Netgear WAC124 User Manual

Download

User Manual

AC2000 802.11ac Wireless Access Point/Router

Model WAC124

NETGEAR, Inc.

350 E. Plumeria DriveDecember 2018 San Jose, CA 95134, USA202-11885-02

AC2000 802.11ac

Support

Thank you for purchasing this NETGEAR product. You can visit https://www.netgear.com/support/ to register your product, get help, access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR support resources.

Compliance and Conformity

For regulatory compliance information including the EU Declaration of Conformity, visit https://www.netgear.com/about/regulatory/.

See the regulatory compliance document before connecting the power supply.

Do not use this device outdoors. If you connect cables or devices that are outdoors to this device, see http://kb.netgear.com/000057103 for safety and warranty information.

Trademarks

Revision History

Number

CommentsPublish DatePublication Part

First publication.December 2018202-11885-02

Chapter 1 Hardware Overview of the Access Point/Router

Top panel with LEDs...........................................................................12

Back panel with ports, buttons, and a power connector...............13

Position the antennas for best WiFi performance..........................14

Access point/router label..................................................................14

Chapter 2 Install and Access the Access Point/Router in Your Network

Connect the access point/router to your existing router and log in

for the first time...................................................................................17

Update the access point/router firmware if you cannot complete

the initial log-in process.....................................................................21

About router mode............................................................................22

Use the access point/router in router mode...................................23

Internet.................................................................................................26

Internet.................................................................................................28

Use the NETGEAR Insight mobile app to discover the access

point/router.........................................................................................29

Find the IP address of the access point/router...............................29

Change the language........................................................................31

Change the local login admin password.........................................32

Set up password recovery for the local login admin user name...33 Connect a wired or WiFi device to the access point/router’s network

after installation...................................................................................34

Connect to the access point/router through an Ethernet

cable................................................................................................34

Use Wi-Fi Protected Setup to join the WiFi network of the access

point/router....................................................................................35

Manually join the WiFi network of the access point/router......36

Chapter 3 Specify the Access Point/Router Internet Settings Manually

Use the Internet Setup Wizard..........................................................38

Access point mode: Specify a fixed LAN IP address......................39

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Manually set up the access point/router Internet

connection...........................................................................................40

Router mode: Specify a dynamic or fixed WAN IP address Internet

connection without a login...........................................................40

Router mode: Specify a PPPoE Internet connection that uses a

Router mode: Specify a PPTP or L2TP Internet connection that

uses a login.....................................................................................44

Router mode: Specify an IPv6 Internet connection........................46

Router mode: Requirements for entering IPv6 addresses.......47

Router mode: Use Auto Detect for an IPv6 Internet

connection......................................................................................47

Router mode: Use Auto Config for an IPv6 Internet

connection......................................................................................49

Router mode: Set up an IPv6 6to4 tunnel Internet connection.51

Router mode: Set up an IPv6 6rd Internet connection..............52

Router mode: Set up an IPv6 passthrough Internet

connection......................................................................................54

Router mode: Set up an IPv6 fixed Internet connection...........55

Router mode: Set up an IPv6 DHCP Internet connection.........57

Router mode: Set up an IPv6 PPPoE Internet connection........58

Chapter 4 Manage the Basic WiFi and Radio Features

Set up or change an open or secure WiFi network........................62

Configure WPA and WPA2 Enterprise WiFi security.....................65

Disable or enable a WiFi network....................................................67

Hide or broadcast the SSID for a WiFi network..............................68

Enable or disable the WiFi radios.....................................................69

Use WPS to add a device to the WiFi network................................70

Use WPS with the push button method......................................70

Use WPS with the PIN method.....................................................72

Chapter 5 Manage the Firewall and Security

Router mode: Manage the basic firewall settings..........................75

Router mode: Manage port scan protection and denial of service

protection........................................................................................75

Router mode: Set up a default DMZ server................................76

Router mode: Manage IGMP proxying.......................................77

Router mode: Manage NAT filtering...........................................78

Router mode: Manage the SIP application-level gateway........79

Router mode: Manage VPN pass-through..................................80

Allow or block device access to your network................................81

Enable and manage network access control..............................81

Manage network access control lists...........................................82

AC2000 802.11ac Wireless Access Point/Router WAC124

Add or remove a device from the allowed list...........................83

Add or remove a device from the blocked list...........................84

Router mode: Specify keywords and domains to block Internet

sites.......................................................................................................85

Router mode: Set up keyword and domain blocking...............85

Router mode: Specify a trusted device.......................................87

Router mode: Remove a keyword or domain from the blocked

list.....................................................................................................88

Router mode: Remove all keywords and domains from the

blocked list......................................................................................89

Router mode: Block specific services and applications from the

Internet.................................................................................................89

Router mode: Add a service blocking rule for a predefined service

or application..................................................................................90

Router mode: Add a service blocking rule for a custom service

or application..................................................................................91

Router mode: Change a service blocking rule..........................93

Router mode: Remove a service blocking rule..........................94

Router mode: Set up a schedule for blocking................................95

Set up security event email notifications.........................................96

Chapter 6 Optimize Performance

Optimize traffic with the default QoS rules...................................100

Manage default and custom QoS rules.........................................101

Add a custom QoS rule for a service or application...............101

Add a custom QoS rule for a device.........................................102

Change a QoS rule or change the priority for a rule...............103

Remove a QoS rule......................................................................104

Remove all QoS rules..................................................................105

Manage uplink bandwidth control.................................................106

Manage WiFi Multimedia (WMM) for a radio...............................107

Improve network connections with Universal Plug and Play......108

Chapter 7 Manage the Network Settings

Router mode: Manage the LAN IP address settings....................112

Router mode: Change the access point/router network device

name..............................................................................................112

Router mode: Change the LAN IP address and subnet

settings..........................................................................................113

Router mode: Manage the DHCP server address pool..........114

Router mode: Disable the DHCP server...................................116

Router mode: Manage the Router Information Protocol

settings..........................................................................................117

Router mode: Manage reserved LAN IP addresses.....................118

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Reserve a LAN IP Address.................................118

Router mode: Change a reserved LAN IP address.................119

Router mode: Remove a reserved LAN IP address entry.......120

Add and manage IPv4 static routes...............................................121

Add an IPv4 static route..............................................................122

Change an IPv4 static route........................................................123

Remove an IPv4 static route.......................................................124

Router mode: Enable an IPTV bridge for a port group or VLAN tag

group.................................................................................................125

Router mode: Enable an IPTV bridge for a port group..........125

Router mode: Enable an IPTV bridge for a VLAN tag group..126

Router mode: Change the MTU size..............................................128

Chapter 8 Maintain and Monitor the Access Point/Router

Update the firmware of the access point/router..........................132

Let the access point/router check for new firmware and update

the firmware..................................................................................132

Check for new firmware manually and update the access

point/router manually.................................................................133

Manage the configuration file of the access point/router...........135

Back up the access point/router configuration file.................135

Restore the access point/router configuration settings..........136

Recover the local login admin password......................................137

Return the access point/router to its factory default settings.....138

Use the Reset button...................................................................138

Erase the settings to factory default settings...........................139

Manage the time settings................................................................140

Manually set the time zone and adjust the daylight saving

time................................................................................................140

Change the NTP server...............................................................141

Manage the activity log...................................................................142

Specify which activities the access point/router logs..............142

View, send, or clear the logs......................................................143

View the status and statistics of the access point/router.............144

Access point mode: View information about the access

point/router, LAN port, and WiFi settings................................144

Router mode: View information about the access point/router,

Internet port, and WiFi settings.................................................147

Check the Internet connection status........................................150

Display Internet port statistics....................................................152

View devices currently on the access point/router network...153

Router mode: Monitor and meter Internet traffic.........................155

Router mode: Start the traffic meter without traffic restrictions.155

Router mode: Restrict Internet traffic by volume.....................156

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Restrict Internet traffic by connection time.....158

Router mode: View the Internet traffic volume and statistics..159

Router mode: Unblock the traffic meter after the traffic limit is

reached.........................................................................................160

Router mode: Manage and use remote access............................161

Router mode: Set up remote management for the access

point/router..................................................................................161

Router mode: Use remote access..............................................163

Change the system mode to router mode or back to access point

mode..................................................................................................163

Disable LED blinking or turn off LEDs............................................165

Chapter 9 Share a USB Storage Device Attached to the Access Point/Router

USB device requirements................................................................167

Connect a USB storage device to the access point/router.........167

Access a USB storage device that is connected to the access

point/router.......................................................................................168

Access a USB storage device from a Windows-based

computer......................................................................................168

Access a USB storage device from a Mac.................................168

Map a USB storage device to a Windows network drive............169

Back up a Windows-based computer with ReadySHARE Vault...170

Back up a Mac with Time Machine.................................................171

Set up a USB hard disk drive on a Mac.....................................171

Prepare to back up a large amount of data..............................172

Use Time Machine to back up onto a USB hard disk drive....172

Manage access to a USB storage device.......................................174

Enable FTP access within the access point/router network........176

View and manage network folders on a USB storage device.....178

View network folders on a USB storage device.......................178

Add a network folder on a USB storage device.......................179

Change a network folder on a USB storage device................180

Router mode: Approve a USB storage device.............................181

Safely remove a USB storage device.............................................182

Chapter 10 Use the Access Point/Router as a Media Server

Specify ReadyDLNA media server settings...................................185

Play music from a storage device with iTunes server..................186

Set up the access point/router’s iTunes server with iTunes....186

Set up the access point/router’s iTunes server with the Remote

app.................................................................................................188

Set up the access point/router to work with TiVo........................190

AC2000 802.11ac Wireless Access Point/Router WAC124

Chapter 11 Router Mode: Manage Dynamic DNS and FTP Access Through the Internet

Router mode: Set up and manage Dynamic DNS.......................192

Router mode: Set up a new Dynamic DNS account................192

Router mode: Specify a DNS account that you already

created..........................................................................................193

Router mode: Change the Dynamic DNS settings..................194

Router mode: Use DDNS with FTP to access your network........195

Router mode: Overview of the steps to set up an FTP server with

DDNS.............................................................................................195

Router mode: Set up FTP access through the Internet on the

access point/router......................................................................196

Router mode: Use FTP to access a storage device over the

Internet..........................................................................................197

Chapter 12 Router Mode: Set up VPN Connections with OpenVPN

Router mode: Enable and configure OpenVPN and VPN client access

on the access point/router..............................................................200

Router mode: Install OpenVPN client software on a remote

client...................................................................................................201

Router mode: Install the OpenVPN client utility and VPN

configuration files on a Windows-based computer................202

Router mode: Install the OpenVPN client utility and VPN

configuration files on a Mac.......................................................203

Router mode: Install the OpenVPN client utility and VPN

configuration files on an iOS device.........................................204

Router mode: Install the OpenVPN client utility and VPN

configuration files on an Android device.................................205

Router mode: Set up an OpenVPN connection...........................207

Router mode: Manage VPN access to your network or Internet

service at your office or home....................................................207

Router mode: Use a VPN tunnel to access your Internet service

at your office or home.................................................................208

Chapter 13 Manage the Advanced WiFi and Radio Features

Add a WiFi schedule for a radio.....................................................210

Change the channel for a radio......................................................211

Change the WiFi throughput mode for a radio band.................212

Change the transmission output power for a radio.....................214

Manage advanced WiFi and broadcast settings..........................215

Manage the WPS settings...............................................................216

Specify how the access point/router manages WiFi clients........218

Manage Implicit Beamforming..................................................218

AC2000 802.11ac Wireless Access Point/Router WAC124

Manage MU-MIMO......................................................................219

Manage Airtime Fairness............................................................220

Set Up a WiFi bridge between the access/point router and another

device.................................................................................................221

Chapter 14 Router Mode: Manage Port Forwarding and Port Triggering

Router mode: Manage port forwarding to a local server for services

and applications...............................................................................225

Router mode: Forward incoming traffic for a default service or

application....................................................................................225

Router mode: Add a port forwarding rule for a custom service

or application...............................................................................226

Router mode: Change a port forwarding rule.........................228

Router mode: Remove a port forwarding rule.........................229

Router mode application example: Make a local web server

public.............................................................................................230

Router mode: How the access/point router implements a port

forwarding rule.............................................................................230

Router mode: Manage port triggering for services and

applications.......................................................................................231

Router mode: Add a port triggering rule.................................232

Router mode: Change a port triggering rule...........................233

Router mode: Remove a port triggering rule..........................234

Router mode: Specify the time-out for port triggering...........235

Router mode: Disable port triggering......................................236

Router mode application example: Port triggering for Internet

Relay Chat.....................................................................................237

Chapter 15 Diagnostics and Troubleshooting

Reboot the access point/router from its local browser interface.240

Quick tips...........................................................................................241

Router mode: Sequence to restart your access point/router

network.........................................................................................241

Check the Ethernet cable connections.....................................241

Check the WiFi settings of your computer or mobile device..241

Check the DHCP network settings of your computer or mobile

device............................................................................................242

Standard LED behavior when the access point/router is powered

on........................................................................................................242

Troubleshoot with the LEDs............................................................243

Power LED is off...........................................................................243

Power LED stays blinking green................................................243

Access point mode: Internet LED is off.....................................244

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Internet LED is off...............................................244

WiFi LED Is Off.............................................................................245

You cannot log in to the access point/router...............................245

Access point mode: You cannot log in to the access

point/router..................................................................................245

Router mode: You cannot log in to the access point/router...247

Router mode: You cannot access the Internet.............................248

Router mode: Check the Internet WAN IP address.................248

Router mode: Check or manually start the PPPoE connection.250

Troubleshoot Internet browsing.....................................................251

Troubleshoot the WiFi connectivity...............................................252

Changes are not saved....................................................................253

Troubleshoot your network using the ping utility of your

computer...........................................................................................253

Test the LAN path from your computer to the access

point/router..................................................................................253

Router mode: Test the path from your computer to a remote

device............................................................................................254

Appendix A Factory Default Settings and Technical Specifications

Factory default settings...................................................................257

Technical specifications...................................................................259

Appendix B Position and Wall-Mount the Access Point/Router

Position the access point/router.....................................................262

Wall-mount the access point/router..............................................263

Hardware Overview of the Access Point/Router

The NETGEAR AC2000 802.11ac Wireless Access Point/Router Model WAC124, in this manual referred to as the access point/router, supports dual-band concurrent operation at 2.4 GHz and 5 GHz with combined throughput of 2000 Mbps (300 Mbps at 2.4 GHz and 1700 Mbps at 5 GHz). The access point/router is designed to function in a small office network or home network.

You can use the access point/router in access point mode with its router features disabled, connected to an existing router in your network. You can also use the access point/router in router mode with its router features enabled, directly connected to an Internet modem.

The chapter contains the following sections:

• Top panel with LEDs

• Back panel with ports, buttons, and a power connector

• Position the antennas for best WiFi performance

• Access point/router label

Important: By default, the access point/router is in access point mode with its DHCP client enabled and must get an IP address from another router in your network. For the

initial log-in process, also called single sign-on (SSO), the access point/router must connect to the Internet and you must log in with a MyNETGEAR account. (You can create an account during the log-in process.) After you complete the initial log-in process, you can change the mode to router mode and also change the settings offline.

Note: For more information about the topics that are covered in this manual, visit the support website at netgear.com/support/.

Note: Firmware updates with new features and bug fixes are made available from time to time at netgear.com/support/download/. You can check for and download new

firmware manually. If the features or behavior of your product does not match what is described in this manual, you might need to update the firmware.

AC2000 802.11ac Wireless Access Point/Router WAC124

Top panel with LEDs

The four status LEDs are located on the top panel of the access point/router. From left to right, the top panel contains the Power LED, Internet LED, WiFi LED, and USB LED.

Figure 1. Top panel with LEDs

Table 1. LED descriptions

DescriptionLED

Power

Internet

Solid green. The access point/router is ready.

Solid green temporarily, blinking green temporarily, and finally solid green. The

access point/router is starting or was reset to factory default settings and is restarting. For more information about resetting the access point/router to factory default settings, see Return the access point/router to its factory default settings on page 138.

Blinking green. The access point/router is starting or upgrading firmware. If the Power LED is blinking green at any other time, see Power LED stays blinking green on page

243.

Off. Power is not supplied to the access point/router.

Solid green or blinking green. An Internet connection is established.

Off. No Internet connection is established. For more information, see Access point

mode: Internet LED is off on page 244 (access point mode is the default system mode) or Router mode: Internet LED is off on page 244.

Access Point/Router

User Manual12Hardware Overview of the

AC2000 802.11ac Wireless Access Point/Router WAC124

Table 1. LED descriptions (Continued)

DescriptionLED

WiFi

USB

Solid green. One or both WiFi radios are operating.

Blinking green. One or both WiFi radios are sending or receiving traffic.

Blinking green slowly. Someone pressed the WPS button.

Off. Both WiFi radios are off. For more information, see WiFi LED Is Off on page 245.

Solid green. A USB device is connected and is ready.

Off. No USB device is connected.

Back panel with ports, buttons, and a power connector

The back panel of the access point/router provides ports, buttons, and a DC power connector.

Figure 2. Access point/router back panel

Access Point/Router

User Manual13Hardware Overview of the

AC2000 802.11ac Wireless Access Point/Router WAC124

Viewed from left to right, the back panel contains the following components:

USB 2.0 port. One USB 2.0 port to connect a storage device or printer to the access

• point/router.

LAN ports 4 through 1. Four Gigabit Ethernet RJ-45 LAN ports numbered LAN4

• through LAN1 to connect the access point/router to Ethernet devices such as a computer and a switch.

Internet port. One Internet (WAN) port to connect the access point/router to a

• router, network switch, or network hub in your network (see Connect the access point/router to your existing router and log in for the first time on page 17). This port must provide the Internet connection to the access point/router. If you want to use the access point/router in router mode, do not connect this port to an Internet modem until after you complete the initial log-in process (see Use the access point/router in router mode on page 23).

WPS button. Press the WPS button to join the access point/router’s WiFi network

• without typing the WiFi password. For more information, see Use WPS to add a device to the WiFi network on page 70.

Reset button. Press the Reset button to reset the access point/router to factory

• default settings. For more information, see Use the Reset button on page 138.

Power On/Off button. Press the Power On/Off button to provide power to the

• access point/router.

DC power connector. Connect the power adapter that came in the product package

• to the DC power connector.

Position the antennas for best WiFi performance

You can swivel the three access point/router antennas in any direction. For best WiFi performance, we recommend that you experiment with various antenna positions. For example, you could position the center antenna vertically and aim the other two antennas outward at 45-degree angles.

Access point/router label

The access point/router label on the bottom panel of the access point/router shows the default login information, default WiFi network name (SSID), default WiFi passphrase, serial number and MAC address of the access point/router, and other information.

User Manual14Hardware Overview of the

Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

Figure 3. Access point/router label

Access Point/Router

User Manual15Hardware Overview of the

Install and Access the Access Point/Router in Your Network

This chapter describes how you can install and access the access point/router in your network and go through the initial log-in process, also referred to as single sign-on (SSO). By default, the access point/router is in access point mode. You can also change the mode to router mode.

The chapter contains the following sections:

• Connect the access point/router to your existing router and log in for the first time

• Update the access point/router firmware if you cannot complete the initial log-in process

• About router mode

• Use the access point/router in router mode

• Log in to the access point/router when it is connected to the Internet

• Log in to the access point/router when it is not connected to the Internet

• Use the NETGEAR Insight mobile app to discover the access point/router

• Find the IP address of the access point/router

• Change the language

• Change the local login admin password

• Set up password recovery for the local login admin user name

• Connect a wired or WiFi device to the access point/router’s network after installation

AC2000 802.11ac Wireless Access Point/Router WAC124

Connect the access point/router to your existing router and log in for the first time

By default, the access point/router is in access point mode and functions as a WiFi access point and LAN switch for Internet access. Basically, in access point mode, the access point/router functions as a bridge between your existing router and the access point/router’s LAN and WiFi clients. The access point/router, LAN clients, and WiFi clients receive an IP address from or through your existing router.

Note: For the initial log-in process, do not directly connect the access point/router to an Internet modem.

For the initial log-in process, also referred to as single sign-on (SSO), the following are required:

The access point/router must be in its default access point mode.

•

The access point/router must be connected to the Internet through an existing router

• in your network.

You must log in with a MyNETGEAR account. If you do not have a MyNETGEAR

• account, you must create one during the initial log-in process.

If you want, after you complete the initial log-in process, you can change the mode to router mode and connect the access point/router to an Internet modem (see Use the access point/router in router mode on page 23). Certain features are supported only in router mode, for example, routing services such as NAT and the DHCP server.

The easiest way to set up and start using the access point/router is to connect it to your router, either directly, or through a switch or hub (almost any router functions as a DHCP server). If your network includes an independent DHCP server, connect the access point/router to a switch or hub that is connected to the DHCP server. When you log in to the access point/router, you connect to the local browser–based management interface, in this manual referred to as the local browser interface.

Point/Router in Your Network

User Manual17Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Figure 4. Connect the access point/router to another router in your network

To connect the access point/router to a router and log in to the local browser interface for the first time:

1. Connect an Ethernet cable to the yellow Internet (WAN) port on the access point/router.

Connect the other end of the cable to a LAN port on your router (or switch or hub that is connected to a DHCP server).

3. Power on the access point/router and check to see that the LEDs light.

DescriptionLED

Power

Internet

The Power LED lights solid green, then blinks green, and then lights solid green again

when the startup procedure is finished. This process takes about 90 seconds. If the

Power LED does not light at all, press the Power On/Off button on the back panel.

The Internet LED blinks green or lights solid green when the Internet connection is

established.

The WiFi LED lights solid green.WiFi

Important: Be sure that the access point/router is connected to the Internet before you continue. (The Internet LED must blink green or light solid green.)

Connect over WiFi. On a WiFi-enabled computer or mobile device, find and

•

connect to the access point/router’s WiFi network. The default SSID is NETGEAR-1. The default passphrase is sharedsecret.

Point/Router in Your Network

User Manual18Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Connect over Ethernet to the same network. Using an Ethernet cable, connect

•

the LAN port on your computer to the same router that the access point/router is connected to. You can connect your computer either directly or through a switch or hub to the router.

Connect over Ethernet directly to the access point/router. Using an Ethernet

•

cable, connect the LAN port on your computer directly to any of the four LANs port on the access point/router.

Launch a web browser and enter http://www.routerlogin.net in the address field. The Sign-In page displays.

Note: If the Sign-In page does not display, see Access point mode: You cannot log in to the access point/router on page 245.

If the Sign-In page displays the ! A new firmware upgrade is available. Click here to get it. button, do the following:

Click the ! A new firmware upgrade is available. Click here to get it. button. The access point/router finds the new firmware information and displays a message asking if you want to download and install it.

Click the Yes button. The access point/router locates and downloads the firmware and begins the update. The Firmware Upgrade Assistant page displays while the firmware of the access point/router is being updated. During the update, do not turn off the power or press the Reset button. The update process takes about three minutes, after which the access point/router restarts.

If the Sign-In page does not display, launch a web browser and enter http://www.routerlogin.net in the address field.

Depending on whether you already own a MyNETGEAR account, do one of the following:

You already own a MyNETGEAR account. Do the following:

•

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button.

Point/Router in Your Network

User Manual19Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

You do not yet own a free MyNETGEAR account. Do the following:

•

Click the Create button. The Create NETGEAR Account page displays.

b. Set up a new account.

c. Log in with your MyNETGEAR registered email address and password.

Note: If the NETGEAR Account Login page or Create NETGEAR Account page does not display, if you cannot sign in to your existing MyNETGEAR account or create a new MyNETGEAR account, or if you encounter any other problem that prevents you from completing the initial log-in process, you first might need to reset the access point/router to factory default settings and then update the firmware (see Update the access point/router firmware if you cannot complete the initial log-in process on page 21. After you do so, if you still encounter problems, see Troubleshoot Internet browsing on page 251.

After you successfully log in to your MyNETGEAR account, the access point/router is registered with NETGEAR.

The BASIC Home page of the access point/router displays. You can now change the settings of the access point/router.

If new firmware is available, the BASIC Home page displays the ! A new firmware update available, Click here to get it. button. For information about how to update the firmware, see Step 9.

Whether or not new firmware is available, do the following: a.

Select ADVANCED. The ADVANCED Home page of the access point/router displays. The LAN Port pane shows the IP address that is now assigned to the access point/router.

Write down the LAN IP address of the access point/router for later use. You must use this IP address if you plan to connect to the same network as the access point/router but not directly to the access point/router network. If you are directly connected to the access point/router network, you can use http://www.routerlogin.net.

If new firmware is available, do the following to update the firmware: a.

Select BASIC. The BASIC Home page displays again.

Point/Router in Your Network

User Manual20Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Update the access point/router firmware if you cannot complete the initial log-in process

During the initial log-in process, if the NETGEAR Account Login page or Create NETGEAR Account page does not display, if you cannot sign in to your existing MyNETGEAR account or create a new MyNETGEAR account, or if you encounter any other problem that prevents you from completing the initial log-in process, you first might need to reset the access point/router to factory default settings. Then, without logging in to your existing MyNETGEAR account or creating a new MyNETGEAR account, you can update the access point/router firmware (if new firmware is available).

After you update the firmware, you can log in to your existing MyNETGEAR account or create a new MyNETGEAR account and complete the initial log-in process.

To reset the access point/router to factory default settings and update the firmware if you cannot complete the initial log-in process:

1. Be sure that the access point/router is still connected to the Internet.

Note: If you did not change the connection setup of the access point/router as described in Step 1 through Step 4 of Connect the access point/router to your existing router and log in for the first time on page 17, the access point/router is still connected to the Internet.

Reset the access point/router to factory default settings by doing the following: a.

On the back of the access point/router, locate the Reset button.

Using a straightened paper clip, press and hold the recessed Reset button until the Power LED lights yellow, which takes about five seconds.

Release the Reset button.

Point/Router in Your Network

User Manual21Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

The Power LED starts blinking yellow and the configuration is reset to factory default settings. When the reset is complete, the access point/router reboots and connects to the NETGEAR server to detect if new firmware is available. The entire process of resetting, rebooting, and detecting firmware takes about three minutes.

Caution: After the access point/router reboots, wait at least one more minute.

If you log in too early, the access point/router might not yet have completed the firmware detection process.

Launch a web browser and enter http://www.routerlogin.net in the address field. The Sign-In page displays.

If the Sign-In page now displays the ! A new firmware upgrade is available. Click here to get it. button, do the following:

If the Sign-In page does not display, launch a web browser and enter http://www.routerlogin.net in the address field.

Continue with Step 7 of Connect the access point/router to your existing router and log in for the first time on page 17 and complete the initial log-in process.

About router mode

By default, the access point/router is in access point mode and functions as a WiFi access point and LAN switch for Internet access. After initial log-in, you can change the mode of the access point/router to router mode, connect the access point/router directly to an Internet modem such as a cable or DSL modem, and log back in to the access point/router.

Point/Router in Your Network

User Manual22Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Important: Only after you complete the initial log-in process in access point mode (see

Connect the access point/router to your existing router and log in for the first time on page 17), can you change the system mode to router mode and connect the access point/router to an Internet modem.

The following features are supported in router mode (and are disabled in access point mode):

Internet settings, including an IP address issued through dynamic DHCP (the default

• setting), a manually specified static IP address, an IP address issued through PPPoE,

L2TP, or PPTP, and various ways to implement an IPv6 address.

WAN settings, including routing services such as NAT.

•

LAN settings, including a DHCP server.

•

Internet security settings, including the option to block sites and services, and the

• option to set up port forwarding and port triggering rules.

VPN service.

•

Remote management.

•

Advanced USB settings.

•

Internet traffic meter.

•

VLAN or bridge tag group for an IPVT device.

•

Note: If the access point/router is in router mode, you can always reach the local browser

interface by entering http://www.routerlogin.net in the address field of your browser.

For information about changing the system mode of the access point/router from access point mode to router mode, see Use the access point/router in router mode on page 23 or, after initial setup, Change the system mode to router mode or back to access point mode on page 163.

Use the access point/router in router mode

When you set up the access point/router in router mode, the following applies:

If the WAN type of your Internet modem is dynamic DHCP, the access point/router

• automatically receives an IP address from your Internet service provider (ISP).

If the WAN type is PPPoE, L2TP, or PPTP, you must manually set up the Internet

• connection.

Point/Router in Your Network

User Manual23Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Note: If you are not sure what the WAN type of your modem is, contact your ISP before

you start the following procedure.

Figure 5. Connect the access point/router in router mode to your Internet modem

To change to router mode, connect the access point/router directly to an Internet modem, and log back in to the local browser interface:

If you did not do so yet, follow the steps in Connect the access point/router to your existing router and log in for the first time on page 17.

Note: Only after you complete the initial log-in process in access point mode, can you change the mode to router mode and connect the access point/router to an Internet modem.

The BASIC Home page displays.

Select ADVANCED > Advanced Setup > Wireless Access Point. The Wireless Access Point page displays.

Clear the Enable Access Point Mode check box.

Click the Apply button. Your settings are saved and the access point/router restarts in router mode.

5. Unplug your Internet modem’s power, leaving the modem connected to the wall jack for your Internet service.

If the modem uses a battery backup, remove the battery.

Disconnect the Ethernet cable that is connected to the yellow Internet port of the router and connect it directly to your modem.

User Manual24Install and Access the Access

Point/Router in Your Network

AC2000 802.11ac Wireless Access Point/Router WAC124

If the modem uses a battery backup, put the battery back in.

8. Plug in and turn on the modem.

Connect over WiFi. On a WiFi-enabled computer or mobile device, find and

•

connect to the access point/router’s WiFi network. The default SSID is NETGEAR-1. The default passphrase is sharedsecret.

Connect over Ethernet directly to the access point/router. Using an Ethernet

•

cable, connect the LAN port on your computer directly to any of the four LANs port on the access point/router.

10. Depending on how the access point/router receives a WAN IP address, log back in to the router by doing the following:

The WAN type of the modem is dynamic DHCP. If the access point/router can

•

connect to the Internet, the access point/router automatically receives an IP address through the modem. The Internet LED lights solid green when the access point/router is connected to the Internet. Do the following:

Launch a web browser and enter http://www.routerlogin.net in the address field. The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays. You can now change the router settings and other settings of the access point/router.

The WAN type of the modem is PPPoE, L2TP, or PPTP. The router cannot

•

automatically connect to the Internet and receive an IP address through the modem. Do the following:

Launch a web browser and enter http://www.routerlogin.net in the address field. The Sign-In page displays. You are prompted to sign in with the local login credentials.

If you did not yet change the default password, enter admin as the user name and password as the password. The user name and password are case-sensitive.

Click the Login button. The BASIC Home page displays.

Point/Router in Your Network

User Manual25Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Select ADVANCED > Setup Wizard. The Setup Wizard page displays.

Click the Next button.

f. During the Internet connection setup process, follow the prompts and provide

the required PPPoE, L2TP, or PPTP information. The Internet LED lights solid green when the access point/router is connected to the Internet.

When you are prompted, change your admin password for local login and set up password recovery. The BASIC Home page displays. You can now change the router settings and other settings of the access point/router.

11.

Clear the cache of your browser. In router mode, the access point/router functions with a different IP address than in

access point mode. Clearing the cache of your browser might prevent website connectivity problems.

If you experience connectivity problems, see one of the following sections:

Router mode: You cannot log in to the access point/router on page 247

•

Router mode: Manually set up the access point/router Internet connection on

•

page 40

Router mode: You cannot access the Internet on page 248

•

Troubleshoot Internet browsing on page 251

•

Log in to the access point/router when it is connected to the Internet

If the access point/router is connected to the Internet, you must use the registered email address and password for your NETGEAR account.

Point/Router in Your Network

User Manual26Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Note: You can log in even if the access point/router is not connected to the Internet.

In such as situation, you must use the local login admin user name and default password (see Log in to the access point/router when it is not connected to the Internet on page

28).

To log in to the access point/router when it is connected to the Internet:

Open a web browser from a computer or mobile device that is connected either directly to the access point/router network or to the same network as the access point/router.

A direct connection to the access point/router network, which is the most common type of setup, can be through WiFi or over Ethernet:

WiFi. A connection from a computer or mobile device to a WiFi network on the

•

access point/router.

Ethernet. A connection from a computer over an Ethernet cable to one of the

•

LAN ports on the access point/router, either with or without a switch or hub between the computer and the access point/router.

Do one of the following:

Directly connected. Enter http://www.routerlogin.net in the address field.

•

Connected to the same network but not directly connected. Enter the IP

•

address that was assigned to the access point/router by your existing router during the setup process. If you do no know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page of the local browser interface displays. You can now change

the settings of the access point/router.

The BASIC Home page displays a dashboard that lets you see the status of your access point/router at a glance.

Point/Router in Your Network

User Manual27Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Log in to the access point/router when it is not connected to the Internet

After you connected to the access point/router and logged in for the first time (see Connect the access point/router to your existing router and log in for the first time on page 17), you can log in again, even if the access point/router is not connected to the Internet. In such a situation, use the local login admin user name and default password, which are different from the registered email address and password for your NETGEAR account.

Note: Use the registered email address and password for your NETGEAR account only when the access point/router is connected to the Internet (see Log in to the access

point/router when it is connected to the Internet on page 26).

To log in to the access point/router when it is not connected to the Internet:

Open a web browser from a computer or mobile device that is connected either directly to the access point/router network or to the same network as the access point/router.

A direct connection to the access point/router network, which is the most common type of setup, can be through WiFi or over Ethernet:

WiFi. A connection from a computer or mobile device to a WiFi network on the

•

access point/router.

Ethernet. A connection from a computer over an Ethernet cable to one of the

•

LAN ports on the access point/router, either with or without a switch or hub between the computer and the access point/router.

2. Enter the IP address that was assigned to the access point/router by your existing router during the setup process.

If you do no know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. Because the access point/router is not connected to the Internet, you are prompted to sign in with the local login credentials.

If you did not yet change the default password, enter admin as the user name and password as the password.

The user name and password are case-sensitive.

For information about how to change the password for local login, see Change the local login admin password on page 32.

User Manual28Install and Access the Access

Point/Router in Your Network

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The BASIC Home page of the local browser interface displays. You can now change

the settings of the access point/router.

The BASIC Home page displays a dashboard that lets you see the status of your access point/router at a glance.

Use the NETGEAR Insight mobile app to discover the access point/router

The NETGEAR Insight mobile app lets you discover the access point/router in your network.

Note: Although you can use the NETGEAR Insight mobile app to register the access point/router, the access point/router is already registered automatically after the initial

log-in process.

To use the NETGEAR Insight mobile app to discover the access point/router in your network:

On your iOS or Android mobile device, go to the app store, search for NETGEAR Insight, and download and install the app.

2. Connect your mobile device to the access point/router WiFi network.

3. Open the NETGEAR Insight mobile app.

Select LOG IN to log in to your existing NETGEAR account, which is the same account that you logged into or created during the initial log-in process.

After you log in to your account, the IP address of the access point/router displays in the device list.

Write down the IP address for future use.

Find the IP address of the access point/router

Under the following circumstances, you cannot use http://www.routerlogin.net to log in to the access point/router:

Your computer or mobile device is not directly connected to the access point/router

• network but to the same network as the access point/router.

User Manual29Install and Access the Access

Point/Router in Your Network

AC2000 802.11ac Wireless Access Point/Router WAC124

Your computer or mobile device is directly connected to the access point/router,

• but the access point/router is not connected to the Internet.

Your network includes another NETGEAR device that is also accessible by using

•

http://www.routerlogin.net. In such a situation, if you use

http://www.routerlogin.net, you might log in to the access point/router or you

might log in to the other NETGEAR device, depending on your network situation.

In these situations, to log in to the local browser interface of the access point/router, use the IP address that was assigned to the access point/router by your existing router during the setup process (see Connect the access point/router to your existing router and log in for the first time on page 17).

If you do not know the IP address that was assigned to the access point/router, use one of the following options to find the IP address of the access point/router:

Only if the access point/router is connected to the Internet, do one of the following:

•

Option 1. Temporarily connect directly and log in. Temporarily connect a computer or mobile device directly through an Ethernet cable or over WiFi to the access point/router and do the following:

Open a web browser from a computer or mobile device that is directly connected to the access point/router network.

Enter http://www.routerlogin.net in the address field.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED. The ADVANCED Home page displays

In the LAN Port pane, click the Connection Status button. The IP Address field displays the IP address that is assigned to the access point/router.

Option 2. Temporarily connect directly and ping the access point/router.

Temporarily connect a computer or mobile device directly through an Ethernet cable or over WiFi to the access point/router and send a ping to http://www.routerlogin.net. How to send a ping depends on your computer or mobile device. On your computer or mobile device, the field with the ping results displays the IP address that is assigned to the access point/router.

Point/Router in Your Network

User Manual30Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Regardless of whether the access point/router is connected to the Internet, do one

• of the following:

Option 1. Use the NETGEAR Insight mobile app. To use the NETGEAR Insight mobile app to discover the IP address of the access point/router in your network, do the following:

On your iOS or Android mobile device, go to the app store, search for NETGEAR Insight, and download and install the app.

2. Connect your mobile device to the access point/router WiFi network.

3. Open the NETGEAR Insight mobile app.

Select LOG IN to log in to your existing NETGEAR account, which is the same account that you logged into or created during the initial log-in process. After you log in to your account, the IP address of the access point/router displays in the device list.

Option 2. Access your existing router. Access the DHCP server information of your existing router to see the devices that are connected to it, including the access point/router. The IP address that is assigned to the access point/router is listed.

Option 3. Use an IP scanner. Use an IP scanner application (they are available free of charge on the Internet) in the network of your existing router. The IP scanner results include the IP address that is assigned to the access point/router.

If you made a direct connection to the access point/router, you can now terminate that connection. Connect your computer or mobile device to the same network as the access point/router, and use the discovered IP address to log in to the access point/router.

Change the language

By default, the language of the local browser interface is set as Auto. You can change the language.

To change the language:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

Point/Router in Your Network

User Manual31Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

If the access point/router is not connected to the Internet, you are prompted to sign in with the local login credentials (see Log in to the access point/router when it is not connected to the Internet on page 28).

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

In the upper right corner, select a language from the menu. The page refreshes with the language that you selected.

Change the local login admin password

We recommend that you change the default password that you use for local login to the access point/router to a more secure password. This is the password that you use to log in locally to the access point/router with the user name admin if the access point/router is not connected to the Internet.

The ideal password contains no dictionary words from any language and contains uppercase and lowercase letters, numbers, and symbols. It can be up to 30 characters.

To change the password for the user name admin for local login to the access point/router:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Point/Router in Your Network

User Manual32Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Administration > Set Password. The Set Password page displays.

6. Enter the old password.

7. Enter the new password twice. For information about password recovery, see Set up password recovery for the

local login admin user name on page 33.

Click the Apply button. Your settings are saved.

Set up password recovery for the local login admin user name

If you change the password for the user name admin, we recommend that you enable password recovery. This is the password that you use to log in locally to the access point/router with the user name admin if the access point/router is not connected to the Internet. Then you can recover the password if it is forgotten. This recovery process is supported in Internet Explorer, Firefox, and Chrome browsers, but not in the Safari browser.

To set up password recovery for the local login admin user name:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Point/Router in Your Network

User Manual33Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Administration > Set Password. The Set Password page displays.

Select the Enable Password Recovery check box.

7. Select two security questions and provide answers to them.

Click the Apply button. Your settings are saved.

Connect a wired or WiFi device to the access point/router’s network after installation

After you install the access point/router in your network (see Connect the access point/router to your existing router and log in for the first time on page 17), you can connect a device to the access point/router’s LAN through an Ethernet cable or to the access point/router’s WiFi network over a WiFi connection.

If the device that you are trying to connect is set up to use a static IP address, change the settings of your device so that it uses Dynamic Host Configuration Protocol (DHCP) and can receive an IP address through or from the access point/router.

Note: Connecting to the access point/router’s network is not the same as connecting to the local browser interface to view or manage the access point/router’s settings. For

information about logging in to the access point/router local browser interface, see Log in to the access point/router when it is connected to the Internet on page 26 or Log in to the access point/router when it is not connected to the Internet on page 28.

Connect to the access point/router through an Ethernet cable

You can connect a computer or other LAN device to the access point/router using an Ethernet cable and join the access point/router’s local area network (LAN).

For information about logging in to the access point/router local browser interface, see Log in to the access point/router when it is connected to the Internet on page 26or Log in to the access point/router when it is connected to the Internet on page 26.

User Manual34Install and Access the Access

Point/Router in Your Network

AC2000 802.11ac Wireless Access Point/Router WAC124

To connect a computer or LAN device to the access point/router with an Ethernet cable:

1. Make sure that the access point/router is receiving power and is connected to the Internet (both its Power LED and Internet LED are lit).

2. Connect an Ethernet cable to an Ethernet port on the computer or LAN device.

Connect the other end of the Ethernet cable to one of the LAN ports on the access point/router.

You can use any of the four LAN ports on the access point/router.

Note: You can also connect the computer to a switch or hub that is connected to one of the LAN ports on the access point/router.

Your computer or LAN device connects to the local area network (LAN). A message might display on your computer screen to notify you that an Ethernet cable is connected.

Use Wi-Fi Protected Setup to join the WiFi network of the access point/router

You can use Wi-Fi Protected Setup (WPS) to add a WiFi device such as a WiFi-enabled computer, tablet, or smartphone to the WiFi network of the access point/router.

WPS is a standard for easily adding computers and other devices to a home network while maintaining security. To use WPS (Push 'N' Connect), make sure that all WiFi devices to be connected to the network are Wi-Fi certified and support WPS. During the connection process, the client gets the security settings from the access point/router so that every device in the network supports the same security settings.

To use WPS to connect a device to the WiFi network of the access point/router:

1. Make sure that the access point/router is receiving power (its Power LED is lit) and is connected to the Internet (its Internet LED is lit), and that the WiFi radios are on (its WiFi LED is lit).

Check the WPS instructions for your computer or WiFi device.

Press the WPS button of the access point/router for three seconds.

Within two minutes, press the WPS button on your WiFi device, or follow the WPS instructions that came with the device.

The WPS process automatically sets up the device with the WiFi passphrase and connects the device to the WiFi network of the access point/router.

Point/Router in Your Network

User Manual35Install and Access the Access

AC2000 802.11ac Wireless Access Point/Router WAC124

Manually join the WiFi network of the access point/router

You can manually add a WiFi device such as a WiFi-enabled computer, tablet, or smartphone to the WiFi network of the access point/router.

On the WiFi device that you want to connect to the access point/router, you can use the software application that manages your WiFi connections.

To connect a device manually to the WiFi network of the access point/router:

1. Make sure that the access point/router is receiving power (its Power LED is lit) and is connected to the Internet (its Internet LED is lit), and that the WiFi radios are on (its WiFi LED is lit).

2. On the WiFi device that you want to connect to your access point/router, open the software application that manages your WiFi connections.

This applicaiton scans for all WiFi networks in your area.

Look for the access point/router’s network and select it. The default SSID is NETGEAR-1. (By default, the access point/router’s second and

third WiFi network are disabled.)

Enter the default passphrase for WiFi access. The default passphrase is sharedsecret.

Click the Connect button. The device connects to the WiFi network of the access point/router.

Point/Router in Your Network

User Manual36Install and Access the Access

Specify the Access Point/Router Internet Settings Manually

Usually, the quickest way to set up the Internet connection is to allow the NETGEAR installation assistant to detect the Internet connection when you first set up and access the access point/router with a web browser. After initial setup, you can use the Setup Wizard at any time.

If the access point/router is in access point mode, you can specify the LAN IP settings manually.

If the access point/router is in router mode, you can specify the WAN (Internet) settings manually, including IPv6 settings. For information about changing the LAN settings if the access point/router is in router mode, see Router mode: Manage the LAN IP address settings on page 112.

This chapter contains the following sections:

• Use the Internet Setup Wizard

• Access point mode: Specify a fixed LAN IP address

• Router mode: Manually set up the access point/router Internet connection

• Router mode: Specify an IPv6 Internet connection

AC2000 802.11ac Wireless Access Point/Router WAC124

Use the Internet Setup Wizard

You can use the Setup Wizard to detect your Internet settings and automatically set up your access point/router. Although the functionality is similar, the Setup Wizard is not the same as the NETGEAR installation assistant that runs the first time that you connect to your access point/router to set it up.

The Setup Wizard can function regardless whether the access point/router is in access point mode or in router mode. In access point mode, the Setup Wizard can detect the LAN IP address that is issued by the existing router in the network. In router mode, the Setup Wizard can detect the WAN IP address that is issued by the Internet service provider.

To use the Setup Wizard:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup Wizard. The Setup Wizard page displays.

Select the Yes radio button. If you select the No radio button, you are taken to the WAN Setup page (see Router

mode: Manually set up the access point/router Internet connection on page 40) when you click the Next button.

Click the Next button.

User Manual38Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

The Setup Wizard searches your Internet connection for servers and protocols to determine your Internet configuration. When the access point/router connects to the Internet, you are prompted to change the admin password.

Access point mode: Specify a fixed LAN IP address

If the access point/router is in access point mode, you can specify the LAN IP address for the access point/router. This is the IP address of the access point/router in your existing network. If you specify a static (fixed) IP address, make sure that it is part of the LAN subnet of the existing router that assigns the LAN IP address to the access point/router.

To view the LAN settings or specify a LAN Internet connection that uses a fixed LAN IP address:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IP Settings. The IP Settings page displays.

By default, the Get dynamically from existing router radio button is selected.

Internet Settings Manually

User Manual39Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

To specify a static (fixed) IP address for the access point/router, do the following: a.

Select the Use fixed IP Address (not recommended) radio button. The fields become available.

b. Enter the static IP address, IP subnet mask, and gateway IP address.

These IP addresses must be in the LAN subnet of your existing router.

Enter the IP address of your network’s primary DNS server. If a secondary DNS server address is available, enter it also.

Click the Apply button. Your settings are saved. The access point/router restarts with the new IP address.

To log back in to the access point/router, use the new IP address.

Router mode: Manually set up the access point/router Internet connection

If the access point/router is in router mode, you can view or change the access point/router’s Internet connection settings.

Note: The information in this section and subsections does not apply if the access point/router is in access point mode.

Router mode: Specify a dynamic or fixed WAN IP address Internet connection without a login

To specify or view the settings for a WAN Internet connection that uses a dynamic or fixed IP address and that does not require a login:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

User Manual40Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select BASIC > Internet. The Internet Setup page displays.

Select the No radio button. This is the default setting.

If your Internet connection requires an account name (sometimes referred to as a host name), enter it in the Account Name field.

The account name is the same as the device name, which, by default, is WAC124.

If your Internet connection requires a domain name, enter it in the Domain Name field.

For the other sections on this page, the default settings usually work, but you can change them.

9. Select an Internet IP Address radio button:

• Get Dynamically. Your ISP uses DHCP to automatically assign an IP address and

related settings to the access point/router.

• Use Static IP Address. Enter the static IP address, IP subnet mask, and gateway

IP address that your ISP assigned to the access point/router. The gateway is the ISP router to which the access point/router connects.

10. Select a Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign DNS servers to the

access point/router.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

11. Select a Router MAC Address radio button:

• Use Default Address. Use the default access point/router MAC address that

displays on the Dashboard page and the access point/router label.

• Use Computer MAC Address. The access point/router captures and uses the

MAC address of the computer that you are now using to change the settings. Sometimes an ISP allows the MAC address of a particular computer only.

User Manual41Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

• Use This MAC Address. Enter a MAC address that must be used. Sometimes an

ISP allows the MAC address of a particular computer only.

12.

Click the Apply button. Your settings are saved.

13.

Click the Test button to test your Internet connection. If the NETGEAR website does not display within one minute, see one of the following

sections:

Router mode: You cannot access the Internet on page 248

•

Troubleshoot Internet browsing on page 251

•

Router mode: Specify a PPPoE Internet connection that uses a login

To specify or view the settings for an ISP Internet connection that uses PPPoE and that requires a login:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select BASIC > Internet. The Internet Setup page displays.

Select the Yes radio button.

Internet Settings Manually

User Manual42Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

The settings on the page change.

From the Internet Service Provider menu, select PPPoE as the encapsulation method.

In the Login field, enter the login name that your ISP gave you. This login name is often an email address.

In the Password field, enter the password that you use to log in to your Internet service.

10.

If your ISP requires a service name, type it in the Service Name field.

11.

From the Connection Mode menu, select Always On, Dial on Demand, or Manually Connect.

12.

If you select Dial on Demand from the Connection Mode menu, in the Idle Timeout field, enter the number of minutes until the Internet login times out

This is how long the access point/router keeps the Internet connection active when no one on the network is using the Internet connection. A value of 0 (zero) means never log out. The default is 5 minutes.

13. Select an Internet IP Address radio button:

• Get Dynamically. Your ISP uses DHCP to automatically assign an IP address and

related settings to the access point/router.

• Use Static IP Address. Enter the static IP address, IP subnet mask, and gateway

IP address that your ISP assigned to the access point/router. The gateway is the ISP router to which the access point/router connects.

14. Select a Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign DNS servers to the

access point/router.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

15. Select a Router MAC Address radio button:

• Use Default Address. Use the default access point/router MAC address that

displays on the Dashboard page and the access point/router label.

• Use Computer MAC Address. The access point/router captures and uses the

MAC address of the computer that you are now using to change the settings. Sometimes an ISP allows the MAC address of a particular computer only.

• Use This MAC Address. Enter a MAC address that must be used. Sometimes an

ISP allows the MAC address of a particular computer only.

Internet Settings Manually

User Manual43Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

16.

Click the Apply button. Your settings are saved.

17.

Click the Test button to test your Internet connection. If the NETGEAR website does not display within one minute, see one of the following

sections:

Router mode: You cannot access the Internet on page 248

•

Troubleshoot Internet browsing on page 251

•

Router mode: Specify a PPTP or L2TP Internet connection that uses a login

To specify or view the settings for an ISP Internet connection that uses PPTP or L2TP and that requires a login:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select BASIC > Internet. The Internet Setup page displays.

Select the Yes radio button. The settings on the page change.

Internet Settings Manually

User Manual44Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

From the Internet Service Provider menu, select PPTP or L2TP as the encapsulation method.

In the Login field, enter the login name that your ISP gave you. This login name is often an email address.

In the Password field, enter the password that you use to log in to your Internet service.

10.

If your ISP requires a service name, type it in the Service Name field.

11.

From the Connection Mode menu, select Always On, Dial on Demand, or Manually Connect.

12.

If you select Dial on Demand from the Connection Mode menu, in the Idle Timeout field, enter the number of minutes until the Internet login times out

This is how long the router keeps the Internet connection active when no one on the network is using the Internet connection. A value of 0 (zero) means never log out. The default is 5 minutes.

13.

If your ISP gave you fixed IP addresses and a connection ID or name, enter them in the My IP Address, Subnet Mask, Server Address, Gateway IP Address, and Connection ID/Name fields.

If your ISP did not give you an IP addresses, a connection ID, or name, leave these fields blank. The connection ID or name applies to a PPTP service only.

14. Select a Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign DNS servers to the

access point/router.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

15. Select a Router MAC Address radio button:

• Use Default Address. Use the default access point/router MAC address that

displays on the Dashboard page and the access point/router label.

• Use Computer MAC Address. The access point/router captures and uses the

MAC address of the computer that you are now using to change the settings. Sometimes an ISP allows the MAC address of a particular computer only.

• Use This MAC Address. Enter a MAC address that must be used. Sometimes an

ISP allows the MAC address of a particular computer only.

16.

Click the Apply button. Your settings are saved.

Internet Settings Manually

User Manual45Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

17.

Click the Test button to test your Internet connection. If the NETGEAR website does not display within one minute, see one of the following

sections:

Router mode: You cannot access the Internet on page 248

•

Troubleshoot Internet browsing on page 251

•

Router mode: Specify an IPv6 Internet connection

If the access point/router is in router mode, you can set up an IPv6 Internet connection if the router does not detect it automatically.

Note: The information in this section and subsections does not apply if the access point/router is in access point mode.

To set up an IPv6 Internet connection:

1. Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29. The Sign-In page displays. You are prompted to sign in with your NETGEAR account. If the access point/router is not connected to the Internet, you are prompted to sign in with the local login credentials (see Log in to the access point/router when it is not connected to the Internet on page 28).

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select the IPv6 connection type:

If your Internet service provider (ISP) did not provide details, select 6to4 Tunnel.

•

Internet Settings Manually

User Manual46Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

If you are not sure, select Auto Detect so that the access point/router detects

•

the IPv6 type that is in use.

If your Internet connection does not use PPPoE or DHCP, or is not fixed, but is

•

IPv6, select Auto Config.

Your ISP can provide this information. For more information about IPv6 Internet connection, see the following sections:

Router mode: Use Auto Detect for an IPv6 Internet connection on page 47

•

Router mode: Use Auto Detect for an IPv6 Internet connection on page 47

•

Router mode: Set up an IPv6 6to4 tunnel Internet connection on page 51

•

Router mode: Set up an IPv6 6rd Internet connection on page 52

•

Router mode: Set up an IPv6 passthrough Internet connection on page 54

•

Router mode: Set up an IPv6 fixed Internet connection on page 55

•

Router mode: Set up an IPv6 DHCP Internet connection on page 57

•

Router mode: Set up an IPv6 PPPoE Internet connection on page 58

•

Click the Apply button. Your settings are saved.

Router mode: Requirements for entering IPv6 addresses

IPv6 addresses are denoted by eight groups of hexadecimal quartets that are separated by colons. You can reduce any four-digit group of zeros within an IPv6 address to a single zero or omit it. The following errors invalidate an IPv6 address:

More than eight groups of hexadecimal quartets

•

More than four hexadecimal characters in a quartet

•

More than two colons in a row

•

Router mode: Use Auto Detect for an IPv6 Internet connection

To set up an IPv6 Internet connection through autodetection:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field.

Internet Settings Manually

User Manual47Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

If you are not connected to the access point/router network but to the same network as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select Auto Detect. The page adjusts. The access point/router automatically detects the information in

the following fields:

Connection Type. This field indicates the connection type that is detected.

•

Router’s IPv6 Address on WAN. This field shows the IPv6 address that is acquired

•

for the access point/router’s WAN (or Internet) interface. The number after the slash (/) is the length of the prefix, which is also indicated by the underline (_) under the IPv6 address. If no address is acquired, the field displays Not Available.

Router’s IPv6 Address on LAN. This field shows the IPv6 address that is acquired

•

for the access point/router’s LAN interface. The number after the slash (/) is the length of the prefix, which is also indicated by the underline (_) under the IPv6 address. If no address is acquired, the field displays Not Available.

7. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCPv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

Internet Settings Manually

User Manual48Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

(Optional) In the LAN Setup section, select the Use This Interface ID check box and specify the interface ID to be used for the IPv6 address of the access point/router’s LAN interface.

If you do not specify an ID here, the access point/router generates one automatically from its MAC address.

Click the Apply button. Your settings are saved.

Router mode: Use Auto Config for an IPv6 Internet connection

To set up an IPv6 Internet connection through autoconfiguration:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select Auto Config. The page adjusts. The access point/router automatically detects the information in

the following fields:

Router’s IPv6 Address on WAN. This field shows the IPv6 address that is acquired

•

for the access point/router’s WAN (or Internet) interface. The number after the

User Manual49Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

slash (/) is the length of the prefix, which is also indicated by the underline (_) under the IPv6 address. If no address is acquired, the field displays Not Available.

Router’s IPv6 Address on LAN. This field shows the IPv6 address that is acquired

•

(Optional) In the DHCP User Class (If Required) field, enter a host name. Most people can leave this field blank, but if your ISP gave you a specific host name,

enter it here.

(Optional) In the DHCP Domain Name (If Required) field, enter a domain name. You can type the domain name of your IPv6 ISP. Do not enter the domain name for

the IPv4 ISP here. For example, if your ISP’s mail server is mail.xxx.yyy.zzz, type xxx.yyy.zzz as the domain name. If your ISP provided a domain name, type it in this field. For example, Earthlink Cable might require a host name of home, and Comcast sometimes supplies a domain name.

9. Select an IPv6 Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers.

Your ISP automatically assigns these addresses.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IPv6 address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

10. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCPv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

11.

(Optional) In the LAN Setup section, select the Use This Interface ID check box and specify the interface ID to be used for the IPv6 address of the access point/router’s LAN interface.

If you do not specify an ID here, the access point/router generates one automatically from its MAC address.

12.

Click the Apply button. Your settings are saved.

Internet Settings Manually

User Manual50Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Set up an IPv6 6to4 tunnel Internet connection

The remote relay router is the router to which your router creates a 6to4 tunnel. Make sure that the IPv4 Internet connection is working before you apply the 6to4 tunnel settings for the IPv6 connection.

To set up an IPv6 Internet connection by using a 6to4 tunnel:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select 6to4 Tunnel. The page adjusts. The access point/router automatically detects the information in

the Router’s IPv6 Address on LAN field. This field shows the IPv6 address that is acquired for the access point/router’s LAN interface. The number after the slash (/) is the length of the prefix, which is also indicated by the underline (_) under the IPv6 address. If no address is acquired, the field displays Not Available.

7. Select a Remote 6to4 Relay Router radio button:

• Auto. Your access point/router uses any remote relay router that is available on

the Internet. This is the default setting.

• Static IP Address. Enter the static IPv4 address of the remote relay router. Your

IPv6 ISP usually provides this address.

User Manual51Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

8. Select an IPv6 Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers.

Your ISP automatically assigns these addresses.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

9. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCPv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

10.

(Optional) In the LAN Setup section, select the Use This Interface ID check box and specify the interface ID to be used for the IPv6 address of the access point/router’s LAN interface.

If you do not specify an ID here, the access point/router generates one automatically from its MAC address.

11.

Click the Apply button. Your settings are saved.

Router mode: Set up an IPv6 6rd Internet connection

The 6rd protocol makes it possible to deploy IPv6 to sites using a service provider’s IPv4 network. 6rd (also referred to as IPv6 rapid deployment) uses the service provider’s own IPv6 address prefix. This limits the operational domain of 6rd to the service provider’s network and is under direct control of the service provider. The IPv6 service provided is equivalent to native IPv6. The 6rd mechanism relies on an algorithmic mapping between the IPv6 and IPv4 addresses that are assigned for use within the service provider’s network. This mapping allows for automatic determination of IPv4 tunnel endpoints from IPv6 prefixes, allowing stateless operation of 6rd.

With a 6rd tunnel configuration, the access point/router follows the RFC5969 standard, supporting two ways to establish a 6rd tunnel IPv6 WAN connection:

•

Auto Detect mode. In IPv6 Auto Detect mode, when the access point/router receives option 212 from the DHCPv4 option, autodetect selects the IPv6 as 6rd tunnel setting

(see Router mode: Use Auto Detect for an IPv6 Internet connection on page 47).

Internet Settings Manually

User Manual52Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

The access point/router uses the 6rd option information to establish the 6rd connection.

Manual mode. Select 6rd Tunnel. If the access point/router receives option 212,

• the fields are automatically completed. Otherwise, you must enter the 6rd settings.

To set up an IPv6 6rd Internet connection:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select 6rd Tunnel. The page adjusts. The access point/router automatically detects the information in

the following sections:

• 6rd (IPv6 Rapid Development) Configuration. The access point/router detects

the service provider’s IPv4 network and attempts to establish an IPv6 6rd tunnel connection. If the IPv4 network returns 6rd parameters to the access point/router, the page adjusts to display the correct settings in this section.

Note: If the access point/router does not automatically receive the 6rd parameters, you might need to enter them manually.

• Router’s IPv6 Address on LAN. This field shows the IPv6 address that is acquired

for the access point/router’s LAN interface. The number after the slash (/) is the

User Manual53Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

length of the prefix, which is also indicated by the underline (_) under the IPv6 address. If no address is acquired, the field displays Not Available.

7. Select an IPv6 Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers.

Your ISP automatically assigns these addresses.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

8. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCPv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

(Optional) In the LAN Setup section, select the Use This Interface ID check box and specify the interface ID to be used for the IPv6 address of the access point/router’s LAN interface.

If you do not specify an ID here, the access point/router generates one automatically from its MAC address.

10.

Click the Apply button. Your settings are saved.

Router mode: Set up an IPv6 passthrough Internet connection

In pass-through mode, the router works as a Layer 2 Ethernet switch with two ports (LAN and WAN Ethernet ports) for IPv6 packets. The access point/router does not process any IPv6 header packets.

To set up a pass-through IPv6 Internet connection:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

User Manual54Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select Pass Through. The page adjusts, but no additional fields display.

Click the Apply button. Your settings are saved.

Router mode: Set up an IPv6 fixed Internet connection

To set up a fixed IPv6 Internet connection:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Internet Settings Manually

User Manual55Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select Fixed. The page adjusts.

In the WAN Setup section, specify the fixed IPv6 addresses for the WAN connection:

IPv6 Address/Prefix Length. The IPv6 address and prefix length of the access

•

point/router’s WAN interface.

Default IPv6 Gateway. The IPv6 address of the default IPv6 gateway for the

•

access point/router’s WAN interface.

Primary DNS Server. The primary DNS server that resolves IPv6 domain name

•

records for the access point/router.

Secondary DNS Server. The secondary DNS server that resolves IPv6 domain

•

name records for the access point/router.

Note: If you do not specify the DNS servers, the access point/router uses the DNS servers that are configured for the IPv4 Internet connection on the WAN Setup page. (See Router mode: Manually set up the access point/router Internet connection on page 40.)

8. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCPv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

In the LAN Setup section, in the IPv6 Address/Prefix Length fields, specify the static IPv6 address and prefix length of the access point/router’s LAN interface.

10.

Click the Apply button. Your settings are saved.

Internet Settings Manually

User Manual56Specify the Access Point/Router

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Set up an IPv6 DHCP Internet connection

To set up an IPv6 Internet connection with a DHCP server:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select DHCP. The page adjusts. The access point/router automatically detects the information in

the following fields:

Router’s IPv6 Address on WAN. This field shows the IPv6 address that is acquired

•

Router’s IPv6 Address on LAN. This field shows the IPv6 address that is acquired

•

(Optional) In the DHCP User Class (If Required) field, enter a host name. Most people can leave this field blank, but if your ISP gave you a specific host name,

enter it here.

(Optional) In the DHCP Domain Name (If Required) field, enter a domain name.

User Manual57Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

You can type the domain name of your IPv6 ISP. Do not enter the domain name for the IPv4 ISP here. For example, if your ISP’s mail server is mail.xxx.yyy.zzz, type xxx.yyy.zzz as the domain name. If your ISP provided a domain name, type it in this field. For example, Earthlink Cable might require a host name of home, and Comcast sometimes supplies a domain name.

9. Select an IPv6 Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers.

Your ISP automatically assigns these addresses.

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

10. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCPv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

11.

(Optional) In the LAN Setup section, select the Use This Interface ID check box and specify the interface ID to be used for the IPv6 address of the access point/router’s LAN interface.

If you do not specify an ID here, the access point/router generates one automatically from its MAC address.

12.

Click the Apply button. Your settings are saved.

Router mode: Set up an IPv6 PPPoE Internet connection

To set up a PPPoE IPv6 Internet connection:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

User Manual58Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > IPv6. The IPv6 page displays.

From the Internet Connection Type menu, select PPPoE. The page adjusts. The access point/router automatically detects the information in

the following fields:

Router’s IPv6 Address on WAN. This field shows the IPv6 address that is acquired

•

Router’s IPv6 Address on LAN. This field shows the IPv6 address that is acquired

•

Specify the PPPoE settings for IPv6:

•

Password. Enter the password for the ISP connection.

•

Service Name (If Required). Enter a service name. If your ISP did not provide a

•

service name, leave this field blank.

Note: The default setting of the Connection Mode menu is Always On to provide a steady IPv6 connection. The access point/router never terminates the connection. If the connection is terminated, for example, when the modem is turned off, the access point/router attempts to reestablish the connection immediately after the PPPoE connection becomes available again.

8. Select an IPv6 Domain Name Server (DNS) Address radio button:

• Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers.

Your ISP automatically assigns these addresses.

User Manual59Specify the Access Point/Router

Internet Settings Manually

AC2000 802.11ac Wireless Access Point/Router WAC124

• Use These DNS Servers. If you know that your ISP requires specific servers, select

this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also.

9. In the LAN Setup section, select an IP Address Assignment radio button:

• Use DHCP Server. This method passes more information to LAN devices but

some IPv6 systems might not support the DHCv6 client function.

• Auto Config. This is the default setting.

This setting specifies how the access point/router assigns IPv6 addresses to the devices on your home network (the LAN).

10.

(Optional) In the LAN Setup section, select the Use This Interface ID check box and specify the interface ID to be used for the IPv6 address of the access point/router’s LAN interface.

If you do not specify an ID here, the access point/router generates one automatically from its MAC address.

11.

Click the Apply button. Your settings are saved.

Internet Settings Manually

User Manual60Specify the Access Point/Router

Manage the Basic WiFi and Radio Features

This chapter describes how you can manage the basic WiFi and radio settings of the access point/router. For information about the advanced WiFi and radio settings, see Manage the Advanced WiFi and Radio Features on page 209.

Tip: If you want to change the settings of the access point/router’s WiFi network, use a wired connection to avoid being disconnected when the new WiFi settings take effect.

The chapter includes the following sections:

• Set up or change an open or secure WiFi network

• Configure WPA and WPA2 Enterprise WiFi security

• Disable or enable a WiFi network

• Hide or broadcast the SSID for a WiFi network

• Enable or disable the WiFi radios

• Use WPS to add a device to the WiFi network

AC2000 802.11ac Wireless Access Point/Router WAC124

Set up or change an open or secure WiFi network

The access point/router provides three WiFi networks (Wireless 1, Wireless 2, and Wireless 3). By default, the Wireless 1 network is enabled (the other two WiFi networks are disabled), its default SSID is NETGEAR-1, and its default security is WPA2-PSK with

the passphrase sharedsecret.

You can view or change the WiFi settings and WiFi security for the Wireless 1 network, and you can enable and set up the Wireless 2 and Wireless 3 networks.

For each WiFi network, the access point/router simultaneously supports the 2.4 GHz band for 802.11b/g/n devices and the 5 GHz band for 802.11a/n/ac devices. For the

2.4 GHz band, the default WiFi throughput mode is 300 Mbps. For the 5 GHz band, it

is 1733 Mbps. You can change (lower) the WiFi throughput mode (see Change the WiFi throughput mode for a radio band on page 212).

To set up or change an open or secure WiFi network:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select BASIC > Wireless. The Wireless Network page displays.

From the Region menu, select the region in which the access point/router operates. For some countries, you cannot change the region because it is preset.

User Manual62Manage the Basic WiFi and

Radio Features

AC2000 802.11ac Wireless Access Point/Router WAC124

Note: Make sure the country is set to the location where the device is operating.

You are responsible for complying within the local, regional, and national regulations set for channels, power levels, and frequency ranges.

Note: It might not be legal to operate the access point/router in a region other than the regions listed in the menu. If your country or region is not listed, check with your local government agency.

Select the WiFi network (Wireless 1, Wireless 2, or Wireless 3).

View, enable, or change the basic WiFi settings and security settings for the selected WiFi network.

The following table describes the fields for the WiFi network.

DescriptionSetting

VAP

Band

Name (SSID)

Select the Enable radio button to enable the WiFi network, also referred to as a virtual

access point (VAP) or the Disable radio button to disable the WiFi network. By default, the

Wireless 1 network is enabled and the other two WiFi networks are disabled.

Select a radio button for a single band (2.4 GHz or 5 GHz) or keep the default selection,

which is the Both radio button, to enable the WiFi network to broadcast on both radio

bands.

The SSID (service set identifier) is the WiFi network name. If you do not change the SSID,

the default SSID (NETGEAR-1, NETGEAR-2, or NETGEAR-3) displays. The default SSID is

also printed on the access point/router label (see Access point/router label on page 14).

Note: If you change the SSID, enter a 32-character (maximum), case-sensitive name in this

field.

Radio Features

User Manual63Manage the Basic WiFi and

(Continued)

AC2000 802.11ac Wireless Access Point/Router WAC124

DescriptionSetting

Enable SSID

Broadcast

Security Options

By default, the access point/router broadcasts its SSID so that WiFi clients can detect the

WiFi name (SSID) in their scanned network lists. To turn off the SSID broadcast, clear the

Enable SSID Broadcast check box. Turning off the SSID broadcast provides additional

WiFi security, but users must know the SSID to be able to join the WiFi network of the access

point/router.

If you change the WiFi security, select one of the following WiFi security options for the

access point/router’s WiFi network:

None. An open WiFi network does not provide any security. Any WiFi device can join

• the network. We recommend that you do not use an open WiFi network but configure

WiFi security.

WPA2-PSK [AES]. For the Wireless 1 network, this option is the default setting and the

• default WiFi passphrase (sharedsecret) is printed on the access point/router label (see

Access point/router label on page 14). For the Wireless 2 and Wireless 3 networks, if

you do not change the passphrase, the default passphrase (sharedseceret) displays.

This type of security enables WiFi devices that support WPA2 to join the access

point/router’s WiFi network. WPA2 provides a secure connection but some older WiFi

devices do not detect WPA2 and support only WPA. If your network includes such older

devices, select WPA-PSK [TKIP] + WPA2-PSK [AES] security.

If you change the passphrase, in the Passphrase field, enter a phrase of 8 to 63 characters.

To join the access point/router’s WiFi network, a user must enter this passphrase.

WPA-PSK [TKIP] + WPA2-PSK [AES]. This type of security enables WiFi devices that

• support either WPA or WPA2 to join the access point/router’s WiFi network. However,

WPA-PSK [TKIP] is less secure than WPA2-PSK [AES] and limits the speed of WiFi devices

to 54 Mbps.

To use this type of security, in the Passphrase field, enter a phrase of 8 to 63 characters.

To join the access point/router’s WiFi network, a user must enter this passphrase.

WPA/WPA2 Enterprise. This type of security requires that your WiFi network can access

• a RADIUS server. For information about configuring WPA/WPA2 Enterprise, see Configure

WPA and WPA2 Enterprise WiFi security on page 65.

Click the Apply button. Your settings are saved.

If you connected over WiFi to the network and you changed the SSID, you are disconnected from the network.

10. Make sure that you can reconnect over WiFi to the network with its new settings. If you cannot connect over WiFi, check the following:

Radio Features

User Manual64Manage the Basic WiFi and

AC2000 802.11ac Wireless Access Point/Router WAC124

If your WiFi-enabled computer or mobile device is connected to another WiFi

•

network in your area, disconnect it from that WiFi network and connect it to the WiFi network that the access point/router provides. Some WiFi devices automatically connect to the first open network without WiFi security that they discover.

If your WiFi-enabled computer or mobile device is trying to connect to your

•

network with its old settings (before you changed the settings), update the WiFi network selection in your WiFi-enabled computer or mobile device to match the current settings for your network.

Does your WiFi device display as an attached device? (See View devices currently

•

on the access point/router network on page 153.) If it does, it is connected to the network.

Are you using the correct network name (SSID) and password?

•

Configure WPA and WPA2 Enterprise WiFi security

Remote Authentication Dial In User Service (RADIUS) is an enterprise-level method for centralized Authentication, Authorization, and Accounting (AAA) management. To enable the access point/router to provide WPA and WPA2 enterprise WiFi security, the WiFi network that the access point/router provides must be able to access a RADIUS server.

To configure WPA and WPA2 enterprise security:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button.

Radio Features

User Manual65Manage the Basic WiFi and

AC2000 802.11ac Wireless Access Point/Router WAC124

The BASIC Home page displays.

Select BASIC > Wireless. The Wireless Network page displays.

Select the WiFi network (Wireless 1, Wireless 2, or Wireless 3).

In the Security Options section, select the WPA/WPA2 Enterprise radio button. The WPA and WPA2 enterprise settings display.

In the WPA/WPA2 Enterprise section, enter the settings as described in the following table.

DescriptionField

Encryption mode

Group Key Update Interval

RADIUS Server IP Address

RADIUS Server Port

Shared Key

From the Encryption Mode menu, select the enterprise mode:

WPA [TKIP] +WPA2 [AES]. This type of security enables WiFi devices

• that support either WPA or WPA2 to join the access point/router’s WiFi

network. This is the default mode.

WPA2 [AES]. WPA2 provides a secure connection but some older WiFi

• devices do not detect WPA2 and support only WPA. If your network

includes such older devices, select WPA [TKIP] + WPA2 [AES] security.

Enter the interval in seconds after which the RADIUS group key is updated.

The default interval is 3600 seconds.

Enter the IPv4 address of the RADIUS server to which the WiFi network can

connect.

Enter the number of the port on the access point/router that is used to

access the RADIUS server for authentication. The default port number is

1812.

Enter the shared key (RADIUS password) that is used between the access

point/router and the RADIUS server during authentication of a WiFi client.

Click the Apply button. Your settings are saved.

10. Make sure that you can reconnect over WiFi to the network with its new security settings.

If you cannot connect over WiFi, check the following:

If your WiFi-enabled computer or mobile device is connected to another WiFi

•

network in your area, disconnect it from that WiFi network and connect it to the

User Manual66Manage the Basic WiFi and

Radio Features

AC2000 802.11ac Wireless Access Point/Router WAC124

WiFi network that the access point/router provides. Some WiFi devices automatically connect to the first open network without WiFi security that they discover.

If your WiFi-enabled computer or mobile device is trying to connect to your

•

network with its old settings (before you changed the settings), update the WiFi network selection in your WiFi-enabled computer or mobile device to match the current settings for your network.

Does your WiFi device display as an attached device? (See View devices currently

•

on the access point/router network on page 153.) If it does, it is connected to the network.

Are you using the correct network name (SSID) and password?

•

Disable or enable a WiFi network

You can temporarily disable a WiFi network (that is, an SSID or VAP) and you can reenable the WiFi network.

Note: For information about setting up a WiFi schedule that temporarily turns off a radio band (and, therefore, all WiFi networks that are active on that band), see Add a

WiFi schedule for a radio on page 210. For information about turning off the radios entirely (and, therefore, all WiFi networks), see Enable or disable the WiFi radios on page 69.

To disable or enable a WiFi network:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button.

Radio Features

User Manual67Manage the Basic WiFi and

AC2000 802.11ac Wireless Access Point/Router WAC124

The BASIC Home page displays.

Select BASIC > Wireless. The Wireless Network page displays.

Select the WiFi network (Wireless 1, Wireless 2, or Wireless 3).

Select one of following VAP radio buttons:

Enable. Enables the WiFi network.

•

By default, the Wireless 2 and Wireless 3 networks are disabled, but you can enable them.

Disable. Disables the WiFi network. By default, the Wireless 1 network is enabled,

•

but you can disable it.

Click the Apply button. Your settings are saved.

Hide or broadcast the SSID for a WiFi network

By default, a WiFi network (SSID or VAP) broadcasts its network name (also referred to as the SSID) so that WiFi clients can detect the SSID in their scanned network lists. For additional security, you can turn off the SSID broadcast and hide the SSID so that users must know the SSID to be able to join the WiFi network.

To hide or broadcast the network name for a WiFi network:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button.

Radio Features

User Manual68Manage the Basic WiFi and

AC2000 802.11ac Wireless Access Point/Router WAC124

The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select BASIC > Wireless. The Wireless Network page displays.

Select the WiFi network (Wireless 1, Wireless 2, or Wireless 3).

Select or clear the Enable SSID Broadcast check box. When you select the check box, the WiFi network broadcasts the SSID.

When you clear the check box, the WiFi network hides the SSID.

Click the Apply button. Your settings are saved.

Enable or disable the WiFi radios

The access point/router provides internal WiFi radios that broadcast signals in the 2.4 GHz and 5 GHz bands. By default, they are on so that you can connect over WiFi to the access point/router. When both WiFi radios are off, you can still use an Ethernet cable for a LAN connection to the access point/router.

You can also turn the WiFi radios one and off based on a schedule. (See Add a WiFi schedule for a radio on page 210.)

To enable or disable one or both WiFi radios:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button.

User Manual69Manage the Basic WiFi and

Radio Features

AC2000 802.11ac Wireless Access Point/Router WAC124

The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Advanced Setup > Advanced Wireless Settings. The Advanced Wireless Settings page displays.

Do one of the following in the 2.4 GHz b/g/n wireless radio settings section, 5 GHz a/n/ac wireless radio settings section, or both sections:

• Turn off the radio. Clear the Enable Wireless Router Radio check box.

The WiFi LED turns off.

• Turn on the radio. Select the Enable Wireless Router Radio check box.

The WiFi LED lights solid green.

Click the Apply button. Your settings are saved.

Use WPS to add a device to the WiFi network

WPS (Wi-Fi Protected Setup) lets you connect a computer or mobile device to the access point/router’s network without entering the WiFi network passphrase or key. Instead,

you use a WPS button or enter a PIN to connect.

If you use the push button method, the computer or device that you are trying to connect must provide either a physical button or a software button. If you use the PIN method, you must know the PIN of the computer or device that you are trying to connect.

WPS supports WPA and WPA2 WiFi security. If your WiFi network is open (no WiFi security is set, which is not the default setting), connecting with WPS automatically sets WPA + WPA2 WiFi security on the WiFi network and generates a random passphrase. You can view this passphrase (see Set up or change an open or secure WiFi network on page 62).

Use WPS with the push button method

For you to use the push button method to connect a WiFi device to the access point/router’s WiFi network, the WiFi device that you are trying to connect must provide either a physical button or a software button. You can use the physical button and

Radio Features

User Manual70Manage the Basic WiFi and

AC2000 802.11ac Wireless Access Point/Router WAC124

software button to let a WiFi device join only the main WiFi network, not the guest WiFi network.

To let a WiFi device join the access point/router’s main WiFi network using WPS with the push button method:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > WPS Wizard. The Add WPS Client page displays and shows a description of the WPS method.

Click the Next button. By default, the Push Button (recommended) radio button is selected.

Either click the button onscreen or press the WPS button on the rear panel of the access point/router.

For two minutes, the access point/router attempts to find the WiFi device (that is, the client) that you want to join the access point/router’s main WiFi network.

During this time, the WiFi LED on the top panel of the access point/router blinks slowly.

Within two minutes, go to the WiFi device and press its WPS button to join the access point/router’s main WiFi network without entering a password.

After the access point/router establishes a WPS connection, the WiFi LED lights and the Add WPS Client page displays a confirmation message.

User Manual71Manage the Basic WiFi and

Radio Features

AC2000 802.11ac Wireless Access Point/Router WAC124

To verify that the WiFi device is connected to the access point/router’s WiFi network, select BASIC > Attached Devices.

The WiFi device displays onscreen.

Use WPS with the PIN method

To use the PIN method to connect a WiFi device to the access point/router’s WiFi network, you must know the PIN of the WiFi device that you are trying to connect.

To let a WiFi device join the access point/router’s WiFi network using WPS with the PIN method:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > WPS Wizard. The Add WPS Client page displays and shows a description of the WPS method.

Click the Next button. The Add WPS Client page adjusts.

The Push Button (recommended) radio button is selected by default.

Select the PIN Number radio button.

In the Enter Clients' PIN field, enter the PIN number of the WiFi device.

Click the Next button.

Radio Features

User Manual72Manage the Basic WiFi and

AC2000 802.11ac Wireless Access Point/Router WAC124

For four minutes, the access point/router attempts to find the WiFi device (that is, the client) that you want to join the access point/router’s main WiFi network.

During this time, the WiFi LED on the top panel of the access point/router blinks.

10.

Within four minutes, go to the WiFi device and use its WPS software to join the network without entering a password.

After the access point/router establishes a WPS connection, the WiFi LED lights and the Add WPS Client page displays a confirmation message.

11.

To verify that the WiFi device is connected to the access point/router’s WiFi network, select BASIC > Attached Devices.

The WiFi device displays on the page.

Radio Features

User Manual73Manage the Basic WiFi and

Manage the Firewall and Security

The access point/router comes with a built-in firewall that helps to protect your network from unwanted intrusions from the Internet and lets you control access to the Internet.

This chapter includes the following sections:

• Router mode: Manage the basic firewall settings

• Allow or block device access to your network

• Router mode: Specify keywords and domains to block Internet sites

• Router mode: Block specific services and applications from the Internet

• Router mode: Set up a schedule for blocking

• Set up security event email notifications

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Manage the basic firewall settings

If the access point/router is in router mode, the basic firewall settings let you manage port scan protection and denial of service (DoS) protection, specify whether the access point/router can respond to a ping from the WAN port, set up a DMZ server, and manage IGMP proxying, NAT filtering, and the application-level gateway (ALG) for the Session Initiation Protocol (SIP).

For information about the MTU size, which is another basic firewall setting, see Router mode: Change the MTU size on page 128.

Note: The information in this section and subsections does not apply if the access point/router is in access point mode.

Router mode: Manage port scan protection and denial of service protection

Port scan protection and denial of service (DoS) protection can protect your LAN against attacks such as Syn flood, Smurf Attack, Ping of Death, and many others. By default, DoS protection is enabled and a port scan is rejected.

You can also enable the access point/router to respond to a ping to its WAN (Internet) port. This feature allows your access point/router to be discovered. Enable this feature only as a diagnostic tool or if a specific reason exists.

To change the default WAN security settings:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

User Manual75Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup > WAN Setup. The WAN Setup page displays.

To enable a port scan and disable DoS protection, select the Disable Port Scan and DoS Protection check box.

7. To enable the access point/router to respond to a ping on its WAN port, select the Respond to Ping on Internet Port check box.

Click the Apply button. Your settings are saved.

Router mode: Set up a default DMZ server

A default DMZ server is helpful when you are using some Internet services and videoconferencing applications that are incompatible with Network Address Translation (NAT). The access point/router is programmed to recognize some of these applications and to work correctly with them, but other applications might not function well. In some cases, one local computer can run the application correctly if the IP address for that computer is entered as the default DMZ server.

Warning: DMZ servers pose a security risk. A computer designated as the default DMZ

server loses much of the protection of the firewall and is exposed to exploits from the Internet. If compromised, the DMZ server computer can be used to attack other computers on your network.

The access point/router usually detects and discards incoming traffic from the Internet that is not a response to one of your local computers or a service or application for which you set up a port forwarding or port triggering rule (see Router Mode: Manage Port Forwarding and Port Triggering on page 224). Instead of discarding this traffic, you can direct the access point/router to forward the traffic to one computer on your network. This computer is called the default DMZ server.

To set up a default DMZ server:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access

User Manual76Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup > WAN Setup. The WAN Setup page displays.

Select the Default DMZ Server check box.

Enter the LAN IP address of the computer that must function as the DMZ server.

Click the Apply button. Your settings are saved.

Router mode: Manage IGMP proxying

IGMP proxying allows a computer or mobile device on the access point/router network to receive multicast traffic from the Internet. If you do not need this feature, leave it disabled, which is the default setting.

To enable IGMP proxying:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

User Manual77Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup > WAN Setup. The WAN Setup page displays.

Clear the Disable IGMP Proxying check box. By default, this check box is selected and IGMP proxying is disabled.

Click the Apply button. Your settings are saved.

Router mode: Manage NAT filtering

Network Address Translation (NAT) determines how the access point/router processes inbound traffic. Secured NAT protects computers on the LAN from attacks from the Internet but might prevent some Internet services, point-to-point applications, or multimedia applications from working. Open NAT provides a much less secured firewall but allows almost all Internet applications to work. Secured NAT is the default setting.

To change the default NAT filtering settings:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Security

User Manual78Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

Select ADVANCED > Setup > WAN Setup. The WAN Setup page displays.

6. Select a NAT Filtering radio button:

• Secured. Provides a secured firewall to protect the computers on the LAN from

attacks from the Internet but might prevent some Internet services, point-to-point applications, or multimedia applications from functioning. By default, the Secured radio button is selected.

• Open. Provides a much less secured firewall but allows almost all Internet

applications to function.

Click the Apply button. Your settings are saved.

Router mode: Manage the SIP application-level gateway

The application-level gateway (ALG) for the Session Initiation Protocol (SIP) is enabled by default for enhanced address and port translation. However, some types of VoIP and video traffic might not work well when the SIP ALG is enabled. For this reason, the access point/router provides the option to disable the SIP ALG.

To change the default SIP ALG setting:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup > WAN Setup.

Security

User Manual79Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

The WAN Setup page displays.

To disable the SIP ALG, select the Disable SIP ALG check box. The SIP ALG is enabled by default.

Click the Apply button. Your settings are saved.

Router mode: Manage VPN pass-through

VPN pass-through allows a computer on the local area network (LAN) to receive VPN traffic from the Internet over an IPSec, PPTP, or L2TP connection. Under normal circumstances, leave VPN pass-through enabled, which is the default setting. If you disable VPN pass-through, VPN traffic is blocked.

To disable VPN pass-through:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup > WAN Setup. The WAN Setup page displays.

In the VPN Passthrough section, select one or more Disabled radio buttons. By default, the Enable radio buttons are selected and VPN pass-through is enabled

for IPSec, PPTP, and L2TP.

Click the Apply button.

User Manual80Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

Your settings are saved.

Allow or block device access to your network

You can use device access control to block or allow access to your network. You define access by selecting or specifying the MAC addresses of the WiFi and wired devices that either can access your entire network or are blocked from accessing your entire network.

Enable and manage network access control

When you enable access control, you must select whether new devices are allowed to access the access point/router network or are blocked from accessing the network. By default, currently connected devices are allowed to access the network, but you can also block these devices from accessing the network.

To set up network access control:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Access Control. The Access Control page displays.

Select the Turn on Access Control check box. You must select this check box before you can specify an access rule and use the

Allow all new devices to connect and Block all new devices from connecting

User Manual81Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

buttons. When the Turn on Access Control check box is cleared, all devices are allowed to connect, even if a device is in the list of blocked devices.

Click the Apply button. Your settings are saved.

Select an access rule for new devices:

• Allow all new devices to connect. With this setting, if you add a new device, it

can access your network. You do not need to enter its MAC address on this page. We recommend that you leave this radio button selected.

• Block all new devices from connecting. With this setting, if you add a new device,

before it can access your network, you must enter its MAC address in the allowed list. For more information, see Manage network access control lists on page 82.

The access rule does not affect previously blocked or allowed devices. It applies only to devices joining your network in the future after you apply these settings.

To manage access for currently connected computers and devices, do the following: a.

If you blocked all new devices, you can allow the computer or device that you are currently using to continue to access the network. Select the check box next to your computer or device in the table, and click the Allow button.

To change the allow or block settings for other computers and devices, select the check box next to the computer or device in the table, and click either the Allow button or the Block button.

10.

Click the Apply button. Your settings are saved.

Manage network access control lists

You can use access control to block or allow device access to your network. An access control list (ACL) functions with the MAC addresses of wired and mobile devices that can either access your entire network or are blocked from accessing your entire network.

The access point/router can detect the MAC addresses of devices that are connected to the network and list the MAC addresses of devices that were connected to the network.

Each network device owns a MAC address, which is a unique 12-character physical address, containing the hexadecimal characters 0–9, a–f, or A–F (uppercase or lowercase) only, and separated by colons (for example, 00:09:AB:CD:EF:01). Typically, the MAC address is on the label of a device. If you cannot see the label, you can display the MAC address using the network configuration utilities of the computer. You might also find the MAC addresses of devices that are connected to the access point/router on the Access Control page of the local browser interface (see Add or remove a device from

User Manual82Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

the allowed list on page 83 and Add or remove a device from the blocked list on page

84).

Add or remove a device from the allowed list

If you set up an access list that blocks all new devices from accessing your network, you must specify which devices are allowed to access your network.

To add or remove a device from the allowed list:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Access Control. The Access Control page displays.

Click the View list of allowed devices not currently connected to the network link.

A table displays the detected device name, MAC address, and connection type of the devices that are not connected but allowed to access the network.

To add a device to the allowed list, do the following: a.

Security

Click the Add button. The Add Allowed Device page displays.

Enter the MAC address and device name for the device that you want to allow.

On the Add Allowed Device page, click the Apply button. The device is added to the allowed list on the Access Control page.

User Manual83Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

To remove a device from the allowed list, do the following: a.

Select the check box for the device.

Click the Delete button. The device is removed from the allowed list.

Click the Apply button. Your settings are saved.

Add or remove a device from the blocked list

If you set up an access list that allows all new devices to access your network but you want to block some devices, you must specify the devices that you want to block.

To add or remove a device from the blocked list:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Access Control. The Access Control page displays.

Click the View list of blocked devices not currently connected to the network link.

A table displays the detected device name, MAC address, and connection type of the devices that are not connected and are blocked from accessing the network.

User Manual84Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

To add a device to the blocked list, do the following: a.

Click the Add button. The Add Blocked Device page displays.

Enter the MAC address and device name for the device that you want to block.

On the Add Blocked Device page, click the Apply button. The device is added to the blocked list on the Access Control page.

To remove a device from the blocked list, do the following: a.

Select the check box for the device.

Click the Delete button. The device is removed from the blocked list.

Click the Apply button. Your settings are saved.

Router mode: Specify keywords and domains to block Internet sites

If the access point/router is in router mode, you can block keywords and domains (websites) to prevent certain types of HTTP traffic from accessing your network. By default, keyword blocking is disabled and no domains are blocked.

Note: The information in this section and subsections does not apply if the access point/router is in access point mode.

Router mode: Set up keyword and domain blocking

You can set up blocking of specific keywords and domains to occur continuously or according to a schedule.

To set up keyword and domain blocking:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access

User Manual85Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Sites. The Block Sites page displays.

Specify a keyword blocking option:

• Per Schedule. Use keyword blocking according to a schedule that you set.

For more information, see Router mode: Set up a schedule for blocking on page

95.

• Always. Use keyword blocking continuously.

In the Type keyword or domain name here field, enter a keyword or domain. Here are some sample entries:

Specify XXX to block http://www.badstuff.com/xxx.html.

•

Specify the domain suffix (for example, .edu or .gov) if you want to allow only

•

sites with domain suffixes such as .edu or .gov.

Enter a period (.) to block all Internet browsing access.

•

Click the Add keyword button. The keyword or domain is added to the Block sites containing these keywords

or domain names field (which is also referred to as the blocked list).

9. To add more keywords or domains, repeat the previous two steps. The keyword list supports up to 32 entries.

10.

Click the Apply button. Your settings are saved.

Security

User Manual86Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Specify a trusted device

You can exempt one trusted device from blocking and logging. The device that you exempt must be assigned a fixed (static) IP address.

To specify a trusted device:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Sites. The Block Sites page displays.

Scroll down and select the Allow trusted IP address to visit blocked sites check box.

In the Trusted IP Address field, enter the IP address of the trusted device. The first three octets of the IP address (by default, 192.168.0) are automatically

populated and depend on the IP address that is assigned to the DHCP server of the access point/router. For more information, see Router mode: Manage the DHCP server address pool on page 114.

Click the Apply button. Your settings are saved.

Security

User Manual87Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Remove a keyword or domain from the blocked list

If you no longer need a keyword or domain on the blocked list, you can remove the keyword or domain.

To remove a keyword or domain from the blocked list:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Sites. The Block Sites page displays.

In the Block sites containing these keywords or domain names field, select the keyword or domain.

Click the Delete Keyword button. The keyword or domain is removed from the blocked list.

Click the Apply button. Your settings are saved.

Security

User Manual88Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

Router mode: Remove all keywords and domains from the blocked list

You can simultaneously remove all keywords and domains from the blocked list.

To remove all keywords and domains from the blocked list:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Sites. The Block Sites page displays.

Click the Clear List button. All keywords and domains are removed from the blocked list.

Click the Apply button. Your settings are saved.

Router mode: Block specific services and applications from the Internet

If the access point/router is in router mode, you can add service blocking rules to prevent access from your LAN to specific services and applications on the Internet. In addition, you can specify if a blocking rule applies to one user, a range of users, or all users on

User Manual89Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

your LAN. The access point/router lists many default services and applications that you can use in blocking rules. You can also add a service blocking rule for a custom service or application.

Note: The information in this section and subsections does not apply if the access point/router is in access point mode.

Router mode: Add a service blocking rule for a predefined service or application

The access point/router lists many predefined services and applications that you can use in outbound rules.

You can add a service blocking rule to prevent access to a specific service or application on the Internet.

To add a service blocking rule:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Services. The Block Services page displays.

In the Services Blocking section, specify how the access point/router applies outbound rules:

• Per Schedule. Use service blocking according to a schedule that you set.

User Manual90Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

For more information, see Router mode: Set up a schedule for blocking on page

95.

• Always. Use service blocking continuously.

Click the Add button. The Add Services Blocking page displays.

From the Service Type menu, select the service or application to be covered by this rule.

The Protocol, Starting Port, and Ending Port fields are automatically populated when you select the service or application.

Note: If the service or application does not display in the list, you can add it by selecting User Defined from the Service Type menu (see Router mode: Add a service blocking rule for a custom service or application on page 91).

Specify which devices on your LAN are affected by the rule, based on their IP addresses:

• Only This IP Address. Enter the required IP address in the fields to apply the rule

to a single device on your LAN.

• IP Address Range. Enter the required start and end IP addresses in the fields to

apply the rule to a range of devices.

• All IP Addresses. All computers and devices on your LAN are covered by this

rule. By default, the All IP Addresses radio button is selected.

10.

Click the Add button. The new rule is added to the Service Table on the Block Services page.

Router mode: Add a service blocking rule for a custom service or application

If the service or application is not predefined, you can add a service blocking rule for a custom service or application.

Security

User Manual91Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

To add service blocking rule for a custom service or application:

Find out which protocol and port number or range of numbers the service or application uses.

You can usually find this information by contacting the publisher of the service or application or through online user or news groups.

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Services. The Block Services page displays.

The first time that you add an outbound firewall rule, in the Services Blocking section, specify how the access point/router applies outbound rules:

• Per Schedule. Use keyword blocking according to a schedule that you set.

For more information, see Router mode: Set up a schedule for blocking on page

95.

• Always. Use keyword blocking continuously.

Click the Add button. The Add Services Blocking page displays.

From the Service Type menu, select User Defined.

Security

User Manual92Manage the Firewall and

AC2000 802.11ac Wireless Access Point/Router WAC124

10.

Specify a new service blocking rule by selecting a protocol, defining the ports, and defining a name:

Protocol. From the menu, select the protocol (TCP or UDP) that is associated

•

with the service or application. If you are unsure, select TCP/UDP.

Starting Port. In the field, enter the start port for the service or application.

•

Ending Port. In the field, enter one of the following:

•

If the service or application uses a range of ports, enter the end port for the range.

If the service or application uses a single port, repeat the port number that you entered in the Starting Port field.

Service Type/User Defined. In the field, enter the name of the custom service

•

or application.

11.

Specify which devices on your LAN are affected by the rule, based on their IP addresses:

• Only This IP Address. Enter the required address in the fields to apply the rule

to a single device on your LAN.

• IP Address Range. Enter the required addresses in the start and end fields to

apply the rule to a range of devices.

• All IP Addresses. All computers and devices on your LAN are covered by this

rule. By default, the All IP Addresses radio button is selected.

12.

Click the Add button. The new rule is added to the Service Table on the Block Services page.

Router mode: Change a service blocking rule

You can change an existing service blocking rule.

To change a service blocking rule:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

User Manual93Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Services. The Block Services page displays.

In the Service Table, select the radio button for the rule.

Click the Edit button. The Edit Services Blocking page displays.

8. Change the settings. For more information about the settings, see Router mode: Add a service blocking

rule for a custom service or application on page 91.

Click the Apply button. Your settings are saved. The modified rule displays in the Service Table on the Block

Services page.

Router mode: Remove a service blocking rule

You can remove a service blocking rule that you no longer need.

To remove a service blocking rule:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

User Manual94Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Block Services. The Block Services page displays.

In the Service Table, select the radio button for the rule.

Click the Delete button. A warning pop-up window opens.

Click the OK button. The rule is removed from the Service Table. Custom rules are deleted.

Router mode: Set up a schedule for blocking

If the access point/router is in router mode, you can set up a schedule that you can apply to keyword and domain blocking, Internet service and application blocking, or both.

The schedule can specify the days and times that these features are active. After you set up the schedule, if you want it to become active, you must apply it to keyword and domain blocking (see Router mode: Set up keyword and domain blocking on page 85), Internet service and application blocking (see Router mode: Block specific services and applications from the Internet on page 89), or both. Without a schedule, you can only enable or disable these features. By default, no schedule is set.

To set up a schedule:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

User Manual95Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > Schedule. The Schedule page displays.

Set up the schedule for blocking:

Days to Block. Select the check box for each day that you want to block access

•

or specify that blocking occurs on every day by selecting the Every Day check box. By default, the Every Day check box is selected.

Time of Day to Block. Select a start and end time for blocking in 24-hour format

•

or select the All Day check box for 24-hour blocking. By default, the All Day check box is selected.

Click the Apply button. Your settings are saved.

Set up security event email notifications

The access point/router can email you its logs of router activity. The log records activity and security events such as attempts to access blocked sites or services.

To set up email notifications:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

User Manual96Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Security > E-mail. The E-mail page displays.

Select the Turn E-mail Notification On check box.

In the Send to This E-mail Address field, type the email address to which logs and alerts are to be sent.

This email address is also used for the From address. If this field is blank, log and alert messages are not sent.

In the Your Outgoing Mail Server field, enter the name of your ISP outgoing (SMTP) mail server (such as mail.myISP.com).

You might be able to find this information in the configuration window of your email program. If you leave this field blank, log and alert messages are not sent.

In the Outgoing Mail Server Port Number field, enter the port number that the mail server uses.

If you do not know the port number, leave the default port number, which is 25.

10.

To send email alerts over a secure connection, select the Secure connection (use SSL) check box.

11.

If your outgoing email server requires authentication, select the My Mail Server requires authentication check box, and do the following:

In the User Name field, type the user name for the outgoing email server.

In the Password field, type the password for the outgoing email server.

12.

To send alerts when someone attempts to visit a blocked site, select the Send Alerts Immediately check box.

Email alerts are sent immediately when someone attempts to visit a blocked site.

User Manual97Manage the Firewall and

Security

AC2000 802.11ac Wireless Access Point/Router WAC124

13.

To send logs based on a schedule, specify these settings: a.

From Send logs according to this schedule menu, select the schedule type.

From the Day menu, select the day.

From the Time menu, select the time, and select the am or pm radio button.

14.

Click the Apply button. Your settings are saved.

Logs are sent automatically according to the schedule that you set. If the log fills before the specified time, it is sent. After the log is sent, it is cleared from the access point/router memory. If the access point/router cannot email the log and the log buffer fills, the access point/router overwrites the log.

Security

User Manual98Manage the Firewall and

Optimize Performance

This chapter describes how you can optimize the access point/router’s performance and manage the traffic flows through the access point/router.

The chapter contains the following sections:

• Optimize traffic with the default QoS rules

• Manage default and custom QoS rules

• Manage uplink bandwidth control

• Manage WiFi Multimedia (WMM) for a radio

• Improve network connections with Universal Plug and Play

AC2000 802.11ac Wireless Access Point/Router WAC124

Optimize traffic with the default QoS rules

You can use Quality of Service (QoS) to assign different priorities to Internet traffic, applications, and services. The access point/router provides default QoS rules. You can add custom QoS rules and manage both default and custom QoS rules (see Manage default and custom QoS rules on page 101).

We recommend that you enable QoS if you use streaming Internet. However, when QoS assigns a high priority to streaming video, it also assigns lower priority to the rest of your Internet traffic. That means that other tasks such as downloading content from the Internet take longer.

To view the default QoS rules with their default priorities and turn on QoS:

Open a web browser from a computer or mobile device that is connected to the access point/router network.

Enter http://www.routerlogin.net in the address field. If you are not connected to the access point/router network but to the same network

as the access point/router, enter the IP address that is assigned to the access point/router. If you do not know the IP address, see Find the IP address of the access point/router on page 29.

The Sign-In page displays. You are prompted to sign in with your NETGEAR account.

Click the Login button. The NETGEAR Account Login page displays.

Enter your registered email address and password and click the LOG IN button. The BASIC Home page displays.

Select ADVANCED > Setup > QoS Setup. The QoS Setup page displays.

If you did not add any custom rules or change priorities, the QoS rules table displays the default QoS rules and their default priority queues, from the highest queue (Queue 1, the leftmost column) to the lowest priority Queue 4, (the rightmost column).

Select the Turn Internet Access QoS On check box.

Click the Apply button. Your settings are saved. The access point/router assigns traffic priorities according

to the QoS rules and their priority queues.

User Manual100Optimize Performance

Netgear WAC124 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Hardware Overview of the Access Point/Router

Top panel with LEDs

Back panel with ports, buttons, and a power connector

Position the antennas for best WiFi performance

Access point/router label

Install and Access the Access Point/Router in Your Network

Connect the access point/router to your existing router and log in for the first time

Update the access point/router firmware if you cannot complete the initial log-in process

About router mode

Use the access point/router in router mode

Log in to the access point/router when it is connected to the Internet

Log in to the access point/router when it is not connected to the Internet

Use the NETGEAR Insight mobile app to discover the access point/router

Find the IP address of the access point/router

Change the language

Change the local login admin password

Set up password recovery for the local login admin user name

Connect a wired or WiFi device to the access point/router’s network after installation

Connect to the access point/router through an Ethernet cable

Use Wi-Fi Protected Setup to join the WiFi network of the access point/router

Manually join the WiFi network of the access point/router

Specify the Access Point/Router Internet Settings Manually

Use the Internet Setup Wizard

Access point mode: Specify a fixed LAN IP address

Router mode: Manually set up the access point/router Internet connection

Router mode: Specify a dynamic or fixed WAN IP address Internet connection without a login

Router mode: Specify a PPPoE Internet connection that uses a login

Router mode: Specify a PPTP or L2TP Internet connection that uses a login

Router mode: Specify an IPv6 Internet connection

Router mode: Requirements for entering IPv6 addresses

Router mode: Use Auto Detect for an IPv6 Internet connection

Router mode: Use Auto Config for an IPv6 Internet connection

Router mode: Set up an IPv6 6to4 tunnel Internet connection

Router mode: Set up an IPv6 6rd Internet connection

Router mode: Set up an IPv6 passthrough Internet connection

Router mode: Set up an IPv6 fixed Internet connection

Router mode: Set up an IPv6 DHCP Internet connection

Router mode: Set up an IPv6 PPPoE Internet connection

Manage the Basic WiFi and Radio Features

Set up or change an open or secure WiFi network

Configure WPA and WPA2 Enterprise WiFi security

Disable or enable a WiFi network

Hide or broadcast the SSID for a WiFi network

Enable or disable the WiFi radios

Use WPS to add a device to the WiFi network

Use WPS with the push button method

Use WPS with the PIN method

Manage the Firewall and Security

Router mode: Manage the basic firewall settings

Router mode: Manage port scan protection and denial of service protection

Router mode: Set up a default DMZ server

Router mode: Manage IGMP proxying

Router mode: Manage NAT filtering

Router mode: Manage the SIP application-level gateway

Router mode: Manage VPN pass-through

Allow or block device access to your network

Enable and manage network access control

Manage network access control lists

Add or remove a device from the allowed list

Add or remove a device from the blocked list

Router mode: Specify keywords and domains to block Internet sites

Router mode: Set up keyword and domain blocking

Router mode: Specify a trusted device

Router mode: Remove a keyword or domain from the blocked list

Router mode: Remove all keywords and domains from the blocked list

Router mode: Block specific services and applications from the Internet

Router mode: Add a service blocking rule for a predefined service or application

Router mode: Add a service blocking rule for a custom service or application

Router mode: Change a service blocking rule

Router mode: Remove a service blocking rule

Router mode: Set up a schedule for blocking

Set up security event email notifications

Optimize Performance

Optimize traffic with the default QoS rules