NETGEAR Wireless-N Router WNR2000 User Manual:, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA
NETGEAR Wireless-N Router WNR2000 User Manual:, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA
NETGEAR Wireless-N Router WNR2000 User Manual:, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA
NETGEAR, Inc.
350 East Plumeria Drive
San Jose, CA 95134 USA
202-10397-03
February 2009
v1.3
©2008, 2009 by NETGEAR, Inc. All rights reserved.
Register your product at http://www.netgear.com/register. Registration is required before you can use our telephone
support service. Product updates and Web support are always available at http://www.netgear.com/support.
Setup documentation is available on the CD, on the support website, and on the documentation website. When the
wireless router is connected to the Internet, click the Knowledge Base or the Documentation link under Web Support on
the main menu to view support information.
Trademarks
NETGEAR and the NETGEAR logo are registered trademarks, and RangeMax and Smart Wizard are trademarks of
NETGEAR. Inc. in the United States and/or other countries. Microsoft, Windows, and Windows NT are registered
trademarks and Windows Vista is a trademark of Microsoft Corporation. Other brand and product names are registered
trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
It is hereby certified that the Wireless-N Router Model WNR2000 has been suppressed in accordance with the
conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example,
test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the
notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Es wird hiermit bestätigt, daß das Wireless-N Router Model WNR2000 gemäß der im BMPT-AmtsblVfg 243/1991 und
Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender)
kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
ii
v1.3, February 2009
Europe – EU Declaration of Conformity
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test methods
have been applied in order to prove presumption of conformity with the essential requirements of the R&TTE Directive
1999/5/EC:
• EN 60950-1: 2001
Safety of information technology equipment
• EN 300 328 V1.7.1 (2006-10)
Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive
• EN 301 489-17 V1.2.1 (2002-08) and EN 301 489-1 V1.4.1 (2002-08)
Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission systems
and 5 GHz high performance RLAN equipment
This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member states and
EFTA countries under the following conditions and/or with the following restrictions:
• In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization
to use the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or
network services.
• This device may not be used for setting up outdoor radio links in France and in some areas the RF output power
may be limited to 10 mW EIRP in the frequency range of 2454 - 2483.5 MHz. For detailed information the end-user
should contact the national spectrum authority in France.
Deutsch Hiermit erklärt [NETGEAR Inc.], dass sich das Gerät [WNR2000] in Übereinstimmung
[German] mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen
der Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [NETGEAR Inc.] seadme [WNR2000] vastavust direktiivi 1999/5/
[Estonian] EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.
English Hereby, [NETGEAR Inc.], declares that this [WNR2000] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [NETGEAR Inc.] declara que el [WNR2000] cumple con los
[Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
iii
v1.3, February 2009
Eλληνική ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [NETGEAR Inc.] ΔΗΛΩΝΕΙ ΟΤΙ [WNR2000] ΣΥΜΜΟΡΦΩΝΕΤΑΙ
[Greek] ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ
ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Français Par la présente [NETGEAR Inc.] déclare que l'appareil [WNR2000] est conforme aux
[French] exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
Italiano Con la presente [NETGEAR Inc.] dichiara che questo [WNR2000] è conforme ai
[Italian] requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
Lietuvių Šiuo [NETGEAR Inc.] deklaruoja, kad šis [WNR2000] atitinka esminius reikalavimus ir
[Lithuanian] kitas 1999/5/EB Direktyvos nuostatas.
Nederlands Hierbij verklaart [NETGEAR Inc.]. dat het toestel [WNR2000] in overeenstemming is
[Dutch] met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
Português [NETGEAR Inc.] declara que este [WNR2000] está conforme com os requisitos
[Portuguese] essenciais e outras disposições da Directiva 1999/5/CE.
Slovensky [NETGEAR Inc.] týmto vyhlasuje, _e [WNR2000] spĺňa základné po_iadavky a všetky
[Slovak] príslušné ustanovenia Smernice 1999/5/ES.
Suomi [NETGEAR Inc.] vakuuttaa täten että [WNR2000] tyyppinen laite on direktiivin 1999/5/
[Finnish] EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [NETGEAR Inc.] att denna [WNR2000] står I överensstämmelse med
[Swedish] de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av
direktiv 1999/5/EG.
iv
v1.3, February 2009
FCC Requirements for Operation in the United States
Federal Communications Commission (FCC) Compliance Notice:
Radio Frequency Notice: This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if
not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
To assure continued compliance, any changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate this equipment. (Example - use only shielded interface cables when
connecting to computer or peripheral devices).
This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your
body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
(1) This device may not cause harmful interference, and
(2) This device must accept any interference received, including interference that may cause undesired operation.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all
persons and must not be co-located or operating in conjunction with any other antenna or transmitter.
This product does not contain any user serviceable components and is to be used with approved antennas only. Any
product changes or modifications will invalidate all applicable regulatory certifications and approvals.
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment
should be installed and operated with minimum distance of 20 cm between the radiator and your body.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that
the model WNR2000 Wireless-N Router Model WNR2000 complies with Part 15 of FCC Rules. Operation is subject to
the following two conditions:
v
v1.3, February 2009
• This device may not cause harmful interference, and
• This device must accept any interference received, including interference that may cause undesired operation.
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential
installation. This equipment uses and can radiate radio frequency energy and, if not installed and used in accordance
with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to
correct the interference by one or more of the following methods:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and the receiver.
• Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate
the equipment.
Maximum Wireless Signal Rate Derived from IEEE Standard 802.11 Specifications
Actual data throughput will vary. Network conditions and environmental factors, including volume of network traffic,
building materials and construction, and network overhead, lower actual data throughput rate.
vi
v1.3, February 2009
Product and Publication Details
vii
v1.3, February 2009
viii
v1.3, February 2009
Contents
vii
v1.2, January 2009
NETGEAR Wireless-N Router WNR2000 User Manual
viii Contents
v1.2, January 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Contents ix
v1.2, January 2009
NETGEAR Wireless-N Router WNR2000 User Manual
x Contents
v1.2, January 2009
About This Manual
The user manual provides information for configuring the features of the NETGEAR® Wireless-N
Router Model WNR2000 beyond initial configuration settings. Initial configuration instructions
can be found in the NETGEAR Wireless Router Setup Manual. You should have basic to
intermediate computer and Internet skills.
The conventions, formats, and scope of this manual are described in the following paragraphs:
• Typographical conventions. This manual uses the following typographical conventions:
• Formats. This manual uses the following formats to highlight special messages:
Tip: This format is used to highlight a procedure that will save time or resources.
Warning: Ignoring this type of note might result in a malfunction or damage to the
equipment, a breach of security, or a loss of data.
xi
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Danger: This is a safety warning. Failure to take heed of this notice might result in
personal injury or death.
• Scope. This manual is written for the WNR2000 router according to these specifications:
For more information about network, Internet, firewall, and VPN technologies, click the links to
the NETGEAR website in Appendix B, “Related Documents.”
To print this manual, you can choose one of the following options, according to your needs.
• Printing a page from HTML. Each page in the HTML version of the manual is dedicated to
a major topic. Select File > Print from the browser menu to print the page contents.
xii
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
• Printing from PDF. Your computer must have the free Adobe Acrobat Reader installed for
you to view and print PDF files. The Acrobat Reader is available on the Adobe website at
http://www.adobe.com.
– Printing a PDF chapter. Use the PDF of This Chapter link at the top left of any page.
• Click the PDF of This Chapter link at the top left of any page in the chapter you want
to print. The PDF version of the chapter you were viewing opens in a browser
window.
• Click the print icon in the upper left of your browser window.
– Printing a PDF version of the complete manual. Use the Complete PDF Manual link
at the top left of any page.
• Click the Complete PDF Manual link at the top left of any page in the manual. The
PDF version of the complete manual opens in a browser window.
• Click the print icon in the upper left of your browser window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can
save paper and printer ink by selecting this feature.
Revision History
NETGEAR, Inc. is constantly searching for ways to improve its products and documentation. The
following table indicates any changes that might have been made since the WNR2000 router was
introduced.
Table 2-1. Publication Revision History
Version
Part Number Date Description
Number
202-10397-01 v1.0 June 2008 First publication.
202-10397-02 v1.1 February 2009 Additional features.
202-10397-03
xiii
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
xiv
v1.3, February 2009
Chapter 1
Configuring Basic Connectivity
This chapter describes the settings for your Internet connection and your wireless local area
network (LAN) connection. When you perform the initial configuration of your wireless router
using the Resource CD as described in the NETGEAR Wireless Router Setup Manual, these
settings are specified automatically for you. This chapter provides further details about these
connectivity settings, as well as instructions on how to log in to the router for further
configuration.
Note: NETGEAR recommends using the Smart Wizard™ on the Resource CD for initial
configuration, as described in the NETGEAR Wireless Router Setup Manual.
For first-time installation of your wireless router, refer to the NETGEAR Wireless Router Setup
Manual. The Setup Manual explains how to launch the NETGEAR Smart Wizard on the Resource
CD to step you through the procedure to connect your router, modem, and computers. The Smart
Wizard will assist you in configuring your wireless settings and enabling wireless security for your
network. After initial configuration using the Setup Manual, you can use the information in this
User Manual to configure additional features of your wireless router.
For installation instructions in a language other than English, refer to the language options on the
Resource CD.
1-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
When the wireless router is connected to your network, you can access and configure the router
using your browser.
To access the router:
1. Connect to the wireless router by typing http://www.routerlogin.net in the address field of
your browser, and then press Enter. A login window displays.
Figure 1-1
Tip: You can connect to the wireless router by typing either of these URLs in the
address field of your browser, and then pressing Enter:
• http://www.routerlogin.net
• http://www.routerlogin.com
If these URLs do not work, you must type the IP address of the router, for
example, http://www.192.168.1.1.
2. Enter admin for the router user name and your password (or the default, password). For
information about how to change the password, see “Changing the Administrator Password”
on page 2-21.
Note: The router user name and password are not the same as any other user name or
password you might use to log in to your Internet connection.
The Checking for Firmware Updates screen appears unless you previously cleared the Check
for Updated Firmware Upon Log-in check box.
Figure 1-2
If the router discovers a newer version of firmware, the message on the left displays when you
log in. If no new firmware is available, the message on the right displays.
Figure 1-3
To automatically update to the new firmware, click Yes to allow the router to download and
install the new firmware file from NETGEAR.
Warning: When uploading firmware to the WNR2000 router, do not interrupt the
Web browser by closing the window, clicking a link, or loading a new
page. If the browser is interrupted, it could corrupt the firmware.
When the upload is complete, your router automatically restarts. The update process typically
takes about 1 minute.
3. In the main menu on the left, select Basic Settings under Setup. The Basic Settings screen
displays showing the wireless router’s home page and suggested default settings.
Figure 1-4
Note: If the Check for New Version Upon Log-in check box is selected, the home
page is the Router Upgrade screen. Otherwise, it is the Basic Settings screen.
If the wireless router is connected to the Internet, you can select Knowledge Base or
Documentation under Web Support in the main menu to view support information or the
documentation for the wireless router.
If you do not click Logout, the wireless router will wait for 5 minutes after no activity before
it automatically logs you out.
Using the Select Language drop-down menu, located in the upper right corner of the Router
Manager screen, you can display the router manager screens in any of languages shown in Figure
1-5:
Figure 1-5
The language is set to English by default. The default language is always stored in memory. When
you select a language other than the default, that language as well as English is stored in memory.
The additional language stored is the most recently selected. For example, if you select Deutsch,
German and English will be stored. If you next select Chinese, Chinese and English will be stored.
To specify a language to be used on your router manager screens, do the following:
1. Expand the list and select the language you want.
2. Click Apply.
The language you select is then downloaded and displayed in the language selection box, and
your screen display will be in the selected language.
Note: You can select from the entire list of supported languages only when the router is
connected to the Internet. When the router is not connected to the Internet, you can
select one of the stored languages only.
You can manually configure your Internet connection using the Basic Settings screen, or you can
allow the Smart Setup Wizard to determine your Internet Service Provider (ISP) configuration.
The Smart Setup Wizard searches your Internet connection for servers and protocols to determine
your ISP configuration.
To use the Smart Setup Wizard to assist with configuration or to verify the Internet connection
settings:
1. Select Setup Wizard from the top of the main menu.
2. Click Next to proceed. Enter your ISP settings, as needed.
3. At the end of the Setup Wizard, click Test to verify your Internet connection. If you have
trouble connecting to the Internet, see Chapter 7, “Troubleshooting.”
Settings related to your Internet service are specified in the Basic Settings screen. Select Basic
Settings under Setup in the main menu.
The content you see in the Basic Settings screen depends on whether your ISP requires that you
log in with a user name and password for Internet access.
• No login required by ISP. If no login is required by your ISP, the following settings appear in
the Basic Settings screen.
Figure 1-6
– Account Name (might also be called Host Name). The account name is provided to the
ISP during a DHCP request from your router. In most cases, this setting is not required,
but some ISPs require it for access to ISP services such as mail or news servers.
– Domain Name. The domain name is provided by your router to computers on your LAN
when the computers request DHCP settings from your router. In most cases, this settings is
not required.
– Internet IP Address. Determines how your router obtains an IP address for Internet
access.
• If your ISP assigns an IP address dynamically (by DHCP), select Get Dynamically
From ISP.
• If your ISP has assigned you a permanent, fixed (static) IP address for your computer,
select Use Static IP Address. Enter the IP address that your ISP assigned. Also, enter
the subnet mask and the gateway IP address. The gateway is the ISP’s router to which
your router will connect.
– Domain Name Server (DNS) Address. If you know that your ISP does not automatically
transmit DNS addresses to the router during login, select Use These DNS Servers, and
enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address
is available, enter it also.
Note: If you enter or change a DNS address, restart the computers on your
network so that these settings take effect.
– Router MAC Address. This section determines the Ethernet MAC address that the router
will use on the Internet port. Typically, you would leave Use Default Address selected.
However, some ISPs (especially cable modem providers) register the Ethernet MAC
address of the network interface card in your computer when your account is first opened.
They then accept only traffic from the MAC address of that computer. This feature allows
your router to masquerade as that computer by “cloning” or “spoofing” its MAC address.
To change the MAC address, select one of the following methods:
• Select Use Computer MAC Address. The router will then capture and use the MAC
address of the computer that you are now using. You must be using the one computer
that is allowed by the ISP.
• Select Use This MAC Address, and enter it here.
If a login is required by your ISP, the following settings appear in the Basic Settings screen:
Figure 1-7
• Does Your Internet Connection Require A Login? If you usually must use a login program
such as WinPOET to access the Internet, your Internet connection requires a login. After you
select Yes, the Basic Settings screen displays.
Note: After you finish setting up your router, you will no longer need to launch the
ISP’s login program on your computer to access the Internet. When you start
an Internet application, your router will automatically log you in.
– Internet Service Provider. This drop-down list contains a few ISPs that need special
protocols for connection. The list includes:
• PPTP (Point to Point Tunneling Protocol), used primarily in Austrian DSL services
Note: The Telstra Bigpond setting is only for older cable modem service
accounts still requiring a Bigpond login utility. Telstra has
discontinued this type of account. Those with Telstra DSL accounts
and newer cable modem accounts should select No for Does Your
Internet Connection Require a Login.
• Other, which selects PPPoE (Point to Point Protocol over Ethernet), the protocol used
by most DSL services worldwide.
Figure 1-8
Note: Not all ISPs are listed here. The ones on this list have special
requirements.
– Login and Password. This is the user name and password provided by your ISP. This
name and password are used to log in to the ISP server.
– Service Name. If your connection is capable of connecting to multiple Internet services,
this setting specifies which service to use.
• Connection Mode. This drop-down list selects when the router will connect to and
disconnect from the Internet.
Figure 1-9
Note: If you enter or change a DNS address, restart the computers on your
network so that these settings take effect.
Note: If you use a wireless computer to change wireless settings, you might be
disconnected when you click Apply. Reconfigure your wireless adapter to match
the new settings, or access the router from a wired computer to make any further
changes.
Follow these instructions to set up and test basic wireless connectivity. Once you have established
basic wireless connectivity, you can enable security settings appropriate to your needs.
1. Select Wireless Settings under Setup in the main menu of the WNR2000 router.
Figure 1-10
2. For the wireless network name (SSID), use the default name, or choose a suitable descriptive
name. In the Name (SSID) field, you can enter a value of up to 32 alphanumeric characters.
The default SSID is NETGEAR.
Note: The SSID is case-sensitive; NETGEAR is not the same as nETgear. Also, the
SSID of any wireless access adapters must match the SSID you specify in the
WNR2000 router. If they do not match, you will not get a wireless connection
to the WNR2000 router.
Note: If you are configuring the router from a wireless computer and you change the
router’s SSID, channel, or security settings, you will lose your wireless
connection when you click Apply. You must then change the wireless settings
of your computer to match the router’s new settings.
8. Select Wireless Settings under Advanced in the main menu of the WNR2000 router.
Figure 1-11
9. Make sure that the Enable Wireless Router Radio, Enable SSID Broadcast, and Enable
WMM check boxes are selected.
10. Click Setup Access List.
11. Make sure that the Turn Access Control On check box is not selected.
12. Configure and test your wireless computer for wireless connectivity.
Program the wireless adapter of your computer to have the same SSID and channel that you
specified in the router, and disable encryption. Check that your computer has a wireless link
and can obtain an IP address by DHCP from the router.
Once your computer has basic wireless connectivity to the router, you can configure the advanced
wireless security functions of the computer and router (for more information about security and
these settings, see Chapter 2, “Safeguarding Your Network ”).
The Wireless-N Router Model WNR2000 provides highly effective security features, which are
covered in detail in this chapter.
This chapter includes the following sections:
• “Choosing Appropriate Wireless Security”
• “Recording Basic Wireless Settings Setup Information” on page 2-5
• “Changing Wireless Security Settings” on page 2-6
• “Viewing Advanced Wireless Settings” on page 2-12
• “Using Push 'N' Connect (Wi-Fi Protected Setup)” on page 2-13
• “Restricting Wireless Access by MAC Address” on page 2-19
• “Changing the Administrator Password” on page 2-21
• “Backing Up Your Configuration” on page 2-22
• “Understanding Your Firewall” on page 2-23
Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive your
wireless data transmissions well beyond your walls. Operating an unsecured wireless network
creates an opportunity for outsiders to eavesdrop on your network traffic or to enter your network
to access your computers and files. Indoors, computers can connect over 802.11g/n wireless
networks at ranges of up to 300 feet. Such distances can allow for others outside your immediate
area to access your network. Use the security features of your wireless equipment that are
appropriate to your needs.
The time it takes to establish a wireless connection can vary depending on both your security
settings and router placement.
Stronger security methods can entail a cost in terms of throughput, latency, battery consumption,
and equipment compatibility. In choosing an appropriate security level, you can also consider the
effort compared to the reward for a hacker to break into your network. As a minimum, however,
NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured
wireless network unless it is your intention to provide free Internet access for the public.
2-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK
encryption can consume more battery power on a notebook computer, and can cause significant
performance degradation with a slow computer.
Note: NETGEAR recommends that you change the administration password of your
router. Default passwords are well known, and an intruder can use your
administrator access to read or disable your security settings. For information
about how to change the administrator password, see “Changing the Administrator
Password” on page 2-21.
Wireless data
security options
Note: Use these with other features that enhance security (Table 2-2 on page 2-4).
Figure 2-1
• Use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement WPA/
WPA2 security on both the router and the client device. If the clients in your network are
WPS capable, you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and
implement WPA/WPA2 security on both the router and the client device (see “Using Push 'N'
Connect (Wi-Fi Protected Setup)” on page 2-13).
Basic security options are listed in order of increasing effectiveness in Table 2-1. Other features
that affect security are listed in Table 2-2 on page 2-4. For more details on wireless security
methods, click the link to the online document “Wireless Networking Basics” in Appendix B.
Table 2-1. Wireless Security Options
Disable the wireless router radio. If you disable the wireless router radio, wireless
devices cannot communicate with the router at all.
You might disable this when you are away or when
other users of your network all use wired
connections.
For more information, see “Viewing Advanced
Wireless Settings” on page 2-12.
Turn off the broadcast of the wireless network If you disable the broadcast of the SSID, only
name SSID. devices that know the correct SSID can connect.
This nullifies the wireless network discovery feature
of some products such as Windows XP, but your data
is still fully exposed to an intruder using available
wireless eavesdropping tools.
For more information, see “Viewing Advanced
Wireless Settings” on page 2-12.
Restrict access based on MAC address. You can restrict access to only trusted computers so
that unknown computers cannot wirelessly connect
to the WNR2000 router. MAC address filtering adds
an obstacle against unwanted access to your
network by the general public, but the data broadcast
over the wireless link is fully exposed. This data
includes your trusted MAC addresses, which can be
read and impersonated by a hacker.
For more information, see “Restricting Wireless
Access by MAC Address” on page 2-19.
Modify your firewall’s rules. By default, the firewall allows any outbound traffic
and prohibits any inbound traffic except for
responses to your outbound traffic. However, you
can modify the firewall’s rules.
For more information, see “Understanding Your
Firewall” on page 2-23.
Use the Push 'N' Connect feature (Wi-Fi Wi-Fi Protected Setup provides easy setup by
Protected Setup). means of a push button. Older wireless adapters and
devices might not support this. Check whether
devices are WPS enabled.
For more information, see “Using Push 'N' Connect
(Wi-Fi Protected Setup)” on page 2-13.
Before and after customizing your wireless settings, print this section, and record the following
information. If you are working with an existing wireless network, the person who set up or is
responsible for the network can provide this information. Otherwise, you must choose the settings
for your wireless network. Either way, record the settings for your wireless network in the spaces
provided.
• Wireless Network Name (SSID). ______________________________ The SSID identifies
the wireless network. You can use up to 32 alphanumeric characters. The SSID is case-
sensitive. The SSID in the wireless adapter card must match the SSID of the wireless router. In
some configuration utilities (such as in Windows XP), the term “wireless network name” is
used instead of SSID.
• If WEP Authentication is used, circle one: Open System, Shared Key, or Auto.
Note: If you select Shared Key, the other devices in the network will not connect
unless they are also set to Shared Key and are configured with the correct key.
– WEP Encryption Key Size. Choose one: 64-bit or 128-bit. Again, the encryption key
size must be the same for the wireless adapters and the wireless router.
– Data Encryption (WEP) Keys. There are two methods for creating WEP data encryption
keys. Whichever method you use, record the key values in the spaces provided.
• Passphrase Method. ______________________________ These characters are
case-sensitive. Enter a word or group of printable characters and click Generate. Not
all wireless devices support the passphrase method.
• Manual Method. These values are not case-sensitive. For 64-bit WEP, enter 10
hexadecimal digits (any combination of 0–9, a–f, or A–F). For 128-bit WEP, enter
26 hexadecimal digits.
Key 1: ___________________________________
Key 2: ___________________________________
Key 3: ___________________________________
Key 4: ___________________________________
• If WPA-PSK or WPA2-PSK authentication is used:
This section describes the wireless settings that you can view and configure in the Wireless
Settings screen, which you access under Setup in the main menu.
2. Select Wireless Settings under Setup in the main menu. The Wireless Settings screen
displays.
Figure 2-2
Note: The region selection feature might not be available in all countries.
• Channel. This field determines which operating frequency is used. It should not be necessary
to change the wireless channel unless you notice interference problems with another nearby
wireless network. The wireless router uses channel bonding technology to extend the
bandwidth for data transmission. For more information about the wireless channel
frequencies, see the online document that you can access from “Wireless Networking Basics”
in Appendix B.
• Mode. This field determines which data communications protocol is used. You can choose
from:
– Up To 54 Mbps. Legacy mode, for compatibility with the slower 802.11b and 802.11g
wireless devices.
– Up To 145 Mbps. Neighbor Friendly mode, for reduced interference with neighboring
wireless networks. Provides two transmission streams with different data on the same
channel at the same time, but also allows 802.11b and 802.11g wireless devices. This is
the default mode.
– Up To 300 Mbps. Performance mode, using channel expansion to achieve the 300 Mbps
data rate. The WNR2000 router will use the channel you selected as the primary channel
and expand to the secondary channel (primary channel +4 or –4) to achieve a 40 MHz
frame-by-frame bandwidth. The WNR2000 router will detect channel usage and will
disable frame-by-frame expansion if the expansion would result in interference with the
data transmission of other access points or clients.
Note: The maximum wireless signal rate is derived from the IEEE Standard 802.11
specifications. Actual data throughput will vary. Network conditions and
environmental factors, including volume of network traffic, building materials
and construction, and network overhead, lower actual data throughput rate.
• Security Options. The selection of wireless security options can significantly affect your
network performance. The time it takes to establish a wireless connection can vary depending
on both your security settings and router placement.
WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-
PSK encryption can consume more battery power on a notebook computer, and can cause
significant performance degradation with a slow computer. Instructions for configuring the
security options can be found in “Choosing Appropriate Wireless Security” on page 2-1. A
full explanation of wireless security standards is available in the online document that you can
access from “Wireless Networking Basics” in Appendix B.
3. Click Apply to save your settings.
Note: If you use a wireless computer to configure WEP settings, you will be disconnected
when you click Apply. You must then either configure your wireless adapter to
match the wireless router WEP settings or access the wireless router from a wired
computer to make any further changes. Not all wireless adapter configuration
utilities support passphrase key generation.
Figure 2-3
WPA–Pre-Shared Key does perform authentication. WPA-PSK uses TKIP (Temporal Key
Integrity Protocol) data encryption, and WPA2-PSK uses AES (Advanced Encryption Standard)
data encryption. Both methods dynamically change the encryption keys making them nearly
impossible to circumvent.
Mixed mode allows clients using either WPA-PSK (TKIP) or WPA2-PSK (AES). This provides
the most reliable security, and is easiest to implement, but it might not be compatible with older
adapters.
Note: Not all wireless adapters support WPA. Furthermore, client software is also
required. Windows XP with Service Pack 2 does include WPA support.
Nevertheless, the wireless adapter hardware and driver must also support WPA.
For instructions on configuring wireless computers or PDAs (personal digital
assistants) for WPA-PSK security, consult the documentation for the product you
are using.
Figure 2-4
This section describes the wireless settings that you can view and specify in the Advanced
Wireless Settings screen, which you access under Advanced in the main menu.
To configure the advanced wireless security settings of your router:
1. Log in to the router as described in “Logging In To Your Wireless Router” on page 1-2.
2. Select Wireless Settings under Advanced in the main menu. The advanced Wireless Settings
screen displays
Figure 2-5
The available settings in this screen are:
• Enable Wireless Router Radio. If you disable the wireless router radio, wireless devices
cannot connect to the WNR2000 router. If you will not be using your wireless network for
a period of time, you can clear this check box and disable all wireless connectivity.
• Enable SSID Broadcast. Clear this check box to disable broadcast of the SSID, so that
only devices that know the correct SSID can connect. Disabling SSID broadcast nullifies
the wireless network discovery feature of some products such as Windows XP.
• Enable WMM. Clear this check box to disable WMM. WMM (Wireless Multimedia), a
subset of the 802.11e standard, allows wireless traffic to have a range of priorities,
depending on the kind of data. Time-dependent information, like video or audio, will have
a higher priority than normal traffic. For WMM to function correctly, Wireless clients
must also support WMM.
• Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode. The
Fragmentation Threshold, CTS/RTS Threshold, and Preamble Mode options are reserved
for wireless testing and advanced configuration only. Do not change these settings.
• WPS Settings. For information about these settings, see the section, “Using Push 'N'
Connect (Wi-Fi Protected Setup)” on page 2-13.
• Wireless Card Access List. For information about this list, see “Restricting Wireless
Access by MAC Address” on page 2-19.
.
If your wireless clients support Wi-Fi Protected Setup (WPS), you can use this feature to configure
the router’s network name (SSID) and security settings and, at the same time, connect a wireless
client securely and easily to the router. Look for the symbol on your client device. WPS
automatically configures the network name (SSID) and wireless security settings for the router (if
the router is in its default state) and broadcasts these settings to the wireless client.
Note: NETGEAR’s Push 'N' Connect feature is based on the Wi-Fi Protected Setup
(WPS) standard (for more information, see http://www.wi-fi.org). All other Wi-Fi-
certified and WPS-capable products should be compatible with NETGEAR
products that implement Push 'N' Connect.
When you add wireless clients, whether or not they are WPS enabled, the added devices must
share the same network name (SSID) and security passphrase. For more information, see
“Connecting Additional Wireless Client Devices after WPS Setup” on page 2-18.
Note: If you choose to use WPS, the only security methods supported are WPA-PSK and
WPA2-PSK. WEP security is not supported by WPS.
The WNR2000 router provides two methods for connecting to a wireless client that supports WPS,
described in the following sections:
Figure 2-6
4. Click the button in the Add WPS Client screen. The Connecting to New Wireless Client
screen displays.
Figure 2-7
The green button light on the WNR2000 router begins to blink in a regular pattern. While
the button light is blinking, you have 2 minutes to enable WPS on the device you are trying to
connect to the router.
5. In the wireless client, follow its specific networking instructions to enable WPS, to allow it to
connect to the router.
The WNR2000 router’s green button light ceases blinking and remains on when one of
these conditions occurs:
• The router and the client establish a wireless connection.
• The 2-minute window period expires for establishing a WPS connection. If the connection
is not established, no WPS security settings will be specified in the WNR2000 router.
2. Select Add WPS Client in the main menu, and click Next.
3. Select the PIN Number setup method.
Figure 2-8
4. On the wireless client, obtain its security PIN, or follow its specific networking instructions to
generate a client security PIN.
5. In the Add WPS Client screen of the WNR2000 router, enter the client security PIN in the
Enter Client’s PIN field.
6. Click Next. The following screen displays, and the Smart Wizard initiates the wireless
connection:
Figure 2-9
Figure 2-10
Note: Your wireless settings do not change when you add an additional WPS-enabled
client unless you have cleared the Keep Existing Wireless Settings check box (in
the Wireless Settings screen). If you do clear the check box, a new SSID and a
passphrase are generated, and all existing connected wireless clients are
disassociated and disconnected from the router.
1. Follow the procedures in “Push Button Configuration” on page 2-14 or “Security PIN Entry”
on page 2-15.
2. For information about how to view a list of all devices connected to your router (including
wireless and Ethernet-connected), see “Viewing a List of Attached Devices” on page 6-7.
4. For information about how to view a list of all devices connected to your router (including
wireless and Ethernet connected), see “Viewing a List of Attached Devices” on page 6-7.
When a Wireless Card Access List is configured and enabled, the router checks the MAC address
of any wireless device attempting a connection and allows only connections to computers
identified on the trusted computers list.
The Wireless Card Access List displays a list of wireless computers that you allow to connect to
the router based on their MAC addresses. These wireless computers must also have the correct
SSID and wireless security settings to access the wireless router.
The MAC address is a network device’s unique 12-character physical address, containing the
hexadecimal characters 0–9, a–f, or A–F only, and separated by colons (for example,
00:09:AB:CD:EF:01). It can usually be found on the bottom of the wireless card or network
interface device. If you do not have access to the physical label, you can display the MAC address
using the network configuration utilities of the computer. In WindowsXP, for example, typing the
ipconfig/all command in an MSDOS command prompt window displays the MAC address as
Physical Address. You might also find the MAC addresses in the router’s Attached Devices screen.
To restrict access based on MAC addresses:
1. Select Wireless Settings under Advanced in the main menu.
2. In the Advanced Wireless Settings screen, click Setup Access List to display the Wireless
Card Access List.
Figure 2-11
3. Click Add to add a wireless device to the wireless access control list. The Wireless Card
Access Setup screen opens and displays a list of currently active wireless cards and their
Ethernet MAC addresses.
Figure 2-12
4. If the computer you want appears in the Available Wireless Cards list, you can select the radio
button of that computer to capture its MAC address; otherwise, you can manually enter a name
and the MAC address of the authorized computer. You can usually find the MAC address on
the bottom of the wireless device.
Tip: You can copy and paste the MAC addresses from the router’s Attached Devices
screen into the MAC Address field of this screen. To do this, configure each
wireless computer to obtain a wireless link to the router. The computer should
then appear in the Attached Devices screen.
5. Click Add to add this wireless device to the Wireless Card Access List. The screen changes
back to the list screen.
6. Repeat step 3 through step 5 for each additional device you want to add to the list.
Note: When configuring the router from a wireless computer whose MAC address is
not in the Trusted PC list, if you select Turn Access Control On, you lose
your wireless connection when you click Apply. You must then access the
wireless router from a wired computer or from a wireless computer that is on
the access control list to make any further changes.
Warning: MAC address filtering adds an obstacle against unwanted access to your
network by the general public. However, because your trusted MAC
addresses appear in your wireless transmissions, an intruder can read them
and impersonate them. Do not rely on MAC address filtering alone to
secure your network.
The default password for the router’s Web Configuration Manager is password. NETGEAR
recommends that you change this password to a more secure password.
Tip: Before changing the router password, back up your configuration settings with the
default password of password. If you save the settings with a new password, and
then you later forget the new password, you will have to reset the router back to the
factory defaults, and log in using the default password of password. This means you
will have to re-enter all the router configuration settings. For information about how
to back up your settings, see “Backing Up and Restoring the Configuration” on
page 6-8.
Figure 2-13
2. To change the password, first enter the old password, then enter the new password twice.
3. Click Apply.
The configuration settings of the WNR2000 router are stored within the router in a configuration
file. You can back up (save) this file and retrieve it later. NETGEAR recommends that you save
your configuration file after you complete the configuration. If the router fails or becomes
corrupted, or an administrator password is lost, you can easily re-create your configuration by
restoring the configuration file.
For instructions on saving and restoring your configuration file, see “Managing the Configuration
File” on page 6-7.
Tip: Before saving your configuration file, change the administrator password to the
default, password. Then change it again after you have saved the configuration file.
If you save the file with a new password, and then you later forget the new
password, you will have to reset the router back to the factory defaults and log in
using the default password of password. This means you will have to re-enter all the
router configuration settings.
Your Wireless-N Router Model WNR2000 contains a true firewall to protect your network from
attacks and intrusions. A firewall is a device that protects one network from another while
allowing communication between the two. Using a process called Stateful Packet Inspection, the
firewall analyzes all inbound and outbound traffic to determine whether or not it will be allowed to
pass through.
By default, the firewall allows any outbound traffic and prohibits any inbound traffic except for
responses to your outbound traffic. However, you can modify the firewall’s rules to achieve the
following behavior:
• Blocking sites. Block access from your network to certain Web locations based on Web
addresses and Web address keywords. This feature is described in “Blocking Access to
Internet Sites” on page 3-1.
• Blocking services. Block the use of certain Internet services by specific computers on your
network. This feature is described in “Blocking Access to Internet Services” on page 3-3.
• Scheduled blocking. Block sites and services according to a daily schedule. This feature is
described in “Scheduling Blocking” on page 3-5.
• Allow inbound access to your server. To allow inbound access to resources on your local
network (for example, a Web server or remote desktop program), you can open the needed
services by configuring port forwarding as described in “Allowing Inbound Connections to
Your Network” on page 5-1.
• Allow certain games and applications to function correctly. Some games and applications
need to allow additional inbound traffic in order to function. Port triggering can dynamically
allow additional service connections, as described in “Configuring Port Triggering” on
page 5-10. Another feature to solve application conflicts with the firewall is Universal Plug
and Play (UPnP), described in “Using Universal Plug and Play” on page 5-14.
This chapter describes how to use the content filtering and reporting features of the Wireless-N
Router Model WNR2000 to protect your network.
This chapter includes the following sections:
• “Content Filtering Overview”
• “Blocking Access to Internet Sites”
• “Blocking Access to Internet Services” on page 3-3
• “Scheduling Blocking” on page 3-5
• “Viewing Logs of Web Access or Attempted Web Access” on page 3-6
• “Configuring E-mail Alert and Web Access Log Notifications” on page 3-7
• “Setting the Time Zone” on page 3-9
The Wireless-N Router Model WNR2000 provides you with Web content filtering options, plus
browser activity reporting and instant alerts through e-mail. Parents and network administrators
can establish restricted access policies based on time of day, Web addresses, and Web address
keywords. You can also block Internet access by applications and services, such as chat rooms or
games.
The WNR2000 router allows you to restrict access based on Web addresses and Web address
keywords. Up to 255 entries are supported in the Keyword list.
Keyword application examples:
• If the keyword XXX is specified, the URL www.zzzyyqq.com/xxx.html is blocked.
• If the keyword .com is specified, only websites with other domain suffixes (such as .edu, .org,
or .gov) can be viewed.
3-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Figure 3-1
Since the trusted user is identified by IP address, you should configure that computer with a
fixed IP address.
5. Click Apply to save all your settings in the Block Sites screen.
The WNR2000 router allows you to block the use of certain Internet services by computers on
your network. This is called service blocking or port filtering. Services are functions performed by
server computers at the request of client computers. For example, Web servers serve Web pages,
time servers serve time and date information, and game hosts serve data about other players’
moves. When a computer on your network sends a request for service to a server computer on the
Internet, the requested service is identified by a service or port number. This number appears as the
destination port number in the transmitted IP packets. For example, a packet that is sent with
destination port number 80 is an HTTP (Web server) request.
To block access to Internet services:
1. Select Block Services under Content Filtering in the main menu. The Block Services screen
displays.
Figure 3-2
2. Enable service blocking by selecting either Per Schedule or Always, and then click Apply.
To block by schedule, be sure to specify a time period in the Schedule screen. For information
about scheduling, see “Scheduling Blocking” on page 3-5.
3. Specify a service for blocking by clicking Add. The Block Services Setup screen displays.
Figure 3-3
4. From the Service Type list, select the application or service to be allowed or blocked. The list
already displays several common services, but you are not limited to these choices. To add any
additional services or applications that do not already appear, select User Defined. To define a
service, first you must determine which port number or range of numbers is used by the
application. The service port numbers for many common protocols are defined by the Internet
Engineering Task Force (IETF) and published in RFC1700, “Assigned Numbers.” Service
numbers for other applications are typically chosen from the range 1024 to 65535 by the
authors of the application. You can often determine port number information by contacting the
publisher of the application, by asking user groups or newsgroups, or by searching.
– Enter the starting port and ending port numbers. If the application uses a single port
number, enter that number in both fields.
– If you know that the application uses either TCP or UDP, select the appropriate protocol. If
you are not sure, select Both.
5. Select the radio button for the IP address configuration you want to block, and then enter the
IP addresses in the appropriate fields.
6. Click Add to enable your Block Services Setup selections.
Scheduling Blocking
Figure 3-4
Be sure to select your time zone in the E-mail screen as described in “Setting the Time Zone”
on page 3-9.
3. Click Apply to save your settings.
The log is a detailed record of the websites you have accessed or attempted to access. Up to
128 entries are stored in the log. Log entries appear only when keyword blocking is enabled and no
log entries are made for the trusted user.
Select Logs under Content Filtering in the main menu. The Logs screen displays.
Figure 3-5
Field Description
Date and time The date and time the log entry was recorded.
Source IP The IP address of the initiating device for this log entry.
Field Description
To receive logs and alerts by e-mail, you must provide your e-mail account information.
To configure e-mail alert and web access log notifications:
1. Select E-mail under Content Filtering in the main menu. The E-mail screen displays.
Figure 3-6
2. To receive e-mail logs and alerts from the router, select the Turn E-mail Notification On
check box.
a. Enter the name of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com) in
the Your Outgoing Mail Server field. You might be able to find this information in the
configuration screen of your e-mail program. If you leave this field blank, log and alert
messages will not be sent by e-mail.
b. Enter the e-mail address to which logs and alerts are sent in the Send To This E-mail
Address field. This e-mail address will also be used as the From address. If you leave this
field blank, log and alert messages will not be sent by e-mail.
3. If your e-mail server requires authentication, select the My Mail Server requires
authentication check box.
a. Enter your user name for the e-mail server in the User Name field.
b. Enter your password for the e-mail server in the Password field.
4. You can specify that logs are automatically sent by e-mail with these options:
• Send alert immediately. Select this check box for immediate notification of attempted
access to a blocked site or service.
• Send Logs According to this Schedule. Specifies how often to send the logs: Hourly,
Daily, Weekly, or When Full.
– Day. Specifies which day of the week to send the log. Relevant when the log is sent
weekly or daily.
– Time. Specifies the time of day to send the log. Relevant when the log is sent daily or
weekly.
If you select the Weekly, Daily, or Hourly option and the log fills up before the specified
period, the log is automatically e-mailed to the specified e-mail address. After the log is sent,
the log is cleared from the router’s memory. If the router cannot e-mail the log file, the log
buffer might fill up. In this case, the router overwrites the log and discards its contents.
5. Click Apply to save your settings.
So that the log entries are correctly time-stamped and sent at the correct time, be sure to set the
time as described in the next section.
The WNR2000 router uses the Network Time Protocol (NTP) to obtain the current time and date
from one of several network time servers on the Internet. Localize the time zone so that your log
entries and other router functions include the correct time stamp.
To verify and set the time zone (see Figure 3-6 on page 3-8):
• Time Zone. To select your local time zone, use the drop-down list. This setting is used for the
blocking schedule and for time-stamping log entries.
• Automatically Adjust for Daylight Savings Time. If your region supports daylight savings
time, select this check box. The router will automatically adjust the time at the start and end of
the daylight savings time period.
The LAN Setup screen allows configuration of LAN IP services such as Dynamic Host
Configuration Protocol (DHCP) and Routing Information Protocol (RIP).
4-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
To configure LAN IP settings, select LAN Setup under Advanced in the main menu. The LAN
Setup screen displays.
Figure 4-1
Note: If you change the LAN IP address of the router while connected through the
browser, you will be disconnected. You must then open a new connection to the
new IP address and log in again.
Note: For most applications, the default DHCP and TCP/IP settings of the router are
satisfactory. Click the link to the online document “TCP/IP Networking Basics” in
Appendix B for an explanation of DHCP and information about how to assign IP
addresses for your network.
To specify a pool of IP addresses to be assigned, set the starting IP address and ending IP address.
These addresses should be part of the same IP address subnet as the router’s LAN IP address.
Using the default addressing scheme, you should define a range between 192.168.1.2 and
192.168.1.254, although you might wish to save part of the range for devices with fixed addresses.
The router delivers the following parameters to any LAN device that requests DHCP:
• An IP address from the range you have defined
• Subnet mask
• Gateway IP address (the router’s LAN IP address)
• Primary DNS server (if you entered a primary DNS address in the Basic Settings screen;
otherwise, the router’s LAN IP address)
• Secondary DNS server (if you entered a secondary DNS address in the Basic Settings screen)
To use another device on your network as the DHCP server, or to manually specify the network
settings of all of your computers, clear the Use Router as DHCP Server check box. Otherwise,
leave it selected. If this service is not selected and no other DHCP server is available on your
network, you need to set your computers’ IP addresses manually or they will not be able to access
the router.
Figure 4-2
To reserve an IP address:
1. Click Add.
2. In the IP Address field, enter the IP address to assign to the computer or server. (Choose an IP
address from the router’s LAN subnet, such as 192.168.1.x.)
3. Enter the MAC address of the computer or server.
Tip: If the computer is already present on your network, you can copy its MAC
address from the Attached Devices screen and paste it here.
Note: The reserved address is not assigned until the next time the computer contacts
the router’s DHCP server. Reboot the computer or access its IP configuration
and force a DHCP release and renew.
If your Internet Service Provider (ISP) gave you a permanently assigned IP address, you can
register a domain name and have that name linked with your IP address by public Domain Name
Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you do
not know in advance what your IP address will be, and the address can change frequently. In this
case, you can use a commercial Dynamic DNS service, which allows you to register your domain
to their IP address, and forwards traffic directed at your domain to your frequently changing IP
address.
Note: If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the
Dynamic DNS service will not work because private addresses are not routed on
the Internet.
Your router contains a client that can connect to the Dynamic DNS service provided by
DynDNS.org. You must first visit their website at www.dyndns.org and obtain an account and host
name, which you specify in the router. Then, whenever your ISP-assigned IP address changes,
your router automatically contacts the Dynamic DNS service provider, logs in to your account, and
registers your new IP address. If your host name is hostname, for example, you can reach your
router at hostname.dyndns.org.
Select Dynamic DNS under Advanced in the main menu. The Dynamic DNS screen displays.
Figure 4-3
The WAN Setup options let you configure a DMZ (demilitarized zone) server, change the
Maximum Transmit Unit (MTU) size, and enable the wireless router to respond to a ping on the
WAN (Internet) port. Select WAN Setup under Advanced in the main menu. The WAN Setup
screen displays.
Figure 4-4
them, but there are other applications that might not function well. In some cases, one local
computer can run the application correctly if that computer’s IP address is entered as the default
DMZ server.
Warning: DMZ servers pose a security risk. A computer designated as the default DMZ
server loses much of the protection of the firewall, and is exposed to exploits
from the Internet. If compromised, the DMZ server computer can be used to
attack other computers on your network.
Incoming traffic from the Internet is usually discarded by the router unless the traffic is a response
to one of your local computers or a service that you have configured in the Port Forwarding/Port
Triggering screen. Instead of discarding this traffic, you can have it forwarded to one computer on
your network. This computer is called the default DMZ server.
The WAN Setup screen lets you configure a default DMZ server.
To assign a computer or server to be a default DMZ server:
1. Select the Default DMZ Server check box.
2. In the Default DMZ Server fields, enter the IP address for that computer or server.
3. Click Apply.
Static routes provide additional routing information to your router. Under usual circumstances, the
router has adequate routing information after it has been configured for Internet access, and you do
not need to configure additional static routes. You must configure static routes only for unusual
cases such as multiple routers or multiple IP subnets located on your network.
As an example of when a static route is needed, consider the following case:
• Your primary Internet access is through a cable modem to an ISP.
• You have an ISDN router on your home network for connecting to the company where you are
employed. This router’s address on your LAN is 192.168.1.100.
• Your company’s network address is 134.177.0.0.
When you first configured your router, two implicit static routes were created. A default route was
created with your ISP as the gateway, and a second static route was created to your local network
for all 192.168.1.x addresses. With this configuration, if you attempt to access a device on the
134.177.0.0 network, your router forwards your request to the ISP. The ISP forwards your request
to the company where you are employed, and the request is likely to be denied by the company’s
firewall.
In this case you must define a static route, telling your router that 134.177.0.0 should be accessed
through the ISDN router at 192.168.1.100.
In this example:
• The Destination IP Address and IP Subnet Mask fields specify that this static route applies
to all 134.177.x.x addresses.
• The Gateway IP Address field specifies that all traffic for these addresses should be
forwarded to the ISDN router at 192.168.1.100.
• A Metric value of 1 will work since the ISDN router is on the LAN.
• Private is selected only as a precautionary security measure in case RIP is activated.
To add or edit a static route:
1. Select Static Routes under Advanced in the main menu. The Static Routes screen displays.
Figure 4-5
Figure 4-6
3. In the Route Name field, enter a name for this static route. (This is for identification purposes
only.)
4. Select the Private check box if you want to limit access to the LAN only. If Private is selected,
the static route is not reported in RIP.
5. Select the Active check box to make this route effective.
6. In the Destination IP Address field, enter the IP address of the final destination.
7. In the IP Subnet Mask field, enter the IP subnet mask for this destination.
If the destination is a single host, enter 255.255.255.255.
8. In the Gateway IP Address field, enter the gateway IP address, which must be a router on the
same LAN segment as the WNR2000 router.
9. In the Metric field, enter a number between 1 and 15 as the metric value.
This represents the number of routers between your network and the destination. Usually, a
setting of 2 or 3 works, but if this is a direct connection, set it to 1.
10. Click Apply to have the static route entered into the table.
This chapter describes how to modify the configuration of the Wireless-N Router Model
WNR2000 to allow specific applications to access the Internet or to be accessed from the Internet,
and how to make adjustments to enhance your network’s performance.
This chapter includes the following sections:
• “Allowing Inbound Connections to Your Network”
• “Configuring Port Forwarding to Local Servers” on page 5-6
• “Configuring Port Triggering” on page 5-10
• “Using Universal Plug and Play” on page 5-14
• “Optimizing Wireless Performance” on page 5-15
• “Changing the MTU Size” on page 5-16
• “Quality of Service” on page 5-18
• “Overview of Home and Small Office Networking Technologies” on page 5-24
By default, the WNR2000 router blocks any inbound traffic from the Internet to your computers
except for replies to your outbound traffic. However, you might need to create exceptions to this
rule for the following purposes:
• To allow remote computers on the Internet to access a server on your local network.
• To allow certain applications and games to work correctly when their replies are not
recognized by your router.
Your router provides two features for creating these exceptions: port forwarding and port
triggering. This section explains how a normal outbound connection works, followed by two
examples explaining how port forwarding and port triggering operate and how they differ.
5-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
4. The Web server at www.example.com composes a return message with the requested Web
page data. The return message contains the following address and port information:
• The source address is the IP address of www.example.com.
• The source port number is 80, the standard port number for a Web server process.
• The destination address is the public IP address of your router.
• The destination port number is 33333.
The Web server then sends this reply message to your router.
5. Upon receiving the incoming message, your router checks its session table to determine
whether there is an active session for port number 33333. Finding an active session, the router
then modifies the message, restoring the original address information replaced by NAT. The
message now contains the following address and port information:
• The source address is the IP address of www.example.com.
• The source port number is 80, the standard port number for a Web server process.
• The destination address is your computer’s IP address.
• The destination port number is 5678, the browser session that made the initial request.
Your router then sends this reply message to your computer, which displays the Web page
from www.example.com.
6. When you finish your browser session, your router eventually senses a period of inactivity in
the communications. Your router then removes the session information from its session table,
and incoming traffic is no longer accepted on port number 33333.
“When you initiate a session with destination port 6667, you must also allow incoming traffic on
port 113 to reach the originating computer.” Using steps similar to the preceding example, the
following sequence shows the effects of the port triggering rule you have defined:
1. You open an IRC client program, beginning a chat session on your computer.
2. Your IRC client composes a request message to an IRC server using a destination port number
of 6667, the standard port number for an IRC server process. Your computer then sends this
request message to your router.
3. Your router creates an entry in its internal session table describing this communication session
between your computer and the IRC server. Your router stores the original information,
performs Network Address Translation (NAT) on the source address and port, and sends this
request message through the Internet to the IRC server.
4. Noting your port triggering rule, and having observed the destination port number of 6667,
your router creates an additional session entry to send any incoming port 113 traffic to your
computer.
5. The IRC server sends a return message to your router using the NAT-assigned source port (as
in the previous example, let’s say port 33333) as the destination port. The IRC server also
sends an “identify” message to your router with destination port 113.
6. Upon receiving the incoming message to destination port 33333, your router checks its session
table to determine whether there is an active session for port number 33333. Finding an active
session, the router restores the original address information replaced by NAT and sends this
reply message to your computer.
7. Upon receiving the incoming message to destination port 113, your router checks its session
table and learns that there is an active session for port 113, associated with your computer. The
router replaces the message’s destination IP address with your computer’s IP address and
forwards the message to your computer.
8. When you finish your chat session, your router eventually senses a period of inactivity in the
communications. The router then removes the session information from its session table, and
incoming traffic is no longer accepted on port numbers 33333 or 113.
To configure port triggering, you need to know which inbound ports the application needs. Also,
you need to know the number of the outbound port that will trigger the opening of the inbound
ports. You can usually determine this information by contacting the publisher of the application, or
user groups or newsgroups.
Note: Only one computer at a time can use the triggered application.
Using the port forwarding feature, you can allow certain types of incoming traffic to reach servers
on your local network. For example, you might make a local Web server, FTP server, or game
server visible and available to the Internet.
Use the Port Forwarding screen to configure the router to forward specific incoming protocols to
computers on your local network. In addition to servers for specific applications, you can also
specify a default DMZ server to which all other incoming protocols are forwarded. The DMZ
server is configured in the WAN Setup screen, as discussed in “Setting Up a Default DMZ Server”
on page 4-8.
Before starting, you need to determine which type of service, application, or game you will
provide, and the local IP address of the computer that will provide the service. Be sure the
computer’s IP address never changes.
Tip: To ensure that your server computer always has the same IP address, use the
reserved IP address feature of your WNR2000 router. See “Using Address
Reservation” on page 4-5 for instructions on how to use reserved IP addresses.
Figure 5-1
2. From the Service Name list, select the service or game that you will host on your network.
If the service does not appear in the list, see the following section, “Adding a Custom
Service.”
3. In the corresponding Server IP Address fields, enter the last digit of the IP address of your
local computer that will provide this service.
4. To the right of Server IP Address, click Add. The service appears in the list in the screen.
2. Click Add Service (see Figure 5-1 on page 5-7).The Ports–Custom Services screen displays.
Figure 5-2
Figure 5-3
Port triggering is a dynamic extension of port forwarding that is useful in these cases:
• More than one local computer needs port forwarding for the same application (but not
simultaneously).
• An application needs to open incoming ports that are different from the outgoing port.
When port triggering is enabled, the router monitors outbound traffic looking for a specified
outbound “trigger” port. When the router detects outbound traffic on that port, it remembers the IP
address of the local computer that sent the data. The router then temporarily opens the specified
incoming port or ports, and forwards incoming traffic on the triggered ports to the triggering
computer.
While port forwarding creates a static mapping of a port number or range to a single local
computer, port triggering can dynamically open ports to any computer that needs them and can
close the ports when they are no longer needed.
Note: If you use applications such as multiplayer gaming, peer-to-peer connections, real-
time communications such as instant messaging, or remote assistance (a feature in
Windows XP), you should also enable Universal Plug and Play (UPnP) according
to the instructions in “Using Universal Plug and Play” on page 5-14.
To configure port triggering, you need to know which inbound ports the application needs. Also,
you need to know the number of the outbound port that will trigger the opening of the inbound
ports. You can usually determine this information by contacting the publisher of the application or
user groups or newsgroups.
To set up port triggering:
1. Select Port Forwarding/Port Triggering under Advanced in the main menu. The
Forwarding/Port Triggering screen displays (see Figure 5-1 on page 5-7).
2. Select the Port Triggering radio button. The port triggering information displays.
Figure 5-4
Note: If the Disable Port Triggering check box is selected after you configure port
triggering, port triggering is disabled. However, any port triggering
configuration information you added to the router is retained even though it is
not used.
4. In the Port Triggering Timeout field, enter a value up to 9999 minutes. This value controls
the inactivity timer for the designated inbound ports. The inbound ports close when the
inactivity time expires. This is required because the router cannot be sure when the application
has terminated.
Figure 5-5
11. Click Apply. The service appears in the Port Triggering Portmap table.
Figure 5-6
Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, to
access the network and connect to other devices as needed. UPnP devices can automatically
discover the services from other registered UPnP devices on the network.
Note: If you use applications such as multiplayer gaming, peer-to-peer connections, real-
time communications such as instant messaging, or remote assistance (a feature in
Windows XP), you should enable UPnP.
Figure 5-7
• Advertisement Period. The advertisement period is how often the router broadcasts its
UPnP information. This value can range from 1 to 1440 minutes. The default period is 30
minutes. Shorter durations ensure that control points have current device status at the
expense of additional network traffic. Longer durations might compromise the freshness
of the device status but can significantly reduce network traffic.
• Advertisement Time To Live. The time to live for the advertisement is measured in hops
(steps) for each UPnP packet sent. The time to live hop count is the number of steps a
broadcast packet is allowed to propagate for each UPnP advertisement before it
disappears. The number of hops can range from 1 to 255. The default value for the
advertisement time to live is 4 hops, which should be fine for most home networks. If you
notice that some devices are not being updated or reached correctly, then it might be
necessary to increase this value.
• UPnP Portmap Table. The UPnP Portmap Table displays the IP address of each UPnP
device that is currently accessing the router and which ports (Internal and External) that
device has opened. The UPnP Portmap Table also displays what type of port is open and
whether that port is still active for each IP address.
3. Click Apply to save your settings.
The speed and operating distance or range of your wireless connection can vary significantly based
on the physical placement of the wireless router. You should choose a location for your router that
will maximize the network speed.
Note: Failure to follow these guidelines can result in significant performance degradation
or inability to wirelessly connect to the router. For complete range and
performance specifications, click the link to the online document “Wireless
Networking Basics” in Appendix B.
The Maximum Transmission Unit (MTU) is the largest data packet a network device transmits.
When one network device communicates across the Internet with another, the data packets travel
through many devices along the way. If any device in the data path has a lower MTU setting than
the other devices, the data packets must be split or “fragmented” to accommodate the one with the
smallest MTU.
The best MTU setting for NETGEAR equipment is often just the default value, and changing the
value might fix one problem but cause another. Leave MTU unchanged unless one of these
situations occurs:
• You have problems connecting to your ISP, or other Internet service, and either the technical
support of the ISP or of NETGEAR recommends changing the MTU size. These might require
an MTU change:
– A secure Web site that will not open, or displays only part of a Web page
– Yahoo e-mail
– MSN
– America Online’s DSL service
• You use VPN and have severe performance problems.
• You used a program to optimize MTU for performance reasons, and now you have
connectivity or performance problems.
Note: An incorrect MTU setting can cause Internet communication problems such as the
inability to access certain Web sites, frames within Web sites, secure login pages,
or FTP or POP servers.
If you suspect an MTU problem, a common solution is to change the MTU size to 1400. If you are
willing to experiment, you can gradually reduce the MTU size from the maximum value of 1500
until the problem goes away. Table 5-1 describes common MTU sizes and applications.
Table 5-1. Common MTU Sizes
MTU Application
1500 The largest Ethernet packet size and the default value. This is the typical setting for non-
PPPoE, non-VPN connections, and is the default value for NETGEAR routers, adapters,
and switches.
1492 Used in PPPoE environments.
1472 Maximum size to use for pinging. (Larger packets are fragmented.)
1468 Used in some DHCP environments.
1460 Usable by AOL if you do not have large e-mail attachments, for example.
1436 Used in PPTP environments or with VPN.
1400 Maximum size for AOL DSL.
576 Typical value to connect to dial-up ISPs.
Quality of Service
Quality of Service (QoS) is an advanced feature that can be used to prioritize some types of traffic
ahead of others. The WNR2000 router can provide QoS prioritization over the wireless link and on
the Internet connection.
From the main menu of the browser interface, under Advanced, select QoS Setup. The QoS Setup
screen displays:
Figure 5-8
WMM QoS is enabled by default. You can disable it by clearing the Enable WMM check box and
clicking Apply.
2. Click Setup QoS rule. The QoS - Priority Rules screen displays.
Figure 5-9
For convenience, the QoS Policy table lists many common applications and online games that
can benefit from QoS handling.
3. Click Add Priority Rule. The QoS - Priority Rules screen displays.
Figure 5-10
4. In the Priority Category list, select either Applications or Online Gaming. In either case, a
list of predefined applications or games displays in the Applications drop-down list.
5. From the Applications list, you can select an existing item, or you can scroll to the bottom of
the list and select Add a New Application or Add a New Game.
a. If you chose to add a new entry, the screen expands as shown:
Figure 5-11
b. In the QoS Policy for field, enter a descriptive name for the new application or game.
c. Select the packet type, either TCP, UDP, or both (TCP/UDP), and specify the port
number or range of port numbers used by the application or game.
6. From the Priority drop-down list, select the priority that this traffic should receive relative to
other applications and traffic when accessing the Internet. The options are Low, Normal, High,
and Highest.
7. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
8. In the QoS Setup screen, select the Turn Internet Access QoS On check box.
9. Click Apply.
Figure 5-12
4. From the LAN port list, select the LAN port that will have a QoS policy.
5. From the Priority drop-down list, select the priority that this port’s traffic should receive
relative to other applications and traffic when accessing the Internet. The options are Low,
Normal, High, and Highest.
6. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
7. In the QoS Setup screen, select the Turn Internet Access QoS On check box.
8. Click Apply.
Figure 5-13
4. If the device to be prioritized appears in the MAC Device List, select it. The information from
the MAC Device List is used to populate the policy name, MAC Address, and Device Name
fields. If the device does not appear in the MAC Device List, click Refresh. If it still does not
appear, you must complete these fields manually.
5. From the Priority drop-down list, select the priority that this device’s traffic should receive
relative to other applications and traffic when accessing the Internet. The options are Low,
Normal, High, and Highest.
6. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
7. In the QoS Setup screen, select the Turn Internet Access QoS On check box.
8. Click Apply.
2. Select the radio button next to the QoS policy to be edited or deleted, and do one of the
following:
• Click Delete to remove the QoS policy.
• Click Edit to edit the QoS policy. Follow the instructions in the preceding sections to
change the policy settings.
3. Click Apply in the QoS Setup screen to save your changes.
Common connection types and their speed and security considerations are:
• Broadband Internet. Your Internet connection speed is determined by your modem type,
such as ADSL or cable modem, as well as the connection speed of the sites to which you
connect, and general Internet traffic. ADSL and cable modem connections are asymmetrical,
meaning they have a lower data rate to the Internet (upstream) than from the Internet
(downstream). Keep in mind that when you connect to another site that also has an
asymmetrical connection, the data rate between your sites is limited by each side’s upstream
data rate. A typical residential ADSL or cable modem connection provides a downstream
throughput of about 1 to 3 megabits per second (Mbps). Newer technologies such as ADSL2+
and Fiber to the Home (FTTH) will increase the connection speed to tens of Mbps.
• Wireless. Your Wireless-N Router Model WNR2000 provides a wireless data throughput of
up to 300 Mbps using technology called multiple input, multiple output (MIMO), in which
multiple antennas transmit multiple streams of data. The use of multiple antennas also
provides excellent range and coverage. With the introduction of the newer WPA and WPA2
encryption and authentication protocols, wireless security is extremely strong.
To get the best performance, use RangeMax NEXT adapters such as the WN511B for your
computers. Although the RangeMax NEXT router is compatible with older 802.11b and
802.11g adapters, the use of these older wireless technologies in your network can result in
lower throughput overall (typically less than 10 Mbps for 802.11b and less than 40 Mbps for
802.11g). In addition, many older wireless products do not support the latest security
protocols, WPA and WPA2.
• Powerline. For connecting rooms or floors that are blocked by obstructions or are distant
vertically, consider networking over your building’s AC wiring. NETGEAR’s Powerline HD
family of products delivers up to 200 Mbps to any outlet, while the older-generation XE
family of products delivers 14 Mbps or 85 Mbps. Data transmissions are encrypted for
security, and you can configure an individual network password to prevent neighbors from
connecting.
The Powerline HD family of products can coexist on the same network with older-generation
XE family products or HomePlug 1.0 products, but they are not interoperable with these older
products.
• Wired Ethernet. As gigabit-speed Ethernet ports (10/100/1000 Mbps) become common on
newer computers, wired Ethernet remains a good choice for speed, economy, and security.
Gigabit Ethernet can extend up to 100 meters with twisted-pair wiring of Cat 5e or better. A
wired connection is not susceptible to interference, and eavesdropping would require a
physical connection to your network.
Note: Actual data throughput will vary. Network conditions and environmental factors,
including volume of network traffic, building materials and construction, and
network overhead, can lower actual data throughput rate.
• Backing up computers over the network has become popular due to the availability of
inexpensive mass storage. Table 5-2 shows the time to transfer 1 gigabyte (1 GB) of data using
various networking technologies.
Table 5-2. Theoretical Transfer Time for 1 Gigabyte
This chapter describes how to use the maintenance features of your Wireless-N Router Model
WNR2000 .
This chapter includes the following sections:
• “Viewing Wireless Router Status Information”
• “Viewing a List of Attached Devices” on page 6-7
• “Managing the Configuration File” in Chapter 6
• “Updating the Router Firmware” on page 6-9
• “Enabling Remote Management Access” on page 6-13
6-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Figure 6-1
Field Description
Field Description
Wireless Port. The following settings apply to the wireless port of the router.
Name (SSID) The wireless network name (SSID) being used by the wireless port of
the router. The default is NETGEAR.
Region The geographic region where the router is being used. It might be
illegal to use the wireless features of the router in some parts of the
world.
Channel Identifies the channel of the wireless port being used. Click the link to
the online document “Wireless Networking Basics” in Appendix B for
the frequencies used on each channel.
Mode Indicates the wireless communication mode:
• Up to 54 Mbps.
• Up to 145 Mbps.
• Up to 300 Mbps (in this mode, there are two channels: a primary
channel [P] and a secondary channel [S]).
Wireless AP Indicates whether the radio feature of the router is enabled. If not
enabled, the Wireless LED on the front panel is off.
Broadcast Name Indicates whether the router is broadcasting its SSID.
Wi-Fi Protected Setup Indicates whether the router’s PIN is enabled and whether the router
is configured for Push ‘N’ Connect (Wi-Fi Protected Setup). For more
information, see “Using Push 'N' Connect (Wi-Fi Protected Setup)” on
page 2-13.
Figure 6-2
Item Description
a. Click the Release button to release the connection status items (that is, all items return to
0).
b. Click the Renew button to renew to the connection status items (that is, all items are
refreshed).
c. Click the Close Window button to close the Connection Status screen.
Figure 6-3
Item Description
System Up Time The time elapsed since the router was last restarted.
Port The statistics for the WAN (Internet) and LAN (Ethernet) ports. For each port, the
screen displays the following:
Status The link status of the port.
TxPkts The number of packets transmitted on this port since reset or manual clear.
RxPkts The number of packets received on this port since reset or manual clear.
Collisions The number of collisions on this port since reset or manual clear.
Tx B/s The current transmission (outbound) bandwidth used on the WAN and LAN ports.
Rx B/s The current reception (inbound) bandwidth used on the WAN and LAN ports.
Up Time The time elapsed since this port acquired the link.
Poll Interval The intervals at which the statistics are updated in this screen.
To change the polling frequency, enter a time in seconds in the Poll Interval field, and click
Set Interval.
To stop the polling entirely, click Stop.
The Attached Devices screen contains a table of all IP devices that the router has discovered on the
local network. Select Attached Devices under Maintenance in the main menu to view the table.
Figure 6-4
For each device, the table shows the IP address, NetBIOS host name or device name (if available),
and the Ethernet MAC address. To force the router to look for attached devices, click Refresh.
Note: If the router is rebooted, the table data is lost until the router rediscovers the
devices.
The configuration settings of the WNR2000 router are stored within the router in a configuration
file. You can back up (save) this file to your computer, restore it, or reset it to the factory default
settings.
Select Backup Settings under Maintenance in the main menu. The Backup Settings screen
displays.
Figure 6-5
Tip: Before saving your configuration file, change the administrator password to the
default, password. Then change it again after you have saved the configuration file.
If you forget the password, you will need to reset the configuration to factory
defaults.
To restore your settings from a saved configuration file, enter the full path to the file on your
computer, or click Browse to browse to the file. When you have located it, click Restore to send
the file to the router. The router then reboots automatically.
The firmware of the WNR2000 router is stored in flash memory, and can be updated as
NETGEAR releases new firmware. You can update your firmware by logging into the router and
using one of these procedures:
• Enable the Check for Updated Firmware Upon Log-in check box. Each time you log in to
the router, it will automatically detect a new version of the firmware and then install it. This
check box is enabled in the router’s default state. See “Logging In To Your Wireless Router”
on page 1-2.
• Use the Check button in the Router Upgrade screen. Instead of having the router check for
new firmware every time you log in, you can use Router Upgrade, under Maintenance in the
main menu. See “Checking for New Firmware in the Router Upgrade Screen.”
• Check for and update your firmware manually. You can compare versions, obtain new
firmware from NETGEAR’s website, and then upload it. See “Updating Manually to New
Router Firmware” on page 6-11.
Note: Before updating the router software, NETGEAR recommends that you save your
configuration settings (see “Backing Up and Restoring the Configuration” on
page 6-8). A firmware update might cause the router settings to revert to the
factory defaults. If this happens, after completing the update, you can restore
your settings from the backup.
Figure 6-6
Figure 6-7
• If no new firmware version is available, a message displays and the router returns to the
Firmware Update screen.
Figure 6-8
When the upload is complete, your router automatically restarts. The update process typically
takes about 1 minute.
Figure 6-9
3. Compare the version number of the most recent firmware offered to the firmware version of
your router. If the version on the NETGEAR website is more recent, download the file from
the WNR2000 support page to your computer.
4. Log in to your router and select Router Upgrade under Maintenance on the main menu.
5. Click Browse, and locate the firmware image that you downloaded to your computer (the file
ends in .img or .chk).
6. Click Upload to send the firmware to the router.
Warning: When updating firmware to the WNR2000 router, do not interrupt the
Web browser by closing the window, clicking a link, or loading a new
page. If the browser is interrupted, it could corrupt the firmware.
When the upload is complete, your router automatically restarts. The upgrade process
typically takes about 1 minute.
Using the Remote Management feature, you can allow a user on the Internet to configure, upgrade,
and check the status of your WNR2000 router. Select Remote Management under Advanced in
the main menu. The Remote Management screen displays.
Figure 6-10
Note: Be sure to change the router’s default configuration password to a very secure
password. The ideal password should contain no dictionary words from any
language, and should be a mixture of letters (both uppercase and lowercase),
numbers, and symbols. Your password can be up to 30 characters.
2. Under Allow Remote Access By, specify what external IP addresses will be allowed to access
the router’s remote management.
Note: When accessing your router from the Internet, enter your router’s WAN IP address
into your browser’s address or location field, followed by a colon (:) and the
custom port number. For example, if your external address is 134.177.0.123 and
you use port number 8080, then enter http://134.177.0.123:8080 in your browser.
This chapter provides information about troubleshooting your Wireless-N Router Model
WNR2000 . After each problem description, instructions are provided to help you diagnose and
solve the problem. As a first step, please review the Quick Tips.
Tip: NETGEAR provides helpful articles, documentation, and the latest software
updates at http://www.netgear.com/support.
Quick Tips
7-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Make sure that the Ethernet cables are securely plugged in.
• The Internet status light on the wireless router is on if the Ethernet cable connecting the
wireless router and the modem is plugged in securely and the modem and wireless router are
turned on.
• For each powered-on computer connected to the wireless router by an Ethernet cable, the
corresponding numbered router LAN port light is on.
Make sure that the wireless settings in the computer and router match exactly.
• For a wirelessly connected computer, the wireless network name (SSID) and WEP or WPA
security settings of the router and wireless computer must match exactly.
• If you have enabled the wireless router to restrict wireless access by MAC address, you must
add the wireless computer’s MAC address to the router’s wireless card access list.
Make sure that the network settings of the computer are correct.
• LAN connected computers must be configured to obtain an IP address automatically using
DHCP. For more information, see the links in Appendix B, “Related Documents.
• Some cable modem services require you to use the MAC address of the computer registered
on the account. If so, in the Router MAC Address section of the Basic Settings menu, select
Use this Computer’s MAC Address. Click Apply to save your settings. Restart the network
in the correct sequence.
After you turn on power to the router, the following sequence of events should occur:
1. When power is first applied, verify that the Power light is on.
2. Verify that the power light turns amber within a few seconds, indicating that the self-test
procedure is running.
7-2 Troubleshooting
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Troubleshooting 7-3
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
7-4 Troubleshooting
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
2. Check that PIN verification has succeeded for the WPS-enabled device you are connecting to
the router.
3. Make sure you have not pushed the push-button after disabling the WPS function (you logged
into the router and disabled this previously).
4. Check that the router is not in the temporary AP setup locked state (if you are using the
wireless repeater function).
For more information on WPS, see “Using Push 'N' Connect (Wi-Fi Protected Setup)” on
page 2-13.
Login Problems
If you are unable to log in to the wireless router, check the following:
• If you are using an Ethernet-connected computer, check the Ethernet connection between the
computer and the router as described in the NETGEAR Wireless Router Setup Manual.
• Make sure you are using the correct login information. The factory default login name is
admin and the password is password. Make sure that the Caps Lock is off when entering this
information.
• Make sure your computer’s IP address is on the same subnet as the router. If your are using the
recommended addressing scheme, your computer’s address should be in the range of
192.168.1.2 to 192.168.1.254. Refer to your computer’s documentation or see “Preparing
Your Network” in Appendix B for help with configuring your computer.
Note: If your computer cannot reach a DHCP server, some operating systems will
assign an IP address in the range 169.254.x.x. If your IP address is in this
range, verify that you have a good connection from the computer to the router,
then restart (reboot) your computer.
• If your router’s IP address has been changed and you don’t know the current IP address, reset
the router’s configuration to the factory defaults. This procedure will reset the router’s IP
address to 192.168.1.1 (see “Default Configuration Settings” in Appendix A).
• Make sure your browser has Java, JavaScript, or ActiveX enabled. If you are using Internet
Explorer, click Refresh to be sure the Java applet is loaded. Try closing the browser and
reopening it again.
Troubleshooting 7-5
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
• If you are attempting to set up your NETGEAR router as an additional router behind an
existing router in your network, consider replacing the existing router instead. NETGEAR
does not support such a configuration.
• If you are attempting to set up your NETGEAR router as a replacement for an ADSL gateway
in your network, the router cannot perform many gateway services, for example, converting
ADSL or Cable data into Ethernet networking information. NETGEAR does not support such
a configuration.
If you can access your router, but your router is unable to access the Internet, review the topics in
this section:
• “Obtaining an Internet IP Address”
• “Troubleshooting PPPoE”
• “Troubleshooting Internet Browsing”
7-6 Troubleshooting
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
• You might need to force your cable or DSL modem to recognize your new router by restarting
your network, in the sequence described in the NETGEAR Wireless Router Setup Manual.
• Your service provider might require a login. Ask your service provider whether they require a
PPP over Ethernet (PPPoE) login (see “Troubleshooting PPPoE” on page 7-7).
• You might have incorrectly set the service name, user name or password. Review your router’s
Basic Settings screen.
• Your service provider might check for your computer's host name. Assign the computer Host
Name of your ISP account to the wireless router on the Basic Settings screen.
• Your service provider might only allow one Ethernet MAC address to connect to the Internet,
and check for your computer’s MAC address. If this is the case:
– Inform your service provider that you have bought a new network device, and ask them to
use the wireless router’s MAC address, or
– Configure your router to spoof your computer’s MAC address. On the Basic Settings
screen in the Router MAC Address section, select “Use this Computer’s MAC Address”
and click Apply. Then restart your network in the correct sequence (see the NETGEAR
Wireless Router Setup Manual for instructions).
Troubleshooting PPPoE
If you are using PPPoE, try troubleshooting your Internet connection.
To troubleshoot a PPPoE connection:
1. Log in to the wireless router.
2. Select Router Status under Maintenance on the main menu.
3. Click Connection Status. If all of the steps indicate “OK,” then your PPPoE connection is up
and working.
If any of the steps indicate “Failed,” you can attempt to reconnect by clicking Connect. The
wireless router will continue to attempt to connect indefinitely.
If you cannot connect after several minutes, you might be using an incorrect service name,
user name, or password. There also might be a provisioning problem with your ISP.
Note: Unless you connect manually, the wireless router will not authenticate using
PPPoE until data is transmitted to the network.
Troubleshooting 7-7
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Most network devices and routers contain a ping utility that sends an echo request packet to the
designated device. The device then responds with an echo reply. Troubleshooting a network is
made very easy by using the ping utility in your computer or workstation. This section includes:
• “Testing the LAN Path to Your Router”
• “Testing the Path from Your Computer to a Remote Device”
7-8 Troubleshooting
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Troubleshooting 7-9
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Select E-mail under Content Filtering in the main menu to display a screen that shows the current
date and time of day. The WNR2000 router uses the Network Time Protocol (NTP) to obtain the
current time from one of several network time servers on the Internet. Each entry in the log is
stamped with the date and time of day. Problems with the date and time function can include the
following:
7-10 Troubleshooting
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Troubleshooting 7-11
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
If your wireless network appears, but the signal strength is weak, check these conditions:
• Is your router too far from your adapter, or too close? Place the computer that has the adapter
near the router, but at least 6 feet away, and see whether the signal strength improves.
• Is your wireless signal obstructed by objects between the router and your adapter? See
“Optimizing Wireless Performance” on page 5-15.
This section explains how to restore the factory default configuration settings that reset the router’s
user name to admin, the password to password, and the IP address to 192.168.1.1.
You can erase the current configuration and restore factory defaults in two ways:
• Use the Erase function of the router. To use the Erase function, see “Erasing the
Configuration” on page 6-9.
• Use the restore factory settings button on the rear panel of the router. Use this method for cases
when the administration password or IP address is not known.
To use the restore settings button:
1. Locate the restore factory settings button on the rear panel of the router.
2. Use a sharp object such as a pen or a paper clip to press and hold the restore factory settings
button for about 5 seconds, until the Power light begins to blink.
3. Release the restore factory settings button, and wait for the router to restart, and for the Power
light to stop blinking and become solid green.
The factory default settings will be restored so that you can access the router from your Web
browser using the factory defaults.
If the wireless router fails to restart, or the Power light continues to blink or turns solid amber, the
unit might be defective. If the error persists, you might have a hardware problem and should
contact Technical Support at http://www.netgear.com/support.
7-12 Troubleshooting
v1.3, February 2009
Appendix A
Technical Specifications
This appendix provides factory default settings and technical specifications for the Wireless-N
Router Model WNR2000 .
Table A-1. WNR2000 Router Default Configuration Settings
Router Login
Router Login URL http://www.routerlogin.net or
http://www.routerlogin.com
Login Name (case-sensitive) printed on admin
product label
Login Password (case-sensitive) printed on password
product label
Internet Connection
WAN MAC Address Default hardware address (on label)
MTU Size 1500
Local Network
Router LAN IP address printed on product label 192.168.1.1
(also known as Gateway IP address)
Router Subnet 255.255.255.0
DHCP Server Enabled
DHCP range 192.168.1.2 to 192.168.1.254
Time Zone GMT
Time Zone Adjusted for Daylight Saving Time Disabled
Allow a Registrar to configure this router Enabled
Wireless
General Specifications
Feature General
Data and Routing Protocols TCP/IP, RIP-1, RIP-2, DHCP, PPPoE, PPTP, Bigpond, Dynamic
DNS, and UPnP
Power Adapter
North America 120V, 60 Hz, input
UK, Australia 240V, 50 Hz, input
Europe 230V, 50 Hz, input
Japan 100V, 50/60 Hz, input
All regions (output) 12V DC @ 1.0A, output
Physical
Dimensions 7" x 5.1" x 1.4"
177.5 x 130 x 35 mm
Weight 0.88 lbs.
0.399 kg
Environmental
Operating temperature 0 to 40 C (32º to 104º F)
Operating humidity 90% maximum relative humidity, noncondensing
Electromagnetic Emissions
Designed to conform to the FCC Part 15 Class B
following standards EN 55022/24 (CISPR 22/24) Class B
EN 60950 (CE LVD) Class B
MIC
Interface Specifications
LAN 10BASE-T or 100BASE-Tx, RJ-45
WAN 10BASE-T or 100BASE-Tx, RJ-45
This appendix provides links to reference documents you can use to gain a more complete
understanding of the technologies used in your NETGEAR product.
Table B-1. Reference Documents
Document Link
In addition, you can find initial setup instructions for your wireless router in the NETGEAR
Wireless Router Setup Manual.
A blocking
access 3-1
access inbound traffic 5-1
blocking 3-1
remote 6-13 bold text xi
restricting by MAC address 2-19 broadband Internet 5-24
to a remote computer 5-2 broadcast status 6-4
to the router 1-2
viewing logs 3-6
access control
C
turning off 1-13 cables, checking 7-2
turning on 2-21 channel, frequency 2-8
account name 1-8 channel, wireless port 6-4
adding clients, adding 2-13, 2-18, 6-4
custom service 5-7
communication mode 2-8, 6-4
priority rules 5-20
reserved IP addresses 4-5 compatibility, protocol and standards A-3
static routes 4-11 configuration file
wireless clients 2-13, 2-18, 6-4 backing up 6-8
See also configuring erasing 6-9
administrator password, changing 2-21 managing 6-7
advanced wireless settings 2-12 configuring
advanced security 2-12
advertisement period 5-15
basic security 2-6
AES (Advanced Encryption Standard) encryption 2-11 DMZ server 4-9
applications, QoS for 5-20 Dynamic DNS 4-7
attached devices 6-7 LAN IP settings 4-2
NAT 4-10
authentication, required by mail server 3-8
port forwarding 5-6
automatic logout 1-5 port triggering 5-10
WPA security 2-10
WPS 2-17
B See also adding
backing up configuration file 6-8 connection mode 1-10
backing up, transfer time 5-26 connection status settings 6-5
basic settings 2-6 connection types 5-24
basic wireless connectivity 1-11 content filtering 3-1
Big Pond 1-10 CTS/RTS Threshold 2-13
Index-1
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
D F
data packets, fragmented 5-16 factory default settings
date and time, troubleshooting 7-10 listed A-1
restoring 7-12
daylight savings time 3-9, 7-11
filtering content 3-1
default DMZ server 4-8
firewalls
default factory settings
default settings A-2
listed A-1
disabling 4-8
restoring 7-12
overview 2-23
default gateway 6-5
firmware
default LAN IP configuration 4-3 restoring 7-3
deleting configuration 6-9 updating 1-3, 6-3, 6-9
device name 4-2 fixed font text xi
DHCP server 4-4, 6-5 fixed IP addresses 1-8
DHCP setting 6-3 Fragmentation Threshold 2-13
disabling fragmented data packets 5-16
firewall 4-8 frequency, channel 2-8
router PIN 2-17
DMZ server 4-8
G
DNS servers 5-2
games, QoS for 5-20
Documentation Web page 1-4
generating encryption keys 2-10
documents, reference B-1
Gigabit Ethernet 5-25
domain name 1-8
GUI language version 6-3
Domain Name Server (DNS) addresses
current 6-3
entering 1-8, 1-11 H
Dynamic DNS 4-6 hardware version 6-3
dynamic IP addresses 1-8 host name 1-8, 6-7
DynDNS.org 4-6 HTML version, printing xii
E I
electromagnetic emissions A-3 idle time-out 1-11
e-mailing logs 3-7 inbound traffic, allowing or blocking 5-1
encryption 2-1 interface specifications A-3
encryption keys 2-10 interference, reducing 5-16
environmental specifications A-3
Index-2
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Index-3
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Index-4
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
service numbers 3-4 TKIP (Temporal Key Integrity Protocol) encryption 2-11
services, blocking 3-3 trademarks ii
setting time 3-9 traffic, prioritizing 5-18
settings, default. See default factory settings transfer time (backing up) 5-26
setup information, gathering 2-5 troubleshooting 7-1
Setup Manual 1-1 trusted user 3-2
Shared Key authentication 2-5, 2-9 typographical conventions xi
Smart Setup Wizard 1-6
SMTP server 3-8 U
software push button configuration (WPS) 2-14 Universal Plug and Play (UPnP) 5-14
specifications up time, system 6-6
technical A-1
updating firmware 1-3, 6-3, 6-9
speed requirements 5-25
URLs
SPI (Stateful Packet Inspection) firewall 4-8 typography for xi
spoofing MAC addresses 1-8, 7-7 usage statistics 6-6
SSID 1-12, 2-7, 6-4
SSID broadcast 1-13, 2-12 V
standards, compatibility A-3
version
static IP addresses 1-8 firmware 6-3, 6-9
static routes 4-10 RIP (Router Information Protocol) 4-3
statistics, usage 6-6 viewing
status, viewing 6-2 advanced wireless settings 2-12
attached devices 6-7
streaming video and audio 5-25
basic security settings 2-6
subnet mask 4-3, 6-3 logs 3-6
system up time 6-6 status 6-2
T W
TCP/IP network, troubleshooting 7-8 WAN setup 4-8
technical specifications A-1 WEP encryption 2-3, 2-9
Telstra Bigpond 1-10 Wi-Fi Protected Setup (WPS) 2-13, 6-4, 7-4
testing wireless connections 1-11 wildcards, DNS and 4-7
time of day, troubleshooting 7-10 Wireless Card Access List 2-19
time to live, advertisement 5-15 wireless client PIN 2-15
time, setting 3-9 wireless clients, adding 2-13, 2-18, 6-4
time-out wireless connection type 5-24
idle 1-11 wireless network name 1-12, 2-7, 6-4
port triggering 5-11
wireless port settings 6-4
Index-5
v1.3, February 2009
NETGEAR Wireless-N Router WNR2000 User Manual
Index-6
v1.3, February 2009