Owner's Manual

ManualsBrandsNetgear ManualsModemsNetgear DGND3800B

350 East Plumeria Drive

San Jose, CA 95134

USA

June 2013

202-10941-03

v1.0

N600 Wireless Dual Band

Gigabit VDSL2 Modem

Router DGND3800B

User Manual

Summary of content (170 pages)

PAGE 1
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B User M anua l 350 East Plumeria Drive San Jose, CA 95134 USA June 2013 202-10941-03 v1.
PAGE 2
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com.
PAGE 3
Contents Chapter 1 Hardware Setup Unpack Your Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Label. . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Parental Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Set Up a Guest Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Chapter 4 NETGEAR genie Advanced Home NETGEAR genie Advanced Home Screen . . . . . . . . . . . . . . . . . . . . . . . . 41 Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Port Forwarding to Permit External Host Communications . . . . . . . . . . 76 How Port Forwarding Differs from Port Triggering . . . . . . . . . . . . . . . . . 77 Set Up Port Forwarding to Local Servers . . . . . . . . . . . . . . . . . . . . . . . . 77 Set Up Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Schedule When to Block the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Chapter 9 Virtual Private Networking Overview of VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Client-to-Gateway VPN Tunnels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Gateway-to-Gateway VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Set Up a Client-to-Gateway VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Add a Gateway-to-Gateway VPN Tunnel.
PAGE 7
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Configuration Summary (Telecommuter Example) . . . . . . . . . . . . . . . . . 158 Set Up Client-to-Gateway VPN (Telecommuter Example) . . . . . . . . . . . . 159 Configure Gateway A (VPN Router at Main Office) . . . . . . . . . . . . . . . 159 Configure Gateway B (VPN Router at Regional Office) . . . . . . . . . . . . 160 Monitor the VPN Tunnel (Telecommuter Example) . . . . . . . . . . . . . . . . .
PAGE 8
1. 1 Hardware Setup The NETGEAR N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B offers dual-band technology and ensures top speeds and the greatest range for demanding applications, such as streaming HD video and multiplayer gaming. Complete with a built-in ADSL modem, it is compatible with all major ADSL Internet service providers. The gigabit port on the WAN side has an option to connect to a fiber/cable modem.
PAGE 9
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Unpack Your Modem Router Your box contains the following items: • N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • AC power adapter (plug varies by region) • Category 5 (Cat 5) Ethernet cable • Telephone cable with RJ-11 connector • Installation guide with cabling and router setup instructions. AC Power adapter N600 Modem Router Ethernet cable Telephone cable Figure 1.
PAGE 10
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Hardware Features Before you cable your modem router, take a moment to become familiar with the front panel, back panel, and label. Pay particular attention to the LEDs on the front panel. Front Panel The modem router front panel has the status LEDs and icons shown in the figure. The WiFi and WPS icons are buttons. WPS On/Off button Wireless On/Off button USB port Internet DSL 5 GHZ Wireless 2.4 GHz Wireless USB LAN ports Power Figure 2.
PAGE 11
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Front Panel LEDs The following table describe the LEDs on the front panel from top to bottom. Table 1. LED descriptions LED Internet DSL 5 GHz Wireless Description • Solid green. You have an Internet connection. If this connection is dropped due to an idle time-out but the connection is still present, the light stays green. If the Internet connection is dropped for any other reason, the light turns off. • Solid red.
PAGE 12
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Back Panel The back panel has the buttons and port connections as shown in the following figure. ADSL line Gigabit WAN Ethernet port for connecting to external cable/fber modem Gigabit LAN Ethernet ports USB port Power On/Off button AC power adapter input Figure 3. Back panel connections and buttons For information about resetting the modem router to its factory settings, see Factory Settings on page 149.
PAGE 13
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Label The label on the bottom of the modem router shows the router’s Restore Factory Settings button, serial number, MAC address, Wi-Fi network name (SSID), and network key (password). Serial number MAC address Restore Factory Settings Wi-Fi network name (SSID) Network key (password) Figure 4.
PAGE 14
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B ADSL Microfilters If this is the first time you have cabled a modem router between a DSL phone line and your computer or laptop, you might not be familiar with ADSL microfilters. If you are, you can skip this section and proceed to Cable Your Modem Router on page 15. An ADSL microfilter is a small inline device that filters DSL interference out of standard phone equipment that shares the same line with your DSL service.
PAGE 15
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B microfilter into the wall outlet, plug your phone equipment into the jack labeled Phone, and plug the modem router into the jack labeled ADSL. Plugs into the ADSL line Figure 6. Two-line ADSL microfilter with built-in splitter Summary • One-line ADSL microfilter (not included). Use with a phone or fax machine. • Splitter (not included). Use with a one-line ADSL microfilter to share an outlet with a phone and the modem router.
PAGE 16
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B For help with installation, see the installation guide that came in the package with your product. For information about how to access the modem router to view or change the settings, see Chapter 2, Access the Modem Router. Verify the Cabling Verify that your router is cabled correctly by checking the modem router LEDs. Turn on the modem router by pressing the Power On/Off button on the back.
PAGE 17
2. Access the Modem Router This chapter explains how to use NETGEAR genie to set up your modem router after you complete cabling as described in the installation guide and in the previous chapter.
PAGE 18
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Modem Router Setup Preparation You can set up your modem router with the NETGEAR genie automatically, or you can use the genie menus and screens to set up your modem router manually. Before you start the setup process, get your ISP information and make sure the computers and devices in the network have the settings described here.
PAGE 19
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B - ISP Domain Name Server (DNS) addresses - Fixed or static IP address - Host and domain names - Depending on how your ISP set up your Internet account, you could need to know one or more of there settings for a manual setup: • Virtual path identifier (VPI) and virtual channel identifier (VCI) parameters • Multiplexing method • Host and domain names Wireless Devices and Security Settings Make sure that the wireless device or computer
PAGE 20
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • The first time you set up the Internet connection for your modem router, the browser goes to http://www.routerlogin.net, and the NETGEAR genie screen displays. • If you already used the NETGEAR genie, type http://www.routerlogin.net in the address field for your browser to display the NETGEAR genie screen. See Use NETGEAR genie after Installation on page 21. 4. Follow the onscreen instructions to complete NETGEAR genie setup.
PAGE 21
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Use NETGEAR genie after Installation When you first set up your modem router, NETGEAR genie automatically starts when you launch an Internet browser on a computer that is connected to the modem router. If you want to view or change settings for the modem router, you can use genie again.  To use NETGEAR genie again after installation: 1. Launch your browser from a computer or wireless device that is connected to the modem router. 2.
PAGE 22
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Dashboard (BASIC Home Screen) The modem router BASIC Home screen has a dashboard that lets you see the status of your Internet connection and network at a glance. You can click any of the six sections of the dashboard to view and change the settings. The left column has menus. You can use the ADVANCED tab to access more menus and screens.
PAGE 23
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Join Your Wireless Network You can use the manual or the WPS method to join your wireless network. For instructions about how to set up a guest network, see Set Up a Guest Network on page 39. Manual Method With the manual method, choose the network that you want and type its password to connect.  To connect manually: 1. On your computer or wireless device, open the software that manages your wireless connections.
PAGE 24
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B NETGEAR genie App and Mobile genie App The genie app is the easy dashboard for managing, monitoring, and repairing your home network. See the NETGEAR genie App User Manual for details about the genie apps. Retrieve wireless password About genie Language Menu Dashboard (Click to view details) Support Figure 9. genie app dashboard The genie app can help you with the following: • Automatically repair common wireless network problems.
PAGE 25
3. NETGEAR genie Basic Settings This chapter contains the following sections: • Internet Setup • Basic Wireless Setup • View Attached Devices • Parental Controls • Set Up a Guest Network For information about ReadySHARE USB storage, see Chapter 5, USB Storage.
PAGE 26
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Internet Setup The Internet Setup screen is where you view or change basic ISP information. Note: You can use the Setup Wizard to detect the Internet connection and automatically set up the modem router. See Setup Wizard on page 41.  To view or change the basic Internet setup: 1. From the Home screen, select Internet.
PAGE 27
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: WAN1 is for normal Internet access and WAN2 is for IPTV service. If you are subscribed to IPTV, you need to set up WAN2. The set up for WAN1 and WAN2 should be the same. If you are not subscribed to IPTV service, you do not need to set up WAN2. VLAN tags are used to distinguish the WAN1 and WAN2 traffic. 3. Select one of the following radio buttons, and fill in the fields: • Yes.
PAGE 28
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Encapsulation. Encapsulation is a method for enclosing multiple protocols. PPP stands for Point-to-Point Protocol. The choices are PPPoE (PPP over Ethernet) or PPPoA (PPP over ATM). • Telekom. Select the Telekom radio button if Telekom is your ISP. The following fields display: • • • • - Connection identifier. The connection identifier provided by Telekom. - Telekom number. The Telekom number provided by Telekom. - Co-user suffix.
PAGE 29
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • - Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers. Your ISP automatically assigns this address. - Use These DNS Servers. If you know that your ISP requires specific servers, select this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also. NAT (Network Address Translation).
PAGE 30
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • • - Get Automatically from ISP. Your ISP uses DHCP to assign your DNS servers. Your ISP automatically assigns this address. - Use These DNS Servers. If you know that your ISP requires specific servers, select this option. Enter the IP address of your ISP’s primary DNS server. If a secondary DNS server address is available, enter it also. NAT (Network Address Translation).
PAGE 31
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To view or change the basic wireless setup: 1. Select BASIC > Wireless. The Wireless Setup screen displays: Scroll to view more settings The screen sections, settings, and procedures are explained in the following sections. 2. Make any changes that are needed. 3. Click Apply. Your settings are saved. If you were connected wirelessly to the modem router and you changed the SSID or wireless security, you are disconnected from the network. 4.
PAGE 32
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Setup Screen Fields You can use this screen to view or change the wireless network settings and the security option. Wireless Network Region. The location where the modem router is used. Select from the countries in the list. In the United States, the region is fixed to United States and is not changeable. Enable SSID Broadcast.
PAGE 33
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B This section presents an overview of the security options and provides guidance on when to use which option. WEP Encryption WEP uses an old encryption method and can be easily decoded with today’s powerful computers. Use this mode only when you have a very old legacy wireless client that does not support WPA-PSK. The Wi-Fi Alliance highly recommends against using WEP and plans to make it obsolete.
PAGE 34
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 2. In the Security Options section, select WEP: 3. Select the authentication type. The default is Automatic. Other choices are Open System (any client can authenticate itself to the network) and Shared Key (a passphrase and a four-way challenge is needed for authentication). 4. Select the encryption strength setting, either 64 bit or 128 bit. 5. Enter the four data encryption keys either manually or automatically.
PAGE 35
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The Wireless Setup screen displays. 2. Under Security Options, select the WPA option you want. 3. In the Passphrase field that displays when you select a WPA security option, enter the network key (password) that you want to use. It is a text string from 8 to 63 characters. View Attached Devices Use the Attached Device screen to view all computers or devices that are currently connected to your network.
PAGE 36
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Parental Controls The first time you select Parental Controls from the BASIC Home screen, your browser goes to the Live Parental Controls website. You can learn more about Live Parental Controls or download the application. Figure 11. Live Parental Controls website  To set up Live Parental Controls: 1. Select Parental Controls on the Dashboard screen. 2. Click either the Windows Users or Mac Users button. 3.
PAGE 37
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B After installation, Live Parental Controls automatically starts. 4. Click Next, read the note, and click Next again to proceed. Because Live Parental Controls uses free OpenDNS accounts, you are prompted to log in or create a free account. 5. Select the radio button that applies to you and click Next. • If you already have an OpenDNS account, leave the Yes radio button selected.
PAGE 38
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B After you log on or create your account, the filtering level screen displays: 6. Select the radio button for the filtering level that you want and click Next. 7. Click the Take me to the status screen button. Parental controls are now set up for the modem router. The dashboard shows Parental Controls as Enabled.
PAGE 39
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Set Up a Guest Network Adding a guest network allows visitors at your home to use the Internet without giving them your wireless security key.  To set up a guest network: 1. Select BASIC > Guest Network. The Guest Network Settings page displays: Scroll to view more settings 2. Select the wireless network to configure. 3. Give the guest network a name. The guest network name is case-sensitive and can be up to 32 characters.
PAGE 40
4. NETGEAR genie Advanced Home 4 This chapter contains the following sections: • NETGEAR genie Advanced Home Screen • Setup Wizard • WPS Wizard • ADSL Setup • WAN Setup • LAN Setup • Quality of Service (QoS) Setup Some selections on the Advanced screen are described in separate chapters: • Internet Setup. This screen can be accessed through both the Setup menu on the Advanced screen and the dashboard on the Basic Home screen. For more information, see Internet Setup on page 26.
PAGE 41
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B NETGEAR genie Advanced Home Screen The genie ADVANCED Home dashboard presents status information. The content is the same as what is on the Router Status screen available from the Administration menu. The genie Advanced Home screen is shown in the following figure: This screen is also displayed through the Administration menu. Setup Wizard You can use the Setup Wizard to detect your Internet settings and automatically set up your modem router.
PAGE 42
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 5. Click Next. The Setup Wizard searches your Internet connection for servers and protocols to determine your ISP configuration. The following screen displays: WPS Wizard The WPS Wizard helps you add a WPS-capable client device (a wireless device or computer) to your network. On the client device, either press its WPS button or locate its WPS PIN.  To use the WPS Wizard: 1. Select ADVANCED > WPS Wizard. The following screen displays: 2.
PAGE 43
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • To use the push button method, either click the WPS button on this screen, or press the WPS button on the front of the modem router. Within 2 minutes, go to the wireless client and press its WPS button to join the network without entering a password. • To use the PIN method, select the PIN Number radio button, enter the client security PIN, and click Next.
PAGE 44
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The ADSL Settings screen displays: 2. In the Internet Service Provider drop-down list, select your ISP. 3. Specify the transfer mode. The transfer mode can be PTM (Packet Transfer Mode) or ATM (Asynchronous Transfer Mode). The VDSL2 interface supports PTM. PTM transports packets (IP, PPP, Ethernet, MPLS, and so on) over DSL links as an alternative to using ATM. PTM is based on the Ethernet in the First Mile (EFM) IEEE802.3ah standard. 4.
PAGE 45
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: WAN1 is for normal Internet access and WAN2 is for IPTV service. If you are subscribed to IPTV, you need to set up WAN2. The set up for WAN1 and WAN2 should be the same. If you are not subscribed to IPTV service, you do not need to set up WAN2. VLAN tags are used to distinguish the WAN1 and WAN2 traffic. 6. Select the Enable This Interface check box. If the Enable This Interface check box is not selected, this interface is not enabled. 7.
PAGE 46
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To view or change the WAN settings: 1. Select ADVANCED > Setup > WAN Setup. The WAN Setup screen displays: 2. Specify the settings for your Internet connection. The fields in this screen are described in the following section. 3. Click Apply. WAN Setup Screen Fields The following fields are available: • WAN Preference.
PAGE 47
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • MTU Size (in bytes). The normal MTU (maximum transmit unit) value for most Ethernet networks is 1500 bytes, or 1492 bytes for PPPoE connections. For some ISPs, you might need to reduce the MTU. This is rarely required. You should change the setting in this field only if you are sure that it is necessary for your ISP connection. See Change the MTU Size on page 48. • NAT Filtering.
PAGE 48
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The WAN Setup screen displays: 2. Select the Default DMZ Server check box. 3. Type the IP address. 4. Click Apply. Your changes are saved. Change the MTU Size The maximum transmission unit (MTU) is the largest data packet a network device transmits. When one network device communicates across the Internet with another, the data packets travel through many devices along the way.
PAGE 49
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: An incorrect MTU setting can cause Internet communication problems. For example, you might not be able to access certain websites, frames within websites, secure login pages, or FTP or POP servers. If you suspect an MTU problem, a common solution is to change the MTU to 1400. If you are willing to experiment, you can gradually reduce the MTU from the maximum value of 1500 until the problem goes away.
PAGE 50
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Subnet mask. 255.255.255.0 These addresses are part of the designated private address range for use in private networks and are suitable for most applications. By default, the modem router acts as a DHCP server. The modem router assigns IP, DNS server, and default gateway addresses to all computers connected to the LAN. The assigned default gateway address is the LAN address of the modem router.
PAGE 51
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B LAN Setup Screen Settings The following settings are available. Device Name. By default, this is DGND3800B (the modem router model). You can change it to another name if you prefer. LAN TCP/IP Setup • Device Name. This is an abbreviated name of the modem router. • Use Auto IP. Select this check box if you want the modem router to set up the LAN IP addresses automatically. • IP Address. The LAN IP address of the modem router.
PAGE 52
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B For example, using the default addressing scheme, define a range between 192.168.0.2 and 192.168.0.254, although you might want to save part of the range for devices with fixed addresses. • In the Starting IP Address field, specify the start of the range for the pool of IP addresses in the same subnet as the modem router.
PAGE 53
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 2. Click Edit or Delete. Quality of Service (QoS) Setup QoS is an advanced feature that can be used to prioritize some types of traffic ahead of others. The modem router can provide QoS prioritization over the wireless link and on the Internet connection. WMM QoS for Wireless Multimedia Applications The modem router supports Wi-Fi Multimedia Quality of Service (WMM QoS) to prioritize wireless voice and video traffic over the wireless link.
PAGE 54
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To specify prioritization of traffic, create a policy for the type of traffic and add the policy to the QoS Policy table in the QoS Setup screen. For convenience, the QoS Policy table lists many common applications and online games that can benefit from QoS handling. QoS for Applications and Online Gaming  To create a QoS policy for applications and online games: 1. Select ADVANCED > Setup > QoS Setup. 2.
PAGE 55
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B A list of applications or games displays. 7. Select an existing item from the list, scroll and select Add a New Application, or Add a New Game, as applicable. 8. If prompted, in the Connection Type list, select either TCP, UDP, or both (TCP/UDP). Specify the port number or range of port numbers that the application or game uses. 9.
PAGE 56
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B QoS for a MAC Address  To create a QoS policy for traffic from a specific MAC address: 1. Select ADVANCED > Setup > QoS Setup. 2. Click the Setup QoS Rule button. The QoS Setup screen displays. 3. Click Add Priority Rule. 4. From the Priority Category list, select MAC Address. 5. If the device to be prioritized appears in the MAC Device List, select its radio button.
PAGE 57
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 2. Select the radio button next to the QoS policy that you want to edit or delete, and do one of the following: • Click Delete to remove the QoS policy. • Click Edit to edit the QoS policy. Follow the instructions in the preceding sections to change the policy settings. 3. Click Apply. Your changes are saved in the QoS Setup screen.
PAGE 58
5. 5 USB Storage This chapter describes how to access and configure a USB storage drive attached to your modem router. The USB port on the modem router can be used to connect only USB storage devices like flash drives or hard drives. Do not connect computers, USB modems, CD drives, or DVD drives to the modem router USB port.
PAGE 59
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B USB Drive Requirements The modem router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High Speed) standards. The approximate USB bus speeds are shown in the following table. Actual bus speeds can vary, depending on the CPU speed, memory, speed of the network, and other variables. Table 3. USB drive speeds Bus Speed/Sec USB 1.1 12 Mbits USB 2.0 480 Mbits The modem router works with most USB-compliant external flash and hard drives.
PAGE 60
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B It might take up to 2 minutes before the USB device is ready for sharing. Access the USB Storage Device When you connect the USB device to the modem router USB port, it might take up to 2 minutes before it is ready for sharing. By default, the USB storage device is available to all computers on your local area network (LAN).  To access the USB device from a Mac: 1. Select Go > Connect to Server. 2. Enter smb://readyshare as the server address.
PAGE 61
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B b. Click OK. 6. Click Finish. The USB drive is mapped to the drive letter that you specified.  To access the USB drive from a remote computer: 1. Launch a web browser. 2. Connect using the modem router’s Internet port IP address. If you are using Dynamic DNS, you can type the DNS name, rather than the IP address. You can view the modem router’s Internet IP address on the Basic Home screen (see Dashboard (BASIC Home Screen) on page 22).
PAGE 62
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Share Photos You can create your own central storage location for photos and multimedia. This method eliminates the need to log in to (and pay for) an external photo-sharing site.  To share files with your friends and family: 1. Insert your USB drive into the USB port on the modem router either directly or with a USB cable.
PAGE 63
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B You can enable the HTTP (via Internet) option on the USB Storage (Advanced Settings) screen to share large files. This option supports downloading files only. View a USB Device Attached to the Modem Router  To view basic information about the USB storage device: 1. Select BASIC > ReadySHARE. By default, the Basic radio button is selected, and the screen displays a USB storage device if it is attached to the modem router USB port.
PAGE 64
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To view or change the USB storage advanced settings: 1. Select ADVANCED > USB Storage > Advanced Settings. 2. Specify access to the USB storage device. • Network Device Name. The default is readyshare. This is the name used to access the USB device connected to the modem router. • Workgroup. If you are using a Windows workgroup rather than a domain, the workgroup name is displayed here.
PAGE 65
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To view network folders: 1. Select ADVANCED > USB Storage > Advanced Settings. 2. Scroll down to the Available Networks Folder section of the screen. • Share Name. If only one device is connected, the default share name is USB_Storage. (Some router models have more than one USB port.) You can click the name, or you can type it in the address field of your web browser.
PAGE 66
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 2. Click Create Network Folder. If the Add a Network Folder screen does not display, your web browser might be blocking pop-ups. If it is, then change the browser settings to allow pop-ups. 3. Click Browse. 4. Select the folder. 5. Fill in the Share Name field. 6. In the Read Access list and the Write Access list, select the setting that you want. The user name (account name) for All – no password is guest.
PAGE 67
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To view these settings, select Advanced > USB Storage > Media Server to display the following screen: By default the Enable Media Server check box and the Automatic (when new files are added) radio button are selected. When these options are selected, the modem router scans for media files whenever new files are added to the ReadySHARE USB hard drive.
PAGE 68
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 3. In the Available USB Devices list, select the drive that you want to approve. 4. Click Add. 5. Select the Allow only approved devices check box. 6. Click Apply. Your change takes effect. If you want to work with another USB device, first click the Safely Remove USB Device button for the currently connected USB device. Connect the other USB device, and repeat this process.
PAGE 69
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Enable File and Printer Sharing Each computer’s network properties have to be set to enable network communication with the USB drive. File and Printer Sharing for Microsoft Networking have to be enabled, as described in the following sections. Note: In Windows 7, Windows XP, and Windows 2000, File and Printer Sharing is enabled by default.
PAGE 70
6. 6 Security This chapter explains how to use the basic firewall features of the modem router to prevent objectionable content from reaching the computers and devices on your network.
PAGE 71
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Keyword Blocking of HTTP Traffic Use keyword blocking to prevent certain types of HTTP traffic from accessing your network. The blocking can be always or according to a schedule.  To set up keyword blocking: 1. Select ADVANCED > Security > Block Sites. 2. Select one of the keyword blocking options: • Per Schedule. Turn on keyword blocking according to the Schedule screen settings. • Always.
PAGE 72
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Your changes are saved. Block Services (Port Filtering) Services are functions that server computers perform at the request of client computers. For example, web servers serve web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.
PAGE 73
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The Block Services Setup screen displays: 5. From the Service Type list, select the application or service to allow or block. The list displays several common services, but you are not limited to these choices. To add any additional services or applications that do not already appear, select User Defined. 6. If you know that the application uses either TCP or UDP, select the appropriate protocol. If you are not sure, select TCP/UDP (Both). 7.
PAGE 74
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B process information. Before forwarding your message to the remote computer, your router has to modify the source information and create and track the communication session so that replies can be routed back to your computer. Here is an example of normal outbound traffic and the resulting inbound responses: 1. You open a browser and your operating system assigns port number 5678 to this browser session. 2. You type http://www.example.
PAGE 75
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Source address. The IP address of www.example.com. Source port number. 80, which is the standard port number for a web server process. Destination address. Your computer’s IP address. Destination port number. 5678, which is the browser session that made the initial request. Port Triggering to Open Incoming Ports Some application servers (such as FTP and IRC servers) send replies to multiple port numbers.
PAGE 76
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To configure port triggering, you need to know which inbound ports the application needs. Also, you need to know the number of the outbound port that will trigger the opening of the inbound ports. You can usually determine this information by contacting the publisher of the application or the relevant user groups or news groups. Only one computer at a time can use the triggered application.
PAGE 77
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To configure port forwarding, you need to know which inbound ports the application needs. You usually can determine this information by contacting the publisher of the application or the relevant user groups or news groups.
PAGE 78
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To forward specific incoming protocols: 1. Select ADVANCED > Advanced Setup > Port Forwarding/Port Triggering. 2. Select the Port Forwarding radio button as the service type. 3. From the Service Name list, select the service or game that you will host on your network. If the service does not appear in the list, see Add a Custom Service on page 78. 4.
PAGE 79
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 4. In the Name field, enter a descriptive name. 5. In the Service Type list, select the protocol. If you are unsure, select TCP/UDP. 6. In the External Starting Port field, enter the beginning port number. • If the service uses only one port, enter the port number in the Ending Port field. • If the service uses a range of ports, enter the end port number in the Ending Port field. 7.
PAGE 80
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • More than one local computer needs port forwarding for the same application (but not simultaneously). • An application needs to open incoming ports that are different from the outgoing port. When port triggering is enabled, the modem router monitors outbound traffic looking for a specified outbound “trigger” port.
PAGE 81
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: If the Disable Port Triggering check box is selected after you configure port triggering, port triggering is disabled. However, any port triggering configuration information you added to the modem router is retained even though it is not used. 4. In the Port Triggering Timeout field, enter a value up to 9999 minutes. This value controls the inactivity timer for the designated inbound ports.
PAGE 82
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Schedule When to Block the Internet You can specify the days and time that you want to block Internet access.  To schedule blocking: 1. Select ADVANCED > Security > Schedule. 2. Set up the schedule for blocking keywords and services. • Days to Block. Select days on which you want to apply blocking by selecting the appropriate check boxes, or select Every Day to select the check boxes for all days. • Time of Day to Block.
PAGE 83
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To set up email notifications: 1. Select ADVANCED > Security > E-mail. 2. Select the Turn Email Notification On check box. 3. In the Your Outgoing Mail Server field, enter the name of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com). You might be able to find this information in the configuration screen of your email program. If you leave this field blank, log and alert messages are not sent. 4.
PAGE 84
7. 7 Administration This chapter describes the modem router settings for administering and maintaining your modem router and home network. For information about upgrading or checking the status of your modem router over the Internet, see Remote Management on page 109. For information about monitoring Internet traffic, See Traffic Meter on page 119.
PAGE 85
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Update the Modem Router Firmware The modem router firmware (routing software) is stored in flash memory. You can update the firmware from the Administration menu on the Advanced tab. You might see a message at the top of the genie screens when new firmware is available for your product. You can use the Check button on the Router Update screen to check and update to the latest firmware for your product if new firmware is available.
PAGE 86
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B View Router Status  To view modem router status and usage information: Select ADVANCED Home or select Administration > Router Status. Router Information Hardware Version. The modem router model. Firmware Version. The version of the modem router firmware. It changes if you upgrade the modem router firmware. GUI Language Version. The localized language of the user interface. Modem. The current modem status and settings are shown in this section.
PAGE 87
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Internet Port Internet Port. These are the current settings that you set in the Setup Wizard or Basic Settings screen. MAC Address. The Media Access Control address, which is the unique physical address used by the Internet (WAN) port of the modem router. IP Address. The IP address used by the Internet (WAN) port of the modem router. If no address is shown or the address is 0.0.0, the modem router cannot connect to the Internet. Connection.
PAGE 88
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Port. The statistics for the WAN (Internet) and LAN (Ethernet) ports. For each port, the screen displays: - Status. The link status of the port. - TxPkts. The number of packets transmitted on this port since reset or manual clear. - RxPkts. The number of packets received on this port since reset or manual clear. - Collisions. The number of collisions on this port since reset or manual clear. - Tx B/s.
PAGE 89
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Default Gateway. The IP address for the default gateway that the wireless modem router communicates with. • DHCP Server. The IP address for the Dynamic Host Configuration Protocol server that provides the TCP/IP configuration for all the computers that are connected to the wireless modem router. • DNS Server. The IP address of the Domain Name Service server that provides translation of network names to the IP addresses. • Lease Obtained.
PAGE 90
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Isolation. Wireless isolation prevents wireless clients from communicating with each other when they join the wireless network. Wi-Fi Protected Setup. Indicates whether WPS is configured for this network. View Logs of Web Access or Attempted Web Access The log is a detailed record of the websites you have accessed or attempted to access. Up to 256 entries are stored in the log.
PAGE 91
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To clear the log entries, click the Clear Log button. To email the log immediately, click the Send Log button. Include in Log  To include events in the log: 1. Select ADVANCED > Administration > Logs. The Logs screen displays. 2. Under Include in Log, select the check box of the events you want to include in the log.
PAGE 92
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Send to this Syslog server IP address. If your syslog server has a fixed IP address, select this option, and enter the IP address of your syslog server. 3. Click Apply to save your changes. Manage the Configuration File The configuration settings of the modem router are stored within the modem router in a configuration file. You can back up (save) this file to your computer, restore it, or reset it to the factory default settings.
PAGE 93
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Erase the Current Configuration Settings You can use the Erase button erase the configuration and restore the factory default settings. You might want to do this if you move the modem router to a different network or if you changed the password and have forgotten what it is. (The default passwords are on the product label).
PAGE 94
8. 8 Advanced Settings This chapter describes the advanced features of your modem router. Networking knowledge is needed to implement some of these features.
PAGE 95
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Advanced Wireless Settings You can use this screen to turn the wireless radio on and off, to specify WPS settings, to use AP mode, and to set up a wireless access list. The Fragmentation Length, CTS/RTS Threshold, and Preamble Mode options in this screen are reserved for wireless testing and advanced configuration only. Do not change these settings unless you have a specific reason to do so.
PAGE 96
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B View or Change WPS Settings  To specify WPS Settings: 1. Select ADVANCED > Advanced Setup > Wireless Settings. The Router’s PIN field displays the PIN that you use on a registrar (for example, from the Network Explorer on a Vista Windows computer) to configure the modem router’s wireless settings through WPS. 2. (Optional) Select or clear the Enable Router’s Pin check box. By default, the Enable Router’s Pin check box is selected.
PAGE 97
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 3. Click Add. The Wireless Card Access Setup screen opens and displays a list of currently active wireless cards and their Ethernet MAC addresses. 4. If the computer or device you want is in the Available Wireless Cards list, select that radio button; otherwise, type a name and the MAC address. You can usually find the MAC address on the bottom of the wireless device.
PAGE 98
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Distribution System (WDS) You can set up the modem router to be used as a wireless access point (AP). Doing this enables the modem router to act as a wireless repeater. A wireless repeater connects to another wireless modem router as a client where the network to which it connects becomes the ISP service. Wireless repeating is a type of wireless distribution system (WDS).
PAGE 99
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The modem router is always in dual-band concurrent mode, unless you turn off one radio. If you enable the wireless repeater in either radio band, the wireless base station or wireless repeater cannot be enabled in the other radio band. However, if you enable the wireless base station in either radio band and use the other radio band as a wireless modem router or wireless base station, dual-band concurrent mode is not affected.
PAGE 100
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 4. Select the Wireless Base Station radio button. 5. (Optional) Select the Disable Wireless Client Association check box to prevent wireless clients from associating with the base station and allowing LAN client associations only. You can leave the check box cleared if you prefer wireless clients to be able to associate with the base stations. 6.
PAGE 101
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B If you are using the modem router as the base station with a non-NETGEAR router as the repeater, you might need to change more configuration settings. In particular, you should disable the DHCP server function on the access point that is the repeater.  To configure the modem router as a repeater: 1. Log in to the modem router that will be the repeater. 2. Select BASIC > Wireless and verify that the wireless settings match the base unit exactly.
PAGE 102
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Your changes are saved. 10. Verify connectivity across the LANs. A computer on any wireless or wired LAN segment of the modem router can connect to the Internet or share files and printers with any other computer or server connected to the other access point. Set Up a Point-to-Point Bridge In point-to-point bridge mode, the modem router communicates as an access point with another bridge-mode wireless station.
PAGE 103
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B If your modem router is the repeater, then set up AP 2 as the base station; otherwise, set up AP 2 as the repeater. 3. Set up both access points and verify that they use the same SSID, channel, authentication mode, if any, and WEP security settings if security is in use. 4. Disable the DHCP server on AP 2. AP 1 will then be the DHCP server. 5. Verify connectivity across LAN Segment 1 and LAN Segment 2.
PAGE 104
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To set up the multi-point bridge configuration: In this example, the modem router is AP 1 on LAN Segment 1 because it is in a central location. 1. Set up your modem router to be the base station in the bridge. a. In the Wireless Repeating Function screen for your modem router, select the Enable Wireless Repeating Function check box. b. Select the Wireless Base Station radio button. c.
PAGE 105
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: Wireless stations configured as in Figure 14 on page 102 cannot connect to the modem router or access points. If you want wireless stations to access any LAN segment, use additional access points in any LAN segment. Repeater with Wireless Client Association In the repeater mode with wireless client association, your modem router sends all traffic to a base station access point.
PAGE 106
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B c. Clear the corresponding Disable Wireless Client Association check box (make sure it is not selected). d. Enter the MAC addresses for AP 2 and AP 3 in the Repeater MAC Address 1 and Repeater MAC Address 2 fields. e. Click Apply. 2. Set up AP 2 and AP 3 to be wireless repeaters. a. In the Wireless Repeating Function screen for AP 2 and AP 3, select the Enable Wireless Repeating Function check box. b. Select the Wireless Repeater radio button. c.
PAGE 107
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B provider, logs in to your account, and registers your new IP address. If your host name is hostname, for example, you can reach your modem router at http://hostname.dyndns.org.  To set up Dynamic DNS: 1. Select ADVANCED > Advanced Setup > Dynamic DNS. 2. Register for an account with one of the Dynamic DNS service providers whose URLs are in the Service Provider list. 3. Select the Use a Dynamic DNS Service check box. 4.
PAGE 108
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B request to the ISP. The ISP forwards your request to the company where you are employed, and the request is likely to be denied by the company’s firewall. In this case you have to define a static route, telling your modem router that 134.177.0.0 should be accessed through the ISDN modem router at 192.168.0.100. In this example:  • The Destination IP Address and IP Subnet Mask fields specify that this static route applies to all 134.177.x.
PAGE 109
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To edit or delete a static route: 1. Select ADVANCED > Advanced Setup > Static Routes. The Static Routes screen displays. 2. In the table, select the radio button next to the route that you want to edit or delete. 3. Do one of the following: • Click the Edit button. The Static Routes screen adjusts. a. Edit the route information. • b. Click the Apply button. Click the Delete button. The route is removed from the table.
PAGE 110
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To set up remote management: 1. Select ADVANCED > Advanced Setup > Remote Management. 2. Select the Turn Remote Management On check box. 3. Under Allow Remote Access By, specify the external IP addresses to be allowed to access the modem router’s remote management. For enhanced security, restrict access to as few external IP addresses as practical. • To allow access from a single IP address on the Internet, select Only This Computer.
PAGE 111
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Universal Plug and Play Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network.
PAGE 112
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B IPv6 You can use this feature to set up an IPv6 Internet connection type if genie does not detect it automatically.  To set up an IPv6 Internet connection type: 1. Select Advanced > Advanced Setup > IPv6. 2. In the Internet Connection Type list, select the IPv6 connection type. Your Internet service provider (ISP) can provide this information.
PAGE 113
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Auto Detect  To set up an IPv6 Internet connection through auto detection: 1. Select ADVANCED > Advanced Setup > IPv6. The IPv6 screen displays. 2. In the Internet Connection Type list, select Auto Detect. The screen adjusts: The modem router automatically detects the information in the following fields: • Connection Type. This field indicates the connection type that is detected. • Router’s IPv6 Address on WAN.
PAGE 114
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B IPv6 6to4 Tunnel The remote relay router is the router to which your modem router creates the 6to4 tunnel. Make sure that the IPv4 Internet connection is working before you apply the 6to4 tunnel settings for the IPv6 connection.  To set up an IPv6 Internet connection by using a 6to4 tunnel: 1. Select ADVANCED > Advanced Setup > IPv6. The IPv6 screen displays. 2. In the Internet Connection Type list, select 6to4 Tunnel.
PAGE 115
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Auto Config. This is the default setting. 5. (Optional) Select the Use This Interface ID check box, and specify the interface ID that you want to be used for the IPv6 address of the modem router’s LAN interface. If you do not specify an ID here, the modem router generates one automatically from its MAC address. 6. Click the Apply button.
PAGE 116
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The screen adjusts: 3. Configure the fixed IPv6 addresses for the WAN connection: • IPv6 Address/Prefix Length. The IPv6 address and prefix length of the modem router WAN interface. • Default IPv6 Gateway. The IPv6 address of the default IPv6 gateway, which should be on the modem router’s WAN interface. • Primary DNS Server. The primary DNS server that resolves IPv6 domain name records for the modem router. • Secondary DNS Server.
PAGE 117
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B IPv6 DHCP  To set up an IPv6 Internet connection with a DHCP server: 1. Select ADVNCED > Advanced Setup > IPv6. The IPv6 screen displays. 2. In the Internet Connection Type list, select DHCP. The screen adjusts: The modem router automatically detects the information in the following fields: • Router’s IPv6 Address on WAN. This field shows the IPv6 address that is acquired for the modem router’s WAN (or Internet) interface.
PAGE 118
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Use DHCP Server. This method passes more information to LAN devices, but some IPv6 systems might not support the DHCv6 client function. • Auto Config. This is the default setting. 6. (Optional) Select the Use This Interface ID check box, and specify the interface ID that you want to be used for the IPv6 address of the modem router’s LAN interface.
PAGE 119
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B This is usually the name that you use in your email address. For example, if your main mail account is JerAB@ISP.com, then you would type JerAB in this field. Some ISPs (like Mindspring, Earthlink, and T-DSL) require that you use your full email address when you log in. If your ISP requires your full email address, type it in this field. 4. In the Password field, enter the password for the ISP connection. 5.
PAGE 120
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To monitor Internet traffic: 1. Click ADVANCED > Advanced Setup > Traffic Meter. Scroll to view more settings 2. Select the Enable Traffic Meter check box. 3. (Optional) Control the volume of Internet traffic. You can use either the traffic volume control feature or the connection time control feature to do this. • • Select the Traffic volume control by radio button and then select one of the following options: - No Limit.
PAGE 121
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The Internet Traffic Statistics section helps you to monitor the data traffic. Click the Refresh button to update the Traffic Statistics section. Click the Traffic Status button to display more information about the data traffic on your modem router and to change the poll interval.
PAGE 122
9. Virtual Private Networking 9 This chapter describes how to use the virtual private networking (VPN) features of the modem router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer.
PAGE 123
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Overview of VPN Configuration The modem router supports both client-to-gateway and gateway-to-gateway VPN tunnels. The modem router supports up to five concurrent tunnels. Client-to-Gateway VPN Tunnels Client-to-gateway VPN tunnels provide secure access from a remote computer, such as a telecommuter connecting to an office network. VPN tunnel Modem router PC running NETGEAR ProSafe VPN Client Figure 17.
PAGE 124
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B A VPN tunnel between gateways is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use gateways on each end of the tunnel to form the VPN tunnel endpoints. For more information about how to set up this configuration, see Add a Gateway-to-Gateway VPN Tunnel on page 125.
PAGE 125
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 4. Select A remote VPN client (single PC) radio button and click Next. The Summary screen displays: Note: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. 5. Click Done. The VPN Policies screen displays, showing that the new tunnel is enabled: 6. (Optional) To view or modify a tunnel’s settings, select its radio button and click Edit. 7.
PAGE 126
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 2. Select ADVANCED > Advanced - VPN > VPN Wizard. 3. Click Next. The following screen displays: 4. Fill in the Connection Name and pre-shared key fields. 5. Select the A remote VPN Gateway radio button and click Next. The following screen displays: 6. Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and click Next.
PAGE 127
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The following screen displays: 7. Fill in the IP Address and Subnet Mask fields for the target endpoint that can use this tunnel, and click Next. The VPN Wizard Summary screen displays: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. 8. On the Summary screen click Done. The VPN Policies screen displays, showing that the new tunnel is enabled.
PAGE 128
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 9. Repeat these steps for the gateway on LAN B, and pay special attention to the following network settings: • WAN IP of the remote VPN gateway (for example, 14.15.16.17) • LAN IP settings of the remote VPN gateway: - IP address (for example, 192.168.0.1) - Subnet mask (for example, 255.255.255.
PAGE 129
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The VPN Status screen displays: This log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for information about what might be the cause of the problem. 2. (Optional) Click Refresh to see the most recent entries. 3. (Optional) Click Clear Log to delete all log entries. 4. Click the VPN Status button. The Current VPN Tunnels (SAs) screen displays.
PAGE 130
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Deactivate a VPN Tunnel Sometimes a VPN tunnel has to be deactivated for testing purposes. You can deactivate a VPN tunnel from two places:  • Policy table on VPN Policies screen • VPN Status screen To use the Policy Table to deactivate a VPN tunnel: 1. Select ADVANCED > Advanced - VPN > VPN Policies. 2. In the Policy Table, clear the Enable check box for the VPN tunnel that you want to deactivate. 3. Click Apply.
PAGE 131
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Delete a VPN Tunnel  To delete VPN tunnel: 1. Select ADVANCED > Advanced - VPN > VPN Policies. 2. Select the radio button for the VPN tunnel. 3. Click Delete. Auto Policy Example You need to configure matching VPN settings on both VPN endpoints. The outbound VPN settings on one end have to match to the inbound VPN settings on other end, and vice versa. Auto policy creates a typical automated Internet Key Exchange (IKE) setup.
PAGE 132
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B settings on this VPN gateway have to match the settings on the remote VPN endpoint. Where settings have to match, this requirement is indicated.  To add an Auto policy: 1. Set the LAN IPs on each gateway to different subnets and configure each correctly for the Internet. 2. Select ADVANCED > Advanced - VPN > VPN Policies. The VPN Policy screen displays: 3. Click the Add Auto Policy button.
PAGE 133
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. • From the Address Type list, select Fully Qualified Domain Name, Dynamic IP Address or Fixed IP Address. You can set up multiple remote dynamic IP policies, but only one policy can be enabled at a time.
PAGE 134
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • Select the Diffie-Hellman (DH) Group from the list. The Diffie-Hellman algorithm is used when keys are exchanged. The DH Group setting determines the bit size used in the exchange. This value needs to match the value used on the remote VPN gateway. • Select the local identity type. Select an option to match the Remote Identity Type setting on the remote VPN endpoint. • - WAN IP Address. Your Internet IP address.
PAGE 135
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B This value is the time interval before the SA (security association) expires. (It is automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades performance. It is common to use periods over an hour (3600 seconds) for the SA life time. This setting applies to both IKE and IPSec SAs. • If you want enhanced security, select the Enable IPSec PFS (Perfect Forward Secrecy) check box.
PAGE 136
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B  To add or edit a manual policy: 1. Select ADVANCED > Advanced - VPN > VPN Policies. The VPN Policies screen displays: 2. Click the Add Manual Policy button. The VPN - Manual Policy screen displays: Scroll to view more setings 3. Specify the general settings: • In the Policy Name field, enter a unique name. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies.
PAGE 137
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B - Enter the domain name or Fixed IP address in the Address Data field. You can set up multiple remote dynamic IP policies, but only one such policy can be enabled at a time. 4. Specify the Local LAN settings: • From the IP Address list, select Subnet address, Single address, or Range address. • Fill in the Single/Start IP Address field. • If you are specifying a range, fill in the Finish IP Address field.
PAGE 138
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • From the Authentication list, select MD5 or SHA-1, and fill in the Key field.
PAGE 139
10. 10 Troubleshooting This chapter provides information to help you diagnose and solve problems you might have with your modem router. If you do not find the solution here, check the NETGEAR support site at http://support.netgear.com for product and contact information.
PAGE 140
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Troubleshoot with the LEDs When you turn on the power, the Power, LAN, and DSL LEDs should light as described here. If they do not, refer to the sections that follow for help. 1. When power is first applied, the Power LED lights. 2. After approximately 10 seconds, the LAN and DSL LEDs light as follows: a. The LAN port LEDs light for any local ports that are connected. b. The 2.4 GHz and 5 GHz Wireless LEDs light. c.
PAGE 141
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B • You are using the correct cable. Wireless LEDs Are Off If the 2.4 GHz and 5 GHz Wireless LEDs do not light, the radios might be turned off. Press the Wireless On/Off button on the front panel to turn the radios back on. DSL or Internet LED Is Off If the DSL or Internet LED does not light, check to make sure that you are using the correct cable.
PAGE 142
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Troubleshoot the Internet Connection If your modem router is unable to access the Internet, check the ADSL connection, then the WAN TCP/IP connection. ADSL Link First determine whether you have an ADSL link with the service provider. The state of this connection is indicated by the DSL LED. DSL LED Is Green or Blinking Green You have a good ADSL connection. The service provider has connected your line correctly, and your wiring is correct.
PAGE 143
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Internet LED Is Red If the Internet LED is red, the device could not connect to the Internet. Verify the following: • Check that your login credentials are correct. For more information, see Log In to the N600 Modem Router on page 18. • Check that the information you entered on the Basic Settings screen is correct. For more information, see Manual Setup (Basic Settings) on page 22.
PAGE 144
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Troubleshoot PPPoE or PPPoA  To troubleshoot a PPPoE or PPPoA connection: 1. Select ADVANCED > Administration > Router Status. 2. Click the Connection Status button. 3. Check t o see if your PPPoE or PPPoA connection is up and working. 4. If any of the fields on the Connection Status screen indicates Failed, you can attempt to reconnect by clicking Connect. The modem router continues to attempt to connect indefinitely. 5.
PAGE 145
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Test the LAN Path to Your Modem Router You can ping the modem router from your computer to verify that the LAN path to your modem router is set up correctly.  To ping the modem router from a computer running Windows 95 or later: 1. From the Windows taskbar, click the Start button, and select Run. 2. In the field provided, type ping followed by the IP address of the modem router, as in this example: ping 192.168.0.1 3. Click OK.
PAGE 146
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B information is not visible in your computer’s Network Control Panel. Verify that the IP address of the modem router is listed as the default router. • Check that the network address of your computer (the portion of the IP address specified by the netmask) is different from the network address of the remote device. • Check that your cable or DSL modem is connected and functioning.
PAGE 147
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Changes Not Saved If the modem router does not save the changes you make in the modem router interface, check the following: • When entering configuration settings, always click the Apply button before moving to another screen or tab, or your changes are lost. • Click the Refresh or Reload button in the web browser. The changes might have occurred, but the old settings might be in the web browser’s cache.
PAGE 148
A. Supplemental Information A This appendix includes the factory default settings and technical specifications for the modem router.
PAGE 149
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Factory Settings You can return the modem router to its factory settings. On the bottom of the modem router, use the end of a paper clip or some other similar object to press and hold the Restore Factory Settings button for at least 7 seconds. The modem router returns to the factory settings shown in the following table. Table 4.
PAGE 150
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 4. Factory default settings (continued) Feature Wireless Default Behavior Wireless communication Enabled SSID name Can be found on the label on the bottom of the unit. Security Can be found on the label on the bottom of the unit.
PAGE 151
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Specifications Table 5. DGND3800 modem router specifications Specification Description Network protocol and standards compatibility TCP/IP, RIP-1, RIP-2, DHCP, PPPoE or PPPoA, RFC 1483 Bridged or Routed Ethernet, and RFC 1577 Classical IP over ATM Power adapter North America: 120V, 60 Hz, input UK, Australia: 240V, 50 Hz, input Europe: 230V, 50 Hz, input All regions (output): 12V @ 1A output Physical Dimensions: 6.80 in. x 5.03 in. x 1.
PAGE 152
B. VPN Configuration Case study on how to set up a V P N B The DGND3800B can terminate up to five VPNs. This appendix is a case study on how to configure a secure IPSec VPN tunnel from your modem router to an FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
PAGE 153
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Configuration Profile The configuration in this appendix follows the addressing and configuration mechanics defined by the VPN Consortium. Gather necessary information before you begin configuration. Verify that the firmware is up to date, and that you have all the addresses and parameters to be set on both sides. Check that there are no firewall restrictions. Table 6.
PAGE 154
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B b. For the remote WAN’s IP address, enter 22.23.24.25. c. Enter the following: • IP Address. 172.23.9.1 • Subnet Mask. 255.255.255.0 d. In the Summary screen, click Done. 2. Use the VPN Wizard to configure the Gateway B for a gateway-to-gateway tunnel (see Add a Gateway-to-Gateway VPN Tunnel on page 125), being certain to use appropriate network addresses for the environment. a. For the connection name, enter toGW_A. b.
PAGE 155
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Verify that the firmware is up to date, and that you have all the addresses and parameters to be set on both sides. Check that there are no firewall restrictions. 10.506.0/24 172.23.9.0/24 Gateway A (DGND3800) Gateway B LAN IP 10.5.6.1 WAN IP example.org (FQDN) Internet WAN IP example2.org (FQDN) LAN IP 172.23.9.1 Figure 21. VPNC example, network interface addressing Table 7.
PAGE 156
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To establish VPN connectivity, Gateway A has to be configured to use Dynamic DNS, and Gateway B has to be configured to use a DNS host name provided by a DDNS service provider to find Gateway A. Again, the following step-by-step procedures assume that you have already registered with a DDNS service provider and have the configuration information necessary to set up the gateways. Step-by-Step Configuration  To configure a VPN tunnel: 1.
PAGE 157
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 3. On Gateway B, configure the Dynamic DNS settings. Assume a correctly configured DynDNS account. a. Select ADVACNED > Advanced Setup > Dynamic DNS. The Dynamic DNS screen displays: b. Select the Use a Dynamic DNS Service check box. c. Select www.DynDNS.org from the Service Provider drop-down list. d. Fill in the fields with the account and host name settings. • In the Host Name field, enter fvl328.dyndns.org.
PAGE 158
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The LAN addresses used in this example are as follows: Table 8. Device LAN IP Address LAN Subnet Mask DGND3800B 10.5.6.1 255.255.255.0 FVL328 172.23.6.1 255.255.255.0 a. For the connection name, enter toFVL328. b. For the remote WAN’s IP address, enter fvl328.dyndns.org. c. Enter the following: • IP Address. 172.23.9.1 • Subnet Mask. 255.255.255.0 5.
PAGE 159
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Verify that the firmware is up to date, and make sure you have all the addresses and parameters to be set on both sides. Assure that there are no firewall restrictions. Table 9.
PAGE 160
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Enter the following information: fromGW_A (in the example) IKE Keep Alive is optional; has to match remote LAN IP address when enabled (remote computer must respond to pings) 192.168.2.3 (in this exmple) Remote NAT router has to have address reservation set and VPN pass-through enabled) fromGW_A.com (in this example) toGW_A.com (in this example) 4. Click Apply. The VPN Policies screen displays.
PAGE 161
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: Before installing the software, be sure to turn off any virus protection or firewall software you might be running on your computer.  To configure a VPN tunnel: 1. Install the NETGEAR ProSafe VPN Client on the remote computer, and then reboot. a. You might need to insert your Windows CD to complete the installation.
PAGE 162
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B d. In the Connection Security section, select Secure. toGW_A e. In the ID Type drop-down list, select IP Subnet. f. In the Subnet field, type 192.168.0.1 as the network address of the modem router. g. In the Mask field, enter 255.255.255.0 as the LAN subnet mask of the modem router. h. In the Protocol drop-down list, select All to allow all traffic through the VPN tunnel. i. Select the Connect using Secure Gateway Tunnel check box. j.
PAGE 163
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The Security Policy screen displays: c. In the Select Phase 1 Negotiation Mode group, select the Main Mode radio button. 4. Configure the VPN client identity. In this step, you provide information about the remote VPN client computer. You have to provide the pre-shared key that you configured in the modem router and either a fixed IP address or a fixed virtual IP address of the VPN client computer. a.
PAGE 164
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B e. In the Internet Interface section, in the Name list, select Intel PRO/100VE Network Connection; your Ethernet adapter might be different), and then in the IP Addr field, enter 192.168.2.3. f. Click the Pre-Shared Key button. g. In the Pre-Shared Key screen, click Enter Key. Enter the modem router’s pre-shared key and click OK. In this example, 12345678 is entered, though the screen shows asterisks. This field is case-sensitive. 5.
PAGE 165
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B 6. Configure the VPN Client Key Exchange Proposal. In this step, you provide the type of encryption (DES or 3DES) to be used for this connection. This selection has to match your selection in the VPN router configuration. a. Expand the Key Exchange subheading by double-clicking its name or clicking the + symbol. Then select Proposal 1 below Key Exchange. b. In the SA Life drop-down list, select Unspecified. c.
PAGE 166
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To check the VPN connection, you can initiate a request from the remote computer to the VPN router’s network by using the Connect option in the modem router screen: Right-click the system tray icon to open the pop-up menu. My Connections\DGD3300v2 Since the remote computer has a dynamically assigned WAN IP address, it has to initiate the request. a. Right-click the system tray icon to open the pop-up menu. b.
PAGE 167
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Monitor the VPN Tunnel (Telecommuter Example) To view information about the progress and status of the VPN client connection, open the Log Viewer. In Windows, click Start, and select Programs > N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B > Log Viewer. Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel.
PAGE 168
C. Notification of Compliance N ETGE A R D ua l B a nd - Wi reles s C Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
PAGE 169
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B FCC Radio Frequency Interference Warnings & Instructions This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
PAGE 170
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B NOTE IMPORTANTE: Déclaration d'exposition aux radiations: Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps.