Page 1
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA M-10153-01 Version 1.1 September 2004 M-10153-01...
Page 2
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3
EN 55 022 Declaration of Conformance This is to certify that the Double 108 Mbps Wireless Firewall Router WGU624 is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class B (CISPR 22).
Page 4
Certificate of the Manufacturer/Importer It is hereby certified that the Double 108 Mbps Wireless Firewall Router WGU624 has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions.
Cabling and Computer Hardware Requirements ...3-1 Computer Network Configuration Requirements ...3-1 Internet Configuration Requirements ...3-2 Where Do I Get the Internet Configuration Parameters? ...3-2 Record Your Internet Connection Information ...3-3 Connecting the WGU624 ...3-4 Connecting the Wireless Router ...3-4 Contents M-10153-01 Contents...
Page 6
How to Manually Configure Your Internet Connection ...3-9 Manual PPPoE Configuration ... 3-11 Manual PPTP Configuration ...3-13 Manual Telstra Bigpond Configuration ...3-15 Chapter 4 Wireless Configuration Observing Performance, Placement, and Range Guidelines ...4-1 Implementing Appropriate Wireless Security ...4-2 Wireless Mode Options ...4-3 Default Basic Wireless Settings ...4-4 Basic 802.11a Wireless Settings ...4-4 Basic 802.11g Wireless Settings ...4-6...
Page 7
Troubleshooting the Web Configuration Interface ...8-3 Troubleshooting the ISP Connection ...8-4 Troubleshooting a TCP/IP Network Using a Ping Utility ...8-5 Testing the LAN Path to the WGU624 ...8-5 Testing the Path from Your PC to a Remote Device ...8-6 Contents...
Page 8
Restoring the Default Configuration and Password ...8-7 Problems with Date and Time ...8-7 Why Does the WGU624 Not Reach Full 108 Mbps Speeds? ...8-8 Appendix A Technical Specifications Appendix B Network, Routing, Firewall, and Basics Related Publications ... B-1 Basic Router Concepts ... B-1 What is a Router? ...
Page 9
Verifying TCP/IP Properties ... C-6 Configuring Windows NT4, 2000 or XP for IP Networking ... C-7 Install or Verify Windows Networking Components ... C-7 DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 ... C-8 DHCP Configuration of TCP/IP in Windows XP ... C-8 DHCP Configuration of TCP/IP in Windows 2000 ...
Page 10
What are the Key Features of WPA Security? ... D-10 WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS ... D-12 WPA Data Encryption Key Management ... D-14 Is WPA Perfect? ... D-16 Product Support for WPA ... D-16 Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged ... D-16 Changes to Wireless Access Points ...
This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest. This manual is written for the WGU624 wireless router according to these specifications.: Table 1-2. Manual Scope...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How to Use This Manual The HTML version of this manual includes a variety of navigation features as well as links to PDF versions of the full manual and individual chapters.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How to Print this Manual To print this manual you man choose one of the following several options, according to your needs. • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button the upper right of the toolbar to print the currently displayed topic.
Page 14
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 About This Manual M-10153-01...
NETGEAR Double 108 Mbps Wireless Firewall Router WGU624. Key Features of the Router The Double 108 Mbps Wireless Firewall Router WGU624 with 4-port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem.
Wireless network name broadcast can be turned off so that only devices that have the network name (SSID) can connect. Comparing the 802.11a, 802.11b, and 802.11g Modes The Double 108 Mbps Wireless Firewall Router WGU624 offers a variety of wireless modes. The table below compares some of the features of each mode. M-10153-01...
Frequency 2.4 GHz A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT routers, the WGU624 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include: • Denial of Service (DoS) protection.
Autosensing Ethernet Connections with Auto Uplink With its internal 8-port 10/100 switch, the WGU624 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.
• IP Address Sharing by NAT The WGU624 wireless router allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account.
• Firmware Auto-Update The WGU624 wireless router automatically checks the Internet to see if a newer version of firmware is available. If so, it asks if you want to install the upgrade. This lets you take advantage of product enhancements for your WGU624 as soon as they become available.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Router’s Front Panel The front panel of the WGU624 wireless router contains the status LEDs described below. Figure 2-1: WGU624 Front Panel You can use some of the LEDs to verify connections. Viewed from left to right, the table below describes the LEDs on the front panel of the router.
On (Amber) Local Blink (Amber) The Router’s Rear Panel The rear panel of the WGU624 wireless router contains the port connections listed below. Figure 1-2: WGU624 Rear Panel Viewed from left to right, the rear panel contains the following features: •...
This chapter describes how to set up the router on your local area network (LAN) and connect to the Internet. You will find out how to configure your Double 108 Mbps Wireless Firewall Router WGU624 for Internet access using the Setup Wizard, or how to manually configure your Internet connection.
• You may also refer to the Double 108 Mbps Wireless Router WGU624 Resource CD for the NETGEAR Router ISP Guide, which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the page below.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Record Your Internet Connection Information Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP.
Follow the steps below to connect your router to your network. You can also refer to the Double 108 Mbps Wireless Router WGU624 Resource CD included with your router which contains an animated Installation Assistant to help you through this procedure.
Page 27
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: Place the WGU624 wireless router in a location which conforms to the Performance, Placement, and Range Guidelines” on page WGU624 provides a convenient, space-saving way of installing the wireless router. Avoid stacking it on other electronic equipment.
Page 28
Internet. First, turn on the broadband modem and wait 2 minutes. Now, plug in the power cord to the WGU624 and wait one minute. Last, turn on your computer. Note: For DSL customers, if software logs you in to the Internet do not run that software. You may need to go to the Internet Explorer Tools Menu, Internet Options, Connections tab page where you can select “Never dial a connection”.
Page 29
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The login window is displayed below: Figure 3-4: Login window Click OK. Note: If you cannot connect to the wireless router, verify that your cables are connected correctly, that the router is powered on. Verify that your computer is set to obtain the both IP and DSN server addresses automatically, which is usually so.
Page 30
If you choose not to use the auto-update feature, you can check for new firmware by following the procedure in Note: Be sure to check the NETGEAR Web site for documentation updates, which are available at http://kbserver.netgear.com/products/WGU624.asp. “How to Manually Configure 3-9.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How to Manually Configure Your Internet Connection You can manually configure your router using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.
Page 32
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 If your Internet connection does not require a login, click No at the top of the Basic Settings menu and fill in the settings according to the instructions below. If your Internet connection does require a login, click Yes, and skip to step 3.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Select you Internet service provider from the drop-down list. Figure 3-7: Basic Settings ISP list The screen changes according to the ISP settings requirements of the ISP you select.
Page 34
Note: If you enter DNS addresses, restart your computers so that these settings take effect. • Click Apply to save your settings. • Click Test to verify that your Internet connection works. If the NETGEAR Web site does not appear within one minute, refer to 3-12 Chapter 8, “Troubleshooting”.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Manual PPTP Configuration If your ISP uses PPTP, select PPTP for the Internet Service Provider in the Basic Settings menu and you will see the following menu: Figure 3-9: PPTP menu...
Page 36
PC that is allowed by the ISP. Or, select “Use this MAC address” and enter it. • Click Apply to save your settings. • Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, 3-14 “Troubleshooting”.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Manual Telstra Bigpond Configuration If your ISP uses Telstra Bigpond, select Telstra Bigpond for the Internet Service Provider in the Basic Settings menu and you will see the following menu:...
Page 38
PC that is allowed by the ISP. Or, select “Use this MAC address” and enter it. • Click Apply to save your settings. • Click Test to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, 3-16 “Troubleshooting”.
This chapter describes how to configure the wireless features of your WGU624 wireless router. In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your router in order to maximize the network speed. For further information on wireless networking, refer to in Basics”.
Restrict Access Based on MAC Address. You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the WGU624. MAC address filtering adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • WEP. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP Shared Key authentication and WEP data encryption will block all but the most determined eavesdropper. • WPA-PSK. Wi-Fi Protected Access (WPA) data encryption provides strong data security.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Default Basic Wireless Settings When you first receive your WGU624, the default factory settings in effect are shown in the table below. You can restore these defaults with the factory default reset button on the rear panel.
Page 43
SSID is: NETGEAR_11a. Region. This field identifies the region where the WGU624 can be used. It may not be legal to operate the wireless features of the wireless router in a region other than one of those identified in this field.
108 Mbps only — only compatible 802.11a wireless stations that support 108 Mbps can connect. • Auto 108 Mbps — all 802.11a and NETGEAR 108 Mbps wireless stations can be used. Security Mode: • Open System — allows any device to join the network, assuming that the device SSID matches the router SSID.
Page 45
SSID is: NETGEAR_11g. Region. This field identifies the region where the WGU624 can be used. It may not be legal to operate the wireless features of the wireless router in a region other than one of those identified in this field.
Page 46
108 Mbps only — only compatible 802.11g wireless stations that support 108 Mbps can connect. • Auto 108 Mbps — all 802.11g, 802.11b and NETGEAR 108 Mbps wireless stations can be used. Note: If you select 108 Mbps mode, the router will only use channel 6.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Wireless Security Settings The following table shows the 11a and 11g security mode and cipher type options: Table 4-3. Wireless Security Settings Security Mode Cipher Type Open System WEP — 64, 128, or 152 bit encryption Shared Key WEP —...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Security Mode Selection Figure 4-4: Encryption Strength The WGU624 lets you select the following wireless security modes with the WEP Cypher Type: • Open System. With Open Network Authentication and 64-, 128-, or 152- bit WEP data encryption, the WGU624 performs data encryption, but does not perform any authentication.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Disable. No encryption will be applied. This setting is useful for troubleshooting your wireless connection, but leaves your wireless data fully exposed. • 64-bit, 128-bit, or 152-bit WEP. When selected, WEP encryption will be applied. If encryption strength is set to 128 bit or 152 bit, then only the selected WEP key box will automatically be populated with key values.
Page 50
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Cipher Type Choices • AES. Advanced Encryption Standard, a symmetric 128-bit block data encryption technique. It is an iterated block cipher with a variable block length and a variable key length. The block length and the key length can be independently specified to 128, 192 or 256 bits.The U.S...
Note: If you select Shared Key, the other devices in the network will not connect unless they are set to Shared Key as well. — WEP Encryption Strength. Choose the key size. Circle one: 64, 128, or 152 bit. — Data Encryption (WEP) Keys. The WGU624 provides two methods for creating WEP encryption keys: •...
802.11a and NETGEAR_11g for 802.11g. Note: The SSID of any wireless access adapters must match the SSID you configure in the Double 108 Mbps Wireless Firewall Router WGU624. If they do not match, you will not get a wireless connection to the WGU624.
Restricting Wireless Access by MAC Address To restrict access based on MAC addresses, follow these steps: Log in to the WGU624 wireless router at its default LAN address of default user name of admin and default password of password, or using whatever LAN address and password you have set up.
Page 54
Click the Turn Access Control On check box. Then, either select from the list of available wireless cards the WGU624 has found in your area, or enter the MAC address and device name for a device you plan to use. You can usually find the MAC address printed on the wireless adapter.
LAN address and password you have set up. Click the Wireless Settings a or g link in the main menu of the WGU624. From the Security Encryption menu drop-down list, select the WEP encryption strength you will use.
To enable WPA-PSK Encryption Security: Click the Wireless Settings a or g link in the main menu of the WGU624 wireless router. Select WPA-PSK. Figure 4-9: WPA-PSK Security Configuration For the Cipher Type, select AES or TKIP.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Advanced Wireless Settings The advanced wireless settings are configured separately for the 802.11a and 802.11g protocols. Default Advanced Wireless Settings The default advanced wireless settings are shown in the table below.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Advanced 802.11a Wireless Settings From the main menu, click Advanced a Wireless Settings to view the configuration menu shown below. Figure 4-10: Advanced 802.11a Wireless Settings • Enable SSID Broadcast — allow Broadcast of Network Name (SSID). If you disable broadcast of the SSID, only devices that have the correct SSID can connect.
• Wireless Card Access List — when the Trusted PCs Only radio button is selected, the WGU624 checks the MAC address of the wireless station and only allows connections to PCs identified on the trusted PCs list. Configuring Advanced 802.11b/g Wireless Settings From the main menu, click Advanced g Wireless Settings to view the configuration menu shown below.
Page 60
• Wireless Card Access List — when the Trusted PCs Only radio button is selected, the WGU624 checks the MAC address of the wireless station and only allows connections to PCs identified on the trusted PCs list. 4-22...
This chapter describes how to use the content filtering features of the Double 108 Mbps Wireless Firewall Router WGU624 to protect your network. These features can be found by under the Content Filtering heading in the main menu of the browser interface.
Page 62
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Block Sites menu is shown below: Figure 5-1: Block Sites menu To enable keyword blocking, select either “Per Schedule” or “Always”, then click Apply. If you want to block by schedule, be sure that a time period is specified in the Schedule menu.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Blocking Access to Internet Services The WGU624 wireless router allows you to block the use of certain Internet services by PCs on your network. This is called services blocking or port filtering. The Block Services menu is shown...
Page 64
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Block Services Setup menu is shown below: Figure 5-3: Block Services Setup menu From the Service Type list, select the application or service to be allowed or blocked. The list already displays several common services, but you are not limited to these choices.
Under “Filter Services For”, you can block the specified service for a single PC, a range of PCs (having consecutive IP addresses), or all PCs on your network. Scheduling When Blocking Will Be Enforced The WGU624 wireless router allows you to specify when blocking will be enforced. The Schedule menu is shown below: Figure 5-4: Schedule menu Use the check boxes on this menu to create a schedule for blocking content.
Enable System Clock. Uses the system clock in the router. Synchronize Time. Syncs up the router time with a NETGEAR time server, so that the Logs, e-mail timestamps and other information will have the current time. Days to Block. Select days to block by checking the appropriate boxes. Select Everyday to check the boxes for all days.
Page 67
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Log entries are described in Table 5-1 Table 5-1. Log entry descriptions Field Description Number The index number of the content filter log entries. Up to 128 entries are available numbered from 0 to 127.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring E-Mail Alert and Web Access Log Notifications In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-mail menu, shown below:...
Page 69
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Send alert immediately Select this check box if you would like immediate notification of attempted access to a blocked site. • Send logs according to this schedule Specifies how often to send the logs: None, Hourly, Daily, Weekly, or When Full.
Page 70
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 5-10 Content Filtering M-10153-01...
Maintenance This chapter describes how to use the maintenance features of your Double 108 Mbps Wireless Firewall Router WGU624. These features can be found by clicking on the Maintenance heading in the main menu of the browser interface. Viewing Wireless Router Status Information The Router Status menu provides a limited amount of status and usage information.
Page 72
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The Router Status screen displays the following parameters: Table 6-1. Menu 3.2 - Wireless Router Status Fields Field Description Account Name The Host Name assigned to the router. Firmware Version The router firmware version.
Page 73
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 From the Router Status screen, click the “Connection Status” button to display the connection status, as shown below. Figure 6-2: Connection Status screen This screen shows the following statistics:.
Page 74
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Click the Renew button to renew the DHCP lease. From the Router Status screen, click the “Show Statistics” button to display router usage statistics, as shown below. Figure 6-3: Router Statistics screen This screen shows the following statistics: Table 6-1.
To force the router to look for attached devices, click the Refresh button. Upgrading the Router Software The routing software of the WGU624 wireless router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR.
Page 76
Upgrade heading to display the menu shown below. Figure 6-5: Router Upgrade menu Note: When uploading software to the WGU624 wireless router, it is important not to interrupt the Web browser by closing the window, clicking a link, or loading a new page. If the browser is interrupted, it may corrupt the software.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuration File Management The configuration settings of the WGU624 wireless router are stored within the router in a configuration file. This file can be saved (backed up) to a user’s PC, retrieved (restored) from the user’s PC, or cleared to factory default settings.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Erasing the Configuration It is sometimes desirable to restore the router to the factory default settings. This can be done by using the Erase function, which will restore all factory settings. After an erase, the router's password will be password, the LAN IP address will be 192.168.1.1, and the router's DHCP client...
This chapter describes how to configure the advanced features of your Double 108 Mbps Wireless Firewall Router WGU624. These features can be found under the Advanced heading in the main menu of the browser interface. Comparison of Port Triggering and Port Forwarding Port Triggering is an advanced feature that can be used for gaming and other Internet applications.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configuring Port Forwarding For the services, applications, or games, that already exist in the pull-down list, you only need to specify the computer's IP address. Otherwise, the port number and computer's IP address for each service, game or application should be specified by clicking the Add Custom Service button.
In addition to servers for specific applications, you can also specify a default DMZ server to which all other incoming protocols are forwarded. The DMZ server must be connected to LAN port 4 on the WGU624. The DMZ port feature can be enabled in the WAN Setup menu. See “Configuring WAN Setup Options”...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Click the Add Custom Service button. Enter the first port number in an unused Starting Port box. To forward only one port, enter it again in the Ending Port box. To specify a range of ports, enter the last port to be forwarded in the End Port box.
Some online games and videoconferencing applications are incompatible with NAT. The WGU624 wireless router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC’s IP address is entered as the default in the Port...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Click the Add button. Type a name for the service. Enter unused port numbers for the Outgoing Start Port and End Port. To trigger only one port, enter it again in the Outgoing End Port box. To specify a range of ports, enter the last port to be triggered in the End Port box.
Page 85
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Enable DMZ Port: LAN port 4 on the WGU624 is reserved to be used as the DMZ port. You can also use this port as a regular LAN port when this feature is not enabled. The DMZ port feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 MTU Size: The default MTU size is usually fine. The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 Bytes. For some ISPs, particularly some using PPPoE, you may need to reduce the MTU.
Page 87
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure 7-4: LAN IP Setup Menu The LAN IP parameters are: IP Address: This is the LAN IP address of the router. IP Subnet Mask: This is the LAN Subnet Mask of the router. Combined with the IP address, the IP Subnet Mask allows a device to know which other addresses are local to it, and which must be reached through a gateway or router.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 RIP Version: This controls the format and the broadcasting method of the RIP packets that the router sends. (It recognizes both formats when receiving.) By default, this is set for RIP-1.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The router delivers the following parameters to any LAN device that requests DHCP: • An IP Address from the range you have defined • Subnet Mask • Gateway IP Address (the router’s LAN IP address) •...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Using a Dynamic DNS Service If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 To configure Dynamic DNS: Register for an account with DynDNS.org. Select “Click here for information” to go to www.dyndns.org. Select DynDNS.org. Type the Host Name appended with dyndns.org. For example: myHostName.dyndns.org...
Page 92
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 To add or edit a Static Route: Click the Add button to open the Add/Edit menu, shown below. Figure 7-7. Static Route Add/Edit menu Type a route name for this static route in the Route Name box under the table. (This is for identification purposes only.)
Page 93
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Static Route Example As an example of when a static route is needed, consider the following case: • Your primary Internet access is through a cable modem to an ISP.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Enabling Remote Management Access Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your WGU624 wireless router.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Using Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network.
Page 96
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 UPnP Portmap Table: The UPnP Portmap Table displays the IP address of each UPnP device that is currently accessing the router and which ports (Internal and External) that device has opened.
This chapter gives information about troubleshooting your Double 108 Mbps Wireless Firewall Router WGU624. After each problem description, instructions are provided to help you diagnose and solve the problem. Note: Product updates are available on the NETGEAR, Inc. Web site at http://kbserver.netgear.com/products/WGU624.asp.
• Check that you are using the 12 V DC 800mA power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Troubleshooting the Web Configuration Interface If you are unable to access the router’s Web Configuration interface from a PC on your local network, check the following: • Check the Ethernet connection between the PC and the router as described in the previous section.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Troubleshooting the ISP Connection If your router is unable to access the Internet, you should first determine whether the router is able to obtain a WAN IP address from the ISP. Unless you have been assigned a static IP address, your router must request an IP address from the ISP.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Configure your router to spoof your PC’s MAC address. This can be done in the Basic Settings menu. Refer to “How to Manually Configure Your Internet Connection” on page...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 If the path is working, you see this message: Reply from < IP address >: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message:...
The E-Mail menu in the Content Filtering section displays the current date and time of day. The WGU624 wireless router uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is stamped with the date and time of day.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Time is off by one hour. Cause: The router does not automatically sense Daylight Savings Time. In the E-Mail menu, check or uncheck the box marked “Adjust for Daylight Savings Time”.
This appendix provides technical specifications for the Double 108 Mbps Wireless Firewall Router WGU624. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan: All regions (output): Physical Specifications Dimensions: Weight: Environmental Specifications...
Page 106
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: Wireless Radio Data Rates: Frequency: Data Encoding: Maximum Computers Per Wireless Network: Operating Frequency Ranges: Encryption: FCC Part 15 Class B...
Appendix B Network, Routing, Firewall, and Basics This chapter provides an overview of IP networks, routing, and networking. Related Publications As you read this document, you may be directed to various Request For Comment (RFC) documents for further information. An RFC is a document published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet.
Routers vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The Double 108 Mbps Wireless Firewall Router WGU624 is a small office router that routes the IP protocol over a single-user broadband connection.
Page 109
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts on a network.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. • Class E Class E addresses are for experimental use.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Subnet Addressing By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use of addresses if each end of a routed link requires a different network number.
Page 112
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Note: The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because it is the network address of the second subnet.
172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Choose your private network number from this range. The DHCP server of the WGU624 wireless router is preconfigured to automatically assign private addresses. Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines explained here.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Single IP Address Operation Using NAT In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 This scheme offers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the router. This filtering can prevent intruders from probing your system.
IP addresses, along with other information (such as gateway and DNS addresses) that it may assign to the other devices on the network. The WGU624 wireless router has the capacity to act as a DHCP server.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemented internally as part of the circuitry in the device.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Figure B-6: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network.
Page 121
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The WGU624 wireless router incorporates Auto Uplink technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g.
Page 122
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 B-16 Network, Routing, Firewall, and Basics M-10153-01...
This appendix describes how to prepare your network to connect to the Internet through the Double 108 Mbps Wireless Firewall Router WGU624 and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a...
DHCP server during bootup. For a detailed explanation of the meaning and purpose of these configuration items, refer to The WGU624 wireless router is shipped preconfigured as a DHCP server. The firewall assigns the following TCP/IP configuration information automatically when the PCs are rebooted: •...
Page 125
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 If you need Client for Microsoft Networks: Click the Add button. Select Client, and then click Add. Select Microsoft. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect.
Page 127
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click the Properties button.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Type , and then click OK. winipcfg The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. From the drop-down box, select your Ethernet adapter.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP.
Page 131
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button.
Page 133
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties.
Page 134
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • With Internet Protocol (TCP/IP) selected, click Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. •...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0.
Page 136
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. C-14 M-10153-01 Preparing Your Network...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows NT.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • The default gateway is 192.168.1.1. Type exit. Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 MacOS X From the Apple menu, choose System Preferences, then Network. If not already selected, select Built-in Ethernet in the Configure list. If not already selected, Select Using DHCP in the TCP/IP tab.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer.
As mentioned above, you may need to collect configuration information from your PC so that you can use this information when you configure the WGU624 wireless router. Following this procedure is only necessary when your ISP does not dynamically supply the account information.
As mentioned above, you may need to collect configuration information from your Macintosh so that you can use this information when you configure the WGU624 wireless router. Following this procedure is only necessary when your ISP does not dynamically supply the account information.
Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your WGU624 wireless router, you are ready to access and configure the firewall. Preparing Your Network...
Page 144
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 C-22 Preparing Your Network M-10153-01...
(IEEE) 802.11 standard for wireless LANs (WLANs) and a product update will bring the WGU624 into conformance to the 802.11g standard when it is ratified. On an 802.11b or g wireless link, data is encoded using direct-sequence spread-spectrum (DSSS) technology and is transmitted in the unlicensed radio spectrum at 2.5GHz.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple Access Points via a wired Ethernet backbone can further extend the wireless network coverage.
The 802.11 standard defines several services that govern how two 802.11 devices communicate. The following events must occur before an 802.11 Station can communicate with an Ethernet network through an access point such as the one built in to the WGU624: Turn on the wireless station.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 • Shared Key Authentication requires that the station and the access point have the same WEP Key to authenticate. These two authentication procedures are described below. Open System Authentication The following steps occur when two devices use Open System Authentication: The station sends an authentication request to the access point.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The station connects to the network. If the decrypted text does not match the original challenge text (i.e., the access point and station do not share the same WEP Key), then the access point will refuse to authenticate the station and the station will be unable to communicate with either the 802.11 network or Ethernet network.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 3. Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving 802.11 device decrypts the data using the same WEP Key.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 WEP Configuration Options The WEP settings must match on all 802.11 devices that are within the same wireless network as identified by the SSID. In general, if your mobile clients will roam between access points, then all of the 802.11 access points and all of the 802.11 client adapters on the network must have the same...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The radio frequency channels used are listed in Table 6-1. 802.11 Radio Frequency Channels Channel Center Frequency 2412 MHz 2417 MHz 2422 MHz 2427 MHz 2432 MHz 2437 MHz...
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The IEEE introduced the WEP as an optional security measure to secure 802.11b (Wi-Fi) WLANs, but inherent weaknesses in the standard soon became obvious. In response to this situation, the Wi-Fi Alliance announced a new security architecture in October 2002 that remedies the shortcomings of WEP.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 How Does WPA Compare to IEEE 802.11i? WPA will be forward compatible with the IEEE 802.11i security specification currently under development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i draft that are ready to bring to market today, such as 802.1x and TKIP.
Page 155
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The primary information conveyed in the Beacon frames is the authentication method and the cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared key is an authentication method that uses a statically configured pass phrase on both the stations and the access point.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS Wired Network with Optional Wireless LAN 802.1x Port Based Network Access Control TCP/IP WPA enabled Ports Closed Certificate Until Access Point...
Page 157
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Client with a WPA- enabled wireless adapter and supplicant (Win XP, Funk, Meetinghouse) Figure D-2: 802.1x Authentication Sequence The AP sends Beacon Frames with WPA information element to the stations in the service set.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point.
Page 159
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Temporal Key Integrity Protocol (TKIP) WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
Product Support for WPA Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Changes to Wireless Access Points Wireless access points must have their firmware updated to support the following: • The new WPA information element To advertise their support of WPA, wireless APs send the beacon frame with a new 802.11 WPA information element that contains the wireless AP's security configuration (encryption algorithms and wireless security configuration information).
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Microsoft has worked with many wireless vendors to embed the WPA firmware update in the wireless adapter driver. So, to update your Microsoft Windows wireless client, all you have to do is obtain the new WPA-compatible driver and install the driver.
Glossary Use the list below to find definitions for technical terms used in this manual. List of Glossary Terms 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 3DES 3DES (Triple DES) achieves a high level of security by encrypting the data three times using DES with three different, unrelated keys.
Page 164
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 ADSL Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate).
Page 165
.com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the domain. A hacker attack designed to prevent your computer or network from operating or communicating.
Page 166
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate).
Page 167
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Internet Key Exchange. An automated method for exchanging and managing encryption keys between two VPN devices. Internet Protocol is the main internetworking protocol used in the Internet. Used in conjunction with the Transfer Control Protocol (TCP) to form TCP/IP.
Page 168
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 A LAN typically connects multiple personal computers and shared network devices such as storage and printers. Although many technologies exist to implement a LAN, Ethernet is the most common for connecting personal computers.
Page 169
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 A technique by which several hosts share a single IP address for access to the Internet. NetBIOS The Network Basic Input Output System is an application programming interface (API) for sharing services and information on local-area networks (LANs).
Page 170
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 PPP over ATM PPPoA. PPP over ATM is a protocol for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection. PPP over Ethernet PPPoE.
Page 171
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 router A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses. SSID A Service Set Identification is a thirty-two character (maximum) alphanumeric key identifying a wireless local area network.
Page 172
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 The TLS protocol is made up of two layers. The TLS Record Protocol ensures that a connection is private by using symmetric data encryption and ensures that the connection is reliable. The second TLS layer is the TLS Handshake Protocol, which allows authentication between the server and client and the negotiation of an encryption algorithm and cryptographic keys before data is transmitted or received.
Page 173
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 wide area network WAN. A long distance link used to extend or connect remotely located local area networks. The Internet is a large WAN. Wi-Fi A trade name for the 802.11b wireless networking standard, given by the Wireless Ethernet Compatibility Alliance (WECA, see http://www.wi-fi.net), an industry standards group promoting interoperability among...
Page 174
Reference Manual for the Double 108 Mbps Wireless Firewall Router WGU624 Glossary M-10153-01...
Numerics 64 or 128 bit WEP 4-11 802.11b D-1 Account Name 3-10, 6-2 Address Resolution Protocol B-9 ad-hoc mode D-2 Authentication Server 3-15 Auto MDI/MDI-X B-15, G-2 Auto Uplink 2-4, B-15, G-2 backup configuration 6-7 Basic Wireless Connectivity 4-14 BSSID D-2 Cabling B-11 Cat5 cable 3-1, B-12, G-2 configuration...
Page 176
front panel 2-7, 2-8 fully qualified domain name (FQDN) 4-6, 4-8 gateway address C-20 host name 3-10 IANA contacting B-2 IETF B-1 Web site address B-7 infrastructure mode D-2 installation 2-5 Internet account address information C-18 establishing C-18 Internet Service Provider 3-1 IP addresses C-19, C-20 and NAT B-8 and the Internet B-2...
Page 177
port forwarding behind NAT B-9 Port Forwarding Menu 7-2 port numbers 5-3 PPP over Ethernet 2-5, C-18 PPPoE C-18 Primary DNS Server 3-10, 3-12, 3-14, 3-15 protocols Address Resolution B-9 DHCP B-10 Routing Information 2-5, B-2 support 2-2 publications, related B-1 range 4-1 range, port forwarding 7-4, 7-6 rear panel 2-8...
Page 178
Wired Equivalent Privacy. See WEP Wireless Access 3-3 Wireless Authentication 4-9 Wireless Encryption 4-9 Wireless Ethernet D-1 Wireless Performance 4-1 Wireless Range Guidelines 4-1 Wireless Security 4-2 World Wide Web 1-4 WPA 4-18 Index...