Netgear DGN2200V3 User Manual

N300 Wireless ADSL2+ Modem Router DGN2200v3

User Manual
October 2013 202-10870-04
350 East Plumeria Drive San Jose, CA 95134 USA
N300 Wireless ADSL2+ Modem Router DGN2200v3
Support
Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product
at
https://my.netgear.com. You must register your product before you can use NETGEAR telephone support.
NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit
Phone (US & Canada only): 1-888-NETGEAR. Phone (Other Countries): Check the list of phone numbers at
http://support.netgear.com/general/contact/default.aspx.
http://support.netgear.com.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved.

Contents

Chapter 1 Hardware Setup
Chapter 2 Getting Started with NETGEAR genie
Unpack Your Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Modem Router Stand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Position Your Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
ADSL Microfilters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
One-Line ADSL Microfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Two-Line ADSL Microfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Cable Your Modem Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Verify the Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Modem Router Setup Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Use Standard TCP/IP Properties for DHCP . . . . . . . . . . . . . . . . . . . . . .18
Gather ISP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Wireless Devices and Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . 18
Types of Logins and Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
NETGEAR genie Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Use NETGEAR genie after Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Upgrade the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Dashboard (Basic Home Screen). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Join Your Wireless Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Manual Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Wi-Fi Protected Setup (WPS) Method . . . . . . . . . . . . . . . . . . . . . . . . . .22
NETGEAR genie App and Mobile genie App . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 3 NETGEAR genie Basic Settings
Basic Home Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Internet Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Internet Setup Screen Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Attached Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Parental Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
ReadySHARE USB Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Basic Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Wireless Settings Screen Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
N300 Wireless ADSL2+ Modem Router DGN2200v3
Change WPA Security Option and Passphrase . . . . . . . . . . . . . . . . . . . 34
Guest Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Guest Network Wireless Security Options . . . . . . . . . . . . . . . . . . . . . . . 36
Chapter 4 NETGEAR genie Advanced Home
NETGEAR genie Advanced Home Screen . . . . . . . . . . . . . . . . . . . . . . . . 38
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
WPS Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Setup Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
WAN Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Default DMZ Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Change the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
LAN Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
LAN Setup Screen Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Use the Modem Router as a DHCP Server . . . . . . . . . . . . . . . . . . . . . .46
Address Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Quality of Service (QoS) Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Chapter 5 USB Storage
USB Drive Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
ReadySHARE Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
File-Sharing Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Basic Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Add or Edit a Network Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
USB Storage Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Safely Remove a USB Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Media Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Specify Approved USB Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Connect to the USB Drive from a Remote Computer. . . . . . . . . . . . . . . . . 59
Access the Modem Router’s USB Drive Remotely Using FTP. . . . . . . . 59
Chapter 6 Security
Keyword Blocking of HTTP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Firewall Rules to Control Network Access . . . . . . . . . . . . . . . . . . . . . . . . .62
Set Up Firewall Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Port Triggering to Open Incoming Ports. . . . . . . . . . . . . . . . . . . . . . . . . . .63
Port Forwarding to Permit External Host Communications . . . . . . . . . . . . 64
How Port Forwarding Differs from Port Triggering . . . . . . . . . . . . . . . . . . .65
Set Up Port Forwarding to Local Servers. . . . . . . . . . . . . . . . . . . . . . . . . .65
Add a Custom Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Edit or Delete a Port Forwarding Entry. . . . . . . . . . . . . . . . . . . . . . . . . .67
Set Up Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Schedule Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Security Event Email Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
N300 Wireless ADSL2+ Modem Router DGN2200v3
Chapter 7 Administration
Upgrade the Modem Router Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
View Router Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Router Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Internet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Wireless Settings (2.4 GHz) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
View Logs of Web Access or Attempted Web Access . . . . . . . . . . . . . . . .77
Manage the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Back Up Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Restore Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Set Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Password Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Chapter 8 Advanced Settings
Advanced Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Restrict Wireless Access by MAC Address . . . . . . . . . . . . . . . . . . . . . .82
Wireless Repeating Function (WDS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Wireless Repeating Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Set Up the Base Station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Set Up a Repeater Unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
USB Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Universal Plug and Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Traffic Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Change the Device Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Chapter 9 Virtual Private Networking
Overview of VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Client-to-Gateway VPN Tunnels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Gateway-to-Gateway VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Plan a VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
VPN Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Set Up a Client-to-Gateway VPN Configuration . . . . . . . . . . . . . . . . . . . . .98
Step 1: Configure the Gateway-to-Client VPN Tunnel . . . . . . . . . . . . . .98
Step 2: Configure the NETGEAR ProSafe VPN Client. . . . . . . . . . . . .101
Set Up a Gateway-to-Gateway VPN Configuration . . . . . . . . . . . . . . . . .108
VPN Tunnel Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Activate a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Verify the Status of a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Deactivate a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Delete a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
Set Up VPN Tunnels in Special Circumstances . . . . . . . . . . . . . . . . . . . .116
N300 Wireless ADSL2+ Modem Router DGN2200v3
Use Auto Policy to Configure VPN Tunnels . . . . . . . . . . . . . . . . . . . . .116
Use Manual Policy to Configure VPN Tunnels. . . . . . . . . . . . . . . . . . . 123
Chapter 10 Troubleshooting
Troubleshooting with the LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Power LED Is Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Power LED Is Red . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
LAN LED Is Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Cannot Log In to the Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Troubleshooting the Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . 128
ADSL Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Internet LED Is Red . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Obtaining an Internet IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Troubleshooting PPPoE or PPPoA . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Troubleshooting Internet Browsing. . . . . . . . . . . . . . . . . . . . . . . . . . . .130
TCP/IP Network Not Responding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Test the LAN Path to Your Modem Router. . . . . . . . . . . . . . . . . . . . . .130
Test the Path from Your Computer to a Remote Device . . . . . . . . . . . 131
Changes Not Saved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Incorrect Date or Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Appendix A Supplemental Information
Factory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Appendix B VPN Configuration
Configuration Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Step-by-Step Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Modem Router with FQDN to Gateway B . . . . . . . . . . . . . . . . . . . . . . . .141
Configuration Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Step-by-Step Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Configuration Summary (Telecommuter Example) . . . . . . . . . . . . . . . . .145
Setting Up Client-to-Gateway VPN Configuration . . . . . . . . . . . . . . . . . . 146
Step 1: Configure Gateway A (Router at the Main Office) . . . . . . . . . . 146
Step 2: Configure Gateway B (Router at the Regional Office) . . . . . . . 147
Monitoring the VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing the VPN Router’s VPN Status and Log Information . . . . . . . . 154
Appendix C Notification of Compliance
Index

1. Hardware Setup

Getting to know your modem router
1
The N300 Wireless ADSL2+ Modem Router DGN2200v3 provides you with an easy and secure
way to set up a wireless home network with fast access to the Internet over a high-speed digital subscriber line (DSL). It has a built-in DSL modem, is compatible with all major DSL Internet service providers, lets you block unsafe Internet content and applications, and protects the devices (computers, gaming consoles, and so on) that you connect to your home network.
If you have not already set up your new modem router using the installation guide that comes in the box, this chapter walks you through the hardware setup.
NETGEAR genie, explains how to set up your Internet connection.
This chapter contains the following sections:
Unpack Your Modem Router
Hardware Features
Position Your Modem Router
ADSL Microfilters
Cable Your Modem Router
Verify the Cabling
Chapter 2, Getting Started with
For more information about the topics covered in this manual, visit the support website at
http://support.netgear.com.
If you want instructions about how to wall-mount your router, see Wall-Mount Your Router at
http://support.netgear.com/app/answers/detail/a_id/18725.
N300 Wireless ADSL2+ Modem Router DGN2200v3

Unpack Your Modem Router

Your box should contain the following items:
N300 Wireless
ADSL2+ Modem Router DGN2200v3
AC power adapter (plug varies by region)
Category 5 (Cat 5) Ethernet cable
T
elephone cable with RJ-11 connector
Microfilters and splitters (quantity and type vary by region)
CD with documentation (German only)
Installation guide with cabling and modem router setup instructions

Hardware Features

Before you cable your modem router, take a moment to become familiar with the label and the front and back panels. Pay particular attention to the LEDs on the front panel.

Label

The label on the bottom of the modem router shows the Restore Factory Settings button, , preset login information, MAC address, and serial number.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation
Restore Factory Settings
Figure 1. Label on modem router bottom
Wi-Fi network name and password
Serial number
MAC address
See Factory Settings on page 134 for information about restoring factory settings.
Hardware Setup
N300 Wireless ADSL2+ Modem Router DGN2200v3

Back Panel

The back panel has the On/Off button and port connections as shown in the figure.
ADSL
Ethernet LAN
Figure 2. Back panel port connections
USB
Power
On/Off

Front Panel

The modem router front panel has the status LEDs and icons shown in the figure. Note that the Wireless and WPS icons are buttons.
Power LAN Ports (1–4) USB DSL WiFi WPSInternet
Figure 3. Front panel LEDs and icons
Hardware Setup
N300 Wireless ADSL2+ Modem Router DGN2200v3
The following table describes the LEDs, icons, and buttons on the front panel from left to right.
Table 1. Front panel LEDs and buttons
Icon Description
Power
LAN
USB
DSL
Internet
Solid green. Power is supplied to the modem router.
Solid red. POST (power-on self-test) failure or a device malfunction has occurred.
Off. Power is not supplied to the modem router.
Blinking. is pressed for 6 seconds (pressing it briefly resets the unit). The Power LED then blinks red three times when the Restore Factory Settings button is released and then turns green as the modem router resets to the factory defaults.
Solid green. The LAN port has detected an Ethernet link with a device.
Blinking green.Data is being transmitted or received.
Off. No link is detected on this port.
Solid green. A USB device is connected and ready to use.
Blinking green.
Off. No USB device connected, or the Safely Remove Hardware” has been activated, or an error has occurred with the device.
Solid green. You have a DSL connection. In technical terms, the DSL port is synchronized with an ISP’s network-access device.
Blinking green. DSL line.
Off.
Solid green. You have an Internet connection. If this connection is dropped due to an idle time-out but the DSL connection is still present, the LED stays green. If the Internet connection is dropped for any other reason, the LED turns off.
Solid red. The
Connection on page 128 for troubleshooting information.
Blinking green. Data is being transmitted over the DSL port.
Off. No Internet connection is detected or the device is in bridge mode (an external device handles the ISP connection).
The LED blinks momentarily when the Restore Factory Settings button
A USB device is in use.
The modem router is negotiating the best possible speed on the
The unit is off or there is no DSL link established.
Internet (IP) connection failed. See Troubleshooting the Internet
WiFi
Icon is on the WiFi button
WPS
Icon is on the WPS button
Solid green. There
Blinking green. Data is being transmitted or received over the WiFi link.
Off.
Solid green. Indicates that wireless security has been enabled.
Blinking green.
Off. WPS is not enabled. See Wi-Fi Protected Setup (WPS) Method on page 22
There is no WiFi connectivity. You can still plug an Ethernet cable into one of the LAN ports to get wired connectivity. See Advanced Wireless Settings on page 81 for more information about the use of this button.
for more information about the use of this button.
is WiFi connectivity.
A WPS-capable device is connecting to the device.
Hardware Setup
10
N300 Wireless ADSL2+ Modem Router DGN2200v3

Modem Router Stand

For optimal wireless network performance, use the stand (included in the package) to position your modem router upright.
1. Orient your modem router vertically
2. Insert the tabs of the stand into the slots on the bottom of your modem router as shown.
3. Place your modem router in a suitable area for installation (near an AC power outlet and
accessible to the Ethernet cables for your wired computers).
.

Position Your Modem Router

The modem router lets you access your network from virtually anywhere within the operating range of your wireless network. However, the operating distance or range of your wireless connection can vary significantly depending on the physical placement of your modem router. For example, the thickness and number of walls the wireless signal passes through can limit the range. For best results, place your modem router:
Near the center of the area where your computers and other devices operate and
preferably within line of sight to your wireless devices.
So it is accessible to an
In an elevated location such as a high shelf, keeping the number of walls and ceilings
between the modem router and your other devices to a minimum.
A
way from electrical devices that are potential sources of interference, such as ceiling
fans, home security systems, microwaves, computers, or the base of a cordless phone or
2.4 GHz cordless phone.
AC power outlet and near Ethernet cables for wired computers.
Hardware Setup
11
N300 Wireless ADSL2+ Modem Router DGN2200v3
Away from any large metal surfaces, such as a solid metal door or aluminum studs. Large
expanses of other materials such as glass, insulated walls, fish tanks, mirrors, brick, and concrete can also affect your wireless signal.
With the antennas in a vertical position to provide the best side-to-side coverage or in a
horizontal position to provide the best up-and-down coverage, as applicable.
When you use multiple access points, it is better if adjacent access points use different radio frequency channels to reduce interference. adjacent access points is 5 channels (for example, use Channels 1 and 6, or 6 and 11).
The recommended channel spacing between

ADSL Microfilters

If this is the first time you have cabled a router between a DSL phone line and your computer or laptop, you might not be familiar with ADSL microfilters. If you are, you can skip this section and proceed to Cable Your Modem Router on page 13.
An ADSL microfilter is a small inline device that filters DSL interference out of standard phone equipment that shares the same line with your DSL service. Every telephone device that connects to a telephone line that provides DSL service needs an the DSL interference. Examples of devices are telephones, fax machines, answering machines, and caller ID displays. Note that not every phone line in your home necessarily carries DSL service. That depends on the DSL service setup in your home.
ADSL microfilter to filter out
Note: Often the ADSL microfilter is in the box with the modem router. If you
purchased the modem router in a country where a microfilter is not included, you have to acquire the ADSL microfilter separately.

One-Line ADSL Microfilter

Plug the ADSL microfilter into the wall outlet and plug your phone equipment into the jack labeled Phone. The modem router plugs directly into a separate DSL line. Plugging the modem router into the phone jack blocks the Internet connection. If you do not have a separate DSL line for the modem router, the best thing to do is to use an ADSL microfilter with a built-in splitter (see Two-Line ADSL Microfilter on page 13)
Plugs into DSL line
Figure 4. One-line ADSL microfilter
If you do not have a separate DSL line for the modem router, the second-best solution is to get a separate splitter. To use a one-line filter with a separate splitter, insert the splitter into the phone outlet, connect the one-line filter to the splitter, and connect the phone to the filter.
.
Hardware Setup
12
N300 Wireless ADSL2+ Modem Router DGN2200v3

Two-Line ADSL Microfilter

Use an ADSL microfilter with a built-in splitter when there is a single wall outlet that provides connectivity for both the modem router and your telephone equipment. Plug the ADSL microfilter into the wall outlet, plug your phone equipment into the jack labeled Phone, and plug the modem router into the jack labeled ADSL.
Plugs into the DSL line
Figure 5. Two-line ADSL microfilter with built-in splitter

Summary

One-line ADSL microfilter. Use with a phone or fax machine.
Splitter
modem router.
T
modem router.
. Use with a one-line ADSL microfilter to share an outlet with a phone and the
wo-line ADSL microfilter with built-in splitter. Use to share an outlet with a phone and the

Cable Your Modem Router

Internet
Line
Phone
ADSL
Figure 6. Cable connections
CAUTION:
Incorrectly connecting a filter to your modem router blocks your DSL connection.
Hardware Setup
13
N300 Wireless ADSL2+ Modem Router DGN2200v3
This section includes the same information about the printed installation guide that came with the modem router.
To cable the modem router:
1. Connect the
a.
Install an ADSL microfilter between the phone line and the phone.
b. Connect the c. Use an
ADSL.
Line
Phone
ADSL
ADSL port of the modem router to the ADSL port of the microfilter
ADSL microfilter for every phone line in the house if your modem router and
telephone connect to the same phone line.
2. Add power to the modem router
.
Internet
Line
Phone
ADSL
2
a. Connect the power adapter to the router and plug the power adapter into an outlet. b. W
ait for the WiFi LED on the front panel to turn on. If none of the LEDs on the front
panel are on, press the On/Off button on the rear panel of the modem router.
3. Connect the computer
.
Hardware Setup
14
N300 Wireless ADSL2+ Modem Router DGN2200v3
You can use an Ethernet cable or connect wirelessly.
Internet
Line
ADSL
Phone
3
Use the yellow Ethernet cable to connect your computer to an Ethernet port on your
router.
Or
, connect wirelessly by using the preset wireless security settings located on the
label on the bottom of the router.
4. Open a browser
.
4
If a web page does not open, close and reopen the browser and enter http://routerlogin.net in the address bar.
5. Connect any additional wired computers to your modem router by inserting an Ethernet
cable from a computer into one of the three remaining LAN ports.
Note: If you are an advanced user who wants to set up the modem to run
in “pure bridge” or Modem mode, you need to log in to the modem and change the Device Mode setting to Modem mode. See Change
the Device Mode on page 93.
Hardware Setup
15
N300 Wireless ADSL2+ Modem Router DGN2200v3

Verify the Cabling

Verify that your modem router is cabled correctly by checking the modem router LEDs. Turn on the modem router by pressing the On/Off button on the back.
The Power LED is green when the modem router is turned on.
Turn on your computer. If software usually logs you in to your Internet connection, do not run that software. Cancel it if it starts automatically
Verify that the LAN LEDs (1 through 4) are lit for any computers cabled to the modem router by an Ethernet cable.
The LAN ports are green for each computer cabled to the modem router by an
Ethernet cable.
The WiFi LED is green when the modem router is turned on. The DSL LED is green when you have a DSL connection. The Internet LED is red when there is no Internet connection.
.
Hardware Setup
16
2. Getting Started with NETGEAR
genie
Connecting to the modem router
This chapter explains how to use NETGEAR genie to set up your modem router after you
complete cabling as described in the installation guide and in the previous chapter.
This chapter contains the following sections:
Modem Router Setup Preparation
Types of Logins and Access
NETGEAR genie Setup
Use NETGEAR genie after Installation
Upgrade the Firmware
Dashboard (Basic Home Screen)
Join Your Wireless Network
NETGEAR genie App and Mobile genie App
2
17
N300 Wireless ADSL2+ Modem Router DGN2200v3

Modem Router Setup Preparation

You can set up your modem router with the NETGEAR genie automatically, or you can use the genie menus and screens to set up your modem router manually. Before you start the setup process, get your ISP information and make sure the computers and devices in the network have the settings described here.

Use Standard TCP/IP Properties for DHCP

If you set up your computer to use a static IP address, you need to change the settings so that it uses Dynamic Host Configuration Protocol (DHCP).

Gather ISP Information

If you have DSL broadband service, you might need the following information to set up your modem router and to check that your Internet configuration is correct. Your Internet service provider (ISP) should have provided you with all of the information needed to connect to the Internet. If you cannot locate this information, ask your ISP to provide it. When your Internet connection is working, you no longer need to launch the ISP’s login program on your computer to access the Internet. When you start an Internet application, your modem router automatically logs you in. Make sure that you have the following information:
The ISP configuration information for your DSL account
ISP login name and password
Fixed or static IP address settings (special deployment by ISP; this is rare)

Wireless Devices and Security Settings

Make sure that the wireless device or computer that you are using supports WPA or WPA2 wireless security, which is the wireless security supported by the modem router.

Types of Logins and Access

There are separate types of logins that have different purposes. It is important that you understand the difference so that you know which login to use when.
Modem Router login logs you in to the modem router interface from NETGEAR genie.
See
Use NETGEAR genie after Installation on page 20 for details about this login.
ISP login logs you in to your Internet service. Your service provider has provided you
with this login information in a letter or some other way. If you cannot find this login information, contact your service provider.
Wireless network key or password. Your modem router is preset with a unique
wireless network name (SSID) and password for wireless access. This information is on the label on the bottom of your modem router.
Getting Started with NETGEAR genie
18
N300 Wireless ADSL2+ Modem Router DGN2200v3

NETGEAR genie Setup

NETGEAR genie runs on any device with a web browser. Installation and basic setup takes about 15 minutes to complete.
To use NETGEAR genie to set up your modem router:
1. T
urn the modem router on by pressing the On/Off button.
2. Make sure that your computer or wireless device is connected to the modem router with an
Ethernet cable (wired) or wirelessly with the preset security settings listed on the bottom label.
3. Launch your Internet browser
The first time you set up the Internet connection for your modem router, the browser
goes to http://www
If you already used the NETGEAR genie, type http://www
address field for your browser to display the NETGEAR genie screen. See Use
NETGEAR genie after Installation on page 20.
4. Follow the onscreen instructions to complete NETGEAR genie setup. NETGEAR genie
guides you through connecting the modem router to the Internet.
If the browser cannot display the web page:
Make sure that the computer is connected to one of the four LAN Ethernet ports or
wirelessly to the modem router.
Make sure that the router has full power
Close and reopen the browser to make sure that the browser does not cache the
previous page.
Browse to http://www
If the computer is set to a static or fixed IP address (this is uncommon), change it to
obtain an IP address automatically from the modem router.
.routerlogin.net and the NETGEAR genie screen displays.
.routerlogin.net.
.
.routerlogin.net in the
, and that its wireless LED is lit.
Getting Started with NETGEAR genie
19
N300 Wireless ADSL2+ Modem Router DGN2200v3
If the modem router does not connect to the Internet:
1. Review your settings to be sure that you have selected the correct options and typed
everything correctly
2. Contact your ISP to verify that you have the correct configuration information.
3. Read Chapter 10, Troubleshooting. If problems persist, register your NETGEAR product and
contact NETGEAR technical support.
.

Use NETGEAR genie after Installation

When you first set up your modem router, NETGEAR genie automatically starts when you launch an Internet browser on a computer that is connected to the modem router. You can use NETGEAR genie again if you want to view or change settings for the modem router.
1. Launch your browser from a computer or wireless device that is connected to the
modem router.
2. T
ype http://www.routerlogin.net or http://www.routerlogin.com.
The login window displays:
admin
********
3. Enter admin for the modem router user name and password for the modem router
password, both in lowercase letters.
Note: The modem router user name and password are different from the user
name and password for logging in to your Internet connection. See Types of
Logins and Access on page 18 for more information.
Getting Started with NETGEAR genie
20
N300 Wireless ADSL2+ Modem Router DGN2200v3

Upgrade the Firmware

When you set up your modem router and are connected to the Internet, the modem router automatically checks for you to see if newer firmware is available. If it is, a message is displayed on the top of the screen. See Upgrade the Modem Router Firmware on page 73 for more information about upgrading firmware.
Click the message when it shows up and click Y latest firmware. After the upgrade, the modem router restarts.
CAUTION:
Do not try to go online, turn off the modem router, shut down the computer, or do anything else to the modem router until the modem router finishes restarting and the Power LED has stopped blinking for several seconds.
es to upgrade the modem router with the

Dashboard (Basic Home Screen)

The modem router Basic Home screen has a dashboard that lets you see the status of your Internet connection and network at a glance. You can click any of the six sections of the dashboard to view more detailed information. The left column has the menus, and at the top, there is an Advanced tab that you can use to access additional menus and screens.
Language
Menus (Click the Advanced tab to view more)
Dashboard (Click to view details)
Help
Figure 7. Basic Home screen with dashboard, language, and online help
Home. This dashboard screen displays when you log in to the modem router.
Internet. Set, update, and check the ISP settings of your modem router.
W
ireless. View or change the wireless settings for your modem router.
Attached Devices. V
Parental Controls. Download and set up parental controls to prevent objectionable
content from reaching your computers.
iew the devices connected to your network.
Getting Started with NETGEAR genie
21
N300 Wireless ADSL2+ Modem Router DGN2200v3
ReadySHARE. If you connected a USB storage device to the modem router, then it is
displayed here.
Guest Network. Set up a guest network to allow visitors to use your modem router’
Internet connection.
Advanced tab. Set the modem router up for unique situations such as when remote
access by IP or by domain name from the Internet is needed. See Chapter 8, Advanced
Settings. You need a solid understanding of networking protocols to use this tab.
Help & Support. Go to the NETGEAR support site to get information, help, and product
documentation.
These links work once you have an Internet connection.

Join Your Wireless Network

You can use the manual or the WPS method to join your wireless network. See Guest
Networks on page 35 for instructions about how to set up a guest network.
s

Manual Method

With the manual method, choose the network that you want and type its password to connect.
To connect manually:
1. On your computer or wireless device, open the software that manages your wireless
connections.
2. Look for your network and select it.
The unique WiFi network name (SSID) and password is on the router label. If you changed these settings, then look for the network name that you used.
3. Enter the modem router password and click Connect.
This software scans for all wireless networks in your area.

Wi-Fi Protected Setup (WPS) Method

Wi-Fi Protected Setup (WPS) lets you connect to a secure WiFi network without typing its password. Instead, press a button or enter a PIN. NETGEAR calls WPS Push 'N' Connect.
Some older WiFi equipment is not compatible with WPS. WPS works only with WPA2 or WPA wireless security.
To use WPS to join the wireless network:
1. Press the WPS button on the modem router front panel
2. Within 2 minutes, press the WPS button on your wireless device or follow the WPS
instructions that came with the device. The WPS process automatically sets up your wireless computer with the network
password and connects you to the wireless network.
Getting Started with NETGEAR genie
22
.
N300 Wireless ADSL2+ Modem Router DGN2200v3

NETGEAR genie App and Mobile genie App

The genie app is the easy dashboard for managing, monitoring, and repairing your home network. See the NETGEAR genie App User Manual for details about the genie apps.
Retrieve wireless password
Menu
About genie
Language
Dashboard (Click to view details)
Support
The genie app can help you with the following:
Automatically repair common wireless network problems.
Have easy access to router features like Live Parental Controls, guest access, Internet
traf
fic meter, speed test, and more.
The genie mobile app works on your iPhone, iPad, or Android phone:
Phone status
Log in to the router
Search NETGEAR support
Information about genie mobile app and the connected router
Getting Started with NETGEAR genie
23

3. NETGEAR genie Basic Settings

Your Internet connection and network
This chapter contains the following sections:
Basic Home Screen
Internet Setup
Attached Devices
Parental Controls
ReadySHARE USB Storage
Basic Wireless Settings
3
24
N300 Wireless ADSL2+ Modem Router DGN2200v3

Basic Home Screen

The genie Basic Home screen is shown in the following figure:

Internet Setup

The Internet Setup screen is where you view or change basic ISP information.
Note: You can use the Setup Wizard to detect the Internet connection and
automatically set up the modem router. See Setup Wizard on page 38.
NETGEAR genie Basic Settings
25
N300 Wireless ADSL2+ Modem Router DGN2200v3
To view or change the basic Internet setup:
1. From the Home screen, select Internet. The following screen displays:
The fields that display in the Internet Setup screen depend on whether your Internet connection requires a login.
Scroll to view more settings
Yes. Select the encapsulation method and enter the login name. If you want to
change the login time-out, enter a new value in minutes.
No. Enter the account and domain names, only if needed.
2. Enter the settings for the IP address and DNS server
. The default settings usually work fine.
If you have problems with your connection, check the ISP settings.
3. Click Apply to save your settings.
4. Click T
est to test your Internet connection. If the NETGEAR website does not display within
1 minute, see Chapter 10, Troubleshooting.

Internet Setup Screen Fields

The following descriptions explain all of the possible fields in the Internet Setup screen. The fields that display in this screen depend on whether tan ISP login is required.
Does Your ISP Require a Login? Answer either yes or no.
These fields display when no login is required:
Account Name (If required). Enter the account name provided by your ISP
also be called the host name.
Domain Name (If required). Enter the domain name provided by your ISP
These fields display when your ISP requires a login:
. This might
.
Internet Service Provider Encapsulation. ISP types.
L2TP.
Login.
The login name provided by your ISP. This login name is often an email address.
NETGEAR genie Basic Settings
26
The choices are PPPoE, PPTP, or
N300 Wireless ADSL2+ Modem Router DGN2200v3
Password. The password that you use to log in to your ISP.
Idle Timeout (In minutes). If you want to change the login timeout, enter a new value in
minutes. This setting determines how long the modem router keeps the Internet connection active after there is no Internet activity from the LAN. A value of 0 (zero) means never log out.
Internet IP Address.
Get Dynamically from ISP. Your ISP uses DHCP to assign your IP address. Your ISP
automatically assigns these addresses.
Use Static IP Address. Enter the IP address, IP subnet mask, and the gateway IP
address that your ISP assigned. The gateway is the ISP’s modem router to which your modem router will connect.
Domain Name Server (DNS) Address. The DNS server is used to look up site addresses based on their names.
Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers. Your ISP
automatically assigns this address.
Use These DNS Servers. If you know that your ISP requires specific servers, select this
option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.
Modem Router MAC Address. The Ethernet MAC address that the modem router uses on the Internet port. Some ISPs register the MAC address of the network interface card in your computer when your account is first opened. They accept traffic only from the MAC address of that computer. This feature allows your modem router to use your computer’s MAC address (this is also called cloning).
Use Default Address. Use the default MAC address.
Use Computer MAC Address. The modem router captures and uses the MAC address of
the computer that you are now using. You have to use the one computer that is allowed by the ISP.
Use This MAC Address. Enter the MAC address that you want to use.
NETGEAR genie Basic Settings
27
N300 Wireless ADSL2+ Modem Router DGN2200v3

Attached Devices

Use the Attached Device screen to view all computers or devices that are currently connected to your network.
To go to the Attached Devices screen:
From the Basic Home screen, select Attached Devices to display the following screen:
Wired devices are connected to the modem router with Ethernet cables. Wireless devices have joined the wireless network.
# (number). The order in which the device joined the network.
IP Address.
the network. This number can change if a device is disconnected and rejoins the network.
Device Name. If the device name is known, it is shown here.
MAC Address.
address is typically shown on the product label.
You can click Refresh to update this screen.
The IP address that the modem router assigned to this device when it joined
The unique MAC address for each device does not change. The MAC
NETGEAR genie Basic Settings
28
N300 Wireless ADSL2+ Modem Router DGN2200v3

Parental Controls

The first time you select Parental Controls from the Basic Home screen, your browser goes to the Parental Controls website. You can learn more about Live Parental Controls or download the application.
To set up Live Parental Controls:
1. Select Parental Controls on the Dashboard screen.
2. Click either the W
3. Follow the onscreen instructions to download and install the NETGEAR Live Parental
Controls Management Utility
After installation, Live Parental Controls automatically starts.
indows Users or Mac Users button.
.
4. Click Next, read the note, and click Next again to proceed.
NETGEAR genie Basic Settings
29
N300 Wireless ADSL2+ Modem Router DGN2200v3
Because Live Parental Controls uses free OpenDNS accounts, you are prompted to log in or create a free account.
5. Select the radio button that applies to you and click Next.
If you already have an OpenDNS account, leave the Ye
s radio button selected.
If you do not have an OpenDNS account, select the No radio button.
If you are creating an account, the following screen displays:
Fill in the fields and click Next.
After you log on or create your account, the filtering level screen displays:
NETGEAR genie Basic Settings
30
N300 Wireless ADSL2+ Modem Router DGN2200v3
6. Select the radio button for the filtering level that you want and click Next.
7. Click the Take me to the status screen button.
Parental controls are now set up for the router. The Dashboard shows Parental Controls as Enabled.

ReadySHARE USB Storage

You can view information about a USB storage device that is connected to the modem router’s USB port here. From the Basic Home screen, select ReadySHARE to display the USB Storage (Basic Settings) screen:
This screen displays the following:
Network/Device Name.
USB device connected to the modem router.
A
vailable Network Folders. The folders on the USB device.
Share Name. If only one device is connected, the default share name is USB_Storage.
Y
ou can click the name shown, or you can type it in the address field of your web browser. If Not Shared is shown, the default share has been deleted, and no other share for the root folder exists. Click the link to change this setting.
The default is \\readyshare. This is the name used to access the
Read/Write Access. Shows the permissions and access controls on the network folder:
All – no password (the default) allows all users to access the network folder
NETGEAR genie Basic Settings
31
. The user
N300 Wireless ADSL2+ Modem Router DGN2200v3
name (account name) for All – no password is guest. The password for admin is the same one that you use to log in to the modem router. By default, it is password.
Folder Name. Full path of the network folder.
Volume Name. Volume name from the storage device (either USB drive or HDD).
Total/Free Space. Shows the current utilization of the storage device.
Edit. Click the Edit button to edit the Available Network Folders settings.
Safely Remove a USB Device. Click to safely remove the USB device attached to your
modem router.
You can click Refresh to update this screen.
For more information about USB storage, see Chapter 5, USB Storage.

Basic Wireless Settings

The Wireless Settings screen lets you view or configure the wireless network setup.
The N300 Wireless ADSL2+ Modem Router comes with preset security. This means that the Wi-Fi network name (SSID), network key (password), and security option (encryption protocol) are preset in the factory. You can find the preset SSID and password on the bottom of the unit.
Note: The preset SSID and password are uniquely generated for every
device to protect and maximize your wireless security.
To view or change basic wireless settings:
NETGEAR recommends that you do not change your preset security settings. If you change
your preset security settings, make a note of the new settings and store it in a safe place where you can easily find it.
If you use a wireless computer to change the wireless network name (SSID) or other wireless security settings, you are disconnected when you click Apply. To avoid this problem, use a computer with a wired connection to access the modem router.
NETGEAR genie Basic Settings
32
N300 Wireless ADSL2+ Modem Router DGN2200v3
1. Select Basic > Wireless to display the Wireless Settings screen.
The screen sections, settings, and procedures are explained in the following sections.
2. Make any changes that are needed and click Apply to save your settings.
3. Set up and test your wireless devices and computers to make sure that they can connect
wirelessly
Is your wireless device or computer connected to your network or another wireless
Does your wireless device or computer show up on the
If you are not sure what the network name (SSID) or password is, look on the label on
. If they do not, check the following:
network in your area? Some wireless devices automatically connect to the first open network (without wireless security) that they discover
does, then it is connected to the network.
the bottom of your modem router.
.
Attached Devices screen? If it

Wireless Settings Screen Fields

Region Selection
The location where the modem router is used. Select from the countries in the list. In the United States, the region is fixed to United States and is not changeable.
Wireless Network (2.4 GHz b/g/n)
The b/g/n notation references the 802.11 standards of conformance for the 2.4 GHz radio frequency.
Enable Wireless Isolation. If this check box is selected, computers or wireless devices that join the network can use the Internet, but cannot access each other or access Ethernet devices on the network.
Enable SSID Broadcast. This setting allows the modem router to broadcast its SSID so wireless stations can see this wireless name (SSID) in their scanned network lists.
NETGEAR genie Basic Settings
33
This
N300 Wireless ADSL2+ Modem Router DGN2200v3
check box is selected by default. To turn off the SSID broadcast, clear the Allow Broadcast of Name (SSID) check box, and click Apply.
Name (SSID). The SSID is also known as the wireless network name. Enter a 32-character
(maximum) name in this field. This field is case-sensitive. The default SSID is randomly generated, and NETGEAR strongly recommends that you do not change this setting.
Channel.
13. (For products in the North America market, only Channels 1 through 11 can be operated.) Do not change the channel unless you experience interference (shown by lost connections or slow data transfers). If this happens, experiment with different channels to see which is the best.
Mode. Up to 150 Mbps is the default and allows 802.1
join the network. g & b supports up to 54 Mbps. Up to 65 Mbps supports up to 65 Mbps.
This setting is the wireless channel the gateway uses. Enter a value from 1 through
1n and 802.11g wireless devices to
Security Options Settings
The Security Options section of the Wireless Settings screen lets you change the security option and passphrase. NETGEAR recommends that you do not change the security
option or passphrase, but if you want to change these settings, this section explains how. Do not disable security.

Change WPA Security Option and Passphrase

You can change the security settings for your modem router. If you do so, then write down the new settings and store them in a secure place for future reference.
To change the WPA settings:
1. On the Wireless Settings screen, under Security Options, select the WP
want.
A option you
2. In the Passphrase field that displays when you select a WPA security option, enter the
network key (passphrase) that you want to use. It is a text string from 8 to 63 characters.
NETGEAR genie Basic Settings
34
N300 Wireless ADSL2+ Modem Router DGN2200v3

Guest Networks

Adding a guest network allows visitors at your home to use the Internet without giving them your wireless security key. You can add a guest network to each wireless network: 2.4 GHz b/g/n and 5.0 GHz a/n.
To set up a guest network:
1. Select Basic > Guest Network to display the following screen:
2. Select any of the following wireless settings:
Enable this wireless network. When this check box is selected, the guest network is
enabled, and guests can connect to your network using the SSID of this profile.
Enable SSID Broadcast. If this check box is selected, the wireless access point broadcasts its name (SSID) to all wireless stations. Stations with no SSID can adopt the correct SSID for connections to this access point.
Allow guest to access My Local Network. If this check box is selected, anyone who connects to this SSID has access to your local network, not just Internet access.
Enable Wireless Isolation. If this check box is selected, wireless computers or devices that join the network can use the Internet but cannot access each other or access Ethernet devices on the network.
3. Give the guest network a name.
The guest network name is case-sensitive and can be up to 32 characters. You then manually configure the wireless devices in your network to use the guest network name in addition to the main SSID.
4. Select a security option from the list. The security options are described in Guest Network
Wireless Security Options on page 36.
5. Click Apply to save your selections.
NETGEAR genie Basic Settings
35
N300 Wireless ADSL2+ Modem Router DGN2200v3

Guest Network Wireless Security Options

A security option is the type of security protocol applied to your wireless network. The security protocol in force encrypts data transmissions and ensures that only trusted devices receive authorization to connect to your network. Wi-Fi Protected Access (WPA) has several options including pre-shared key (PSK) encryption.
This section presents an overview of the security options and provides guidance on when to use which option. It is also possible to set up a guest network without wireless security. NETGEAR does not recommend this.
WPA Encryption
WPA encryption is built into all hardware that has the Wi-Fi-certified seal. This seal means that the product is authorized by the Wi-Fi Alliance (http://www.wi-fi.org/) because it complies with the worldwide single standard for high-speed wireless local area networking.
WPA uses a passphrase for authentication and to generate the initial data encryption keys. Then it dynamically varies the encryption key. WPA-PSK uses Temporal Key Integrity Protocol (TKIP) data encryption, implements most of the IEEE 802.11i standard, and works with all wireless network interface cards, but not all wireless access points.
WPA2-PSK is stronger than WPA-PSK. It is advertised to be theoretically indecipherable due to the greater degree of randomness in encryption keys that it generates. WPA2-PSK gets higher speed because it is usually implemented through hardware, while WPA-PSK is usually implemented through software. WPA2-PSK uses a passphrase to authenticate and generate the initial data encryption keys. Then it dynamically varies the encryption key.
WPS-PSK + WPA2-PSK Mixed Mode can provide broader support for all wireless clients. WPA2-PSK clients get higher speed and security, and WPA-PSK clients get decent speed and security. For help with WPA settings on your wireless computer or device, see the instructions that came with your product.
NETGEAR genie Basic Settings
36

4. NETGEAR genie Advanced Home

Specifying custom settings
This chapter contains the following sections:
NETGEAR genie Advanced Home Screen
Setup Wizard
WPS Wizard
Setup Menu
WAN Setup
LAN Setup
Quality of Service (QoS) Setup
Some selections on the Advanced Home screen are described in separate chapters:
USB Storage. See Chapter 5, USB Storage.
Security. See Chapter 6, Security.
Administration. See Chapter 7, Administration.
Advanced Setup. See Chapter 8, Advanced Settings.
Advanced VPN. See Chapter 9, Virtual Private Networking.
4
37
N300 Wireless ADSL2+ Modem Router DGN2200v3

NETGEAR genie Advanced Home Screen

The genie Advanced Home dashboard presents status information. The content is the same as what is on the Router Status screen available from the Administration menu.The genie Advanced Home screen is shown in the following figure:
This screen is also displayed through the Administration menu.

Setup Wizard

You can use the Setup Wizard to detect your Internet settings and automatically set up your router. The Setup Wizard is not the same as the genie screens that display the first time you connect to your router to set it up.
To use the Setup Wizard:
1. Select Advanced > Setup W
2. Select either Yes or No, I want to configure the router myself. If you select No, you are
taken to the Internet Setup screen (see Internet Setup on page 25).
izard to display the following screen:
NETGEAR genie Advanced Home
38
N300 Wireless ADSL2+ Modem Router DGN2200v3
3. Select Yes and click Next.
The Setup Wizard searches your Internet connection for servers and protocols to determine your ISP configuration. The following screen displays:

WPS Wizard

The WPS Wizard helps you add a WPS-capable client device (a wireless device or computer) to your network. On the client device, either press its WPS button or locate its WPS PIN.
To use the WPS Wizard:
1. Select Advanced > WPS W
2. Click Next.
wireless device or computer).
You can use either the push button or PIN method.
3. Select either Push Button or PIN Number.
T
o use the push button method, either click the WPS button on this screen, or press the WPS button on the side of the modem router. Within 2 minutes, go to the wireless client and press its WPS button to join the network without entering a password.
The following screen lets you select the method for adding the WPS client (a
izard.
NETGEAR genie Advanced Home
39
N300 Wireless ADSL2+ Modem Router DGN2200v3
To use the PIN method, select the PIN Number radio button, enter the client security
PIN, and click Next.
Within 2 minutes, go to the client device and use its WPS software to join the network without entering a password.
The modem router attempts to add the WPS-capable device. The WPS LED on the front of the modem router blinks green. When the modem router establishes a WPS connection, the LED is solid green, and the modem router WPS screen displays a confirmation message.
4. Repeat Step 2 and Step 3 to add another WPS client to your network.

Setup Menu

Select Advanced > Setup to display the Setup menu. The following selections are available:
Internet Setup. Go to the same Internet Setup screen that you can access from the
dashboard on the Basic Home screen. See Internet Setup on page 25.
W
ireless Setup. Go to the same Wireless Settings screen that you can access from the
dashboard on the Basic Home screen. See Basic Wireless Settings on page 32.
Guest Network.
can access from the dashboard on the Basic Home screen. See Guest Networks on page 35.
W
AN Setup. Internet (WAN) setup. See WAN Setup on page 41.
LAN Setup. Local area network (LAN) setup. See LAN Setup on page 44.
QoS Setup. Quality of Service (QoS) setup. See Quality of Service (QoS) Setup on
page 47.
This selection is a shortcut to the same Guest Network screen that you
NETGEAR genie Advanced Home
40
N300 Wireless ADSL2+ Modem Router DGN2200v3

WAN Setup

The WAN Setup screen lets you configure a DMZ (demilitarized zone) server, change the Maximum Transmit Unit (MTU) size, and enable the modem router to respond to a ping on the WAN (Internet) port.
To view or change the WAN settings:
Select Advanced > Setup > W
The following settings are available:
Disable Port Scan and DoS Protection. DoS protection protects your LAN against
denial of service attacks such as Syn flood, Smurf
Attack, UDP Flood, ARP Attack, Spoofing ICMP, Null Scan, and many others. This should
be disabled only in special circumstances.
Default DMZ Server.
games or videoconferencing. Be careful when using this feature because it makes the firewall security less effective. See the following section, Default DMZ Server, for more details.
Respond to Ping on Internet Port. If you want the modem router to respond to a ping
from the Internet, select this check box. Use this setting only as a diagnostic tool because it allows your modem router to be discovered. Do not select this check box unless you have a specific reason.
MTU Size (in bytes).
networks is 1500 bytes, or 1492 bytes for PPPoE connections. For some ISPs, you might need to reduce the MTU. This is rarely required. You should only change the setting in this field if you are sure it is necessary for your ISP connection. See Change the MTU
Size on page 42.
NA
T Filtering. Network Address Translation (NAT) determines how the modem router
processes inbound traffic. Secured NAT provides a secured firewall to protect the computers on the LAN from attacks from the Internet, but might prevent some Internet games, point-to-point applications, or multimedia applications from functioning. Open
This feature is sometimes helpful when you are playing online
The normal MTU (Maximum Transmit Unit) value for most Ethernet
AN Setup
Attack, Ping of Death, Teardrop
NETGEAR genie Advanced Home
41
N300 Wireless ADSL2+ Modem Router DGN2200v3
NAT provides a much less secured firewall, but allows almost all Internet applications to function.
Disable SIP ALG. The Session Initiation Protocol (SIP) Application Level Gateway (ALG)
is enabled by default to optimize VoIP phone calls that use the SIP. The Disable SIP ALG check box allows you to disable the SIP ALG. Disabling the SIP ALG might be useful when running certain applications.
Disable IGMP Proxying. The IGPM Proxying feature lets a LAN computer receive the
multicast traffic directed to it from the Internet. Selecting this check box prevents this from occurring.

Default DMZ Server

The default DMZ server feature is helpful when you are using some online games and videoconferencing applications that are incompatible with Network Address Translation (NAT). The modem routerrecognizes some of these applications and works correctly with them, but there are other applications that might not function well. In some cases, one local computer can run the application correctly if that computer’s IP address is entered as the default DMZ server.
WARNING:
DMZ servers pose a security risk. A computer designated as the default DMZ server loses much of the protection of the firewall and is exposed to exploits from the Internet. If compromised, the DMZ server computer can be used to attack other computers on your network.
The router usually detects and discards Incoming traffic from the Internet that is not a response to one of your local computers or a service that you have set up in the Port Forwarding/Port Triggering screen. Instead of discarding this traffic, you can have the router forward the traffic to one computer on your network. This computer is called the default DMZ server.
To set up a default DMZ server:
1. On the WAN Setup screen, select the Default DMZ Server check box.
2. Type the IP address.
3. Click Apply.

Change the MTU Size

The Maximum Transmission Unit (MTU) is the largest data packet a network device transmits. When one network device communicates across the Internet with another, the data packets travel through many devices along the way. If a device in the data path has a lower MTU setting than the other devices, the data packets are split or “fragmented” to accommodate the device with the smallest MTU.
NETGEAR genie Advanced Home
42
N300 Wireless ADSL2+ Modem Router DGN2200v3
The best MTU setting for NETGEAR equipment is often just the default value. In some situations, changing the value fixes one problem but causes another. Leave the MTU unchanged unless one of these situations occurs:
ou have problems connecting to your ISP or other Internet service, and the technical
Y
support of either the ISP or NETGEAR recommends changing the MTU setting. These web-based applications might require an MTU change:
- A secure website that does not open, or displays only part of a web page
ahoo email
- Y
- MSN portal
- America Online’
Y
ou use VPN and have severe performance problems.
Y
ou used a program to optimize MTU for performance reasons, and now you have
s DSL service
connectivity or performance problems.
Note: An incorrect MTU setting can cause Internet communication
problems. For instance, you might not be able to access certain websites, frames within websites, secure login pages, or FTP or POP servers.
If you suspect an MTU problem, a common solution is to change the MTU to 1400. If you are willing to experiment, you can gradually reduce the MTU from the maximum value of 1500 until the problem goes away applications.
Table 2. Common MTU Sizes
MTU Application
1500 The largest Ethernet packet size and the default value. This setting is typical for
1492 Used in PPPoE environments.
1472 Maximum size to use for pinging. (Larger packets are fragmented.)
1468 Used in some DHCP environments.
1460 Usable by AOL if you do not have large email attachments, for example.
1436 Used in PPTP environments or with VPN.
1400 Maximum size for AOL DSL.
576 Typical value to connect to dial-up ISPs.
connections that do not use PPPoE or VPN, and is the default value for NETGEAR modem routers, adapters, and switches.
. The following table describes common MTU sizes and
NETGEAR genie Advanced Home
43
N300 Wireless ADSL2+ Modem Router DGN2200v3
To change the MTU size:
1. Select Advanced > Setup > WAN Setup.
2. In the MTU Size field, enter a value from 64 to 1500.
3. Click Apply to save the settings.

LAN Setup

The LAN Setup screen allows configuration of LAN IP services such as Dynamic Host Configuration Protocol (DHCP) and Routing Information Protocol (RIP).
The modem router is shipped preconfigured to use private IP addresses on the LAN side and to act as a DHCP server. The modem router’s default LAN IP configuration is:
LAN IP address. 192.168.1.1
Subnet mask. 255.255.255.0
These addresses are part of the designated private address range for use in private networks and are suitable for most applications. If your network requires a dif scheme, you can change these settings in the LAN Setup screen.
ferent IP addressing
To change the LAN settings:
Note: If you change the LAN IP address of the modem router while
connected through the browser, you will be disconnected. You will have to open a new connection to the new IP address and log in again.
1. Select Advanced > Setup > LAN Setup to display the following screen:
NETGEAR genie Advanced Home
44
N300 Wireless ADSL2+ Modem Router DGN2200v3
2. Enter the settings that you want to customize. These settings are described in the following
section,
3. Click Apply to save your changes.
LAN Setup Screen Settings.

LAN Setup Screen Settings

LAN TCP/IP Setup
IP Address. The LAN IP address of the modem router.
IP Subnet Mask. The LAN subnet mask of the modem router. Combined with the IP
address, the IP subnet mask allows a device to know which other addresses are local to it, and which addresses have to be reached through a gateway or modem router.
RIP Direction. Router Information Protocol (RIP) allows a router to exchange routing
information with other routers. This setting controls how the router sends and receives RIP packets. Both is the default setting. With the Both or Out Only setting, the router broadcasts its routing table periodically. With the Both or In Only setting, the router incorporates the RIP information that it receives.
RIP Version. This setting controls the format and the broadcasting method of the RIP
packets that the modem router sends. It recognizes both formats when receiving. By default, the RIP function is disabled.
RIP-1 is universally supported. It is adequate for most networks, unless you have an unusual network setup.
RIP-2 carries more information. Both RIP-2B and RIP-2M send the routing data in RIP-2 format. RIP-2B uses subnet broadcasting. RIP-2M uses multicasting.
Use Router as a DHCP Server
Usually, this check box is selected so that the modem router functions as a Dynamic Host Configuration Protocol (DHCP) server.
Starting IP Address. Specify the start of the range for the pool of IP addresses in the
same subnet as the modem router.
Ending IP Address. Specify the end of the range for the pool of IP addresses in the
same subnet as the modem router.
Address Reservation
When you specify a reserved IP address for a computer on the LAN, that computer receives the same IP address each time it accesses the modem router’s DHCP server. Assign reserved IP addresses to servers that require permanent IP settings. See
Reservation on page 46.
Address
NETGEAR genie Advanced Home
45
N300 Wireless ADSL2+ Modem Router DGN2200v3

Use the Modem Router as a DHCP Server

By default, the modem router acts as a DHCP server. The router assigns IP, DNS server, and default gateway addresses to all computers connected to the LAN. The assigned default gateway address is the LAN address of the modem router. The modem router assigns IP addresses to the attached computers from a pool of addresses specified in this screen. Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN. For most applications, the default DHCP and TCP/IP settings of the modem router are satisfactory.
You can specify the pool of IP addresses to be assigned by setting the starting IP address and ending IP address. These addresses should be part of the same IP address subnet as the modem router’s LAN IP address. Using the default addressing scheme, define a range between 192.168.1.2 and 192.168.1.254, although you might want to save part of the range for devices with fixed addresses.
The modem router delivers the following parameters to any LAN device that requests DHCP:
An IP address from the range that you have defined
Subnet mask
Gateway IP address (the modem router’s LAN IP address)
DNS server IP address (the modem router’s LAN IP address)
To use another device on your network as the DHCP server, or to specify the network settings of all of your computers, clear the Use Router as DHCP Server check box and click Apply. Otherwise, leave this check box selected. If this service is not enabled and no other DHCP server is available on your network, set your computers’ IP addresses manually so that they can access the modem router.

Address Reservation

When you specify a reserved IP address for a computer on the LAN, that computer always receives the same IP address each time it accesses the modem router’s DHCP server. Reserved IP addresses should be assigned to computers or servers that require permanent IP settings.
To reserve an IP address:
1. In the Address Reservation section of the screen, click the Add button.
2. In the IP Address field, type the IP address to assign to the computer or server. (Choose an
IP address from the modem router’s LAN subnet, such as 192.168.1.x.)
3. Type the MAC address of the computer or server.
Tip: If the computer is already on your network, you can copy its MAC
address from the Attached Devices screen and paste it here.
4. Click Apply to enter the reserved address into the table.
NETGEAR genie Advanced Home
46
N300 Wireless ADSL2+ Modem Router DGN2200v3
The reserved address is not assigned until the next time the computer contacts the modem router’s DHCP server. Reboot the computer, or access its IP configuration and force a DHCP release and renew.
To edit or delete a reserved address entry, select the radio button next to the reserved address you want to edit or delete.
Then click Edit or Delete.

Quality of Service (QoS) Setup

QoS is an advanced feature that can be used to prioritize some types of traffic ahead of others. The N300 Wireless ADSL2+ Modem Router can provide QoS prioritization over the wireless link and on the Internet connection.
To configure QoS:
Select Advanced > Setup > QoS Setup to display the following screen:
Enable WMM QoS for Wireless Multimedia Applications
The N300 Wireless ADSL2+ Modem Router supports Wi-Fi Multimedia Quality of Service (WMM QoS) to prioritize wireless voice and video traffic over the wireless link. WMM QoS provides prioritization of wireless data packets from different applications based on four access categories: voice, video, best effort, and background. For an application to receive the benefits of WMM QoS, both it and the client running that application have to have WMM enabled. Legacy applications that do not support WMM and applications that do not require QoS, are assigned to the best effort category, which receives a lower priority than voice and video.
WMM QoS is enabled by default. You can disable it in the QoS Setup screen by clearing the Enable WMM check box and clicking Apply.
Set Up QoS for Internet Access
You can give prioritized Internet access to the following types of traffic:
Specific applications
Specific online games
NETGEAR genie Advanced Home
47
N300 Wireless ADSL2+ Modem Router DGN2200v3
Individual Ethernet LAN ports of the modem router
A specific device by MAC address
To specify prioritization of traffic, create a policy for the type of traffic and add the policy to the QoS Policy table in the QoS Setup screen. For convenience, the QoS Policy table lists many common applications and online games that can benefit from QoS handling.
QoS for Applications and Online Gaming
To create a QoS policy for applications and online games:
1. In the QoS Setup screen, select the T
urn Internet Access QoS On check box.
2. Click the Setup QoS Rule button to see the QoS Priority Rule list.
You can edit or delete a rule by selecting its radio button and clicking either the Edit or Delete button. You can also delete all the rules by clicking the Delete All button.
3. To add a priority rule, scroll down to the bottom of the QoS Setup screen and click Add
Priority Rule to display the following screen:
4. In the QoS Policy for field, type the name of the application or game.
5. In the Priority Category list, select either Applications or Online Gaming. In either case, a
list of applications or games displays in the list.
NETGEAR genie Advanced Home
48
N300 Wireless ADSL2+ Modem Router DGN2200v3
6. You can select an existing item from the list, or you can scroll and select Add a New
Application or Add a New Game, as applicable.
7. If prompted, in the Connection
Type list, select either TCP, UDP, or both (TCP/UDP). Specify
the port number or range of port numbers that the application or game uses.
8. From the Priority list, select the priority for Internet access for this traf
fic relative to other
applications and traffic. The options are Low, Normal, High, and Highest.
9. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
QoS for a Modem Router LAN Port
To create a QoS policy for a device connected to one of the modem router’s LAN
ports:
1. Select Advanced > Setup > QoS Setup to display the QoS Setup screen.
2. Select the T
3. Click the Setup QoS Rule button.
4. Click the Add Priority Rule button.
5. From the Priority Category list, select Ethernet LAN Port, as shown in the following figure:
urn Internet Access QoS On check box.
6. From the LAN port list, select the LAN port.
7. From the Priority list, select the priority for Internet access for this port’
s traffic relative to
other applications. The options are Low, Normal, High, and Highest.
8. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
9. In the QoS Setup screen, click Apply.
QoS for a MAC Address
To create a QoS policy for traffic from a specific MAC address:
1. Select Advanced > Setup > QoS Setup, and click the Setup QoS Rule button.
QoS Setup screen displays.
2. Click Add Priority Rule.
The
NETGEAR genie Advanced Home
49
N300 Wireless ADSL2+ Modem Router DGN2200v3
3. From the Priority Category list, select MAC Address to display the following screen:
4. If the device to be prioritized appears in the MAC Device List, select its radio button. The
information from the MAC Device List populates the policy name, MAC Address, and Device Name fields. If the device does not appear in the MAC Device List, click Refresh. If it still does not appear, then fill in these fields manually.
5. From the Priority list, select the priority for Internet access for this device’
s traffic reelative to
other applications and traffic. The options are Low, Normal, High, and Highest.
6. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
7. In the QoS Setup screen, select the T
urn Internet Access QoS On check box.
8. Click Apply.
Edit or Delete an Existing QoS Policy
To edit or delete a QoS policy:
1. Select Advanced > QoS Setup to display the QoS Setup screen.
2. Select the radio button next to the QoS policy that you want to edit or delete, and do one of
the following:
Click Delete to remove the QoS policy
Click Edit to edit the QoS policy
. Follow the instructions in the preceding sections to
change the policy settings.
3. Click Apply in the QoS Setup screen to save your changes.
.
NETGEAR genie Advanced Home
50

5. USB Storage

Accessing and configuring a USB storage
5
drive
This chapter describes how to access and configure a USB storage drive attached to your
modem router. The USB port on the modem router can be used only to connect USB storage devices like flash drives or hard drives, or a printer. Do not connect computers, USB modems, CD drives, or DVD drives to the modem router USB port.
This chapter contains the following sections:
USB Drive Requirements
ReadySHARE Access
File-Sharing Scenarios
Basic Settings
USB Storage Advanced Settings
Safely Remove a USB Drive
Media Server Settings
Specify Approved USB Devices
For additional about ReadySHARE features, see www.netgear.com/readyshare.
51
N300 Wireless ADSL2+ Modem Router DGN2200v3

USB Drive Requirements

The modem router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High Speed) standards. The approximate USB bus speeds are shown in the following table. Actual bus speeds can vary, depending on the CPU speed, memory, speed of the network, and other variables.
Table 3. USB Drive Speeds
Bus Speed/Sec
USB 1.1 12 Mbits
USB 2.0 480 Mbits
The modem router works with most USB-compliant external flash and hard drives. For the most up-to-date list of USB drives that the modem router supports, go to:
http://kbserver.netgear.com/readyshare
The modem router supports both read and write for FAT16, FAT32, and NTFS.
Note: Some USB external hard drives and flash drives require you to load
the drivers onto the computer before the computer can access the USB device. Such USB devices do not work with the modem router.

ReadySHARE Access

Once you have set up your modem router, you can connect any USB storage device and share the contents with others on your network.
You can access your USB device in any of the following ways:
On Windows 7, Windows XP
Run, and enter \\readyshare in the dialog box. Click OK.
On Windows 7, Windows XP
Explorer or Safari, and enter \\readyshare in the address bar.
On Mac OSX (version 10.2 or later), enter smb://readyshare in the address bar
In My Network Places, enter \\readyshare in the address bar
, Windows Vista, and Windows 2000 systems, select Start >
, Windows Vista, and Windows 2000 systems, open Internet
.
.

File-Sharing Scenarios

You can share files on the USB drive for a wide variety of business and recreational purposes. The files can be any PC, Mac, or Linux file type including text files, Word, PowerPoint, Excel, MP3, pictures, and multimedia. USB drive applications include:
USB Storage
52
N300 Wireless ADSL2+ Modem Router DGN2200v3
Sharing multimedia with friends and family such as MP3 files, pictures, and other
multimedia with local and remote users.
Sharing resources on your network. You can store files in a central location so that you
do not have to power up a computer to perform local sharing. In addition, you can share files between Macintosh, Linux, and PC computers by using the USB drive as a go-between across the systems.
Sharing files such as Word documents, PowerPoint presentations, and text files with
remote users.
A few common uses are described in the following sections.
Sharing Photos
You can create your own central storage location for photos and multimedia. This method eliminates the need to log in to (and pay for) an external photo-sharing site.
To share files with your friends and family:
1. Insert your USB drive into the USB port on the modem router either directly or with a
USB cable. Computers on your local area network (LAN) can automatically access this USB drive
using a web browser or Microsoft Networking.
2. If you want to specify read-only access or to allow access from the Internet, see USB Storage Advanced Settings on page 56.
Storing Files in a Central Location for Printing
This scenario is for a family that has one high-quality color printer directly attached to a computer, but not shared on the local area network (LAN). This family does not have a print server.
One family member has photos on a Macintosh computer that she wants to print.
The photo-capable color printer is directly attached to a PC, but not shared on the
network.
The Mac and PC are not visible to each other on the network.
To print photos from a Mac on the printer attached to a PC:
1. On the Mac, access the USB drive by typing \\readyshare in the address field of a web
browser. Then copy the photos to the USB drive.
2. On the PC, use a web browser or Microsoft Networking to copy the files from the USB drive
to the PC. Then print the files.
Sharing Large Files over the Internet
Sending files that are larger than 5 MB can pose a problem for many email systems. The modem router allows you to share large files such as PowerPoint presentations or .zip files over the Internet. FTP can be used to download shared files from the modem router.
Sharing files with a remote colleague involves the following considerations:
USB Storage
53
N300 Wireless ADSL2+ Modem Router DGN2200v3
There are two user accounts: admin and guest. The password for admin is the same one
that you use to access the modem router. By default, it is password. The guest user account has no password.
On the FTP site, the person receiving the files uses the guest user account and enters the
password. (FTP requires that you type something in the password field.)
Be sure to select the FTP (via Internet) check box in the USB Storage
Settings screen. This option supports both downloading and uploading of files.
Note: You can enable the HTTP (via Internet) option on the Advanced
USB Storage screen to share large files. This option supports downloading files only.
Advanced

Basic Settings

You can view or edit basic settings for the USB storage device attached to your modem router.
You can access this feature by selecting Basic > ReadySHARE, or Advanced > USB Storage > ReadySHARE.
The USB Storage (Basic Settings) screen displays:
By default, the USB storage device is available to all computers on your local area network (LAN).
USB Storage
54
N300 Wireless ADSL2+ Modem Router DGN2200v3
To access your USB device:
1. Click the network device name or the share name in your computer’s network folders
list.
2. For SMB://readyshare, click Connect.
Note: If you logged in to the modem router before you connected your
USB device, you might not see your USB device in the modem router screens. If this happens, log out and then log back in.

Add or Edit a Network Folder

1. You can access this feature by selecting Basic > ReadySHARE, and clicking Edit, or
selecting Advanced > USB Storage > Advanced Settings.
2. Specify the changes that you want to make:
o add a folder, click Create Network Folder.
T
To edit a folder, select its radio button, and then click Edit.
USB Storage
55
N300 Wireless ADSL2+ Modem Router DGN2200v3
3. can use this screen to select a folder, change the share name, or change the read access
or write access from All – no password to . The user name (account name) for All – no password is guest. The password for admin is
the same one that is used to log in to the modem router. By default, it is password.
4. Click Apply for your changes to take ef
fect.

USB Storage Advanced Settings

You can set up the device name, workgroups, and network folders for your USB device. On the Advanced tab, select USB Storage > Advanced Settings to display the following screen:
You can use this screen to specify access to the USB storage device.
Network Device Name.
USB device connected to the modem router.
W
orkgroup. If you are using a Windows workgroup rather than a domain, the workgroup
name is displayed here. The name works only in an operating system that supports NetBIOS, such as Microsoft Windows.
Access Method.
Network Connection. Enabled by default, this connection allows all users on the LAN to
have access to the USB drive.
HTTP. Enabled by default. access the USB drive.
HTTP (via Internet. Disabled by default. If you enable this setting, remote users can type http://<public IP address/shares> (for example, http://1.1.10.102/shares) or a URL
The access methods are described here.
The default is readyshare. This is the name used to access the
You can type http://readyshare.routerlogin.net/shares to
USB Storage
56
N300 Wireless ADSL2+ Modem Router DGN2200v3
domain name to access the USB drive over the Internet. This setting supports file uploading only.
FTP. Disabled by default.
FTP (via Internet). Disabled by default. If you enable this setting, remote users can
access the USB drive through FTP over the Internet. downloading and uploading of files.
This setting supports both
Available Network Folders
You might need to scroll down to view this section of the screen:
Share Name. If only 1 device is connected, the default share name is USB_Storage. You
can click the name shown, or you can type it in the address field of your web Browser. If Not Shared is shown, the default share has been deleted, and no other share for the root folder exists. Click the link to change this setting.
Read/W
All - no password (the default) allows all users to access the network folder. The
password for admin is the same one that you use to log in to the modem router.
Folder Name. Full path of the network folder
V
olume Name. Volume name from the storage device (either USB drive or HDD).
T
otal/Free Space. Shows the current utilization of the storage device.
rite Access. Shows the permissions and access controls on the network folder:
.

Safely Remove a USB Drive

To remove a USB disk drive safely, select USB Storage > Basic Settings, and click the Safely Remove USB Device button. This takes the drive offline.
USB Storage
57
N300 Wireless ADSL2+ Modem Router DGN2200v3

Media Server Settings

By default, the modem router is set up to act as a Ready DLNA Media server. This setting lets you view movies and photos on DLNA/UPnP AV–compliant media players, such as Xbox360, Playstation, and NETGEAR’s Digital Entertainer Live.
To view these settings, select Advanced > USB Storage > Media Server to display the following screen:
By default the Enable Media Server check box and the Automatic (when new files are added) radio button are selected. When these options are selected, the modem router scans for media files whenever new files are added to the ReadySHARE USB hard drive.

Specify Approved USB Devices

For more security, you can set up the modem router to share approved USB devices only. You can access this feature from the Advanced Setup menu on the Advanced tab.
To set up approved USB devices:
1. Select Advanced >
displays:
2. Click the Approved Devices button. The USB Drive Approved Devices screen displays:
Advanced Setup > USB Settings. The following screen
USB Storage
58
N300 Wireless ADSL2+ Modem Router DGN2200v3
This screen shows the approved USB devices and the available USB devices. You can remove or add approved USB devices.
3. To add an approved USB device, select it from the Available USB Devices list, and then
click Add.
4. Select the Allow only approved devices check box.
5. Click Apply so that your change takes effect.
If you want to work with another USB device, first click the Safely Remove USB Device button for the currently connected USB device. Connect the other USB device, and repeat this process.

Connect to the USB Drive from a Remote Computer

To connect to the USB drive from remote computers with a web browser, use the modem router’s Internet port IP address. If you are using Dynamic DNS, you can type the DNS name, rather than the IP address. You can view the modem router’s Internet IP address from the dashboard on the Basic Home screen or the Advanced Home screen.

Access the Modem Router’s USB Drive Remotely Using FTP

To connect to the modem router’s USB drive using a web browser:
1. Connect to the modem router by typing ftp:// and the Internet port IP address in the
address field of Internet Explorer or Netscape Navigator, for example: ftp://10.1.65.4
If you are using Dynamic DNS, you can type the DNS name, rather than the IP address.
2. Type the account name and password that has access rights to the USB drive. The user
name (account name) for All – no password is guest.
3. The directories of the USB drive that your account has access to are displayed, for example,
share/partition1/directory1. You can now read and copy files from the USB directory.
USB Storage
59

6. Security

Keeping unwanted content out of your network
6
This chapter explains how to use the basic firewall features of the modem router to prevent
objectionable content from reaching the computers and devices on your network.
This chapter includes the following sections:
Keyword Blocking of HTTP Traffic
Firewall Rules to Control Network Access
Port Triggering to Open Incoming Ports
Port Forwarding to Permit External Host Communications
How Port Forwarding Differs from Port Triggering
Set Up Port Forwarding to Local Servers
Set Up Port Triggering
Schedule Blocking
Security Event Email Notifications
60
N300 Wireless ADSL2+ Modem Router DGN2200v3

Keyword Blocking of HTTP Traffic

Use keyword blocking to prevent certain types of HTTP traffic from accessing your network. The blocking can be always or according to a schedule.
To set up keyword blocking:
1. Select Advanced > Security > Block Sites to display the following screen:
2. Select one of the keyword blocking options:
Per Schedule.
Always.
Turn on keyword blocking all the time, independent of the Schedule screen.
Turn on keyword blocking according to the Schedule screen settings.
3. In the Keyword field, enter a keyword or domain, click Add Keyword, and click Apply.
The Keyword list supports up to 32 entries. Here are some sample entries:
Specify XXX to block http://www
Specify .com if you want to allow only sites with domain suf
.badstuff.com/xxx.html.
fixes such as .edu or .gov.
Enter a period (.) to block all Internet browsing access.
To delete a keyword or domain:
1. Select the keyword you want to delete from the list.
2. Click Delete Keyword, and then Apply to save your changes.
To specify a trusted computer:
You can exempt one trusted computer from blocking and logging. The computer you exempt has to have a fixed IP address.
1. In the
Trusted IP Address field, enter the IP address.
2. Click Apply to save your changes.
Security
61
N300 Wireless ADSL2+ Modem Router DGN2200v3

Firewall Rules to Control Network Access

Your modem router has a firewall that blocks unauthorized access to your wireless network and permits authorized inbound and outbound communications. Authorized communications are established according to inbound and outbound rules. The firewall has the following two default rules. You can create custom rules to further restrict the outbound communications or more widely open the inbound communications:
Inbound. Block all access from outside except responses to requests from the LAN side.
Outbound.

Set Up Firewall Rules

The Firewall Rules screen lets you add custom rules to make exceptions to the default rules. Exceptions can be based on the service or application, source or destination IP addresses, and time of day. You can log traffic that matches or does not match the rule and change the order of rule precedence.
Allow all access from the LAN side to the outside.
All traffic attempting to pass through the firewall is subjected to the rules in the order shown in the Rules table from the top (highest precedence) to the default rules at the bottom. In some cases, the order of precedence is important to determine which communications are allowed into or out of the network.
To set up firewall rules:
1. Select Advanced > Security > Firewall Rules to display the following screen:
2. To add an outbound rule, click Add under Outbound Services. To edit or delete a rule,
select its button on the left side and click Edit or Delete.
3. T
o change the order of precedence:
a. Select the button on the left side of the rule and click Move. b. At the prompt, enter the number of the new position and click OK.
4. T
o open or close instant messaging, select one of the following radio buttons:
Close IM Ports. Disables instant messaging traf
Open IM Ports. Enables instant messaging traf
fic.
fic. IM ports are open by default.
Security
62
N300 Wireless ADSL2+ Modem Router DGN2200v3
5. Click Apply to save your settings.

Port Triggering to Open Incoming Ports

Some application servers (such as FTP and IRC servers) send replies to multiple port numbers. Using the port triggering function of your router, you can tell the router to open additional incoming ports when a particular outgoing port originates a session.
An example is Internet Relay Chat (IRC). Your computer connects to an IRC server at destination port 6667. The IRC server not only responds to your originating source port, but also sends an “identify” message to your computer on port 113. Using port triggering, you can tell the router, “When you initiate a session with destination port 6667, you have to also allow incoming traffic on port 113 to reach the originating computer.” Using steps similar to the preceding example, the following sequence shows the effects of the port triggering rule you have defined:
1. You open an IRC client program to start a chat session on your computer.
2. Your IRC client composes a request message to an IRC server using a destination port
number of 6667, the standard port number for an IRC server process. Your computer then sends this request message to your router.
3. Your router creates an entry in its internal session table describing this communication
session between your computer and the IRC server. Your router stores the original information, performs Network Address Translation (NAT) on the source address and port, and sends this request message through the Internet to the IRC server.
4. Noting your port triggering rule and having observed the destination port number of 6667,
your router creates an additional session entry to send any incoming port 113 traffic to your computer.
5. The IRC server sends a return message to your router using the NAT-assigned source port
(for example, port 33333) as the destination port. The IRC server also sends an “identify” message to your router with destination port 113.
6. Upon receiving the incoming message to destination port 33333, your router checks its
session table to determine whether there is an active session for port number 33333. Finding an active session, the router restores the original address information replaced by NAT and sends this reply message to your computer.
7. Upon receiving the incoming message to destination port 113, your router checks its session
table and learns that there is an active session for port 113, associated with your computer. The router replaces the message’s destination IP address with your computer’s IP address and forwards the message to your computer.
8. When you finish your chat session, your router eventually senses a period of inactivity in the
communications. The router then removes the session information from its session table, and incoming traffic is no longer accepted on port numbers 33333 or 113.
To configure port triggering, you need to know which inbound ports the application needs. Also, you need to know the number of the outbound port that will trigger the opening of the inbound ports. You can usually determine this information by contacting the publisher of the application or the relevant user groups or news groups.
Only one computer at a time can use the triggered application.
Security
63
N300 Wireless ADSL2+ Modem Router DGN2200v3

Port Forwarding to Permit External Host Communications

In both of the preceding examples, your computer initiates an application session with a server computer on the Internet. However, you might need to allow a client computer on the Internet to initiate a connection to a server computer on your network. Normally, your router ignores any inbound traffic that is not a response to your own outbound traffic. You can configure exceptions to this default rule by using the port forwarding feature.
A typical application of port forwarding can be shown by reversing the client-server relationship from the previous web server example. In this case, a remote computer’s browser needs to access a web server running on a computer in your local network. Using port forwarding, you can tell the router, “When you receive incoming traffic on port 80 (the standard port number for a web server process), forward it to the local computer at
192.168.1.123.” The following sequence shows the effects of the port forwarding rule you
have defined:
1. The user of a remote computer opens a browser and requests a web page from
www.example.com, which resolves to the public IP address of your router. The remote computer composes a web page request message with the following destination information:
Destination address. The IP address of www.example.com, which is the address of your router.
Destination port number. 80, which is the standard port number for a web server process.
The remote computer then sends this request message through the Internet to your router.
2. Your router receives the request message and looks in its rules table for any rules covering
the disposition of incoming port 80 traffic. Your port forwarding rule specifies that incoming port 80 traffic should be forwarded to local IP address 192.168.1.123. Therefore, your router modifies the destination information in the request message:
The destination address is replaced with 192.168.1.123.
Your router then sends this request message to your local network.
3. Your web server at 192.168.1.123 receives the request and composes a return message
with the requested web page data. Your web server then sends this reply message to your router.
4. Your router performs Network Address Translation (NAT) on the source IP address, and
sends this request message through the Internet to the remote computer, which displays the web page from www.example.com.
To configure port forwarding, you need to know which inbound ports the application needs. You usually can determine this information by contacting the publisher of the application or the relevant user groups or news groups.
Security
64
N300 Wireless ADSL2+ Modem Router DGN2200v3

How Port Forwarding Differs from Port Triggering

The following points summarize the differences between port forwarding and port triggering:
Port triggering can be used by any computer on your network, although only one
computer can use it at a time.
Port forwarding is configured for a single computer on your network.
With port triggering, the router does not need to know the computer
advance. The IP address is captured automatically.
Port forwarding requires that you specify the computer
and the IP address can never change.
Port triggering requires specific outbound traf
triggered ports are closed after a period of no activity.
Port forwarding is always active and does not need to be triggered.
fic to open the inbound ports, and the
’s IP address during configuration,
’s IP address in

Set Up Port Forwarding to Local Servers

The port forwarding feature lets you allow certain types of incoming traffic to reach servers on your local network. For example, you might want to make a local web server, FTP server, or game server visible and available to the Internet.
Use the Port Forwarding/Port Triggering screen to configure the router to forward specific incoming protocols to computers on your local network. In addition to servers for specific applications, you can also specify a default DMZ server to which all other incoming protocols are forwarded.
Before you start, determine which type of service, application, or game you want to provide, and the local IP address of the computer that will provide the service. has to always have the same IP address.
Tip: T
To forward specific incoming protocols:
1. Select Advanced > Port Forwarding/Port T
o ensure that your server computer always has the same IP address,
use the reserved IP address feature of your product. See Address
Reservation on page 46.
riggering to display the following screen:
The server computer
2. Leave the Port Forwarding radio button selected as the service type.
Security
65
N300 Wireless ADSL2+ Modem Router DGN2200v3
3. Click Add, and the following screen displays:
4. From the Service list, select the service or game that you will host on your network. If the
service does not appear in the list, see Add a Custom Service on page 66.
5. In the Send to LAN Server field, enter the last digit of the IP address of your local computer
that will provide this service.
6. Click Apply.
The service appears in the list on the Port Forwarding screen.

Add a Custom Service

To define a service, game, or application that does not appear in the Service Name list, first determine which port number or range of numbers the application uses. You can usually determine this information by contacting the publisher of the application or user groups or news groups. When you have the port number information, follow these steps.
To add a custom service:
1. Select Advanced > Port Forwarding/Port T
2. Select the Port Forwarding radio button as the service type.
3. Click the Add Custom Service button to display the following screen:
4. In the Service Name field, enter a descriptive name.
5. In the Protocol field, select the protocol. If you are unsure, select TCP/UDP.
6. In the Starting Port field, enter the beginning port number
If the application uses a single port, enter the same port number in the Ending Port
field.
If the application uses a range of ports, enter the ending port number of the range in
the Ending Port field.
riggering.
.
Security
66
N300 Wireless ADSL2+ Modem Router DGN2200v3
7. In the Server IP Address field, enter the IP address of your local computer that will provide
this service.
8. Click Apply. The service appears in the list in the Port Forwarding/Port Triggering screen.

Edit or Delete a Port Forwarding Entry

To edit or delete a port forwarding entry:
1. In the table, select the radio button next to the service name.
2. Click Edit Service or Delete Service.
Application Example: Make a Local Web Server Public
If you host a web server on your local network, you can use port forwarding to allow web requests from anyone on the Internet to reach your web server.
To make a local web server public:
1. Assign your web server either a fixed IP address or a dynamic IP address using DHCP
address reservation. In this example, your router always gives your web server an IP address of 192.168.1.33.
2. In the Port Forwarding/Port Triggering screen, configure the router to forward the HTTP
service to the local address of your web server at 192.168.1.33. HTTP (port 80) is the standard protocol for web servers.
3. (Optional) Register a host name with a Dynamic DNS service, and configure your router to
use the name. To access your web server from the Internet, a remote user has to know the IP address that has been assigned by your ISP. However, if you use a Dynamic DNS service, the remote user can reach your server by a user-friendly Internet name, such as mynetgear.dyndns.org.

Set Up Port Triggering

Port triggering is a dynamic extension of port forwarding that is useful in these cases:
More than one local computer needs port forwarding for the same application (but not
simultaneously).
An application needs to open incoming ports that are different from the outgoing port.
When port triggering is enabled, the router monitors outbound traffic looking for a specified outbound “trigger” port. When the router detects outbound traffic on that port, it remembers the IP address of the local computer that sent the data. The router then temporarily opens the specified incoming port or ports, and forwards incoming traffic on the triggered ports to the triggering computer.
While port forwarding creates a static mapping of a port number or range to a single local computer, port triggering can dynamically open ports to any computer that needs them and can close the ports when they are no longer needed.
Security
67
N300 Wireless ADSL2+ Modem Router DGN2200v3
Note: If you use applications such as multiplayer gaming, peer-to-peer
connections, real-time communications such as instant messaging, or remote assistance (a feature in Windows XP), you should also enable Universal Plug and Play (UPnP).
To configure port triggering, you need to know which inbound ports the application needs, and the number of the outbound port that will trigger the opening of the inbound ports. can usually determine this information by contacting the publisher of the application or user groups or news groups.
To enable port triggering:
You
1. Select Advanced > Port Forwarding/Port T
riggering to display the Port
Forwarding/Port Triggering screen.
2. Select the Port T
riggering radio button to display the port triggering information.
3. Clear the Disable Port Triggering check box.
Note: If the Disable Port Triggering check box is selected after you
configure port triggering, port triggering is disabled. However, any port triggering configuration information you added to the router is retained even though it is not used.
4. In the Port
Triggering Timeout field, enter a value up to 9999 minutes. This value controls the inactivity timer for the designated inbound ports. The inbound ports close when the inactivity time expires. This is required because the router cannot be sure when the application has terminated.
To add a port triggering service:
Make sure that you enable port triggering so that the service that you add will be used.
Security
68
N300 Wireless ADSL2+ Modem Router DGN2200v3
1. On the Port Triggering screen, click Add Service. The following screen displays:
2. In the Service Name field, type a descriptive service name.
3. In the Service User list, select
this service. Otherwise, select Single address, and enter the IP address of one computer to restrict the service to a particular computer.
4. Select the service type, either TCP or UDP or both (TCP/UDP). If you are not sure, select
TCP/UDP
5. In the
inbound ports to be opened.
6. Enter the inbound connection port information in the Connection
Ending Port fields.
7. Click Apply.
.
Triggering Port field, enter the number of the outbound traffic port that will cause the
The service appears in the Port Triggering Portmap Table.
Any (the default) to allow any computer on the Internet to use
Type, Starting Port, and

Schedule Blocking

You can specify the days and time that you want to block Internet access.
To schedule blocking:
1. Select Advanced > Security > Schedule to display the following screen:
Security
69
N300 Wireless ADSL2+ Modem Router DGN2200v3
2. Set up the schedule for blocking keywords and services.
Days to Block. Select days on which you want to apply blocking by selecting the
appropriate check boxes, or select Every Day to select the check boxes for all days.
ime of Day to Block. Select a start and end time in 24-hour format, or select All
T
Day for 24-hour blocking.
3. Select your time zone from the list. If you use daylight savings time, select the
Automatically adjust for daylight savings time check box.
4. Click Apply to save your settings.

Security Event Email Notifications

To receive logs and alerts by email, provide your email information in the Email screen, and specify which alerts you want to receive and how often.
To set up email notifications:
1. Select Advanced > Security > Email to display the following screen:
2. To receive email logs and alerts from the modem router, select the Turn Email Notification
On check box.
3. In the
4. Enter the email address to which logs and alerts are sent in the Send to
5. If your outgoing email server requires authentication, select the My Mail Server requires
Your Outgoing Mail Server field, enter the name of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com). You might be able to find this information in the configuration screen of your email program. If you leave this field blank, log and alert messages are not sent by email.
This Email Address field. This email address is also used for the From address. If you leave this field blank, log and alert messages are not sent by email.
authentication check box. Fill in the User Name and Password fields for the outgoing email server
.
Security
70
N300 Wireless ADSL2+ Modem Router DGN2200v3
6. You can have email alerts sent immediately when someone attempts to visit a blocked site,
and you can specify that logs are sent automatically. If you select the Weekly, Daily, or Hourly option and the log fills up before the specified
period, the log is emailed to the specified email address. After the log is sent, the log is cleared from the modem router’s memory. If the modem router cannot email the log file, the log buffer might fill up. In this case, the modem router overwrites the log and discards its contents.
7. Click Apply to save your settings.
Security
71

7. Administration

Managing your network
7
This chapter describes the modem router settings for administering and maintaining your
modem router and home network. See upgrading or checking the status of your modem router over the Internet. See Traffic Meter on page 92 for information about monitoring Internet traffic.
This chapter includes the following sections:
Upgrade the Modem Router Firmware
View Router Status
View Logs of Web Access or Attempted Web Access
Manage the Configuration File
Set Password
Remote Management on page 89 for information about
72
N300 Wireless ADSL2+ Modem Router DGN2200v3

Upgrade the Modem Router Firmware

The modem router firmware (routing software) is stored in flash memory. You can update the firmware from the Administration menu on the Advanced tab. You might see a message at the top of the genie screens when new firmware is available for your product.
You can use the Check button on the Router Update screen to check and update to the latest firmware for your product if new firmware is available.
To check for new firmware and update your modem router:
1. Select Advanced >
Administration > Router Upgrade to display the following screen:
Click Check
2. Click Check.
The modem router finds new firmware information if any is available.
3. Click Ye
s to update and locate the firmware you downloaded (the file ends in .img).
WARNING:
When uploading firmware to the modem router, do not interrupt the web browser by closing the window, clicking a link, or loading a new page. If the browser is interrupted, it could corrupt the firmware.
When the upload is complete, your modem router restarts. The upgrade process typically takes about 1 minute. Read the new firmware release notes to determine whether or not you need to reconfigure the modem router after upgrading.
Administration
73
N300 Wireless ADSL2+ Modem Router DGN2200v3

View Router Status

To view modem router status and usage information:
Select Advanced Home or select Administration > Router Status to display the following screen:

Router Information

Hardware Version. The modem router model.
Firmware Version.
modem router firmware.
GUI Language Version. The localized language of the user interface.
LAN Port.
MAC Address.
used by the Ethernet (LAN) port of the modem router.
IP Address.
default is 192.168.1.1.
DHCP Server. Identifies whether the modem router’
devices on the LAN.
The version of the modem router firmware. It changes if you upgrade the
The Media Access Control address. This is the unique physical address
The IP address used by the Ethernet (LAN) port of the modem router. The
s built-in DHCP server is active for
Scroll to view more settings

Internet Port

MAC Address. The Media Access Control address, which is the unique physical address
used by the Internet (WAN) port of the modem router.
Administration
74
N300 Wireless ADSL2+ Modem Router DGN2200v3
IP Address. The IP address used by the Internet (WAN) port of the modem router. If no
address is shown or the address is 0.0.0, the modem router cannot connect to the Internet.
Connection. This shows if the modem router is using a fixed IP address on the WAN. If the value is DHCP Client, the modem router obtains an IP address dynamically from the ISP.
IP Subnet Mask.
Domain Name Server.
The IP subnet mask used by the Internet (WAN) port of the modem router.
The Domain Name Server addresses used by the modem router. A Domain Name Server translates human-language URLs such as www.netgear.com into IP addresses.
Show Statistics Button
To view statistics:
On the Router Status screen, in the Internet Provider (WAN) Setup pane, click the Show Statistics button to display the following screen:
The following information is displayed:
System Up Time.
Port.
The statistics for the WAN (Internet) and LAN (Ethernet) ports. For each port, the
The time elapsed since the modem router was last restarted.
screen displays:
Status. The link status of the port.
TxPkts.
RxPkts.
Collisions.
Tx B/s.
Rx B/s.
Up T
Poll Interval.
The number of packets transmitted on this port since reset or manual clear.
The number of packets received on this port since reset or manual clear.
The number of collisions on this port since reset or manual clear.
The current transmission (outbound) bandwidth used on the WAN and LAN ports.
The current reception (inbound) bandwidth used on the WAN and LAN ports.
ime. The time elapsed since this port acquired the link.
The interval at which the statistics are updated in this screen.
To change the polling frequency, enter a time in seconds in the Poll Interval field and click Set Interval.
To stop the polling entirely, click Stop.
Administration
75
N300 Wireless ADSL2+ Modem Router DGN2200v3
Connection Status Button
To view the Internet connection status:
On the Router Status screen in the Internet Connection pane, click the Connection Status button to view connection status information.
The Release button returns the status of all items to 0. The Renew button refreshes the items. The Close Window button closes the Connection Status screen.
IP Address. The IP address that is assigned to the modem router.
Subnet Mask.
Default Gateway.
communicates with.
DHCP Server. The IP address for the Dynamic Host Configuration Protocol server that provides the TCP/IP configuration for all the computers that are connected to the modem router.
DNS Server. network names to IP addresses.
Lease Obtained. The date and time when the lease was obtained.
Lease Expires.
The subnet mask that is assigned to the modem router.
The IP address for the default gateway that the modem router
The IP address of the Domain Name Service server that provides translation of
The date and time that the lease expires.

Wireless Settings (2.4 GHz)

The following settings are displayed:
Name (SSID).
Region.
use the wireless features of the modem router in some parts of the world.
The wireless network name (SSID) that the modem router uses.
The geographic region where the modem router is being used. It might be illegal to
Channel. The operating channel of the wireless port being used. The default channel is Auto. When Auto is selected, the modem router finds the best operating channel available. If you notice interference from nearby devices, you can select a different channel. Channels 1, 6, and 11 do not interfere with each other.
Administration
76
N300 Wireless ADSL2+ Modem Router DGN2200v3
Mode. The wireless communication mode: Up to 54 Mbps, Up to 217 Mbps (default), and Up
to 1300 Mbps.
Wireless AP. Indicates whether the radio feature of the modem router is enabled. If this feature is not enabled, the Wireless LED on the front panel is off.
Broadcast Name. Indicates whether the modem router is broadcasting its SSID.
Wireless Isolation. Wireless isolation prevents wireless clients from communicating with
each other when they join the wireless network.
Wi-Fi Protected Setup. Indicates whether Wi-Fi Protected Setup is configured for this network.

View Logs of Web Access or Attempted Web Access

The log is a detailed record of the websites you have accessed or attempted to access. Up to 256 entries are stored in the log. Log entries appear only when keyword blocking is enabled and no log entries are made for the trusted user
.
To view logs:
Select Advanced >
The log screen shows the following information:
Date and time.
Source IP.
T
arget address. The name or IP address of the website or news group visited or to
which access was attempted.
Action. Whether the access was blocked or allowed.
The IP address of the initiating device for this log entry.
Administration > Logs. The Logs screen displays.
The date and time the log entry was recorded.
To refresh the log screen, click the Refresh button.
To clear the log entries, click the Clear Log button.
To email the log immediately, click the Send Log button.
Administration
77
N300 Wireless ADSL2+ Modem Router DGN2200v3

Manage the Configuration File

The configuration settings of the modem router are stored within the modem router in a configuration file. You can back up (save) this file to your computer, restore it, or reset it to the factory default settings.

Back Up Settings

To back up the modem router’s configuration settings:
1. Select Advanced >
2. Click Backup Settings to save a copy of the current settings.
3. Choose a location to store the .cfg file that is on a computer on your network.
Administration > Backup Settings to display the following screen:

Restore Configuration Settings

To restore configuration settings that you backed up:
1. Enter the full path to the file on your network or click the Browse button to find the file.
2. When you have located the .cfg file, click the Restore button to upload the file to the modem
router.
Upon completion, the modem router reboots.
WARNING:
Do not interrupt the reboot process.

Erase

You can erase the configuration and restore the factory default settings. You might want to do this if you move the modem router to a different network or if you changed the password and have forgotten what it is (the default passwords are on the product label).
Administration
78
N300 Wireless ADSL2+ Modem Router DGN2200v3
You can use the Restore Factory Settings button on the back of the modem router (see
Factory Settings on page 134), or you can click the Erase button in this screen.
Erase sets the user name to admin, the password to password, and the LAN IP address to
192.168.1.1, and enables the modem router’s DHCP.

Set Password

This feature let you change the default password that is used to log in to the modem router with the user name admin.
This is not the same as changing the password for wireless access. The label on the bottom of your modem router shows your unique wireless network name (SSID) and password for wireless access (see Label on page 8).
To set the password for the user name admin:
1. Select Advanced >
2. On the Set Password screen, type the old password, and type the new password twice.
3. If you want to be able to recover the password, select the Enable Password Recovery
check box.
4. Click Apply so that your changes take ef
Administration > Set Password to display the following screen:
fect.

Password Recovery

NETGEAR recommends that you enable password recovery if you change the password for the router’s user name of admin. Then you will have an easy way to recover the password if it is forgotten. This recovery process is supported in Internet Explorer, Firefox, and Chrome browsers, but not in the Safari browser.
To set up password recovery:
1. Select the Enable Password Recovery check box.
2. Select two security questions, and provide answers to them.
3. Click Apply to save your changes.
When you use your browser to access the router, the login window displays. If password recovery is enabled, when you click Cancel, the password recovery process starts. then enter the saved answers to the security questions to recover the password.
Administration
79
You can

8. Advanced Settings

This chapter describes the advanced features of your modem router. The information is for
readers with advanced networking knowledge who want to set the modem router up for unique situations such as when remote access from the Internet by IP or domain name is needed.
Note: The Port Forwarding/Port Triggering screen can be accessed both
through the Advanced Setup menu and through the Firewall Rules screen. For information about port forwarding and port triggering, see Chapter 6, Security.
This chapter includes the following sections:
Advanced Wireless Settings
Wireless Repeating Function (WDS)
Dynamic DNS
Static Routes
Remote Management
USB Settings
Universal Plug and Play
IPv6
Traffic Meter
Change the Device Mode
8
80
N300 Wireless ADSL2+ Modem Router DGN2200v3

Advanced Wireless Settings

To go to the Advanced Wireless Settings screen:
Select Advanced > Advanced Setup > Wireless Settings to display the following screen:
The following settings are available in this screen:
Enable Wireless Router Radio. wireless modem router by clearing this check box. Select this check box again to enable the wireless portion of the modem router. When the wireless radio is disabled, other members of your household can use the modem router by connecting their computers to the modem router with an Ethernet cable.
Note: The Fragmentation Length, CTS/RTS Threshold, and Preamble
Mode options are reserved for wireless testing and advanced configuration only. Do not change these settings.
Turn off wireless signal by schedule. signal from your modem router at times when you do not need a wireless connection. For instance, you could turn it off for the weekend if you leave town.
WPS Settings.Y
Wireless Card Access List. Y
based on their MAC address. See Restrict Wireless Access by MAC Address on page 82.
ou can add WPS devices to your network.
You can completely turn off the wireless portion of the
You can use this feature to turn off the wireless
ou can restrict access to your network to specific devices
Advanced Settings
81
N300 Wireless ADSL2+ Modem Router DGN2200v3

Restrict Wireless Access by MAC Address

You can set up a list of computers and wireless devices that are allowed to join the wireless network. This list is based on the unique MAC address of each computer and device.
Each network device has a MAC address, which is a unique 12-character physical address, containing the hexadecimal characters 0–9, a–f, or A–F only, and separated by colons (for example, 00:09:AB:CD:EF:01). Typically, the MAC address is on the label of the wireless card or network interface device. If you do not have access to the label, you can display the MAC address using the network configuration utilities of the computer. You might also find the MAC addresses in the Attached Devices screen.
To restrict access based on MAC addresses:
1. Select Advanced >
Advanced Setup > Wireless Settings and click the Setup Access
List to display the Wireless Card Access List.
2. Click Add to add a wireless device to the wireless access control list.
The Wireless Card Access Setup screen opens and displays a list of currently active wireless cards and their Ethernet MAC addresses.
3. If the computer or device you want is in the
Available Wireless Cards list, select that radio button; otherwise, type a name and the MAC address. You can usually find the MAC address on the bottom of the wireless device.
Tip: Y
ou can copy and paste the MAC addresses from the Attached Devices screen into the MAC Address field of this screen. To do this, use each wireless computer to join the wireless network. The computer should then appear in the Attached Devices screen.
4. Click Add to add this wireless device to the Wireless Card
Access List. The screen changes
back to the list screen.
5. Add each computer or device you want to allow to connect wirelessly
6. Select the T
urn Access Control On check box.
.
7. Click Apply.
Advanced Settings
82
N300 Wireless ADSL2+ Modem Router DGN2200v3

Wireless Repeating Function (WDS)

You can set the N300 Wireless ADSL2+ Modem Router up to be used as a wireless access point (AP). Doing this enables the modem router to act as a wireless repeater. A wireless repeater connects to another wireless modem router as a client where the network to which it connects becomes the ISP service.
Wireless repeating is a type of Wireless Distribution System (WDS). A WDS allows a wireless network to be expanded through multiple access points instead of using a wired backbone to link them.
The following figure shows a wireless repeating scenario.
Base station access point
Figure 8. Wireless repeating scenario
Repeater access point
Note: If you use the wireless repeating function, you need to select either
WEP or None as a security option in the Wireless Settings screen. The WEP option displays only if you select the wireless mode Up to 54 Mbps in the Wireless Settings screen.
Wireless Base Station.
The modem router acts as the parent access point, that bridges traffic to and from the child repeater access point. The base station also handles wireless and wired local computers. To configure this mode, you have to know the MAC addresses of the child repeater access point. Often, the MAC address is on the product label.
Wireless Repeater.
The modem router sends all traffic from its local wireless or wired computers to a remote access point. To configure this mode, you have to know the MAC address of the remote parent access point.
Advanced Settings
83
N300 Wireless ADSL2+ Modem Router DGN2200v3
The DGN2200v3 modem router is always in dual band concurrent mode, unless you turn off one radio.If you enable the wireless repeater in either radio band, the wireless base station or wireless repeater cannot be enabled in the other radio band. However, if you enable the wireless base station in either radio band and use the other radio band as a wireless modem router or wireless base station, dual band concurrent mode is not affected.
To set up a wireless network with WDS, both access points have to meet the following conditions:
Both access points have to use the same SSID, wireless channel, and encryption mode.
Both access points have to be on the same LAN IP subnet.
That is, all of the access point
LAN IP addresses are in the same network.
All LAN devices (wired and wireless computers) are configured to operate in the same
LAN network address range as the access points.

Wireless Repeating Function

To view or change the wireless repeater settings for the modem router:
Select Advanced >
Advanced Setup > Wireless Repeating.
Enable Wireless Repeating Function (2.4 GHz b/g/n). Select this check box to use the
wireless repeating function.
Disable Wireless Client Association. If your modem router is the repeater, selecting this check box means that wireless clients cannot associate with it. Only LAN client associations are allowed.
- If you are setting up a point-to-point bridge, select this check box.
- If you want all client traf
fic to go through the other access point (repeater with wireless
client association), leave this check box cleared.
If you want all client traf
fic to go through the other access point (repeater with wireless
client association), leave this check box cleared.
W
ireless Repeater. If your modem router is the repeater, select this radio button.
Advanced Settings
84
N300 Wireless ADSL2+ Modem Router DGN2200v3
Repeater IP Address. If your modem router is the repeater, enter the IP address of the
other access point.
Base Station MAC Address. If your modem router is the repeater, enter the MAC address for the access point that is the base station.
W
ireless Base Station. If your modem router is the base station, select this check box.
Repeater MAC Address (1 through 4). If your modem router is the base station, it can
act as the “parent” of up to 4 other access points. Enter the MAC addresses of the other access points in these fields.

Set Up the Base Station

The wireless repeating function works only in hub and spoke mode. The units cannot be daisy-chained. You have to know the wireless settings for both units. You have to know the MAC address of the remote unit. First, set up the base station, and then set up the repeater.
To set up the base station:
1. Set up both units with exactly the same wireless settings (SSID, mode, channel, and
security).
2. Select Advanced >
Wireless Repeating Function screen.
3. In the Wireless Repeating Function screen.
4. Select the Enable W
Station radio button.
5. Enter the MAC address for one or more repeater units.
6. Click Apply to save your changes.
The wireless security option has to be set to None or WEP.
Advanced Setup > Wireless Repeating Function to display the
ireless Repeating Function check box and select the Wireless Base

Set Up a Repeater Unit

Use a wired Ethernet connection to set up the repeater unit to avoid conflicts with the wireless connection to the base station.
Advanced Settings
85
N300 Wireless ADSL2+ Modem Router DGN2200v3
Note: If you are using the DGN2200v3 base station with a different router
product NETGEARas the repeater, you might need to change additional configuration settings. In particular, you should disable the DHCP server function on the wireless repeater AP.
To configure the modem router as a repeater unit:
1. Log in to the modem router that will be the repeater. Select Basic > Wireless Settings
and verify that the wireless settings match the base unit exactly. The wireless security option has to be set to WEP or None.
2. Select Advanced > Wireless Repeating Function.
3. Select the Enable Wireless Repeating Function check box.
4. Select the Wireless Repeater radio button.
5. Fill in the Repeater IP Address field. This IP address has to be in the same subnet as the
base station, but different from the LAN IP address of the base station.
6. Click Apply to save your changes.
7. Verify connectivity across the LANs.
A computer on any wireless or wired LAN segment of the modem router should be able to connect to the Internet or share files and printers with any other wireless or wired computer or server connected to the other access point.

Dynamic DNS

If your Internet service provider (ISP) gave you a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you do not know in advance what your IP address will be, and the address can change frequently. In this case, you can use a commercial Dynamic DNS service. This type of service lets you register your domain to their IP address and forwards traffic directed at your domain to your frequently changing IP address.
If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the Dynamic DNS service does not work because private addresses are not routed on the Internet.
Your modem router contains a client that can connect to the Dynamic DNS service provided by DynDNS.org. First visit their website at http://www.dyndns.org and obtain an account and host name that you configure in the modem router. Then, whenever your ISP-assigned IP address changes, your modem router automatically contacts the Dynamic DNS service provider, logs in to your account, and registers your new IP address. If your host name is hostname, for example, you can reach your modem router at http://hostname.dyndns.org.
Advanced Settings
86
N300 Wireless ADSL2+ Modem Router DGN2200v3
To set up Dynamic DNS:
1. Select Advanced > Advanced Setup > Dynamic DNS to display the following screen:
2. Register for an account with one of the Dynamic DNS service providers whose names
appear in the Service Provider list. For example, for DynDNS.org, select www.dyndns.org.
3. Select the Use a Dynamic DNS Service check box.
4. Select the name of your Dynamic DNS service provider
5. T
ype the host name (or domain name) that your Dynamic DNS service provider gave you.
6. T
ype the user name for your Dynamic DNS account. This is the name that you use to log in
to your account, not your host name.
7. T
ype the password (or key) for your Dynamic DNS account.
8. If your Dynamic DNS provider allows the use of wildcards in resolving your URL, you can
select the Use W
ildcards check box to activate this feature.
.
For example, the wildcard feature causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org.
9. Click Apply to save your configuration.

Static Routes

Static routes provide additional routing information to your modem router. Typically, you do not need to add static routes. You have to configure static routes only for unusual cases such as multiple modem routers or multiple IP subnets on your network.
As an example of when a static route is needed, consider the following case:
Your primary Internet access is through a cable modem to an ISP.
Y
ou have an ISDN modem router on your home network for connecting to the company
where you are employed. This modem router’s address on your LAN is 192.168.1.100.
Y
our company’s network address is 134.177.0.0.
When you first configured your modem router, two implicit static routes were created. A default route was created with your ISP as the gateway created to your local network for all 192.168.1.x addresses. With this configuration, if you attempt to access a device on the 134.177.0.0 network, your modem router forwards your request to the ISP. The ISP forwards your request to the company where you are employed, and the request is likely to be denied by the company’s firewall.
, and a second static route was
Advanced Settings
87
N300 Wireless ADSL2+ Modem Router DGN2200v3
In this case you have to define a static route, telling your modem router that 134.177.0.0 should be accessed through the ISDN modem router at 192.168.1.100. In this example:
The Destination IP Address and IP Subnet Mask fields specify that this static route
applies to all 134.177.x.x addresses.
The Gateway IP
Address field specifies that all traffic for these addresses should be
forwarded to the ISDN modem router at 192.168.1.100.
A metric value of 1 will work since the ISDN modem router is on the LAN.
Private is selected only as a precautionary security measure in case RIP is activated.
To set up a static route:
1. Select Advanced >
Advanced Setup > Static Routes.
2. Click Add to display the following screen:
3. In the Route Name field, type a name for this static route (for identification purposes only.)
4. Select the Private check box if you want to limit access to the LAN only
. If Private is
selected, the static route is not reported in RIP.
5. Select the Active check box to make this route ef
6. T
ype the destination IP address of the final destination.
7. T
ype the IP subnet mask for this destination. If the destination is a single host, type
fective.
255.255.255.255.
8. T
ype the gateway IP address, which has to be a modem router on the same LAN segment
as the N300 Wireless ADSL2+ Modem Router.
9. T
ype a number from 1 through 15 as the metric value.
This value represents the number of modem routers between your network and the destination. Usually
, a setting of 2 or 3 works, but if this is a direct connection, set it to 1.
10. Click Apply to add the static route.
Advanced Settings
88
N300 Wireless ADSL2+ Modem Router DGN2200v3

Remote Management

The remote management feature lets you upgrade or check the status of your N300 Wireless ADSL2+ Modem Router over the Internet.
To set up remote management:
1. Select Advanced >
Note: Be sure to change the modem router’s default login password to a
secure password. The ideal password contains no dictionary words from any language and contains upper-case and lower-case letters, numbers, and symbols. It can be up to 30 characters.
Advanced Setup > Remote Management.
2. Select the T
3. Under
the modem router’s remote management.
Note: For enhanced security, restrict access to as few external IP addresses
as practical.
o allow access from a single IP address on the Internet, select Only This
T
Computer. Enter the IP address that will be allowed access.
T
o allow access from a range of IP addresses on the Internet, select IP Address
Range. Enter a beginning and ending IP address to define the allowed range.
T
o specify IP addresses, select IP Address List and type in the allowed IP
addresses.
T
o allow access from any IP address on the Internet, select Everyone.
urn Remote Management On check box.
Allow Remote Access By, specify the external IP addresses to be allowed to access
Advanced Settings
89
N300 Wireless ADSL2+ Modem Router DGN2200v3
4. Specify the port number for accessing the management interface.
Normal web browser access uses the standard HTTP service port 80. For greater security a number from 1024 to 65535, but do not use the number of any common service port. The default is 8080, which is a common alternate for HTTP.
, enter a custom port number for the remote web management interface. Choose
5. Click Apply so that your changes take ef
6. When you access your modem router from the Internet, type your modem router’
address into your browser’s address or location field followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter http://134.177.0.123:8080 in your browser.
fect.
s WAN IP

USB Settings

For added security, the modem router can be set up to share only approved USB devices. See Specify Approved USB Devices on page 58 for the procedure.

Universal Plug and Play

Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network.
If you use applications such as multiplayer gaming, peer-to-peer connections, or real-time communications such as instant messaging or remote assistance (a feature in Windows XP), you should enable UPnP
.
To turn on Universal Plug and Play:
Select Advanced >
The available settings and information in this screen are:
Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration. The default setting for UPnP is disabled. If this check box is not selected, the modem router does not allow any device to automatically control the resources, such as port forwarding (mapping) of the modem router.
Advanced Setup > UPnP. The UPnP screen displays.
Advanced Settings
90
N300 Wireless ADSL2+ Modem Router DGN2200v3
Advertisement Period. The advertisement period is how often the modem router
broadcasts its UPnP information. This value can range from 1 to 1440 minutes. The default period is 30 minutes. Shorter durations ensure that control points have current device status at the expense of additional network traffic. Longer durations can compromise the freshness of the device status, but can significantly reduce network traffic.
Advertisement Time to Live. The time to live for the advertisement is measured in hops (steps) for each UPnP packet sent. broadcast packet is allowed to propagate for each UPnP advertisement before it disappears. The number of hops can range from 1 to 255. The default value for the advertisement time to live is 4 hops, which is fine for most home networks. If you notice that some devices are not being updated or reached correctly, then it might be necessary to increase this value.
The time to live hop count is the number of steps a
UPnP Portmap Table. The UPnP Portmap device that is currently accessing the modem router and which ports (internal and external) that device has opened. The UPnP Portmap Table also displays what type of port is open and whether that port is still active for each IP address.
7. Click Apply to save your settings.
Table displays the IP address of each UPnP

IPv6

You can use this feature to set up an IPv6 Internet connection type if genie does not detect it automatically.
To set up an IPv6 Internet connection type:
1. Select Advanced >
2. Select the IPv6 connection type from the list. Your Internet service provider (ISP) can
provide this information.
If your ISP did not provide details, you can select IPv6 T
If you are not sure, select Auto Detect so that the modem router detects the IPv6
type that is in use.
If your Internet connection does not use PPPoE, DHCP
select IPv6 auto config.
Advanced Setup > IPv6 to display the following screen:
unnel.
, or fixed, but is IPv6, then
3. Click Apply so that your changes take ef
Advanced Settings
fect.
91
N300 Wireless ADSL2+ Modem Router DGN2200v3

Traffic Meter

Traffic metering allows you to monitor the volume of Internet traffic that passes through your modem router’s Internet port. With the Traffic Meter utility, you can set limits for traffic volume, set a monthly limit, and get a live update of traffic usage.
To monitor Internet traffic:
1. Click Advanced >
Advanced Setup > Traffic Meter to display the following screen:
Scroll to view more settings
2. To enable the Traffic Meter, select the Enable Traffic Meter check box.
3. If you want to record and restrict the volume of Internet traf
fic, select the Traffic volume
control by radio button. You can select one of the following options for controlling the traffic
volume:
No Limit. No restriction is applied when the traf
Download only.
Both Directions.
4. Y
ou can limit the amount of data traffic allowed per month by specifying how many Mbytes
The restriction is applied to incoming traffic only.
The restriction is applied to both incoming and outgoing traffic.
fic limit is reached.
per month are allowed or by specifying how many hours of traffic are allowed.
5. Set the
6. Set up
Traffic Counter to begin at a specific time and date.
Traffic Control to issue a warning message before the monthly limit of Mbytes or
hours is reached. You can select one of the following to occur when the limit is attained:
The Internet LED flashes green or amber
.
The Internet connection is disconnected and disabled.
7. Set up Internet
8. Click the T
Traffic Statistics to monitor the data traffic.
raffic Status button to get a live update on Internet traffic status.
9. Click Apply to save your settings.
Advanced Settings
92
N300 Wireless ADSL2+ Modem Router DGN2200v3

Change the Device Mode

The modem includes a built-in router. If you want to configure the modem as a “pure bridge” in Modem mode, first set up the Internet connection and then change the Device Mode setting to Modem mode. In Modem mode, the device acts as a “pure bridge” or DSL modem. When the device is in Modem mode, features that are not available are grayed out.
To change the device mode:
1. Select Advanced > Device Mode. The
By default, the modem is in Router mode.
2. Select the device mode that you want from the drop-down list.
3. Click Apply so that your changes take ef
following screen displays:
fect.
Advanced Settings
93

9. Virtual Private Networking

This chapter describes how to use the virtual private networking (VPN) features of the modem
router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. See
B, VPN Configuration to learn more about VPNs.
This chapter is organized as follows:
Overview of VPN Configuration on page 95
Plan a VPN on page 96
VPN Tunnel Configuration on page 97
Set Up a Client-to-Gateway VPN Configuration on page 98
Set Up a Gateway-to-Gateway VPN Configuration on page 108
VPN Tunnel Control on page 112
Set Up VPN Tunnels in Special Circumstances on page 116
Appendix
9
94
N300 Wireless ADSL2+ Modem Router DGN2200v3

Overview of VPN Configuration

Two common scenarios for VPN tunnels are between a remote PC and a network gateway; and between two or more network gateways. The DGN2200v3 supports both types. The DGN2200v3 supports up to five concurrent tunnels.

Client-to-Gateway VPN Tunnels

Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a telecommuter connecting to an office network.
N300 Wireless Modem Router
DGN2200
Figure 9. Telecommuter VPN tunnel
VPN tunnel
Internet
PC running NETGEAR ProSafe VPN Client
A VPN client access allows a remote PC to connect to your network from any location on the Internet. The remote PC is one tunnel endpoint, running the VPN client software. The modem router on your network is the other tunnel endpoint. (See Set Up a Client-to-Gateway VPN
Configuration on page 98.)

Gateway-to-Gateway VPN Tunnels

Gateway-to-gateway VPN tunnels provide secure access between networks, such as a branch or home office and a main office.
N300 Wireless Modem Router
DGN2200
Gateway A (Home)
VPN tunnel
Gateway B
(Office)
Figure 10. VPN tunnel between networks
Virtual Private Networking
Internet
95
N300 Wireless ADSL2+ Modem Router DGN2200v3
A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use gateways on each end of the tunnel to form the VPN tunnel end points. See Set Up a Gateway-to-Gateway VPN
Configuration on page 108 for information about how to set up this configuration.

Plan a VPN

When you set up a VPN, it is helpful to plan the network configuration and record the configuration parameters on a worksheet:
Table 4. VPN Tunnel Configuration Worksheet
Parameter Value to Be
Entered
Connection Name N/A
Pre-Shared Key N/A
Secure Association N/A Main Mode Manual Keys
Perfect Forward secrecy N/A Enabled Disabled
Encryption Protocol N/A DES 3DES
Authentication Protocol N/A MD5 SHA-1
Diffie-Hellman (DH) Group N/A Group 1 Group 2
Key Life in seconds N/A
IKE Life Time in seconds N/A
VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway
Field Selection
IP (W
AN IP
Address
To set up a VPN connection, you need to configure each endpoint with specific identification and connection information describing the other endpoint. You configure the outbound VPN settings on one end to match the inbound VPN settings on other end, and vice versa.
This set of configuration information defines a security association (SA) between the two VPN endpoints. When planning your VPN, you have to make a few choices first:
Will the local end be any device on the LAN, a portion of the local network (as defined by
a subnet or by a range of IP addresses), or a single PC?
Will the remote end be any device on the remote LAN, a portion of the remote network
(as defined by a subnet or by a range of IP addresses), or a single PC?
Virtual Private Networking
96
N300 Wireless ADSL2+ Modem Router DGN2200v3
Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by
Dynamic DNS providers (see Using a Fully Qualified Domain Name (FQDN) on page 141) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request. Otherwise, the side using a dynamic IP address has to always be the initiator
.
Which method will you use to configure your VPN tunnels?
- The VPN Wizard using VPNC defaults (see Table 5, Parameters Recommended by
the VPNC and Used in the VPN Wizard on page 97).
- The typical automated Internet Key Exchange (IKE) setup (see Use Auto Policy to Configure VPN Tunnels on page 116).
- A manual keying setup in which you need to specify each phase of the connection
(see Use Manual Policy to Configure VPN Tunnels on page 123)?
Table 5. Parameters Recommended by the VPNC and Used in the VPN Wizard
Parameter Factory Default Setting
Secure Association Main Mode
Authentication Method Pre-Shared Key
Encryption Method 3DES
Authentication Protocol SHA-1
Diffie-Hellman (DH) Group Group 2 (1024 bit)
Key Life 8 hours
IKE Life Time 1 hour
What level of IPSec VPN encryption will you use?
- DES.
The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56-bit key. Faster but less secure than 3DES.
- 3DES.
Triple DES achieves a higher level of security by encrypting the data three
times using DES with three different, unrelated keys.
What level of authentication will you use?
- MD5. 128 bits, faster but less secure.
- SHA-1. 160 bits, slower but more secure.

VPN Tunnel Configuration

There are two tunnel configurations and three ways to configure them:
Use the VPN Wizard to configure a VPN tunnel (recommended for most situations):
- See Set Up a Client-to-Gateway VPN Configuration on page 98.
- See Set Up a Gateway-to-Gateway VPN Configuration on page 108.
Virtual Private Networking
97
N300 Wireless ADSL2+ Modem Router DGN2200v3
See Use Auto Policy to Configure VPN Tunnels on page 116 when the VPN Wizard and
its VPNC defaults are not appropriate for your special circumstances, but you want to automate the Internet Key Exchange (IKE) setup.
See Use Manual Policy to Configure VPN Tunnels on page 123 when the VPN Wizard
and its VPNC defaults are not appropriate for your special circumstances and you have to specify each phase of the connection.
You manually enter all the authentication and key parameters. You have more control over the process; however, the process is more complex, and there are more opportunities for errors or configuration mismatches between your DGN2200v3 and the corresponding VPN endpoint gateway or client workstation.
Note: NETGEAR publishes additional interoperability scenarios with
various gateway and client software products. Look on the NETGEAR website at www.netgear.com for these interoperability scenarios.

Set Up a Client-to-Gateway VPN Configuration

Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves these two steps:
Step 1: Configure the Gateway-to-Client VPN Tunnel on page 98 describes how to use
the VPN Wizard to configure the VPN tunnel between the remote PC and network gateway
Step 2: Configure the NETGEAR ProSafe VPN Client on page 101 shows how to
configure the NETGEAR ProSafe VPN Client endpoint.
Figure 11. Client-to-gateway VPN tunnel
.
IP: 192.168.3.1
22.23.24.25
VPN tunnel
Internet
0.0.0.0
PC running NETGEAR ProSafe VPN Client

Step 1: Configure the Gateway-to-Client VPN Tunnel

This section describes using the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 5 on page 97. If you have special requirements not
Virtual Private Networking
98
N300 Wireless ADSL2+ Modem Router DGN2200v3
covered by these VPNC-recommended parameters, see Set Up VPN Tunnels in Special
Circumstances on page 116 for information about how to set up the VPN tunnel.
The following worksheet identifies the parameters used in this procedure, which are highlighted in blue. For a blank worksheet, see Plan a VPN on page 96.
Table 6. VPN Tunnel Configuration Worksheet
Parameter Value to Be
Entered
Connection Name RoadWarrior N/A
Pre-Shared Key 12345678 N/A
Secure Association N/A Main Mode Manual Keys
Perfect Forward secrecy N/A Enabled Disabled
Encryption Protocol N/A DES 3DES
Authentication Protocol N/A MD5 SHA-1
Diffie-Hellman (DH) Group N/A Group 1 Group 2
Key Life in seconds 28800 (8 hours) N/A
IKE Life Time in seconds 3600 (1 hour) N/A
VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway
Client toGateway N/A N/A Dynamic
Gateway toClient 192.168.3.1 255.255.255.0 22.23.24.25
Field Selection
IP (W
AN IP
Address)
To configure a client-to-gateway VPN tunnel using the VPN Wizard:
1. Select Advanced >
Advanced - VPN > VPN Wizard.
Virtual Private Networking
99
N300 Wireless ADSL2+ Modem Router DGN2200v3
2. Click Next.
3. Fill in the Connection Name and pre-shared key fields.
The connection name is for convenience and does not affect how the VPN tunnel functions.
4. Select the radio button for A remote VPN client (single PC), and click Next.
5. Enter the remote IP address and subnet mask, and click Next.
The Summary screen displays:
Note: To view the VPNC-recommended authentication and encryption
settings used by the VPN Wizard, click the here link.
Virtual Private Networking
100
Loading...