i Vigor2710 Series User’s Guide
Vigor2710 Series User’s Guide ii
Vigor2710 Series ADSL2/2+ Firewall Router User’s Guide Version: 3.0 Firmware Version: V3.6.
Copyright Information Copyright Declarations Copyright 2012 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: z Microsoft is a registered trademark of Microsoft Corp.
European Community Declarations Manufacturer: Address: Product: DrayTek Corp. No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Vigor2710 Series Router DrayTek Corp. declares that Vigor2710 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC.
Vigor2710 Series User’s Guide vi
Table of Contents Introduction ..................................................................................................1 1.1 Web Configuration Buttons Explanation ................................................................................. 1 1.2 LED Indicators and Connectors .............................................................................................. 2 1.2.1 For Vigor2710 .......................................................................................................
3.7.1 Calling via SIP Sever ...................................................................................................... 65 3.7.2 Peer-to-Peer Calling ....................................................................................................... 67 3.8 Request a certificate from a CA server on Windows CA Server ........................................... 69 3.9 Request a CA Certificate and Set as Trusted on Windows CA Server ................................. 73 3.
4.7.2 Bandwidth Limit ............................................................................................................ 180 4.7.3 Quality of Service.......................................................................................................... 182 4.7.4 APP QoS ...................................................................................................................... 191 4.8 Applications ........................................................................................
4.14.9 Management............................................................................................................... 292 4.14.10 Reboot System ......................................................................................................... 294 4.14.11 Firmware Upgrade .................................................................................................... 295 4.14.12 Activation ..................................................................................................
Introduction Vigor2710 series is an ADSL router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 2 VPN tunnels. The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set firewall policy with ease.
1.2 LED Indicators and Connectors Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. 1.2.1 For Vigor2710 LED Status Explanation ACT (Activity) Blinking The router is powered on and running normally. The router is powered off. The profile(s) of CSM (Content Security Management) for IM/P2P, URL/Web Content Filter application can be enabled from Firewall >>General Setup. (Such profile must be established under CSM menu).
Interface Description Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecter for a power adapter. Power Switch.
1.2.2 For Vigor2710n LED Status Explanation ACT (Activity) Blinking The router is powered on and running normally. The router is powered off. Wireless access point is ready. It will blink while wireless traffic goes through. The router is ready to access Internet through DSL link. Slowly: The modem is ready. Quickly: The connection is training. The port is connected. The port is disconnected. The data is transmitting. A USB device is connected and active. The data is transmitting.
Interface Description Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecter for a power adapter. Power Switch.
1.2.3 For Vigor2710Vn LED Status Explanation ACT (Activity) Blinking The router is powered on and running normally. The router is powered off. Wireless access point is ready. It will blink while wireless traffic goes through. The router is ready to access Internet through DSL link. Slowly: The modem is ready. Quickly: The connection is training. The port is connected. The port is disconnected. The data is transmitting. A USB device is connected and active. The data is transmitting.
Interface Description Line Phone2/Phone1 Factory Reset Connector of analog phone for PSTN life line. Connecter of analog phone for VoIP communication. Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecter for a power adapter. Power Switch.
1.2.4 For Vigor2710VDn LED ACT (Activity) Status Blinking WLAN Off On Blinking DSL On Blinking LAN 1/2/3/4 USB DECT Phone On Off Blinking On Blinking On Off Blinking On Off Line WPS DECT Pairing/Pag ing / WPS Button Blinking On Off On Off Blinking On Off Blinking Vigor2710 Series User’s Guide 8 Explanation The router is powered on and running normally. The router is powered off. Wireless access point is ready. It will blink while wireless traffic goes through.
Interface Description WLAN Press the button once to enable (WLAN LED on) or disable (WLAN LED off) wireless connection. DSL LAN (1-4) USB Connector for accessing the Internet through ADSL2/2+. Connectors for local networked devices. Connector for USB storage (Pen Driver/Mobile HD) or printer. Interface Description Line Phone Factory Reset Connector for PSTN life line. Connector of analog phone for VoIP communication. Restore the default settings. Usage: Turn on the router (ACT LED is blinking).
1.3 Hardware Installation Before starting to configure the router, you have to connect your devices correctly. 1. Connect the ADSL interface to the external ADSL splitter with an ADSL line cable for all models. For Vigor2710Vn/VDn, also connect Line interface to external ADSL splitter. 2. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of the router and the other end of the cable (RJ-45) into the Ethernet port on your computer. 3.
Caution: 1. Each of the Phone ports can be connected to an analog phone only. Do not connect the phone ports to the land line jack. Such connection might damage your router. 2. When the power is shutdown, VoIP phone will be disconnected. However, a phone set connected to Phone 2 port can be used as the traditional telephone for the line will be guided to land line jack via the router (loop through). 1.4 Printer Installation You can install a printer onto the router for sharing printing.
4. Click Local printer attached to this computer and click Next. 5. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next.
6. In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. 7. Click Standard and choose Generic Network Card. 8. Then, in the following dialog, click Finish.
9. Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. 10. For the final stage, you need to go back to Control Panel-> Printers and edit the property of the new printer you have added. 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name.
The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router. Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support >FAQ/Application Notes; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.
This page is left blank.
Initial Configuration For using the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for accessing into the web configurator of Vigor router and how to adjust settings for accessing Internet successfully.. 2.1 Accessing the Web User Interface 1. Make sure your PC connects to the router correctly.
4. Now, the Main Screen will appear. Note: The home page will be different slightly in accordance with the type of the router you have. 5. The web page can be logged out according to the chosen condition. The default setting is Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity.
2.2 Changing Password Please change the password for the original security of the router. 1. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. 2. Please type “admin/admin” as the Username/Password and click Login. 3. Go to System Maintenance page and choose Administrator Password/User Password. 4. Enter the login password (the default is admin) on the field of Old Password.
2.3 Quick Start Wizard Notice: Quick Start Wizard for user operation is the same as for administrator’s operation. If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. 2.3.
should be routed. The ATM, is a method of sending data in small packets of fixed sizes. It is used for transferring data to client computers. VCI Stands for Virtual Channel Identifier. It is a 16-bit field inside ATM cell’s header that indicates the cell’s next destination as it travels through the network. A virtual channel is a logical connection between two end devices on the network. Protocol/Encapsulation Select an IP mode for this WAN interface.
2.3.2 PPPoE/PPPoA PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem. All the users over the Ethernet can share a common connection. PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet.
Confirm Password Retype the password. Back Click it to return to previous setting page. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. 3. Type in all the information that your ISP provides for this protocol. 4. Click Next for viewing summary of such connection. 5. Click Finish. Then, the system status of this protocol will be shown. 6. Now, you can enjoy surfing on the Internet. 2.3.3 1483 Bridged IP 1.
2. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. 3. Click Finish. Then, the system status of this protocol will be shown. 4. Now, you can enjoy surfing on the Internet.
2.3.4 1483 Routed IP 1. If your ISP provides you the 1483 Routed IP connection, click 1483 Routed IP as the protocol. 2. Type in all the information that your ISP provides for this protocol. Click Next to see the following page. 3. Click Finish. Then, the system status of this protocol will be shown. 4. Now, you can enjoy surfing on the Internet.
2.4 Service Activation Wizard Service Activation Wizard can guide you to activate WCF service (Web Content Filter) with a quick and easy way. For the Service Activation Wizard is only available for admin operation, therefore, please type “admin/admin” on Username/Password while Logging into the web configurator. Note: Web Content Filter (WCF) is not a built-in service of Vigor router, but a service powered by Commtouch.
3. In the following page, you can activate the Web content filter service at the same time or individually. When you finish the selection, please click Next. Commtouch is the web content filter based on Commtouch operated in the worldwide. There is a 30-day trial period. After trial, you can purchase DrayTek's prepared Commtouch GlobalView WCF package from DrayTek dealer. 4. Setting confirmation page will be displayed as follows, please click Next. 5. Wait for a moment till the following page appears.
6. Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup. Now, the web page will display the service that you have activated according to your selection(s). The valid time for the free trial of these services is one month. Later, if you need to extend the license valid time, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next.
Check the box of “I have read and accept the above..” and click Next. Follow the on-screen instruction to install the formal edition of WCF license. 2.5 VoIP Wizard Vigor router offers a quick method to configure settings for VoIP application. Follow the steps listed below. 1. Open VoIP Wizard. 2. The screen of VoIP Wizard will be shown as follows.
3. After finished the settings above, click Next for viewing summary of such connection. 4. Click Finish. A page of VoIP Wizard Setup OK!!! will appear. 2.6 Online Status 2.6.1 Physical Connection Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on. If you select PPPoE as the protocol, you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page.
Item Description LAN Status Primary DNS-Display the primary DNS server address for WAN interface. Secondary DNS -Display the secondary DNS server address for WAN interface. IP Address-Display the IP address of the LAN interface. TX Packets-Display the total transmitted packets at the LAN interface. RX Packets-Display the total received packets at the LAN interface. WAN Status Enable – Yes in red means such interface is available but not connected. Yes in green means such interface is connected.
Note: The words in green mean that the WAN connection of that interface (WAN1) is ready for accessing Internet; the words in red mean that the WAN connection of that interface (WAN1) is not ready for accessing Internet. 2.6.2 Virtual WAN Such page displays the virtual WAN connection information. Virtual WAN are used by TR-069 management, VoIP service and so on. The Application field will list the purpose of such WAN connection.
2.7 Saving Configuration Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button.. 2.8 Registering Vigor Router You have finished the configuration of Quick Start Wizard and you can surf the Internet at any time.
3 A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. If not, please refer to section 4.13 Creating an Account for MyVigor. 4 The following page will be displayed after you logging in MyVigor. From this page, please click Add or Product Registration.
5 When the following page appears, please type in Nickname (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. 6 When the following page appears, your router information has been added to the database. 7 Now, you have finished the product registration. 8 After clicking OK, you will see the following page.
This page is left blank.
Application and Example 3.1 How to configure settings for IPv6 Service Due to the shortage of IPv4 address, more and more countries use IPv6 to solve the problem. However, to continually use the original rich resources of IPv4, both IPv6 and IPv4 networks shall communicate for each other via intercommunication mechanism to complete the shifting job from IPv4 to IPv6 gradually.
2. In the following figure, use the drop down list to choose a proper connection type. Different connection types will bring out different configuration page. Refer to the following: z PPP – Dual Stack application, IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4.
Access into the setting page for IPv6 service, it is not necessary for you to configure anything. Click OK and open Online Status. If the connection is successful, you will get the IP address for IPv4 and IPv6 at the same time.
z TSPC – Tunnel application, both IPv6 hosts communicate through IPv4 network Choose TSPC and type the information for TSPC service. Note: While using such mode, you have to make sure the IPv4 network connection is normal. (In the following figure, the TSPC information is obtained from http://gogo6.com/ after applied for the service.) Click OK and open Online Status.
z AICCU – Tunnel application Choose AICCU and type the information for AICCU of IPv6. Note: While using such mode, you have to make sure the IPv4 network connection is normal. (In the following figure, the AICCU information is obtained from https://www.sixxs.net/main/ after applied for the service.) Click OK and open Online Status.
z DHCPv6 Client Choose DHCPv6 Client. Click one of the identity associations and type the IAID number. Click OK and open Online Status.
z Static IPv6 Choose Static IPv6. Type IPv6 address, Prefix Length and Gateway Address. Click OK and open Online Status.
II. Configuring the LAN Settings After finished the WAN settings for IPv6, please configure the LAN settings to make the router’s client getting the IPv6 address. 1. Access into the web configurator of Vigor2710. Open LAN>> General Setup. Click the IPv6 button. Note: Only the subnet of LAN1 supports IPv6 feature. 2. In the field of RADVD Configuration, the default setting is Enable.
III. Confirming IPv6 Service Run Successfully 1. Make sure you have obtained the correct IPv6 IP address. Get into MS-DOS interface and type the command of “ipconfig”. Refer to the following figure. From the above figure we can see IPv6 IP address has been detected by the system. 2. Use the Ping command to ping any IPv6 address indicating an IPv6 website. For example, www.kame.net is a website supporting IPv4 IP and IPv6 IP services.
3. Connect to the website for IPv6. Open a web browser and type an URL of IPv6, e.g., www.kame.net. If your computer accesses into the website by using IPv6 address, you may see a turtle dancing on the screen. If not, only a steady turtle will be seen. If you can see a turtle dancing on the screen, that means IPv6 service is ready for you to access and utilize.
3.2 How Can I Use FTP to Get the Files from USB Storage Device Connecting to Vigor Router? There are three methods to get files from USB devices connecting to router. z File Explorer – Under Administration operation, the administer can control the files on USB storage device through USB Application>>File Explorer. z FTP – Use common FTP utility. z Samba – Invoke Samba service and use \\192.168.1.1 to access into the USB storage device.
4. Click OK to save the configuration. 5. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login. 6. When the following screen appears, it means the FTP service is running properly.
7. Return to USB Application >> USB Disk Status. The information for FTP server will be shown as below. Now, users in LAN of Vigor2710 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management.
3.3 How to Customize Your Login Page Login page can be customized to fit the request of the administrator. 1. Open System Maintenance>>Login Page Greeting. Check the box, Enable to enable this function. Type a brief description (e.g., Just for Carrie) in the field of Login Page Title which will be shown on the heading of the login dialog. Type any message or description in the field of Welcome Message and Bulletin which will be shown on the bottom of the login dialog. Next, click OK. 2.
3.4 Create a LAN-to-LAN Connection Between Remote Office and Headquarter The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address. Settings in Router A in headquarter: 1.
3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. 5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection.
Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: 1. Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. 2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup.
3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. 5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection.
3.5 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host. Settings in VPN Router in the enterprise office: 1.
3. Go to Remote Dial-In User. Click on one index number to edit a profile. 4. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
Settings in the remote host: 1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel to Vigor router. For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed. 2. After successful installation, for the first time user, you should click on the Step 0. Configure button.
You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method. The User Name and Password should be consistent with the one set up in the VPN router.
4. Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner.
3.6 LAN – Created by Using NAT An example of default setting and the corresponding deployment are shown below. The default Vigor router private IP address/Subnet Mask is 192.168.1.1/255.255.255.0. The built-in DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.
You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.
3.7 Calling Scenario for VoIP function 3.7.1 Calling via SIP Sever Example 1: Both John and David have SIP Addresses from different service providers. John’s SIP URL: 1234@draytel.org, David’s SIP URL: 4321@iptel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@iptel.org SIP Accounts Settings --Profile Name: draytel1 Register via: Auto SIP Port: 5060 (default) Domain/Realm: draytel.org Proxy: draytel.
CODEC/RTP/DTMF --(Use default value) David calls John He picks up the phone and dials 2222# (DialPlan Phone Number for John) Example 2: Both John and David have SIP Addresses from the same service provider. John’s SIP URL: 1234@draytel.org , David’s SIP URL: 4321@draytel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@draytel.org SIP Accounts Settings --Profile Name: draytel 1 Register via: Auto SIP Port: 5060 (default) Domain/Realm: draytel.org Proxy: draytel.
Settings for David DialPlan index 1 Phone Number:2222 Display Name: John SIP URL:1234@draytel.org SIP Accounts Settings --Profile Name: John Register via: Auto SIP Port: 5060(default) Domain/Realm: draytel.org Proxy: iptel.
He picks up the phone and dials 1111#. (DialPlan Phone Number for Arnor) Settings for Paulin DialPlan index 1 Phone Number:2222 Display Name: Arnor SIP URL: 1234@214.61.172.
3.8 Request a certificate from a CA server on Windows CA Server 1. Go to Certificate Management and choose Local Certificate.
2. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. 3. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. 4. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate.
Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. 5.
and you will find the below window showing “------BEGINE CERTIFICATE------.....” 6. You may review the detail information of the certificate by clicking View button.
3.9 Request a CA Certificate and Set as Trusted on Windows CA Server 1. Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list.
2. In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. 3. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration. 4. You may review the detail information of the certificate by clicking View button.
3.10 Creating an Account for MyVigor The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filtering the web pages for the sake of protecting your system. To access into MyVigor for getting more information, please create an account for MyVigor. 3.10.1 Creating an Account via Vigor Router 1. Click CSM>> Web Content Filter Profile. The following page will appear.
3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept.
5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue.
7. Now you have created an account successfully. Click START. 8. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login.
10. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password. 11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 3.10.2 Creating an Account via MyVigor Web Site 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue.
5. Now you have created an account successfully. Click START. 6. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login.
8. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want.
Advanced Configuration This chapter will guide users to execute advanced (full) configuration through admin mode operation. As for other examples of application, please refer to chapter 5. 1. Open a web browser on your PC and type http://192.168.1.1. The window will ask for typing username and password. 2. Please type “admin/admin” on Username/Password for administration operation. Now, the Main Screen will appear. Be aware that “Admin mode” will be displayed on the bottom left side. 4.
What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN, it interconnects groups of host PCs. Each of them has a private IP address assigned by the built-in DHCP server of the Vigor router. The router itself will also use the default private IP address: 192.168.1.1 to communicate with the local hosts. Meanwhile, Vigor router will communicate with other network devices through a public IP address.
Available settings are explained as follows: Item Description Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. DSL Modem Settings Set up the DSL parameters required by your ISP. These are vital for building DSL connection to your ISP. Multi-PVC channel - The selections displayed here are determined by the page of Internet Access – Multi PVCs.
Protocol - Drop down the list to choose the one provided by ISP. If you have already used Quick Start Wizard to set the protocol, then it is not necessary for you to change any settings in this group. Modulation – Drop down the list to choose a proper modulation for the router. PPPoE Pass-through The router offers PPPoE dial-up connection. Besides, you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router.
router, choose the 3G USB Modem to perform WAN backup via USB device. Then, click the 3G USB Modem Backup link to access into the following page for configuring detailed settings. PPP Client Mode - Click Enable to activate this mode for WAN2. SIM PIN code - Type PIN code of the SIM card that will be used to access Internet. Modem Initial String - Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP.
to execute for WAN detection. Ping IP – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL value is set by telnet command. Default – Click this button to reset to factory setting. ISP Access Setup Enter your allocated username, password and authentication parameters according to the information provided by your ISP. If you want to connect to Internet all the time, you can check Always On.
IP Address From ISP Usually ISP dynamically assigns IP address to you each time you connect to it and request. In some case, your ISP provides service to always assign you the same IP address whenever you request. In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias.
4.1.3 MPoA MPoA is a specification that enables ATM services to be integrated with existing LANs, which use either Ethernet, token-ring or TCP/IP protocols. The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone. To use MPoA as the accessing protocol of the Internet, select MPoA mode. The following web page will appear. Available settings are explained as follows: Item Description MPoA (RFC1483/2684) Click Enable for activating this function.
Encapsulating Type - Drop down the list to choose the type provided by ISP. VPI - Type in the value provided by ISP. VCI - Type in the value provided by ISP. Modulation – Drop down the list to choose a proper modulation for the router. VLAN Enable - Enable the function of VLAN with tag. The router will add specific VLAN number to all packets while sending them out. Please type the tag value and specify the priority for the packets sending by the router. VID– Type the value as the VLAN ID number.
PPP Client Mode - Click Enable to activate this mode for WAN2. SIM PIN code - Type PIN code of the SIM card that will be used to access Internet. Modem Initial String - Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. APN Name – APN (Access Point Name) is provided by your ISP for identifying different access points. Simply click Apply to apply such name. Finally, you have to click OK to save the setting.
TTL value is set by telnet command. Default – Click this button to reset to factory setting. WAN IP Network Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually. Obtain an IP address automatically – Click this button to obtain the IP address automatically. Router Name – Type in the router name provided by ISP. Domain Name – Type in the domain name that you have assigned. Specify an IP address – Click this radio button to specify some data.
4.1.4 IPv6 During the procedure of IPv4 PPPoE connection, we can get the IPv6 Link Local Address between the gateway and Vigor router through IPv6CP. Later, use DHCPv6 or Accept RA to acquire the IPv6 prefix address (such as: 2001:B010:7300:200::/64) offered by the ISP. In addition, PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix. IPv6 – PPP No need to type any other information for PPP mode.
Item Description Username Type the name obtained from the broker. Password Type the password assigned with the user name. Confirm Password Type the password again to make the confirmation. Tunnel Broker Type the address for the tunnel broker IP, FQDN or an optional port number. After finishing all the settings here, please click OK to activate them. IPv6 – AICCU Available settings are explained as follows: Item Description Username Type the name obtained from the broker.
IPv6 – DHCPv6 DHCPv6 client mode would use DHCPv6 protocol to obtain IPv6 address from server. Available settings are explained as follows: Item Description Identify Association Choose Prefix Delegation or Non-temporary Address as the identify association. IAID Type a number as IAID. After finishing all the settings here, please click OK to activate them. IPv6 – Static IPv6 This type allows you to setup static IPv6 address for WAN interface.
configuration Prefix Length – Type the fixed value for prefix length. Add – Click it to add a new entry. Delete – Click it to remove an existed entry. Current IPv6 Address Table Display current interface IPv6 address. After finishing all the settings here, please click OK to activate them.
4.1.5 Multi-PVCs This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. General The system allows you to set up to eight channels which are ready for choosing as the first PVC line that will be used as multi-PVCs. Available settings are explained as follows: Item Description Enable Check this box to enable that channel.
Encapsulation Choose a proper type for this channel. The types will be different according to the protocol setting that you choose. WAN link for Channel 3, 4, 5 WAN link for Channel 3, 4, 5 are provided for router-borne application such as TR-069 and VoIP. The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 3, 4 or 5 to configure your router.
Available settings are explained as follows: Item Description WAN for Router-borne Application Choose the router service for channel 3, 4 or 5. Management - It can be specified for general management (Web configuration/telnet/TR069). If you choose Management, the configuration for this PVC will be effective for Web configuration/telnet/TR069. VoIP - It can be specified for VoIP only. If you choose VoIP, the configuration for this PVC will be effective for VoIP data transmitting and receiving.
Idle Timeout – Set the timeout for breaking down the Internet after passing through the time without any action. This setting is active only when the Always On option is note selected. IP Address from ISP Fixed IP - Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address. Fixed IP Address -Type a fixed IP address. Obtain an IP address automatically Click this button to obtain the IP address automatically. Router Name – Type in the router name provided by ISP.
ATM QoS Such configuration is applied to upstream packets. Such information will be provided by ISP. Please contact with your ISP for detailed information. Available settings are explained as follows: Item Description QoS Type Select a proper QoS type for the channel according to the information that your ISP provides. PCR It represents Peak Cell Rate. The default setting is “0”. SCR It represents Sustainable Cell Rate. The value of SCR must be smaller than PCR.
Port-based Bridge General page lets you set the first PVC. As to set the second PVC line, please click the Port-based Bridge tab to open Bridge configuration page. Available settings are explained as follows: Item Description Enable Check this box to enable that channel. Only channel 3 to 8 can be set in this page, for channel 1 to 2 are reserved for NAT using. P1 to P4 It means the LAN port 1 to 4. Check the box to designate the LAN port for channel 3 to 8.
PVC to PVC Binding/Add Tag This feature can direct certain services (such as Internet, IPTV and so on) from other channels into a single channel. Available settings are explained as follows: Item Description PVC Binding Data transmitted through the selected channel will be redirected and transmitted via the channel configured in the field of PVC Binding. Add Tag To identify the usage of PVC, check this box to invoke this setting. And type the number for VLAN ID (number).
4.2 LAN Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. 4.2.1 Basics of LAN The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
What is Routing Information Protocol (RIP) Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. What is Static Route When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.
4.2.2 General Setup This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. Details Page for Ethernet TCP/IP and DHCP Setup Available settings are explained as follows: Item Description LAN IP Network Configuration For NAT Usage 1st IP Address - Type in private IP address for connecting to a local private network (Default: 192.168.1.1). 1st Subnet Mask - Type in an address code that determines the size of the network. (Default: 255.255.255.
z Start IP Address: Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.135.240.1, the starting IP address must be 220.135.240.2 or greater, but smaller than 220.135.240.254. z IP Pool Counts: Enter the number of IP addresses in the pool. The maximum is 10. For example, if you type 3 and the 2nd IP address of your router is 220.135.240.1, the range of IP address by the DHCP server will be from 220.135.240.2 to 220.
server if you do not have a DHCP server for your network. If you want to use another DHCP server in the network other than the Vigor Router’s, you can let Relay Agent help you to redirect the DHCP request to the specified location. Enable Server - Let the router assign IP address to every host in the LAN. Disable Server – Let you manually assign IP address to every host in the LAN.
left empty, the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache. If the IP address of a domain name is already in the DNS cache, the router will resolve the domain name immediately. Otherwise, the router forwards the DNS query packet to the external DNS server by establishing a WAN (e.g. DSL/Cable) connection.
It provides 2 daemons for LAN side IPv6 address configuration. One is RADVD(stateless) and the other is DHCPv6 Server (Stateful). Available settings are explained as follows: Item Description RADVD Configuration Enable – Click it to enable RADVD server. The router advertisement daemon (radvd) sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message.
4.2.3 Static Route Go to LAN to open setting page and choose Static Route. The router offers IPv4 and IPv6 for you to configure the static route. Both protocols bring different web pages. Static Route for IPv4 Each item is explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Viewing Routing Table Displays the routing table for your reference.
Static Route for IPv6 You can set up to 40 profiles for IPv6 static route. Click the IPv6 tab to open the following page: Each item is explained as follows: Item Description Set to Factory Default Clear all of the settings and return to factory default settings. Viewing IPv6 Routing Table Displays the routing table for your reference. Index The number (1 to 40) under Index allows you to open next page to set up static route. Destination Address Displays the destination address of the static route.
Destination IPv6 Address / Prefix Len Type the IP address with the prefix length for this entry. Gateway IPv6 Address Type the gateway address for this entry. Network Interface Use the drop down list to specify an interface for this static route. Add Static Routes to Private and Public Networks (based on IPv4) Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router.
via the router, and continuously exchange of IP routing information with different subnets. 2. Click the LAN - Static Route and click on the Index Number 1. Check the Enable box. Please add a static route as shown below, which regulates all packets destined to 192.168.10.0 will be forwarded to 192.168.1.2. Click OK. 3. Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.
4.2.4 VLAN Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port. Go to LAN page and select VLAN. The following page will appear. Click Enable to invoke VLAN function. To add or remove a VLAN, please refer to the following example. 1. If, VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4. 2.
4.2.5 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet. Click LAN and click Bind IP to MAC to open the setup page. Available settings are explained as follows: Item Description Enable Click this radio button to invoke this function.
Refresh Refresh the ARP table listed below to obtain the newest ARP table information. IP Bind List It displays a list for the IP bind to MAC information. Add and Edit IP Address – Type the IP address that will be used for the specified MAC address. Mac Address – Type the MAC address that is used to bind with the assigned IP address. Comment – Type a brief description for the entry. Show Comment – Check it to display the content of the comment.
Below shows the menu items for NAT. 4.3.1 Port Redirection Port Redirection is usually set up for server related service inside the local network (LAN), such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP address for each server and this public IP address/domain name are recognized by all users.
Each item is explained as follows: Item Description Index Display the number of the profile. Service Name Display the description of the specific network service. WAN Interface Display the WAN IP address or interface used by the profile. Protocol Display the transport layer protocol (TCP or UDP). Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host. Private IP Display the IP address of the internal host providing the service.
Item Description Enable Check this box to enable such port redirection setting. Mode Two options (Single and Range) are provided here for you to choose. To set a range for the specific service, select Range. In Range mode, if the public port (start port and end port) and the starting IP of private IP had been entered, the system will calculate and display the ending IP of private IP automatically. Service Name Enter the description of the specific network service.
Vigor2710 Series User’s Guide 122
4.3.2 DMZ Host As mentioned above, Port Redirection can redirect incoming TCP/UDP or other traffic on particular ports to the specific private IP address/port of host in the LAN. However, other IP protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN.
Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one. Choose PC Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the screen. Click OK to save the setting.
Choose PC Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting.
4.3.3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.
Each item is explained as follows: Item Description Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. WAN IP Specify the WAN IP address that will be used for this entry. This setting is available when WAN IP Alias is configured. Local Computer Enter the private IP address of the local host or click Choose PC to select one.
4.3.4 Address Mapping Address Mapping is used to map a specified private IP or a range of private IPs of NAT subnet into a specified WAN IP (or WAN IP alias IP). Refer to the following figure. Suppose the WAN settings for a router are configured as follows: WAN1: 202.211.100.10, WAN1 alias: 202.211.100.11 WAN2: 203.98.200.10 Without address mapping feature, when a NAT host with an IP say "192.168.1.
number to edit or clear the corresponding entry. Protocol Display the protocol used for this address mapping. Public IP Display the public IP address selected for this entry, e.g., 172.16.3.102. Private IP Display the private IP set for this address mapping, e.g., 192.168.1.10. Mask Display the subnet mask selected for this address mapping. Status Display the status for the entry, enable or disable. Click the index number link to open the configuration page.
4.4 Firewall 4.4.1 Basics for Firewall While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet. Furthermore, it can filter out specific packets that trigger the router to build an unwanted outgoing connection.
Stateful Packet Inspection (SPI) Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy static packet filtering, which examines a packet based on the information in its header, stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid. The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection.
4.4.2 General Setup General Setup allows you to adjust settings of IP Filter and common options. Here you can enable or disable the Call Filter or Data Filter. Under some circumstance, your filter set can be linked to work in a serial manner. So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, Apply IP filter to VPN incoming packets, and Accept incoming fragmented UDP packets. Click Firewall and click General Setup to open the general setup page.
make any response (pass or block) for these packets, then the router’s firewall will block the packets directly. Default Rule Page Such page allows you to choose filtering profiles including QoS, Load-Balance policy, WCF, APP Enforcement, URL Content Filter for data transmission via Vigor router. Available settings are explained as follows: Item Description Filter Select Pass or Block for the packets that do not match with the filter rules.
Item Description APP Enforcement Select an APP Enforcement profile for global IM/P2P application blocking. If there is no profile for you to selelct, please choose [Create New] from the drop down list in this page to create a new profile. All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here. For detailed information, refer to the section of APP Enforcement profile setup.
Item Description URL and enhance the correctness of URL Content Filter. The default value for this setting is ANSI 1252 Latin I. If you do not choose any codepage, no decoding job of URL will be processed. Please use the drop-down list to choose a codepage. If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Window size – It determines the size of TCP protocol (0~65535).
4.4.3 Filter Setup Click Firewall and click Filter Setup to open the setup page. To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule. Check Active to enable the rule. Available settings are explained as follows: Item Description Filter Rule Click a button numbered (1 ~ 7) to edit the filter rule. Click the button will open Edit Filter Rule web page.
To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Available settings are explained as follows: Item Description Check to enable the Filter Rule Check this box to enable the filter rule. Comments Enter filter set comments/description. Maximum length is 14character long. Index(1-15) Set PCs on LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup.
Source/Destination IP Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Address Type and type them in this dialog. In addition, if you want to use the IP range from defined groups or objects, please choose Group and Objects as the Address Type. From the IP Group drop down list, choose the one that you want to apply.
if you want to use the service type from defined groups or objects, please choose Group and Objects as the Service Type. Protocol - Specify the protocol(s) which this filter rule will apply to. Source/Destination Port – (=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this service type.
MAC Bind IP When the IP Object Profile (with specified MAC Address and IP address for Address Type) is selected for Source IP /Destination IP setting, the system will process the packet according to the following rules: z If the MAC address of the packet meets the specified MAC address listed in IP Object Profile, no matter which IP address that the packet is, it can pass through Vigor router easily.
Log box. It will be sent to Syslog server. Please refer to section Syslog/Mail Alert for more detailed information. SysLog For troubleshooting needs you can specify the filter log and/or CSM log here. Check the corresponding box to enable the log function. Then, the filter log and/or CSM log will be shown on Draytek Syslog window. Advance Setting Click Edit to open the following window. However, it is strongly recommended to use the default settings here.
Session timeout–Setting timeout for sessions can make the best utilization of network resources. However, Queue timeout is configured for TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule. DrayTek Banner – Please uncheck this box and the following screen will not be shown for the unreachable web page. The default setting is Enabled.
Example As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first.
4.4.4 DoS Defense As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Available settings are explained as follows: Item Description Enable Dos Defense Check the box to activate the DoS Defense Functionality. Select All Click this button to select all the items listed below.
Item Description period defined in Timeout. The default setting for threshold and timeout are 150 packets per second and 10 seconds, respectively. That means, when 150 packets per second received, they will be regarded as “attack event” and the session will be paused for 10 seconds. Enable ICMP flood defense Check the box to activate the ICMP flood defense function.
Item Description fraggle attack defense, all broadcast UDP packets coming from the Internet are blocked. Therefore, the RIP packets from the Internet might be dropped. Block TCP flag scan Check the box to activate the Block TCP flag scan function. Any TCP packet with anomaly flag setting is dropped. Those scanning activities include no flag scan, FIN without ACK scan, SYN FINscan, Xmas scan and full Xmas scan. Block Tear Drop Check the box to activate the Block Tear Drop function.
Item Description 147 Vigor2710 Series User’s Guide
4.5 Objects Settings For IPs in a range and service ports in a limited range usually will be applied in configuring router’s settings, therefore we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). 4.5.1 IP Object You can set up to 192 sets of IP Objects with different conditions.
To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose a proper interface. For example, the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address.
Address Type Determine the address type for the IP address. Select Single Address if this object contains one IP address only. Select Range Address if this object contains several IPs within a range. Select Subnet Address if this object contains one subnet for IP address. Select Any Address if this object contains any IP address. Select Mac Address if this object contains Mac address. MAC Address Type the MAC address of the network card which will be controlled.
4.5.2 IP Group This page allows you to bind several IP objects into one IP group. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details.
2. The configuration page will be shown as follows: Available settings are explained as follows: 3. Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose WAN, LAN or Any to display all the available IP objects with the specified interface. Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box. Selected IP Objects Click >> button to add the selected IP objects in this box.
4.5.3 IPv6 Object You can set up to 64 sets of IPv6 Objects with different conditions. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details.
2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Address Type Determine the address type for the IPv6 address. Select Single Address if this object contains one IPv6 address only. Select Range Address if this object contains several IPv6s within a range. Select Subnet Address if this object contains one subnet for IPv6 address.
3. After finishing all the settings here, please click OK to save the configuration. 4.5.4 IPv6 Group This page allows you to bind several IPv6 objects into one IPv6 group. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the group profile.
To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details. 2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Available IPv6 Objects All the available IPv6 objects with the specified interface chosen above will be shown in this box.
4.5.5 Service Type Object You can set up to 96 sets of Service Type Objects with different conditions. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details.
2. Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Name Type a name for this profile. Protocol Specify the protocol(s) which this profile will apply to. Source/Destination Port Source Port and the Destination Port column are available for TCP/UDP protocol. It can be ignored for other protocols. The filter rule will filter out any port number.
4.5.6 Service Type Group This page allows you to bind several service types into one group. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Group column for configuration in details.
2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile. Available Service Type Objects All the available service objects that you have added on Objects Setting>>Service Type Object will be shown in this box. Selected Service Type Objects Click >> button to add the selected IP objects in this box. 3. After finishing all the settings here, please click OK to save the configuration.
4.5.7 Keyword Object You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the object profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g., #1) under Index column for configuration in details.
2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this profile, e.g., game. Contents Type the content for such profile. For example, type gambling as Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. 3. After finishing all the settings here, please click OK to save the configuration.
4.5.8 Keyword Group This page allows you to bind several keyword objects into one group. The keyword groups set here will be chosen as black /white list in CSM >>URL Web Content Filter Profile. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles. Index Display the profile number that you can configure. Name Display the name of the group profile. To set a new profile, please do the steps listed below: 1. Click the number (e.g.
2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Name Type a name for this group. Available Keyword Objects You can gather keyword objects from Keyword Object page within one keyword group. All the available Keyword objects that you have created will be shown in this box. Selected Keyword Objects Click this box. button to add the selected Keyword objects in 3.
4.5.9 File Extension Object This page allows you to set eight profiles which will be applied in CSM>>URL Content Filter. All the files with the extension names specified in these profiles will be processed according to the chosen action. Profile 1 with name of “default” is the default profile, some files with the file extensions specified in this profile will be ignored and not be scanned by Vigor router.
2. The configuration page will be shown as follows: Available settings are explained as follows: Item Description Profile Name Type a name for this profile (maximum 7 characters). 3. Type a name for such profile and check all the items of file extension that will be processed in the router. 4. After finishing all the settings here, please click OK to save the configuration.
4.6 CSM Content Security Management (CSM) CSM is an abbreviation of Content Security Management which is used to control IM/P2P usage, filter the web content and URL content to reach a goal of security management. APP Enforcement Filter As the popularity of all kinds of instant messenger application arises, communication cannot become much easier.
Note: The priority of URL Content Filter is higher than Web Content Filter. 4.6.1 APP Enforcement Profile You can define policy profiles for IM (Instant Messenger)/P2P (Peer to Peer)/Protocol/Misc application. This page allows you to set 32 profiles for different requirements. The APP Enforcement Profile will be applied in Default Rule of Firewall>>General Setup for filtering. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles.
Below shows the items which are categorized under IM. Available settings are explained as follows: Item Description Profile Name Type a name for the CSM profile. Select All Click it to choose all of the items in this page. Clear All Uncheck all the selected boxes. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow.
4.6.2 URL Content Filter Profile To provide an appropriate cyberspace to users, Vigor router equips with URL Content Filter not only to limit illegal traffic from/to the inappropriate web sites but also prohibit other web feature where malicious code may conceal. Once a user type in or click on an URL with objectionable keywords, URL keyword blocking facility will decline the HTTP request to that web page thus can limit user’s access to the website.
Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message. You can set eight profiles as URL content filter. Simply click the index number under Profile to open the following web page. Available settings are explained as follows: Item Description Profile Name Type a name for the CSM profile. Priority It determines the action that this router will apply.
the priority for the actions executed. For this one, the router will process the packages with the conditions set below for web feature first, then URL second. Log None – There is no log file will be recorded for this profile. Pass – Only the log about Pass will be recorded in Syslog. Block – Only the log about Block will be recorded in Syslog. All – All the actions (Pass and Block) will be recorded in Syslog. URL Access Control Enable URL Access Control - Check the box to activate URL Access Control.
In addition, the maximal length of each frame is 32-character long. After specifying keywords, the Vigor router will decline the connection request to the website whose URL string matched to any user-defined keyword. It should be noticed that the more simplified the blocking keyword list is, the more efficiently the Vigor router performs. Web Feature Enable Restrict Web Feature - Check this box to make the keyword being blocked or passed.
After finishing all the settings here, please click OK to save the configuration. 4.6.3 Web Content Filter Profile Note: Web Content Filter (WCF) service is powered by Commtouch, the partner of DrayTek. The product name is GlobalView WCF. There are three ways to activate WCF on vigor router, using Service Activation Wizard, by means of CSM>>Web Content Filter Profile or via System Maintenance>>Activation.
Available settings are explained as follows: Item Description Activate Click it to access into MyVigor for activating WCF service. Setup Query Server It is recommended for you to use the default setting, auto-selected. You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile. Setup Test Server It is recommended for you to use the default setting, auto-selected. Find more Click it to open http://myvigor.draytek.
Cache None – the router will check the URL that the user wants to access via WCF precisely, however, the processing rate is normal. Such item can provide the most accurate URL matching. L1 – the router will check the URL that the user wants to access via WCF. If the URL has been accessed previously, it will be stored for a short time (about 1 second) in the router to be accessed quickly if required. Such item can provide accurate URL matching with faster rate.
Note: If the Web Content Filter (WCF) powered by Commtouch is not activated, the above settings will not be valid. Available settings are explained as follows: Item Description Black/White List Enable – Activate white/black list function for such profile. Group/Object Selections – Click Edit to choose the group or object profile as the content of white/black list. Pass - allow accessing into the corresponding webpage with the characters listed on Group/Object Selections.
4.7 Bandwidth Management Below shows the menu items for Bandwidth Management. 4.7.1 Sessions Limit A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted.
Item Description Session Limit Enable - Click this button to activate the function of limit session. Disable - Click this button to close the function of limit session. Default Max Session - Defines the default session number used for each computer in LAN. Limitation List Displays a list of specific limitations that you set on this web page. Specific Limitation Start IP- Defines the start IP address for limit session. End IP - Defines the end IP address for limit session.
4.7.2 Bandwidth Limit The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs. Please use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. To activate the function of limit bandwidth, simply click Enable and set the default upstream and downstream limit.
downstream for each computer in LAN. Limitation List Display a list of specific limitations that you set on this web page. Specific Limitation Start IP - Define the start IP address for limit bandwidth. End IP - Define the end IP address for limit bandwidth.
4.7.3 Quality of Service Deploying QoS (Quality of Service) management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network. One reason for QoS is that numerous TCP-based applications tend to continually increase their transmission rate and consume all available bandwidth, which is called TCP slow start.
However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. In the Bandwidth Management menu, click Quality of Service to open the web page.
Item Description Setup – Allow to configure general QoS setting for WAN interface. Class Rule Index – Display the class number that you can edit. Name – Display the name of the class. Rule – Allow to configure detailed settings for the selected Class. Service Type – Allow to configure detailed settings for the service type. Enable the First Priority for VoIP SIP/RTP When this feature is enabled, the VoIP SIP/RTP packets will be sent with highest priority. SIP UDP Port – Set a port number used for SIP.
Available settings are explained as follows: Item Description Enable the QoS Control The factory default for this setting is checked. Please also define which traffic the QoS Control settings will apply to. IN- apply to incoming traffic only. OUT- apply to outgoing traffic only. BOTH- apply to both incoming and outgoing traffic. Check this box and click OK, then click Setup link again. You will see the Online Statistics link appearing on this page.
Outbound TCP ACK Prioritize The difference in bandwidth between download and upload are great in ADSL2+ environment. For the download speed might be impacted by the uploading TCP ACK, you can check this box to push ACK of upload faster to speed the network traffic. Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application. Edit the Class Rule for QoS 1. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity.
3. NO Display the number of the rules defined for such rule. Status Display if such rule is enabled (Active) or not. Local Address Display the local IP address (on LAN) for the rule. Remote Address Display the remote IP address (on LAN/WAN) for the rule. DiffServ CodePoint Display the levels of the data for processing with QoS control. Service Type Display the service type of the data for processing with QoS control. For adding a new rule, click Add to open the following page.
Edit It allows you to edit source address information. Address Type – Determine the address type for the source address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address. For Subnet Address, you have to fill in Start IP address and Subnet Mask. DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system.
2. After you click the Edit link, you will see the following page. 3. For adding a new service type, click Add to open the following page. Available settings are explained as follows: Item Description Service Name Type in a new service for your request. Service Type Choose the type (TCP, UDP or TCP/UDP or other) for the new service.
Port Configuration Type - Click Single or Range as the Type. If you select Range, you have to type in the starting port number and the end porting number on the boxes below. Port Number – Type in the starting port number and the end porting number here if you choose Range as the type. 4. After finishing all the settings here, please click OK to save the configuration. 5. By the way, you can set up to 40 service types.
4.7.4 APP QoS The QoS function is used to do bandwidth management for the services with certain IP or port number. However, there is no effect of bandwidth management on the service such as VNC or PPTV without fixed IP or port number. APP QoS employs the function of APP Enforcement to detect the types of software in application layer.
Apply to all Choose one of the actions from the drop down list. It is prepared for applying to all protocols. Apply – Click it to make the selected action be applied all of the selected protocols immediately. Action There are many protocols which can be specified with different QoS Class. After finishing all the settings here, please click OK to save the configuration. 4.8 Applications Below shows the menu items for Applications. 4.8.
Enable the Function and Add a Dynamic DNS Account 1. Assume you have a registered domain name from the DDNS provider, say hostname.dyndns.org, and an account with username: test and password: test. 2. In the DDNS setup menu, check Enable Dynamic DNS Setup. Available settings are explained as follows: 3. Item Description Enable Dynamic DNS Setup Check this box to enable DDNS function. Set to Factory Default Clear all profiles and recover to factory settings. View Log Display DDNS log status.
Available settings are explained as follows: Item Description Enable Dynamic DNS Account Check this box to enable the current account. If you did check the box, you will see a check mark appeared on the Active column of the previous web page in step 2). Service Provider Select the service provider for the DDNS account. Service Type Select a service type (Dynamic, Custom or Static). If you choose Custom, you can modify the domain that is chosen in the Domain Name field.
4. Click OK button to activate the settings. You will see your setting has been saved. 4.8.2 Schedule The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours.
2. The detailed settings of the call schedule with index 1 are shown below. Available settings are explained as follows: 3. Item Description Enable Schedule Setup Check to enable the schedule. Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time of the schedule. Duration Time (hh:mm) Specify the duration (or period) for the schedule. Action Specify which action Call Schedule should apply during the period of the schedule.
Example Suppose you want to control the PPPoE Internet access connection to be always on (Force On) from 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down). Office Hour: (Force On) Mon - Sun 9:00 am to 6:00 pm 1. Make sure the PPPoE connection and Time Setup is working properly. 2. Configure the PPPoE always on from 9:00 to 18:00 for whole week. 3. Configure the Force Down from 18:00 to next day 9:00 for whole week. 4.
Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. After finished the above settings, click OK button to save the settings. 4.8.
The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application.
The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications. When the applications terminate abnormally, these mappings may not be removed. 4.8.5 IGMP IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. Available settings are explained as follows: Item Description Enable IGMP Proxy Check this box to enable this function.
4.8.6 Wake on LAN A PC client on LAN can be woken up by the router it connects. When a user wants to wake up a specified PC through the router, he/she must type correct MAC address of the specified PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting.
4.9 VPN and Remote Access A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link. Below shows the menu items for VPN and Remote Access. 4.9.1 Remote Access Control Enable the necessary VPN service as you need.
4.9.2 PPP General Setup This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Available settings are explained as follows: Item Description Dial-In PPP Authentication PAP Only - elect this option to force the router to authenticate dial-in users with the PAP protocol. PAP or CHAP - Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first.
Dial-In PPP Encryption (MPPE Optional MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial-in user. If the remote dial-in user does not support the MPPE encryption algorithm, the router will transmit “no MPPE encrypted packets”. Otherwise, the MPPE encryption scheme will be used to encrypt the data. Require MPPE (40/128bits) - Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm.
payload only. It can just apply to local packet, e.g., L2TP over IPSec. The Tunnel mode will not only add the AH/ESP payload but also use a new IP header (Tunneled IP header) to encapsulate the whole original IP packet. Authentication Header (AH) provides data authentication and integrity for IP packets passed between VPN peers. This is achieved by a keyed one-way hash function to the packet to create a message digest. This digest will be put in the AH and transmitted along with packets.
4.9.4 IPSec Peer Identity To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 32 entries of digital certificates for peer dial-in users. Each item is explained as follows: Item Description Set to Factory Default Click it to clear all indexes. Index Click the number below Index to access into the setting page of IPSec Peer Identity.
Available settings are explained as follows: Item Description Profile Name Type the name of the profile. Accept Any Peer ID Click to accept any peer regardless of its identity. Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value. The field can be IP Address, Domain, or E-mail Address. The box under the Type will appear according to the type you select and ask you to fill in corresponding setting.
4.9.5 Remote Dial-in User You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. You may set parameters including specified connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides 32 access accounts for dial-in users.
Available settings are explained as follows: Item Description User account and Authentication Enable this account - Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds. Allowed Dial-In Type PPTP - Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below.
Item Description Uncheck the checkbox-This means the connection type you select above will apply the authentication methods and security methods in the general settings. Netbios Naming Packet z Pass – Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting. z Block – When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting, such function can block data transmission of Netbios Naming Packet inside the tunnel.
Item Description Local ID (optional)- Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode. After finishing all the settings here, please click OK to save the configuration. 4.9.6 LAN to LAN Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles.
Status Indicate the status of individual profiles. The symbol V and X represent the profile to be active and inactive, respectively. To edit each profile: 1. Click each index to edit each profile and you will get the following page. Each LAN-to-LAN profile includes 4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation.
z WAN1 First - While connecting, the router will use WAN1 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. z WAN1 Only - While connecting, the router will use WAN1 as the only channel for VPN connection. z 3G Backup Only - While connecting, the router will use 3G modem as the only channel for VPN connection.
disconnect without notice, Vigor router will by no where to know this situation. To resolve this dilemma, by continuously sending PING packets to the remote host, the Vigor router can know the true existence of this VPN connection and react accordingly. This is independent of DPD (dead peer detection). PING to the IP - Enter the IP address of the remote host that located at the other-end of the VPN tunnel.
subject name (configured in Certificate Management>>Local Certificate) will be inspected first. z Subject Name First – The subject name (configured in Certificate Management>>Local Certificate) will be inspected first. IPSec Security Method - This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy. z Medium AH (Authentication Header) means data will be authenticated, but not be encrypted. By default, this option is active.
z z z z z combinations are available for Aggressive mode and nine for Main mode. We suggest you select the combination that covers the most schemes. IKE phase 2 proposal-To propose the local available algorithms to the VPN peers, and get its feedback to find a match. Three combinations are available for both modes. We suggest you select the combination that covers the most algorithms. IKE phase 1 key lifetime-For security reason, the lifetime of key should be defined.
Item Description Allowed Dial-In Type Determine the dial-in connection with different types. PPTP - Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below. IPSec Tunnel- Allow the remote dial-in user to trigger an IPSec VPN connection through Internet. L2TP with IPSec Policy - Allow the remote dial-in user to make a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPSec.
subject name (configured in Certificate Management>>Local Certificate) will be inspected first. z Subject Name First – The subject name (configured in Certificate Management>>Local Certificate) will be inspected first. IPSec Security Method - This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node. Medium- Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active.
For IPSec, this is the destination clients IDs of phase 2 quick mode. Local Network IP / Local Network Mask - Add a static route to direct all traffic destined to Local Network IP Address/Local Network Mask through the VPN connection. More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router.
4.9.7 Connection Management You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Available settings are explained as follows: Item Description Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status.
4.10 Certificate Management A digital certificate works as an electronic ID, which is issued by a certification authority (CA). It contains information such as your name, a serial number, expiration dates etc., and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Here Vigor router support digital certificates conforming to standard X.509.
Type in all the information that the window requests. Then click Generate again. Import Click this button to import a saved file as the certification information. Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request. Delete Click this button to delete selected name with certification information.
4.10.2 Trusted CA Certificate Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file. For viewing each trusted CA certificate, click View to open the certificate detail information window.
4.10.3 Certificate Backup Local certificate and Trusted CA certificate for this router can be saved within one file. Please click Backup on the following screen to save them. If you want to set encryption password for these certificates, please type characters in both fields of Encrypt password and Retype password. Also, you can use Restore to retrieve these two settings to the router whenever you want. 4.11 VoIP Note: This function is used for “V” models.
z Calling via SIP Servers First, the Vigor V models of yours will have to register to a SIP Registrar by sending registration messages to validate. Then, both parties’ SIP proxies will forward the sequence of messages to caller to establish the session. If you both register to the same SIP Registrar, then it will be illustrated as below: The major benefit of this mode is that you don’t have to memorize your friend’s IP address, which might change very frequently if it’s dynamic.
4.11.1 DialPlan This page allows you to set phone book and digit map for the VoIP function. Click the Phone Book and Digit Map links on the page to access into next pages for dialplan settings. Phone Book In this section, you can set your VoIP contacts in the “phonebook”. It can help you to make calls quickly and easily by using “speed-dial” Phone Number. There are total 60 index entries in the phonebook for you to store all your friends and family members’ SIP addresses.
To add a phone number: 1. Click any index number to display the dial plan setup page. Available settings are explained as follows: Item Description Enable Click this to enable this entry. Phone Number The speed-dial number of this index. This can be any number you choose, using digits 0-9 and * .
2. Display Name The Caller-ID that you want to be displayed on your friend’s screen. This let your friend can easily know who’s calling without memorizing lots of SIP URL Address. SIP URL Enter your friend’s SIP Address. Dial Out Account Choose one of the SIP accounts for this profile to dial out. It is useful for both sides (caller and callee) that registered to different SIP Registrar servers.
Digit Map For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface. Available settings are explained as follows: Item Description Enable Check this box to invoke this setting. Match Prefix It is used to match with the number you dialed and can be modified with the OP Number by the mode (add, strip or replace).
03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to SIP server. OP Number The front number you type here is the first part of the account number that you want to execute special function (according to the chosen mode) by using the prefix number. Min Len Set the minimal length of the dial number for applying the prefix number settings.
To create a call baring profile: 1. Click any index number to display the dial plan setup page. Available settings are explained as follows: Item Description Enable Check it to enable this entry. Call Direction Determine the direction for the phone call, IN – incoming call, OUT-outgoing call, IN & OUT – both incoming and outgoing calls. Barring Type Determine the type of the VoIP phone call, URI/URL or number.
2. After finishing all the settings here, please click OK to save the configuration. Additionally, you can set advanced settings for call barring such as Block Anonymous, Block Unknown Domain or Block IP Address. Simply click the relational links to open the web page. For Block Anonymous – this function can block the incoming calls without caller ID on the interface (Phone port) specified in the following window. Such control also can be done based on preconfigured schedules.
For Block Unknown Domain – this function can block incoming calls (through Phone port) from unrecognized domain that is not specified in SIP accounts. Web page for Vigor2710Vn--- Web page for Vigor2710VDn--- For Block IP Address – this function can block incoming calls (through Phone port) coming from IP address.
Regional This page allows you to process incoming or outgoing phone calls by regional. Default values (common used in most areas) will be shown on this web page. You can change the number based on the region that the router is placed. Available settings are explained as follows: Item Description Enable Regional Check this box to enable this function. Last Call Return [Miss] Sometimes, people might miss some phone calls.
Item Description Do Not Distrub [Deact] Dial the number typed in this field to release the DND function. Hide caller ID [Act] Dial the number typed in this field to make your phone number (ID) not displayed on the display panel of remote end. Hide caller ID [Deact] Dial the number typed in this field to release this function. Call Waiting [Act] Dial the number typed in this field to make all the incoming calls waiting for your answer.
Note: A Line port on the router allows connection to a PSTN line so the user can select either the PSTN or VoIP for the calls, and can access the PSTN line during power black-outs when VoIP is cut off (only available on port 2). 4.11.2 SIP Accounts In this section, you set up your own SIP settings. When you apply for an account, your SIP service provider will give you an Account Name or user name, SIP Registrar, Proxy, and Domain name. (The last three might be the same in some case).
SIP Accounts Web Page for Vigor2710 VDn ------- Available settings are explained as follows: Item Description Index Click this link to access into next page for setting SIP account. Profile Display the profile name of the account. Domain/Realm Display the domain name or IP address of the SIP registrar server. Proxy Display the domain name or IP address of the SIP proxy server. Account Name Display the account name of SIP address before @. Codec Display the codec type for the account.
Item Description NAT Traversal Support. Click any index link to open the following web page.
SIP Accounts Web Page for Vigor2710 VDn ------- Available settings are explained as follows: Item Description Profile Name Assign a name for this profile for identifying. You can type similar name with the domain. For example, if the domain name is draytel.org, then you might set draytel-1 in this field. Register via If you want to make VoIP call without register personal information, please choose None and check the box to achieve the goal.
specify that port as the destination of data transmission (e.g., nat.draytel.org:5065) Act as Outbound Proxy Check this box to make the proxy acting as outbound proxy. Display Name The caller-ID that you want to be displayed on your friend’s screen. Account Number/Name Enter your account name of SIP Address, e.g. every text before @. Authentication ID Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar.
Time Out – Set the time out for the call forwarding. The default setting is 30 sec. Ring Port Set Phone 1 and/or Phone 2 as the default ring port(s) for this SIP account. Ring Pattern Choose a ring tone type for the VoIP phone call. Prefer Codec Select one of five codecs as the default for your VoIP calls. The codec used for each call will be negotiated with the peer party before each session, and so may not be your default choice. The default codec is G.
4.11.3 Phone Settings This page allows user to set phone settings for Phone 1 and Phone 2 respectively. However, it changes slightly according to different model you have. Phone Settings Web Page for Vigor2710 Vn ------- Phone Settings Web Page for Vigor2710 VDn ------- Available settings are explained as follows: Item Description Phone List Port – Phone, Phone1/Phone2 allow you to set general settings for PSTN phones. DECT1-6 allow you to set general settings for DECT phone.
shown in this field for your reference. Codec – The default Codec setting for each port will be shown in this field for your reference. You can click the number below the Index field to change it for each phone port. Tone - Display the tone settings that configured in the advanced settings page of Phone Index. Gain - Display the volume gain settings for Mic/Speaker that configured in the advanced settings page of Phone Index. Default SIP Account – “draytel_1” is the default SIP account.
Detailed Settings for Phone Port Click the number link for Phone/DECT port, you can access into the following page for configuring Phone settings. Phone Port Web Page for Vigor2710 Vn ------- DECT Port Web Page for Vigor2710 VDn ------- Available settings are explained as follows: Item Description Hotline Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set.
Session Timer Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically. T.38 Fax Function Check the box to enable T.38 fax function. Error Correction Mode – choose a mode for error correction. DND (Do Not Disturb) Mode Set a period of peace time without disturbing by VoIP phone call. During the period, the one who dial in will listen busy tone, yet the local user will not listen any ring tone.
Available settings are explained as follows: Item Description Region Select the proper region which you are located. The common settings of Caller ID Type, Dial tone, Ringing tone, Busy tone and Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone.
Item Description Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Volume Gain Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10. The larger of the number, the louder the volume is. MISC Dial Tone Power Level - This setting is used to adjust the loudness of the dial tone. The smaller the number is, the louder the dial tone is.
4.11.4 DECT From this page, you can enable register or deregister handsets for using DECT function. Available settings are explained as follows: Item Description Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information. The information will update immediately when the Refresh button is clicked. Handset After DECT phone registered with router, it would be assigned one unique handset ID. Status It is used to indicate the DECT handset status.
DECT phone access mode When registering with DECT phone, you will be asked to type access code. The default setting in Vigor2710VDn is 1234. Enable Registration Mode If you want to use handset to register with the router, you need to enable DECT module registration mode via this button. Otherwise, you can't search our DECT base station from the air. Deregister All Handset Deregister all registered handset.
3. When the registration is finished, open VoIP>>SIP Accounts. The Registered DECT phone will be available for you to choose. Choose the one you need. 4. Open VoIP>>Status. Information for the active DECT phone will be shown as follows.
5. When registering with DECT phone, you will be asked to type access code. The default setting in Vigor2710VDn is 1234. Please open VoIP>>Phone Settings to modify it if required. The following diagram shows the brief construction of DECT phone (handset) and Vigor router.
4.11.5 Status From this page, you can find codec, connection and other important call status for each port.
Each item is explained as follows: Item Description Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information. The information will update immediately when the Refresh button is clicked. Port It shows current connection status for the port of Phone1 and Phone2. Status It shows the VoIP connection status. IDLE - Indicates that the VoIP function is idle. HANG_UP - Indicates that the connection is not established (busy tone).
4.12 Wireless LAN This function is used for “n” models only. 4.12.1 Basic Concepts Over recent years, the market for wireless communications has enjoyed tremendous growth. Wireless technology now reaches or is capable of reaching virtually every location on the surface of the earth. Hundreds of millions of people exchange information every day via wireless communication products. The Vigor “n” model, a.k.a. Vigor wireless router, is designed for maximum flexibility and efficiency of a small office/home.
Complete Security Standard Selection: To ensure the security and privacy of your wireless communication, we provide several prevailing standards on market. WEP (Wired Equivalent Privacy) is a legacy method to encrypt each frame transmitted via radio using either a 64-bit or 128-bit key. Usually access point will preset a set of four keys and it will communicate with each station using only one out of the four keys.
4.12.2 General Setup By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Available settings are explained as follows: Item Description Enable Wireless LAN Check the box to enable wireless function. Mode At present, the router can connect to Mixed (11b+11g), 11g Only, 11b Only, Mixed (11g+11n), 11n Only and Mixed (11b+11g+11n) stations simultaneously.
Index(1-15) Set the wireless LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup. The default setting of this filed is blank and the function will always work. Hide SSID Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN.
802.11 packet. Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field. However, some original 11b wireless network devices only support long preamble. Check it to use Long Preamble if needed to communicate with this kind of devices. Packet-OVERDRIVE This feature can enhance the performance in data transmission about 40%* more (by checking Tx Burst).
4.12.3 Security This page allows you to set security with different modes for SSID 1, 2, 3 and 4 respectively. After configuring the correct settings, please click OK to save and invoke it. The default security mode is Mixed (WPA+WPA2)/PSK. Default Pre-Shared Key (PSK) is provided and stated on the label pasted on the bottom of the router. For the wireless client who wants to access into Internet through such router, please input the default PSK value for connection.
Disable - Turn off the encryption mechanism. WEP-Accepts only WEP clients and the encryption key should be entered in WEP Key. WPA/PSK-Accepts only WPA clients and the encryption key should be entered in PSK. WPA2/PSK-Accepts only WPA2 clients and the encryption key should be entered in PSK. Mixed (WPA+ WPA2)/PSK - Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK.
4.12.4 Access Control In the Access Control, the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list. The user may block wireless clients by inserting their MAC addresses into a black list, or only let them be able to connect by inserting their MAC addresses into a white list. In the Access Control web page, users may configure the white/black list modes used by each SSID and the MAC addresses applied to their lists.
Delete Delete the selected MAC address in the list. Edit Edit the selected MAC address in the list. Cancel Give up the access control set up. OK Click it to save the access control list. Clear All Clean all entries in the MAC address list. After finishing all the settings here, please click OK to save the configuration. 4.12.
z If you want to use PIN code, you have to know the PIN code specified in wireless client. Then provide the PIN code of the wireless client you wish to connect to the vigor router. For WPS is supported in WPA-PSK or WPA2-PSK mode, if you do not choose such mode in Wireless LAN>>Security, you will see the following message box. Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Below shows Wireless LAN>>WPS web page.
Item Description WPS Status Display related system information for WPS. If the wireless security (encryption) function of the router is properly configured, you can see ‘Configured’ message here. SSID Display the SSID1 of the router. WPS is supported by SSID1 only. Authentication Mode Display current authentication mode of the router. Only WPA2/PSK and WPA/PSK support WPS. Configure via Push Button Click Start PBC to invoke Push-Button style WPS setup procedure.
4.12.6 WDS WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application: y y Provide bridge traffic between two LANs through the air. Extend the coverage range of a WLAN. To meet the above requirement, two WDS modes are implemented in Vigor router. One is Bridge, the other is Repeater.
The major difference between these two modes is that: while in Repeater mode, the packets received from one peer AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding. In the following examples, hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links.
Available settings are explained as follows: Item Description Mode Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Bridge mode is designed to fulfill the first type of application. Repeater mode is for the second one. Security There are three types for security, Disable, WEP and Pre-shared key. The setting you choose here will make the following WEP or Pre-shared key field valid or not. Choose one of the types for the router.
Item Description your WDS system between AP and the router. Key - Type 8 ~ 63 ASCII characters or 64 hexadecimal digits leading by “0x”. Bridge If you choose Bridge as the connecting mode, please type in the peer MAC address in these fields. Four peer MAC addresses are allowed to be entered in this page at one time. Yet please disable the unused link to get better performance. If you want to invoke the peer MAC address, remember to check Enable box in the front of the MAC address after typing.
Item Description Channel Bandwidth 20- the router will use 20Mhz for data transmission and receiving between the AP and the stations. 20/40 – the router will use 20Mhz or 40Mhz for data transmission and receiving according to the station capability. Such channel can increase the performance for data transit. Guard Interval It is to assure the safety of propagation delays and reflections for the sensitive digital data.
Available settings are explained as follows: Item Description WMM Capable To apply WMM parameters for wireless data transmission, please click the Enable radio button. APSD Capable The default setting is Disable. Aifsn It controls how long the client waits for each data transmission. Please specify the value ranging from 1 to 15. Such parameter will influence the time delay for WMM accessing categories.
4.12.9 AP Discovery Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Also, it can be used to facilitate finding an AP for a WDS link. Notice that during the scanning process (about 5 seconds), no client is allowed to connect to Vigor. This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found.
4.12.10 Station List Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description Refresh Click this button to refresh the status of station list. Add Click this button to add current typed MAC address into Access Control.
4.13 USB Application USB disk can be regarded as an FTP server. By way of Vigor router, clients on LAN can access, write and read data stored in USB disk. After setting the configuration in USB Application, you can type the IP address of the Vigor router and username/password created in USB Application>>USB User Management on the FTP client software. Thus, the client can use the FTP site (USB disk) through Vigor router. 4.13.
Item Description character sets. Default Charset is for English based file name. Samba Service Settings Click Enable to invoke samba service via the router. Access Mode LAN Only – Users coming from internet cannot connect to the samba server of the router. LAN And WAN - Both LAN and WAN users can access samba server of the router. NetBios Name Service For the NetBios service of USB storage disk, you have to specify a workgroup name and a host name.
Username Display the name that FTP/Samba users will use for accessing into FTP/Samba server. Home Folder Display the home folder of this entry. Set to Factory Default Click it to clear all profiles settings. To create an account for FTP user: 1. Click any index number to access into configuration page. 2. The following web page will appear.
Item Description into USB storage disk. Note: “Admin” could not be typed here as username, for the word is specified for accessing into web pages of Vigor router only. Also, it is reserved for FTP firmware upgrade usage. Password Type the password for FTP/Samba users for accessing FTP server. Later, you can open FTP client software and type the password specified here for accessing into USB storage disk. Confirm Password Type the password again to make confirmation.
4.13.3 File Explorer File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router. Available settings are explained as follows: Item Description Click this icon to refresh files list. Refresh Back Click this icon to return to the upper directory. Click this icon to add a new folder. Create Current Path Display current folder. Upload Click this button to upload the selected file to the USB storage disk.
4.13.4 USB Disk Status This page is to monitor the status for the FTP users who accessing into FTP server (USB disk) via the Vigor router. Each item is explained as follows: Item Description Connection Status If there is no USB disk connected to Vigor router, “No Disk Connected” will be shown here. Once the USB disk has been found, the connection status will display “Disk Connected”. Disconnect USB Disk – click this button to disconnect the USB disk with the router.
4.14 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, User Password, Login Page Greeting, Configuration Backup, Syslog, Time and Date setup, Management, Reboot System, Firmware Upgrade and Activate. Below shows the menu items for System Maintenance. 4.14.1 System Status The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.
Item Description Firmware Version Display the firmware version of the router. Build Date/Time Display the date and time of the current firmware build. ADSL Firmware Version Display the ADSL firmware version. LAN MAC Address - Display the MAC address of the LAN Interface. IP Address - Display the IP address of the LAN interface. Subnet Mask - Display the subnet mask address of the LAN interface.
4.14.2 TR-069 This device supports TR-069 standard. It is very convenient for an administrator to manage a TR-069 device through an Auto Configuration Server, e.g., VigorACS. Available parameters are explained as follows: Item Description ACS Server On Choose the interface for the router connecting to ACS server. ACS Server URL/Username/Password – Such data must be typed according to the ACS (Auto Configuration Server) you want to link.
Item Description STUN Settings The default is Disable. If you click Enable, please type the relational settings listed below: Server IP – Type the IP address of the STUN server. Server Port – Type the port number of the STUN server. Minimum Keep Alive Period – If STUN is enabled, the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway. Please type a number as the minimum period. The default setting is “60 seconds”.
4.14.4 User Password Sometimes, you may want to access into User Mode to configure the web settings for some reason. Vigor router allows you to set new user password to login into the WUI to fit your request. Simply open System Maintenance>>User Password. Available parameters are explained as follows: Item Description Enable User Mode for simple web configuration Check this box to enable user mode operation.
3. The following screen will appear. 4. Log out Vigor router Web Configurator by clicking Logout. 5. The following window will be open to ask for username and password. It is no need to type any username. Type the new user password in the filed of Password and click Login.
6. The main screen with User Mode will be shown as follows. Settings to be configured in User Mode will be less than settings in Admin Mode. Only basic configuration settings will be available in User Mode. 4.14.5 Login Page Greeting When you want to access into the web configurator of Vigor router, the system will ask you to offer username and password first. At that moment, the background of the web page is blank and no heading will be displayed on the Login window.
Available settings are explained as follows: Item Description Enable Check this box to enable the login customization function. Login Page Title Type a brief description (e.g., Welcome to DrayTek) which will be shown on the heading of the login dialog. Welcome Message and Bulletin Type words or sentences here. It will be displayed for bulletin message. In addition, it can be displayed on the login dialog at the bottom. Note that do not type URL redirect link here.
4.14.6 Configuration Backup Backup the Configuration Follow the steps below to backup your configuration. 1. Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. 2. Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. 3. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself.
4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Restore Configuration 1. Go to System Maintenance >> Configuration Backup.
4.14.7 Syslog/Mail Alert SysLog function is provided for users to monitor router. There is no bother to directly get into the Web Configurator of the router or borrow debug equipments. Available settings are explained as follows: Item Description SysLog Access Setup Enable - Check Enable to activate function of syslog. Syslog Save to – Check Syslog Server to save the log to Syslog server. Check USB Disk to save the log to the attached USB storage disk.
address is available or not. SMTP Server - The IP address of the SMTP server. Mail To - Assign a mail address for sending mails out. Return-Path - Assign a path for receiving the mail from outside. Authentication - Check this box to activate this function while using e-mail application. User Name - Type the user name for authentication. Password - Type the password for authentication.
4.14.8 Time and Date It allows you to specify where the time of the router should be inquired from. Available settings are explained as follows: Item Description Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time. Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol. Time Protocol Select a time protocol.
4.14.9 Management This page allows you to manage the settings for access control, access list, port setup, and SNMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The management pages for IPv4 and IPv6 protocols are different. For IPv4 Available settings are explained as follows: Item Description Router Name Type in the router name provided by ISP.
numbers for the Telnet, HTTP and FTP servers. Default Ports - Check to use standard port numbers for the Telnet and HTTP servers. SNMP Setup Enable SNMP Agent - Check it to enable this function. Get Community - Set the name for getting community by typing a proper character. The default setting is public. Set Community - Set community by typing a proper name. The default setting is private. Manager Host IP - Set one host as the manager to execute SNMP function.
login from a specific host or network defined in the list. A maximum of three IPs/subnet masks is allowed. IPv6 Address /Prefix Length- Indicate the IP address(es) allowed to login to the router. Click OK to save these settings. 4.14.10 Reboot System The Web Configurator may be used to restart your router. Click Reboot System from System Maintenance to open the following page. If you want to reboot the router using the current configuration, check Using current configuration and click Reboot Now.
4.14.11 Firmware Upgrade Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools. The following web page will guide you to upgrade firmware by using an example. Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.
4.14.12 Activation There are three ways to activate WCF on vigor router, using Service Activation Wizard, by means of CSM>>Web Content Filter Profile or via System Maintenance>>Activation. After you have finished the setting profiles for WCF (refer to Web Content Filter Profile), it is the time to activate the mechanism for your computer. Click System Maintenance>>Activation to open the following page for accessing http://myvigor.draytek.com.
Below shows the successful activation of Web Content Filter: Start Date Display the starting date of WCF license activated successfully. Expire Date Display the ending date of WCF license activated successfully.
4.15 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. 4.15.1 Dial-out Triggering Click Diagnostics and click Dial-out Triggering to open the web page. The internet connection (e.g., PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address.
4.15.2 Routing Table Click Diagnostics and click Routing Table to open the web page. Current Running Routing Table IPv6 Routing Table Available settings are explained as follows: Item Description Refresh Click it to reload the page.
4.15.3 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Available settings are explained as follows: Item Description Clear Click it to clear the whole table. Refresh Click it to reload the page. 4.15.
4.15.5 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click DHCP Table to open the web page. DHCP IP Assignment Table DHCPv6 IP Assignment Table Each item is explained as follows: Item Description Index It displays the connection item number. IP Address It displays the IP address assigned by this router for specified PC.
Refresh Click it to reload the page. 4.15.6 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the list page. Each item is explained as follows: Item Description Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. Interface It displays the representing number for different interface.
4.15.7 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page.
RX rate (kbps) Display the receiving speed of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Action Block - can prevent specified PC accessing into Internet within 5 minutes. Unblock – the device with the IP address will be blocked in five minutes. The remaining time will be shown on the session column. Current /Peak/Speed Vigor2710 Series User’s Guide Current means current transmission rate and receiving rate for WAN interface.
4.15.8 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page. Choose WAN1 Bandwidth, Sessions, daily or weekly for viewing different traffic graph. Click Refresh to renew the graph at any time. The horizontal axis represents time. Yet the vertical axis has different meanings. For WAN1 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past.
4.15.9 Ping Diagnosis Click Diagnostics and click Ping Diagnosis to pen the web page. Each item is explained as follows: Item Description IPV4 /IPV6 Choose the protocol for such function. Ping to Use the drop down list to choose the destination that you want to ping. IP Address Type in the IP address of the Host/IP that you want to ping. Ping IPv6 Address Type the IPv6 address that you want to ping. Run Click this button to start the ping work. The result will be displayed on the screen.
4.15.10 Trace Route Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run. The result of route trace will be shown on the screen. Each item is explained as follows: Item Description IPv4 / IPv6 Choose the protocol for such function. Protocol Use the drop down list to choose the protocol that you want to ping through.
4.16 Product Registration When you click it, you will be guided to visit myvigor.draytek.com and open the corresponding pages directly. Click Support Area>>Product Registration, the following web page will be displayed.
Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Checking if the hardware status is OK or not. z Checking if the network connection settings on your computer are OK or not. z Pinging the router from your computer. z Checking if the ISP settings are OK or not.
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 1.
4. Select Obtain an IP address automatically and Obtain DNS server address automatically. For Mac OS 1. Double click on the current used Mac OS on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
5.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 5.2) Please follow the steps below to ping the router correctly.
5.4 Checking If the ISP Settings are OK or Not Click Internet Access group and then check whether the ISP settings are set correctly. Take PPPoE User as an Example 1. Check if the Enable option is selected. 2. Check if Username and Password are entered with correct values that you got from your ISP.
5.5 Problems for 3G Network Connection When you have trouble in using 3G network transmission, please check the following: Check if USB LED lights on or off You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2710. Later, the USB LED will light on which means the installation of USB Modem is successful. If the USB LED does not light on, please remove and reinsert the modem again. If it still fails, restart Vigor2710.
Software Reset You can reset the router to factory default via Web page. Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click Reboot Now. After few seconds, the router will return all the settings to the factory settings. Hardware Reset While the router is running (ACT LED blinking), press the Factory Reset button and hold for more than 5 seconds.
