Cradlepoint MBR1400 User Manual

Arc series router

Hide thumbs Also See for MBR1400:

Product manual (272 pages)

Setup manual (29 pages)

Setup manual (24 pages)

Table Of Contents

Table of Contents

Quick Links

Summary of Contents for Cradlepoint MBR1400

Page 2: Table Of Contents
BASIC SETUP ACCESSING THE ADMINISTRATION PAGES FIRST TIME SETUP WIZARD USING ENTERPRISE CLOUD MANAGER ADMINISTRATION PAGES QUICK LINKS DASHBOARD CONNECTION MANAGER WAN INTERFACE PROFILES & PRIORITY STATUS INTERNET CLIENT LIST TUNNELS FIREWALL ROUTING ETHERNET ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 3 CLIENT DATA USAGE SECURITY IDENTITIES ZONE FIREWALL CONTENT FILTERING CERTIFICATE MANAGEMENT SYSTEM ADMINISTRATION ENTERPRISE CLOUD MANAGER DEVICE ALERTS SERIAL REDIRECTOR GPIO CONNECTOR SNMP CONFIGURATION SYSTEM CONTROL DIAGNOSTICS SETUP WIZARDS APPENDIX SAFETY, REGULATORY, AND WARRANTY GUIDE ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 4: Introduction
MBR1400 INTRODUCTION WHAT’S IN THE BOX • ARC MBR1400 with integrated business-class wireless WAN modem (no modem option available) • External 3G or 4G mobile broadband modem antennas (2) (SMA) w/ multiplexing for GPS (on some models), finger tighten only •...
Page 5: System Requirements
WPA2 Enterprise Authentication for WiFi as WAN SYSTEM REQUIREMENTS • At least one Internet source: a Cradlepoint integrated 3G/4G modem with an active data plan, an Ethernet-based modem, or WiFi as WAN • Windows 7/8, Mac OS X, or Linux computer (with WiFi adapter – 802.11n recommended – for WiFi functionality) •...
Page 6: Accessories
Installation Guide, available as a PDF in the Resources section of antenna and router product pages. BUSINESS-GRADE MODEM SPECIFICATIONS ARC MBR1400 models include an integrated 4G LTE modem – specific model names include a specific modem (e.g., the ARC MBR1400LPE-VZ includes a Verizon LTE modem).
Page 7 LTE: Band 2 (1900 MHz), Band 4 (AWS), Band 5 (850 MHz), Band 13 (700 MHz), Band 17 (700 MHz), Band 25 (1900 MHz) • HSPA+/UMTS: (850/900/1900/2100 MHz, AWS) • GSM/GPRS/EDGE: (850/900/1800/1900 MHz) ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 8: Hardware
Antennas: two SMA male (plug), 1 dBi (LTE), 2 dBi (Cellular/PCS) gain; finger tighten only (maximum torque spec is 7 kgf-cm) • GPS: active GPS support • Industry Standards & Certs: FCC, IC, PTCRB • Modem Part Number: MC200LE-GN • SIM: two 2FF SIM slots HARDWARE ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 10: Support And Warranty
One-year limited hardware warranty available in the US and Canada; two-year limited hardware warranty for integrated EU products when purchased from an authorized EU distributor – extend warranty to 2, 3, or 5 years. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385...
Page 11: Quick Start
BASIC SETUP 1. Insert an activated SIM Your router requires an Internet source. Attach a Cradlepoint business-grade modem, insert one or more supported USB or ExpressCard modem(s), connect a cable or DSL modem to the blue Ethernet WAN port, or connect to an available WiFi source.
Page 12: First Time Setup Wizard
When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your Cradlepoint MBR1400. You have the ability to configure any of the following: •...
Page 13: Quick Links
You may return to the Dashboard at any time by clicking on DASHBOARD from the left menu or by clicking on the Cradlepoint logo at the top-left of the screen. ©2015 Cradlepoint. All Rights Reserved.
Page 14: Connection Manager
WAN interfaces to use for data transfer. Turning off Load Balance for an active WAN interface may require the user to restart any current browsing session. From WAN Management, select the Load Balance Algorithm from the following dropdown options: ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 15 (The first two requests will be directed at the Primary DNS server and the second two requests will be directed at the Secondary DNS server.) If still no data is received, the ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385...
Page 16 For Monthly and Weekly you are able to specify the day to start each cycle (e.g. the 1st or Tuesday, respectively). Usage Cap: Enter a Cap amount in Megabytes. 1024 Megabyte is equal to 1 Gigabyte. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385...
Page 17 Custom Alert Percentages: Example: “50,80,90,110” (values can exceed 100%) (Triggers alerts when 50, 80, 90, 110% of usage cap is used) NOTE: To enable data usage, check Data Usage Enabled from WAN Management. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 18: Status
Routing Ethernet System Logs INTERNET CONNECTIONS Select your device to reveal detailed information about the following device properties: • Summary • Modem • Cellular Network • General Information • IPv4 Information • Statistics ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 21 Last Traffic To reset information, click Reset Statistics. STATISTICS Statistics can be gathered at variable Sample Rate and Sample Size for the following areas: • Wireless Device • Data Usage • Failover/Failback/Load Balance ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 22 User Manual MBR1400 Displays packets and bytes transmitted and received by your Quality of Service (QoS) queues. To enable and configure QoS, go to NETWORKING > QoS. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 23: Client List
Tunnels. To add and configure IPSec VPN Tunnels, go to NETWORKING > Tunnels > IPSec VPN. OPEN VPN Displays status of your OpenVPN Tunnels. To add and configure OpenVPN Tunnels, go to NETWORKING > Tunnels > OpenVPN. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 24: Firewall
Displays information about your Firewall Connection Tracking States. To configure your firewall, select SECURITY from the left navigation. ROUTING Displays information about your System, GRE, and NEMO Routes. To configure these routes, go to NETWORKING > Tunnels. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 25: Ethernet
Displays GPS location and status. To enable and configure GPS, go to SYSTEM > Administration > GPS. SYSTEM LOGS Displays System Log information. To configure System Logging, go to SYSTEM > Administration > System Logging. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 26: Networking
This name is referred to as the SSID (service set identifier). For security purposes, Cradlepoint highly recommends that you change this from the pre-configured name. Hidden: This shows whether the router broadcasts its SSID. It is somewhat harder for hackers to find and attack a router that is not broadcasting its SSID, which adds to the wireless security, but it is also more difficult for friendly users to attach to a WiFi network with a hidden SSID.
Page 27 NOTE: If you don’t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, Cradlepoint highly recommends WPA2/ AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
Page 28 Wireless Mode: Select the WiFi clients with which the router will be compatible. Greater compatibility is a tradeoff with better performance. For greatest compatibility with all WiFi devices, select 802.11 a/b/g/n or 802.11 a/b/g/n/ac. 2.4 GHz options 5 GHz options ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 29 Link Speed: Default setting is Auto. The Auto setting is preferred in most cases. • Auto • 10Mbps - Half Duplex • 10Mbps - Full Duplex • 100Mbps - Half Duplex • 100Mbps - Full Duplex • 1000Mbps - Full Duplex ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 30 • Attached Interfaces (Ethernet ports, WiFi, VLAN) Click Add to configure a new network, Remove to delete a network, or select an existing network and click Edit to view configuration options. General Settings ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 31 Available Interfaces and Selected Interfaces. Access Control UPnP Gateway: Select the UPnP (Universal Plug and Play) option if you want to enable the UPnP Gateway service for computers on this network. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 32 IPv6 DHCP Lease Time: Specifies how long DHCP enabled computers will wait before requesting a new DHCP lease. Schedule Enable Schedule Service: Enable the interface scheduler. A schedule allows an interface to be enabled or disabled during specific hours of a day. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 33 RADIUS server’s interface. NOTE: If you don’t know the MAC address for the RADIUS server, enter 00:00:00:00:00:00, and the service will try to find the MAC address from the given IP address. Port Password ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 34 The time/date that is logged is the time of the first connection. The page may need to be refreshed to show the most recent log entries. Double-clicking on entries from this list will add them to the Ignored MAC Addresses list. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 35 Port – Select by the physical port on the router into which you are plugging the modem (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”) • Model – Set your rule according to the specific model of modem •...
Page 36 Then go to the Keep Alive page. Under Failover Tunnel select the other tunnel you have created. 3. Open the editor for the failover tunnel. Make sure Tunnel Enabled is not selected. On the Keep Alive page, set the Failback Tunnel to your primary tunnel. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 37: Vlan Interfaces
IPsec (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnels. To set up a VPN tunnel with a Cradlepoint router on one end, there must be another device (usually a router) that also supports IPsec on the other end.
Page 38 WAN becomes available. Select On Demand if you want the tunnel to initiate a connection if and only if there is data traffic bound for the remote side of the tunnel. Tunnel Enabled: Enabled or Disabled. Add/Edit Tunnel – Local Gateway ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 39 Add/Edit Tunnel – Remote Gateway Gateway: This value can be any of the following: an IPv4 address, an IPv6 address, or a fully qualified name in ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 40 Encryption, Hash, and DH Groups Each IKE exchange uses one encryption algorithm, one hash function, and one DH group to make a secure exchange. Encryption: Used to encrypt messages sent and received by IPsec. • AES 128 ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 41 DH Group. Phase 2 and phase 1 selections do not have to match. For the Hash selection an added value of SHA 256_128 (128-bit truncation) is avaliable. The original specification and the Cradlepoint default is 96-bit truncation, but RFC4868 requires 128-bit. A VPN to newer Cisco or Juniper devices will typically require 128-bit.
Page 42 Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. Most Cradlepoint routers are enabled for both GRE and VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
Page 43 WAN device(s) are available and connected. An example use case is when there is a router with both a primary and failover WAN device and the tunnel should only be used when the system has failed over to the backup connection. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 44 Port – Select by the physical port on the router into which you are plugging the modem (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”) • Model – Set your rule according to the specific model of modem •...
Page 45: Routing
Gateway or IPv6 Gateway: Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: LAN or WAN. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 46: Qos
ISP. You can test your connection speeds with a service such as speedtest.net. Queues Queues and rules work in conjunction to prioritize bandwidth for the most critical operations. Multiple rules ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 47 Also, when spare bandwidth is available it is offered to higher priority queues first. Move the slider to select from the following options (Default: Normal): • Lowest • Lower • Below Normal • Normal • Above Normal ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 48 This can be useful for quickly changing configurations. If both upload QoS and download QoS are disabled then the rule will disable automatically. Rule Name: Create a name for the rule that is meaningful to you. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 49: Dns Servers
Click Finish to save this rule. DNS SERVERS DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint. com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers.
Page 50 Enable Dynamic DNS: Enable this option only if you have purchased your own domain name and registered with a Dynamic DNS service provider. • Server Type. Select a dynamic DNS service provider from the dropdown list: ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 51 IP address, go to NETWORKING > Local Networks > DHCP Server and reserve the IP address for the device by selecting the device in the Active Leases list and clicking Reserve. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385...
Page 52: Wifi As Wan
To enable WiFi as WAN, first select the WiFi radio: • WiFi Radio #1 (2.4 GHz) All Cradlepoint routers and some other routers use the same default IP address for the primary network: 192.168.0.1. If you attempt to set up WiFi as WAN and there is an “IP conflict,”...
Page 53: Wan Affinity
DSCP Negate: When checked this rule will match on any packet that does NOT match the DSCP field. Protocol: Select from the dropdown list to specify the protocol for a particular data use. Otherwise, leave “Any” selected. • • ICMP • • • • ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 54 Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”). • Model – Set your rule according to the specific model of modem.
Page 55: Client Data Usage
The names that are shown are received during a DHCP exchange. If a client disconnects and reconnects with a new IP address there will be an additional entry in this list. Pressing Reset Statistics will restart all counters at 0. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 56: Security
FQDN addresses in the same identity. IP addresses are entered using CIDR notation, e.g. 1.2.3.4/32 and 0123:4567::CDEF/128. FQDN addresses are entered with at least one dot separating a top-level domain from a root zone, e.g. cradlepoint.com. To add a Host Address Identity, click Add. PORTS A port identity member can be entered as a single Start port number or as a port range by entering both a Start and End port number.
Page 57 Protocols: Select protocols (such as TCP, UDP, GRE, etc) from the defined list or enter a numeric code for other protocols to match traffic of that protocol. • Application Sets: Select the defined application set or sets to match traffic related to those sets. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 58 DMZ IP address. Typical uses involve running a public web server, supporting older games, or sharing files. NOTE: As with port forwarding, caution should be used when enabling the DMZ feature as it can threaten the security of your network. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 59 The primary purpose for Cradlepoint’s NPT implementation is for failover/failback and load balancing setups. LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition when WAN connectivity changes than if not utilizing NPT.
Page 60 (first if a range) on the remote computer to receive proxy traffic. • Protocol: Select the IP protocol traffic to proxy from the following options in the dropdown menu: • • • TCP & UDP Click Save to save your completed port proxying rule. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 61: Content Filtering
Name Indication). If SNI is unavailable then the original destination IP address is used for filtering. No decoding of the SSL/TLS session is done. Upstream Proxy Settings Enabled: Select whether the use of an Upstream Proxy server is enabled. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 62 HTTPS Port (Optional): The port for the proxy to forward HTTPS traffic to. HTTPS is not transparently intercepted and must have the LAN clients configured to use the Cradlepoint router as a proxy for HTTPS to work properly. MAC WEB FILTER RULES...
Page 64 Licenses to enable this feature. Enter your Zscaler account information to enable these settings. Input local network information (Network Address and Netmask) to assign your Zscaler implementation to one or more local network(s). ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 65: Certificate Management
• Organization Information: The organization to which the certificate issuer belongs • Common Name: Name used to match authentication credentials To add a local certificate, click Add. Remove a local certificate by selecting the certificate and clicking the Remove button. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 66 To import, choose a certificate file in PKCS #12 format from your computer or local device and upload it to the router. Give the certificate a name that is meaningful to you. PKCS #12 files are protected by a passphrase – you must know this key to import the file. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 67 PKCS #12 format. When you export this file, you must create a passphrase to protect it. This key is required for future use of the file. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 68: System
Additionally, encrypted connections can be required for an added level of security. • Require HTTPS Connection – Requiring a secure (https) connection is recommended • HTTP Port: Default – 8080. This option is disabled if you select “Require Secure Connection” ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 69 WAN port does not work, it is unlikely that remote SSH access will work. FEATURE LICENSES Some Cradlepoint features may require a license. These features are disabled by default. To obtain a feature license, contact your Cradlepoint sales representative.
Page 70 Enable GPS server on WAN - Enables a server on the WAN side of the firewall which will periodically send GPS sentences to TCP connected clients. • Port - Choose a port between 1 and 65535. Send to Server(s) ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 71 White List – This list is blank by default, which means that the router will accept SMS messages from any phone number. Leaving this blank is unsecure, so Cradlepoint recommends that you add phone numbers to this list. Once any numbers are listed, only those numbers have the ability to connect to the router via SMS.
Page 72 If this occurs, disable this option. Log to attached USB stick: Only enable this option if instructed by a Cradlepoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.
Page 73: Enterprise Cloud Manager
ENTERPRISE CLOUD MANAGER Cradlepoint Enterprise Cloud Manager (ECM) is a cloud-based management service for configuring, monitoring, and organizing your Cradlepoint routers. Key features include the following: • Group based configuration management • Health monitoring of router connectivity and data usage •...
Page 74 To Address: Your email address Once you have filled in the information for the SMTP server, click on the “Verify SMTP Settings” button. You should receive a test email at your account. Delivery Options (Advanced) ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 75: Serial Redirector
Modem Connected: In this mode the output pin is logic low until the modem has connected to the tower. If the connection drops, this output is set low until the connection is restored. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 76: Snmp Configuration
SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management. You might use this instead of Enterprise Cloud Manager if you want to remotely manage a set of routers that include both Cradlepoint and non-Cradlepoint products. SNMP Configuration •...
Page 77: System Control
If you are happy with the operation of the router, you may not want to upgrade just because a new version is available. Check the firmware release notes (cradlepoint.com/firmware) for information to decide if you should upgrade.
Page 78 Device Console: Access router’s command line interface (CLI) console. Scheduled Reboot • Scheduled Reboot: Router will restart at user-specified time. • Enable Watchdog Reboot: Router will restart when it determines an unrecoverable error condition has occurred. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385 cradlepoint.com...
Page 79: Diagnostics
Type the Hostname or IP address of the computer you want to ping and click the ‘Ping’ button. Speed Test • Tests Against Cradlepoint Server - Up to ten speed tests are permitted against a Cradlepoint server. • WAN Device - The WAN Device that is selected will have the test run on it.
Page 80 Configuring Your APN and Modem Authentication If you are using a SIM-based modem (LTE/GSM/HSPA) with your Cradlepoint router you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs so check with your carrier to confirm the appropriate one to use.
Page 81 IP PASSTHROUGH SETUP IP passthrough takes a 3G/4G WAN data source (USB, ExpressCard, or Cradlepoint business-grade modem) and passes the IP address through to Ethernet LAN. Enabling IP passthrough will make many changes to your router configuration. Please review this list and ensure they are compatible with how the router will be used.
Page 82: Appendix
This device has been designed to operate with WiFi antennas having a maximum gain of 5 dBi. Antennas having a higher gain are strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms. ©2015 Cradlepoint. All Rights Reserved. +1.855.813.3385...
Page 83: Safety And Hazards
(i.e., contain errors), or totally lost. The IBR1100 device is not intended for, and Cradlepoint recommends the device not be used in any critical applications where failure to transmit or receive data could result in property damage or loss or personal injury of any kind (including death) to the user or to any other party.
Page 84: Warranty Information
OTHER BINDING DOCUMENTS; TRADEMARKS; COPYRIGHT By activating or using your IBR600 or IBR650 device, you agree to be bound by Cradlepoint’s Terms of Use, User License and other applicable Legal Policies. © 2015 Cradlepoint, Inc. All rights reserved. Cradlepoint is not responsible for omissions or errors in typography or photography.

Cradlepoint MBR1400 User Manual

Introduction

Quick Start

Administration Pages

Appendix

Quick Links

Related Manuals for Cradlepoint MBR1400

Summary of Contents for Cradlepoint MBR1400

Table of Contents