NETGEAR WNR1000v3h2 User Manual
N150 Wireless Router WNR1000v3h2
User Manual
350 East Plumeria Drive
San Jose, CA 95134
USA
October 2010
202-10753-01
1.0
N150 Wireless Router User Manual
©2010 NETGEAR, Inc. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online,
visit us at http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): See Support information card.
Trademarks
NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, Smart Wizard, Auto Uplink, X-RAID2, and NeoTV are
trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista are
registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or
trademarks of their respective holders.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Table 1.
Publication Part Number Version Publish Date Comments
202-10753-01 1.0 October 2010 First publication
2 |
Table of Contents
Chapter 1 Configuring Basic Connectivity
Using the Setup Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Logging In To Your Wireless Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Selecting a Language for Your Screen Display . . . . . . . . . . . . . . . . . . . . . . 9
Configuring Your Internet Settings Using the Setup Wizard. . . . . . . . . . . .11
Viewing and Configuring Basic Internet Settings . . . . . . . . . . . . . . . . . . . .11
Your Internet Connection Does Not Require a Login . . . . . . . . . . . . . . . 11
Your Internet Connection Does Require a Login . . . . . . . . . . . . . . . . . .13
Setting Up and Testing Basic Wireless Connectivity . . . . . . . . . . . . . . . . .16
Chapter 2 Safeguarding Your Network
Choosing Appropriate Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Recording Basic Wireless Settings Setup Information . . . . . . . . . . . . . . . .23
Changing Wireless Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Viewing Basic Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Configuring WEP Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Configuring WPA-PSK and WPA2-PSK Wireless Security . . . . . . . . . .28
Viewing Advanced Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Using Push 'N' Connect (Wi-Fi Protected Setup) . . . . . . . . . . . . . . . . . . . .30
Push Button Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Security PIN Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configuring the WPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Connecting Additional Wireless Client Devices after WPS Setup . . . . .34
Restricting Wireless Access by MAC Address . . . . . . . . . . . . . . . . . . . . . .35
Adding Guest Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Changing the Administrator Password . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Backing Up Your Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Understanding Your Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Chapter 3 Restricting Access From Your Network
Content Filtering Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Blocking Access to Internet Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Blocking Access to Internet Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Blocking Services by IP Address Range . . . . . . . . . . . . . . . . . . . . . . . . 44
Scheduling Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Viewing Logs of Web Access or Attempted Web Access. . . . . . . . . . . . . .45
Configuring E-mail Alert and Web Access Log Notifications . . . . . . . . . . . 46
Setting the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Table of Contents | 3
N150 Wireless Router User Manual
Chapter 4 Customizing Your Network Settings
Using the LAN IP Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Configuring a Device Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configuring LAN TCP/IP Setup Parameters. . . . . . . . . . . . . . . . . . . . . . 49
Using the Router as a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Using Address Reservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Using a Dynamic DNS Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring the WAN Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Disabling Port Scan and DoS Protection . . . . . . . . . . . . . . . . . . . . . . . . 53
Setting Up a Default DMZ Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Responding to a Ping on the Internet (WAN) Port . . . . . . . . . . . . . . . . . 54
Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configuring NAT Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configuring Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Chapter 5 Fine-Tuning Your Network
Allowing Inbound Connections to Your Network . . . . . . . . . . . . . . . . . . . . 57
How Your Computer Accesses a Remote Computer through Your Router58
How Port Triggering Changes the Communication Process . . . . . . . . . 59
How Port Forwarding Changes the Communication Process . . . . . . . .60
How Port Forwarding Differs from Port Triggering . . . . . . . . . . . . . . . . .61
Configuring Port Forwarding to Local Servers . . . . . . . . . . . . . . . . . . . . . .61
Adding a Custom Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Editing or Deleting a Port Forwarding Entry . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Using Universal Plug and Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Optimizing Wireless Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Using WMM for Wireless Multimedia Applications . . . . . . . . . . . . . . . . . . .69
Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Using WMM QoS for Wireless Multimedia Applications. . . . . . . . . . . . . 69
Configuring QoS for Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Changing the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Overview of Home and Small Office Networking Technologies . . . . . . . . .74
Assessing Your Speed Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4 | Table of Contents
Chapter 6 Using Network Monitoring Tools
Viewing Wireless Router Status Information . . . . . . . . . . . . . . . . . . . . . . .78
Viewing a List of Attached Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Managing the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Backing Up and Restoring the Configuration . . . . . . . . . . . . . . . . . . . . .83
Erasing the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Updating the Router Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Checking for New Firmware in the Router Upgrade Screen . . . . . . . . .84
Updating Manually to New Router Firmware . . . . . . . . . . . . . . . . . . . . . 86
Enabling Remote Management Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Traffic Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
N150 Wireless Router User Manual
Chapter 7 Troubleshooting
Quick Tips. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Troubleshooting Basic Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Login Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Checking the Internet Service Connection . . . . . . . . . . . . . . . . . . . . . . . . .95
Obtaining an Internet IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Troubleshooting PPPoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96
Troubleshooting Internet Browsing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Troubleshooting Your Network Using the Ping Utility. . . . . . . . . . . . . . . . .97
Testing the LAN Path to Your Router . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Testing the Path from Your Computer to a Remote Device . . . . . . . . . .98
Problems with Date and Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Problems with Wireless Adapter Connections . . . . . . . . . . . . . . . . . . . . . .99
Restoring the Default Configuration and Password . . . . . . . . . . . . . . . . .100
Appendix A Technical Specifications
Default Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
General Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Appendix B Related Documents
Appendix C Notification of Compliance
Index
Table of Contents | 5
1 Configuring Basic Connectivity
This chapter describes the settings for your Internet connection and your wireless local area
network (LAN) connection. When you perform the initial configuration of your wireless router
using the Resource CD as described in the NETGEAR Wireless Router Setup Manual, these
settings are specified automatically for you. This chapter provides further details about these
connectivity settings, as well as instructions on how to log in to the router for further
configuration.
Note: NETGEAR recommends using the Smart Wizard™ on the
Resource CD for initial configuration, as described in the NETGEAR
Wireless Router Setup Manual.
This chapter includes the following sections:
• Using the Setup Manual on page 6
• Logging In To Your Wireless Router on page 7
• Selecting a Language for Your Screen Display on page 9
• Configuring Your Internet Settings Using the Setup Wizard on page 11
• Viewing and Configuring Basic Internet Settings on page 11
• Setting Up and Testing Basic Wireless Connectivity on page 16
1
Using the Setup Manual
For first-time installation of your wireless router, refer to the NETGEAR Wireless Router
Setup Manual. The Setup Manual explains how to launch the NETGEAR Smart Wizard on
the Resource CD to step you through the procedure to connect your router, modem, and
computers. The Smart Wizard will assist you in configuring your wireless settings and
enabling wireless security for your network. After initial configuration using the Setup
Manual, you can use the information in this User Manual to configure additional features of
your wireless router.
For installation instructions in a language other than English, refer to the language options on
the Resource CD.
Chapter 1: Configuring Basic Connectivity | 6
N150 Wireless Router User Manual
Logging In To Your Wireless Router
When the wireless router is connected to your network, you can access and configure the
router using your browser. The Default Access login information is printed on the bottom label
of your router.
To access the router:
1. Connect to the wireless router by typing http://www.routerlogin.net in the address field
of your browser, and then press Enter. A login window displays
Figure 1. .
Tip: You can connect to the wireless router by typing either of these URLs in
the address field of your browser, and then pressing Enter:
• http://www.routerlogin.net
• http://www.routerlogin.com
If these URLs do not work, you must type the IP address of the router, for example,
http://192.168.1.1.
2. Enter admin for the router user name and your password (or the default, password).
Note: The router user name and password are not the same as any other
user name or password you might use to log in to your Internet
connection.
- The Checking for Firmware Updates screen appears unless you previously cleared
the Check for Updated Firmware Upon Log-in check box.
Chapter 1: Configuring Basic Connectivity | 7
Figure 2.
This message displays if the router discovers that new firmware is available. (If no
new firmware is available, the router will proceed to the router status screen.)
N150 Wireless Router User Manual
Figure 3.
- To automatically update to the new firmware, click Yes to allow the router to
download and install the new firmware file from NETGEAR.
WARNING!
When uploading firmware to the WNR1000v3h2 router, do not
interrupt the Web browser by closing the window, clicking a link,
or loading a new page. If the browser is interrupted, it could
corrupt the firmware.
The update process typically takes about 1 minute. When the upload is complete, your
Wireless Router automatically restarts.
3. If there is no new firmware, the login will take you to the Basic Settings screen displayed
here.
8 | Chapter 1: Configuring Basic Connectivity
N150 Wireless Router User Manual
Figure 4.
If the wireless router is connected to the Internet, you can select Knowledge Base or
Documentation under Web Support in the main menu to view support information or the
documentation for the wireless router.
If you do not click Logout, the wireless router will wait for 5 minutes after no activity
before it automatically logs you out.
Selecting a Language for Your Screen Display
Using the Select Language drop-down menu, located in the upper right corner of the Router
Manager screen, you can display the router manager screens in any of languages shown in
Figure 1-5:
Chapter 1: Configuring Basic Connectivity | 9
N150 Wireless Router User Manual
Figure 5.
The language is set to English by default. The default language is always stored in memory.
When you select a language other than the default, that language as well as English is stored
in memory. The additional language stored is the most recently selected. For example, if you
select Deutsch, German and English will be stored. If you next select Chinese, Chinese and
English will be stored.
To specify a language to be used on your router manager screens, do the following:
1. Expand the list and select the language you want.
2. Click Apply.
The language you select is then downloaded and displayed in the language selection
box, and your screen display will be in the selected language.
Note: You can select from the entire list of supported languages only when
the router is connected to the Internet. When the router is not
connected to the Internet, you can select one of the stored
languages only.
10 | Chapter 1: Configuring Basic Connectivity
N150 Wireless Router User Manual
Configuring Your Internet Settings Using the Setup Wizard
You can manually configure your Internet connection using the Basic Settings screen, or you
can allow the Setup Wizard to determine your Internet Service Provider (ISP) configuration.
The Setup Wizard searches your Internet connection for servers and protocols to determine
your ISP configuration.
To use the Setup Wizard to assist with configuration or to verify the Internet connection
settings:
1. Select Setup Wizard from the top of the main menu.
2. Click Next to proceed. Enter your ISP settings, as needed.
3. At the end of the Setup Wizard, click Test to verify your Internet connection. If you have
trouble connecting to the Internet, see
Chapter 7.”
Viewing and Configuring Basic Internet Settings
Settings related to your Internet service are specified in the Basic Settings screen. Select
Basic Settings under Setup in the main menu.
The content you see in the Basic Settings screen depends on whether your ISP requires that
you log in with a user name and password for Internet access.
Your Internet Connection Does Not Require a Login
If no login is required by your ISP, the following settings appear in the Basic Settings screen.
Chapter 1: Configuring Basic Connectivity | 11
No login required
N150 Wireless Router User Manual
Figure 6.
• Account Name (might also be called Host Name). The account name is provided to the
ISP during a DHCP request from your router. In most cases, this setting is not required,
but some ISPs require it for access to ISP services such as mail or news servers.
• Domain Name. The domain name is provided by your router to computers on your LAN
when the computers request DHCP settings from your router. In most cases, this settings
is not required.
• Internet IP Address. Determines how your router obtains an IP address for Internet
access.
- If your ISP assigns an IP address dynamically (by DHCP), select Get Dynamically
From ISP.
- If your ISP has assigned you a permanent, fixed (static) IP address for your computer,
select Use Static IP Address. Enter the IP address that your ISP assigned. Also,
enter the subnet mask and the gateway IP address. The gateway is the ISP’s router
to which your router will connect.
• Domain Name Server (DNS) Address. If you know that your ISP does not automatically
transmit DNS addresses to the router during login, select Use These DNS Servers, and
enter the IP address of your ISP’s primary DNS server. If a secondary DNS server
address is available, enter it also.
12 | Chapter 1: Configuring Basic Connectivity
N150 Wireless Router User Manual
Note: If you enter or change a DNS address, restart the computers on
your network so that these settings take effect.
• Router MAC Address. This section determines the Ethernet MAC address that the
router will use on the Internet port. Typically, you would leave Use Default Address
selected. However, some ISPs (especially cable modem providers) register the Ethernet
MAC address of the network interface card in your computer when your account is first
opened. They then accept only traffic from the MAC address of that computer. This
feature allows your router to masquerade as that computer by “cloning” or “spoofing” its
MAC address.
To change the MAC address, select one of the following methods:
- Select Use Computer MAC Address. The router will then capture and use the MAC
address of the computer that you are now using. You must be using the one computer
that is allowed by the ISP.
- Select Use This MAC Address, and enter it here.
Your Internet Connection Does Require a Login
If a login is required by your ISP, the following settings appear in the Basic Settings screen:
Chapter 1: Configuring Basic Connectivity | 13
Login required
N150 Wireless Router User Manual
Figure 7.
• Does Your Internet Connection Require A Login? If you usually must use a login
program such as WinPOET to access the Internet, your Internet connection requires a
login. After you select Yes, the Basic Settings screen displays.
Note: After you finish setting up your router, you will no longer need to
launch the ISP’s login program on your computer to access the
Internet. When you start an Internet application, your router will
automatically log you in.
• Internet Service Provider. This drop-down list contains a few ISPs that need special
protocols for connection. Not all ISPs are listed here. The ones on this list have special
requirements. The list includes:
14 | Chapter 1: Configuring Basic Connectivity
N150 Wireless Router User Manual
Figure 8.
- PPTP (Point to Point Tunneling Protocol), used primarily in Austrian DSL services
- Telstra Bigpond, an Australian residential cable modem service
Note: The Telstra Bigpond setting is only for older cable modem service
accounts still requiring a Bigpond login utility. Telstra has
discontinued this type of account. Those with Telstra DSL accounts
and newer cable modem accounts should select No for Does Your
Internet Connection Require a Login.
- PPPoE (Point to Point Protocol over Ethernet), the protocol used by most DSL
services worldwide.
• Login and Password. This is the user name and password provided by your ISP. This
name and password are used to log in to the ISP server.
• Service Name. If your connection is capable of connecting to multiple Internet services,
this setting specifies which service to use.
• Connection Mode. This drop-down list selects when the router will connect to and
disconnect from the Internet. The list includes:
Figure 9.
- Always On. The router logs in to the Internet immediately after booting and never
disconnects.
- Dial on Demand. The router logs in only when outgoing traffic is present and logs out
after the idle time-out.
- Manually Connect. The router logs in or logs out only when the user clicks Connect
or Disconnect in the Router Status screen.
• Idle Timeout. Your Internet connection is logged out if there is no data transfer during the
specified time interval.
Chapter 1: Configuring Basic Connectivity | 15
N150 Wireless Router User Manual
• Domain Name Server (DNS) Address. If you know that your ISP does not automatically
transmit DNS addresses to the router during login, select Use These DNS Servers, and
enter the IP address of your ISP’s primary DNS server. If a secondary DNS server
address is available, enter it also.
Note: If you enter or change a DNS address, restart the computers on
your network so that these settings take effect.
Setting Up and Testing Basic Wireless Connectivity
Follow these instructions to set up and test basic wireless connectivity. Once you have
established basic wireless connectivity, you can enable security settings appropriate to your
needs.
1. Select Wireless Settings under Setup in the main menu of the WNR1000v3h2 router.
Figure 10.
2. As appropriate, select the region in which the wireless interface will operate.
Note: In North America, you will not be able to change the region setting.
3. For the wireless network name (SSID), use the default name, or choose a suitable
descriptive name. In the Name (SSID) field, you can enter a value of up to 32 alphanumeric
characters. The default SSID is NETGEAR.
16 | Chapter 1: Configuring Basic Connectivity
N150 Wireless Router User Manual
Note: The SSID is case-sensitive; NETGEAR is not the same as nETgear.
Also, the SSID of any wireless access adapters must match the
SSID you specify in the WNR1000v3h2 router. If they do not match,
you will not get a wireless connection to the WNR1000v3h2 router.
4. For the remaining settings, accept the defaults.
• The default channel is Auto.
It should not be necessary to change the wireless channel unless you notice
interference problems with another nearby wireless router or access point. Select a
channel that is not being used by any other wireless networks within several hundred
feet of your router. For more information about the wireless channel frequencies, click
the link to the online document
Wireless Networking Basics in Appendix B.
• The default mode of Up to 72 Mbps. The options are:
- Up to 54 Mbps – Legacy Mode – Maximum speed of up to 54 Mbps for b/g
networks.
- Up to 72 Mbps – Neighbor Friendly Mode – Will not interfere with neighboring
wireless networks.
- Up to 150 Mbps – Performance Mode – Maximum Wireless-N speed up to 150
Mbps.
• The default Security Options is None.
5. Click Apply to save your changes.
Note: If you are configuring the router from a wireless computer and you
change the router’s SSID, channel, or security settings, you will lose
your wireless connection when you click Apply. You must then
change the wireless settings of your computer to match the router’s
new settings.
6. Select Wireless Settings under Advanced in the main menu of the WNR1000v3h2 router.
Chapter 1: Configuring Basic Connectivity | 17
Figure 11.
N150 Wireless Router User Manual
7. Make sure that the Enable Wireless Router Radio, Enable SSID Broadcast, and Enable
WMM check boxes are selected.
8. Click Setup Access List.
9. Make sure that the Turn Access Control On check box is not selected.
10. Configure and test your wireless computer for wireless connectivity.
Program the wireless adapter of your computer to have the same SSID and channel that
you specified in the router, and disable encryption. Check that your computer has a
wireless link and can obtain an IP address by DHCP from the router.
Once your computer has basic wireless connectivity to the router, you can configure the
advanced wireless security functions of the computer and router (for more information about
security and these settings, see Chapter 2 ”).
18 | Chapter 1: Configuring Basic Connectivity
2 Safeguarding Your Network
The N150 Wireless Router provides highly effective security features, which are covered in
detail in this chapter.
This chapter includes the following sections:
• Choosing Appropriate Wireless Security ”
• Recording Basic Wireless Settings Setup Information on page 23
• Changing Wireless Security Settings on page 24
• Viewing Advanced Wireless Settings on page 29
• Using Push 'N' Connect (Wi-Fi Protected Setup) on page 30
• Restricting Wireless Access by MAC Address on page 35
• Adding Guest Networks on page 37
• Changing the Administrator Password on page 38
• Backing Up Your Configuration on page 39
• Understanding Your Firewall on page 40
2
Chapter 2: Safeguarding Your Network | 19
N150 Wireless Router User Manual
Choosing Appropriate Wireless Security
Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive
your wireless data transmissions well beyond your walls. Operating an unsecured wireless
network creates an opportunity for outsiders to eavesdrop on your network traffic or to enter
your network to access your computers and files. Indoors, computers can connect over
wireless networks at ranges of up to 300 feet. Such distances can allow for others outside
your immediate area to access your network. Use the security features of your wireless
equipment that are appropriate to your needs.
The time it takes to establish a wireless connection can vary depending on both your security
settings and router placement.
Stronger security methods can entail a cost in terms of throughput, latency, battery
consumption, and equipment compatibility. In choosing an appropriate security level, you can
also consider the effort compared to the reward for a hacker to break into your network. As a
minimum, however, NETGEAR recommends using WEP with Shared Key authentication. Do
not run an unsecured wireless network unless it is your intention to provide free Internet
access for the public.
WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and
WPA2-PSK encryption can consume more battery power on a notebook computer, and can
cause significant performance degradation with a slow computer.
Note: NETGEAR recommends that you change the administration
password of your router. Default passwords are well known, and an
intruder can use your administrator access to read or disable your
security settings. For information about how to change the
administrator password, see
on page 38.
Changing the Administrator Password
20 | Chapter 2: Safeguarding Your Network
N150 Wireless Router User Manual
WNR1000v3h2
Note: Use these with other features that enhance security (Table 2).
Figure 1.
Wireless data
security options
Range: up to 300 foot radius
1) Open system: easy but no
security
2) MAC access list: no data
security
To configure the wireless network, you can:
• Manually specify your SSID and your wireless security settings. The WNR1000v3h2
router provides two screens for configuring the wireless settings:
- Wireless Settings. You access these under Setup in the main menu (see Viewing
Basic Wireless Settings on page 24).
- Advanced Wireless Settings. You access these under Advanced in the main menu
(see Viewing Advanced Wireless Settings on page 29).
• Use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement
WPA/WPA2 security on both the router and the client device. If the clients in your
network are WPS capable, you can use Wi-Fi Protected Setup (WPS) to automatically set
the SSID and implement WPA/WPA2 security on both the router and the client device
(see Using Push 'N' Connect (Wi-Fi Protected Setup) on page 30).
Basic security options are listed in order of increasing effectiveness in Table 1. Other
features that affect security are listed in Table 2 on page 22. For more details on wireless
Chapter 2: Safeguarding Your Network | 21
N150 Wireless Router User Manual
security methods, click the link to the online document Wireless Networking Basics in
Appendix B.
Table 1. Wireless Security Options
Security Type Description
None. No wireless security. Recommended only for
troubleshooting wireless connectivity. Do not run an
unsecured wireless network unless it is your
intention to provide free Internet access for the
public.
WEP. Wired Equivalent Privacy. Wired Equivalent Privacy (WEP) data encryption
provides moderate data security. WEP Shared Key
authentication and WEP data encryption can be
defeated by a determined eavesdropper using
publicly available tools.
For more information, see Configuring WEP Wireless
Security on page 26.
WPA-PSK (TKIP). WPA-PSK standard encryption
with TKIP encryption type.
WPA2-PSK (AES). Wi-Fi Protected Access version 2
with Pre-Shared Key; WPA2-PSK standard
encryption with the AES encryption type.
WPA-PSK (TKIP) + WPA2-PSK (AES). Mixed mode.
Wi-Fi Protected Access with Pre-Shared Key
(WPA-PSK and WPA2-PSK) data encryption
provides extremely strong data security, very
effectively blocking eavesdropping. Because WPA
and WPA2 are relatively new standards, older
wireless adapters and devices might not support
them.
For more information, see Configuring WPA-PSK
and WPA2-PSK Wireless Security on page 28.
Table 2. Other Features That Enhance Security
Security Type Description
Disable the wireless router radio. If you disable the wireless router radio, wireless
devices cannot communicate with the router at all.
You might disable this when you are away or when
other users of your network all use wired
connections.
For more information, see Viewing Advanced
Wireless Settings on page 29.
Turn off the broadcast of the wireless network
name SSID.
If you disable the broadcast of the SSID, only
devices that know the correct SSID can connect.
This nullifies the wireless network discovery feature
of some products such as Windows XP, but your data
is still fully exposed to an intruder using available
wireless eavesdropping tools.
For more information, see Viewing Advanced
Wireless Settings on page 29.
22 | Chapter 2: Safeguarding Your Network
N150 Wireless Router User Manual
Table 2. Other Features That Enhance Security
Security Type Description
Restrict access based on MAC address. You can restrict access to only trusted computers so
that unknown computers cannot wirelessly connect
to the WNR1000v3h2 router. MAC address filtering
adds an obstacle against unwanted access to your
network by the general public, but the data broadcast
over the wireless link is fully exposed. This data
includes your trusted MAC addresses, which can be
read and impersonated by a hacker.
For more information, see Restricting Wireless
Access by MAC Address on page 35.
Modify your firewall’s rules. By default, the firewall allows any outbound traffic
and prohibits any inbound traffic except for
responses to your outbound traffic. However, you
can modify the firewall’s rules.
For more information, see Understanding Your
Firewall on page 40.
Use the Push 'N' Connect feature (Wi-Fi Protected
Setup).
Wi-Fi Protected Setup provides easy setup by
means of a push button. Older wireless adapters and
devices might not support this. Check whether
devices are WPS enabled.
For more information, see Using Push 'N' Connect
(Wi-Fi Protected Setup) on page 30.
Recording Basic Wireless Settings Setup Information
Before and after customizing your wireless settings, print this section, and record the
following information. If you are working with an existing wireless network, the person who
set up or is responsible for the network can provide this information. Otherwise, you must
choose the settings for your wireless network. Either way, record the settings for your
wireless network in the spaces provided.
• Wireless Network Name (SSID). ______________________________ The SSID
identifies the wireless network. You can use up to 32 alphanumeric characters. The SSID
is case-sensitive. The SSID in the wireless adapter card must match the SSID of the
wireless router. In some configuration utilities (such as in Windows XP), the term
“wireless network name” is used instead of SSID.
• If WEP Authentication is used, circle one: Shared Key or Auto.
Note: If you select Shared Key, the other devices in the network will not
connect unless they are also set to Shared Key and are configured
with the correct key.
Chapter 2: Safeguarding Your Network | 23
N150 Wireless Router User Manual
- WEP Encryption Key Size. Choose one: 64-bit or 128-bit. Again, the encryption key
size must be the same for the wireless adapters and the wireless router.
- Data Encryption (WEP) Keys. There are two methods for creating WEP data
encryption keys. Whichever method you use, record the key values in the spaces
provided.
• Passphrase Method. ______________________________ These characters
are case-sensitive. Enter a word or group of printable characters and click
Generate. Not all wireless devices support the passphrase method.
• Manual Method. These values are not case-sensitive. For 64-bit WEP, enter 10
hexadecimal digits (any combination of 0–9, a–f, or A–F). For 128-bit WEP, enter
26
hexadecimal digits.
Key 1: ___________________________________
Key 2: ___________________________________
Key 3: ___________________________________
Key 4: ___________________________________
• If WPA-PSK or WPA2-PSK authentication is used:
- Passphrase. ______________________________ These characters are
case-sensitive. Enter a word or group of printable characters. When you use
WPA-PSK, the other devices in the network will not connect unless they are also set
to WPA-PSK and are configured with the correct passphrase. Similarly, when you use
WPA2-PSK, the other devices in the network will not connect unless they are also set
to WPA2-PSK and are configured with the correct passphrase.
Use the procedures described in the following sections to specify the WNR1000v3h2 router.
Store this information in a safe place.
Changing Wireless Security Settings
This section describes the wireless settings that you can view and configure in the Wireless
Settings screen, which you access under Setup in the main menu.
Viewing Basic Wireless Settings
To specify the wireless security settings of your router:
1. Log in to the router as described in Logging In To Your Wireless Router on page 7.
2. Select Wireless Settings under Setup in the main menu. The Wireless Settings screen
displays.
24 | Chapter 2: Safeguarding Your Network
N150 Wireless Router User Manual
Figure 2.
The available settings in this screen are:
• Name (SSID). The SSID is also known as the wireless network name. Enter a value of up
to 32 alphanumeric characters. When more than one wireless network is active, different
wireless network names provide a way to separate the traffic. For a wireless device to
participate in a particular wireless network, it must be configured with the SSID for that
network. The WNR1000v3h2 default SSID is NETGEAR. You can disable this broadcast
as described in Viewing Advanced Wireless Settings on page 29.
• Region. This field identifies the region where the WNR1000v3h2 router can be used. It
might not be legal to operate the wireless features of the wireless router in a region other
than one of those identified in this field.
Note: The region selection feature might not be available in all countries.
• Channel. This field determines which operating frequency is used. It should not be
necessary to change the wireless channel unless you notice interference problems with
another nearby wireless network. The wireless router uses channel bonding technology
to extend the bandwidth for data transmission. For more information about the wireless
channel frequencies, see the online document that you can access from Wireless
Networking Basics in Appendix B.
• Mode. The default mode is Up to 72 Mbps.
Chapter 2: Safeguarding Your Network | 25
N150 Wireless Router User Manual
Note: The maximum wireless signal rate is derived from the IEEE
Standard 802.11 specifications. Actual data throughput will vary.
Network conditions and environmental factors, including volume of
network traffic, building materials and construction, and network
overhead, lower actual data throughput rate.
The Mode options are:
- Up to 54 Mbps - Legacy Mode with maximum speed of up to 54 Mbps for b/g
networks.
- Up to 72 Mbps - Neighbor Friendly Mode - Will not interfere with neighboring wireless
networks.
- Up to 150 Mbps - Performance Mode - Maximum Nx speeds up to 150 Mbps. Using
channel expansion to achieve the 150 Mbps data rate, the WNR1000v3h2 will use the
channel you selected as the primary channel and expand to the secondary channel
(primary channel +4 or –4) to achieve a 40 MHz frame-by-frame bandwidth. The
WNR1000v3h2 will detect channel usage and will disable frame-by-frame expansion
if the expansion would result in interference with the data transmission of other
access points or clients.
• Security Options. The selection of wireless security options can significantly affect your
network performance. The time it takes to establish a wireless connection can vary
depending on both your security settings and router placement.
WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and
WPA2-PSK encryption can consume more battery power on a notebook computer, and
can cause significant performance degradation with a slow computer. Instructions for
configuring the security options can be found in
on page 20. A full explanation of wireless security standards is available in the online
document that you can access from Wireless Networking Basics in Appendix B.
3. Click Apply to save your settings.
Choosing Appropriate Wireless Security
Configuring WEP Wireless Security
WEP Shared Key authentication and WEP data encryption can be defeated by a determined
eavesdropper using publicly available tools.
WEP offers the following options:
• Automatic. With the Automatic option, the router will try both Open System and Shared
Key authentication. Normally this setting is suitable. If it fails, select Open System or
Shared Key. You can also refer to your wireless adapter’s documentation to see what
method to use.
• Open System. With Open System authentication and 64 or 128 bit WEP data encryption,
the WNR1000v3h2 router does perform data encryption but does not perform any
26 | Chapter 2: Safeguarding Your Network
N150 Wireless Router User Manual
authentication. Anyone can join the network. This setting provides very little practical
wireless security.
• Shared Key. With Shared Key authentication, a wireless device must know the WEP key
to join the network. Select the encryption strength (64 or 128 bit data encryption).
Manually enter the key values, or enter a word or group of printable characters in the
Passphrase field. Manually entered keys are not case-sensitive, but passphrase
characters are case-sensitive.
To configure WEP data encryption:
Note: If you use a wireless computer to configure WEP settings, you will
be disconnected when you click Apply. You must then either
configure your wireless adapter to match the wireless router WEP
settings or access the wireless router from a wired computer to
make any further changes. Not all wireless adapter configuration
utilities support passphrase key generation.
1. Select Wireless Settings under Setup in the main menu.
2. In the Security Options section, select WEP. The WEP options display.
Figure 3.
3. Select the authentication type and encryption strength.
4. You can manually or automatically program the four data encryption keys. These values
must be identical on all computers and access points in your network.
• Automatic. In the Passphrase field, enter a word or group of printable characters,
and click Generate. The passphrase is case-sensitive. For example, NETGEAR is
not the same as nETgear. The four key fields are automatically populated with key
values.
• Manual. Enter 10 hexadecimal digits (any combination of 0–9, a–f, or A–F). These entries are not
case-sensitive. For example, AA is the same as aa.
Select which of the four keys to activate.
Chapter 2: Safeguarding Your Network | 27
N150 Wireless Router User Manual
5. Click Apply to save your settings.
Configuring WPA-PSK and WPA2-PSK Wireless Security
Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and WPA2-PSK) data encryption
provides extremely strong data security, very effectively blocking eavesdropping. Because
WPA and WPA2 are relatively new standards, older wireless adapters and devices might not
support them. Check whether newer drivers are available from the manufacturer. Also, you
might be able to use the Push 'N' Connect feature to configure this type of security if it is
supported by your wireless clients. See
page 30.
WPA–Pre-Shared Key does perform authentication. WPA-PSK uses TKIP (Temporal Key
Integrity Protocol) data encryption, and WPA2-PSK uses AES (Advanced Encryption
Standard) data encryption. Both methods dynamically change the encryption keys making
them nearly impossible to circumvent.
Mixed mode allows clients using either WPA-PSK (TKIP) or WPA2-PSK (AES). This provides
the most reliable security, and is easiest to implement, but it might not be compatible with
older adapters.
Using Push 'N' Connect (Wi-Fi Protected Setup) on
Note: Not all wireless adapters support WPA. Furthermore, client software
is also required. Windows XP with Service Pack 2 does include WPA
support. Nevertheless, the wireless adapter hardware and driver
must also support WPA. For instructions on configuring wireless
computers or PDAs (personal digital assistants) for WPA-PSK
security, consult the documentation for the product you are using.
To configure WPA-PSK, WPA2-PSK, or WPA-PSK+WPA2-PSK:
1. Select Wireless Settings under Setup in the main menu. The Wireless Settings screen
displays.
2. Select one of the WPA-PSK or WPA2-PSK options for the security type. The third option
(WPA-PSK [TKIP] + WP2-PSK [AES]) is the most flexible, since it allows clients using either
WPA-PSK or WPA2-PSK.
3. In the Passphrase field, enter a word or group of 8–63 printable characters. The
passphrase is case-sensitive.
28 | Chapter 2: Safeguarding Your Network
N150 Wireless Router User Manual
Figure 4.
4. Click Apply to save your settings.
Viewing Advanced Wireless Settings
This section describes the wireless settings that you can view and specify in the Advanced
Wireless Settings screen, which you access under Advanced in the main menu.
To configure the advanced wireless security settings of your router:
1. Log in to the router as described in Logging In To Your Wireless Router on page 7.
2. Select Wireless Settings under Advanced in the main menu. The advanced Wireless
Settings screen displays
Figure 5.
The available settings in this screen are:
Chapter 2: Safeguarding Your Network | 29
N150 Wireless Router User Manual
• Enable Wireless Router Radio. If you disable the wireless router radio, wireless
devices cannot connect to the WNR1000v3h2 router. If you will not be using your
wireless network for a period of time, you can clear this check box and disable all
wireless connectivity.
• Enable SSID Broadcast. Clear this check box to disable broadcast of the SSID, so
that only devices that know the correct SSID can connect. Disabling SSID broadcast
nullifies the wireless network discovery feature of some products such as Windows
XP.
• Enable WMM. Clear this check box to disable WMM. WMM (Wireless Multimedia), a
subset of the 802.11e standard, allows wireless traffic to have a range of priorities,
depending on the kind of data. Time-dependent information, like video or audio, will
have a higher priority than normal traffic. For WMM to function correctly, Wireless
clients must also support WMM.
• Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode. The
Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode options are
reserved for wireless testing and advanced configuration only. Do not change these
settings.
• WPS Settings. For information about these settings, see the section, Using Push 'N'
Connect (Wi-Fi Protected Setup) on page 30.
• Wireless Card Access List. For information about this list, see Restricting Wireless
Access by MAC Address on page 35.
.
Using Push 'N' Connect (Wi-Fi Protected Setup)
If your wireless clients support Wi-Fi Protected Setup (WPS), you can use this feature to
configure the router’s network name (SSID) and security settings and, at the same time,
connect a wireless client securely and easily to the router. Look for the
client device. WPS automatically configures the network name (SSID) and wireless security
settings for the router (if the router is in its default state) and broadcasts these settings to the
wireless client.
Note: NETGEAR’s Push 'N' Connect feature is based on the Wi-Fi
Protected Setup (WPS) standard (for more information, see
http://www.wi-fi.org). All other Wi-Fi-certified and WPS-capable
products should be compatible with NETGEAR products that
implement Push 'N' Connect.
symbol on your
When you add wireless clients, whether or not they are WPS enabled, the added devices
must share the same network name (SSID) and security passphrase. For more information,
see Connecting Additional Wireless Client Devices after WPS Setup on page 34.
30 | Chapter 2: Safeguarding Your Network
Loading...