MBR1400 INTRODUCTION WHAT’S IN THE BOX • ARC MBR1400 with integrated business-class wireless WAN modem (no modem option available) • External 3G or 4G mobile broadband modem antennas (2) (SMA) w/ multiplexing for GPS (on some models), finger tighten only •...
WPA2 Enterprise Authentication for WiFi as WAN SYSTEM REQUIREMENTS • At least one Internet source: a Cradlepoint integrated 3G/4G modem with an active data plan, an Ethernet-based modem, or WiFi as WAN • Windows 7/8, Mac OS X, or Linux computer (with WiFi adapter – 802.11n recommended – for WiFi functionality) •...
Installation Guide, available as a PDF in the Resources section of antenna and router product pages. BUSINESS-GRADE MODEM SPECIFICATIONS ARC MBR1400 models include an integrated 4G LTE modem – specific model names include a specific modem (e.g., the ARC MBR1400LPE-VZ includes a Verizon LTE modem).
BASIC SETUP 1. Insert an activated SIM Your router requires an Internet source. Attach a Cradlepoint business-grade modem, insert one or more supported USB or ExpressCard modem(s), connect a cable or DSL modem to the blue Ethernet WAN port, or connect to an available WiFi source.
When you log in for the first time, you will be automatically directed to the FIRST TIME SETUP WIZARD, which will walk you through the steps to customize your Cradlepoint MBR1400. You have the ability to configure any of the following: •...
This name is referred to as the SSID (service set identifier). For security purposes, Cradlepoint highly recommends that you change this from the pre-configured name. Hidden: This shows whether the router broadcasts its SSID. It is somewhat harder for hackers to find and attack a router that is not broadcasting its SSID, which adds to the wireless security, but it is also more difficult for friendly users to attach to a WiFi network with a hidden SSID.
Page 27
NOTE: If you don’t know whether you should choose Personal or Enterprise, assume Personal since you need to know RADIUS authentication for Enterprise. In order to protect your network from hackers and unauthorized users, Cradlepoint highly recommends WPA2/ AES for security if your attached devices can support it. WEP and WPA/TKIP are obsolete and have been replaced by WPA/AES.
Page 35
Port – Select by the physical port on the router into which you are plugging the modem (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”) • Model – Set your rule according to the specific model of modem •...
IPsec (Internet Protocol security) to authenticate and encrypt packets exchanged across the tunnels. To set up a VPN tunnel with a Cradlepoint router on one end, there must be another device (usually a router) that also supports IPsec on the other end.
Page 41
DH Group. Phase 2 and phase 1 selections do not have to match. For the Hash selection an added value of SHA 256_128 (128-bit truncation) is avaliable. The original specification and the Cradlepoint default is 96-bit truncation, but RFC4868 requires 128-bit. A VPN to newer Cisco or Juniper devices will typically require 128-bit.
Page 42
Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private networks. Most Cradlepoint routers are enabled for both GRE and VPN tunnels. GRE tunnels are simpler to configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
Page 44
Port – Select by the physical port on the router into which you are plugging the modem (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”) • Model – Set your rule according to the specific model of modem •...
Click Finish to save this rule. DNS SERVERS DNS, or Domain Name System, is a naming system that translates between domain names (www.cradlepoint. com, for example) and Internet IP addresses (206.207.82.197). A DNS server acts as an Internet phone book, translating between names that make sense to people and the more complex numerical identifiers.
To enable WiFi as WAN, first select the WiFi radio: • WiFi Radio #1 (2.4 GHz) All Cradlepoint routers and some other routers use the same default IP address for the primary network: 192.168.0.1. If you attempt to set up WiFi as WAN and there is an “IP conflict,”...
Page 54
Port – Select by the physical port on the router that you are plugging the modem into (e.g., “USB Port 2”). • Manufacturer – Select by the modem manufacturer (e.g., “Cradlepoint Inc.”). • Model – Set your rule according to the specific model of modem.
FQDN addresses in the same identity. IP addresses are entered using CIDR notation, e.g. 1.2.3.4/32 and 0123:4567::CDEF/128. FQDN addresses are entered with at least one dot separating a top-level domain from a root zone, e.g. cradlepoint.com. To add a Host Address Identity, click Add. PORTS A port identity member can be entered as a single Start port number or as a port range by entering both a Start and End port number.
Page 59
The primary purpose for Cradlepoint’s NPT implementation is for failover/failback and load balancing setups. LAN clients can potentially retain the original IPv6 lease information and may experience a more seamless transition when WAN connectivity changes than if not utilizing NPT.
Page 62
HTTPS Port (Optional): The port for the proxy to forward HTTPS traffic to. HTTPS is not transparently intercepted and must have the LAN clients configured to use the Cradlepoint router as a proxy for HTTPS to work properly. MAC WEB FILTER RULES...
Page 69
WAN port does not work, it is unlikely that remote SSH access will work. FEATURE LICENSES Some Cradlepoint features may require a license. These features are disabled by default. To obtain a feature license, contact your Cradlepoint sales representative.
Page 71
White List – This list is blank by default, which means that the router will accept SMS messages from any phone number. Leaving this blank is unsecure, so Cradlepoint recommends that you add phone numbers to this list. Once any numbers are listed, only those numbers have the ability to connect to the router via SMS.
Page 72
If this occurs, disable this option. Log to attached USB stick: Only enable this option if instructed by a Cradlepoint support agent. This will write a very verbose log file to the root level of an attached USB stick. Please disable the feature before removing the USB stick, or you may lose some logging data.
ENTERPRISE CLOUD MANAGER Cradlepoint Enterprise Cloud Manager (ECM) is a cloud-based management service for configuring, monitoring, and organizing your Cradlepoint routers. Key features include the following: • Group based configuration management • Health monitoring of router connectivity and data usage •...
SNMP, or Simple Network Management Protocol, is an Internet standard protocol for remote management. You might use this instead of Enterprise Cloud Manager if you want to remotely manage a set of routers that include both Cradlepoint and non-Cradlepoint products. SNMP Configuration •...
If you are happy with the operation of the router, you may not want to upgrade just because a new version is available. Check the firmware release notes (cradlepoint.com/firmware) for information to decide if you should upgrade.
Type the Hostname or IP address of the computer you want to ping and click the ‘Ping’ button. Speed Test • Tests Against Cradlepoint Server - Up to ten speed tests are permitted against a Cradlepoint server. • WAN Device - The WAN Device that is selected will have the test run on it.
Page 80
Configuring Your APN and Modem Authentication If you are using a SIM-based modem (LTE/GSM/HSPA) with your Cradlepoint router you may need to configure the APN before it will properly connect to your carrier. Wireless carriers offer several APNs so check with your carrier to confirm the appropriate one to use.
Page 81
IP PASSTHROUGH SETUP IP passthrough takes a 3G/4G WAN data source (USB, ExpressCard, or Cradlepoint business-grade modem) and passes the IP address through to Ethernet LAN. Enabling IP passthrough will make many changes to your router configuration. Please review this list and ensure they are compatible with how the router will be used.
(i.e., contain errors), or totally lost. The IBR1100 device is not intended for, and Cradlepoint recommends the device not be used in any critical applications where failure to transmit or receive data could result in property damage or loss or personal injury of any kind (including death) to the user or to any other party.