device’s IP settings have been configured. Only the fields that are filled out will be overridden. Override any of the following fields: •...
Page 151 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT IPv6 Settings 7.1.5 The IPv6 (http://en.wikipedia.org/wiki/IPv6) configuration allows you to enable and configure IPv6 for a WAN device. These settings should be configured in combination with the IPv6 LAN settings (go to Network Settings → WiFi / Local Networks, select the LAN under Local IP Networks, and click Edit) to achieve the desired result.
Page 152 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Enable IPv6 and select the desired IPv6 connection method for this WAN interface. • Disabled (default) – IPv6 disabled on this interface. • Auto – IPv6 will use automatic connection settings (if available).
Page 153 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Auto IPv6 auto-configuration mode uses DHCPv6 and/or SLAAC to configure the IPv6 networks. When you select Auto, all of the following settings are optional (depending on your provider’s requirements): • PD Request Size – Prefix Delegation request size. This is the size of IPv6 network that will be requested from the ISP to delegate to LAN networks.
Page 154 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Static As with IPv4, static configuration is available for situations where the WAN IPv6 topology is fixed. • IPv6 Address/CIDR – Input the IPv6 static IP address and mask length provided by your ISP (see http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing...
Page 155 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6to4 Tunnel Out of the box, 6to4 is the simplest mode to enable full end-to-end IPv6 connectivity in an organization if the upstream ISP properly routes packets to and from the 6to4 unicast relay servers.
Page 156 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6in4 Tunnel The 6in4 tunnel mode utilizes explicit IPv4 tunnel endpoints and encapsulates IPv6 packets using 41 as the specified protocol type in the IP header. A 6in4 tunnel broker provides a static IPv4 server endpoint, decapsulates packets and provides routing for both egress and ingress IPv6 packets.
Page 157 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 6rd Tunnel IPv6 Rapid Deployment (6rd) is a method of IPv6 site configuration derived from 6to4. It is different from 6to4 in that the ISP provides explicit 6rd infrastructure that handles the IPv4 ↔ IPv6 translation within the ISP network. 6rd is considered more reliable than 6to4 as the ISP explicitly maintains infrastructure to support tunneled IPv6 traffic over their IPv4 network.
Page 158: Example Configuration
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Example Configuration: © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 156...
Page 159 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Ethernet Settings 7.1.6 While default settings for each WAN Ethernet port will be sufficient in most circumstances, you have the ability to control: • Connect Method: DHCP (Automatic), Static (Manual), or PPPoE (Point-to-Point Protocol over Ethernet).
Page 160 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Static (Manual): • IP Address • Subnet Mask • Gateway IP • Primary DNS Server • Secondary DNS Server © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES...
Page 161 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT PPPoE: • Username • Password • Password Confirm • Service • Auth Type: None, PAP, CHAP © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 159...
Page 162 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Modem Settings 7.1.7 Not all modems will have all of the options shown below; the available options are specific to the modem type. On Demand: Typically modem connections are not always on. When this mode is selected a connection to the Internet is made as needed.
Page 163 • Force 3G (EVDO, UMTS, HSPA): Connect to 3G network only. • Force 2G (1xRTT, EDGE, GPRS): Connect to 2G network only. See the following tables for a breakdown of the technologies used with various Cradlepoint ARC models when any Modem Connection Mode is selected.
Page 164 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT GSM Technology Auto Auto 3G Force 4G Force 3G Force 2G (module auto selects) (module auto selects) (<= 3G) HSPA+ HSPA EDGE GPRS (4G/3.5G) (3G) (2.75G) (2.5G) ✔ ✔ ✔ ✔...
Page 165 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT CDMA Settings 7.1.8 These settings are usually specific to your wireless carrier’s private networks. You should not set these unless directed to by a carrier representative. If a field below is left blank, that particular setting will not be changed in the modem. You should only fill in fields that are required by your carrier.
Page 166 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT WiMAX Settings 7.1.9 WiMAX Realm: Select from the following dropdown options: • Clear – clearwire-wmx.net • Rover – rover-wmx.net • Sprint 3G/4G – sprintpcs.com • Xohm –xohm.com • BridgeMAXX – bridgeMAXX.com •...
Page 167 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT SIM/APN/Auth Settings 7.1.10 SIM PIN: PIN number for a GSM modem with a locked SIM. Authentication Protocol: Set this only if your service provider requires a specific protocol and the Auto option chooses the wrong one.
Page 168 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Update/Activate a Modem 7.1.11 Some 3G modems can be updated and activated while plugged into the router. Updates and activation methods vary by modem model and service provider. Possible methods are: PRL Update, Activation, and FUMO. All supported methods will be displayed when you select your modem and click “Control”.
Page 169 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Process Timeout: If the process fails an error message will display. Activation has a 3-minute timeout, PRL update has a 4-minute timeout, and FUMO has a 10-minute timeout. 7.1.12 Configuration Rules (Advanced)
Page 170 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT WAN Configuration Rule This section allows you to create simple or complex rules that affect how individual Internet sources or classes of sources (perhaps all WiMAX modems or all modems from Sierra Wireless) behave in the router.
Page 171 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement. Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.
Page 172: Cp Connect
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.2 CP Connect CP Connect is a licensable feature used to create a connection to a private network. CP Connect is currently in beta. CP Connect tunnels can be used to create a connection to a private network.
Page 173: Client Data Usage
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.3 Client Data Usage Client Data Usage displays upload and download traffic for each LAN client. Click Enable Client Data Usage Monitoring Service to begin tracking this information. This data is not retained between router reboots.
Page 174: Data Usage
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.4 Data Usage Data Usage Management & Alerts allows you to create and manage rules that help control the data usage of a modem. If you have a limited data plan or a price increase on your plan after a certain amount of usage, a Data Usage Rule can help you track these amounts.
Page 175 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Data Usage Rules 7.4.1 The Date Usage Rule display shows basic information for each rule you have created (including rules created with a template). The following information is displayed: • Rule Name •...
Page 176 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT keep all interfaces with these rules at a similar percentage utilization of data (e.g. 10%, 50%, 90%) as the cycle progresses, rather than quickly using 100% of a fast 1GB capped interface while using only a fraction of a slow 10GB capped interface, thus leaving the rest of the cycle with only the slow interface.
Page 177 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Template Configuration 7.4.2 Templates allow you to control multiple WAN devices with the same rule. Each WAN device that matches a template will automatically have its own rule created. For example, you can set a template rule for all mobile data modems that causes your router to send an alert after 1000 MB of usage in a month.
Page 178: Gre Tunnels
Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. The MBR1400 is enabled for either GRE or VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
Page 179 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 1: General Tunnel Name: Give the tunnel a name that uniquely identifies it. Tunnel Key: Enables an ID key for a GRE tunnel, which can be used as an identifier for mGRE (Multipoint GRE).
Page 180 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Tunnel Enabled: Select to activate the tunnel. Keep Alive: This feature monitors the status of a tunnel. This will more accurately determine if the tunnel is alive or not. Choose the length of time in seconds of the Rate for each check (Default: 10 seconds. Range: 2 – 3600 seconds) and the number of Retry attempts (Default: 3.
Page 181: L2Tp Tunnels
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.6 L2TP Tunnels NOTE: L2TP requires a feature license and hardware version 2.0. Go to System Settings → Feature Licenses to enable this feature. Layer 2 Tunneling Protocol (L2TP) tunnels can be used to create a connection between two private networks.
Page 182 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT General 7.6.1 • Tunnel Name – Enter a name to uniquely identify this tunnel. • LNS address – Enter the IP Address of the LNS (tunnel server) peer. • MTU – Set the maximum transmission unit (MTU) of the L2TP tunnel.
Page 183 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Authentication 7.6.2 • Remote Name – Authorization name specified by and to the remote system as its identity, sometimes a username or hostname. Leave blank to match any. • Local Name – Authorization name specified by and to the remote system as the local system identity;...
Page 184: Network Mobility
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.7 Network Mobility (NEMO) Go to System Settings → Feature Licenses to enable this feature. NOTE: NEMO requires a feature license and hardware version 2.0. Network Mobility (NEMO) is an Internet standards track protocol defined in 5177.
Page 185 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Home Agent IP Address, Home Agent Password, and Home Agent SPI – Your home agent will be defined by your NEMO service provider. Renew Registration – The NEMO network regularly re-registers with the home agent (e.g., every 30 seconds). Specify the number of seconds between each check-in.
Page 186: Onfiguration
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.8 NHRP Configuration Go to System Settings → Feature Licenses to enable this NOTE: NHRP Configuration requires a feature license and hardware version 2.0. feature. Next Hop Resolution Protocol is a protocol used to discover addresses of clients on Non-Broadcast Multiple Access (NBMA) networks.
Page 187 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Click Add to create a new NHRP interface. • Enabled: Enable or disable the interface. • Name: Give the interface a unique name that matches the mGRE (multipoint GRE) tunnel. Select from configured GRE tunnels or input manually.
Page 188: Openvpn Tunnels
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.9 OpenVPN Tunnels Go to System Settings → Feature Licenses to enable this NOTE: Using OpenVPN Tunnels requires a feature license and hardware version 2.0. feature. Once you have a valid feature license, click Add to create a new OpenVPN tunnel.
Page 189 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT General 7.9.1 • Tunnel Enabled – Click to enable/disable this tunnel. • Tunnel Name – Enter a name to uniquely identify this tunnel. • Tunnel Mode – Select which mode this tunnel endpoint is required to be.
Page 190 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Remote Hosts 7.9.2 Create a list of remote server connections to connect to. OpenVPN will try to connect to each host in the list. If a disconnect occurs from a given server, the next server will be tried in a round-robin fashion.
Page 191 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Certificate Settings 7.9.3 Generate or upload certificates for OpenVPN. If the Configuration Mode is set to Simple, you have the option to set the TLS-Auth Key. If the Configuration Mode is set to Advanced, set any of the following: •...
Page 192: Unnels
The MBR1400 uses IPsec (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnel. To set up a VPN tunnel with the MBR1400 on one end, there must be another device (usually a router) that also supports IPsec on the other end.
Page 193 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 1: General 7.10.1 Tunnel Name: Give the tunnel a name that uniquely identifies it. Anonymous Mode: Select to allow remote connections from any IP address. Responder Mode: When enabled, the router will not initiate negotiation with peers, otherwise start negotiations as soon as possible.
Page 194 Tunnel Enabled: Enabled or Disabled. MBR1200 Quick Connect: VPN tunnels in the MBR1400 have more choices than they do in the MBR1200, so it is more complex to configure. Check this box to simplify setup by streamlining your options.
Page 195 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT The condition will be of the following form: “ (When) is/is not (value) ” For example: “Type is not WiMAX” “Port is USB Port 1” If you intend to have multiple WAN devices connected simultaneously, with either Load Balancing or more likely WAN Affinity, then you may consider using the Invert WAN Binding option which will invert the expression to only establish the VPN tunnel when the specified WAN Binding devices are NOT connected.
Page 196 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 2-3: Local Remote 7.10.2 Networks Local Network: The Network Address and the Netmask define what local devices have access to or can be accessed from the VPN tunnel. The MBR1400 will...
Page 197 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 3: IKE Phase 1 7.10.3 IKE security has two phases, Phase 1 and Phase 2. You have the ability to distinctly configure each phase, but the default settings will be sufficient for most users.
Page 198 In Phase 1, only one DH group can be selected while using Aggressive exchange mode. By default, all the algorithms (encryption, hash, and DH groups) supported by the MBR1400 are checked, which means they are allowed for any given exchange. Deselect these options to limit which algorithms will be accepted. Be sure to check that the router (or similar device) at the other end of the tunnel has matching algorithms.
Page 199 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 4: IKE Phase 2 7.10.4 Perfect Forward Secrecy (PFS): Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1.
Page 200 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 5: Dead Peer Detection 7.10.5 Dead Peer Detection (DPD) defines how the router will detect when one end of the IPsec session loses connection while a policy is in use.
Page 201 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Page 6: Tunnel Summary 7.10.6 The final page of the tunnel configuration interface is a summary of the tunnel specifications. This is especially helpful for matching this information with the router (or similar device) at the other end of the tunnel.
Page 202 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Global VPN Settings 7.10.7 These settings apply to all configured VPN tunnels. Enable Certificate Support: Enabling Certificate Support will allow you to load a certificate for VPN to the router. Click the “Upload Certificate”...
Page 203 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Tunnel Connect Retry: Default: 30 seconds. Range: 10-255 seconds. 30 seconds will be sufficient in almost all cases. 7.10.8 VPN with NAT-T If one side of a planned VPN tunnel is behind a NAT (network address translation) firewall, the setup of your tunnel requires the following specifications: 1.
Page 204: Wifi As Wan / Bridge
NAT. The WiFi as WAN and WiFi Bridge features cannot both be used at the same time. When either WiFi as WAN or WiFi Bridge is enabled, the MBR1400 will find other WiFi networks that you can select and connect to.
Page 205 When in WiFi Bridge mode with a configured profile, a WiFi Bridge device will be added to the local network interfaces, providing a way to bridge two LANs over a WiFi connection. For example, two separate Cradlepoint routers linked through WiFi Bridge mode allows you to have one WiFi-connected network in two separated sections of a large office building.
Page 206 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Saved Profiles 7.11.2 This is a list of WiFi networks that have already been configured as WAN sources (or Bridge profiles). The router will attempt to connect to any of these access points using the password you have configured.
Page 207 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Click “Refresh” if a WiFi network to which you want to connect is invisible. Site Survey only operates on the band—2.4 GHz or 5.0 GHz—that is currently configured in the WiFi advanced settings.
Page 208 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Wireless Scan Settings 7.11.4 Scan Interval: How often WiFi as WAN scans the environment for updates. (Default: 60 seconds. Range: 5-3600 seconds.) Scan While Connected: Continue to scan for WiFi as WAN profile updates when connected. Each time a scan occurs the wireless communication of the router will be temporarily interrupted.
Page 209: Balancing
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 7.12 WAN Affinity and Load Balancing Load Balance Select the Load Balance Algorithm from the following dropdown options: • Round-Robin: Evenly distribute each session to the available WAN connections. • Rate: Distribute load based on the current upload and download rates. A WAN device's upload and download bandwidth values can be set in Internet →...
Page 210 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT DSCP (DiffServ): Differentiated Services Code Point is the successor to TOS (Type of Service). Use this field to select traffic based on the DSCP header in each IP packet. This field is sometimes set by latency sensitive equipment such as VoIP phones.
Page 211 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Any • ICMP • TCP • UDP • GRE • ESP • SCTP Source IP Address, Source Netmask, Destination IP Address, and Destination Netmask: Specify an IP address or range of IP addresses by combining an IP address with a netmask for either “source”...
Page 212 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT selection will create a dropdown list of options to complete a sentence with the following form: “When ____ is ____,” such as, “When Type is LTE.” You also have the option to replace “is” with “isn’t,” “starts with,” “ends with,” or “contains.”...
Page 213 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT you need to create data usage rules for each WAN device you will be load balancing. Make certain to select the "Use with Load Balancing" checkbox in the Data Usage rule editor.
Page 214: System Settings
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8 SYSTEM SETTINGS The System Settings tab has the following submenu items that provide access to tools for broad administrative control of the MBR1400: • Administration • Device Alerts • Enterprise Cloud Manager •...
Page 215: Administration
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.1 Administration Select the Administration submenu item in order to control any of the following functions: • Router Security • System Clock • Local Management • Remote Management • GPS • SMS •...
Page 216 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Advanced Security Mode When you enable Advanced Security Mode, you have three different options for the Authentication Mode: • Local Users • TACACS+ • RADIUS Local Users Create users with administrative privileges by inputting usernames and passwords in the Advanced User Management table.
Page 217 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • PAP • CHAP Server Address: This can be either an IP address in the form of "1.2.3.4", or a DNS name in form of "host.domain.com". Only lower case letters are allowed for a DNS name.
Page 218 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT System Clock 8.1.2 Enabling NTP will tell the router to get its system time from a remote server on the Internet. If you do not enable NTP then the router time will be based on when the router firmware was built, which is guaranteed to be wrong.
Page 219 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Local Management 8.1.3 Enable Internet Bounce Pages: Bounce pages show up in your web browser when the router is not connected to the Internet. They inform you that you are not connected and try to explain why.
Page 220 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Remote Management 8.1.4 Allows a user to enable incoming WAN pings or to change settings for the router from the Internet using the router's Internet address. Allow WAN pings: When enabled the functionality allows an external WAN client to ping the router.
Page 221 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.1.5 If you have an attached device with GPS support (SIM-based models with GPS support require the SIM be inserted), you can enable a graphical view of your router’s location which will appear in Status →...
Page 222 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT The following GPS spec is copied from http://aprs.gids.nl/nmea/ $GPGGA – Global Positioning System Fix Data 8.1.6 Name Example Data Description Sentence Identifier $GPGGA Global Positioning System Fix Data Time 170834 17:08:34 Z Latitude 4124.8963, N...
Page 223 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Global Positioning System Fix Data. Time, position, and fix related data for a GPS receiver. eg2. $--GGA,hhmmss.ss,llll.ll,a,yyyyy.yy,a,x,xx,x.x,x.x,M,x.x,M,x.x,xxxx hhmmss.ss = UTC of position llll.ll = latitude of position a = N or S yyyyy.yy = Longitude of position...
Page 224 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 11 = Geoidal separation (Diff. between WGS-84 earth ellipsoid and mean sea level. -=geoid is below WGS-84 ellipsoid) 12 = Meters (Units of geoidal separation) 13 = Age in seconds since last update from diff. reference station 14 = Diff.
Page 225 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.1.7 SMS (Short Message Service, or text messaging) requires a cellular modem with an active data plan. SMS is not designed to be a full remote management feature: SMS allows you to connect to the router for a few simple queries or commands with a text messaging service (e.g., from your phone).
Page 226 This list is blank by default, which means that the router will accept SMS messages from any phone number. Leaving this blank is unsecure, so Cradlepoint recommends that you add phone numbers to this list. Once any numbers are listed, only those numbers have the ability to connect to the router via SMS.
Page 227 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT How to Send an SMS Message You can send SMS messages to the router via phone or email. The key elements are: 1. the modem’s MDN 2. the SMS password (defined above) 3.
Page 228 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT SMS Commands Below is a list of supported SMS messages and the syntax format. Due to security concerns, the set of commands are intentionally limited to those that can configure a modem’s connection, but cannot lock the administrator out due to malicious modem changes.
Page 229 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT This command returns info about the router along with the port names for ports with attached modems. These port names may be helpful for using the commands that follow. Example of response: uptime: 0:35:13 FW: v4.4.0...
Page 230 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT apn: Set the APN on the modem (for SIM-based modems)* • Syntax: <password>,apn,<new APN>,[port,] • Example: 1234,apn,myapn@apn.com, //set APN of highest priority modem • Example: 1234,apn,myapn@apn.com,usb1, //set APN for modem in port usb1 userpass: Set the modem's authentication username and password* •...
Page 231 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Sample Debug Session The following is an example of a debug session to discover a modem’s APN is misconfigured and needs to be set. Figure out the state of the modems on the router: 1234,rstatus, Receive the modem’s status and settings:...
Page 232 If this occurs, disable this option. Log to attached USB stick: Only enable this option if instructed by a Cradlepoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.
Page 233 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Router Services 8.1.9 By default, router services (Enterprise Cloud Manager, NTP, etc.) connect to the router via the WAN. In some setups it makes sense to use the LAN instead. For example, if your router is used strictly for 3G/4G failover behind another router, you may not want to use 3G/4G data unnecessarily.
Page 234: Device Alerts
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.2 Device Alerts The Device Alerts submenu choice allows you to receive email notifications of specific system events. YOU MUST ENABLE AN SMTP EMAIL SERVER TO RECEIVE ALERTS. Alerts can be included for the following: •...
Page 235 SMTP Mail Server 8.2.1 Since the MBR1400 does not have its own email server, to receive alerts you must enable an SMTP server. This is possible through most email services (Gmail, Yahoo, etc.) Each SMTP server will have different specifications for setup, so you have to look those up separately. The following is an example using Gmail: •...
Page 236 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Advanced: Delivery Options Email Subject Prefix: This optional string is prefixed to the alert subject. It can be customized to help you identify alerts from specific routers. Retry Attempts: The number of attempts made to send an alert to the mail server. After the attempts are exhausted, the alert is discarded.
Page 237: Enterprise Cloud Manager
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.3 Enterprise Cloud Manager Cradlepoint ECM is a cloud-based management service for configuring, monitoring, and organizing your Cradlepoint routers. Key features include: • Group based configuration management • Health monitoring of router connectivity and data usage •...
Page 238 • Ethernet Communication Only: Select this to ensure that the WiPipe Central client will not start unless the WAN is Ethernet. • Registration URL: Register your router using the code provided by Cradlepoint when you purchase WiPipe Central. © 2013 CRADLEPOINT, INC.
Page 239: Feature Licenses
CRADLEPOINT 8.4 Feature Licenses Some Cradlepoint features may require a license. These features are disabled by default. To obtain a feature license, contact your Cradlepoint sales representative. Once you have obtained the feature license file, upload the file to enable the feature. A reboot is required after uploading a feature license file.
Page 240: Hotspot Services
Network Settings → WiFi / Local Networks. NOTE: Although any network can be a hotspot, the MBR1400 allows only one hotspot. Hotspot Mode: Choose from the following dropdown options: •...
Page 241 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Simple Mode Settings 8.5.1 Display: This section allows you to choose if a "Terms of Use" page will be given to the user connecting to the hotspot. • Internal Terms of Use. Fill in your own terms of use.
Page 242 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT RADIUS/UAM Settings 8.5.2 This section allows you to configure a RADIUS and Universal Access Method server. After the user accepts the terms, you can either let him/her continue to the URL they were trying to reach or you can force the user to go to a specified UAM Server or URL once before continuing on.
Page 243 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT UAM Settings: • Login URL: Assigned by UAM service. • Splash Page URL: Optional URL that can point to an external page that can provide specific information to the user prior to being authenticated.
Page 244: Serial Redirector
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.6 Serial Redirector A single USB Serial device can be used to establish a serial link to a host port on the router. The USB Serial device can also be accessed by running "serial" from an SSH session.
Page 245 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • 1200 • 1800 • 2400 • 4800 • 9600 • 19200 Byte Size: The number of bits in a byte. Select from: 5, 6, 7, and 8. Parity: Change this value to enable parity bit checking. Select from the following dropdown options: •...
Page 246: Onfiguration
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.7 SNMP Configuration SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management. You might use this instead of Enterprise if you want to remotely manage a set of routers that include both Cradlepoint and non- Cradlepoint products.
Page 247 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT SNMPv3: SNMP version 3 includes all prior features with security available. SNMPv3 is the most secure setting for SNMP. If you wish to configure traps then you must use SNMP version 3.
Page 248 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Trap community string: The trap notifications will be returned to the trap server using this SNMPv1 trap community name. Address for trap server: Enter the address of the host system that you want trap alerts sent to.
Page 249: System Control
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 8.8 System Control Restore to Factory Defaults: This changes all settings back to their default values. Reboot The Device: This causes the router to restart. Advanced: System Automatic Reboot and Ping Test Scheduled Reboot: This causes the router to restart at a user-determined time.
Page 250 This allows the administrator to load new firmware onto the router to add new features or fix defects. If you are happy with the operation of the router, you may not want to upgrade just because a new version is available. Check the firmware release notes (www.Cradlepoint.com/firmware) for information to decide if you should upgrade. Current Firmware Version: Shows the number of the current firmware and the date it was updated.
Page 251 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT System Config Save/Restore 8.9.2 Backup Current Settings: Click on “Save to disk” to save your current settings to a file on a computer. Restore Settings: Click on “Upload from file” to restore your previous settings from a file on a computer.
Page 252: System Software 9 Glossary
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 9 GLOSSARY 802.11 Alphanumeric A family of specifications for wireless local area networks Characters A-Z and 0-9. (WLANs) developed by a working group of the Institute of Antenna Electrical and Electronics Engineers (IEEE).
Page 253 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Application layer Bandwidth 7th Layer of the OSI model. Provides services to The maximum amount of bytes or bits per second that can applications to ensure that they can communicate properly be transmitted to and from a network device.
Page 254 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Broadcast Data Transmitting data in all directions at once. Information that has been translated into binary so that it can be processed or moved to another device. Browser Data Encryption Standard A program that allows you to access resources on the web and provides them to you graphically.
Page 255 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Decrypt Domain name To unscramble an encrypted message back into plain text. A name that is associated with an IP address. Default Download A predetermined value or setting that is used by a program...
Page 256 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT computer or by a router that supports Dynamic DNS, File server whenever the IP address changes. A computer on a network that stores data so that the other Dynamic IP address computers on the network can all access it.
Page 257 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Gain The amount an amplifier boosts the wireless signal. The action of data packets being transmitted from one router to another. Gateway Host A device that connects your network to another, like the Internet.
Page 258 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Intranet Internet Information Server. A Web and FTP server A private network. provided by Microsoft. Intrusion Detection A type of security that scans a network to detect attacks Internet Key Exchange. Used to ensure security for VPN coming from inside and outside of the network.
Page 259 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Kbyte Malware Kilobyte. Malware stands for 'malicious software'. It is any type of code or program cyber attackers use to perform malicious L2TP actions. Traditionally there have been different types of Layer 2 Tunneling Protocol.
Page 260 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Spyware: A type of malware that is designed to spy on the victim's activities, capturing sensitive data Maximum Transmission Unit. The largest packet that can such as the person's passwords, online shopping, be transmitted on a packet-based network like the Internet.
Page 261 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Network Layer Patch The third layer of the OSI model which handles the routing A patch is an update to a vulnerable program or system. A of traffic on a network.
Page 262 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Physical layer PPTP The first layer of the OSI model. Provides the hardware Point-to-Point Tunneling Protocol. Used for creating VPN means of transmitting electrical signals on a data carrier. tunnels over the Internet between two networks.
Page 263 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT RJ-11 The most commonly used connection method for Session Initiation Protocol. A standard protocol for telephones. initiating a user session that involves multimedia content, such as voice or chat. RJ-45 SMTP The most commonly used connection method for Ethernet.
Page 264 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Spear Phishing Originally written for UNIX, it is now available for other operating systems, including Windows. Spear phishing describes a type of phishing attack that targets specific victims. But instead of sending out an email to millions of email addresses, cyber attackers send Transmission Control Protocol.
Page 265 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Upgrade VoIP To install a more recent version of a software or firmware Voice over IP. Sending voice information over the Internet product. as opposed to the PSTN. Upload Vulnerability To send a request from one computer to another and have...
Page 266 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT Web browser WLAN A utility that allows you to view content and interact with all Wireless Local Area Network. of the information on the World Wide Web. Wi-Fi Protected Access. A Wi-Fi security enhancement Wired Equivalent Privacy.
Page 267: Appendix
SAFETY AND HAZARDS Under no circumstances should the MBR1400 device be used in any areas (a) where blasting is in progress, (b) where explosive atmospheres may be present, or (c) that are near (i) medical or life support equipment, or (ii) any equipment which may be susceptible to any form of radio interference. In such areas, the MBR1400 device MUST BE POWERED OFF AT ALL TIMES (since the device otherwise could transmit signals that might interfere with such equipment).
Page 268 Cradlepoint, Inc. warrants this product against defects in materials and workmanship to the original purchaser (or the first purchaser in the case of resale by an authorized distributor) for a period of one (1) year from the date of shipment. This warranty is limited to a repair or replacement of the product, at Cradlepoint’s discretion. Cradlepoint does not warrant that the operation of the device will meet your requirements or be error free.
Page 269 OTHER BINDING DOCUMENTS; TRADEMARKS; COPYRIGHT By activating or using your MBR1400 device, you agree to be bound by Cradlepoint’s Terms of Use, User License and other Legal Policies, all as posted at www.Cradlepoint.com/legal. Please read these documents carefully. Cradlepoint, the Cradlepoint logo, and MBR1400 are trademarks of Cradlepoint, Inc.
Page 270: Specifications
MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT 10.2 Specifications MODEL NAME OPERATING TEMPERATURE MBR1400 Mission-Critical Broadband Router C to 40 WAN / INTERNET 3G/4G via five modem ports (3 USB 2.0, 2 ExpressCard); one default Ethernet port (10/100/1000); additional LAN Ethernet ports re-configurable to WAN for redundancy Wi-Fi 802.11 a/b/g/n, four default Ethernet ports...
Page 271 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT • Create, manage, and terminate up to 20 IPsec DETAILS VPN sessions • 2.412 to 2.484 GHz Wi-Fi frequency band • Supported VPN implementations: Cradlepoint to operation Cradlepoint, Cradlepoint to Cisco/Linksys Routers, •...
Page 272 MBR1400 | USER MANUAL – Firmware version 5.0 CRADLEPOINT http://www.Cradlepoint.com/ Copyright © 2013 by Cradlepoint, Inc. All rights reserved. © 2013 CRADLEPOINT, INC. PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES PAGE 270...

Cradlepoint MBR1400 Product Manual

1 Introduction

2 Hardware Overview

3 Quick Start

4 Web Interface - Essentials

5 Status

6 Network Settings

7 Internet

8 System Settings

9 Glossary

10 Appendix

Quick Links

Related Manuals for Cradlepoint MBR1400

Summary of Contents for Cradlepoint MBR1400

Table of Contents