Vigor2800 Series ADSL2/2+ Security Router User’s Guide Version: 3.2 Date: 2007/7/12 Copyright 2006 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. The scope of delivery and other details are subject to change without prior notice. Microsoft is a registered trademark of Microsoft Corp.
Table of Contents 1 Preface ...............................................................................................................1 1.1 LED Indicators and Connectors .............................................................................................. 1 1.1.1 For Vigor2800 ................................................................................................................... 2 1.1.2 For Vigor2800G ...............................................................................
.4.4 IM Blocking ..................................................................................................................... 52 3.4.5 P2P Blocking .................................................................................................................. 52 3.4.6 DoS Defense .................................................................................................................. 53 3.4.7 URL Content Filter ...........................................................................
3.12.5 Wireless Rate Control................................................................................................. 142 3.13 System Maintenance......................................................................................................... 143 3.13.1 System Status............................................................................................................. 143 3.13.2 Administrator Password......................................................................................
Vigor2800 Series User’s Guide v
1 Preface Targeting requirement for residential, SOHO (Small Office and Home Office) and business users, the Vigor2800 series is an ADSL2/2+ enabled integrated access device. With downstream speed up to 12Mbps (ADSL2) or 24Mbps (ADSL2+), the Vigor2800 V models provide exceptional bandwidth for Internet access.
1.1.1 For Vigor2800 LAN ACT QoS Printer P2P Firewall VPN DSL Printer P1 P2 P4 PWR P3 P3 P4 P2 P1 DSL Factory Reset LED Explanation LED ACT (Activity) Status Blinking Explanation The router is powered on and running properly. On The router is powered on. QoS On The QoS function is active. Off The QoS function is inactive. On The P2P function is active. Blinking Starts to prohibit P2P data. VPN On The VPN tunnel is launched. DSL On The ADSL, ADSL2/2+ line is connected.
1.1.2 For Vigor2800G LAN ACT QoS Printer P2P Firewall WLAN DSL Printer P1 P2 P4 PWR P3 P3 P4 P2 P1 DSL Factory Reset LED Explanation LED ACT (Activity) QoS P2P Firewall WLAN DSL Printer LAN (P1, P2, P3, P4) Status Explanation Blinking On On Off On Blinking On Blinking On Blinking Off On The router is powered on and running properly. The router is powered on. The QoS function is active. The QoS function is inactive. The P2P function is active. Starts to prohibit P2P data.
1.1.3 For Vigor2800i LAN ACT ISDN Printer P2P Firewall VPN DSL Printer P1 P2 P4 PWR P3 P3 P4 P2 P1 DSL ISDN Factory Reset LED Explanation LED ACT (Activity) Status Blinking Explanation The router is powered on and running properly. On The router is powered on. ISDN On The ISDN network is correctly setup. Blinking A successful remote connection on the ISDN BRI B1/B2 channel. On The P2P function is active. Blinking Starts to prohibit P2P data.
1.1.4 For Vigor2800Gi LAN ACT ISDN Printer P2P Firewall WLAN DSL Printer P1 P2 P4 PWR P3 P3 P4 P2 P1 DSL ISDN Factory Reset LED Explanation LED ACT (Activity) ISDN P2P Firewall WLAN DSL Printer LAN (P1, P2, P3, P4) Status Blinking On On Blinking Explanation On Blinking On Blinking On Blinking Off On The router is powered on and running properly. The router is powered on. The ISDN network is correctly setup. A successful remote connection on the ISDN BRI B1/B2 channel.
1.1.5 For Vigor2800V LED Explanation LED ACT (Activity) Status Blinking Explanation The router is powered on and running properly. On The router is powered on. QoS On The QoS function is active. Off The QoS function is inactive. On The phone is off hook (the handset of phone is hanging). Blinking A phone call is incoming. VPN On The VPN tunnel is launched. DSL On The ADSL, ADSL2/2+ line is connected. Printer LAN (P1, P2, P3, P4) On Orange The USB interface printer is ready.
1.1.6 For Vigor2800VG LED Explanation LED ACT (Activity) Status Blinking Explanation The router is powered on and running properly. On The router is powered on. QoS On The QoS function is active. Off The QoS function is inactive. On The phone is off hook (the handset of phone is hanging). Blinking On Blinking Off On A phone call is incoming. Wireless access point is ready. Wireless traffic goes through. Wireless access point is turned off. The ADSL, ADSL2/2+ line is connected.
1.1.7 For Vigor2800VGi Phone ACT LAN ISDN FXS1 FXS2 WLAN DSL Printer Printer PWR FXS2 FXS1 P1 P2 P4 P3 P3 P4 P2 P1 DSL ISDN Factory Reset LED Explanation LED Status Explanation ACT (Activity) Blinking On On Blinking The router is powered on and running properly. The router is powered on. The ISDN network is correctly setup. A successful remote connection on the ISDN BRI B1/B2 channel. The phone is off hook (the handset of phone is hanging).
1.2 Hardware Installation Before starting to configure the router, you have to connect your devices correctly. 1. Connect the DSL interface to the external ADSL splitter with an ADSL line cable. 2. Connect one port of 4-port switch to your computer with a RJ-45 cable. This device allows you to connect 4 PCs directly. 3. Connect one end of the power cord to the power port of this device. Connect the other end to the wall outlet of electricity. 4.
This page is left blank.
2 Configuring Basic Settings For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully. Be aware that only the administrator can change the router configuration. 2.
12 4. Go to System Maintenance page and choose Administrator Password. 5. Enter the login password (the default is blank) on the field of Old Password. Type a new one in the field of New Password and retype it on the field of Retype New Password. Then click OK to continue. 6. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router.
2.2 Quick Start Wizard If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. 2.2.1 Adjusting Protocol/Encapsulation In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE, PPPoA, Bridged IP, or Routed IP.
VCI Stands for Virtual Channel Identifier. It is a 16-bit field inside ATM cell’s header that indicates the cell’s next destination as it travels through the network. A virtual channel is a logical connection between two end devices on the network. Protocol/Encapsulation Select an IP mode for this WAN interface. There are several available modes for Internet access such as PPPoE, PPPoA, Bridged IP and Routed IP. Fixed IP Click Yes to specify a fixed IP for the router.
User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. Always On Check this box to allow the router connecting to Internet forever. Idle Timeout Type in the value (unit is second) as the idle timeout of the connection. When the time is expired, the internet connection will be dropped immediately. Click Next for viewing summary of such connection. Click Finish.
2.2.3 Bridged IP Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. The online status of this protocol will be shown as below.
2.2.4 Routed IP Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page.
Click Finish. The online status of this protocol will be shown as below. 2.3 Online Status The online status shows the system status, WAN status, ADSL Information and other status related to this router within one page. If you select PPPoE or PPPoA as the protocol, you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page.
Online status for Routed IP Primary DNS Displays the assigned IP address of the primary DNS. Secondary DNS Displays the assigned IP address of the secondary DNS. IP Address (in LAN) Displays the IP address of the LAN interface. TX Packets Displays the total transmitted packets at the LAN interface. RX Packets Displays the total number of received packets at the LAN interface. GW IP Addr: Displays the assigned IP address of the default gateway.
2.4 Saving Configuration Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button.
3 Advanced Web Configuration After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to chapter 4. 3.1 Internet Access 3.1.1 Basics of Internet Protocol (IP) Network IP means Internet Protocol.
Network Connection by 3G USB Modem For 3G mobile communication through Access Point is popular more and more, Vigor 2800 adds the function of 3G backup for such purpose. By connecting 3G USB Modem to the USB port of Vigor 2800, it can support HSDPA/UMTS/EDGE/GPRS/GSM and the future 3G standard (HSUPA, etc). Vigor2800 with 3G USB Modem allows you to receive 3G signals at any place such as your car or certain location holding outdoor activity and share the bandwidth for using by more people.
PPPoE/PPPoA Client Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. DSL Modem Settings Set up the DSL parameters required by your ISP. These are vital for building DSL connection to your ISP. Multi-PVC channel – The selections displayed here are determined by the page of Internet Access – Multi PVCs. Select M-PVCs Channel means no selection will be chosen.
PPP Client Mode - Click Enable to activate this mode for backup. SIM PIN code - Type PIN code of the SIM card that will be used to access Internet. Modem Initial String - Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. Modem Dial String - Such value is used to dial through USB mode. Please use the default value. If you have any question, please contact to your ISP. PPP Username - Type the PPP username (optional).
By checking the checkbox Join NAT IP Pool, data from NAT hosts will be round-robin forwarded on a session basis.
Ports. Default MAC Address Type in MAC address for the router. You can use Default MAC Address or specify another MAC address for your necessity. MAC Address – Type in the MAC address for the router manually. Index (1-15) in Schedule Setup You can type in four sets of time schedule for your request. All the schedules can be set previously in Application – Schedule web page and you can use the number that you have set in that web page.
3.1.3 MPoA (RFC1483/2684) MPoA is a specification that enables ATM services to be integrated with existing LANs, which use either Ethernet, token-ring or TCP/IP protocols. The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone. To choose MPoA as the accessing protocol of the internet, please select MPoA from the Internet Access menu. The following web page will be shown. MPoA(RFC1483/2684) Click Enable for activating this function.
PPP Client Mode - Click Enable to activate this mode for backup. SIM PIN code - Type PIN code of the SIM card that will be used to access Internet. Modem Initial String - Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. Modem Dial String - Such value is used to dial through USB mode. Please use the default value. If you have any question, please contact to your ISP. PPP Username - Type the PPP username (optional).
Specify an IP address – Click this radio button to specify some data. IP Address – Type in the private IP address. Subnet Mask – Type in the subnet mask. Gateway IP Address – Type in gateway IP address. Default MAC Address Type in MAC address for the router. You can use Default MAC Address or specify another MAC address for your necessity. MAC Address – Type in the MAC address for the router manually. DNS Server IP Address Type in the primary IP address for the router.
3.1.4 Multi-PVCs This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. 30 Enable Type in the primary IP address for the router. If necessary, type VPI Type in the value provided by your ISP. VCI Type in the value provided by your ISP. QoS Type Select a proper QoS type for the channel. Protocol Select a proper protocol for this channel. Encapsulation Choose a proper type for this channel.
3.2 LAN Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. 3.2.1 Basics of LAN The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
What is Routing Information Protocol (RIP) Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. What is Static Route When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.
3.2.2 General Setup This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. 1st IP Address Type in private IP address for connecting to a local private network (Default: 192.168.1.1). 1st Subnet Mask Type in an address code that determines the size of the network. (Default: 255.255.255.0/ 24) For IP Routing Usage Click Enable to invoke this function. The default setting is Disable.
DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.135.240.1, the starting IP address must be 220.135.240.2 or greater, but smaller than 220.135.240.254. IP Pool Counts: Enter the number of IP addresses in the pool. The maximum is 10. For example, if you type 3 and the 2nd IP address of your router is 220.135.240.1, the range of IP address by the DHCP server will be from 220.135.240.2 to 220.135.240.11.
the DHCP server you are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server. DNS Server Configuration DNS stands for Domain Name System. Every Internet host must have a unique IP address, also they may have a human-friendly, easy to remember name such as www.yahoo.com. The DNS server converts the user-friendly name into its equivalent IP address.
Viewing Routing Table Displays the routing table for your reference. Add Static Routes to Private and Public Networks Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router. Assuming the Internet access has been configured and the router works properly: z use the Main Router to surf the Internet. z create a private subnet 192.168.10.0 using an internal Router A (192.168.1.2) z create a public subnet 211.100.88.
2. Click the LAN - Static Route and click on the Index Number 1. Please add a static route as shown below, which regulates all packets destined to 192.168.10.0 will be forwarded to 192.168.1.2. Click OK. 3. Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. 4. Go to Diagnostics and choose Routing Table to verify current routing table. Delete Static Route 1.
Disable Static Route 1. Click the Index Number that you want to disable from the Static Route Configuration page. 2. Select Inactive/Disable from the drop-down menu, and then click the OK button to disable the route. 3.3 NAT Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one. Public IP address is usually assigned by your ISP, for which you may get charged.
3.3.1 Port Redirection Port Redirection is usually set up for server related service inside the local network (LAN), such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP address for each server and this public IP address/domain name are recognized by all users.
Protocol Select the transport layer protocol (TCP or UDP). Public Port Specify which port can be redirected to the specified Private IP and Port of the internal host. Private IP Specify the private IP address of the internal host providing the service. Private Port Specify the private port number of the service offered by the internal host. Active Check this box to activate the port-mapping entry you have defined.
The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: If you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet Access>>MPoA, you will find them in Aux. WAN IP list for your selection. Enable Check to enable the DMZ Host function. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one.
When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. 3.3.3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.
Status Display the state for the corresponding entry. X or V is to represent the Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. Local Computer Enter the private IP address of the local host or click Choose PC to select one.
3.4 Firewall 3.4.1 Basics for Firewall While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet. Furthermore, it can filter out specific packets that trigger the router to build an unwanted outgoing connection.
IP Filters Depending on whether there is an existing Internet connection, or in other words “the WAN link status is up or down”, the IP filter architecture categorizes traffic into two: Call Filter and Data Filter. z Call Filter - When there is no existing Internet connection, Call Filter is applied to all traffic, all of which should be outgoing. It will check packets according to the filter rules. If legal, the packet will pass.
Instant Messenger (IM) and Peer-to-Peer (P2P) Application Blocking As the popularity of all kinds of instant messenger application arises, communication cannot become much easier. Nevertheless, while some industry may leverage this as a great tool to connect with their customers, some industry may take reserve attitude in order to reduce employee misusage during office hour or prevent unknown security leak.
Web Filtering We all know that the content on the Internet just like other types of media may be inappropriate sometimes. As a responsible parent or employer, you should protect those in your trust against the hazards. With Web filtering service of the Vigor router, you can protect your business from common primary threats, such as productivity, legal liability, network and security threats. For parents, you can protect your children from viewing adult websites or chat rooms.
Call Filter Check Enable to activate the Call Filter function. Assign a start filter set for the Call Filter. Data Filter Check Enable to activate the Data Filter function. Assign a start filter set for the Data Filter. Log Flag For troubleshooting needs you can specify the filter log here. None - The log function is not activated. Block - All blocked packets will be logged. Pass - All passed packets will be logged. No Match - The log function will record all packets that are not matched.
To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule. Check Active to enable the rule. Filter Rule Click a button numbered (1 ~ 7) to edit the filter rule. Click the button will open Edit Filter Rule web page. For the detailed information, refer to the following page. Active Enable or disable the filter rule. Comment Enter filter set comments/description.
immediately. Pass Immediately - Packets matching the rule will be passed immediately. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped. Pass If No Further Match - A packet matching the rule, and that does not match further rules, will be passed through. Branch to other Filter If the packet matches the filter rule, the next filter rule will branch to the specified filter set. Select next filter rule to branch from the Set drop-down menu.
Fragmented - Apply the rule to fragmented packets. Too Short - Apply the rule only to packets that are too short to contain a complete header. Example As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined.
3.4.4 IM Blocking IM Blocking means instant messenger blocking. Click Firewall and click IM Blocking to open the setup page. You will see a list of common IM (such as MSN, Yahoo, ICQ/AQL) applications. Check Enable IM Blocking and select the one(s) that you want to block. To block selected IM applications during specific periods, enter the number of the scheduler predefined in Applications>>Call Schedule. 3.4.5 P2P Blocking P2P is the short name of peer to peer.
3.4.6 DoS Defense As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Enable Dos Defense Check the box to activate the DoS Defense Functionality. Enable SYN flood defense Check the box to activate the SYN flood defense function.
detecting this malicious exploration behavior by monitoring the port-scanning Threshold rate, the Vigor router will send out a warning. By default, the Vigor router sets the threshold as 150 packets per second. Block IP options Check the box to activate the Block IP options function. The Vigor router will ignore any IP packets with IP option field in the datagram header.
IP spoofing. A Land attack occurs when an attacker sends spoofed SYN packets with the identical source and destination addresses, as well as the port number to victims. Block Unknown Protocol Check the box to activate the Block Unknown Protocol function. Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer. However, the protocol types greater than 100 are reserved and undefined at this time.
Enable URL Access Control Check the box to activate URL Access Control. Black List (block those Click this button to restrict accessing into the corresponding webpage with the keywords listed on the box below. matching keyword) White List (pass those Click this button to allow accessing into the corresponding webpage with the keywords listed on the box below. matching keyword) Keyword The Vigor router provides 8 frames for users to define keywords and each frame supports multiple keywords.
Enable Restrict Web Feature Check the box to activate the function. Java - Check the checkbox to activate the Block Java object function. The Vigor router will discard the Java objects from the Internet. ActiveX - Check the box to activate the Block ActiveX object function. Any ActiveX object from the Internet will be refused. Compressed file - Check the box to activate the Block Compressed file function to prevent someone from downloading any compressed file.
3.4.8 Web Content Filter Click Firewall and click Web Content Filter to open the setup page. For this section, please refer to Web Content Filter user’s guide.
3.4.9 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthen control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet. Click Firewall and click Bind IP to MAC to open the setup page. Enable Click this radio button to invoke this function.
Add It allows you to add the one you choose from the ARP table or the IP/MAC address typed in Add and Edit to the table of IP Bind List. Edit It allows you to edit and modify the selected IP address and MAC address that you create before. Remove You can remove any item listed in IP Bind List. Simply click and select the one, and click Remove. The selected item will be removed from the IP Bind List. Note: Before you select Strict Bind, you have to bind one set of IP/MAC address for one PC.
To activate the function of limit session, simply click Enable and set the default session limit. Enable Click this button to activate the function of limit session. Disable Click this button to close the function of limit session. Default session limit Define the default session number used for each computer in LAN. Limitation List Display a list of specific limitations that you set on this web page. Start IP Define the start IP address for limit session.
3.5.2 Limit Bandwidth The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect other normal applications. You can use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Limit Bandwidth to open the web page. To activate the function of limit bandwidth, simply click Enable and set the default upstream and downstream limit. 62 Enable Click this button to activate the function of limit bandwidth.
Add Add the specific speed limitation onto the list above. Edit Allows you to edit the settings for the selected limitation. Remove Remove the selected settings existing on the limitation list. Index (1-15) in Schedule Setup You can type in four sets of time schedule for your request. All the schedules can be set previously in Application – Schedule web page and you can use the number that you have set in that web page. 3.5.
However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. In the Bandwidth Management menu, click Quality of Service to open the web page. Enable the QoS Control The factory default for this setting is checked.
Enable UDP Bandwidth Control Check this and set the limited bandwidth ratio on the right field. This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth. Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application. On Line Statistics Display an online statistics for quality of service for your reference.
For inserting a rule, click Insert to open the following page. SrcEdit It allows you to edit source address information. Address Type – Determine the address type for the source address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address. For Subnet Address, you have to fill in Start IP address and Subnet Mask.
DestEdit It allows you to edit destination address information. Address Type – Determine the address type for the destination address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address. For Subnet Address, you have to fill in Start IP address and Subnet Mask.
Service Type It determines the service type of the data for processing with QoS control. It can also be edited. You can choose the predefined service type from the Service Type drop down list. Those types are predefined in factory. Simply choose the one that you want for using by current QoS. In addition, you can add a new service for your necessity by simply clicking Add button to access into the following page. Service Name – Type in a new service for your request.
3.6 Applications Below shows the menu items for Applications. 3.6.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address. It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server.
Active 3. 4. Display if this account is active or inactive. Select Index number 1 to add an account for the router. Check Enable Dynamic DNS Account, and choose correct Service Provider: dyndns.org, type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block. The following two blocks should be typed your account Login Name: test and Password: test. Enable Dynamic DNS Account Check this box to enable the current account.
3.6.2 Schedule The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours. The schedule is also applicable to other functions. You have to set your time before set schedule.
Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time of the schedule. Duration Time (hh:mm) Specify the duration (or period) for the schedule. Action Specify which action Call Schedule should apply during the period of the schedule. Force On -Force the connection to be always on. Force Down -Force the connection to be always down.
Enable Check to enable RADIUS client feature Server IP Address Enter the IP address of RADIUS server Destination Port The UDP port number that the RADIUS server is using. The default value is 1812 , based on RFC 2138. Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Re-type Shared Secret Re-type the Shared Secret for confirmation.
3.6.4 UPnP The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”. This enables applications inside the firewall to automatically open the ports that they need to pass through a router.
The reminder as regards concern about Firewall and UPnP Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats. You should consider carefully these risks before activating the UPnP function.
3.6.5 Wake On LAN A PC client on LAN can wake up specified PC through the router. Yet the specified PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting of the specified PC. 76 Wake by Two types provide for you to wake up the binded IP. If you choose Wake by MAC Address, you have to type the correct MAC address of the host in MAC Address boxes. If you choose Wake by IP Address, you have to choose the correct IP address.
3.7 VPN and Remote Access A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link. Below shows the menu items for VPN and Remote Access. Note: This feature can be applied for ISDN remote dial-in or ISDN LAN-to-LAN connection in i series models.
Select this option to force the router to authenticate dial-in Dial-In PPP Authentication PAP Only users with the PAP protocol. PAP or CHAP Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first. If the dial-in user does not support this protocol, it will fall back to use the PAP protocol for authentication.
two IP addresses of 192.168.1.200 and 192.168.1.201 are reserved for ISDN remote dial-in user. 3.7.3 IPSec General Setup In IPSec General Setup, there are two major parts of configuration. There are two phases of IPSec. ¾ Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman parameter values, and lifetime to protect the following IKE exchange, authentication of both peers using either a Pre-Shared Key or Digital Signature (x.509).
IPSec Security Method Medium - Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active. High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. 3.7.
Profile Name Type in a name in this file. Accept Any Peer ID Click to accept any peer regardless of its identity. Accept Subject Alternative Click to check one specific field of digital signature to accept the peer with matching value. The field can be IP Address, Name Domain, or E-mail Address. The box under the Type will appear according to the type you select and ask you to fill in corresponding setting.
3.7.5 Remote User Profiles You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in or build the VPN connection. You may set parameters including specified connection peer ID, connection type (VPN including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides 32 access accounts for dial-in users.
Enable this account Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds. ISDN Allow the remote ISDN dial-in connection. You can further set up Callback function below. You should set the User Name and Password of remote dial-in user below. This feature is for i model only.
Uncheck the checkbox-This means the connection type you select above will apply the authentication methods and security methods in the general settings. User Name This field is applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above. Password This field is applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above.
3.7.6 LAN to LAN Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (VPN including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides up to 32 profiles, which also means supporting 32 VPN tunnels simultaneously. The following figure shows the summary table.
Profile Name Specify a name for the profile of the LAN-to-LAN connection. Enable this profile Check here to activate this profile. Call Direction Specify the allowed call direction of this LAN-to-LAN profile. Both:-initiator/responder Dial-Out- initiator only Dial-In- responder only. Always On or Idle Timeout Always On-Check to enable router always keep VPN connection. Idle Timeout: The default value is 300 seconds. If the connection has been idled over the value, the router will drop the connection.
Normally, if any one of VPN peers wants to disconnect the connection, it should follow a serial of packet exchange procedure to inform each other. However, if the remote peer disconnect without notice, Vigor router will by no where to know this situation. To resolve this dilemma, by continuously sending PING packets to the remote host, the Vigor router can know the true existence of this VPN connection and react accordingly. This is independent of DPD (dead peer detection).
High (ESP-Encapsulating Security Payload)- means payload (data) will be encrypted and authenticated. Select from below: DES without Authentication -Use DES encryption algorithm and not apply any authentication scheme. DES with Authentication-Use DES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. 3DES without Authentication-Use triple DES encryption algorithm and not apply any authentication scheme.
Perfect Forward Secret (PFS)-The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2. The default value is inactive this function. Local ID -In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server. The length of the ID is limited to 47 characters. Callback Function (for I models only) The callback function provides a callback service as a part of PPP suite only for the ISDN dial-in user.
PPTP Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below. IPSec Tunnel Allow the remote dial-in user to trigger a IPSec VPN connection through Internet. L2TP Allow the remote dial-in user to make a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPSec. Select from below: None- Do not apply the IPSec policy.
encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Callback Function The callback function provides a callback service only for the ISDNLAN-to-LAN connection (this feature is useful for i model only). The remote user will be charged the connection fee by the telecom. Check to enable Callback function-Enables the callback function. Callback number-The option is for extra security. Once enabled, the router will ONLY call back to the specified Callback Number.
3.7.7 Connection Management You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dail information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. 3.
3.8.1 Local Certificate Generate Click this button to open Generate Certificate Request window. Type in all the information that the window request. Then click Generate again. Import Click this button to import a saved file as the certification information. Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request.
3.8.2 Trusted CA Certificate Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file.
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information.
3.9 VoIP Voice over IP network (VoIP) enables you to use your broadband Internet connection to make toll quality voice calls over the Internet. There are many different call signaling protocols, methods by which VoIP devices can talk to each other. The most popular protocols are SIP, MGCP, Megaco and H.323. These protocols are not all compatible with each other (except via a soft-switch server).
only have to using dial plan or directly dial your friend’s account name if you are with the same SIP Registrar. Please refer to the Example 1 and 2 in the Calling Scenario. z Peer-to-Peer Before calling, you have to know your friend’s IP Address. The Vigor VoIP Routers will build connection between each other. Please refer to the Example 3 in the Calling Scenario.
User B connects a router with FXS port and accesses Internet through WAN port of that router. When B calls A, the voice signal will be sent to a remote router (C) through Internet. Then, the voice signal will be passed to switchboard (via S0 intern) and transferred to A through ISDN line (leaving Internet). Such route is named ISDN Off-Net (see blue route). Below shows the menu items for Certificate Management. 3.9.1 DialPlan This page allows you to set phone book and digit map for the VoIP function.
Click any index number to display the dial plan setup page. Enable Click this to enable this entry. Phone Number The speed-dial number of this index. This can be any number you choose, using digits 0-9 and * . Display Name The Caller-ID that you want to be displayed on your friend’s screen. This let your friend can easily know who’s calling without memorizing lots of SIP URL Address.
100 Enable Check this box to invoke this setting. Prefix Number The phone number set here is used to add, strip, or replace the OP number. Mode None - No action. Add - When you choose this mode, the OP number will be added with the prefix number for calling out through the specific VoIP interface. Strip - When you choose this mode, the OP number will be deleted by the prefix number for calling out through the specific VoIP interface.
OP Number The front number you type here is the first part of the account number that you want to execute special function (according to the chosen mode) by using the prefix number. Min Len Set the minimal length of the dial number for applying the prefix number settings. Take the above picture (Prefix Table Setup web page) as an example, if the dial number is between 7 and 9, that number can apply the prefix number settings here.
102 Ring Port Specify which port will ring when receiving a phone call. The ISDN ring port is available for Vigor2800VGi only. STUN Server Type in the IP address of the STUN server. External IP Type in the gateway IP address. SIP PING interval The default value is 150sec. It is useful for a Nortel server NAT Traversal Support. Status Show the status for the corresponding SIP account. R means such account is registered on SIP server successfully.
Proxy Set domain name or IP address of SIP proxy server. By the time you can type:port number after the domain name to specify that port as the destination of data transmission (e.g., nat.draytel.org:5065) Act as Outbound Proxy Check this box to make the proxy acting as outbound proxy. Display Name The caller-ID that you want to be displayed on your friend’s screen. Account Number/Name Enter your account name of SIP Address, e.g. every text before @.
Below shows successful SIP accounts for your reference. 3.9.3 Phone Settings This page allows user to set phone settings for VoIP 1 and VoIP 2 respectively. Note: ISDN port (Index 3) is available for the users living in Europe and using Vigor 2800VGi only. Phone List 104 Port – There are three phone ports provided here for you to configure. Call feature – A brief description for call feature will be shown in this field for your reference.
configured in the advanced settings page of Phone Index. Default SIP Account – “draytel_1” is the default SIP account. You can click the number below the Index field to change SIP account for each phone port. DTMF Relay – Display DTMF mode that configured in the advanced settings page of Phone Index. RTP Vigor2800 Series User’s Guide Symmetric RTP – Check this box to invoke the function.
Detailed Settings for VoIP 1 and 2 Click the number 1 or 2 link under Index column, you can access into the following page for configuring Phone settings. Hotline Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set. Session Timer Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically. T.
Call Waiting Check this box to invoke this function. A notice sound will appear to tell the user new phone call is waiting for your response. Click hook flash to pick up the waiting phone call. Call Transfer Check this box to invoke this function. Click hook flash to initiate another phone call. When the phone call connection succeeds, hang up the phone. The other two sides can communicate, then. Prefer Codec Select one of five codecs as the default for your VoIP calls.
To change ISDN call into VoIP call, please dial the character in this field for transferring. The character that you can type can be *, #, and 0~9. To VoIP (for ISDN) - The router is set by using VoIP call. To change VoIP call into ISDN call, please dial the character in this field for transferring. The character that you can type can be *, #, and 0~9. In addition, you can press the Advanced button to configure tone settings, volume gain, MISC and DTMF mode.
Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Caller ID Type There are several standards provided here for displaying the caller ID on the panel of the telephone set. Choose the one that is suitable for the phone set according to the area of the router installed. If you don’t know what standard that the phone set supports, please use the default setting.
Payload Type (rfc2833) – Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Detailed Settings for ISDN (available for VGi model only) Click the number 3 link under Index column, you can access into the following page for configuring Phone settings. Hotline Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set. Session Timer Check the box to enable the function.
Time Out – Set the time out for the call forwarding. The default setting is 30 sec. DND (Do Not Disturb) mode Set a period of peace time without disturbing by VoIP phone call. During the period, the one who dial in will listen busy tone, yet the local user will not listen any ring tone. Schedule - Enter the index of schedule profiles to control the DND mode according to the preconfigured schedules. Refer to section 3.5.2 Schedule for detailed configuration.
account registered FXO Feature Enable ISDN to VoIP (On-Net) Calls – Check this box to make all the outgoing calls from ISDN line to be forwarded to receivers by Internet. Enable VoIP to ISDN (Off-Net) Calls –Check this box to make all the incoming calls coming from Internet to be forwarded to receivers by ISDN line. In addition, you can press the Advanced button to configure tone settings, volume gain, MISC and DTMF mode.
Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Volume Gain Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10. The larger of the number, the louder the volume is. MISC Dial Tone Power Level - This setting is used to adjust the loudness of the dial tone. The smaller the number is, the louder the dial tone is. It is recommended for you to use the default setting.
Payload Type (rfc2833) – Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Disallow VoIP to ISDN Calls with the Following Prefixes Set the prefix of the phone number to forbid the user dialing through VoIP to ISDN. All the phone number with the prefix specified here will not be allowed to connect through the router. If a user dials the number by force, the router will disconnect it automatically.
(busy tone). CONNECTING - Indicates that the user is calling out. WAIT_ANS - Indicates that a connection is launched and waiting for remote user’s answer. ALERTING - Indicates that a call is coming. ACTIVE-Indicates that the VoIP connection is launched. Codec Indicates the voice codec employed by present channel. PeerID The present in-call or out-call peer ID (the format may be IP or Domain). Connect Time The format is represented as seconds.
3.10.1 General Setup This page provides some basic ISDN settings such as enabling the ISDN port or not, MSN numbers and blocked MSN numbers, etc. ISDN Port Click Enable to open the ISDN port and Disable to close it. Country Code For proper operation on your local ISDN network, you should choose the correct country code. Own Number Enter your ISDN number. Every outgoing call will carry the number to the receiver.
3.10.2 Dialing to a Single ISP If you access the Internet via a single ISP, press this link. ISP Name Enter your ISP name. Dial Number Enter the ISDN access number provided by your ISP. Username Enter the username provided by your ISP. Password Enter the password provided by your ISP. Require ISP Callback If your ISP supports the callback function, check this box to activate the Callback Control Protocol during the PPP negotiation.
Yes to invoke this function and enter the IP address in the field of Fixed IP Address. Fixed IP Address Type the IP address. 3.10.3 Dialing to Dual ISPs If you have more than one ISP, press this link to configure two ISP dialup profiles. You will be able to dial to both ISPs at the same time. This is mainly for those ISPs that do not support Multiple-Link PPP (ML-PPP) function. In such cases, dialing to two ISPs can increase the bandwidth utilization of the ISDN channels to 128kbps data speed.
As depicted in the above application scenario, the Virtual TA client can make an outgoing call or accept an incoming call to/from a peer FAX machine or ISDN TA, etc. Before you configure the Virtual TA (Remote CAPI) Setup, please install the virtual TA client first. Simply insert the CD bundled with your Vigor router, or directly double-click one of the installer files. In which Vsetup95.exe is for Windows 95 OSR2.1 or higher; Vsetup98.exe is for Windows 98, 98SE and Me; and Vsetup2k.
Virtual TA Server Enable: Select it to activate the server. Disable: Select it to deactivate the server. All Virtual TA applications will be terminated. Username Enter the username of a specific client. Password Enter the password of a specific client. MSN1/ MSN2/MSN3 MSN stands for Multiple Subscriber Number. It means you can apply to more than one ISDN lines number over a single subscribed line. Note that the service must be acquired from your telecom. Specify the MSN numbers for a specific client.
Click the Virtual TA Login tab to launch the login box. Enter the Username/Password and then click OK. After a short time, the VT icon text will turn green. MSN Configuration If you have applied to an MSN number service, the Virtual TA server can assign which client has the specified MSN number. When an incoming call arrives, the server will inform the appropriate client. Now we set an example to describe the configuration of the MSN number.
3.10.5 Call Control Some applications require that the router (only for i models) be remotely activated, or be able to dial up to the ISP via the ISDN interface. Vigor routers provide this feature which allows you to make a phone call to the router and then ask it to dial up to the ISP. Note: Call Control is only available for i models equipped with the ISDN interface. Please set Dialing to a Single ISP first before configuring this web page.
TCP Header Compression VJ Compression - It is used for TCP/IP protocol header compression. Normally it is set to None to improve bandwidth utilization. Idle Timeout Because our ISDN link type is “Dial On Demand”, the connection will be initiated only when needed. High Water Mark and High Water Time BOD stands for bandwidth-on-demand for Multiple-Link PPP (ML-PPP or MP). High Water Mark/ High Water Time/ Low Water Mark/Low Water Time parameters are applied when you set the Link Type to Dialup BOD.
loaded with advanced wireless technology Super G TM to lift up data rate up to 108 Mbps*. Hence, you can finally smoothly enjoy stream music and video. Note: * The actual data throughput will vary according to the network conditions and environmental factors, including volume of network traffic, network overhead and building materials. In an Infrastructure Mode of wireless network, Vigor wireless router plays a role as an Access Point (AP) connecting to lots of wireless clients or Stations (STA).
Example 1 Example 2 Example 3 Separate the Wireless and the Wired LAN- WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each other. To elaborate an example for business use, you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage.
3.11.2 General Settings By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. 126 Enable Wireless LAN Check the box to enable wireless function. Mode Select an appropriate wireless mode. Mixed (11b+11g+SuperG) - The radio can support IEEE802.11b, IEEE802.11g and SuperG protocols simultaneously. Mixed (11b+11g) - The radio can support both IEEE802.11b and IEEE802.
SSID The default SSID is "default". We suggest you change it to a particular name. It is the identification of the wireless LAN. SSID can be any text numbers or various special characters. Channel The channel of frequency of the wireless LAN. The default channel is 6. You may switch channel if the selected channel is under serious interference. Hide SSID Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN.
3.11.3 Security By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Mode There are several modes provided for you to choose. Disable - Turn off the encryption mechanism. WEP Only - Accepts only WEP clients and the encryption key should be entered in WEP Key. WEP/802.1x Only - Accept WEP clients with 802.1x authentication.
authentication. Remember to select WPA type to define either Mixed or WPA2 only in the field below. Since the key will be auto-negotiated during authentication, the field of key setting below will be not available for input. WPA The WPA encrypts each frame transmitted from the radio using the key, which either PSK entered manually in this field below or automatically negotiated via 802.1x authentication. Type - Select from Mixed (WPA+WPA2) or WPA2 only.
3.11.4 Access Control For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client. Only the valid MAC address that has been configured can access the wireless LAN interface. By clicking the Access Control, a new web page will appear, as depicted below, so that you could edit the clients' MAC addresses to control their access rights.
Edit Edit the selected MAC address in the list. Cancel Give up the access control set up. OK Click it to save the access control list. Clear All Clean all entries in the MAC address list. 3.11.5 WDS WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application: y y Provide bridge traffic between two LANs through the air. Extend the coverage range of a WLAN.
The major difference between these two modes is that: while in Repeater mode, the packets received from one peer AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding. In the following examples, hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links.
one. Security There are three types for security, Disable, WEP and Pre-shared key. The setting you choose here will make the following WEP or Pre-shared key field valid or not. Choose one of the types for the router. WEP Check this box to use the same key set in Security Settings page. If you did not set any key in Security Settings page, this check box will be dimmed.
If you want the found AP applying the WDS settings, please type in the AP’s MAC address on the bottom of the page and click Add. Later, the MAC address of the AP will be added to the page of WDS setting. 3.11.7 Station List Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below.
3.11.8 Station Rate Control This page allows you to control the upload and download rate of each wireless client (station). Please check the box of Enable to invoke this setting. The range for the rate is between 100 ~ 30,000 kbps. 3.12 VLAN Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port. 3.12.1 Wired VLAN PCs connected to Ethernet ports of the router can be divided into different groups and formed VLAN.
Enable Check this box to enable this function (for VLAN Configuration). P1 – P4 Check the box to make the computer connecting to the port being grouped in specified VLAN. Be aware that each port can be grouped in different VLAN at the same time only if you check the box. For example, if you check the boxes of VLAN0-P1 and VLAN1-P1, you can make P1 to be grouped under VLAN0 and VLAN1 simultaneously. VLAN0-3 This router allows you to set 4 groups of virtual LAN. 3.12.
Enable Check this box to invoke wireless VLAN function. Login ID Type Login ID for different groups of W_VLAN with 1 to 11 characters. Password Type password for different groups of W_VLAN with 1 to 11 characters. Details Click this button to set additional attributes settings for W_VLAN. Activated Date – Use the drop down lists to set the activated date for the wireless VLAN. The wireless VLAN function will be available when the time is arrival.
Disable broadcast and multicast traffic Check this box to prevent broadcast and multicast traffic forwarding to all W_VLAN. How can you (wireless client) access into Internet? After finishing the configuration of wireless VLAN, the wireless clients connecting to this router must do the following steps to access into Internet. 1. Open a browser and type http://www.draytek.vlan/login.htm or http://(vigor router’s IP address)/login.htm on the address line. 2. The following screen will appear. 3.
5. You can go to Diagnostics>>Wireless VLAN Online Station for viewing the connection status whenever you want. 3.12.3 VLAN Cross Setup This function allows the router to integrate VLAN and W_VLAN for managing different computers (notebooks). See the following picture for an example. With VLAN Cross Setup, notebook A/B and PCs on VLAN0 can share resources without difficulty.
The VLAN >> VALN Cross Setup allows you to set a communication bridge between computers in Wireless VLAN and wired VLAN. To achieve the intention of the above illustration, simply check the box under VLAN0 on the line of W_VLAN0. 140 Enable Check this box to invoke VLAN Cross Setup function. VLAN0-3 It represents the groups of virtual LAN connected by Ethernet interface. W_VLAN0-15 It represents the groups of wireless VLAN communicated by wireless interface.
3.12.4 Wired Rate Control Rate Control manages the transmission rate of data in and out through the router. You can also manage the in/out rate of each Ethernet port. Go to VLAN menu and select Wired Rate Control. The following page will appear. Click Enable to invoke VLAN function. For the rate control of wired connection, please open VLAN menu and choose Wired Rate Control. The following page will be shown for you to adjust. Enable Check this box to enable this function (for Rate Control).
3.12.5 Wireless Rate Control Rate Control manages the transmission rate of data in and out through the router. You can also manage the in/out rate of each wireless VLAN. Go to VLAN menu and select Wireless Rate Control. The following page will appear. Click Enable to invoke VLAN function. For the rate control of wireless connection, please open VLAN menu and choose Wireless Rate Control. The following page will be shown for you to adjust.
3.13 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, Firmware Upgrade. Below shows the menu items for System Maintenance. 3.13.1 System Status The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.
MAC Address Display the MAC address of the WAN Interface. IP Address Display the IP address of the WAN interface. Default Gateway Display the assigned IP address of the default gateway. DNS Display the assigned IP address of the primary DNS. Port Display the available VoIP ports. SIP registrar Display the registered SIP Server. Account ID Display the default account name. Register Display the result of the registration. Codec Display the used Codec.
2. Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. 3. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. 4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples.
Restore Configuration 1. Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. 2. Click Browse button to choose the correct configuration file for uploading to the router. 3. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. 3.13.4 Syslog/Mail Alert SysLog function is provided to help users to monitor router.
Authentication Check this box to activate this function. Some servers might need user name and password for authentication. Therefore, activate this mechanism is required. User Name Type the user name for the authentication. Password Type the password for the authentication. Click OK to save these settings. For viewing the Syslog, please do the following: 1. Just set your monitor PC’s IP address in the field of Server IP Address 2. Install the Router Tools in the Utility within provided CD.
3.13.5 Time and Date It allows you to specify where the time of the router should be inquired from. Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time. Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol. Time Protocol Select a time protocol. Server IP Address Type the IP address of the time server.
3.13.6 Management This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Enable remote firmware upgrade Chick the checkbox to allow remote firmware upgrade through FTP (File Transfer Protocol).
Set Community Set community by typing a proper name. The default setting is private. Manager Host IP Set one host as the manager to execute SNMP function. Please type in IP address to specify certain host. Trap Community Set trap community by typing a proper name. The default setting is public. Notification Host IP Set the IP address of the host that will receive the trap community. Trap Timeout The default setting is 10 seconds. 3.13.
3.13.8 Firmware Upgrade Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools. The following web page will guide you to upgrade firmware by using an example. Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.
3.14 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. 3.14.1 WAN Connection Click Diagnostics and click WAN Connection to open the web page. Refresh To obtain the latest information, click here to reload the WAN connection status. Broadband Access Mode/Status Display the broadband access mode and status. If the broadband connection is active, it will show Internet access mode is enabled.
3.14.2 Dial-out Trigger Click Diagnostics and click Dial-out Trigger to open the web page. The internet connection (e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address. Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. 3.14.3 Routing Table Click Diagnostics and click Routing Table to open the web page.
3.14.4 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page. Clear Click it to clear the whole table. 3.14.5 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc.
3.14.6 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. Ifno It displays the representing number for different interface.
3.14.7 ADSL Spectrum Analysis Click Diagnostics and click ADSL Spectrum Analysis to open the web page. It will display the bits number status that each BIN carries for upstream/downstream. Below shows two example diagrams for different type of Vigor router. sample 1 sample 2 Refresh 156 Click it to reload the page.
3.14.8 Wireless VLAN Online Station Table Click Diagnostics and click Wireless VLAN Online Station Table to open the web page. It will display the IP address, MAC address and Login ID information for all the Wireless VLAN stations. IP Address Display the IP address of the wireless station. MAC Address Display the MAC address of the wireless station. Login ID Display the login ID that the wireless station belongs to. 3.14.9 Ping Diagnosis Click Diagnostics and click Ping Diagnosis to pen the web page.
3.14.10 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page.
IP Address Display the IP address of the monitored device. TX rate (kbps) Display the transmission speed of the monitored device. RX rate (kbps) Display the receiving speed of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Action Block - can prevent specified PC accessing into Internet within 5 minutes. Unblock – the device with the IP address will be blocked in five minutes. The remaining time will be shown on the session column. 3.14.
This page is left blank.
4 Application and Examples 4.1 Create a LAN-to-LAN Connection Between Remote Office and Headquarter The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address. Settings in Router A in headquarter: 1.
For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. 162 3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. 5.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: 1. 164 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK.
2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. 3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection.
4.2 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host. Settings in VPN Router in the enterprise office: 1.
3. Go to Remote Dial-In Users. Click on one index number to edit a profile. 4. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
Settings in the remote host: 1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel to Vigor router. For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed. 2. After successful installation, for the first time user, you should click on the Step 0. Configure button.
You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method. The User Name and Password should be consistent with the one set up in the VPN router.
4. Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. 4.3 QoS Setting Example Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquater office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on VoIP or Skype in the restroom. 172 1.
4. Enter the Class Name of Index 2. In this index, she will set reserve bandwidth for HTTPS. And click Basic button on the right. 5. Select HTTPS in the list on the left column and click on ADD to add to right column. Click OK to exit. 6. Check the Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of VoIP influent other application. 7. If the worker has connected to the headquater using host to host VPN tunnel.
4.4 LAN – Created by Using NAT An example of default setting and the corresponding deployment are shown below. The default Vigor router private IP address/Subnet Mask is 192.168.1.1/255.255.255.0. The built-in DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.
To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.
176 Vigor2800 Series User’s Guide
4.5 Calling Scenario for VoIP function 4.5.1 Calling via SIP Sever Example 1: Both John and David have SIP Addresses from different service providers. John’s SIP URL: 1234@draytel.org, David’s SIP URL: 4321@iptel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@iptel.org SIP Accounts Settings --Profile Name: draytel1 Register via: Auto SIP Port: 5060 (default) Domain/Realm: draytel.org Proxy: draytel.
Example 2: Both John and David have SIP Addresses from the same service provider. John’s SIP URL: 1234@draytel.org , David’s SIP URL: 4321@draytel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@draytel.org SIP Accounts Settings --Profile Name: draytel 1 Register via: Auto SIP Port: 5060 (default) Domain/Realm: draytel.org Proxy: draytel.
4.5.2 Peer-to-Peer Calling Example 3: Arnor and Paulin have Vigor routers respectively, they can call each other without SIP Registrar. First they must have each other’s IP address and assign an Account Name for the port used for calling. Arnor’s SIP URL: 1234@214.61.172.53 Paulin’s SIP URL: 4321@ 203.69.175.24 Settings for Arnor DialPlan index 1 Phone Number: 1111 Display Name: paulin SIP URL: 4321@ 203.69.175.
4.6 Upgrade Firmware for Your Router Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools. 1. Insert CD of the router to your CD ROM. 2. From the webpage, please find out Utility menu and click it. 3. On the webpage of Utility, click Install Now! (under Syslog description) to install the corresponding program. 4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5.
9. Double click on the icon of router tool. The setup wizard will appear. 10. Follow the onscreen instructions to install the tool. Finally, click Finish to end the installation. 11. From the Start menu, open Programs and choose Router Tools XXX >> Firmware Upgrade Utility. 12. Type in your router IP, usually 192.168.1.1. 13. Click the button to the right side of Firmware file typing box. Locate the files that you download from the company web sites.
14. Click Send. 15. Now the firmware update is finished. 4.
1. Go to Certificate Management and choose Local Certificate. 2. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. 3. Copy and save the X509 Local Certificate Requet as a text file and save it for later use.
4. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below.
Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. 5. Back to Vigor router, go to Local Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------.....” 6.
4.8 Request a CA Certificate and Set as Trusted on Windows CA Server 1. 186 Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list.
2. In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. 3. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration. 4. You may review the detail information of the certificate by clicking View button.
This page is left blank.
5 Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Checking if the hardware status is OK or not. z Checking if the network connection settings on your computer are OK or not. z Pinging the router from your computer. z Checking if the ISP settings are OK or not.
For Windows 190 The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 1. Go to Control Panel and then double-click on Network Connections. 2. Right-click on Local Area Connection and click on Properties. 3. Select Internet Protocol (TCP/IP) and then click Properties.
4. Select Obtain an IP address automatically and Obtain DNS server address automatically. For MacOs 1. Double click on the current used MacOs on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
5.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 4.2) Please follow the steps below to ping the router correctly.
5.4 Checking If the ISP Settings are OK or Not Click Internet Access group and then check whether the ISP settings are set correctly. For PPPoE/PPPoA Users 1. Check if the Enable option is selected. 2. Check if Username and Password are entered with correct values that you got from your ISP.
For MPoA Users 194 1. Check if the Enable option for Broadband Access is selected. 2. Check if all parameters of DSL Modem Settings are entered with correct value that provided by your ISP. Especially, check if the encapsulation is selected properly or not (it should be the same with the setting on Quick Start Wizard). 3. Check if IP Address, Subnet Mask and Gateway are set correctly (must identify with the values from your ISP) if you choose Specify an IP address.
5.5 Problems for 3G Network Connection When you have trouble in using 3G network transmission, please check the following: Check if USB LED lights on or off You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2800. Later, the USB LED will light on which means the installation of USB Modem is successful. If the USB LED does not light on, please remove and reinsert the modem again. If it still fails, restart Vigor2910.
Software Reset You can reset the router to factory default via Web page. Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click OK. After few seconds, the router will return all the settings to the factory settings. Hardware Reset While the router is running (ACT LED blinking), press the Factory Reset button and hold for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the button.
