CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 29

802.11 Mode.

(Default [Mixed 802.11 b/g/n]). Select Wi-Fi

operating mode (802.11b/g/n, 802.11b/g, 802.11n, 802.11b,

802.11g).

Enable Auto Channel Scan.

When the power is first turned on,

the MBR1200 will check the available wireless bands for the least-

used channel.

Wireless Channel.

(Default: randomly selected among channels

appropriate for 802.11 setting). Channel to transmit and receive.

Channels 1 through 11 are available for 802.11 b/g/n in the U.S.

Check if you employ channel planning in your building.

Transmission Rate.

(Default: Best). By default the fastest

possible transmission rate will be selected. You have the option of

selecting the speed if necessary. Channel rates are doubled for MCS when

Channel Width

is set to 40 MHz.

Channel Width.

The

Auto 20/40 MHz

option is usually best. The other options are available for special circumstances.

Visibility Status.

Whether or not the SSID will be visible on the LAN.

The Invisible option allows you to hide your wireless network. When this

option is set to Visible, your wireless network name is broadcast to anyone within the range of your signal. If you're not using encryption then they

could connect to your network. When Invisible mode is enabled, you must enter the Wireless Network Name (SSID) on the client manually to

connect to the network.

4.6.2

Wireless (WI-FI) Security Mode

Unless one of these encryption modes is selected, wireless

transmissions to and from your wireless network can be easily

intercepted and interpreted by unauthorized users.

Security Mode.

(Default:WPA-Personal). The MBR1200 supports

three wireless security modes including:

WEP

,

WPA-Personal

,

and

WPA-Enterprise

. WEP is the original wireless encryption

standard, and is not considered as secure as WPA. WEP should

only be used if encryption is needed, but WPA encryption is not

supported by your client devices.

WPA provides a higher level of security, and is the recommended security setting for most users. WPA-Personal does not require an

authentication server. The WPA-Enterprise option requires an external RADIUS server for authentication.

(continued)

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 30

4.6.3

WEP

A method of encrypting data for wireless communication intended to provide

the same level of privacy as a wired network. WEP is not as secure as WPA

encryption. To gain access to a WEP network, you must know the key.

WEP Key Length.

The key is a string of characters that you create. When

using WEP, you must determine the level of encryption. The type of

encryption determines the key length. 128-bit encryption requires a longer key

than 64- bit encryption. Keys are defined by entering in a string in HEX

(hexadecimal - using characters 0-9, A-F) or ASCII (American Standard Code

for Information Interchange - alphanumeric characters) format. ASCII format

is provided so you can enter a string that is easier to remember. The ASCII

string is converted to HEX for use over the network.

WEP Key 1, 2, 3 and 4.

Four keys can be defined so that you can change

keys easily.

Default WEP Key.

A default key is selected for use on the network.

Authentication.

Open Key authentication involves supplying the correct SSID

to connect to the Access Point, with no key authentication performed. Shared

Key authentication involves the Access Point sending the client device a

challenge text packet that the client must then encrypt with the correct WEP

key and return to the Access Point. If the client has the wrong key or no key,

authentication fails and client will not connect to the Access Point.

Example:



64-bit hexadecimal keys are exactly 10 characters in length.

(

12345678FA

is a valid string of 10 characters for 64-bit encryption.)



128-bit hexadecimal keys are exactly 26 characters in length.

(

12345678902551234567890255

is a valid string of 26 characters for

128-bit encryption.)



64-bit ASCII keys are up to 5 characters in length (

DMODE

is a valid string of 5 characters for 64-bit encryption.)



128-bit ASCII keys are up to 13 characters in length (

2002HALOSWIN1

is a valid string of 13 characters for 128-bit encryption.)

NOTE: if you enter fewer characters in the WEP key than required, the remainder of the key is automatically padded with zeros.

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 31

4.6.4

WPA (Personal)

WPA-Personal is one variant of Wi-Fi Protected Access (WPA)

–

security standards published by the Wi-Fi Alliance. The WPA

Mode further refines the variant that the router should employ.

The WPA-Personal option uses Wi-Fi Protected Access with a

Pre-Shared Key (PSK).

WPA Mode.

WPA is the older standard; select this option if the

clients that will be used with the router only support the older

standard. WPA2 is the newer implementation of the stronger

IEEE 802.11i security standard. With the

WPA2

option, the

router tries WPA2 first, but falls back to WPA if the client only

supports WPA. With the

WPA2 Only

option, the router

associates only with clients that also support WPA2 security.

Cipher Type.

The encryption algorithm used to secure the data

communication.

TKIP

(Temporal Key

Integrity

Protocol)

provides per-packet key generation and is based on WEP.

AES

(Advanced Encryption Standard) is a very secure block based

encryption. With the

TKIP and AES

option, the router

negotiates the cipher type with the client, and uses AES when

available.

Group Key Update Interval.

The amount of time before the

group key used for broadcast and multicast data is changed.

Pre-Shared Key.

The key is entered as a pass-phrase of up to

63 alphanumeric characters in ASCII (American Standard Code

for Information Interchange) format at both ends of the wireless

connection. It cannot be shorter than eight characters, although for proper security it needs to be of ample length and should not be a commonly

known phrase. This phrase is used to generate session keys that are unique for each wireless client.

NOTE: Be sure to write down the Pre-Shared Key and keep it in a safe place.

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 32

4.6.5

WPA (Enterprise)

The WPA-Enterprise is one variant of Wi-Fi Protected Access (WPA)

–

security

standards published by the Wi-Fi Alliance. The WPA Mode further refines the

variant that the router should employ.

The WPA-Enterprise option works with a RADIUS Server to authenticate

wireless clients. Wireless clients should have established the necessary

credentials before attempting to authenticate to the Server through this

Gateway. Furthermore, it may be necessary to configure the RADIUS Server to

allow this gateway to authenticate users.

WPA Mode.

WPA is the older standard; select this option if the clients that will

be used with the router only support the older standard. WPA2 is the newer

implementation of the stronger IEEE 802.11i security standard. With the

WPA2

option, the router tries WPA2 first, but falls back to WPA if the client only

supports WPA. With the

WPA2 Only

option, the router associates only with

clients that also support WPA2 security.

Cipher Type.

The encryption algorithm used to secure the data communication.

TKIP

(Temporal Key Integrity Protocol) provides per-packet key generation and

is based on WEP.

AES

(Advanced Encryption Standard) is a very secure block

based encryption. With the

TKIP and AES

option, the router negotiates the

cipher type with the client, and uses AES when available.

Group Key Update Interval.

The amount of time before the group key used for

broadcast and multicast data is changed.

4.6.6

EAD (802.1X)

Authentication Timeout.

Amount of time before a client will be required to re-

authenticate.

RADIUS Server IP Address.

The IP address of the authentication server.

RADIUS Server Port.

The port number used to connect to the authentication

server.

(continued)

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 33

RADIUS Server Shared Secret.

A pass-phrase that must match with the authentication server.

MAC Address Authentication.

If this check box is selected, the user must connect from the same computer whenever logging into the wireless

network.

Clicking on the

<<Advanced

button displays additional

menu features.

Optional Backup RADIUS Server.

This option enables

configuration of an optional second RADIUS server. A

second RADIUS server can be used as backup for the

primary RADIUS server. The second RADIUS server is

consulted only when the primary server is not available

or not responding.

The fields for

Second RADIUS Server IP Address

,

RADIUS Server Port

,

Second RADIUS server Shared

Secret

, and

Second MAC Address Authentication

provide the corresponding parameters for the second

RADIUS Server.

Second MAC Address Authentication.

If this check

box is selected, the user must connect from the same

computer whenever logging into the wireless network.

NOTE: Be sure to write down the Radius server Shared

Secret and keep it in a safe place.