CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 49

5.5.2

Inbound Filter Rules List

This section lists the current Inbound Filter rules. Click the

Enable

check box at the left to directly activate or de-activate the entry. An

entry can be changed by clicking the

Edit

icon or can be deleted by

clicking the

Delete

Inbound Filters Rule List section icon. When you

click the

Edit

icon, the item is highlighted, and the

Inbound Filter Rules

section is activated for editing.

After you‟ve completed all modifications or deletion

s, you must click the

Save Settings

button at the top of the page to save your changes. The

router must reboot before new settings will take effect. You will be prompted to

Reboot the Device

or

Continue

. If you need to make additional

settings changes, click

Continue

. If you are finished with all configuration settings, click the

Reboot the Device

button.

5.5.3

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a connection that originated from inside the

router or which corresponds to a

Virtual Server

,

Gaming

, or

Special Application Rule

is ALLOWED by default. When rules are configured, the

router compares incoming data packets against the rules in the list. It is very important to understand that the router examines each rule one by

one in the order that they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED. Once a match

has been made, no further rules will be examined for that packet. If no rules match the data packet, it is ALLOWED. This means that to allow only

a specific subset of traffic usually requires more than one rule to be entered.

Example: You have configured a game server, using the

Advanced

→

Gaming

sub-menu, to play HALO: Combat Evolved with some friends. You

would like to limit the access to your network and server to specific times of the day and only to your friends.

Next you would define a schedule on the

Tools

→

Schedule

sub-menu, called Game time, which specifies a schedule of Friday and Saturday

between 7 PM and 11 PM. This example will assume all of your friends use the same service provider and have IP addresses 67.150.220.117,

67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of these addresses individually or you may

just decide that using an IP range that covers all of them is sufficient for your needs.

The first rule is to configure a

DENY

rule that will catch all of the traffic that arrives on these ports but does not match data from the sources you

want to have access to your network. It is important to enter the

DENY

rule first since all subsequent rules will be added higher in the list and will

be checked first. Notice that it covers all

Source IP Address

,

Source Ports

, and

Times (Always)

, but is specifically tied to the Public Ports

defined in the

Game Rule List

.

This is because you do not want to accidentally block traffic for other applications. It is a good idea to turn on the

log for this rule so that you can check in the log for anything that is filtered inappropriately. Next configure the

ALLOW

rules.

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 50

5.6 MAC Address Filter

Use the MAC (Media Access Control) Address filter sub-menu to control network

access based on the MAC Address of the network adapter. A MAC address is a

unique ID assigned by the manufacturer of a networking device. This feature can

be configured to ALLOW or DENY network/Internet access.

5.6.1

MAC Filtering Setup

Configure MAC Filtering Below.

(Default: MAC Filtering Off). When MAC Fil-

tering ON, depending on the mode selected, computers are granted or denied

network access based on their MAC address.



Turn MAC Filtering ON and ALLOW computers listed to access the

network. When

ALLOW

is selected; only computers with MAC

addresses listed in the MAC Address List are granted network access.



Turn MAC Filtering ON and DENY computers listed to access the

network. When

DENY

is selected, any computer with a MAC address

listed in the MAC Address List will not be granted network access.

Filter Wired Clients.

When check box is selected, MAC Filtering is applied to

wired clients connected to the MBR1200 in addition to wireless clients.

5.6.2

ADD MAC Filtering Rule

Enable.

MAC address entries are activated or deactivated with this check box.

MAC Address.

Enter the MAC address of the desired computer or connect to

the router from the desired computer and click

Copy Your PC’s MAC Address

button.

Computer Name.

Enter the name of the device or computer to which this MAC Address Filter Rule applies.

Save.

Record the changes you have made.

Clear.

Re-initialize this area of the screen, discarding any changes you have made.

When you are done editing the settings, you must click the

Save Settings

button at the top of the page to make the changes effective and

permanent.

(continued)

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 51

5.6.3

MAC Filtering Rules

This section lists the network devices that are under control of MAC

filtering. Click the

Enable

check box at the left to directly activate or

deactivate the entry. An entry can be changed by clicking the

Edit

icon

or can be deleted MAC Filtering Rules section by clicking the

Delete

icon. When you click the

Edit

icon, the item is highlighted, and the

MAC Filtering Rules

section is activated for editing.

After you‟ve completed all modifications or deletions, you must click the

Save Settings

button at the top of the page to save your changes. The

router must reboot before new settings will take effect. You will be prompted to

Reboot the Device

or

Continue

. If you need to make additional

settings changes, click

Continue

. If you are finished with all configuration settings, click the

Reboot the Device

button.

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 52

5.7 Network

The Network configuration is used to enable several special settings for the

router. UPnP, WAN Ping response, WAN Port Speed, Multicast Streams, and

PPoE Pass Through can be enabled or disabled.

5.7.1

UPNP

Enable UPnP.

Enables UPnP (Universal Plug and Play) functionality.

5.7.2

WAN Ping

Pinging public WAN IP addresses is a common method used by hackers to test

whether your WAN IP address is valid.

Enable WAN Ping Respond.

If you leave this option unchecked, you are caus-

ing the router to ignore ping commands for the public WAN IP address of the

router.

WAN Ping Inbound Filter.

Select a filter that controls which WAN computers

can use the ping feature. If you do not see the filter you need in the list of filters,

go to the

Advanced

→

Inbound Filter

sub-menu and create a new filter.

Details.

This filter designates certain IP addresses from other computers or

devices so that these IP addresses are either specifically allowed to com-

municate to the router, or are specifically blocked. This limits the range of IPs

that can connect to the router, or block ones that are known to be from an

attacking network.

5.7.3

WAN Port Speed

WAN Port Speed.

Normally, this is set to

Auto

. If you have trouble connecting to the WAN, try the other settings.

5.7.4

Multicast Streams

The router uses the IGMP protocol to support efficient multicasting --transmission of identical content, such as multimedia, from a source to a

number of recipients.

Enable Multicast Streams.

This option must be enabled if any applications on the LAN participate in a multicast group. If you have a multimedia

LAN application that is not receiving content as expected, try enabling this option.

CRADLEPOINT

MBR1200 | USER MANUAL Firmware ver. 1.6.12

© 2010

CRADLEPOINT, INC.

PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 53

5.8 Routing

Use the Routing sub-menu to define fixed routes.

5.8.1

Add Route

Adds a new route to the IP routing table or edits an existing route.

Enable.

Specifies whether the entry will be enabled or disabled.

Destination IP.

The IP address or network that the packets will be

attempting to access. NOTE: 192.168.1.0 with a Netmask of 255.255.255.0

means traffic will be routed to the entire 192.168.1.x network.

Netmask.

Used to specify which portion of the

Destination IP

signifies the

network trying to be accessed and which part signifies the host that the

packets will be routed to. NOTE: 255.255.255.255 is used to signify only the

host that was entered in the Destination IP field.

Gateway.

Specifies the next hop to be taken if this route is used. A gateway

of 0.0.0.0 implies there is no next hop, and the IP address matched is directly

connected to the router on the interface specified:

LAN

or

WAN

.

Metric.

The route metric is a value from 1 to 16 that indicates the cost of

using this route. A value of 1 is the lowest cost, and 15 is the highest cost. A

value of 16 indicates that the route is not reachable from this router. When

trying to reach a particular destination, computers on your network will select

the best route, ignoring unreachable routes.

Interface.

Specifies the interface,

LAN

or

WAN

, that the IP packet must use

to transit out of the router when this route is used.

Save/Update.

Record the changes you have made.

Clear.

Re-initialize this area of the screen, discarding any changes you have made.

(continued)