Version : 2.
Table of Contents Chapter 1 . High Availability Function .................................................................... 1 1.1 Introduction................................................................................................................................. 1 1.2 Examples and Web Configurations............................................................................................ 2 Chapter 2 . VPN Function.................................................................................
Chapter 4. Load Balance Policy .............................................................................98 4.1 Introduction............................................................................................................................... 98 4.2 Examples and Web Configurations.......................................................................................... 98 Chapter 5. 802.1Q VLAN........................................................................................102 5.
Chapter 1 . High Availability Function This chapter shows how to setup high availability function. This chapter is divided into the following sections, Section 1.1: Introduction Section 1.2: Examples and Web Configurations The basic application graph is shown in Figure 1-1. There are two Vigor 3300V routers connected to the Internet. One is as Master and the other one is as Slave. Both are connected to a subnet – 192.168.1.x from the LAN port.
At first, we need to configure High Availability in the Master device. Please refer to the Figure 1-2. Figure 1-2. Web settings of the Master Then, we have to configure High Availability in the Slave device. Please refer to the Figure 1-3. Figure 1-3. Web settings of the Slave The most important points are as below – Both the Master and Slave must share the same Group number value. The “Role” value of the Master device is different from that of the Slave device.
Multiple Slaves There should be only one Master, but multiple Slaves are allowed. Generally speaking, the Slave with the greater LAN IP address will have higher priority to play the role of Master if the original Master is shut down or fails. For example, the IP address 192.168.1.4 will have higher priority over 192.168.1.3. Reference The HA function was developed based on VRRP (Virtual Router Redundancy Protocol). For further detailed information about VRRP, please refer to RFC 2338.
Chapter 2 . VPN Function This chapter is divided into the following sections, Section 2.1: VPN Dial-in Function Section 2.2: VPN Dial-out Function Section 2.3: VPN Three Parts Communication Section 2.4: IPSec Host to LAN ( Smart VPN Client ) – DHCP over IPSec Section 2.5: VPN PPTP Host-to LAN by Smart VPN Client 2.1.1 Introduction The first example is to establish a LAN to LAN VPN Tunnel. The basic form of LAN to LAN VPN is to let both routers' internal networks can connect with to each other.
There Below is a configuration table as below between Vigor 3300V and Vigor 2900V. Vigor 3300V Headquarters Vigor 2900V Branch Office 220.135.240.207 61.31.167.135 PPPoE, fixed IP PPPoE, dynamic IP LAN IP 192.168.33.1 192.168.29.1 Internal Network 192.168.33.X 192.168.29.X WAN IP Encryption Method DES-SHA1 Preshared Key 3300 2.1.2 Examples and Web Configurations 2.1.2.1 Configurations in Vigor 3300V Step 1 Suppose the subnet of Vigor 3300V internal network is 192.168.33.
Admin Status Use the default settings (Enable). Local Gateway It deals with relevant settings of the local router, including selection of the WAN and internal network, etc. WAN Interface Vigor 3300V has 4 WAN ports. In this example, we choose WAN1 to establish the VPN tunnel. Network IP / Subnet Mask It is the internal network of Vigor 3300V. Please enter 192.168.33.0 /24 (/24 = Mask 255.255.255.0).
Step 3 Advanced page In this example since the connection is initiated by Vigor 2900V, the encryption method is determined by Vigor 2900V. By default Vigor 3300V allows des-md5, des-sha1, 3des-md5 and 3des-sha1, so no change is required. Just press the Apply button to finish the configuration. Please refer to Figure 2-4. Figure 2-4. Advanced settings of Vigor 3300V Step 4 After configuration, the router will jump switch to the VPN - IPSec - Policy Table page. Confirm if the settings are correct.
2.1.2.2 Configurations in Vigor2900V There are some setup procedures as below. Step 1 Enter the web page of Vigor2900V, and click the VPN and Remote Access Setup link. Please refer to Figure 2-6. Figure 2-6. VPN web of Vigor2900V Step 2 Click the LAN-to-LAN Profile Setup link. Please refer to 11-7. Figure 2-7.
Step 3 Click Index 1, and enter relevant settings of the VPN tunnel connected to Vigor 3300V. Please refer to Figure 2-8. Figure 2-8. LAN to LAN profiles of Vigor2900V Step 4 Common Setting It deals with basic settings, including profile name, enable or disable the profile, call direction, etc. Profile Name Specify a name to this profile. To facilitate easy management and differentiation, please type “3300V”. Call Direction Specify the call direction to this profile.
Dial-Out Setting It deals with relevant settings of Dial-Out connection, including encryption method, preshared key and remote site's WAN IP. Select IPSec Tunnel and enter the WAN IP 220.135.240.207 of Vigor 3300V. Press the IKE Pre-Shared Key button, and then a window will pop up. Just type 3300 (It must be identical to 3300V's). Press finish the configuration of IKE Pre-Shared Key. Then click High (ESP) and select DES with Authentication (default is DES without Authentication). Figure 2-10.
TCP/IP Network Settings It deals with the internal network of the remote site, etc. In the Network IP and Mask field, enter 192.168.33.0 and 255.255.255.0 respectively, and then press “OK” to finish the configuration. Please refer to Figure 2-12. Figure 2-12. TCP/IP network settings of Vigor2900V Step 5 After configuration, the router will automatically switch to the LAN-to-LAN Profiles Setup page. Confirm if the settings are correct. Now the setup configuration for of Vigor2900V is completed.
Step 7 Figure 2-15. Connection status of Vigor2900V Step 8 Figure 2-16.
Step 10 Figure 2-18. IPSec status Step 11 Figure 2-19. Ping status Step 12 If the numbers of Packet In & Packet Out increase, it means there are packets passing is traffic through the VPN tunnel.
2.2.1 Introduction This case is based on example 1. The difference is that both sites have a fixed IP address and the connection is initiated from Vigor 3300V (Dial-Out) to Vigor 2900V (Dial-In). Suppose the Headquarters in Taipei use a Vigor 3300V, while the branch office in Shanghai uses a Vigor 2900V. The network administrator requires the employees in branch office to access the database in the headquarters through the encrypted VPN tunnel. The purpose is to avoid leakage of confidential information.
2.2.2 Examples and Web Configurations 2.2.2.1 Configurations in Vigor 2900V There are some procedures as below. Step 1 Enter Vigor 2900V'sthe web page of Vigor 2900V, click the VPN and Remote Access Setup link. Figure 2-21. Vigor 2900V web configuration Step 2 Click the LAN-to-LAN Profile Setup link. Figure 2-22.
Step 3 Click Index 1 and enter relevant settings for the VPN tunnel to Vigor 3300V. Please refer to Figure 12-4. Figure 2-23. Enter relevant VPN setup Step 4 On this page there are four sections for relevant VPN setup as below. Common Settings These are basic settings, including profile name, enable or disable the profile, call direction, etc. Profile Name Specify a name to this profile. To facilitate easy management and differentiation, please type 3300V.
Dial-Out Settings It deals with relevant settings of Dial-Out connection. In this example, we do not need to configure this part. Figure 2-25. Dial-Out settings in Vigor 2900V Dial-In Settings It deals with relevant settings of Dial-In connection, including encryption method, preshared key and the WAN IP of remote site. Select IPSec Tunnel and enter the WAN IP 220.135.240.207 of Vigor 2900V. Press the IKE Pre-Shared Key button, and then a window will pop up. Type 3300 (It must be identical with 3300V's).
TCP/IP Network Settings It deals with the internal network of the remote site, etc. In the Network IP and Mask fields, enter 192.168.33.0 and 255.255.255.0 respectively, and then press “OK” to finish the configuration. Please refer to Figure 2-27. Figure 2-27. VPN setup- TCP/IP network settings Step 5 After configuration, the router will automatically switch to the LAN-to-LAN Profiles Setup page. Confirm if the settings are correct. Now the configuration of Vigor 2900V is completed.
2.2.2.2 Configurations in Vigor 3300V There are some procedures as below. Step1 Suppose the internal network inside Vigor 3300V is 192.168.33.X, for detailed setup instructions please refer to the LAN Setup chapter. Enter VPN \IPSec\Policy Table, and click 1. Then press “Edit”. Please refer to Figure 2-29. Figure 2-29. IPSec policy table Step 2 First you should configure the Default page. In Basic settings, there are three parts users need to configure.
WAN Interface Vigor 3300V has 4 WAN ports. In this example, we choose WAN1 to establish the VPN tunnel. Network IP / Subnet Mask It is the internal network of Vigor 3300V. Please enter 192.168.33.0 /24 (/24 = Mask 255.255.255.0) Remote Gateway It deals with relevant settings of the remote router, including WAN IP and internal network, etc. Security Gateway The WAN IP of Vigor 2900V. Please enter 61.31.167.135. Network IP / Subnet Mask The internal network of Vigor 2900V. Please enter 192.168.29.
Step 3 Advanced page By default, Vigor 3300V allows des-md5, des-sha1, 3des-md5 and 3des-sha1. Change the sequence of des-md5 and des-sha1 so that des-sha1 is in first place. Press “Apply” to finish the configuration. Figure 2-30. Advanced page setup Step 4 After configuration, the router will switch to the VPN - IPSec - Policy Table page. Click “Initiate”. Figure 12-31. IPSec policy table Step 5 A window for this Dial-Out connection will pop up. Press “OK” to initiate this tunnel. Figure 2-32.
Step 6 Please wait for 30~60 seconds, and then enter the VPN - IPSec – Status page of Vigor 3300V. You will find that this VPN tunnel has been established. Figure 2-33. VPN - IPSec - Status page Step 7 Please enter the CLI and ping 192.168.29.1(2900V) to see if there is any response. Figure 2-34. Command prompt Step 8 If the numbers of Packet In & Packet Out increase, it means there is traffic through the VPN tunnel. Figure 2-35.
Step 10 Enter the CLI and ping 192.168.33.1(3300V) to see if there is any response. Figure 2-37. Command prompt Step 11 If the numbers of Tx Pkts & Rx Pkts increase, it means there is traffic through the VPN tunnel. Figure 2-38. The numbers of Tx Pkts & Rx Pkts Now the VPN tunnel has been successfully established. If you want to keep a permanent connection, please refer to the step 2 the configuration of Vigor 3300V and change “Admin Status” from Enable to Always-On.
The second example is to configure 2 LAN to LAN VPN Tunnels. So that all three routers' internal networks can connect to each other through one of the router. In this example, since only one site (Vigor 3300V) has a fixed IP address, to maintain stable connections the other two routers (Vigor 2900V and Vigor 2200V) using dynamic IP addresses must enable “Always On”. Vigor 3300V is set as the central site accepting incoming VPN connections from the other two routers.
WAN IP 3300V Headquarters 2900V Branch Offices 220.135.240.207 61.31.167.135 PPPoE, dynamic IP PPPoE, fixed IP 2200V Teleworker 219.81.160.206 61.230.207.146 PPPoE, fixed IP PPPoE, dynamic IP LAN IP 192.168.33.1 192.168.29.1 192.168.22.1 Internal Network 192.168.33.X 192.168.29.X 192.168.22.
Basic It deals with basic settings, including profile name, authentication type, preshared key, etc. Name You can specify a name to this profile. To facilitate easy management and differentiation please type 2900V. Preshared Key Type 3300 (It must be identical with 2900V's). Admin Status Use the default settings (Enable). Local Gateway It deals with relevant settings of the local router, including selection of the WAN and internal network, etc. WAN Interface Vigor 3300V has 4 WAN ports.
Figure 2-42. VPN – IPSec tunnel - Default page setup Step 3 Advanced page In this example since the connection is initiated by Vigor 2900V, the encryption method is determined by Vigor 2900V. By default Vigor 3300V allows des-md5, des-sha1, 3des-md5 and 3des-sha1, so no change is required. Just press the Apply button to finish the configuration. Figure 2-43.
Step 4 After configuration, the router will automatically switch to the VPN - IPSec - Policy Table page. Click 2, and then press Edit. Figure 2-44. VPN - IPSec - Policy table (edit 2) Step 5 Firstly you should enter the Default page. There are three fields on this page. Basic It deals with basic settings, including profile name, authentication type, preshared key, etc. Name You can specify a name to this profile. To facilitate easy management and differentiation please type 2200V.
Network IP / Subnet Mask The internal network of Vigor 3300V. Please enter 192.168.0.0 /16 (/16 = Mask 255.255.0.0). Remote Gateway It deals with relevant settings of the remote router, including WAN IP and internal network, etc. Security Gateway The WAN IP of Vigor 2900V. In this example it is not fixed, so please enter 0.0.0.0. Network IP / Subnet Mask It is the internal network of Vigor 2900V. Please enter 192.168.22.0 /24 (/24 = Mask 255.255.255.0). Figure 2-45.
Step 6 Advanced page In this example since the connection is initiated by Vigor 2200V, the encryption method is determined by Vigor 2200V. By default Vigor 3300V allows des-md5, des-sha1, 3des-md5 and 3des-sha1, so no change is required. Just press the Apply button to finish the configuration. Figure 2-46. VPN - IPSec tunnel - Advanced page setup Step 7 After configuration, the router will switch to the VPN - IPSec - Policy Table page. Confirm if the settings are correct.
2.3.2.2 Configurations in Vigor 2900V Step 1 Enter the web page of Vigor 2900V, and click the VPN and Remote Access Setup link. Figure 2-48. 2900V web configuration Step 2 Click the LAN-to-LAN Profile Setup link. Please refer to Figure13-10. Figure 2-49.
Step 3 Click Index 1, and enter relevant settings of the VPN tunnel connected to Vigor 3300V. Figure 2-50. Enter relevant VPN setup Step 4 On this page there are four sections regarding VPN configuration. Common Setting It deals with basic settings, including profile name, enable or disable the profile, call direction, etc. Profile Name You can specify a name to this profile. To facilitate easy management and differentiation, please type 3300V.
PING to Keep Alive To avoid the situation in which the connection goes down unexpectedly, Vigor uses "Ping to keep alive" method to detect if the peer router is reachable. Enable this feature and enter “192.168.33.1” in the “PING to the IP” field. Figure 2-51. VPN setup - Common settings Dial-Out Setting It deals with relevant settings of Dial-Out connection, including encryption method, preshared key and WAN IP of the remote site. Select IPSec Tunnel and enter the WAN IP 220.135.240.207 of Vigor 2900V.
Dial-in Setting It deals with relevant settings of Dial-In connection. In this example, there is no need to configure this part. Figure 2-53. VPN setup - Dial-in settings TCP/IP Network Settings The internal network of the remote site, etc. In the Network IP and Mask fields, enter 192.168.0.0 and 255.255.0.0 respectively, and then press “OK” to finish the configuration. Figure 2-54.
Figure 2-55. The setting status for Vigor 2900V is completed Step 6 Enter the main page of Vigor 2900V, click VPN Connection Management. Since “Always On” is enabled, the VPN connection has been established. Figure 2-56. VPN connection management Step 7 Enter the CLI and try to ping 192.168.33.1(3300V) to see if there is any response. Figure 2-57.
Step 8 If the numbers of Tx Pkts & Rx Pkts increase, it means there is traffic through the VPN tunnel. Figure 2-58. The numbers of Tx Pkts & Rx Pkts 2.3.2.3 Configurations in Vigor 2200V Step 1 Enter the web page of Vigor 2200V. Click the VPN and Remote Access link. Figure 2-59. Vigor 2200V web configuration Step 2 Click the LAN-to-LAN Profiles link. Click Index 1 and enter relevant settings of the VPN tunnel of Vigor 3300V. Figure 2-60.
Step 3 On this page there are four sections regarding VPN configuration. Common Setting It deals with basic settings, including profile name, enable or disable the profile, call direction, etc. Profile Name You can specify a name to this profile. To facilitate easy management and differentiation, please type 3300V. Call Direction Specify the call direction to this profile. In this example the connection is initiated from Vigor 2200V to Vigor 3300V, so please select Dial-Out.
Dial-Out Setting It deals with relevant settings of Dial-Out connection, including encryption method, preshared key and the WAN IP of remote site. Select IPSec Tunnel and enter the WAN IP 219.81.160.206 of Vigor 2900V. Press IKE Pre-Shared Key button and a window will pop-up, type 1234 (It must be identical with 3300V's). Press Confirm to finish the configuration of IKE Pre-Shared Key. Then click High (ESP) and select DES with Authentication (default is DES without Authentication ). Figure 2-62.
TCP/IP Network Settings The internal network of the remote site, etc. In the Network IP and Mask fields, enter 192.168.0.0 and 255.255.0.0 respectively, and then press “OK” to finish the configuration. Figure 2-64. VPN setup - TCP/IP network settings Step 4 After configuration, the router will automatically switch to the LAN-to-LAN Profiles Setup page. Confirm if the settings are correct. Now the configuration of Vigor 2200V is completed. Figure 2-65.
Step 5 Enter the main page of Vigor 2200V, click VPN Connection Management. Since “Always On” is enabled, the VPN connection has been established. Figure 2-66. VPN connection management Step 6 You may attempt to ping 192.168.33.1( Vigor 3300V) and ping 192.168.29.1( Vigor 2900V) to see if there is any response. Figure 2-67.
Step 7 Enter the web page of Vigor 3300V and enter VPN\IPSec\Status, you will see two VPN tunnels have been established. Figure 2-68. VPN - IPSec – Status Step 8 Enter the CLI and attempt to ping 192.168.29.1 ( Vigor 2900V) and ping 192.168.22.1( Vigor 2200V) to see there is any response. Figure 2-69. Command prompt Now all these 3 sites can connect to each other. Note Please note all the VPN traffic will be passed through the 3300V.
$ % % & '( )% * & + 2.4.1 Introduce Vigor 3300 series router supports two kinds of VPN type – PPTP & IPSec. It supports only Host-to-LAN and a maximum of 16 tunnels in all for PPTP connection; while it supports both Host-to-LAN & LAN-to-LAN VPN, and a maximum of 200 tunnels for IPSec. Hence, when deploying a large-scale network, the IPSec tunnel is recommended.
Figure 2-70 2. In the following page, configure as the picture below: Figure 2-71 Please enable the DHCP over IPSec, you’ll see Network IP / Subnet Mask field is grayed. Besides, if the dial-in user has a fixed IP, then enter the IP in the Security Gateway field. But if the remote user just owns a dynamic IP, then type 0.0.0.0 there.
3. In the Advance page, you may make some detailed settings for the two IKE phases. Figure 2-72 Note: • Since 3300 series router has multiple WAN interface, if the security gateway was set as 0.0.0.0, then each WAN interface can only owns one Pre-Shared Key. In other words, suppose you’ve set 3 policies which all uses WAN1 as WAN interface, and 0.0.0.0 as security gateway, then only the Pre-Shared Key of the last policy will be regarded as valid and can be used for WAN1’s IPSec tunnel.
2. Run the Start All Programs Client, and press Insert button. Draytek Smart VPN Client Smart VPN Figure 2-74 3. Then a new VPN profile will be created. Please enter the 3300’s WAN IP (be sure to select the correct WAN interface), and tick the IPSec Tunnel box, then press OK.
4. I n the coming up configuration page, tick the Virture IP box. You may Obtain an IP address automatically or Specify an IP address as your wish. As for the security settings (including Security Method and Pre-Shared Key etc.), you MUST make sure they are exactly the same with the server sides. Figure 2-76 Note: If you’re running multiple NICs on the PC, please be sure to select the correct one for My IP field. 5. Press OK, after you finish the configuration. And then activate the IPSec tunnel.
6. Figure 2-78 7. You may try pinging the remote private IP so as to check if the connection is up.
, " & '( -% 2.5.1 Introduction This document describes how to establish a PPTP tunnel from the Smart VPN Client to Vigor 3300 series router. Suppose the network environment is as below: Vigor 3300V Headquarters Smart VPN Client WAN IP 218.242.130.19 (Static IP) 58.33.150.31 (Dynamic IP) LAN IP 192.168.1.1 / Local Network 192.168.1.*/28 / 2.5.2 Configuration 2.5.2.
Step 2 Enter VPN - PPTP - Group Table. And you can specify the IP range that be allocated to the remote hosts (Star IP), and the local IP range which is accessible to the remote hosts (Accessed IP). There’re 4 groups of IP range in the Group Table as following Figure 2-81. Figure 2-81. PPTP group table Note: If you leave the Accessed IP field empty, then the whole local subnet is fully accessible to the remote dial-in user.
Step 4 In the following page, please type in the User Name & User Password, and select a group. Figure 2-83. PPTP authentication – Edit Step 5 After the tunnel is created, you can check the tunnel status on VPN - PPTP – Status as below Figure 2-84. Figure 2-84. PPTP status 2.5.2.2 Client Side Step 1 Download the latest Smart VPN Client from our web site http://www.draytek.com/support/download.php, and install it. Step 2 Go to Start \ All Programs \ DrayTek Smart VPN, and click the Smart VPN Client.
Step 3 Press click Insert to create a new VPN profile. Figure 2-85. Create a new VPN profile Step 4 Specify a name for this profile (surely you may leave this option as default), type 218.242.130.19 (WAN interface IP address in 3300) in the VPN server IP field, enter the username/password, and select PPTP in the Type of VPN. Please be sure to enter the identical Authentication and Encryption settings that you set in Vigor 3300.
Step 5 Click OK then click Connect to the Vigor 3300. Figure 2-87. Connect to VPN server Step 6 After the tunnel is established, you may see the status is “Connected”. Figure 2-88. Check the tunnel status Also you may try to ping the remote private network, to check whether the VPN PPTP tunnel is created or not. Figure 2-89.
29. VoIP Example 1 (Basic Configuration and Registration) This chapter shows how to set up a practical example to use VoIP function. This chapter is divided into the following sections. Section 29.1: Basic Configuration and Registration Section 29.2: 3300V Configuration Example Section 29.3: 2900V Configuration Example There are many different kinds of applications about VoIP function, most of VoIP callings must be via a VoIP Server by registering, except we can dial VoIP number by the IP address directly.
Chapter 3. VoIP Function This chapter is divided into the following sections, Section 3.1: VoIP Example 1 - Basic Configuration and Registration Section 3.2: VoIP Example 2 - Basic Calling Method Section 3.3: VoIP Example 3 - VoIP over VPN Section 3.4: VoIP Example 4 - Practical Application of FXS Section 3.5: VoIP Example 5 - Practical Application of FXO Section 3.6: VoIP Example 6 - Register with Private IP Address Section 3.7: Asterisk Application ! .
Table 3-2. Example1-basic settings in Vigor 3300V and Vigor 2900V Proxy Domain Port iptel iptel.org iptel.org 5060 fwd fwd.pulver.com fwd.pulver.com 5060 3.1.1 Vigor 3300V Configuration Example Step 1 Enter VoIP - Protocol page and configure related settings on SIP Configuration. Figure 3-1. SIP configuration of protocol in Vigor 3300V Step 2 Enter VoIP - Port Settings page, click the Edit icon of port1. Figure 3-2. Edit of port1 Step 3 Enter the Port1 page. This page falls into six sections.
Display incoming call's information. To facilitate ease differentiation please type 3300V_Port1_iptel. Proxy Server Select the SIP Server used for registration from the pull-down menu. There are None and three SIP Servers available, which are set in the VoIP- Protocol page. Please select iptel. FXO Dedicated settings for FXO card. Incoming Pre-Set Number: The transfer number auto dialed after the FXO receives a call from the Internet. Figure 3-3.
Relevant settings used for FAX over VoIP. FAX Mode Compression mode used for transferring FAX. By default is T.38 Relay. FAX Bypass Codec Select the compression mode when FAX Mode selects Bypass. FAX Bypass Codec Rate Select the transfer rate of voice packets when FAX Mode selects Bypass. DTMF DTMF are the audible sounds you hear when you press keys on your phone. DTMF Relay By default is RFC2833. After configuration, click Apply to save the settings. Router will auto jump to the VoIP - Port Settings page.
Username Phone Number of Port1~Port8. Proxy Port1, 2, 5, and 6 are registered to iptel Proxy, and Port3, 4, 7, 8 are registered to fwd Proxy. Codec Port1~Port8 all prior use G.729A - 8kbps. Figure 3-5. Port2~Port8 Settings Step 5 Enter the VoIP - Status page, wait one or two minutes (The time depends on SIP Server's response speed and the network condition). Register Status Display the register information from Port1~Port8. OK means this port is registered successfully.
3.1.2 Vigor 2900V Configuration Example Step 1 Open the Web of 2900V and click VoIP Setup. Figure 3-7. VoIP web page of Vigor 2900V Step 2 Click SIP Related Functions Setup. Figure 3-8. SIP related function setting of Vigor 2900V Step 3 Setup Port1 and Port2. This page falls into two sections, SIP: Setup relevant SIP Servers used for registration respectively. Ports: Type account and password.
After configuration please click OK to save the settings. 2900V will go to VoIP – Setup page automatically. Figure 3-9. Setup port1 and port2 of Vigor 2900V Step 4 Click Voice Call Status. Figure 3-10. Voice call status of Vigor 2900V Step 5 Wait one or two minutes (The time depends on SIP Server's response speed and the network condition) Channel R means Port1 and Port2 register successfully. Status IDLE means there is no conversations on Port1~Port8.
Figure 3-11. VoIP connection status of Vigor 2900V Now the configuration is completed. ! . 0 # We will introduce three basic VoIP calling methods, involving Direct IP Call, Intercommunication with one SIP Proxy Server and Intercommunication with different SIP Proxy Servers. All the settings are based on the VoIP Example 1(Basic Configuration and Registration). 3.2.
Table 3-3. Configuration table WAN IP Port Number Phone Number Proxy Codec 3300V 220.135.240.207 Port1(FXS) 888833 iptel G.729A 2900V 61.31.167.135 Port1(FXS) 888829 iptel G.729A Furthermore, do NOT enable the Outbound Proxy feature when you set up 3300V and 2900V to use Direct IP Call. (It isn't active in the Example 1; please see Figure 3-2 shown below) Otherwise even if you dial the IP address, the call is still sent to the SIP Proxy Server always.
3.2.1.2 2900V Configuration Example Step 1 Step 2 Step 3 Enter relevant settings for Vigor 3300V's Port1. Click OK to save the settings. Enable: click ( ) to activate the entry. Phone Number : type 3301. Display Name : To facilitate ease differentiation please type 3300V_Port1_IP. SIP URL : Cal lee’s Number@IP, please type 888833@220.135.240.207.
Step 4 Confirm the settings are correct, and then finish the configuration. Figure 3-18. Finish DialPlan configuration Start to dial by using telephones Phone1 calls Phone2 Press 2901# or 888829*61*31*167*135#. Phone2 calls Phone1 Press 3301#. Note # indicates termination of the phone number. After pressing #, VoIP is immediately called out. Or you may wait 3 seconds if you do not press #. With 2900V you can't only dial alphanumeric addresses or @ symbols.
WAN IP 3300V 220.135.240.207 2900V 61.31.167.135 Port Number Phone Number Proxy Codec Port1(FXS) 888833 iptel G.729A Port3(FXS) 660533 fwd G.729A Port1(FXS) 888829 iptel G.729A Port2(FXS) 660529 fwd G.729A 3.2.2.1 Vigor 3300V Configuration Example Step 1 Start to dial by using telephones Phone1 call Phone3 Press 888829# or 291#. Phone2 call Phone4 Press 660529# or 292#. Phone3 call Phone1 Press 888833#. Phone4 call Phone2 Press 660533#.
Note 3.2.3 Intercommunication with different SIP Proxy Servers Connect telephones into 3300V's Port1 & Port3 and 2900V's Port1 & Port2 respectively. Each phone registers to the SIP Server. The settings and scenario are the same as the above example. But they must be set up in conjunction with the Speed Dial. 3.2.3.1 Vigor 3300V Configuration Example Step 1 Enter the VoIP - Speed Dial page and add the 4th and 5th group of Speed Dial number.
Start to dial by using telephone Phone1 call Phone4 Press 2912#. Phone2 call Phone3 Press 2911#. Phone3 call Phone1 Press 3312#. Phone4 call Phone2 Press 3311#. Note # indicates termination of the phone number. After pressing #, VoIP is immediately called out. Or you may wait 3 seconds if you do not press #. !! ! + Based on the VoIP Example 1 ( Basic Configuration and Registration ), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.
Figure 3-23. A scenario architecture graph Table 3-5. Configuration table WAN IP 3300V Headquarters 2900V Branch Offices 220.135.240.207 61.31.167.135 PPPoE, fixed IP PPPoE, dynamic IP 2200V Teleworker 219.81.160.206 61.230.207.146 PPPoE, fixed IP PPPoE, dynamic IP LAN IP 192.168.33.1 192.168.29.1 192.168.22.1 Internal network 192.168.33.X 192.168.29.X 192.168.22.X Encryption method DES-SHA1 3300 Preshared Key 1234 1234 WAN IP Port Number Phone Number Proxy Codec 3300V 220.
3.3.1 Vigor 3300V Configuration Example Step 1 Note In Vigor 3300V firmware v2.5.5 you can only choose WAN or LAN/VPN. And the call can be received or dialed just in one direction (WAN or LAN/VPN).
Step 3 3.3.
Note Step 2 Note Do not set up the Display Name when calling through the VPN with 2900V firmware v2.5.6. Otherwise you can't get ring back and communicate with remote user after getting through. 3.3.
Step 2 Setup Port 1. This page falls into two sections, SIP: Set up the SIP Server used for registration. Ports: Set up the account details. After configuration please click OK to save the settings. Figure 3-32. Port1 setting Note Do not set up the Proxy and Stun Server when calling through VPN. While in 2200V firmware v2.5.5.4, the Proxy will be active if Use Registrar is enabled. So make sure not click Use Registrar.
Figure 3-33. Add index1 and index2 speed dial phone number After configuration, please confirm that the VPNs are established and they can communicate with each other. (Please refer to VPN - IPSec - LAN to LAN Usage Example 2). Start to dial by using telephones Phone1 call Phone2 Press 2901# or 888829*192*168*29*1#. Phone1 call Phone3 Press 2201# or 888822*192*168*22*1#. Phone2 call Phone1 Press 3301#. Phone2 call Phone3 Press 2201# or #192*168*22*1#. Phone3 call Phone1 Press 3301#.
Connect the telephones (Please refer to VoIP Example 1). Two VoIP equipments call with each other. Connect PBX's Outside Lines. The usage is the same as that of PSTN line. Different PBX has its own settings and required configuration by you. Figure 3-34.
Table 3-7. Configuration table between Vigor 3300V and Vigor 2900V WAN IP Port Number Phone Number Proxy Codec 3300V 220.135.240.207 Port1(FXS) 888833 iptel G.729A 2900V 61.31.167.135 Port1(FXS) 888829 iptel G.729A Suppose there are two PSTN lines connected to PBX's Outside Lines. The third Outside Line is connected to 3300V's FXS Port1. The Inside Line is connected to a telephone with the extension 101.
Figure 3-35. Speed dial phone number settings Figure 3-36. Edit of index1 !, , ( 12 Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce the practical application of FXO. Generally the practical application of FXO falls into the following two sections, Connect to PSTN line By connecting 3300V's FXO Port5 to a PSTN line VoIP is seamlessly integrated to PSTN line, allow you to call not only the remote VoIP user, but also the remote PSTN user.
Table 3-9. Configuration table between 3300V and 2900V WAN IP 3300V 220.135.240.207 2900V 61.31.167.135 Port Number Phone Number Proxy Codec Port1(FXS) 888833 iptel G.729A Port5(FXO) 888835 iptel G.729A Port1(FXS) 888829 iptel G.729A The number of the PSTN line connected into the FXO Port5 on the 3300V is 12345678. The number of another PSTN line is 87654321.
Figure 3-38. A scenario architecture graph Table 3-10. Configuration table between Vigor 3300V and Vigor 2900V WAN IP 3300V 220.135.240.207 2900V 61.31.167.135 Port Number Phone Number Proxy Codec Port1(FXS) 888833 iptel G.729A Port5(FXO) 888835 iptel G.729A Port1(FXS) 888829 iptel G.729A Suppose the number of PBX's Outside Line is 12345678. One Inside Line is connected to a telephone with the extension 101.
Press 888835#. After getting through you will hear the Dial tone, then press the extension 101. Phone2 calls Phone4 Press 888835#. After getting through you will hear the Dial tone. Press outside line 0, then press 87654321. Phone3 calls Phone1 Press 888835#. After getting through you will hear the Dial tone, then press the extension 101. Phone3 call Phone4 Press 888835#. After getting through you will hear the Dial tone. Press outside line 0, then press 87654321. Phone4 calls Phone2 Press 12345678.
know Vigor 2600V's WAN IP, which results in that SIP Server can't find Vigor 3300V. But if Vigor 3300V uses STUN, it can discover Vigor 2600V's WAN IP and will use this IP as SIP content to identify its location. When SIP Server contacts with Vigor 3300V, the packets are firstly sent to Vigor 2600V, and then forwarded by Vigor 2600V to Vigor 3300V. Figure 3-39. A scenario architecture graph Table 3-12. Configuration table between Vigor 3300V and Vigor 2600V WAN IP 3300V 192.168.26.33 2600V 220.135.240.
Figure 3-40. NAT setup of Vigor 2600V Step 2 click Open Ports Setup. Figure 3-41. Open ports settings of Vigor 2600V Step 3 Click Index1. Figure 3-42.
Step 4 Forward the packets sent to UDP 5060, 13456~13470 and 49170~49184 to Vigor 3300V's WAN IP 192.168.26.33. Press OK to save the settings. Figure 3-43. Settings of Index1 Step 5 After configuration it will automatically jump to Open Ports Setup page. Confirm the settings to be correct. The setup is completed. Figure 3-44. Index1 configuration 3.6.2 Vigor 3300V Configuration Example Step 1 Enter the VoIP - NAT Traversal page and enable the STUN function. Then click Apply to save the setting.
Figure 3-35. NAT Traversal of Vigor 3300V Step 2 Enter VoIP - Status page, wait one or two minutes (The time depends on SIP Server's response speed and the network condition). When you see the Register Status is OK, the registration is successful. Figure 3-36. Status of Vigor 3300V Note Iptel SIP Server itself supports STUN function, so 3300V can register without STUN enabled. At present the above configuration has a precondition that Vigor 2600's VoIP isn't active.
The Open Ports setup in Vigor 2600V also must be changed to 5061. Figure 3-38. Open port setup !5( 6( 3.7.1 Introduce In this chapter, we offer the application shows that it is convenient and cost saving to implement the free IP-PBX using Asterisk and Vigor 3300V when users want to use the Soft Phone or IP Phone instead of traditional telephone in the company. Figure 3-40. The scenario In the figure using FXO port of Vigor 3300V to connect to PSTN.
Another application is workable that putting the Asterisk to the Internet for branch office communication. 3.7.1.1 Configuration IP Address List: Asterisk – 172.16.2.234 Vigor 3300V – 172.16.2.237 SoftPhone 2001 – 172.16.2.201 SoftPhone 2002 – 172.16.2.202 SoftPhone 2003 – 172.16.2.203 SoftPhone 2004 – 172.16.2.204 Vigor 2900V (VPN) – 172.16.2.205 3.7.1.2 Installing Asterisk 1. Download Asterisk from the Asterisk website page http://www.asterisk.org/. 2.
allow = alaw allow=g729 allow=g726 Modify the language value for all users. language=en ; Default language setting for all users/peers Modify the rtptimeout value for RTP activity. rtptimeout=60 ; Terminate call if 60 seconds of no RTP activity Modify the dtmfmode value. dtmfmode = rfc2833; Set default dtmfmode for sending DTMF.
allow=ulaw allow=g729 allow=g723.1 [1002] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.237 username=1002 secret=0000 dtmfmode=info ; Choices are inband, rfc2833, or info call-limit=1 mailbox=1000 ; Mailbox for message waiting indicator context=sip callerid="1002" <1002> disallow=all allow=ulaw allow=g729 allow=g723.1 [1003] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.
callerid="1003" <1003> disallow=all allow=ulaw allow=g729 allow=g723.1 [1004] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.237 username=1004 secret=0000 dtmfmode=info ; Choices are inband, rfc2833, or info call-limit=1 mailbox=1000 ; Mailbox for message waiting indicator context=sip callerid="1004" <1004> disallow=all allow=ulaw allow=g729 allow=g723.1 [2001] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.
context=sip callerid="2001" <2001> disallow=all allow=ulaw allow=g729 allow=g723.1 [2002] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.202 username=2002 secret=2002 dtmfmode=info ; Choices are inband, rfc2833, or info call-limit=1 mailbox=1000 ; Mailbox for message waiting indicator context=sip callerid="2002" <2002> disallow=all allow=ulaw allow=g729 allow=g723.1 [2003] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.
mailbox=1000 ; Mailbox for message waiting indicator context=sip callerid="2003" <2003> disallow=all allow=ulaw allow=g729 allow=g723.1 [2004] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.16.2.204 username=2004 secret=2004 dtmfmode=info ; Choices are inband, rfc2833, or info call-limit=1 mailbox=1000 ; Mailbox for message waiting indicator context=sip callerid="2004" <2004> disallow=all allow=ulaw allow=g729 allow=g723.1 [3001] type=friend nat=no canreinvite=yes host=dynamic defaultip=172.
call-limit=1 mailbox=1000 ; Mailbox for message waiting indicator context=sip callerid="3001" <3001> disallow=all allow=ulaw allow=g729 allow=g723.1 [fxo1] type=friend secret=1234 context=sip disallow=all allow=ulaw allow=g729 allow=g723.1 dtmfmode=info canreinvite=no host=dynamic defaultip=172.16.2.237 [fxo2] type=friend secret=1234 context=sip disallow=all allow=ulaw allow=g729 allow=g723.1 dtmfmode=info canreinvite=no host=dynamic defaultip=172.16.2.
[fxo3] type=friend secret=1234 context=sip disallow=all allow=ulaw allow=g729 allow=g723.1 dtmfmode=info canreinvite=no host=dynamic defaultip=172.16.2.237 [fxo4] type=friend secret=1234 context=sip disallow=all allow=ulaw allow=g729 allow=g723.1 dtmfmode=info canreinvite=no host=dynamic defaultip=172.16.2.237 mgcp.conf Modify the mgcp.conf, the file is usually placed on the location /etc/asterisk. [general] Setting in mgcp.conf Modify the Call Agent port value to 2727 for Vigor 3300V.
Add Endpoint for MGCP Modify the port value to 2727 for Call Agent. [172.16.2.237] host = 172.16.2.237 context = mgcp line => aaln/1 line => aaln/2 line => aaln/3 line => aaln/4 line => aaln/5 line => aaln/6 line => aaln/7 line => aaln/8 [172.16.2.201] host = 172.16.2.201 context = mgcp line => aaln/1 [172.16.2.202] host = 172.16.2.202 context = mgcp line => aaln/1 [172.16.2.203] host = 172.16.2.203 context = mgcp line => aaln/1 [172.16.2.204] host = 172.16.2.
[172.16.2.205] host = 172.16.2.205 context = mgcp line => aaln/1 extensions.conf Add extensions for SIP.
exten => 2004,1,Dial(MGCP/aaln/1@172.16.2.204) exten => 3001,1,Dial(MGCP/aaln/1@172.16.2.205) 3.7.3 Configuring Vigor 3300V 3.7.3.1 SIP Configuration 1. SIP Proxy Figure 3-41. SIP configuration 2. Port Setting Configure each port in Vigor 3300V. For example, the setting for port 1 shows as below. Input the correct data to Username, Password, Display Name, Authentication ID and Proxy Server. The VoIP IP Address should be selected to LAN1/VPN in the scenario, because the Asterisk server is placed on LAN.
Figure 3-43. DTMF mode Figure 3-44. Port setting configuration 3.7.3.2 MGCP Configuration 1. Configure VoIP IP Address to LAN1/VPN for each port in the scenario, because the Asterisk server is placed on LAN. Figure 3-45.
2. Configuring the Call Agent IP address. Figure 3-46.
Chapter 4. Load Balance Policy This chapter is divided into the following sections, Section 4.1: Introduction Section 4.2: Examples and Web Configurations $ This feature allows specific outgoing traffic (defined by IP, port or protocol) to be always sent to through fixed WAN interface which is available. $ Figure 4-1. Load balance policy of network (1) After clicking the appropriate index number, you can edit or delete the corresponding entry.
Port Range will be gray marked. It is because these protocols have been pre-defined as follows. Please refer to Table 4-1. Table 4-1. Selected protocol Protocol Port FTP TCP 21 TFTP UDP 69 HTTP TCP 80 SMTP TCP 25 POP3 TCP 110 Load Balance Policy will compare the packets by the rules from the first item. When one entry coincides with another entry, the one which has the smallest index number takes precedence over all other identical entries.
Figure 4-6. Second page Load Balance Policy – Configuration Example Suppose the subnets of the company are listed in the Table 4-2 below (Please refer to Multiple WAN for detailed configuration). MIS has the following requests. Web sites (HTTP Protocol) or Servers are applied to WAN1, Directors or MIS are applied to WAN2, other departments or DHCP clients are applied to WAN3. FTP sites (FTP Protocol) are applied to WAN3. The Mail Server is always applied to WAN1. Table 4-2.
Policy 1 For computers (Server) with IP range from 192.168.33.1 to 192.168.33.15, with HTTP protocol traffics are applied to WAN1 interface. Policy 2 For computers (Directors) with IP range from 192.168.33.16 to 192.168.33.31, with HTTP protocol traffics are applied to WAN2 interface. Policy 3 For computers (MIS) with IP range from 192.168.33.32 to 192.168.33.63, with HTTP protocol traffics are applied to WAN2 interface. Policy 4 For other computers with IP range from 192.168.33.0 to 192.168.33.
Chapter 5. 802.1Q VLAN , '( 2+ + 4 Virtual LANs (VLANs) are logical, independent workgroups within a network. These workgroups communicate as if they had a physical connection to the network. However, VLANs are not limited by the hardware constraints that physically connect traditional LAN segments to a network. As a result, VLANs allow the network manager to segment the network with a logical, hierarchical structure. VLANs can define a network by application or department.
, '( " 6 A more efficient approach to combine multiple VLAN in a port to allow connect more switches spreading the network. A VLAN trunk consolidates the traffic of multiple VLANs across a single physical port, as shown in Figure 5-2. Figure 5-2. VLAN trunk ,! • #- 7 '( 8 Security VLANs is a communication control. Once a user is assigned to a VLAN, the user only can communicate with the same VLAN group members.
TCP/IP network protocols and most other protocols broadcast frames periodically to advertise or discover network resources. This can have a significant impact on the network performance with a large number of end users. VLANs can prevent traffic from flooding the entire network. Nowadays, many virus attacks influence the network traffic. Using VLANs to avoid extending the virus. , $ '( '( The Vigor 3300 allow users to setup the LAN to LAN communication.
,,0 The management port can help user to always communicate with router even though configuring the wrong setting in the 802.1Q VLAN. The management port is fixed on the P4 of LAN. We recommend that users enable the management port, unless users want to use the fourth VLAN and ensure the setting is correct. Figure 5-5.
Configuration: 1. Block LAN-to-LAN communication. 2. Create VLAN5, VLAN6, VLAN7 and VLAN8 Groups. 3. In the VLAN5, input “5” to VLAN ID. In the Member field, choose p1. Then choose the “Untagged” for Frame Tag Operation in p1. We should configure the PVID to “5”, because the device does not support 802.1Q VLAN. 4. In the VLAN6, input “6” to VLAN ID. In the Member field, choose p2. Then choose the “Untagged” for Frame Tag Operation in p2.
Figure 5-8. LAN IP configuration 9. In the Network setting, input the subnet 192.168.2.0 to LAN2. For example, the VLAN6 LAN IP is 192.168.2.1 and Subnet Mask is 255.255.255.0. Then, users in the Engineer Department can set IP address from 192.168.2.2 to 192.168.2.254. Figure 5-9. LAN2 IP configuration 10. In the Network setting, input the subnet 192.168.3.0 to LAN3. For example, the VLAN7 LAN IP is 192.168.3.1 and Subnet Mask is 255.255.255.0.
Figure 5-10. LAN3 IP configuration 11. In the Network setting, input the subnet 192.168.4.0 to LAN4. For example, the VLAN8 LAN IP is 192.168.4.1 and Subnet Mask is 255.255.255.0. Then, users in the Engineer Department can set IP address from 192.168.4.2 to 192.168.4.254. Figure 5-11. LAN4 IP configuration Application 2: A company wants to separate the Engineer Department and Other Departments to limit their communication to ensure the engineering data.
Figure 5-12. Application 2 Configuration: 1. Block LAN-to-LAN communication. 2. Create VLAN5 and VLAN6 Groups. 3. In the VLAN5, input “5” to VLAN ID. In the Member field, choose p1 and p2. Then choose the “Tagged” for Frame Tag Operation in p1 and p2. We can ignore the PVID (Port VLAN ID), because 802.1q tag will be inserted to the frame from the PC of Engineer Department. 4. In the VLAN6, input “6” to VLAN ID. In the Member field, choose p3 and p4.
Figure 5-13. LAN VLAN configuration 6. In the Network setting, input the subnet 192.168.1.0 to LAN. For example, the VLAN5 LAN IP is 192.168.1.1 and Subnet Mask is 255.255.255.0. Then, users in the Engineer Department can set IP address from 192.168.1.2 to 192.168.1.254. Figure 5-14. LAN IP configuration 7. In the Network setting, input the subnet 192.168.2.0 to LAN2. For example, the VLAN6 LAN IP is 192.168.2.1 and Subnet Mask is 255.255.255.0.
Application 3: There are four companies in the same building. They share the broadband network and use the Vigor 3300V router to achieve the load balance, security, and VoIP features. So, we defined four VLANs that are VLAN5, VLAN6, VLAN7 and VLAN8, the subnet of VLAN5 is 192.168.1.0, the subnet of VLAN6 is 192.168.2.0, the subnet of VLAN7 is 192.168.3.0, and the subnet of VLAN8 is 192.168.4.0. Figure 5-16. Application 3 Configuration: 1. Block LAN-to-LAN communication. 2.
(Port VLAN ID), because 802.1q tag will be inserted to the frame from company D. 7. After applying the settings, the web page will be redirect to “reboot” web page. User can ignore it and continue to configure the Network setting. After Network setting, then you can do the reboot procedure. Note After rebooting, the tagged ports will only communicate with 802.1Q tagged devices. Figure 5-17. LAN VLAN setting The network configuration is the same with application 1. Please refer to application 1 part.
Configuration: 1. Block LAN-to-LAN communication. 2. Create VLAN5, VLAN6, VLAN7 and VLAN8 Groups. 3. In the VLAN5, input “5” to VLAN ID. In the Member field, choose p1. Then choose the “Tagged” for Frame Tag Operation in p1. We can ignore the PVID (Port VLAN ID), because 802.1q tag will be inserted to the frame from the PC of Engineer Department. 4. In the VLAN6, input “6” to VLAN ID. In the Member field, choose p2. Then choose the “Tagged” for Frame Tag Operation in p2.
VLAN to expand the network. So, we defined four VLANs that are VLAN5, VLAN6, VLAN7 and VLAN8, each LAN port is Trunk port which supports multiple VLAN, the subnet of VLAN5 is 192.168.1.0, the subnet of VLAN6 is 192.168.2.0, the subnet of VLAN7 is 192.168.3.0, and the subnet of VLAN8 is 192.168.4.0. Figure 5-20. Application 5 Configuration: 1. Block LAN-to-LAN communication. 2. Create VLAN5, VLAN6, VLAN7 and VLAN8 Groups. 3. In the VLAN5, input “5” to VLAN ID. In the Member field, choose p1, p2, p3 and p4.
Note After rebooting, the tagged ports will only communicate with 802.1Q tagged devices. Figure 5-21. LAN VLAN setting The network configuration is the same with application 1. Please refer to application 1 part.
