I've dinged Netgear in the past for not upgrading the routing features in its current-generation routers, especially those that command a premium price. The 854T continues in that tradition, with no new routing features to match its leading-edge wireless section. Since I want to focus on the wireless features of the product, I'll just hit the high (and low -lights of the routing section.
Figure 5: Basic Settings page
WAN Support - Types handled include Static, Dynamic, PPPoE (static and dynamic IP), PPTP (static and dynamic IP) and BigPond. WAN MTU is separately from the connection type and applies to all WAN options. WAN port MAC address spoofing is supported only for Static and Dynamic connection types.
Firewall - The SPI+NAT firewall is pretty basic. Both Port Forwarding and triggered port forwarding is supported. You get a rather short pick list of services in the Port Forwarding add screen, but you need to specify the port numbers and protocols directly for both the outbound trigger port and inbound port range.
Ports can also be opened automatically via UPnP NAT Traversal (enabled by default), but at least you can log into the admin interface and see the automatically opened ports in the UPnP Portmap table. A single DMZ IP is also supported and you can disable the SPI portion of the firewall.
Inbound control options include the usual WAN Ping response blocking (default enabled), and port filters (Block Services feature). The inbound port filters can be applied to all, one or a range of IP addresses, but not MAC addresses. They also can be controlled by a single rudimentary schedule (checkboxes for days of the week and one set of start / stop times).
The Block Sites feature is keyword-based, applies to web traffic only and is easily bypassed using a site's IP address. At least you get a spiffy Red and Black "Web Site Blocked by NETGEAR Firewall" page when you trigger the block and the ability to have one IP address bypass any blocking.
Dynamic DNS clients - Only Dyndns.org is supported
Logging and Reporting - Logging is bare-bones only. It's basically there to record attempts to access blocked sites. You can clear or email the log, but there is no syslog or SNMP trap support. Note that there is no support for email authentication and no email test button. Since my ISP requires authentication before sending, I didn't receive any email alerts from the router.
Other features - The DHCP server can be disabled and allows IP address reservation by MAC address. RIP direction and version (1, 2B, 2M) can be controlled and static routes set.
What's not here:
No Router / AP mode switch - If you already have a router and just want to use the wireless section on the 854T, you'll have to use this trick.
Secure remote access - Remote access is HTTP only, but you can limit access by IP address range and set the port number.
Admin idle timeout adjust - One of my personal annoyances. The timeout appears to be fixed at around 5 minutes.
QoS / VLAN - Nothin' to see here, folks. Just move along...
Fast admin change saves - You must save changes on a per-page basis and be prepared to wait almost a minute for the 854T to reboot.