NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

Safeguarding Your Network

2-17

v1.0, February 2008

Restricting Wireless Access by MAC Address

When a Wireless Card Access List is configured and enabled, the router checks the MAC address

of any wireless device attempting a connection and allows only connections to computers

identified on the trusted computers list.

The Wireless Card Access List displays a list of wireless computers that you allow to connect to

the router based on their MAC addresses. These wireless computers must also have the correct

SSID and wireless security settings to access the wireless router.

The MAC address is a network device’s unique 12-character physical address, containing the

hexadecimal characters 0–9, a–f, or A–F only, and separated by colons (for example,

00:09:AB:CD:EF:01). It can usually be found on the bottom of the wireless card or network

interface device. If you do not have access to the physical label, you can display the MAC address

using the network configuration utilities of the computer. In WindowsXP, for example, typing the

ipconfig/all

command in an MSDOS command prompt window displays the MAC address as

Physical Address. You might also find the MAC addresses in the router’s Attached Devices screen.

To restrict access based on MAC addresses:

1.

Select

Wireless Settings

under Advanced in the main menu.

2.

In the Wireless Settings screen, click

Setup Access List

to display the Wireless Card Access

List.

Figure 2-9

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

2-18

Safeguarding Your Network

v1.0, February 2008

3.

Click

Add

to add a wireless device to the wireless access control list. The Wireless Card

Access Setup screen opens and displays a list of currently active wireless cards and their

Ethernet MAC addresses.

4.

If the computer you want appears in the Available Wireless Cards list, you can select the radio

button of that computer to capture its MAC address; otherwise, you can manually enter a name

and the MAC address of the authorized computer. You can usually find the MAC address on

the bottom of the wireless device.

5.

Click

Add

to add this wireless device to the Wireless Card Access List. The screen changes

back to the list screen.

6.

Repeat

step 3

through

step 5

for each additional device you want to add to the list.

Figure 2-10

Tip:

You can copy and paste the MAC addresses from the router’s Attached Devices

screen into the MAC Address field of this screen. To do this, configure each

wireless computer to obtain a wireless link to the router. The computer should

then appear in the Attached Devices screen.

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

Safeguarding Your Network

2-19

v1.0, February 2008

7.

Select the

Turn Access Control On

check box.

8.

Click

Apply

to save your Wireless Card Access List settings.

Now, only devices on this list are allowed to wirelessly connect to the WNDR3300 router.

Changing the Administrator Password

The default password for the router’s Web Configuration Manager is

password

. NETGEAR

recommends that you change this password to a more secure password.

Note:

When configuring the router from a wireless computer whose MAC address is

not in the Trusted PC list, if you select

Turn Access Control On

, you lose

your wireless connection when you click

Apply

. You must then access the

wireless router from a wired computer or from a wireless computer that is on

the access control list to make any further changes.

Warning:

MAC address filtering adds an obstacle against unwanted access to your

network by the general public. However, because your trusted MAC

addresses appear in your wireless transmissions, an intruder can read them

and impersonate them. Do not rely on MAC address filtering alone to secure

your network.

Tip:

Before changing the router password, back up your configuration settings with the

default password of

password

. If you save the settings with a new password, and

then you later forget the new password, you will have to reset the router back to the

factory defaults, and log in using the default password of

password

. This means you

will have to re-enter all the router configuration settings. For information about how

to back up your settings, see

“Backing Up and Restoring the Configuration” on

page 6-8

.

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

2-20

Safeguarding Your Network

v1.0, February 2008

To change the administrator password:

1.

On the main menu, under Maintenance, select

Set Password

to display the Set Password

screen.

2.

To change the password, first enter the old password, then enter the new password twice.

3.

Click

Apply

.

Backing Up Your Configuration

The configuration settings of the WNDR3300 router are stored within the router in a configuration

file. You can back up (save) this file and retrieve it later. NETGEAR recommends that you save

your configuration file after you complete the configuration. If the router fails or becomes

corrupted, or an administrator password is lost, you can easily re-create your configuration by

restoring the configuration file.

For instructions on saving and restoring your configuration file, see

“Managing the Configuration

File” on page 6-7

.

Figure 2-11

Tip:

Before saving your configuration file, change the administrator password to the

default,

password

. Then change it again after you have saved the configuration file.

If you save the file with a new password, and then you later forget the new

password, you will have to reset the router back to the factory defaults and log in

using the default password of

password

. This means you will have to re-enter all the

router configuration settings.

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

Safeguarding Your Network

2-21

v1.0, February 2008

Understanding Your Firewall

Your RangeMax Dual Band Wireless-N Router WNDR3300 contains a true firewall to protect

your network from attacks and intrusions. A firewall is a device that protects one network from

another while allowing communication between the two. Using a process called Stateful Packet

Inspection, the firewall analyzes all inbound and outbound traffic to determine whether or not it

will be allowed to pass through.

By default, the firewall allows any outbound traffic and prohibits any inbound traffic except for

responses to your outbound traffic. However, you can modify the firewall’s rules to achieve the

following behavior:

•

Blocking sites

. Block access from your network to certain Web locations based on Web

addresses and Web address keywords. This feature is described in

“Blocking Access to

Internet Sites” on page 3-1

.

•

Blocking services

. Block the use of certain Internet services by specific computers on your

network. This feature is described in

“Blocking Access to Internet Services” on page 3-3

.

•

Scheduled blocking

. Block sites and services according to a daily schedule. This feature is

described in

“Scheduling Blocking” on page 3-5

.

•

Allow inbound access to your server

. To allow inbound access to resources on your local

network (for example, a Web server or remote desktop program), you can open the needed

services by configuring port forwarding as described in

“Allowing Inbound Connections To

Your Network” on page 5-1

.

•

Allow certain games and applications to function correctly

. Some games and applications

need to allow additional inbound traffic to function. Port triggering can dynamically allow

additional service connections, as described in

“Allowing Inbound Connections To Your

Network” on page 5-1

. Another feature to solve application conflicts with the firewall is

Universal Plug and Play (UPnP), described in

“Using Universal Plug and Play” on page 5-12

.