24x8 cable modem plus AC1900 WiFi router Model MT7711 Xfinity® + 2phone lines User Manual
NOTICE This document contains proprietary information protected by copyright, and this Manual and all the accompanying hardware, software, and documentation are copyrighted. No part of this document may be photocopied or reproduced by mechanical, electronic, or other means in any form.
SAFETY This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this manual and of the computer manufacturer must therefore be followed therefore be allowed at all times to ensure the safe use of the equipment. CAUTION: These precautions help protect you and your MT7711.
Table of Contents Introduction 7 Quick Start 9 PACKAGED WITH YOUR MT7711 ......................................................................................................... 9 LET’S GET STARTED............................................................................................................................ 10 PREPARE TO ACTIVATE ....................................................................................................................... 12 ACTIVATE ..............................
Using a Browser 26 Configuring Your MT7711 to Support Devices and Applications with Special Requirements 32 FOR GAMES PLAYED ON GAME CONSOLES AND PCS, AND SECURITY CAMERAS ..................................... 32 TO CREATE A PORT FORWARDING RULE .............................................................................................
Configuring Alternate WiFi Security Settings 72 ALTERNATIVES TO WPA2 -- WPA, WEP, AND RADIUS ....................................................................... 72 ABOUT WIRELESS SECURITY .............................................................................................................. 74 HOW TO TELL IF YOUR CLIENTS SUPPORT WPA2................................................................................ 75 HOW TO CONFIGURE WIRELESS SECURITY FOR A RADIUS SERVER ...........................
Introduction The Motorola Model MT7711 is a 24x8 DOCSIS 3.0 cable modem with a built-in AC1900 WiFi router plus 2 telephone jacks that has 4 Gigabit Ethernet ports. This model connects to Comcast Xfinity's cable Internet service with Voice. Model MT7711 can provide shared Internet access to Ethernet-capable and WiFi devices including computers, smartphones, tablets, HDTVs, game consoles, security cameras, and streaming media devices.
Chapter 13: VPN (Virtual Private Network) Chapter 14: Troubleshooting Tips 8
Quick Start Packaged with your MT7711 Power Supply RJ11 Phone Cord Ethernet Cable Coax Wrench Velcro® Cable Organizer Para una Guía de Inicio Rápido en español, por favor vaya a www.motorolanetwork.
Let’s get started If you don’t have cable Internet service, please order that from your cable service provider. Comcast Xfinity customers should also order phone service if they want to use the MT7711 phone lines. This phone capability works for Xfinity, but not for most other cable services since they use a different version of PacketCable to deliver their phone service. Now connect your MT7711 as shown on the following page. Connecting to a Coax Cable Please see the connection photo on the next panel.
ON/OFF button POWER Connect the supplied power supply between the power jack and an electrical outlet. If you have Xfinity phone service, you can connect telephones to either or both of these phone jacks. PHONE (TEL 1-2) ETHERNET (LAN 1-4) You can connect a computer, HDTV, game station, or other Ethernet-capable device to any of these 4 LAN ports. RESET WPS button COAX Connect a “live” coax cable to the modem’s COAX connector as discussed above. (Tighten the nut so it’s finger tight.
Prepare to activate By now you should have: • Subscribed to cable Internet service, and possibly to Xfinity phone service. • Connected your MT7711. • Powered up your cable modem/router. To do this, the On/Off button needs to be On (Push the button in until it clicks). Wait for the green online connection light to stop flashing and remain solidly lit. This may take up to 15 minutes. You may need your cable service account number for product registration.
Once your MT7711 is activated either online or by phone, your service provider will provision your MT7711 service. Typically this takes less than 5 minutes for Internet, but in some cases this may take 30 minutes or longer. If you activate voice service for the first time, your service provider may take several days to activate that service. Once you have been activated, try to browse the Web using a device connected via Ethernet or WiFi to the MT7711.
Configuration Manager You may not need to use the MT7711’s Configuration Manager. Here are some reasons for using it: • You want to change the wireless network name and password. For instance, maybe you want a more easily remembered name, or you're replacing a router and want to use your existing WiFi Network Name (SSID) and/or WiFi Password/Key instead of the unique ones that come with the MT7711. • You want to set up special Internet gaming settings.
Wireless Router As noted before, the MT7711 has a unique Wireless Network Name/SSID and Wireless Security Key/Password printed on the MT7711’s bottom label. Set up your wireless devices to work with this SSID and security key, or with the SSID and security key you specified, if you changed them. Note that wireless performance depends on a number of factors.
Telephone Adapter The MT7711 includes two telephone ports that support standard (land line) telephones and other devices. The MT7711 is designed to work with Comcast Xfinity voice service only. To use the telephone ports, first make sure you have subscribed to Xfinity voice service. This service may be provisioned to support either one line on Tel1, or two phone lines, on both Tel1 and Tel 2, with two different phone numbers.
Front Panel Lights During Power up, the lights will blink for several minutes. LIGHT Power Downstream Upstream Online 2.
WPS TEL1 & TEL2 Battery Green Green Green OFF: After boot-up, WPS is OFF (not being used). Blinking: WPS is in discovery mode. ON: Light will remain solid for 5 minutes after WPS configuration is successful. OFF: Phone service not provisioned.
Battery Purchase or Replacement The MT7711 has battery back-up circuitry which is for Telephone (Tel1) back-up only. The MT7711 typically does not ship with a battery included. A battery is not required for normal operation with AC power. If you lose AC power, a back-up battery allows the telephone plugged into Tel1 to still function. If you want a back-up battery, you can purchase one separately online. The battery is Model 98250 from MTRLC LLC.
Telephone Adapter The MT7711 includes two telephone ports that support standard (land line) telephones and other devices. The MT7711 is designed to work with Comcast Xfinity voice service only. To use the telephone ports, first make sure you have subscribed to Xfinity voice service. This service may be provisioned to support either one phone line on Tel1, or two phone lineson both Tel1 and Tel2, with two different phone numbers.
Telephone Lights Here is a table describing the behavior of the Tel1 and Tel2 Lights: Blinking: ON: TEL1 & TEL2 Green Slow Blinking: OFF: Registration in process Phone on-hook / Ready for calls Phone off-hook / Call active Phone service not provisioned Note the lights are solid for each line when voice service is provisioned and ready. The lights blink slowly during active calls, and are OFF if no service is provisioned.
Operating on Battery Power after Power Loss When an optional Motorola-supplied or a separately purchased MTRLC LLC (part number 98250) battery is installed, your MT7711 will automatically fail over to battery power if there is a power outage at your location. The battery will support standby operation for Tel1 for up to eight hours, and talk time of up to five hours. Note that attached phones such as cordless phones that require their own power will require their own backup power source.
Alternate Ways to Connect Your Coax Cable As summarized in the Quick Start, one important connection is the coaxial cable connection that carries your cable Internet service to your MT7711. Here are the main ways you can make that connection: 1. 2. 3. Use the loose end of an available “live” coaxial cable from your cable service provider. Plug the loose end into the Coax jack of your cable modem.
Connecting a Device via Ethernet To make the connection at the Ethernet-capable device, simply plug in one end of the Ethernet cable to an Ethernet jack on the device. At the cable modem, plug the other end of the cable into any of the cable modem’s LAN jacks. You can connect up to four devices by using the four LAN jacks.
Setting up an HDTV, Streaming Media Device, or Other Device A typical HDTV, for instance, has an Input or Setup section. Within that section there’s normally a Network section. In that section you may need to specify that you have an Ethernet connection if that’s how you connect to the MT7711. If you want to connect wirelessly to the MT7711, you’ll need to select its wireless network name and then enter its wireless password.
Accessing the Configuration Manager by Using a Browser Model MT7711 has a Configuration Manager that provides a lot of technical information about Model MT7711 and that tells you how to do some useful things. Please note that some users will never need to use the Configuration Manager. You can access the Configuration Manager from a computer or any other device that has a browser and that is connected via Ethernet or wirelessly to your cable modem.
You should see this page: 3. 4. Type admin in the Username field. Type motorola in the Password field.
5. Click the Login button.
This should bring you to the Basic Status and Settings page shown below. The Basic Status and Settings page gives you information about your Internet connection, lets you view and modify your WiFi privacy settings, and shows you basic information about your cable modem’s addresses and software version. The logout link lets you end your session with the Configuration Manager.
You can return to the Basic Status and Settings page from any Advanced page by clicking the Motorola stylized M Logo in the upper left-hand corner of the page. Note the circled (i) ‘information’ icons to the right of the page. You can click the icons for descriptions of entries: The information icons appear on every page, including Advanced pages.
The Advanced pages include more detailed status information, as well as exhaustive configuration options for the WiFi, Router and Firewall functions of your device. In addition, there is a Parental Control page, and pages to set up Virtual Private Networks (VPNs). Click the Advanced button. Note the Menus and Submenus at the top of the page. The currently selected menu item is highlighted (top row), and submenu items corresponding to the selected menu item are displayed in the second row.
Configuring Your MT7711 to Support Devices and Applications with Special Requirements For Games Played on Game Consoles and PCs, and Security Cameras Devices including game consoles and security cameras often require special router settings to work correctly. This may also be true of games that you play on a PC or another device. For gaming, you probably want to use special settings if you’re playing another person or a computer over the Internet.
You can create forwarding rules for both IPv4 and IPv6 environments. These rules determine how data flows from the address to specified LAN addresses and ports. In this document we will describe how to create a rule for an IPv4 network. The steps are similar for IPv6. To create an IPv4 Forwarding Rule, first click the Add_IPv4 button. You can now enter your port forwarding information.
Review your game or device documentation to find the port or ports that need to be forwarded. Also, determine the IP Address that your device is using. You game or device documentation should show you where to find this. Your game or device may need more than one port to be forwarded. In some cases, the ports will be numbered sequentially, in a range. In other cases, the ports may be separated. In this case, you will have to set up a separate forwarding rule for each port.
To Create a Port Forwarding Rule 1. 2. 3. 4. 5. 6. 7. Under Local IP Address, enter the address of the game station, PC or other device. In the case of a security camera, enter the address of the camera’s DVR. Under Local Start Port, enter the starting port that your device or game needs. Under Local End Port, if your device uses a sequential range of port numbers, enter the highest number in the range. Otherwise, if there is only one number, enter the start port number again.
For games and game consoles, you may also need to enable UPnP and to set the Firewall to OFF.
Check the UPnP Enable box, and click Save at the top of the Router Selections box.
Select OFF in the IPv4 Firewall Protection pulldown, and click Save.
Changing Wireless Settings The MT7711 comes set up for wireless-N (2.4 GHz band) and wireless-AC (5 GHz band) with WPA2 security, with unique wireless network names (SSIDs) for each band, and a unique password. Both bands use this password. There’s a good chance that you’ll want to use these settings. In that case you will need to configure client wireless devices (laptops, smartphones, etc.) with your MT7711’s wireless network names and password to connect the devices to the Primary Network on your MT7711.
This will bring you to the Basic Status and Settings page where you can change your network name and password: 40
To Change the Network Name and Password For the 5 GHz band: 1 Select and delete the old Network Name in the Wi-Fi Privacy Settings section, then type in the new Network Name. 2 Click the Save button. 3 You can click the Show Key box to check your typing for Password. 4 Select and delete the old Password, then type in the new Password. 5 Click the Save button. For the 2.4 GHz band: 1 Select and delete the old Network Name in the Wi-Fi Privacy Settings section, then type in the new Network Name.
Wireless Guest Networks You can enable one or more Guest Networks to let friends use your Internet connection without giving them access to other devices on your network. To set up a Guest Network, first log into the Configuration Manager as described in chapter 5. In summary, you type 192.168.0.1 in the address bar of your browser, go to that address, enter the Username admin and Password motorola, then click the Login button. This will bring you to the Basic Status and Settings page.
To configure and enable a Guest Network on the 2.4 GHz band, first select the 2.4 GHz tab, and then: 1 Select the desired Guest Network (there are two available for each band). 2 Click the Save button. 3 Select Enabled and click Save to enable the selected Guest Network. The following steps are optional. Follow them if you want to change the default Guest Network Name and Password: 4 Select and delete the old Guest Network Name, then type in the new Guest Network Name and click Save.
To configure and enable a Guest Network on the 5 GHz band, first select the 5 GHz tab, and then repeat the steps above. Network Name can be from 6 - 32 characters long. You can use the upper and lower case letters (a – z and A – Z), numbers (0 - 9) and special characters (e.g. $_/& etc.) except the single quote ‘ . Password can be from 8 - 63 characters long. You can use upper and lower case letters (a – z and A – Z), numbers (0 - 9) and special characters (e.g. $_/& etc.) except the single quote ‘ .
Changing Firewall Settings A Firewall helps protect your Model MT7711 and the devices attached to it from harm from outsiders connecting via the Internet. Model MT7711 comes with reasonable firewall settings. The firewall allows all normal traffic to pass, but protects against well-known attacks. Normally you just leave the firewall settings in place. If you want to change them, you go to the Protection Firewall section of the Configuration Manager.
The firewall lets you set your protection level through IPv4 Firewall Protection, for example. By default, with the Low setting, all services are allowed. If you select Medium or High protection, the firewall will block all outgoing services except those listed in the List of Allowed Services at the bottom of the page. Select the desired protection level, and click Save. The higher protection levels will make it harder for attackers to penetrate your network.
Tuning Wireless Performance This chapter discusses steps to tune wireless performance. These steps can optimize wireless performance in many cases. First, note that placement of your MT7711 can be very important. Make sure it is not too close to other wireless devices like Bluetooth transmitters (e.g. for headsets), or a neighbor’s wireless router. For example, in an apartment an MT7711 could be only feet away from a neighbor’s device on the other side of a shared wall.
Select the Wireless Scan/Bridge page. Hover over the Wireless menu item to bring the Wireless submenu options into view, then click the Scan/Bridge submenu option.
Select the tab for the band you want to scan, 2.4 GHz or 5 GHz. Then click the “Scan Wireless APs” button at the bottom of the page. This will pop up the wireless Scan Results table: Note that as in these sample Scan Results, you may need to scroll down to see all neighboring networks. For the 2.4 GHz band: Look at the Channel column. This shows the channels that your neighboring networks use. Available channels are 1 through 11.
If there are very few neighboring wireless devices in your location, you should follow the rule of choosing a channel separated by 5 from all other channels. For example, if there are two neighboring networks using channels 6 and 11, you should choose channel 1. If there are many neighboring networks, you may find that most use channels 1, 6 and 11.
Select the tab for the band you want to change. Then select the desired channel from the Channel pulldown, and click Save. Wait for a minute or so for client devices to resynchronize to the new channel. Check to see whether wireless performance has improved. If not, you can try another channel selection.
WiFi Multimedia (WMM) Another possible way to improve performance is to change WiFi Multimedia (WMM) settings.
WMM is designed to provide Quality of Service (QoS) support for multi-media traffic on your network. The multi-media applications must also support WMM. When they do, WMM facilitates smoother traffic flow for these traffic types. WMM cannot be turned off. If you find wireless traffic is not flowing well, you can turn on No-Acknowledgement. No-Acknowledgement improves packet throughput with the trade-off of higher error rates. In many cases this can result in an overall improvement in performance.
Parental Control Note that the Parental Control feature only works with unsecure websites. It does not work with secure websites (sites with URLs starting with https://). Parental Control lets you limit access to the Internet from particular devices on your network. For a device like a child’s computer or tablet, you can create lists of websites that the device is allowed to visit, blocking all others (whitelists).
Note that Parental Control is Disabled by default. You should leave it disabled until you have set up all desired Whitelists and Blacklists. Enable Parental Control once the Whitelist and Blacklist settings are complete. Select Enable, and then Save. If you need to modify the Whitelists or Blacklists, first Disable Parental Control and Save. Then, Enable Parental Control when the changes are complete, and Save again.
You may also find the device’s MAC Address by looking at the client list on your MT7711. Click Basic Router DHCP and look at the MAC Addresses in the DHCP Client List: You may have to do a little sleuthing to find your device’s MAC Address, for example by turning the device off and on again to see which MAC Address is removed and then restored to the list.
leave this selection at the default setting, BOTH. Here is an example entry to block access to BadSite.com at all times: Finally, make sure to check the Enable box, and click the Save button. Click the + sign to add another site to block for this device: Now you can add another site, for example WorseSite.
Remember to click Save. Click the + sign again to add more sites if you like. Click the Add button to configure a blacklist for another device, if you like. When you have completed all Blacklists, remember to Enable Parental Control at the top of the page, and click Save. Setting up a Whitelist Before you make any changes, make sure Parental Control at the top of the page is Disabled, and click Save if you had to change this.
Finally, make sure to check the Enable box, and click the Save button. Here is an example entry to allow access to Jill_Site.com from 4:00 pm to 8:00 pm: Now you can add another device, for example Joey’s PC, to the Whitelist. First click the Add button. Then enter the entry name, device MAC Address, site to allow, and start and end time for the entry. In the example below, we have named the entry Joeys_PC, and the site Joey_Safe_1.com, with active time from 10:00 am to 2:00 pm. Remember to click Save.
Click the Add button to configure a Whitelist for yet another device, if you like. When you have completed all Whitelists, remember to Enable Parental Control at the top of the page, and click Save.
Setting up Times When Internet Access is Allowed and Not Allowed Before you make any changes, make sure Parental Control at the top of the page is Disabled, and click Save if you had to change this. You can set up times when Internet is allowed by configuring a Whitelist entry with a universal URL. By doing this, you can allow Internet access for a particular device only during hours that you specify. Access will be allowed to all Internet sites.
Now set the start and end times of when you want to allow the device to have Internet access. Here is an example of entries to allow Internet access in an after-school period from 5:00 pm to 10:00 pm. We have named the sample entry AfterSch: Make sure to check the Enable box, and click the Save button. Click the Add button to configure a Whitelist entry for an allowed schedule for another device, if you like.
VPN (Virtual Private Network) Virtual Private Networks (VPNs) provide protected connections across the Internet. Some companies and other organizations provide remote access to their internal networks via a VPN. Employees are typically provided with software that makes the VPN connection from a computer. When a computer provisioned for this type of VPN connection is connected behind the MT7711, the MT7711 must pass through the VPN traffic. The MT7711 is configured by default for VPN pass-through.
To summarize, the MT7711 supports: • VPN Pass-through (for clients connected behind the device that need to access for example a corporate network) 65
• Termination of VPN clients via PPTP & L2TP (The MT7711 can be configured as a VPN server in a small office or similar environment. Clients located on the Internet can connect to the small office network through VPN tunnels terminated at the MT7711.
• Site-to-Site VPN via IPsec (the MT7711 can be configured to create a tunnel for all devices on the MT7711's LAN side to connect to a corporate network). • The MT7711 will NOT support termination of client VPN connections via IPsec. A couple of notes about VPN options. IPsec uses encryption and provides the strongest security. PPTP is considered to be the least secure VPN option. PPTP connections are not required to include encryption or authentication.
In the implementation of PPTP and L2TP on the MT7711, MPPE encryption is optional. Both protocols require a login; L2TP requires a passkey for authentication. There are three pages under VPN in the MT7711 configuration manager: IPsec, L2TP/PPTP and Event Log. Use the IPsec page to set up an endpoint for a site to site IPsec connection. Use the PPTP/L2TP page to set up a server for a set of remote clients that connect via PPTP or L2TP.
Changing Your MT7711’s Username and Password, and Resetting to Factory Defaults Changing Your MT7711’s Username and Password To change your MT7711’s Username and Password, first log into the Configuration Manager as described in chapter 6. In summary, you type 192.168.0.1 in the address bar of your browser, go to that address, enter the Username admin and Password motorola, then click the Login button. This will bring you to the Basic Status and Settings page.
You will need to enter the Current Username and Password, and then the new Username and Password. Your new Password will have to be entered twice. Both the Username and Password fields accept entries up to 15 characters long. Both Username and Password may include lower- and upper-case letters (a – z, A – Z) and numbers (0 – 9). Special characters are not allowed. Be sure to click Save to write your changes to memory.
Resetting to Factory Defaults There may be occasions when you need to reset your cable modem/router to factory defaults, for example if you have changed the Username and Password and lost the new values. Note that if you reset your device to its factory defaults, you will lose any changes you have made to settings in the device. To reset to factory defaults: 1. 2. 3. 4. Make sure the cable modem/router is powered on. Find the reset button on the rear of the unit. It is marked RESET.
Configuring Alternate WiFi Security Settings Alternatives to WPA2 -- WPA, WEP, and RADIUS Your Cable Modem/Router comes from the factory configured for WPA2-PSK wireless security with AES encryption. Some older clients may not support this security mode. (For details, see About Wireless Security, below). To change the wireless security mode, first open the page WPS_RADIUS_WEP. To do this, first log into the Configuration Manager. In summary, you type 192.168.0.
If you need to support WEP, follow these steps. 1. 2. 3. 4. 5. 6. Disable all WPA, WPA-PSK, WPA2, and WPA2-PSK entries. Make sure to click Save for each entry you change. Under 802.11n Mode Enable/Disable, select Disable from the pulldown. Click Save. Find the tab WEP Security Settings. In the field PassPhrase, enter a sequence of letters. This can be words, names, or an arbitrary sequence. 7. Click the button Generate WEP Keys. 8. In the WEP Encryption pulldown, select either WEP-64 bit or WEP-128 bit.
About Wireless Security There are two basic wireless security modes: WPA and WEP. There are two versions of WPA: WPA and WPA2. When configured as part of a typical home or small office network, WPA and WPA2 require a Pre-Shared Key, or PSK. These modes are typically called WPA-PSK and WPA2-PSK, respectively, though sometimes they’re just called WPA and WPA2. You can enable either WPA-PSK or WPA2-PSK alone, or you can enable both WPA-PSK and WPA2-PSK together.
How to Tell if Your Clients Support WPA2 You can check to see if all other clients that you plan to put on the network support WPA2. You can do this by checking the manual that came with each device or by checking the configuration software for the installed device. Look under Security or Encryption or Setup or Advanced Features. How to Configure Wireless Security for a RADIUS Server If you have a Radius Server, select the WPA/WPA2 options without PSK.
Troubleshooting Tips What if I can’t make an Internet connection right after installation? • First turn your MT7711 off for at least 8 seconds, then on, to see if that fixes the problem. • Check the connections you’ve made to your MT7711. Power and coax connections are required, and up to 4 Ethernet connections are optional. Are those connections good? Be sure that the coax cable connection finger-tight, possibly using the coax wrench. Do not over-tighten.
• If the Tel1 light is ON but you can’t make and receive calls, check the connections to your phone. Is the phone cord connected snugly at both ends? • The Tel2 jack will only work if you have a 2 phone line service from Comcast Xfinity. • If your phone has a base that needs to be powered, make sure it has a secure connection to a live outlet. • If your phone’s handset uses a battery, make sure this is fully charged.
What if my phone's Caller ID doesn't display a name? • Some callers may block their Caller ID. • If the Caller ID displays a number but no name for some frequent callers, check to see if you can program your phone to display a name for those numbers. What if my MT7711 has been working then stops working? • First turn your MT7711 off for at least 8 seconds, then on, to see if that fixes the problem.
• Some video streaming services get bottlenecked, especially at busy times like after dinner. See whether you have the speed problem at less busy times or when using another streaming service. • Try connecting your MT7711 nearer to where the coaxial cable comes into your home. This lets you see whether your home’s cabling is a problem. • If you’re using a splitter with your MT7711, try the MT7711 without the splitter to see if that helps.
connects wirelessly to the MT7711, it may show the Wireless Network Name/SSID and Password. You can also find this information through the MT7711’s Configuration Manager. Information about doing this is in the Configuration Manager section above. If all else fails, reset the device to factory defaults by holding the Reset button for 10 seconds. You can then use the default values. What if I think that wireless devices are interfering with my MT7711 wireless router? 1.
Support We like to help. Please visit our support Website or call our support specialists. Our Website has our Motorola Mentor information, and also provides returns and warranty information. www.motorolanetwork.com/support Email: Phone: support@motorolanetwork.com 800-753-0797 or 617-753-0562 Limited Warranty MTRLC LLC warrants this product against defects in material and workmanship for a warranty period of 2 years. To read the full warranty, please go to www.motorolanetwork.
Compliance FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
