Preamble of Vigor2100V/VG series residential broadband Router Introduction Easy Internet-Sharing of your broadband* connection Robust firewall to help protect your network from external attacks Built-in VoIP facilities enable to deploy cost-effective IP telephone infrastructure Plug in a telephone to use your broadband line for regular phone calls Integration with your existing phone line (POTS) with automatic failover during power cuts QoS assured priority for VoIP Internet traffic 802.
Brief Overview Broadband Router 802.11g WLAN AP VoIP port Life Line port Vigor2100V * Vigor2100VG * - * One FXS one One FXS one The Vigor2100VG is a user-friendly broadband router with a built-in VoIP (Voice over IP) telephone port and 802.11g Wireless LAN access point. The visual design, with its stylish pleasing lines and brushed silver finish provide looks good enough to fit into any environment.
Highlights VoIP (Voice over IP) Connect a regular telephone to make and receive voice calls using your existing broadband connection, leaving your regular line free E-mail Detection LED flashes to indicate E-mail is waiting on your mail server (POP3) LAN 4-port 10/100M Base-TX Ethernet switch Make and receive calls using your regular phone line (POTS) or via VoIP using the same telephone handset Auto-Fallback - Phone switches to PSTN during power cut SIP, RTP/RTCP protocols compliance DHCP server for IP
Hardware Connection Preamble of DrayTek Vigor2100V series 4 All Rights Reserved
Vigor2100V/VG Series of Residential Broadband Routers About This User’s Guide This manual is designed to assist users in using one of the Vigor2100V/VG series residential broadband router with VoIP. Information in this document has been carefully checked for accuracy and, however, no guarantee is given as to the correctness of the contents. The information contained in this document is subject to change without notice.
Vigor2100V/VG Series of Residential Broadband Routers Copyright Copyright 2004 by DrayTek Corporation All rights reserved. The information of this publication is protected by copyright. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademark Microsoft is a registered trademark of Microsoft Corp.
Vigor2100V/VG Series of Residential Broadband Routers DrayTek Limited Warranty We warrant to the original end user (purchaser) that the routers will be free from any defects in workmanship or materials for a period of three (3) years from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase.
Vigor2100V/VG Series of Residential Broadband Routers Be a Registered Owner Online web registration at www.draytek.com is preferred. Alternatively, fill in the registration card and mail it to the address found on the reverse side of the card. Registered owners will receive future product and update information.
Vigor2100V/VG Series of Residential Broadband Routers Safety Instructions Please read the installation guide thoroughly before you set up the router. The router is a complicated electronic device that may be repaired only be authorized and qualified personnel. Do not try to open or repair the router yourself. Do not place the router in a damp or humid place, e.g. a bathroom. The router should be used in a sheltered area, within a temperature range from +5 to +40 Celsius.
Vigor2100V/VG Series of Residential Broadband Routers European Community Declarations Manufacturer: DrayTek Corp. Address: No. 26, Fu Shing Road, HuKou County, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Product: Vigor2100V/VG Series Residential Broadband Routers DrayTek Corp. declares that Vigor2100V/VG series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC.
Vigor2100V/VG Series of Residential Broadband Routers Commission (FCC) Interference Statement The Vigor2100V and Vigor2100VG have been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
Vigor2100V/VG Series of Residential Broadband Routers Customer Support Please prepare the following information as you contact your customer support. Product model and serial number. Warranty information. Date that you received your router. Brief description of your problem. Steps that you may take to solve it and their associated SysLog messages. The information of customer support and sales representatives are support@draytek.com and sales@draytek.com, respectively.
Vigor2100V/VG Series of Residential Broadband Routers Table of Contents CHAPTER 1. Quick Start Wizard 1.1. Introduction........................................................................................ 1-1 1.2. Settings for different-type Internet access......................................... 1-3 CHAPTER 2. On Line Status 2.1. Introduction........................................................................................ 2-1 2.2.1. System status ................................................
Vigor2100V/VG Series of Residential Broadband Routers 5.4. DMZ Host Setup ................................................................................ 5-5 5.5. Open Port Setup................................................................................. 5-7 5.6. Well-known Port Number List .......................................................... 5-9 CHAPTER 6. Protect Your Network 6.1. Introduction........................................................................................ 6-1 6.2.
Vigor2100V/VG Series of Residential Broadband Routers CHAPTER 8. Call Schedule Setup 8.1. Introduction........................................................................................ 8-1 Time-Setup ................................................................................................ 8-1 8.2. Configuration of Call Schedule ......................................................... 8-2 8.3. An Example ...........................................................................................
Vigor2100V/VG Series of Residential Broadband Routers 11-5. QoS for Voice Call .........................................................................11-14 CHAPTER 12. Wireless LAN Setup 12.1. Introduction.................................................................................... 12-1 12.2. Configuration ................................................................................. 12-2 12.3. Configuring the WEP Security ...................................................... 12-4 12.4.
Vigor2100V series Chapter 1 Quick Start Wizard Introduction The Quick Start Wizard is designed for you to easily set up your broadband Internet access. We already integrated Quick Start Wizard into the Web Configurator of Vigor2100V/VG series. You can directly access the Quick Start Wizard via Web Configurator. You can also find the Ez Configurator from the router tool of firmware CD enclosed with the package.
Vigor2100V series Step 2. The Main Menu will pop out after completing previous step. Step 3. Now Quick Start Wizard is switched on. Enter login password. Then click Next to continue. Step 4. Select the appropriate TIME ZONE for your location.
Vigor2100V series Step 5 Select the appropriate Internet connection type to your ISP. In terms of several Internet connection type, please follow procedures as below: PPPoE users Enter your user name and password provided by your ISP. Dial on Demand : The router will ONLY connect to your ISP on demand. By “on demand”, it means when any LAN user attempt to send data onto the Internet. When there is no data traffic, the router will close the connection to the ISP because there is no demand.
Vigor2100V series Idle timeout: This is the time setting If there being no Internet traffic for a period, for example 10 minutes. PPTP users Always On: The router will keep a permanent connection to the ISP automatically. Enter your user name and password provided by your ISP. Obtain an IP address automatically: Set the WAN interface as a DHCP client that will ask for the IP network settings from the DHCP server or PPTP-enabled DSL modem.
Vigor2100V series WAN IP address: this is the IP address assigned by your ISP for your router. You shall specify the IP address of the router here. e.g. 172.16.2.84 Subnet Mask: an address code that determines the size of the network; this is the subnet mask of the router, when seen by external users on the Internet (including your ISP). The subnet mask is provided by your ISP. e.g. 255.255.255.0 Gateway IP Address: an IP address forwards Internet traffic from your local area network (LAN) . e.g. 172.16.2.
Vigor2100V series Step 6 Review the summary of settings. We also have the Ez Configurator in the product CD. Once if you already followed the previous sections to configure your router via Quick Start Wizard and were able to access the Internet successfully, you will NOT need to use Ez Configurator from the CD configure your Vigor Router again. Vigor2100V/VG series apply efficient codecs designed to make the best use of available bandwidth. Vigor2100V/VG also equips with automatic QoS assurance.
Vigor2100V series On the bottom of Web Configurator window, you can find messages showing the system interaction with you. “Ready” indicates the system is ready for you to input settings. “Settings Saved” means your settings are saved once you click “Finish” or “OK” button.
Vigor2100V series Chapter 2 Online Status 2.1 Introduction The Online Status provides some useful information about the Vigor router, LAN and WAN interface. Also, you could use the status page to know the Internet access status. 2.2 Online Status Descriptions Click Online Status to open the Online Status page. Here in, we use an example to explain the Online Status. In the example, as shown in the following picture, the router is working on Dynamic IP mode to access the Internet. 2.2.
Online Status 2.2.2 LAN Status IP Address IP address of the LAN interface. TX Packets Total number of transmitted IP packets since the router was powered on. RX Packets Total number of received IP packets since the router was powered on. Primary You must specify DNS server IP address here if your ISP DNS has the said address. If you do not specify it, the router will automatically apply default DNS Server IP address: 194.109.6.66 to this field.
Online Status 2.2.3 WAN Status Mode Indicate which broadband access mode is active. Depending upon the access mode, you may see PPPoE, PPTP, PPPoA, or Static IP or DHCP. GW IP Addr The gateway IP address. IP Address IP address of the WAN interface. TX Packets Total number of transmitted IP packets during this connection session. TX Rate Transmission rate in characters per second (cps) for outgoing data. RX Packets Total number of received IP packets during this connection session.
Vigor2100V series Chapter 3 Internet Access Setup 3.1 Introduction The router connects the group of PCs in your home or office to the Internet. The data that travels between two networks is regulated by the router. The Network Address Translation (NAT) of the router translates a public IP address for the Internet to several private IP addresses of a local area network. IP means Internet Protocol.
Internet Access Setup Some DSL-based ISPs use PPPoE (Point-to-Point PPPoE Protocol over Ethernet) to let users establish Internet access. All local users can share one PPPoE connection to access the Internet. It means a fixed or permanent IP address. Choose Static Static IP IP if Dynamic IP your ISP provides you with a permanent IP address. It means that “Obtain an IP automatically”. In most circumstances, the cable modem which you are connecting shall obtain a dynamic IP address from the ISP.
Internet Access Setup The router is connected behind the broadband device (i.e. DSL/Cable modem) and works as a NAT or IP router for broadband connections. 3.2 Configuration 3.2.1 Using PPPoE with a DSL modem Click Internet Access Setup > PPPoE to enter the setup page. PPPoE Setup PPPoE Link: Check Enable to enable the PPPoE client protocol on the WAN interface. Please remember to remove PPPoE applications which are already installed on your PCs if you need to enable PPPoE and you are DSL users.
Internet Access Setup ISP Access Setup ISP Name: Enter the service name if provided by your ISP. Username/Password: Enter the username and password supplied by your ISP Scheduler (1-15): Enter the index of schedule profile to control the Internet access by time plan. PPP/MP Setup PPP Authentication: Select PAP or CHAP for widest compatibility. Always On: Check to force the Internet access is always online, and you will see the Idle Timeout field will be blocked for input.
Internet Access Setup 3.2.2 Using a Static IP with a DSL/Cable Modem You can receive a fixed public IP address or a public subnet (i.e. Multiple public IP addresses) from your DSL or Cable ISP. Because of NAT (Network Address Translation) function, you just need to assign a fixed public IP address to assign to the WAN interface of your router. Your router will let your every PC share the broadband access as NAT transform the said fixed IP address to several private IP address.
Internet Access Setup WAN IP Network Settings Specify an IP address If your ISP offers you a static (fixed or permanent) IP address, you have to enable “Specify an IP address”. IP address This is the IP address assigned by your ISP for your router. You shall specify the IP address of the router here. e.g. 172.16.2.84. Subnet Mask An address code that determines the size of the network; this is the subnet mask of the router, when seen by external users on the Internet (including your ISP).
Internet Access Setup Gateway IP Address An IP address forwards Internet traffic from your local area network (LAN) . e.g. 172.16.2.5. DNS Server IP You must specify a DNS server IP address here address because your ISP will at least provide you with at least one DNS Server IP address. If you do not specify it, the router will automatically apply default DNS Server IP address: 194.109.6.66 to this field.
Internet Access Setup 3.2.3 Using a Dynamic IP (DHCP Client) with a DSL/Cable Modem This application is mostly used by Cable ISPs. Click Internet Access Setup > Static or Dynamic IP to enter the setup page. Access Control Broadband Access: Select Enable to turn on the broadband access capability. Keep WAN Connection Enable PING to keep alive: Check to enable PING to keep alive function. Normally, this function is for Dynamic IP environment.
Internet Access Setup WAN IP Network Settings Obtain an IP address The option must be enabled. automatically Router Name Depending on your Cable ISP, this option may or may not be left blank. Some ISPs require this name for access authentication. Domain Name Depending on your Cable ISP this field may or may not be left blank. Default MAC Address These two options are mutually exclusive. & Specify a MAC Some Cable ISPs use a specific MAC address Address for access authentication.
Internet Access Setup PPTP Setup PPTP Link Check Enable to enable a PPTP client to establish a tunnel to a DSL modem on the WAN interface. PPTP Server IP Specify the IP address of the PPTP-enabled Address DSL modem. Refer to the user manual of the PPTP-enabled DSL modem.
Internet Access Setup ISP Access Setup ISP Name: Enter the service name if provided by your ISP. Username/Password: Enter the username and password supplied by your ISP. Scheduler (1-15): Enter the index of schedule profile to control the Internet access by time plan. PPP/MP Setup PPP Authentication Select PAP or CHAP for widest compatibility. Always On Check to force the Internet access is always online, and you will see the Idle Timeout field will be blocked for input.
Internet Access Setup WAN IP Network Settings Obtain an IP address Set the WAN interface as a DHCP client that will automatically ask for the IP network settings from the DHCP server or PPTP-enabled DSL modem. Specify an IP address If you are not sure whether there are any DHCP services on the WAN interface, you can manually assign an IP address to the interface. Note that the IP Address and Subnet Mask should be assigned within the same network as the PPTP-enabled DSL modem. .
Vigor2100V series Chapter 4 LAN TCP/IP and DHCP Setup 4.1 Introduction In this chapter, we will explain in detail about the LAN TCP/IP and DHCP Setup. 4.2 LAN IP Network Configuration The IP address/subnet mask is for grouping users on your LAN. For example, you can let the computer of your kids be connected together with your own computer to share the broadband access and to share files.
LAN TCP/IP and DHCP Setup IP Address: Private IP address for connecting to a local private network (Default: 192.168.1.1). Subnet Mask: An address code that determines the size of the network; this is the subnet mask of the router, when seen by external users on the Internet (including your ISP). (Default: 255.255.255.0/ 24) 4.3 DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol. factory default acts a DHCP server for your network.
LAN TCP/IP and DHCP Setup Enable Server Let the router automatically assign IP address to every PC on the LAN Disable Server You manually assign IP address from the router to every PC on the LAN Relay Agent Allows PCs on the LAN to request IP address from other DHCP server. e.g. You shall get IP from the DHCP server located at your office. Start IP Address Set the start IP address of the IP address pool. IP Pool Counts Set the number of IP address pool.
LAN TCP/IP and DHCP Setup Primary IP You must specify a DNS server IP address here Address because your ISP will at least provide you with at least one DNS Server IP address. If you do not specify it, the router will automatically apply default DNS Server IP address: 194.109.6.66 to this field. Secondary IP You must specify secondary DNS server IP address Address here because your ISP often can let you have at least one DNS Server IP address.
Vigor2100V series Chapter 5 NAT Setup 5.1 Introduction NAT is a method of mapping one or more IP addresses and/or service ports into different specified services, where NAT stands for Network Address Translation. It allows the internal IP addresses of many computers on a Local Area Network (LAN) to be translated to one public address, saving users’ cost. It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet.
NAT Setup In the Vigor routers, we support three variants of port mapping methods: Port Redirection, Open Ports, and DMZ host. The following is the setting path for this function. NAT > Port Redirection > DMZ Host > Open Ports > Well-Known Ports List Port Redirection The packet is forwarded to a specific local host if the port number matches that defined in the table. A user can also translate the port to another port locally.
NAT Setup Now, let us move on individual setting of these three port-mapping methods. 5.3 Configure Port Redirection Table The Port Redirection is for you to expose internal servers to the public domain. For example, you run a web server and some users want to access this web server. You also run an internal SMTP mail server for your home office and you shall allow your ISP to send whole E-mail to your SMTP mail server.
NAT Setup As shown above, the Port Redirection Table provides10 port-mapping entries for internal hosts. Service Name Specify the name for the specific network service. Specify the transport layer protocol (TCP or UDP). Protocol Specify which port should be redirected to the internal host. Public Port Specify the private IP address of the internal host offering the Private IP service. Specify the private port number of the service offered by the internal Private Port host.
NAT Setup other than the default port 80. You shall change the admin port from the Management Setup menu and you then access the admin screen by suffixing the normal IP address of Vigor router’s web configurator with 8080. e.g. http://192.168.1.1:8080 The port redirection can only be applied to external users only - i.e. the incoming traffic.
NAT Setup clients will continue to work without inappropriate interruption. The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. You can consider adding additional filter rules or a secondary firewall. Click DMZ Host Setup to open the setup page, as shown below. The DMZ Host setting allows a defined internal user to be exposed to the Internet in order to use some special purpose applications such as Netmeeting or Internet Games etc.
NAT Setup 5.5 Open Port Setup As Port Redirection (above) but allows you to define a range of ports. The following screen shows the Open Ports Setup. In the Vigor router, the Open Ports facility provides 10 entries for internal hosts. Index Indicate the relative number for the particular entry that you want to offer service in a local host. You should click the appropriate index number to edit or clear the corresponding entry. Comment Specify the name for the defined network service.
NAT Setup As stated above, after you click one index number, say index No. 1, in the above figure, you will see the following setup page for the entry with index No. 1. Further, each entry (local host) can specify 10 port-ranges for diverse services. More details for individual items in the setup page are described below. Enable Open Ports Check to enable the Open Port function for this entry. Comment Specify the name for the defined network service.
NAT Setup Specify the ending port number of the service offered by the local host. End Port 5.6 Well-known Port Number List This page provides some well-known port numbers for your reference.
Vigor2100V series Chapter 6 Protect Your Network 6.1 Introduction Security is top priority to be took into consideration as the users of broadband line demands more bandwidth for multimedia, interactive applications, or distance learning. The Firewall function helps protect your local network against attack from unauthorized outsiders. It also provides a way of restricting users on the local network from accessing the Internet.
Protect Your Network Even your installation is not set with password, you can still enter system maintenance to set up your password.
Protect Your Network The packet filtering function contains, by default, two types of filter sets: Call Filter set and Data Filter set. The Call Filter is used for users that attempt to establish a connection from LAN side to the Internet. The Data Filter set is used to determine what kind of IP packets is allowed to pass through the router when the WAN connection has been established.
Protect Your Network The following sections will explain more about the General Setup and Filter Setup in the IP Filter/Firewall Setup section using the Web Configurator. The Vigor router provides 12 filter sets with 7 filter rules for each set. As a result, there are a total of 84 filter rules for the Filter Setup. By default, the Call Filter rules are defined in Filter Set 1 and the Data Filter rules are defined in Filter Set 2.
Protect Your Network DoS defense: Click it to set up the DoS defense facility for detecting and mitigating the DoS attacks. The more details can be found in Chapter 6-A. URL Content Filter: Here provides the capability of blocking inappropriate web sites to protect child in school or at home. The more details can be found in Chapter 6-B. Filter Setup: Here are 12 filter sets for IP Filter configurations. Set to Factory Default: Click here to restore the filter rules to default values. 6.
Protect Your Network Some on-line games (for example: Half Life) will use UDP packets with large length to transfer data. These large UDP packets need to be fragmented. As secure firewall, Vigor router will reject these kinds of packets to avoid to be attacked by outside hackers if you do not enable “Accept Incoming Fragmented UDP Packets”. You can enable "Accept Incoming fragmented UDP Packet" function to accept these kinds of packets. Then you can play these kinds of on-line games.
Protect Your Network 6.4 Editing the Filter Sets Comments: Enter filter set comments/description. Maximum length is 23 characters. Filter Rule: Click a button numbered 1 ~ 7 to edit the filter rule. Active: Enable or disable the filter rule. Next Filter Set: Specifies the next filter set to be linked behind the current filter set. The filters cannot be looped. 6.5 Editing the Filter Rules Click the Filter Rule index button to enter the Filter Rule setup page for each filter.
Protect Your Network Comments Enter filter set comments/description. Maximum length is 14 characters. Check to Enables the filter rule. enable the Filter Rule Pass or Block: Specifies the action to be taken when packets match the rule. Block Packets matching the rule will be dropped immediately. Immediately Pass Packets matching the rule will be passed immediately. Immediately Block If No A packet matching the rule, and that does not match further rules, Further will be dropped.
Protect Your Network Pass If No A packet matching the rule, and that does not match further rules, Further will be passed through. Match Branch to If the packet matches the filter rule, the next filter rule will Other Filter branch to the specified filter set. Set Duplicate LAN to If you want to log the matched packets to another network device, check this box to enable it.
Protect Your Network IP Address: Specify a source and destination IP address for this filter rule to apply to. Place the symbol ! before a particular IP Address will prevent this rule from being applied to that IP address. It is equal to the logical NOT operator. Subnet Mask: Specify the Subnet Mask for the IP Address column for this filter rule to apply to. Operator: The operator column specifies the port number settings. If the Start Port is empty, the Start Port and the End Port column will be ignored.
Protect Your Network Fragments: Specify a fragmented packets action. Don’t care Specify no fragment options in the filter rule. Unfragmented Apply the rule to unfragmented packets. Fragmented Apply the rule to fragmented packets. Too Short Apply the rule only to packets which are too short to contain a complete header. 6.
Protect Your Network WWW services. In this example, we assume the IP address of the access-restricted user is 192.168.1.10. The filter rule is created in the Data Filter set and is shown as below. Port 80 is the HTTP protocol port number for WWW services.
Protect Your Network Chapter 6-A Prevention of Denial of Service Attacks 6-A.1 Introduction The DoS Defense functionality helps you to detect and mitigate the DoS attacks. Those attacks include the flooding-type attacks and the vulnerability attacks. The flooding-type attacks attempt to use up all your system' s resource while the vulnerability attacks try to paralyze the system by offending the vulnerabilities of the protocol or operation system.
Protect Your Network 6-A.2 Configuration The following sections will explain in more detail about DoS Defense Setup by using the Web Configurator. It is a sub-functionality of IP Filter/Firewall. There are a total of 15 kinds of defense function for the DoS Defense Setup. By default, the DoS Defense functionality is disabled.
Protect Your Network Enable SYN flood Click the checkbox to activate the SYN flood defense function. defense If the amount of the TCP SYN packets from the Internet exceeds the user-defined threshold value, the Vigor router will be forced to discard randomly the sequent TCP SYN packets in the user-defined timeout period. The main goal is to protect the Vigor router against the TCP SYN packets that intend to use up the router' s limited-resource.
Protect Your Network Enable ICMP flood Click the checkbox to activate the ICMP flood defense function. Similar to the UDP flood defense function, defense the router will discard the ICMP echo requests coming from the Internet, once they exceed the user-defined threshold (by default, 300 packets per second) in a period of time (by default, 10 second for timeout).
Protect Your Network Enable Block Land Click the associated checkbox and then enforce the Vigor router to defense the Land attacks. The LAN attack combines the SYN attack technology with IP spoofing. A Land attack occurs when an attacker sends spoofed SYN packets having the identical source and destination addresses, as well as the port number, with those of the victim. Enable Block Smurf Click the checkbox to activate the Block Smurf function.
Protect Your Network Enable TCP flag scan Click the checkbox to activate the Block TCP flag scan function. Any TCP packet with anomaly flag setting is dropped. Those scanning activities include no flag scan, FIN without ACK scan, SYN FINscan, Xmas scan and full Xmas scan. Enable Tear Drop Click the checkbox to activate the Block Ping of Death function.
Protect Your Network Enable Block ICMP Click the checkbox to activate the Block ICMP fragment fragment function. Any ICMP packets with more fragment bit set are dropped. Enable Block Unknown Protocol Click the checkbox to activate the Block Unknown Protocol function. Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer. However, the protocol types greater than 100 are reserved and undefined at this time.
Protect Your Network 6-20
Protect Your Network Chapter 6- B URL Content Filtering 6-B.1 Introduction The Internet contains a wide range of materials, some of which may be offensive or even illegal in many countries. Unlike traditional media, the Internet does not have any obvious tools to segregate materials based on URL strings or content. URL content filtering systems are seen as tools that would provide the cyberspace equivalent of the physical separations that are used to limit access to some particular materials.
Protect Your Network 6-B.2 An Overview of URL Content Filtering The URL content filtering facility in Vigor routers inspects every URL string in the HTTP request initiated inside against the keyword list. If the entire or part of the URL string (for instance, http://www.ssex.com as shown above) matches any activated keyword, the Vigor router will block its associated HTTP request and a syslog message will be automatically sent to the syslog client.
Protect Your Network The URL content filtering facility supported in the Vigor router consists of the URL Access Control, Prevent web access from IP address, Restrict Web Feature control, Exceptional Subnet handling, and Time schedule functions. The URL Access Control aims at controlling the access right of web sites by inspecting the URL string against user-defined keywords.
Protect Your Network B.3.1. Enable URL Access Control One checkbox appears giving the choice to activate the URL Access Control or not. To enable it, click on the empty box image and, subsequently, the hook image ( ) will appear. Block Keyword List: The Vigor router provides 8 frames for users to define keywords and each frame supports multiple keywords. The keyword could be a noun, a partial noun, or a complete URL string. Multiple keywords within a frame are separated by space, comma, or semicolon.
Protect Your Network the connection because this website is prohibited. However, the user is able to access the website www.backdoor.net/firewall/forum/d_123.html. Further, the URL content filtering facility also allows you to specify either a complete URL string (e.g., “www.whitehouse.com” and “www.hotmail.com”) or a partial URL string (e.g., “yahoo.com”) in the blocking keyword list.
Protect Your Network downloaded from websites, would bring a threat of the user’s system. For example, an ActiveX object can be downloaded and run from the web page. If the ActiveX object has some malicious code in it, it may own unlimited access to the user’s system. Java Click the checkbox to activate the Block Java object function. The Vigor router will discard the Java objects from the Internet. ActiveX Click the checkbox to activate the Block ActiveX object function.
Protect Your Network A so-called cookie feature introduced by Netscape allows you to keep a close watch on the activities of HTTP request and responses of individual sessions. Many websites use them to create stateful sessions for tracking Internet users, which will violate the users’ privacy. Thus, the Vigor router provides the Cookies filtering facility that allows you to filter cookie transmission from inside to outside world.
Protect Your Network B.3.4. Time Schedule Specify what time should perform the URL content filtering facility. Example: If you want your kids not to be addicted to on-line gaming, you apply the URL content filtering facility to your router and you set time schedule for school days in order to let your kids have good sleep. Always Block Click it so that the URL content filtering facility can be executed on the Vigor router anytime.
Protect Your Network should click the checkbox “Everyday”. Otherwise, you should point clearly out the days in one week. For example, if you want the URL content filtering facility to work from Monday to Wednesday, then you should click the appropriate checkboxes (Monday, Tuesday, and Wednesday). Other days the URL content filtering facility will be silent. 6-B.4 Warning Message When a HTTP request is denied, an alert page will appear in your browser, as shown in the following figure.
Protect Your Network warning messages from the URL Content Filtering functionality through the DrayTek Sylsog daemon. The format for this kind of the warning messages is similar to those in the IP Filter/Firewall except for the preamble keyword “CF”, followed by a name to indicate what kind of the HTTP request is blocked.
Vigor2100V series Chapter 7 Dynamic DNS Setup 7.1 Introduction Before you set up the Dynamic DNS (Domain Name Server) function, you have to subscribe free domain names from the Dynamic DNS service providers. and The Vigor router provides up to three accounts for the function supports the following www.dynamic-nameserver.com, providers: www.no-ip.com, www.dynsns.org, www.dtdns.com, www.changeip.com. You should visit their websites to register your own domain name for the router.
Dynamic DNS Setup 2. Applications>> Dynamic DNS Setup and then you will see the following web page. 3. Check Enable Dynamic DNS Setup and Index number 1 to add an account for the router. 4. And now, you will see the following web page. Check Enable Dynamic DNS Account, and choose correct Service Provider: dyndns.org , type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block.
Dynamic DNS Setup The Wildcard and Backup MX features are not supported for all Dynamic DNS providers. You could get more detailed information from their websites. Disable the Function and Clear all Dynamic DNS Accounts 1. Login Main Menu > Dynamic DNS Setup. 2. Uncheck Enable Dynamic DNS Setup, and push Clear All button to disable the function and clear all accounts from the router. Delete a Dynamic DNS Account 1. Login Main Menu > Dynamic DNS Setup. 2.
Dynamic DNS Setup View the DDNS Logs 1. Applications >> Dynamic DNS Setup. 2. Push View Log button. The logs of DDNS updates will be shown as follows. Where A : Login Name H : Domain Name without suffix. Return Code= good 61.230.170.145 If you have any DDNS update issues, the logs are useful to find where the problem is. 3. Click Online Status to know what the current WAN IP address is. You will see the IP address in the circle, which is the same as the Return Code in the DDNS logs.
Vigor2100V series Chapter 8 Call Schedule Setup 8.1 Introduction The Vigor router has built a real time clock which can update itself from your browser manually or automatically from an Internet time server (NTP). As a result, you can schedule the router to dial to Internet at a pre-set time, but also to restrict Internet access to certain hours so that the router will only let users of LAN to access Internet at certain times (e.g. business hours).
Call Schedule Setup Call Schedule facility is used to control the router's dialer or connection manager what time should be up or down according to the pre-defined call schedule profiles. Before configuring the Call Schedule function, you have to set up time function properly and arrange schedules for specified Internet access profile or LAN-to-LAN profile. On the Time Setup menu, if you press Inquire Time button, the router’s clock will be set to current time of your PC.
Call Schedule Setup Click Clear All button to remove all schedules in the router. Click Cancel button to give up the current editing-operation and then return back to the Main Setup menu. 8.2 Configuration Add a Call Schedule 1. Click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown as follows.
Call Schedule Setup 2. The detailed descriptions for each setting are: Enable Schedule Setup: Check to enable the schedule. Start Date (yyyy-mm-dd): Specify the starting date of the schedule. Start Time (hh:mm): Specify the starting time of the schedule. Duration Time (hh:mm): Specify the duration (or period) for the schedule. Action: Specify which action should be applied by Call Schedule during the time period of the schedule. Force On: Force the connection to be always-on.
Call Schedule Setup Disable Dial-On-Demand: Specify the connection to be up when it has traffic on the line. Once there is no traffic over idle timeout, the connection will be down and never up again during the schedule. How Often: Specify how often the schedule will be applied. Once: The schedule will be applied just once. Weekdays: Specify which days in one week should perform the schedule. 3. Specify appropriate time duration and action to the profile and then click OK button to apply. 4.
Call Schedule Setup Delete a Call Schedule 1. Click Call Schedule Setup and the Index number which you want to remove. 2. Click Clear button to remove that profile. 8.3 An Example If you want to control the PPPoE Internet access connection to be always-on (Force On) from 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down). 1. Make sure the PPPoE connection and Time Setup is working properly. 2.
Call Schedule Setup 3. Configure the Force Down from 18:00 to next day 9:00 for whole week. 4. Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform “Force On” or “Force Down” action according to the time plan which has been pre-defined in the schedule profiles.
Vigor2100V series Chapter 9 UPnP Service Setup 9.1 Introduction The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”.
UPnP service Setup 9.2 Configuration You can enter the UPNP Setup via Advanced Setup > UPNP Service Setup on the Web Configurator in your router. Enable UPNP Service. Accordingly, you can enable either the Connection Control Service or Connection Status Service. Click the IP Broadband Connection on DrayTek Router on Windows XP/Network Connections, as shown below. The connection status and control status will be able to be activated.
UPnP service Setup The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots above show examples of this facility. The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router, learn the external IP address and configure port mappings on the router.
UPnP service Setup The reminder as regards concern about Firewall and UPnP Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats. You should consider carefully these risks before activating the UPnP function. 1.
Vigor2100V series Chapter 10 E-mail Detection 10.1 Introduction The Vigor2100V/VG series router has E-mail detection mechanism for notifying users that the POP3-mail server is holding E-mail. There is an LED marked “e-mail”. You can set your router to periodically check for whether there are E-mail at POP3-protocol mail server of your ISP or other E-mail provider. The E-mail LED will light if there is E-mail waiting for you to retrieve them. You have up to five different POP3 accounts checked.
Email Detection You can enter up to five profiles for different mail servers. If there are E-mail waiting, the Mail Number waiting will be shown as well as the total size of mail box. By default, the E-mail will be checked every 3 minutes. the default frequency as shown on the screenshot.
Vigor2100V series Chapter 11 VoIP 11.1 Introduction Voice over IP network (VoIP) enables you to use your broadband Internet connection to make toll quality voice calls over the Internet. There are many different call signaling protocols; methods by which VoIP devices can talk to each other. The most popular protocols are SIP, MGCP, Megaco and the older H.323. These protocols are not all compatible with each other (except via a soft-switch server).
VoIP The VoIP facilities of Vigor2100V/VG series can provide a cost-saving alternative to having an additional fixed-line. By using the ITSP (e.g. DrayTEL, www.draytel.org) you can also make calls to any regular phone line too, including mobiles, as well as receive calls from anyone - the call is carried to your phone via your internet connection so your regular phone line remains free for other people/calls.
VoIP 11.2 VoIP Settings The following is the setting path for this function. 11.2.1 DialPlan Setup The Vigor2100V/VG series have one FXS port ( the “Phone” port on the rear panel) to which you connect a conventional (analogue) phone, either corded or wireless (DECT). You can set the registered SIP address of your VoIP contacts into the DialPlan of the Vigor2100V/VG series to make calling them quick and easy.
VoIP Enable Phone Number Tick this to enable this entry. The number you want to dial from your handset to call this contact. This can be any number you choose, using digits 0-9 and* Display Name This field contains a name or a number which easily let you identify the person who you wan to call. It can also be the name for SIP display. SIP URL Address Enter the SIP address of your contact (e.g. 393910@draytel.
VoIP Example 1: If Dolly gives you her SIP URL as sip:63065@fwd.pulver.com, then you can enter the number just as the previous figure. You can apply easy-to-search Display Name and Phone Number to settings. The hardware connection of Vigor2100V series: Backup Phone Number: The alternate PSTN number to dial if “PSTN” is set in Loop Through entry. Example 2: If Kelly gives you her SIP URL as sip:kelly@203.69.175.
VoIP Example 3: If Kelly gives you her IP address 203.69.175.19 only, and it is not in your DialPlan, you still can press keypad on the phone to dial as #203*69*175*19# To manually dial the backup number via PSTN enter “#0” on your telephone handset, and then dial a PSTN phone number. If you are worried that the automatic loop through might over charge your PSTN phone number, we recommend you not to enter your PSTN phone number into the “Backup Phone Number” entry.
VoIP SIP Port The port number used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Registrar Enter the domain name (or IP address) of your registered SIP Registrar server. Proxy You can enter domain name or IP address of SIP proxy server. If this setting value is the same as Registrar, please press “Duplicate”. Domain/Realm You can enter domain name or IP address of SIP URL. e.g.
VoIP Enter your SIP username (the first part of your SIP address before the @ sign) Account Name Authorization User Password Expire Time This field contains a name or a number. It is also the name for SIP Authorization. If this setting value is the same as Display Name, please press “Duplicate”. Your SIP URL address as provided when you registered with a SIP service. The time duration that your SIP registrar server keeps your registration record.
VoIP Packet Size DTMF InBand DTMF OutBand The amount of data contained in a single packet. The default value is 20 ms, which means the data packet will contain 20 ms voice information. With this selected the Vigor will send DTMF tones as audio directly in the Voice stream when you press a key on the keypad.
VoIP 11.3 Calling Scenario 11.3.1 Peer-to-Peer Calling example Arnor and Paulin each have a Vigor2500V router, here are their settings in order to call each other. Arnor’s IP address: 214.61.172.53 Paulin’s IP address: 203.69.175.24 A. Arnor’s settings B. Paulin’s settings A-1. DialPlan index 1 B-1. DialPlan index 1 Phone Number: 1234 (any number you like) Name: paulin IP Address / Domain: 203.69.175.24 A-2.
VoIP 11.3.2 Calling via SIP Sever Below are the settings for John and David to call each other using their DrayTEL registered SIP accounts, as neither Vigor user have a fixed public IP address. John’s SIP url: john@draytel.org David’s SIP url: david@draytel.org A. John’s settings B. David’s settings A-1. DialPlan index 1 B-1. DialPlan index 1 Phone Number: 2536 (any number you like) Name: david IP Address / Domain: draytel.
VoIP 11.4 Voice Call Status On VoIP call status, you can find the registered registrar, codec, connection and other important call status. Because Vigor2100V/VG only has one VoIP port for regular analogue phone set, there is only one VoIP channel. On System Status, you can find the registered registrar and Codec. for Inbound calls and Outbound calls. The said status easily let you check whether your registration of SIP server is successful or not.
VoIP Channel Volume To adjust the volume of your VoIP calls. buttons Refresh Seconds Use these two to obtain appropriate Volume Gain. Specify the interval of refresh time to obtain the latest VoIP calling information. The information will update immediately when the Refresh button is clicked. Status: To show the VoIP connection status. IDLE : Indicates that the VoIP function is idle. HANG_UP : Indicates that the connection is not established (busy tone).
VoIP Out Calls The accumulating out-call times. Volume Gain The volume of present call. View Log To show the logs of VoIP calls as below. 11.5 QoS for Voice Call Enter upstream speed to let Vigor2100V/VG assure high priority for VoIP call.
Vigor2100V series Chapter 12 Wireless LAN Setup 12.1 Introduction Over recent years, the market for wireless communications has enjoyed tremendous growth. Wireless technology now reaches or is capable of reaching virtually every location on the face of the earth. Hundreds of millions of people exchange information every day using wireless communication products.
Wireless LAN Setup In this chapter, we explain the capabilities of the wireless LAN and its associated web configurations. Use the following setup path on the Setup Main Menu to configure the wireless LAN function. 12.2 Configuration After clicking the “System maintenance Sytem status”, you will see the following information: This web page will show the wireless LAN information including MAC address and Frequency domain and Firmware Version.
Wireless LAN Setup 1. Enable Wireless LAN: Check the box to enable wireless function. 2. Mode: Select an appropriate wireless mode. - Mixed (11b+11g): The radio can support both IEEE802.11b and IEEE802.11g protocols simultaneously. - 11g-only: The radio only supports IEEE802.11g protocol. - 11b-only: The radio only supports IEEE802.11b protocol. 3. Scheduler: Set the wireless LAN to work at some time interval only.
Wireless LAN Setup 12.3 Configuring the WEP Security To improve the security and privacy of your wireless data packets, the WEP and WPA encryption feature can be employed, where WEP stands for Wireless Equivalent Privacy. The WEP facility that uses a set of four default keys encrypts each frame transmitted from the radio using only one of the given keys. Default keys are shared between the Vigor wireless router and WEP station in a service set.
Wireless LAN Setup - Disable: Turn off the encryption mechanism. - WEP Only: Accepts only WEP clients and the encryption key should be entered in WEP Key. - WEP or WPA/PSK: Accepts WEP and WPA clients simultaneously and the encryption key should be entered in WEP Key and PSK respectively. - WPA/PSK Only: Accepts only WPA clients and the encryption key should be entered in PSK. 2.
Wireless LAN Setup Enable Access Control: To check the Enable Access Control to enable the MAC Address access control feature. MAC Address: Display all MAC addresses that are edited before. Four buttons (Add, Remove, Edit, and Cancel) are provided to edit a MAC address. ADD: Add a new MAC address into the list. Remove: Delete the selected MAC address in the list. Edit: Edit the selected MAC address in the list. Cancel: Give up the access control set up.
Wireless LAN Setup 12.5 Configuring the Station List The Vigor router offers you a convenient Station List facility to scan the running WLAN clients being near the router. If neighbors or other WLAN clients are active, you can press "Refresh" to get available WLAN stations’ information including its status and MAC address. You can select the wish WLAN station from Station List to add it to Access Control list by clicking highlight, then press “Add”.
Vigor2100V series Chapter 13 System Status 13.1 Introduction The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information. Also, you could get the current running firmware version or firmware related information from this presentation. 13.2 Descriptions of System Status Go to the System Maintenance > System Status and you will see the result shown on the right frame. The below figure is a demoed by Vigor 2100V.
Online Status In order to let you know the settings result, we design the Status bar on Set-up Menu. You can find the “Ready” indicates that you can enter settings. “Settings Saved” means your settings are saved once you click “Finish” or “OK” button. If the settings are wrong or get problematic, you can find fail message on Status bar.
Vigor2100V series Chapter 14 Configuration Backup 14.1 Introduction Sometimes you want to keep running configurations of your current router as a file or restore the configurations with the file. The router provides an web-based way to let you backup or restore the configuration very simple. 14.2 Usage 14.2.1 Backup the Running Configuration 1. Go to System Maintenance > Configuration Backup. The following windows will be popped-up, as shown below.
Configuration Backup 2. Click Backup button to get configurations. 3. Click OK button to save configuration as a file. The default filename is config.cfg. You could give it another name by yourself. 4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available.
Configuration Backup 14.2.2 Restore the Configuration with a Configuration File 1. Go to System Maintenance > Configuration Backup. The following windows will be popped-up, as shown below. 2. Click Browse button to choose the correct configuration file for uploading to the router. 3. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful.
Configuration Backup 4. Click Restart button and wait for few seconds, the router will restart by using the updated configurations.
Vigor2100V series Chapter 15 Management Setup 15.1 Introduction By default, the router may be configured and managed through any Telnet client or Web browser running on any operating system. There is no requirement for additional software or utilities. However, for some specific environments, you may want to change the server port numbers for the built-in Telnet or HTTP server, create access control lists to protect the router, or reject the system administrator to login from the Internet. 15.
Management Setup 15.2.1 Management Access Control Enable remote firmware update Chick the checkbox to allow remote (FTP) firmware upgrade through FTP (File Transfer Protocol). Allow management from the Internet Enable the checkbox to allow system administrators to login from the Internet. By default, it is not allowed. Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet. For security issue, this function is enabled by default. 15.2.
Management Setup 15.2.4 SNMP Setup Enable SNMP Agent: Chick the checkbox to enable built-in SNMP agent. Get Community: Specify a string to identify the management communities for the SNMP GET command. Set Community: Specify a string to identify the management communities for the SNMP SET command. Manager Host IP: Specify the IP address of the SNMP manager station. Trap Community: Specify a string to identify the management communities for the SNMP TRAP notifications.
Vigor2100V series Chapter 16 Reboot System and Firmware Upgrade TFTP Server 16.1 Reboot System The Web Configurator may be used to restart your router. Click Reboot System in the main menu to open the following page. There are two reboot options: Using current configuration and Using factory default configuration. If you want to reboot the router using the current configuration, check Using current configuration and click OK.
Reboot System / Firmware Upgrade TFTP Server the firmware upgrade. Note that this example is running over Windows OS (Operating System). 1. Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com 2. Click System Maintenance>> Router Firmware Upgrade Utility to launch the Firmware Upgrade Utility. Click the Browse button to locate the new firmware file.
Vigor2100V series Chapter 17 Diagnostic Tools 17.1 Introduction Diagnostic Tools provide a useful way to view or diagnose the status of you Vigor router. More details for each tool will be explained below. Diagnostics >> PPPoE/PPTP Diagnostics ARP Cache Table DHCP Table 17.2 Descriptions 17.2.1 PPPoE / PPTP Diagnostics Click here to open the following page. The page shown here is for reference only and individual networks will show different results.
Diagnostic Tools Dial PPPoE Click it to force the router to establish a PPPoE or PPTP or PPTP connection. Dial PPPoE Click it to force the router to establish a PPPoE or PPTP or PPTP connection. 17.2.2 View ARP Cache Table Click View ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh: Click it to reload the page.
Diagnostic Tools 17.2.3 View DHCP Assigned IP Addresses The facility of View DHCP Assigned IP Addresses provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc.
