Vigor2130 Series High Speed Gigabit Router User’s Guide Version: 1.
Copyright Information Copyright Declarations Copyright 2009 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: z Microsoft is a registered trademark of Microsoft Corp.
European Community Declarations Manufacturer: Address: Product: DrayTek Corp. No. 26, Fu Shing Road, HuKou County, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Vigor2130 Series Router DrayTek Corp. declares that Vigor2130 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC.
Table of Contents 1 Preface ...............................................................................................................1 1.1 Web Configuration Buttons Explanation ................................................................................. 1 1.2 LED Indicators and Connectors .............................................................................................. 2 1.2.1 For Vigor2130 ............................................................................................
3.3.3 DMZ Host........................................................................................................................ 53 3.4 Bandwidth Management ....................................................................................................... 54 3.4.1 Session Limit .................................................................................................................. 54 3.4.2 Bandwidth Limit ..................................................................................
4.3 NAT ......................................................................................................................................112 4.3.1 Hardware NAT .............................................................................................................. 113 4.3.2 Open Ports.................................................................................................................... 113 .3.3 DMZ Host..................................................................................
4.12 Diagnostics........................................................................................................................ 183 4.12.1 Ping............................................................................................................................. 183 4.12.2 Routing Table ............................................................................................................. 184 4.12.3 System Log..............................................................................
1 Preface The Vigor2130 series are the routers with high speed in data transmission through WAN port and LAN ports. With hardware NAT acceleration, the rate of Vigor2130 series can be greater than 900Mbps almost. With the development of NGN (Next Generation Network), you may recently hear the news about FTTx deployment in your local area or even have already subscribed the unbundling last mile service (e.g. VDSL2) from local ITSP for FTTx.
1.2 LED Indicators and Connectors Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. 1.2.1 For Vigor2130 LED Status Explanation ACT (Activity) Blinking Off On Off On Blinking On Off Blinking On Blinking On On The router is powered on and running normally. The router is powered off. Hardware NAT is enabled. Hardware NAT is disabled. The WAN port is connected. It will blink while transmitting data. The port is connected. The port is disconnected.
Interface Description Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connector for a power adapter. Power Switch.
1.2.2 For Vigor2130n LED Status Explanation ACT (Activity) Blinking The router is powered on and running normally. The router is powered off. Hardware NAT is enabled. Hardware NAT is disabled. The WAN port is connected. It will blink while transmitting data. The port is connected. The port is disconnected. The data is transmitting. A USB device is connected and active. The data is transmitting. The VPN tunnel is active. The QoS function is active.
Interface Description Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connector for a power adapter. Power Switch.
1.2.3 For Vigor2130Vn LED Status Explanation ACT (Activity) Blinking The router is powered on and running normally. The router is powered off. Hardware NAT is enabled. Hardware NAT is disabled. The WAN port is connected. It will blink while transmitting data. The port is connected. The port is disconnected. The data is transmitting. A USB device is connected and active. The data is transmitting. The phone connected to this port is off-hook. The phone connected to this port is on-hook.
Interface Description Phone2/Phone1 Factory Reset Connector of analog phone for VoIP communication. Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connector for a power adapter. Power Switch.
1.3 Hardware Installation Before starting to configure the router, you have to connect your devices correctly. 1. Connect Line port to land line jack with a RJ-11 cable (Vn model). 2. Connect this device to a modem with an Ethernet cable. 3. Connect one port of 4-port switch to your computer with a RJ-45 cable. This device allows you to connect 4 PCs directly. 4. Connect Phone port to a conventional analog telephone. 5. Connect detachable antennas to the router for Vigor2130 series (n model). 6.
Stand Installation The Vigor2130 must be placed erectly. Therefore you have to install a stand onto the router to make it standing firmly. Please follow the figures listed below to finish the installation.
1.4 Printer Installation You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE/Vista, please visit www.draytek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients). 1. Connect the printer with the router through USB/parallel port. 2. Open Start->Settings-> Printer and Faxes. 3.
4. Click Local printer attached to this computer and click Next. 5. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next.
6. In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. 7. Click Standard and choose Generic Network Card. 8. Then, in the following dialog, click Finish.
9. Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. 10. For the final stage, you need to go back to Control Panel-> Printers and edit the property of the new printer you have added. 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and UPR name.
The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router. Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.
2 Configuring Basic Settings For using the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. 2.1 Two-Level Management This chapter explains how to setup a password for an administrator/user and how to adjust basic/advanced settings for accessing Internet successfully. For user mode operation, do not type any word on the window and click Login for the simple web pages for configuration.
2.3 Changing Password No matter user mode operation or admin mode operation, please change the password for the original security of the router. 1. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. 2. Please type “admin/admin” on Username/Password for admin mode. Otherwise, do not type any word (both username and password are Null for user mode) on the window and click Login on the window. 3. Now, the Main Screen will appear.
4. Go to System Maintenance page and choose System Password/User Password. Or 5. Type New Password in New Password and Confirm New Password fields. Then click OK to continue. 6. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router.
2.4 Quick Start Wizard Notice: Quick Start Wizard for user mode operation is the same as for admin mode operation. If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is welcome page, please click Next. 2.4.1 Setting up the Password The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next.
2.4.2 Setting up the Time Zone On the next page as shown below, please select the Time Zone for the router installed and specify the NTP server(s). Then click Next for next step. 2.4.3 Setting up the Internet Connection On the next page as shown below, please select the appropriate connection type according to the information from your ISP. There are five types offered in this page. Each connection type will bring out different web page.
Static IP You will receive a fixed public IP address or a public subnet, namely multiple public IP addresses from your DSL or Cable ISP service providers. In most cases, a Cable service provider will offer a fixed public IP, while a DSL service provider will offer a public subnet. If you have a public subnet, you could assign an IP address or many IP address to the WAN interface. IP Address Type the IP address. Subnet Mask Type the subnet mask. Gateway Type the gateway IP address.
DHCP It is not necessary for you to type any IP address manually. Simply choose this type and the system will obtain the IP address automatically from DHCP server. Enable The router will detect the MAC address automatically. Or, check the box to enable MAC address cloning. Clone MAC Address It is available when the box of Enable is checked. Click Clone PC Address. The result will be displayed in the field of MAC Address. After finishing the settings here, please click Next.
If your ISP provides you the PPPoE connection, please select PPPoE for this router. The following page will be shown: User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Redial Policy If you want to connect to Internet all the time, you can choose Always On. Otherwise, choose Connect on Demand. Idle Time Out Set the timeout for breaking down the Internet after passing through the time without any action. The unit is seconds.
PPTP/L2TP if you click PPTP/L2TP as the protocol, please manually enter the Username/Password provided by your ISP and all the required information. User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Server Address Specify the IP address of the PPTP server. WAN IP Network Settings You can choose Static IP or DHCP as WAN IP network setting. IP Address Type the IP address if you choose Static IP as the WAN IP network setting.
Clone MAC Address It is available when the box of Enable is checked. Click Clone PC Address. The result will be displayed in the field of MAC Address. After finishing the settings here, please click Next. 2.4.4 Setting up the Wireless Connection Now, you have to set up the wireless connection. For the user of Vigor2130, please skip this step. Enable Wireless LAN Check the box to enable the wireless function. SSID Broadcast Choose Show to make the SSID being seen by wireless clients.
Each encryption mode will bring out different web page and ask you to offer additional configuration. WEP If you choose WEP as the security configuration, you have to specify encryption key (Key 1 ~ Key 4) and authentication mode (open or shared). All wireless devices must support the same WEP encryption bit size and have the same key. Four keys can be entered here, but only one key can be selected at a time. The keys can be entered in ASCII or Hexadecimal.
WPA-PSK If you choose WPA-PSK as the security configuration, you have to specify WPA mode, algorithm and pre-shared key. Type The WPA encrypts each frame transmitted from the radio using the key, which either PSK (Pre-Shared Key) entered manually in this field below or automatically negotiated via 802.1x authentication. Select WPA, WPA2 or Auto as WPA mode. WPA Algorithm Choose the WPA algorithm, TKIP, AES or Auto. WPA Pre-shared Key The keys can be entered in ASCII or Hexadecimal.
WPA- RADIUS Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users. The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication.
Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. WPS WPS (Wi-Fi Protected Setup) provides easy procedure to make network connection between wireless station and wireless access point (vigor router) with the encryption of WPA and WPA2. If you choose WPS as the security configuration, you can press Start WPS PIN and Start WPS PBC to complete the wireless connection.
2.4.5 Save the Wizard Configuration Now you can see the following screen. It indicates that the setup is complete. Different types of connection modes will have different summary. Click Finish and then restart the router. 2.5 Online Status The online status shows the system status, WAN status, and other status related to this router within one page. If you select PPPoE as the protocol, you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page.
Name Displays the name set in WAN1/WAN web page. Mode Displays the type of WAN connection (e.g., PPPoE). Up Time Displays the total uptime of the interface. IP Displays the IP address of the WAN interface. GW IP Displays the IP address of the default gateway. TX Packets Displays the total transmitted packets at the WAN interface. TX Rate Displays the speed of transmitted octets at the WAN interface. RX Packets Displays the total number of received packets at the WAN interface.
3 User Mode Operation This chapter will guide users to execute simple configuration through user mode operation. 1. Open a web browser on your PC and type http://192.168.1.1. The window will ask for typing username and password. 2. Do not type any word (both username and password are Null for user operation) on the window and click Login on the window. Now, the Main Screen will appear. Be aware that “User mode” will be displayed on the bottom left side. 3.
From 10.0.0.0 to 10.255.255.255 From 172.16.0.0 to 172.31.255.255 From 192.168.0.0 to 192.168.255.255 What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN, it interconnects groups of host PCs. Each of them has a private IP address assigned by the built-in DHCP server of the Vigor router. The router itself will also use the default private IP address: 192.168.1.1 to communicate with the local hosts.
Modem will be listed on DrayTek web site. Please visit www.draytek.com for more detailed information. Below shows the menu items for WAN. 3.1.1 Internet Access This page allows you to set WAN configuration with different modes. Use the Connection Type drop down list to choose one of the WAN modes. The corresponding page will be displayed.
IP Address Type the IP address. Subnet Mask Type the subnet mask. Gateway IP Address Type the gateway IP address. Primary DNS Server Type in the primary IP address for the router if you want to use Static IP mode. Secondary DNS Server Type in secondary IP address for using in the future if necessary. Clone MAC Address It is available when the box of Enable is checked. Click Clone MAC Address. The result will be displayed in the field of MAC Address.
DHCP DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP address for your router automatically. It is not necessary for you to assign any setting, Router Name Type in a name for the router. It must be the same as the name used in Syslog. Clone MAC Address It is available when the box of Enable is checked. Click Clone MAC Address. The result will be displayed in the field of MAC Address.
Password Type in the password provided by ISP in this field. Redial Policy If you want to connect to Internet all the time, you can choose Always On. Otherwise, choose Connect on Demand. Idle Time Out Set the timeout for breaking down the Internet after passing through the time without any action. When you choose Connect on Demand, you have to type value here. MTU Size It means Max Transmit Unit for packet. The default setting is 1442. Leave blank for default value.
PPTP/L2TP To use PPTP/L2TP as the accessing protocol of the internet, please choose PPTP/L2TP from Connection Type drop down menu. The following web page will be shown. Username Type in the username provided by ISP in this field. Password Type in the password provided by ISP in this field. Server Address Type in the IP address for PPTP /L2TP server. WAN IP Network Settings You can choose Static IP or DHCP as WAN IP network setting.
After finishing all the settings here, please click OK to activate them. 3G USB Modem If your router connects to a 3G modem and you want to access Internet via 3G modem, choose 3G as connection type and type the required information in this web page. SIM PIN code Type PIN code of the SIM card that will be used to access Internet. Modem Initial String1/2 Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP.
3.1.2 Ports Ports page is used to change the setting for WAN port. You can set or reset the following items. All of them are described in detail below. Port It displays current network interface. Link It displays current connection status. Green light means the WAN connection is successful. Current It displays current speed that the router uses. Speed Configured It can set the speed and duplex of the port. You can use the drop down list to choose the required speed for the router.
Discard - It determines whether the MAC drops frames after an excessive collision has occurred. If yes, a frame is dropped after excessive collision. This is IEEE Standard 802.3 half-duplex flow control operation. Restart - It determines whether the MAC retransmits frames after an excessive collision has occurred. If set, a frame is not dropped after excessive collisions, but the backoff sequence is restarted. This is a violation of IEEE Standard 802.
Modem Initial String1/2 Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. APN Name APN means Access Point Name which is provided and required by some ISPs. Modem Dial String Such value is used to dial through USB mode. Please use the default value. If you have any question, please contact to your ISP. PPP Username Type the PPP username (optional). PPP Password Type the PPP password (optional).
In some special case, you may have a public IP subnet from your ISP such as 220.135.240.0/24. This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts.
Below shows the LAN menu: 3.2.1 General Setup This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. IP Address Type in private IP address for connecting to a local private network (Default: 192.168.1.1). Subnet Mask Type in an address code that determines the size of the network. (Default: 255.255.255.0/ 24) Enable DHCP DHCP stands for Dynamic Host Configuration Protocol.
3.2.2 Ports Ports page is used to change the setting for LAN ports. You can set or reset the following items. All of them are described in detail below. Port It displays current network interface. Link It displays current connection status. Green light means the LAN connection is successful. Current It displays current speed that the router uses. Speed Configured It can set the speed and duplex of the port. You can use the drop down list to choose the required speed for the router.
Discard - It determines whether the MAC drops frames after an excessive collision has occurred. If yes, a frame is dropped after excessive collision. This is IEEE Standard 802.3 half-duplex flow control operation. Restart - It determines whether the MAC retransmits frames after an excessive collision has occurred. If set, a frame is not dropped after excessive collisions, but the backoff sequence is restarted. This is a violation of IEEE Standard 802.
Disable Automatic Aging Stop the MAC table aging timer, the learned MAC address will not age out automatically. The default setting is enabled. Check the box to disable this function if required. Age Time Delete a MAC address idling for a period of time from the following MAC Table, which will not affect static MAC address. Range of MAC Address Aging Time is 10-1000000 seconds. The default Aging Time is 300 seconds. MAC Table Learning List the port members which apply dynamic learning mechanism or not.
To add or remove a VLAN, please refer to the following example. 1. VLAN 1 is consisted of hosts linked to P1 ~ P4. 2. After checking the box to enable VLAN function, you will check the table according to the needs as shown below. 3. To remove VLAN, click the Delete button for the one you want to remove and click OK to save the results. 3.2.5 Static Route Go to LAN to open setting page and choose Static Route. Index The number (1 to 10) under Index displays current static router.
Add Static Routes to Private and Public Networks Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router. Assuming the Internet access has been configured and the router works properly: z use the Main Router to surf the Internet. z create a private subnet 192.168.10.0 using an internal Router A (192.168.1.2) z create a public subnet 211.100.88.0 via an internal Router B (192.168.1.3). z have set Main Router 192.
3. Verify current routing table. 3.2.6 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet. Click LAN and click Bind IP to MAC to open the setup page.
Enable Click this radio button to invoke this function. However, IP/MAC which is not listed in IP Bind List also can connect to Internet. Disable Click this radio button to disable this function. All the settings on this page will be invalid. Strict Bind Click this radio button to block the connection of the IP/MAC which is not listed in IP Bind List. ARP Table This table is the LAN ARP table of this router. The information for IP and MAC will be displayed in this field.
z Enhance security of the internal network by obscuring the IP address. There are many attacks aiming victims based on the IP address. Since the attacker cannot be aware of any private IP addresses, the NAT function can protect the internal network. On NAT page, you will see the private IP address defined in RFC-1918. Usually we use the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services.
Name Specify the name for the defined network service. Protocol Specify the transport layer protocol. It could be TCP, UDP and TCP+UDP. Start Port Specify the starting port number of the service offered by the local host. End Port (optional) Specify the ending port number of the service offered by the local host. Local Host Enter the private IP address of the local host. Local Port (optional) If it is configured, the forwarded traffic is mapped to this port on the local host.
3.3.3 DMZ Host Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc.
3.4 Bandwidth Management Below shows the menu items for Bandwidth Management. 3.4.1 Session Limit A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted.
End IP Defines the end LAN IP address for limit session. Maximum Sessions Defines the available session number for each host in the specific range of IP addresses. If you do not set the session number in this field, the system will use the default session limit for the specific limitation you set for each index. Add Adds the specific session limitation onto the list above. Edit Allows you to edit the settings for the selected limitation.
Default RX limit Define the default speed of the downstream for each computer in LAN. Limitation List Display a list of specific limitations that you set on this web page. Start IP Bandwidth limit can be applied on certain IP range. That’s, only the PCs within the range will be influenced by the bandwidth limitation set here. Please define the start IP address for the specific limitation. End IP Define the end IP address for the specific limitation.
Shaper Rate (Tx) Type the number for shaper function. The default value is 500. It is restricted to 500-1000000 when the Shaper Unit is set in kbps, and it is restricted to 1-1000 when the Shaper Unit is set in Mbps. Shaper Unit Determine the unit (kbps/Mbps) for shaper function. 3.4.
However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. In the Bandwidth Management menu, click QoS Control List (QCL) to open the web page. QCE Type Display the type of that QCE (QoS Control Entries).
Adding a New QCE Click settings. z to add a new QCE onto this page. Different QCE type will bring out different web If you choose Ethernet Type as QCE Type, you have to type value for it and specify traffic class from Low, Normal, Medium and High. Ethernet Type Value Either 8~63 ASCII characters, such as 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde...").
TCP/UDP Port Click Single or Range. If you select Range, you have to type in the starting port number and the end porting number on the boxes below. TCP/UDP Port Range Type in the starting port number and the end porting number here if you choose Range as the type. z If you choose DSCP as QCE Type, you have to type value for it and specify traffic class from Low, Normal, Medium and High. z If you choose ToS as QCE Type, you have to specify priority class from Low, Normal, Medium and High.
Editing a QCE Click to modify the settings of an existing QCE on this page. Moving Up/Down a QCE Click and to move a QCE up and down. Deleting a QCE To delete a QCE in the list, simply click of that one. It will be removed immediately. 3.4.5 Ports Priority This page allows you to configure QoS settings for each port. The classification is controlled by a QCL (Quality Control List) that is assigned to each port. A QCL consists of an ordered list of up to 12 QCEs (Quality Control Entry).
Default Class Use the drop down list to choose the priority for each port. QCL Use the drop down list to choose the QCL number defined in QoS Control List for the port. Queuing Mode Use the drop down list to choose suitable mode. Queue Weighted Use the drop down list to choose 1, 2, 4, or 8 as the queue weighted number. 3.4.6 QoS Statistics This page displays statistics for QoS setting. Click WAN/LAN link to check detailed information for each interface.
Rx Packets Display the counting number of the packet received. Rx Octets Display the total received bytes. Rx Unicast Display the counting number of the received unicast packet. Rx Broadcast Display the counting number of the received broadcast packet. Rx Pause Display the counting number of the received pause packet. RX 64 Bytes Display the number of 64-byte frames in good and bad packets received. RX 65-127 Bytes Display the number of 65 ~ 127-byte frames in good and bad packets received.
Rx Low Display the low queue counter of the packet received. Rx Normal Display the normal queue counter of the packet received. Rx Medium Display the medium queue counter of the packet received. Rx High Display the high queue counter of the packet received. Rx Drops Display the number of frames dropped due to the lack of receiving buffer. Rx CRC/Alignment Display the number of Alignment errors packets received. Rx Undersize Display the number of short frames (<64 Bytes) with valid CRC.
Tx High Display the high queue counter of the packet received. Tx Drops Display the number of frames dropped due to excessive collision, late collision, or frame aging. Tx lat/Exc.Coll. Display the number of Frames late collision or excessive collision Error, which switch transmitted 3.5 Applications Below shows the menu items for Applications. 3.5.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP.
Password Type in the password that you set for applying domain. Check IP change every Set the interval for checking the information. Force IP update every Force the router updates its information to DDNS server with the interval set here. Click OK button to activate the settings. You will see your setting has been saved. 3.5.2 Schedule The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP).
specified in Idle Timeout field. Disable Dial-On-Demand -Specify the connection to be up when it has traffic on the line. Once there is no traffic over idle timeout, the connection will be down and never up again during the schedule. Acts Specify how often the schedule will be applied Once -The schedule will be applied just once Routine or Weekdays -Specify which days in one week should perform the schedule. 3.5.
3.5.4 IGMP Status This page display current IGMP snooping status. V1~3 Reports Receive Display the number of Received V1 – V3 Reports. V2 Leave Receive Display the number of Received V2 Leave. Groups Display current IGMP groups. Maximum number of group for each VLAN can be set is 128. Port Members Display the LAN ports in this group. Refresh Click this button to refresh the page immediately. Clear Click this button to clear the settings on this page. 3.5.
After setting Enable UPNP Service setting, an icon of IP Broadband Connection on Router on Windows XP/Network Connections will appear. The connection status and control status will be able to be activated. The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility.
¾ Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches. ¾ Non-privileged users can control some router functions, including removing and adding port mappings. The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications. When the applications terminate abnormally, these mappings may not be removed. 3.6 Wireless LAN This function is used for “n” models. 3.6.
Security Overview Real-time Hardware Encryption: Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience. Complete Security Standard Selection: To ensure the security and privacy of your wireless communication, we provide several prevailing standards on market. WEP (Wired Equivalent Privacy) is a legacy method to encrypt each frame transmitted via radio using either a 64-bit or 128-bit key.
SSID Broadcast Choose Show to make the SSID being seen by wireless clients. Choose Hide to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN. SSID It means the identification of the wireless LAN. SSID can be any text numbers or various special characters. The default SSID is "DrayTek". We suggest you to change it. Wireless Mode Choose the wireless mode for this router. At present, only 802.11B/B/N mix is available.
z Default Key All wireless devices must support the same WEP encryption bit size and have the same key. Key1-Key4 Four keys can be entered here, but only one key can be selected at a time. The format of WEP Key is restricted to 5 ASCII characters or 10 hexadecimal values in 64-bit encryption level, or restricted to 13 ASCII characters or 26 hexadecimal values in 128-bit encryption level. The allowed content is the ASCII characters from 33(!) to 126(~) except '#' and ',' .
z WPA Algorithm Select TKIP, AES or auto as the algorithm for WPA. WPA Pre-Shared Key Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). WPA-RADIUS The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication. It enables centralized remote access authentication for network management.
Configure via Push Button Click Start PBC to invoke Push-Button style WPS setup procedure. The router will wait for WPS requests from wireless clients about two minutes. The WPS LED on the router will blink fast when WPS is in progress. It will return to normal condition after two minutes. (You need to setup WPS within two minutes) Configure via Client PinCode Type the PIN code specified in wireless client you wish to connect, and click Start PIN button.
of a station with network card installed, press Start PBC button of network card. If you want to use PIN code, you have to know the PIN code specified in wireless client. Then provide the PIN code of the wireless client you wish to connect to the vigor router. 3.6.3 Access Control For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client.
Deny List – all the MAC address of wireless clients listed here will be blocked. Add a New Entry Add a new MAC address into the list. Delete Delete the selected MAC address in the list. This button will appear only an entry of MAC Address has been typed. Cancel Give up the configuration. OK Click it to save the configuration. 3.6.4 Station List Station List provides the knowledge of connecting wireless clients now along with its status code. Index Display the number of the connecting client.
3.6.5 Access Point Discovery Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Note: During the scanning process (about 5 seconds), no client is allowed to connect to Vigor. The table will list channel, SSID, BSSID, Encryption type, Authorization type and the Signal strength of working APs in the neighborhood. Channel Display the channel for the scanned AP.
the memory format for the USB diskette is FAT16 or FAT32. It is recommended for you to use FAT32 for viewing the filename completely (FAT16 cannot support long filename). Enable FTP Check this box to enable FTP connection. Enable Disk Sharing Check this box to enable Samba file sharing. Workgroup Name Type the name for FTP users for accessing into FTP server (USB diskette). Be aware that users cannot access into USB diskette in anonymity.
here, he/she can access into all of the disk folders and files in USB diskette. Note: When write protect status for the USB diskette is ON, you cannot type any new folder name in this field. Only “/” can be used in such case. Access Rule Select the access right for the USB diskette. When you finish the settings, simply click OK to save the configuration. 3.7.3 Disk Status This page can display current using status of the USB diskette.
Share Name Type a name to be used as shared folder name in Samba service. The name must not contain spaces or special characters. Comment Type the brief description for the disk sharing. The words here will be seen in Network Neighborhood on Windows client computers Volume Select the proper volume for the connected USB diskette. Path It determines the range for the client to access into. The user can enter a directory name in this field.
3.8 User 3.8.1 User Configuration This page allows you to set user’s setting that allowed to use PPTP, FTP, IPSEC/L2TP connection. Adding a New User Click Add a New User to open the following page. Username Type a name for this user. Full Name Type full name for this user. Password Type the password for this user. Password (again) Type the password again for confirmation. Allow Disk Sharing Check this box to enable Samba file sharing.
Editing/Deleting User Settings To edit a user, click the name link under Username to open the following page. Modify the settings except Username and then click OK to save and exit it. If you want to remove such user settings, simply click Delete User. 3.9 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, User Password, Configuration Backup, Syslog/Mail Alert, Time and Date, Management, Reboot System and Firmware Upgrade.
Model Name Display the model name of the router. Platform Display the hardware type that this device is built upon. Bootloader Version Display the bootloader version of the router. Firmware Version Display the firmware version of the router. Build Date/Time Display the date and time of the current firmware build. Hardware NAT Version Display the hardware acceleration NAT version. System Date Display current time and date for the system server.
MAC Address Display the MAC address of the wireless LAN. Device Type Display the device type used for wireless LAN. SSID Display the SSID of the router. Channel Display the channel that wireless LAN used. Manufacturer Display the manufacturer of the disk. Model Display the model of the disk. Size Display the storage size of the USB diskette. Status Display current status of the USB diskette. 3.9.2 User Password This page allows you to set new password for user operation.
2. Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. 3. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. 4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples.
2. Click Browse button to choose the correct configuration file for uploading to the router. 3. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. 3.9.4 Syslog / Mail Alert SysLog function is provided for users to monitor router. There is no bother to directly get into the Web Configurator of the router or borrow debug equipments. Enable (Syslog Access…) Check the box to activate function of syslog.
Log Level Choose the severity level for the system log entry. Enable (Mail Alert…) Check the box to activate function of mail alert. Send a test e-mail Make a simple test for the e-mail address specified in this page. Please assign the mail address first and click this button to execute a test for verify the mail address is available or not. SMTP Server The IP address of the SMTP server. Mail To Assign a mail address for sending mails out.
3.9.5 Time and Date It allows you to specify where the time of the router should be inquired from. Time Zone Select the time zone where the router is located. Add NTP server Click the button to add a new NTP server. Delete Click this button to remove an NTP server. Click OK to save these settings.
3.9.6 Management This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Enable HTTP/HTTPS/SSH/ICMP Ping/FTP/SNMP Enable the checkbox to allow system administrators to login from the Internet.
Click OK. The router will take 5 seconds to reboot the system. Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. 3.9.8 Firmware Upgrade Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools.
92 Vigor2130 Series User’s Guide
4 Admin Mode Operation This chapter will guide users to execute advanced (full) configuration through admin mode operation. 1. Open a web browser on your PC and type http://192.168.1.1. The window will ask for typing username and password. 2. Please type “admin/admin” on Username/Password for administration operation. Now, the Main Screen will appear. Be aware that “Admin mode” will be displayed on the bottom left side. 4.
What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN, it interconnects groups of host PCs. Each of them has a private IP address assigned by the built-in DHCP server of the Vigor router. The router itself will also use the default private IP address: 192.168.1.1 to communicate with the local hosts. Meanwhile, Vigor router will communicate with other network devices through a public IP address.
4.1.1 Internet Access This page allows you to set WAN configuration with different modes. Use the Connection Type drop down list to choose one of the WAN modes. The corresponding page will be displayed. Static For static IP mode, you usually receive a fixed public IP address or a public subnet, namely multiple public IP addresses from your DSL or Cable ISP service providers. In most cases, a Cable service provider will offer a fixed public IP, while a DSL service provider will offer a public subnet.
Gateway IP Address Type the gateway IP address. Primary DNS Server Type in the primary IP address for the router if you want to use Static IP mode. Secondary DNS Server Type in secondary IP address for using in the future if necessary. Clone MAC Address It is available when the box of Enable is checked. Click Clone MAC Address. The result will be displayed in the field of MAC Address. After finishing all the settings here, please click OK to activate them.
Username Type in the username provided by ISP in this field. Password Type in the password provided by ISP in this field. Redial Policy If you want to connect to Internet all the time, you can choose Always On. Otherwise, choose Connect on Demand. Idle Time Out Set the timeout for breaking down the Internet after passing through the time without any action. When you choose Connect on Demand, you have to type value here. MTU Size It means Max Transmit Unit for packet. The default setting is 1442.
PPTP/L2TP To use PPTP/L2TP as the accessing protocol of the internet, please choose PPTP/L2TP from Connection Type drop down menu. The following web page will be shown. Username Type in the username provided by ISP in this field. Password Type in the password provided by ISP in this field. Server Address Type in the IP address for PPTP /L2TP server. WAN IP Network Settings You can choose Static IP or DHCP as WAN IP network setting.
After finishing all the settings here, please click OK to activate them. 3G USB Modem If your router connects to a 3G modem and you want to access Internet via 3G modem, choose 3G as connection type and type the required information in this web page. SIM PIN code Type PIN code of the SIM card that will be used to access Internet. Modem Initial String1/2 Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP.
4.1.2 Ports Ports page is used to change the setting for WAN port. You can set or reset the following items. All of them are described in detail below. Port It displays current network interface. Link It displays current connection status. Green light means the WAN connection is successful. Current It displays current speed that the router uses. Speed Configured You can use the drop down list to choose the required speed for the router.
Discard - It determines whether the MAC drops frames after an excessive collision has occurred. If yes, a frame is dropped after excessive collision. This is IEEE Standard 802.3 half-duplex flow control operation. Restart - It determines whether the MAC retransmits frames after an excessive collision has occurred. If set, a frame is not dropped after excessive collisions, but the backoff sequence is restarted. This is a violation of IEEE Standard 802.
Modem Initial String1/2 Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. APN Name APN means Access Point Name which is provided and required by some ISPs. Modem Dial String Such value is used to dial through USB mode. Please use the default value. If you have any question, please contact to your ISP. PPP Username Type the PPP username (optional). PPP Password Type the PPP password (optional).
In some special case, you may have a public IP subnet from your ISP such as 220.135.240.0/24. This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts.
When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method. You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP. What are Virtual LANs and Rate Control You can group local hosts by physical ports and create up to 4 virtual LANs.
so it automatically dispatch related IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network. You can configure the router to serve as a DHCP server for the 2nd subnet. Check the box to enable DHCP server setting. Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.135.240.
Auto. Flow Control If flow control is enabled by checking Configured box, both parties can send PAUSE frame to the transmitting device(s) if the receiving port is too busy to handle. If not, there will be no flow control in the port. It drops the packet if too much to handle. Current Rx: indicates whether pause frames on the port are obeyed. Current Tx: indicates whether pause frames on the port are transmitted.
4.2.3 MAC Address Table This page allows you to set timeouts for entries in dynamic MAC Table and configure the static MAC table here. Disable Automatic Aging Stop the MAC table aging timer, the learned MAC address will not age out automatically. The default setting is enabled. Check the box to disable this function if required. Age Time Delete a MAC address idling for a period of time from the following MAC Table, which will not affect static MAC address.
4.2.4 VLAN Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port. You can also manage the in/out rate of each port. Go to LAN page and select VLAN. The following page will appear. VLAN function is enabled in default. Add New Private VLAN Click this button to add a new private VLAN. The router allows you to add up to 4 VLAN. To add or remove a VLAN, please refer to the following example. 1. VLAN 1 is consisted of hosts linked to P1 ~ P4. 2.
3. To remove VLAN, click the Delete button for the one you want to remove and click OK to save the results. 4.2.5 Static Route Go to LAN to open setting page and choose Static Route. Index The number (1 to 10) under Index displays current static router. Destination Address Display the destination address of the static route. Status Display the status of the static route. Add To add a new static route.
1. Click the LAN - Static Route and click Add. Check the Enable box. Please add a static route as shown below, which regulates all packets destined to 192.168.10.0 will be forwarded to 192.168.1.2. Click OK.
2. Return to Static Route page. Click Add again to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. 3. Verify current routing table. 4.2.6 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed.
Enable Click this radio button to invoke this function. However, IP/MAC which is not listed in IP Bind List also can connect to Internet. Disable Click this radio button to disable this function. All the settings on this page will be invalid. Strict Bind Click this radio button to block the connection of the IP/MAC which is not listed in IP Bind List. ARP Table This table is the LAN ARP table of this router. The information for IP and MAC will be displayed in this field.
z Enhance security of the internal network by obscuring the IP address. There are many attacks aiming victims based on the IP address. Since the attacker cannot be aware of any private IP addresses, the NAT function can protect the internal network. On NAT page, you will see the private IP address defined in RFC-1918. Usually we use the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services.
Name Specify the name for the defined network service. Protocol Specify the transport layer protocol. It could be TCP, UDP and TCP+UDP. Start Port Specify the starting port number of the service offered by the local host. End Port (optional) Specify the ending port number of the service offered by the local host. Local Host Enter the private IP address of the local host. Local Port (optional) If it is configured, the forwarded traffic is mapped to this port on the local host.
4.3.3 DMZ Host As mentioned above, Port Redirection can redirect incoming TCP/UDP or other traffic on particular ports to the specific private IP address/port of host in the LAN. However, other IP protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN.
4.4 Firewall Basics for Firewall While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet. Furthermore, it can filter out specific packets that trigger the router to build an unwanted outgoing connection.
equal to or less than 15, or "No Limit". The unit of the rate can be either pps (packets per second) or kpps (kilopackets per second). The configuration indicates the permitted packet rate for unicast, multicast, or broadcast traffic across the switch. 4.4.2 Ports Configuration This page is used to configure the ACL (Access Control List) parameters for each port. These parameters will affect data packets received on a port unless the data packets match a specific ACE (Access Control Entry).
Rate Limited ID Select a rate limiter to apply to this port. Available settings include Disabled, and 1 to 10. The default value is Disabled. Port Copy Select which port the frames are copied to for the purpose of monitoring. Available settings include Disabled, and 1 to 10. The default value is Disabled. Counter Counts the number of frames that match this Access Control Entry (ACE). Refresh Click this button to refresh the number of the counter immediately.
4.4.3 Rate Control Object Configure the rate limiter for the ACL (Access Control List) of the router. Rate Limited ID Rate limiter ID will be applied to WAN port and LAN port. Please specify a rate number for each ID. The default setting is “1”(packet per second). Rate Define the rate by choosing from the following drop down list.
4.4.4 Access Control List This page can define which kind of packet can access the router. The packet can be defined with input port, Frame type, Rate, MAC type, VLAN ID, tag and etc.. For IPv4, we can also define the protocol type, source IP and destination IP. Adding a New Access Control Profile Click to add a new specific session limitation onto the list. Define which port the packet from. Policy ID is defined in Ports Configuration Page which can group more than 1 port.
Action – it means the session limitation for this access control list will be applied to if matching with the rule defined in this page. Rate Limiter - Select a rate limiter to apply to this port. Available settings include Disabled, and 1 to 10. The default value is Disabled. Port Copy - Select which port the frames are copied to for the purpose of monitoring. Available settings include Disabled, and 1 to 10. The default value is Disabled.
MAC Parameter Specify the destination MAC filter for this ACE. Any: No DMAC filter is specified. (DMAC filter status is "don't-care".) MC: Frame must be multicast. BC: Frame must be broadcast. UC: Frame must be unicast. VLAN Parameter Specify the VLAN ID filter for this ACE. VLAN ID Filter - Specify the VLAN ID filter for this ACE. If you choose Any, no VLAN ID filter is specified. (VLAN ID filter status is "don't-care".) If you want to filter a specific VLAN ID with this ACE, choose Specific.
Detailed Explanation for Frame Type Frame Type selection will lead different options for configuration. z Choose Ethernet Type as the Frame Type, you will get Ethernet Type Parameters option as the following: Ethernet Type Filter z Choose Any to set the parameter with any value set by the router automatically or choose Specific to specify certain value (the range is 0x0000 to 0xFFFF).
Request/Reply Choose the request or replay that you want to filter. Sender IP Filter Specify the sender IP filter for this ACE. Choose Any to filter all of the packets. Choose Host to filter the packets from the host with the address typed in Sender IP Address filed. Choose Network to filter the packets within the network defined in Sender IP Address and Sender IP Mask fields. Sender IP Address Type the Sender IP Address here.
0: means target hardware address is not equal to the SMAC address. 1: means s target hardware address is equal to the SMAC address. Any: means any value is allowed. IP/Ethernet Length Specify whether frames/packets can meet the action according to the ARP/RARP hardware address length (HLN) and protocol address length (PLN) settings.
z Choose IPv4 as the Frame Type. You will see IP Parameters on the bottom of the page. If you choose ICMP as IP Protocol Filter, you will get the page as the following: IP TTL Specify the Time-to-Live settings for this ACE. Zero: IPv4 frames with a Time-to-Live field greater than zero must not be able to match this entry. Non-zero: IPv4 frames with a Time-to-Live field greater than zero must be able to match this entry. Any: Any value is allowed.
to match this entry. Any: Any value is allowed. SIP Filter Specify the source IP filter for this ACE. Any: No source IP filter is specified. Host: Source IP filter is set to Host. Specify the source IP address in the SIP Address field that appears. Network: Source IP filter is set to Network. Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear. SIP Address Type the SIP Address here.
ICMP Code Filter Specify the ICMP code filter for this ACE. Any: No ICMP code filter is specified (ICMP code filter status is "don't-care"). Specific: If you want to filter a specific ICMP code filter with this ACE, you can enter a specific ICMP code value. A field for entering an ICMP code value appears. ICMP Code Value z If you choose Specific as ICMP Code Filter, you have to type the ICMP Type Value manually. The allowed range is 0 to 255. A frame meeting this ACE matches this ICMP value.
Yes: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry. Any: Any value is allowed. IP Option Specify the options flag setting for this ACE. No: IPv4 frames where the options flag is set must not be able to match this entry. Yes: IPv4 frames where the options flag is set must be able to match this entry. Any: Any value is allowed. SIP Filter Specify the source IP filter for this ACE. Any: No source IP filter is specified.
Source Port Filter Specify the UDP port source filter for this ACE. Any: No UDP source filter is specified. Specific: If you want to filter a specific UDP source filter with this ACE, you can enter a specific UDP source value. A field for entering a UDP source value appears. Range: If you want to filter a specific UDP source range filter with this ACE, you can enter a specific UDP source range value. A field for entering a UDP source port range appears. Source Port No.
IP TTL Specify the Time-to-Live settings for this ACE. Zero: IPv4 frames with a Time-to-Live field greater than zero must not be able to match this entry. Non-zero: IPv4 frames with a Time-to-Live field greater than zero must be able to match this entry. Any: Any value is allowed. IP Fragment Specify the fragment offset settings for this ACE. This involves the settings for the More Fragments (MF) bit and the Fragment Offset (FRAG OFFSET) field for an IPv4 frame.
SIP Filter Specify the source IP filter for this ACE. Any: No source IP filter is specified. Host: Source IP filter is set to Host. Specify the source IP address in the SIP Address field that appears. Network: Source IP filter is set to Network. Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear. SIP Address Type the SIP Address here. This option is available when you choose Host or Network as source SIP Filter. SIP Mask Type the SIP Mask here.
Dest. Port Filter Specify the TCP port destination filter for this ACE. Any: No TCP destination filter is specified. Specific: If you want to filter a specific TCP destination filter with this ACE, you can enter a specific TCP destination value. A field for entering a TCP destination value appears. Range: If you want to filter a specific TCP destination range filter with this ACE, you can enter a specific TCP destination range value. A field for entering a TCP destination port range appears. Dest.
match this entry. Any: Any value is allowed. TCP PSH Specify the TCP "Push Function" (PSH) value for this ACE. 0: TCP frames where the PSH field is set must not be able to match this entry. 1: TCP frames where the PSH field is set must be able to match this entry. Any: Any value is allowed. TCP ACK Specify the TCP "Acknowledgment field significant" (ACK) value for this ACE. 0: TCP frames where the ACK field is set must not be able to match this entry.
IP Protocol Value When "Other" is selected for the IP protocol filter, you can enter a specific value here. The range is 0 to 255. The default value is “255”.A frame meeting this ACE matches this IP protocol value. IP TTL Specify the Time-to-Live settings for this ACE. Zero: IPv4 frames with a Time-to-Live field greater than zero must not be able to match this entry. Non-zero: IPv4 frames with a Time-to-Live field greater than zero must be able to match this entry. Any: Any value is allowed.
able to match this entry. Yes: IPv4 frames where the options flag is set must be able to match this entry. Any: Any value is allowed. SIP Filter Specify the source IP filter for this ACE. Any: No source IP filter is specified. Host: Source IP filter is set to Host. Specify the source IP address in the SIP Address field that appears. Network: Source IP filter is set to Network. Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear.
4.5.1 Session Limit A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted. To solve the problem, you can use limit session to limit the session procession for specified Hosts.
4.5.2 Bandwidth Limit The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs. Please use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. To activate the function of limit bandwidth, simply click Enable and set the default upstream and downstream limit. Enable Click this button to activate the function of limit bandwidth.
system will use the default speed for the specific limitation you set for each index. RX Limit Define the limitation for the speed of the downstream to be applied as specific limitation. If you do not set the limit in this field, the system will use the default speed for the specific limitation you set for each index. Add Add the specific speed limitation onto the list above. Edit Allows you to edit the settings for the selected limitation.
other applications are not protected by QoS, it will detract much from their performance in the overcrowded network. This is especially essential to those are low tolerant of loss, delay or jitter (delay variation). Another reason is due to congestions at network intersections where speeds of interconnected circuits mismatch or traffic aggregates, packets will queue up and traffic can be throttled back to a lower speed.
QCE Type Display the type of that QCE (QoS Control Entries). Type Value Display the value specified for the QCE. Traffic Class Display the class of the data transmission for the QCE. QoS Control List allows users to set up to five groups of QCL. Each QCL group can contain 12 QCE settings. Adding a New QCE Click settings. z to add a new QCE onto this page.
Ethernet Type Value Either 8~63 ASCII characters, such as 012345678(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). z If you choose VLAN ID as QCE Type, you have to type the ID number for it and specify traffic class from Low, Normal, Medium and High. z If you choose TCP/UDP Port as QCE Type, you have to type the port number for it and specify traffic class from Low, Normal, Medium and High. TCP/UDP Port Click Single or Range.
z If you choose DSCP as QCE Type, you have to type value for it and specify traffic class from Low, Normal, Medium and High. z If you choose ToS as QCE Type, you have to specify priority class from Low, Normal, Medium and High. z If you choose Tag Priority as QCE Type, you have to specify priority class from Low, Normal, Medium and High. Editing a QCE Click Vigor2130 Series User’s Guide to modify the settings of an existing QCE on this page.
Moving Up/Down a QCE Click and to move a QCE up and down. Deleting a QCE To delete a QCE in the list, simply click of that one. It will be removed immediately. 4.5.5 Ports Priority This page allows you to configure QoS settings for each port. The classification is controlled by a QCL (Quality Control List) that is assigned to each port. A QCL consists of an ordered list of up to 12 QCEs (Quality Control Entry). Each QCE can be used to classify certain frames to a specific QoS class.
QCL Use the drop down list to choose the QCL number defined in QoS Control List for the port. Queuing Mode Use the drop down list to choose suitable mode. Queue Weighted Use the drop down list to choose 1, 2, 4, or 8 as the queue weighted number. 4.5.6 QoS Statistics This page displays statistics for QoS setting. Click WAN/LAN link to check detailed information for each interface. Click WAN/LAN link to check detailed information for each interface.
Rx Packets Display the counting number of the packet received. Rx Octets Display the total received bytes. Rx Unicast Display the counting number of the received unicast packet. Rx Broadcast Display the counting number of the received broadcast packet. Rx Pause Display the counting number of the received pause packet. RX 64 Bytes Display the number of 64-byte frames in good and bad packets received. RX 65-127 Bytes Display the number of 65 ~ 127-byte frames in good and bad packets received.
Rx Low Display the low queue counter of the packet received. Rx Normal Display the normal queue counter of the packet received. Rx Medium Display the medium queue counter of the packet received. Rx High Display the high queue counter of the packet received. Rx Drops Display the number of frames dropped due to the lack of receiving buffer. Rx CRC/Alignment Display the number of Alignment errors packets received. Rx Undersize Display the number of short frames (<64 Bytes) with valid CRC.
Tx High Display the high queue counter of the packet received. Tx Drops Display the number of frames dropped due to excessive collision, late collision, or frame aging. Tx lat/Exc.Coll. Display the number of Frames late collision or excessive collision Error, which switch transmitted. 4.6 Applications Below shows the menu items for Applications. 4.6.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP.
Password Type in the password that you set for applying domain. Check IP change every Set the interval for checking the information. Force IP update every Force the router updates its information to DDNS server with the interval set here. Click OK button to activate the settings. You will see your setting has been saved. 4.6.2 Schedule The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP).
specified in Idle Timeout field. Disable Dial-On-Demand -Specify the connection to be up when it has traffic on the line. Once there is no traffic over idle timeout, the connection will be down and never up again during the schedule. Acts Specify how often the schedule will be applied Once -The schedule will be applied just once Routine /Weekday -Specify which days in one week should perform the schedule. 4.6.
4.6.4 IGMP Status This page display current IGMP status. V1~3 Reports Receive Display the number of Received V1 – V3 Reports. V2 Leave Receive Display the number of Received V2 Leave. Groups Display current IGMP groups. Maximum number of group for each VLAN can be set is 128. Port Members Display the LAN ports in this group. Refresh Click this button to refresh the page immediately. Clear Click this button to clear the settings on this page. 4.6.
Download Speed Enter the maximum sustained WAN download speed in kilobits/second. Such information can be requested by UPnP clients. Upload Speed Enter the maximum sustained WAN upload speed in kilobits/second. Such information can be requested by UPnP clients. After setting Enable UPNP setting, an icon of IP Broadband Connection on Router on Windows XP/Network Connections will appear. The connection status and control status will be able to be activated.
Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats. You should consider carefully these risks before activating the UPnP function.
Enable PPTP VPN Service If this checkbox is checked, the system firewall will allow VPN (PPTP) remote access from WAN side to the router. 4.7.2 PPTP Remote Dial-in You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. The router provides access accounts for dial-in users. Adding a New User Click Add new user to open the following page. Username Type a name for this user. Full Name Type full name for this user.
When you finish the settings, simply click OK to save the configuration. The new user will be created and displayed on the page. Editing/Deleting User Settings To edit a user, click the name link under Username to open the following page. Modify the settings except Username and then click OK to save and exit it. If you want to remove such user settings, simply click Delete User.
4.7.3 IPSec Remote Dial-in This page allows you to configure IPSec Site-to-Client settings. Mobile VPN Type This usually applies to those are remote dial-in user or node (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Disabled – Ignore the configurations set in this page. Dynamic VPN (IPSec) – Traffic between this subnet and the client will travel through the VPN tunnel.
Authentication Type - Determine the authentication method for remote dial-in user. Preshared secret – If you choose this one, you have to type the shared secret manually and specify local identity. When using Preshared secret, all clients share the same secret. Certificates - If you choose this one, you have to choose local certificate from the Local Certificate drop down list and type in local identity. Then, use Add Identity to specify remote identity for this service.
establishment. 4.7.4 Remote Dial-in Status You can find the summary table of all dial-in user status. Client Display the name of the VPN IPSec/Mobile client. Identity Display the remote ID of the VPN client. Endpoint Display the IP address of the VPN client. IKE Status Display the status of the phase 1 ISAKMP key exchange. IKE Alg Display the encryption and authentication algorithm used during phase 1 of the VPN connection Establishment. The algorithm is used during exchange of key exchange.
Refresh Click this button to refresh the page immediately. 4.7.5 LAN to LAN Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel) and corresponding security methods, etc. The router supports 2 VPN tunnels simultaneously and provides up to 2 profiles. The following figure shows the summary table.
Enabled Check here to activate this tunnel. Name Specify a name for this tunnel. Remote IP Enter the IP address of the remote host that located at the other-end of the VPN tunnel. Type This group of fields is applicable for IPSec Tunnels. Different type will bring out different requirement of information. Pre-Shared Key Such field will be applicable when Preshared key is selected as the Type for the authentication. Input 1-63 characters as pre-shared key.
Local Network / Mask Traffic between this subnet and the subnet specified in Remote Network / Mask will travel through the VPN tunnel. Remote Network / Mask Add a static route to direct all traffic destined to this Remote Network IP Address/Remote Network Mask through the VPN connection. For IPSec, this is the destination clients IDs of phase 2 quick mode.
In an Infrastructure Mode of wireless network, Vigor wireless router plays a role as an Access Point (AP) connecting to lots of wireless clients or Stations (STA). All the STAs will share the same Internet connection via Vigor wireless router. The General Settings will set up the information of this wireless network, including its SSID as identification, located channel etc.
4.8.2 General Setup By clicking the General Setup, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Enable Wireless LAN Check the box to enable the wireless function. SSID Broadcast Choose Show to make the SSID being seen by wireless clients. Choose Hide to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN.
Each encryption mode will bring out different web page and ask you to offer additional configuration. Wireless Security Configuration For the security of your system, choose the proper encryption for data transmission. Different encryption mode will bring out different setting encryption ways. z None The encryption mechanism is turned off. z WEP Accepts only WEP clients and the encryption key should be entered in WEP Key.
z WPA Mode Select WPA, WPA2 or Auto as the type. WPA Algorithm Select TKIP, AES or auto as the algorithm for WPA. WPA Preshared Key Either 8~63 ASCII characters, such as 012345678..(or 64 Hexadecimal digits leading by 0x, such as "0x321253abcde..."). WPA-RADIUS The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication.
z WPA Algorithm Choose the WPA algorithm, TKIP, AES or Auto. Server IP Address Enter the IP address of RADIUS server. Destination Port The UDP port number that the RADIUS server is using. The default value is 1812, based on RFC 2138. Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret.
Note: Such function is available for the wireless station with WPS supported. There are two methods to do network connection through WPS between AP and Stations: pressing the Start PBC button or using PIN Code. On the side of Vigor 2130 series which served as an AP, press WPS button once on the front panel of the router or click Start PBC on web configuration interface. On the side of a station with network card installed, press Start PBC button of network card.
Filter Type Choose the rule for the MAC addresses displayed in this page. Allow List – all the MAC address of wireless clients listed here are allowed to do wireless connection. Deny List – all the MAC address of wireless clients listed here will be blocked. Add a New Entry Add a new MAC address into the list. Delete Delete the selected MAC address in the list. This button will appear only an entry of MAC Address has been typed. Cancel Give up the configuration.
Connected Time Display the connection time for the connecting client. Auto-refresh Check this box to force the system refreshing the table automatically. Refresh Click this button to refresh current page. 4.8.5 Access Point Discovery Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Note: During the scanning process (about 5 seconds), no client is allowed to connect to Vigor.
4.9.1 USB General Settings This page will determine the number of concurrent FTP connection and default charset for FTP server. At present, the Vigor router can support USB diskette with versions of FAT16 and FAT32 only. Therefore, before connecting the USB diskette into the Vigor router, please make sure the memory format for the USB diskette is FAT16 or FAT32. It is recommended for you to use FAT32 for viewing the filename completely (FAT16 cannot support long filename).
Home Folder It determines the range for the client to access into. The user can enter a directory name in this field. Then, after clicking OK, the router will create the specific/new folder in the USB diskette. In addition, if the user types “/” here, he/she can access into all of the disk folders and files in USB diskette. Note: When write protect status for the USB diskette is ON, you cannot type any new folder name in this field. Only “/” can be used in such case.
To add a new entry for disk sharing, please click Add a New Entry to open the following page. Share Name Type a name to be known by other computers in local network. The name must not contain spaces or special characters. Comment Type the brief description for the disk sharing. The words here will be seen in Network Neighborhood on Windows client computers Volume Select the proper volume for the connected USB diskette. Path It determines the range for the client to access into.
4.10 User 4.10.1 User Configuration This page allows you to set user’s setting that allowed to use PPTP, FTP, IPSEC/L2TP connection. Adding a New User Click Add new user to open the following page. Username Type a name for this user. Full Name Type full name for this user. Password Type the password for this user. Password (again) Type the password again for confirmation. llow Disk Sharing Check this box to have the remote user share the disk information.
When you finish the settings, simply click OK to save the configuration. The new user will be created and displayed on the page. Editing/Deleting User Settings To edit a user, click the name link under Username to open the following page. Modify the settings except Username and then click OK to save and exit it. If you want to remove such user settings, simply click Delete User.
4.11 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, User Password, Configuration Backup, Syslog/Mail Alert, Time and Date, Management, Reboot System, and Firmware Upgrade. Below shows the menu items for System Maintenance. 4.11.1 System Status The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.
LAN------MAC Address Display the MAC address of the LAN Interface. IP Address Display the IP address of the LAN interface. IP Mask Display the subnet mask address of the LAN interface. WAN------MAC Address Display the MAC address of the WAN Interface. IP Address Display the IP address of the WAN interface. IP Mask Display the subnet mask address of the WAN interface. Default Gateway Display the gateway address of the WAN interface. Primary DNS Display the specified primary DNS setting.
Old Password Type in the old password. The factory default setting for password is blank. New Password Type in new password in this filed. Confirm Password Type in the new password again. When you click OK, the login window will appear. Please use the new password to access into the web configurator again. 4.11.4 Configuration Backup Backup the Configuration Follow the steps below to backup your configuration. 1. Go to System Maintenance >> Configuration Backup.
3. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. 4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently.
Enable (Syslog Access…) Check “Enable” to activate function of syslog. Router Name Assign a name of this device. Server IP Address The IP address of the Syslog server. Destination Port Assign a port for the Syslog protocol. Log Level Choose the severity level for the system log entry. Enable (Mail Alert…) Check “Enable” to activate function of mail alert. SMTP Server The IP address of the SMTP server. Mail To Assign a mail address for sending mails out.
6. From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. 4.11.6 Time and Date It allows you to specify where the time of the router should be inquired from. Time Zone Select the time zone where the router is located. Add NTP server Click the button to add a new NTP server.
Delete Click this button to remove an NTP server. Click OK to save these settings. 4.11.7 Management This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls.
Click OK. The router will take 5 seconds to reboot the system. Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. 4.11.9 Firmware Upgrade Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools.
4.12 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. 4.12.1 Ping Click Diagnostics and click Ping to open the web page. It is used to troubleshoot IP connection for your router. IP Address Type in the IP address of the Host/IP that you want to ping. Ping Size Type in the payload size of the ICMP packet. Values range from 8 bytes to 1400 bytes. Start Click this button to start the ping work.
4.12.2 Routing Table Click Diagnostics and click Routing Table to open the web page. Destination Display the IP address for destination network or destination host. Gateway Display the gateway address or “*” if none set. Genmask Display the netmask for the destination net; '255.255.255.255' is for a host destination and '0.0.0.0' is for the default route. Flags Different codes represent different routing status. U - route is up.
4.12.3 System Log Click Diagnostics and click System Log to open the web page. Time Display the time of the system log entry. Level Display the severity level of the system log entry. Type Display the type or subsystem of the system log entry. Message Display a short description of the system log entry. Auto-refresh Check it to enable auto-refresh function. Reverse Check it to have newest log entries presented first. Refresh Click it to reload the page. 4.12.
Port Display the interface that data transmission passing through. Packets Display the packet sizes for data transmission in receiving and sending. Bytes Display the number of received and transmitted bytes per port. Errors Display the number of the error occurred in data receiving and data sending. Drops Display the number of the data lost in receiving and sending. Filtered Display the number of received frames filtered by the forwarding process.
Rx Unicast Display the counting number of the received unicast packet. Rx Broadcast Display the counting number of the received broadcast packet. Rx Pause Display the counting number of the received pause packet. RX 64 Bytes Display the number of 64-byte frames in good and bad packets received. RX 65-127 Bytes Display the number of 65 ~ 127-byte frames in good and bad packets received. RX 128-255 Bytes Display the number of 128 ~ 255-byte frames in good and bad packets received.
Tx Pause Show the counting number of the transmitted pause packet. Tx 64 Bytes Display the number of 64-byte frames in good and bad packets transmitted. Tx 65-127 Bytes Display the number of 65 ~ 127-byte frames in good and bad packets transmitted. Tx 128-255 Bytes Display the number of 128 ~ 255-byte frames in good and bad packets transmitted. Tx 256-511 Bytes Display the number of 256 ~ 511-byte frames in good and bad packets transmitted.
Type Indicate whether the entry is a static or dynamic entry. VLAN Display the VLAN ID of that entry. MAC Address Display the MAC address of that entry. Port Members Display the port of that entry. Auto-refresh Check it to enable auto-refresh function. Refresh Click it to reload the page. Clear Click it to clear the whole table.
4.12.7 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click DHCP Table to open the web page. Computer Name It displays the name of the computer accepted the assigned IP address by this router. IP Address It displays the IP address assigned by this router for specified PC.
4.12.8 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page.
Unblock – the device with the IP address will be blocked in five minutes. The remaining time will be shown on the session column. 4.12.9 Ports State Click Diagnostics and click Ports State to open the list page. There are for LAN ports and one WAN port in your router. Through this page, you can know which port is using and you can get the detailed statistics for each port by moving and clicking the mouse on the connected one. Auto-refresh Check it to enable auto-refresh function.
5 Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Checking if the hardware status is OK or not. z Checking if the network connection settings on your computer are OK or not. z Pinging the router from your computer. z Checking if the ISP settings are OK or not.
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 1.
4. Select Obtain an IP address automatically and Obtain DNS server address automatically. For MacOs 1. Double click on the current used MacOs on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
5.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 4.2) Please follow the steps below to ping the router correctly.
5.4 Checking If the ISP Settings are OK or Not Open WAN>>Internet Access page and then check whether the ISP settings are set correctly. Use the Connection Type drop down list to choose Static IP/DHCP/PPPoE/PPTP/L2TP for reviewing the settings that you configured previously.
For Static Users 1. Choose Static IP as the connection type. 2. Check if IP Address, IP Mask and IP Router are set correctly (must identify with the values from your ISP). For PPPoE Users 1. Choose PPPoE as the connection type. 2. Check if Username and Password are set correctly (must identify with the values from your ISP).
For PPTP/L2TP Users 1. Choose PPTP/L2TP as the connection type. 2. Check if Username, Password, IP address, Subnet Mask are entered with correct values that you get from your ISP. 5.5 Backing to Factory Default Setting If Necessary Sometimes, a wrong connection can be improved by returning to the default settings. Try to reset the router by software or hardware. Warning: After pressing factory default setting, you will loose all settings you did before.
Hardware Reset While the router is running (ACT LED blinking), press the Factory Reset button and hold for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the button. Then, the router will restart with the default configuration. After restore the factory default setting, you can configure the settings for the router again to fit your personal request. 5.
