Vigor2920 Series Dual-WAN Security Router User’s Guide Version: 2.5 Firmware Version: V3.6.
Copyright Information Copyright Declarations Copyright 2012 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: z Microsoft is a registered trademark of Microsoft Corp.
European Community Declarations Manufacturer: Address: Product: DrayTek Corp. No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Vigor2920 Series Router DrayTek Corp. declares that Vigor2920 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC.
Table of Contents Introduction .................................................................................................1 1.1 Web Configuration Buttons Explanation ................................................................................. 1 1.2 LED Indicators and Connectors .............................................................................................. 2 1.2.1 For Vigor2920 ........................................................................................................
3.11 Request a CA Certificate and Set as Trusted on Windows CA Server ............................... 84 3.12 Creating an Account for MyVigor ........................................................................................ 86 3.12.1 Creating an Account via Vigor Router .......................................................................... 86 3.12.2 Creating an Account via MyVigor Web Site.................................................................. 90 Advanced Web Configuration ...........
4.7.2 URL Content Filter Profile............................................................................................. 196 4.7.3 Web Content Filter Profile............................................................................................. 201 4.8 Bandwidth Management ..................................................................................................... 204 4.8.1 Sessions Limit.....................................................................................................
4.15 System Maintenance......................................................................................................... 321 4.15.1 System Status............................................................................................................. 321 4.15.2 HTTPS Encryption Setup ........................................................................................... 323 4.15.3 TR-069 .........................................................................................................
Introduction Vigor2920 series is a broadband router. It integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 2 VPN tunnels. The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set firewall policy with ease.
1.2 LED Indicators and Connectors Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. 1.2.1 For Vigor2920 LED Status Explanation ACT (Activity) CSM Blinking Off On Blinking On WCF On WAN1/2 On Blinking On Blinking On On The router is powered on and running normally. The router is powered off. USB device is connected and ready for use. The data is transmitting.
Interface Description Factory Reset GigaLAN (1-4) WAN1/WAN2(Giga) USB PWR Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecters for local networked devices. Connecters for remote networked devices. Connecter for 3G Modem or printer. Connecter for a power adapter.
1.2.2 For Vigor2920n LED Status Explanation ACT (Activity) Blinking Off On Blinking On The router is powered on and running normally. The router is powered off. USB device is connected and ready for use. The data is transmitting. The profile(s) of CSM (Content Security Management) for IM/P2P, URL/Web Content Filter application is enabled from Firewall >>General Setup. (Such profile must be established under CSM menu). Wireless access point is ready.
Interface Description Wireless LAN ON/OFF/WPS GigaLAN (1-4) WAN1/WAN2(Giga) USB PWR Press "Wireless LAN ON/OFF/WPS" button once to wait for client device making network connection through WPS. Press "Wireless LAN ON/OFF/WPS" button twice to enable (WLAN LED on) or disable (WLAN LED off) wireless connection. Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds.
1.2.3 For Vigor2920Vn LED Status Explanation ACT (Activity) Blinking Off On Blinking On The router is powered on and running normally. The router is powered off. USB device is connected and ready for use. The data is transmitting. The profile(s) of CSM (Content Security Management) for IM/P2P, URL/Web Content Filter application can be enabled from Firewall >>General Setup. (Such profile must be established under CSM menu). Wireless access point is ready.
Interface Description Wireless LAN ON/OFF/WPS Phone 1/2 Line GigaLAN (1-4) WAN1/WAN2(Giga) USB PWR Press "Wireless LAN ON/OFF/WPS" button once to wait for client device making network connection through WPS. Press "Wireless LAN ON/OFF/WPS" button twice to enable (WLAN LED on) or disable (WLAN LED off) wireless connection. Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds.
1.3 Hardware Installation Before starting to configure the router, you have to connect your devices correctly. 1. Connect the cable Modem/DSL Modem/Media Converter to any WAN port of router with Ethernet cable (RJ-45). 2. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of the router and the other end of the cable (RJ-45) into the Ethernet port on your computer. 3.
1.4 Printer Installation You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE/Vista, please visit www.DrayTek.com. Before using it, please follow the steps below to configure settings for connected computers (or wireless clients). 1. Connect the printer with the router through USB/parallel port. 2. Open Start->Settings-> Printer and Faxes. 3.
4. Click Local printer attached to this computer and click Next. 5. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next.
6. In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. 7. Click Standard and choose Generic Network Card. 8. Then, in the following dialog, click Finish.
9. Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. 10. For the final stage, you need to go back to Control Panel-> Printers and edit the property of the new printer you have added. 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name.
The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router. Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.DrayTek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.
This page is left blank.
Configuring Basic Settings For using the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for accessing into the web configurator of Vigor router and how to adjust settings for accessing Internet successfully. 2.1 Accessing Web Page 1. Make sure your PC connects to the router correctly.
2.2 Changing Password Please change the password for the original security of the router. 1. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. 2. Please type “admin/admin” as Username/Password for accessing into the web configurator with admin mode. 3. Now, the Main Screen will appear. Note: The home page will change slightly in accordance with the type of the router you have. 4.
5. Enter the login password on the field of Old Password. Type a new password in New Password and Confirm New Password fields. Then click OK to continue. 6. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. 2.3 Quick Start Wizard Notice: Quick Start Wizard for user mode operation is the same as for admin mode operation.
On the next page as shown below, please select the WAN interface that you use. If Ethernet interface is used, please choose WAN1/2 (based on the physical hardware connection); if 3G USB modem is used, please choose WAN3. Choose Auto negotiation as the physical type for your router. Then click Next for next step. WAN1/WAN2 and WAN3 will bring up different configuration page. Refer to the following for detailed information. 2.3.1 For WAN1/WAN2 Choose WAN1/WAN2 and click Next to display the following page.
1. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. 2. Click PPPoE as the Internet Access Type. Then click Next to open the following page. Available settings are explained as follows: Item Description User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. Back Click it to return to previous setting page.
Cancel Click it to give up the quick start wizard. 3. Please manually enter the Username/Password provided by your ISP. Click Next for viewing summary of such connection. 4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. 5. Now, you can enjoy surfing on the Internet.
2.3.1.2 PPTP/L2TP Click PPTP/L2TP as the protocol. Type in all the information that your ISP provides for this protocol. 1. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. 2. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue.
Available settings are explained as follows: Item Description User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. WAN IP Configuration Obtain an IP address automatically – the router will get an IP address automatically from DHCP server. Specify an IP address – you have to type relational settings manually. IP Address - Type the IP address. Subnet Mask –Type the subnet mask.
5. Now, you can enjoy surfing on the Internet. 2.3.1.3 Static IP 1. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type. 2. Click Static IP as the Internet Access Type. Then click Next to continue. Available settings are explained as follows: Item Description WAN IP Type the IP address. Subnet Mask Type the subnet mask. Gateway Type the IP address of gateway.
Back Click it to return to previous setting page. Next Click it to get into the next setting page. Cancel Click it to give up the quick start wizard. 3. After finishing the settings in this page, click Next to see the following page. 4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. 5. Now, you can enjoy surfing on the Internet. 2.3.1.4 DHCP Click DHCP as the protocol.
2. Click DHCP as the Internet Access Type. Then click Next to continue. Available settings are explained as follows: 3. Item Description Host Name Type the name of the host. MAC Some Cable service providers specify a specific MAC address for access authentication. In such cases you need to enter the MAC address. Back Click it to return to previous setting page. Next Click it to get into th/e next setting page. Cancel Click it to give up the quick start wizard.
4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. 5. Now, you can enjoy surfing on the Internet. 2.3.2 For WAN3 To use 3G USB modem for network connection, please choose WAN3. 1. Choose WAN1/WAN2 as the WAN Interface and click the Next button. The following page will be open for you to specify Internet Access Type.
2. Then, click Next to continue. 3. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. 4. Now, you can enjoy surfing on the Internet. 2.4 Service Activation Wizard Service Activation Wizard can guide you to activate WCF service (Web Content Filter) with a quick and easy way. Note:Web Content Filter (WCF) is not a built-in service of Vigor router, but a service powered by Commtouch.
2. The screen of Service Activation Wizard will be shown as follows. Choose the one you need and click Next. In this case, we choose to activate free trial edition. Free trial edition: it offers a period of trial for you to get acquainted with WCF function. Formal edition with license key: it offers a period of valid time (e.g., one year) for WCF function. Note: If you activate Formal edition with license key first, the free trial edition will be invalid. 3.
4. Setting confirmation page will be displayed as follows, please click Next. 5. Wait for a moment till the following page appears. When such page appears, you can enable or disable these services for your necessity. Then, click Finish. Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup. 6. Now, the web page will display the service that you have activated according to your selection(s).
Later, if you need to extend the license valid time for the same service, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next.
2.5 Online Status 2.5.1 Physical Connection Such page displays the physical connection status such as LAN connection status, WAN connection status, ADSL information, and so on.
Item Description LAN Status Primary DNS - Displays the IP address of the primary DNS. Secondary DNS - Displays the IP address of the secondary DNS. IP Address - Displays the IP address of the LAN interface. TX Packets - Displays the total transmitted packets at the LAN interface. RX Packets - Displays the total number of received packets at the LAN interface. WAN 1 Status ~ WAN 3 Status Line - Displays the physical connection of this interface. Name - Displays the name set in WAN1/WAN web page.
Item Description interface. RX Bytes - Displays the total received octets at the LAN interface. WAN IPv6 Status Enable – No in red means such interface is available but not enabled. Yes in green means such interface is enabled. No in red means such interface is not available. Mode - Displays the type of WAN connection (e.g., TSPC). Up Time - Displays the total uptime of the interface. IP - Displays the IP address of the WAN interface. Gateway IP - Displays the IP address of the default gateway.
2.7 Registering Vigor Router You have finished the configuration of Quick Start Wizard and you can surf the Internet at any time. Now it is the time to register your Vigor router to MyVigor website for getting more service. Please follow the steps below to finish the router registration. 1. Please login the web configuration interface of Vigor router by typing “admin/admin” as User Name / Password. 2. Click Support Area>>Production Registration from the home page. 3.
4. The following page will be displayed after you logging in MyVigor. From this page, please click Add or Product Registration. Note: Below the field of Your Device List, all the Vigor routers that you have registered to MyVigor website will be displayed in sequence. 5. When the following page appears, please type in Nickname (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date).
6. When the following page appears, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. 7. Take a look at the page of My Information, the new added Vigor rotuer is listed under Your Device List.
Tutorials and Applications 3.1 How to configure settings for IPv6 Service Due to the shortage of IPv4 address, more and more countries use IPv6 to solve the problem. However, to continually use the original rich resources of IPv4, both IPv6 and IPv4 networks shall communicate for each other via intercommunication mechanism to complete the shifting job from IPv4 to IPv6 gradually.
Note: Only one WAN interface support IPv6 service at one time. In this example, WAN2 is chosen as the one supporting IPv6 service. 2. In the following figure, use the drop down list to choose a proper connection type. Different connection types will bring out different configuration page. Refer to the following: z PPP – Dual Stack application, IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4.
Click OK and open Online Status. If the connection is successful, you will get the IP address for IPv4 and IPv6 at the same time.
z TSPC – Tunnel application, both IPv6 hosts communicate through IPv4 network Choose TSPC and type the information for TSPC service. Note: While using such mode, you have to make sure the IPv4 network connection is normal. (In the following figure, the TSPC information is obtained from http://gogo6.com/ after applied for the service.) Click OK and open Online Status.
z AICCU – Tunnel application Choose AICCU and type the information for AICCU of IPv6. Note: While using such mode, you have to make sure the IPv4 network connection is normal. (In the following figure, the AICCU information is obtained from https://www.sixxs.net/main/ after applied for the service.) Click OK and open Online Status.
z DHCPv6 Client Choose DHCPv6 Client. Click one of the identity associations and type the IAID number. Click OK and open Online Status.
z Static IPv6 Choose Static IPv6. Type IPv6 address, Prefix Length and Gateway Address. Click OK and open Online Status.
II. Configuring the LAN Settings After finished the WAN settings for IPv6, please configure the LAN settings to make the router’s client getting the IPv6 address. 1. Access into the web configurator of Vigor2920. Open LAN>> General Setup. Click the IPv6 button. Note: Only the subnet of LAN1 supports IPv6 feature. 2. In the field of RADVD Configuration, the default setting is Enable.
III. Confirming IPv6 Service Run Successfully 1. Make sure you have get the correct IPv6 IP address. Get into MS-DOS interface and type the command of “ipconfig”. Refer to the following figure. From the above figure we can see IPv6 IP address has been detected by the system. 2. Use the Ping command to ping any IPv6 address indicating an IPv6 website. For example, www.kame.net is a website supporting IPv4 IP and IPv6 IP services.
3. Connect to the website for IPv6. Open a web browser and type an URL of IPv6, e.g., www.kame.net. If your computer accesses into the website by using IPv6 address, you may see a turtle dancing on the screen. If not, only a steady turtle will be seen. If you can see a turtle dancing on the screen, that means IPv6 service is ready for you to access and utilize.
3.2 How to Send out SMS via Vigor Router Such vigor router supports the feature of SMS. 1. Go to Application >>Short Message Service to create a new SMS profile. 2. Click any index number link to access into the following web page. 3. In the configuration page, please type profile name, username, password, destination name, quota, sending interval and choose a correct Service Provider. Click OK to save the settings and exit this page.
want to receive the SMS in the field of Destination Number; type the total number of the messages that the router will send out in the field of Quota; type the shortest time interval for the system to send SMS in the field of Sending Interval. For example, it is set with 60 (seconds). If WAN1 disconnects for three times within 60 seconds, the system will send the SMS notification just for once. The Send a test Message button allows you to send one SMS to the user just for test. 4.
6. Configure the settings as the following figure. Choose one of the SMS profiles. In this example, the profile “For warning” is selected. Then, click OK to save the settings. When such WAN (e.g., WAN2 in this example) disconnects due to some reason, the system will use other WAN for connection instead and send SMS to notify the user (destination number #123456789). However, if there is no available WAN for connection, the system will send SMS to inform the user after reconnecting WAN2 successfully.
3.3 How can I get the files from USB storage device connecting to Vigor router? 1. Plug the USB device to the USB port on the router. Make sure Disk Connected appears on the Connection Status as the figure shown below: 2. Open USB Application >> USB General Settings to check the general settings. Click OK.
3. Setup a user account for the FTP service by using USB Application >>USB User Management. Click Enable to enable FTP/Samba User account. Here we add a new account "user1" and assign authorities “Read”, “Write” and “List” to it. 4. Click OK to save the configuration. 5. Make sure the FTP service is running properly. Please open a browser and type ftp://192.168.1.1. Use the account "user1" to login.
6. When the following screen appears, it means the FTP service is running properly. 7. Return to USB Application >> USB Disk Status. The information for FTP server will be shown as below. Now, users in LAN of Vigor2920 can access into the USB storage device by typing ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management.
3.4 How to configure Multi-Subnet for Vigor Router There are two types of VLAN. One is Port Based VLAN; the other is Tag Based VLAN. Refer to the following sections for learning the usage of VLAN. I. Port Based VLAN Vigor2920 can divide the physical LAN ports into several groups. For example, it can divide the internal departments of a company into three different groups. Each group uses different network segment. See the following graphic for an example.
5. In the page of LAN >> General Setup, check the Status box of LAN2 and LAN3 and enable the function of DHCP. After finishing the above configuration, the equipment connecting to Vigor2920 LAN Port can get the corresponding IP address of the network segment. The equipment connecting to Vigor2920 LAN Port 1 (LAN1) can get the IP address of 192.168.1.0/24 The equipment connecting to Vigor2920 LAN Port 2 (LAN2) can get the IP address of 192.168.2.
6. To make any two of VLAN groups linked with each other, just check the boxes of the ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked.
II. Tag Based VLAN By identifying the tagged message, Vigor2920 can divide the LAN Port into several VLAN groups. Such LAN port with tagged information will accept the packets only with VLAN ID number. For example, Vigor2920 can divide the internal departments of a company into four different groups by using VigorSwitch 2240. Each group uses different network segment and does not link for each other. VigorSwitch 2240 Trunk Port 23 and Vigor2920 LAN Port 4 are connected with network cable.
5. To activate the function of VLAN Tag for VLAN3 setting, check the box of Enable and type the value (10) for VID setting. Then check P4 and set LAN4 as the Subnet. 6. In the page of LAN >> General Setup, check the Status box of LAN2, LAN3 and LAN4 and enable the function of DHCP. For the detailed settings of the network segment, open LAN>>General Setup and click Details Page. Adjust the settings for your request. Refer to the following figure.
Configuration for VigorSwitch 2240: 1. Open Vlan>>Tag-based Group. 2. Add four VID groups. In this case, we can explanation it with Port 15, 16, 17, 18 and Trunk Port 23. VLAN Name 2920-VID7, Port Members = 15、23 VLAN Name 2920-VID8, Port Members = 16、23 VLAN Name 2920-VID9, Port Members = 17、23 VLAN Name 2920-VID10, Port Members = 18、23 3.
4. After finishing the above configuration, the equipment connecting to VigorSwitch Port 15, 16, 17 and 18 can get the corresponding IP address(es) of the network segment. The equipment connecting to VigorSwitch Port 15 can get the IP address of 192.168.1.0/24 The equipment connecting to VigorSwitch Port 16 can get the IP address of 192.168.2.0/24 The equipment connecting to VigorSwitch Port 17 can get the IP address of 192.168.3.
3.5 How to Customize Your Login Page Login page can be customized to fit the request of the administrator. 1. Open User Management>>General Setup. Set User-Based as the Mode and click OK to save teh settings. 2. Open User Management>>User Profile to create a new user profle. 3. Click any link (e.g., #3) to access into the following page. Type a User Name and a Password. Then, click OK.
4. Open System Maintenance>>Login Customization. Check the box to enable this function. Type a brief description (e.g., Just for Carrie) in the field of Login Description which will be shown on the heading of the login dialog. Next, click OK. Note that do not type URL redirect link in Bulletin box. 5. Open a new tab in the same browser (for IE 7.0/FireFox and above) or open a new web browser. 6. Try to access into the web configurator (e.g., 192.168.1.1) of Vigor router.
3.6 How to use SmartMonitor with Vigor2920 series For the models that support SmartMonitor, you can connect the device installed with SmartMonitor to the monitor port of Vigor router, then all the traffic in other LAN port will forward to the monitor port. But, there is no hardware monitor port for Vigor2920 series. Therefore we need to configure mirror port setting in the web configurator of Vigor2920 for using SmartMonitor. 1. Please go to LAN > LAN Port Mirror to setup the mirror port. 2.
3.7 Create a LAN-to-LAN Connection Between Remote Office and Headquarter The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address. Settings in Router A in headquarter: 1.
3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection.
5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection.
6. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection.
7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: 1. Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. 2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup.
3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. 5. Set Dial-Out Settings as shown below to dial to connect to Router A aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection.
3.8 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host. Settings in VPN Router in the enterprise office: 1.
3. Go to Remote Dial-In User. Click on one index number to edit a profile. 4. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Settings in the remote host: 1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel to Vigor router. For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.
You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method. The User Name and Password should be consistent with the one set up in the VPN router.
4. Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. 3.9 QoS Setting Example Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. 1.
2. Click Setup link of WAN. Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. 3. Set Inbound/Outbound bandwidth. Note: The rate of outbound/inbound must be smaller than the real bandwidth to ensure correct calculation of QoS. It is suggested to set the bandwidth value for inbound/outbound as 80% - 85% of physical network speed provided by ISP to maximize the QoS performance. 4. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link.
5. For this index, the user will set reserved bandwidth (e.g., 25%) for E-mail using protocol POP3 and SMTP. 6. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. 7. Click Setup link for WAN.
8. Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of influent other application. Click OK. 9. If the worker has connected to the headquarter using host to host VPN tunnel. (Please refer to Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 10. Click Edit to open a new window. 11. Click Edit to open the following window. Check the ACT box, first.
12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK.
3.10 Request a certificate from a CA server on Windows CA Server 1. Go to Certificate Management and choose Local Certificate.
2. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. 3. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. 4. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate.
Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it.
5. Back to Vigor router, go to Local Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------.....” 6. You may review the detail information of the certificate by clicking View button.
3.11 Request a CA Certificate and Set as Trusted on Windows CA Server 1. Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list.
2. In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. 3. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration. 4. You may review the detail information of the certificate by clicking View button.
3.12 Creating an Account for MyVigor The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Web Content Filter) to filtering the web pages for the sake of protecting your system. In general, Service Activation Wizard can activate WCF service for the router by using simple steps.
2. Click the Activate link. A login page for MyVigor web site will pop up automatically. 3. Click the link of Create an account now. 4. Check to confirm that you accept the Agreement and click Accept.
5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue.
7. Now you have created an account successfully. Click START. 8. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login.
10. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password. 11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 3.12.2 Creating an Account via MyVigor Web Site 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue.
5. Now you have created an account successfully. Click START. 6. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login.
8. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want.
This page is left blank.
Advanced Web Configuration This chapter will guide users to execute advanced (full) configuration through admin mode operation. 1. Open a web browser on your PC and type http://192.168.1.1. The window will ask for typing username and password. 2. Please type “admin/admin” on Username/Password for administration operation. Now, the Main Screen will appear. Be aware that “Admin mode” will be displayed on the bottom left side. 4.
From 10.0.0.0 to 10.255.255.255 From 172.16.0.0 to 172.31.255.255 From 192.168.0.0 to 192.168.255.255 What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN, it interconnects groups of host PCs. Each of them has a private IP address assigned by the built-in DHCP server of the Vigor router. The router itself will also use the default private IP address: 192.168.1.1 to communicate with the local hosts.
Therefore, when WAN1/WAN2 is not available, the router will use 3.5G for supporting automatically. The supported 3G USB Modem will be listed on Draytek web site. Please visit www.draytek.com for more detailed information. Network Connection by IPv6 Due to the shortage of IPv4 address, more and more countries use IPv6 to solve the problem.
Each item is explained as follows: Item Description Load Balance Mode This option is available for multiple-WAN for getting enough bandwidth for each WAN port. If you know the practical bandwidth for your WAN interface, please choose the setting of According to Line Speed. Otherwise, please choose Auto Weight to let the router reach the best load balance. Index Click the WAN interface link under Index to access into the WAN configuration page.
Detailed Settings for WAN1/WAN2 Interface (via Ethernet) Be aware that WAN2 is fixed with physical mode of Giga Ethernet. Available settings are explained as follows: Item Description Enable Choose Yes to invoke the settings for this WAN interface. Choose No to disable the settings for this WAN interface. Display Name Type the description for such WAN interface. Physical Mode Display the physical mode of such WAN interface.
sending by WAN1. Disable – Disable the function of VLAN with tag. Tag value – Type the value as the VLAN ID number. The range is form 0 to 4095. Priority – Type the packet priority number for such VLAN. The range is from 0 to 7. Send SMS if line drops out Use the drop down list to choose one of the profiles which will be used to notify the administrator when the network connection is off. Send Mail Alert if line drops out Check the box to enable this function.
Available settings are explained as follows: Item Description Enable Choose Yes to invoke the settings for this WAN interface. Choose No to disable the settings for this WAN interface. Display Name Type the description for such WAN interface. Physical Mode Display the physical mode of such WAN interface. Physical Type In such WAN interface, no type can be selected. Line Speed Type the line speed for downloading and uploading for such WAN interface. The unit is kbps.
which WAN interface will be selected to backup multiple WANs. However, ignore this setting if you want to backup a single WAN. When any WAN disconnect – Such backup WAN will be activated when any master WAN interface disconnects. When all WAN disconnect – Such backup WAN will be activated only when all master WAN interfaces disconnect. 4.1.3 Internet Access For the router supports multi-WAN function, the users can set different WAN settings (for WAN1/WAN2/WAN3) for Internet Access.
Each item is explained as follows: Item Description Index Display the WAN interface. Display Name It shows the name of the WAN1/WAN2/WAN3 that entered in general setup. Physical Mode It shows the physical connection for WAN1(Ethernet)/WAN2 (Ethernet) /WAN3 (3G USB Modem) according to the real network connection. Access Mode Use the drop down list to choose a proper access mode. The details page of that mode will be popped up.
Item Description this function will be closed and all the settings that you adjusted in this page will be invalid. ISP Access Setup Enter your allocated username, password and authentication parameters according to the information provided by your ISP. Username – Type in the username provided by ISP in this field. Password – Type in the password provided by ISP in this field. Index (1-15) in Schedule Setup - You can type in four sets of time schedule for your request.
Item Description WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. Fixed IP – Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address. Default MAC Address – You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. After finishing all the settings here, please click OK to activate them.
Available settings are explained as follows: Item Description Static or Dynamic IP Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. Keep WAN Connection Normally, this function is designed for Dynamic IP environments because some ISPs will drop connections if there is no traffic within certain periods of time. Check Enable PING to keep alive box to activate this function.
Item Description RIP Protocol Routing Information Protocol is abbreviated as RIP(RFC1058) specifying how routers exchange routing tables information. Click Enable RIP for activating this function. Bridge Mode If you check this box to invoke the function, the router will work as a bridge. WAN IP Network Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually.
Item Description such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field. DNS Server IP Address - Type in the primary IP address for the router if you want to use Static IP mode. If necessary, type in secondary IP address for necessity in the future. After finishing all the settings here, please click OK to activate them.
Item Description time schedule for your request. All the schedules can be set previously in Application – Schedule web page and you can use the number that you have set in that web page. MTU It means Max Transmit Unit for packet. The default setting is 1442. PPP Setup PPP Authentication - Select PAP only or PAP or CHAP for PPP. Idle Timeout - Set the timeout for breaking down the Internet after passing through the time without any action.
Item Description Fixed IP Address -Type a fixed IP address. WAN IP Network Settings Obtain an IP address automatically – Click this button to obtain the IP address automatically. Specify an IP address – Click this radio button to specify some data. IP Address – Type the IP address. Subnet Mask – Type the subnet mask. After finishing all the settings here, please click OK to activate them.
Item Description Modem Initial String Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. APN Name APN means Access Point Name which is provided and required by some ISPs. Type the name and click Apply. Modem Initial String2 The initial string 1 is shared with APN. In some cases, users may need another initial AT command to restrict 3G band or do any special settings.
Details Page for Dynamic IP (DHCP Client) in WAN3 To use 4G Wimax /LTE for accessing the internet, please choose Internet Access from WAN menu. Then, select Dynamic IP (DHCP Client) mode for WAN3. The following web page will be shown. Available settings are explained as follows: Item Description 4G Wimax /LTE Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
Details Page for IPv6 – Offline in WAN1/WAN2/WAN3 When Offline is selected, the IPv6 connection will be disabled. Details Page for IPv6 – PPP in WAN1/WAN2 During the procedure of IPv4 PPPoE connection, we can get the IPv6 Link Local Address between the gateway and Vigor router through IPv6CP. Later, use DHCPv6 or Accept RA to acquire the IPv6 prefix address (such as: 2001:B010:7300:200::/64) offered by the ISP.
Note: At present, the IPv6 prefix can be acquired via the PPPoE mode connection which is available for the areas such as Taiwan (hinet), the Netherlands, Australia and UK. Details Page for IPv6 – TSPC in WAN1/WAN2/WAN3 Tunnel setup protocol client (TSPC) is an application which could help you to connect to IPv6 network easily. Please make sure your IPv4 WAN connection is OK and apply one free account from hexago (http://gogonet.gogo6.
Item Description Username Type the name obtained from the broker. Password Type the password assigned with the user name. Confirm Password Type the password again to make the confirmation. Tunnel Broker Type the address for the tunnel broker IP, FQDN or an optional port number. Details Page for IPv6 – AICCU in WAN1/WAN2/WAN3 Available settings are explained as follows: Item Description Username Type the name obtained from the broker. Please apply new account at http://www.sixxs.net/.
Details Page for IPv6 – DHCPv6 Client in WAN1/WAN2 DHCPv6 client mode would use DHCPv6 protocol to obtain IPv6 address from server. Available settings are explained as follows: Item Description Identify Association Choose Prefix Delegation or Non-temporary Address as the identify association. IAID Type a number as IAID. Details Page for IPv6 – Static IPv6 in WAN1/WAN2 This type allows you to setup static IPv6 address for WAN interface.
Available settings are explained as follows: Item Description Static IPv6 Address configuration IPv6 Address – Type the IPv6 Static IP Address. Prefix Length – Type the fixed value for prefix length. Add – Click it to add a new entry. Delete – Click it to remove an existed entry. Current IPv6 Address Table Display current interface IPv6 address. Static IPv6 Gateway Configuration IPv6 Gateway Address - Type your IPv6 gateway address here. 4.1.
Protocol Use the drop-down menu to change the protocol for the WAN interface. WAN Use the drop-down menu to change the WAN interface. Src IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for the end of the source IP. Dest IP Start Displays the IP address for the start of the destination IP. Dest IP End Displays the IP address for the end of the destination IP. Dest Port Start Displays the IP address for the start of the destination port.
Item Description Src IP Start Type the source IP start for the specified WAN interface. Src IP End Type the source IP end for the specified WAN interface. If this field is blank, it means that all the source IPs inside the LAN will be passed through the WAN interface. Dest IP Start Type the destination IP start for the specified WAN interface. Dest IP End Type the destination IP end for the specified WAN interface.
Item Description down list on the web page of Internet Access. Though you can enable eight channels in this page, yet only one channel can be chosen on the web page of Internet Access. Add Tag To identify the usage of VLAN, check this box to invoke this setting. And type the number for VLAN ID (number). Priority To add the packet priority number for such VLAN. The range is from 0 to 7. After finishing all the settings here, please click OK to save the configuration.
Item Description configured with PVC in the page of Application>>IGMP. For other settings, refer to Details Page for PPPoE in WAN1. Bridge General page lets you set the first channel. As to set the third channel, please click the Bridge tab to open Bridge configuration page. Available settings are explained as follows: Item Description Enable Check this box to enable that channel. Only channel 3 to 8 can be set in this page, for channel 1 to 2 are reserved for NAT using.
4.2 LAN Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. 4.2.1 Basics of LAN The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
What is Routing Information Protocol (RIP) Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. What is Static Route When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.
4.2.2 General Setup This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. There are four subnets provided by the router which allow users to divide groups into different subnets (LAN1 – LAN4). In addition, different subnets can link for each other by configuring Inter-LAN Routing. At present, LAN1 setting is fixed with NAT mode only. LAN2 – LAN4 can be operated under NAT or Route mode. IP Routed Subnet can be operated under Route mode.
Force router to use “DNS server IP address” settings as specified in … Force Vigor router to use DNS servers configured in LAN1/LAN2/LAN3/LAN4 instead of DNS servers given by the Internet Access server (PPPoE, PPTP, L2TP or DHCP server). Inter-LAN Routing Check the box to link two or more different subnets (LAN and LAN). After finishing all the settings here, please click OK to save the configuration.
Item Description Enable Relay Agent –Specify which subnet that DHCP server is located the relay agent should redirect the DHCP request to. Start IP Address - Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If the 1st IP address of your router is 192.168.1.1, the starting IP address must be 192.168.1.2 or greater, but smaller than 192.168.1.254. IP Pool Counts - Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to.
Details Page for LAN1 – IPv6 Setup There are two configuration pages for LAN1, Ethernet TCP/IP and DHCP Setup (based on IPv4) and IPv6 Setup. Click the tab for each type and refer to the following explanations for detailed information. Below shows the settings page for IPv6. It provides 2 daemons for LAN side IPv6 address configuration. One is RADVD(stateless) and the other is DHCPv6 Server (Stateful).
list. DHCPv6 Server Configuration Enable Server –Click it to enable DHCPv6 server. DHCPv6 Server could assign IPv6 address to PC according to the Start/End IPv6 address configuration. Disable Server –Click it to disable DHCPv6 server. Start IPv6 Address / End IPv6 Address –Type the start and end address for IPv6 server. DNS Server IPv6 Address Primary DNS Sever – Type the IPv6 address for Primary DNS server. Secondary DNS Server –Type another IPv6 address for DNS server if required.
Item Description configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network. If you want to use another DHCP server in the network other than the Vigor Router’s, you can let Relay Agent help you to redirect the DHCP request to the specified location. Enable Server - Let the router assign IP address to every host in the LAN. Disable Server – Let you manually assign IP address to every host in the LAN.
Available settings are explained as follows: Item Description Network Configuration Enable/Disable - Click Enable to enable such configuration; click Disable to disable such configuration. IP Address - Type in IP address for connecting to a local private network (Default: 192.168.0.1). Subnet Mask - Type in an address code that determines the size of the network. (Default: 255.255.255.0/ 24) RIP Protocol Control – Disable - Deactivate the RIP protocol.
Cancel – Click it to cancel the job of adding, deleting and editing. After finishing all the settings here, please click OK to save the configuration. 4.2.3 Static Route Go to LAN to open setting page and choose Static Route. The router offers IPv4 and IPv6 for you to configure the static route. Both protocols bring different web pages. Each item is explained as follows: Item Description Index The number (1 to 10) under Index allows you to open next page to set up static route.
1. Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control. Then click the OK button. Note: There are two reasons that we have to apply RIP Protocol Control on 1st Subnet. The first is that the LAN interface can exchange RIP packets with the neighboring routers via the 1st subnet (192.168.1.0/24). The second is that those hosts on the internal private subnets (ex. 192.168.10.
4. Go to Diagnostics and choose Routing Table to verify current routing table. Static Route for IPv6 You can set up to 40 profiles for IPv6 static route. Click the IPv6 tab to open the following page: Each item is explained as follows: Item Description Index The number (1 to 40) under Index allows you to open next page to set up static route.
Destination Address Displays the destination address of the static route. Status Displays the status of the static route. Set to Factory Default Clear all of the settings and return to factory default settings. Viewing IPv6 Routing Table Displays the routing table for your reference. Click any underline of index number to get the following page. Available settings are explained as follows: Item Description Enable Click it to enable this profile.
4.2.4 VLAN Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port. You can also manage the in/out rate of each port. Go to LAN page and select VLAN. The following page will appear. Click Enable to invoke VLAN function. Available settings are explained as follows: Item Description VLAN Tag Enable – Enable the function of VLAN with tag. The router will add specific VLAN number to all packets on the LAN while sending them out.
After finishing all the settings here, please click OK to save the configuration. Note: Settings in this page only applied to LAN port but not WAN port. 4.2.5 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet.
ARP Table This table is the LAN ARP table of this router. The information for IP and MAC will be displayed in this field. Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below. Select All Click this link to select all the items in the ARP table. Sort Reorder the table based on the IP address. Refresh Refresh the ARP table listed below to obtain the newest ARP table information.
Available settings are explained as follows: Item Description Port Mirror Check Enable to activate this function. Or, check Disable to close this function. Mirror Port Select a port to view traffic sent from mirrored ports. Mirrored port Select which ports are necessary to be mirrored. After finishing all the settings here, please click OK to save the configuration. 4.2.7 Wired 802.1x IEEE 802.1x is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.
802.1x ports After enabling the function, simply specify the LAN port(s) to apply such function. After finishing all the settings here, please click OK to save the configuration. 4.3 NAT Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one. Public IP address is usually assigned by your ISP, for which you may get charged. Private IP addresses are recognized only among internal hosts.
The port redirection can only apply to incoming traffic. To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 20 port-mapping entries for the internal hosts. Each item is explained as follows: Item Description Index Display the number of the profile. Service Name Display the description of the specific network service. Protocol Display the transport layer protocol (TCP or UDP).
service. Status Display if the profile is enabled (v) or not (x). Press any number under Index to access into next page for configuring port redirection. Available settings are explained as follows: Item Description Enable Check this box to enable such port redirection setting. Mode Two options (Single and Range) are provided here for you to choose. To set a range for the specific service, select Range.
Private Port Specify the private port number of the service offered by the internal host. After finishing all the settings here, please click OK to save the configuration. Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc. Since the common port numbers of these services (servers) are all the same, you may need to reset the router in order to avoid confliction.
The security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: Available settings are explained as follows: Item Description Choose Private IP or Active True IP first. Active True IP selection is available for WAN1 only. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one.
When you have selected one private IP from the above dialog, the IP address will be shown on the screen. Click OK to save the setting. DMZ Host for WAN2 and WAN3 is slightly different with WAN1. See the following figure. If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface, you will find them in Aux. WAN IP for your selection. Available settings are explained as follows: Item Description Enable Check to enable the DMZ Host function.
Choose PC Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. After finishing all the settings here, please click OK to save the configuration.
4.3.3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.
Available settings are explained as follows: Item Description Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. WAN Interface Specify the WAN interface that will be used for this entry. Local Computer Enter the private IP address of the local host or click Choose PC to select one. Choose PC - Click this button and, subsequently, a window having a list of private IP addresses of local hosts will automatically pop up.
Internet. You can use address mapping function to achieve this demand. Simply type 192.168.1.10 as the Private IP; and type 86.123.123.2 as the WAN IP. Available settings are explained as follows: Item Description Index Indicate the relative number for the particular entry that you want to configure You should click the appropriate index number to edit or clear the corresponding entry. Protocol Display the protocol used for this address mapping.
Item Description Enable Check to enable this entry. Protocol Specify the transport layer protocol. It could be TCP, UDP, or ALL for selection. WAN Interface Choose the WAN interface for such address mapping profile. WAN IP Select an IP address. Local host can use this IP to connect to Internet. If you want to choose any one of the Public IP settings, you must specify some IP addresses in the IP Alias List of the Static/DHCP Configuration page first.
Available settings are explained as follows: Item Description Comment Display the text which memorizes the application of this rule. Triggering Protocol Display the protocol of the triggering packets. Triggering Port Display the port of the triggering packets. Incoming Protocol Display the protocol for the incoming data of such triggering profile. Incoming Port Display the port for the incoming data of such triggering profile. Status Display if the rule is active or de-active.
Service Choose the predefined service to apply for such trigger profile. Comment Type the text to memorize the application of this rule. Triggering Protocol Select the protocol (TCP, UDP or TCP/UDP) for such triggering profile. Triggering Port Type the port or port range for such trigger profile. Incoming Protocol When the triggering packets received, it is expected the incoming packets will use the selected protocol.
4.4 Firewall 4.4.1 Basics for Firewall While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet. Furthermore, it can filter out specific packets that trigger the router to build an unwanted outgoing connection.
Stateful Packet Inspection (SPI) Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy static packet filtering, which examines a packet based on the information in its header, stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid. The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection.
4.4.2 General Setup General Setup allows you to adjust settings of IP Filter and common options. Here you can enable or disable the Call Filter or Data Filter. Under some circumstance, your filter set can be linked to work in a serial manner. So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, Apply IP filter to VPN incoming packets, and Accept incoming fragmented UDP packets. Click Firewall and click General Setup to open the general setup page.
After finishing all the settings here, please click OK to save the configuration. Default Rule Page Such page allows you to choose filtering profiles including QoS, Load-Balance policy, WCF, APP Enforcement, URL Content Filter for data transmission via Vigor router. Available settings are explained as follows: Item Description Filter Select Pass or Block for the packets that do not match with the filter rules.
Item Description Load-Balance Policy Choose the WAN interface for applying Load-Balance Policy. User Management Such item is available only when Rule-Based is selected in User Management>>General Setup. The general firewall rule will be applied to the user/user group/all users specified here. Note: When there is no user profile or group profile existed, Create New User or Create New Group item will appear for you to click to create a new one.
Item Description the drop down list in this page to create a new profile. For troubleshooting needs, you can specify to record information for Web Content Filter by checking the Log box. It will be sent to Syslog server. Please refer to section Syslog/Mail Alert for more detailed information. Advance Setting Click Edit to open the following window. However, it is strongly recommended to use the default settings here. Codepage - This function is used to compare the characters among different languages.
4.4.3 Filter Setup Click Firewall and click Filter Setup to open the setup page. To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule. Check Active to enable the rule. Available settings are explained as follows: Item Description Filter Rule Click a button numbered (1 ~ 7) to edit the filter rule. Click the button will open Edit Filter Rule web page.
Available settings are explained as follows: Item Description Check to enable the Filter Rule Check this box to enable the filter rule. Comments Enter filter set comments/description. Maximum length is 14character long. Index(1-15) Set PCs on LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup. The default setting of this field is blank and the function will always work.
Item Description Note: RT means routing domain for 2nd subnet. Source/Destination IP Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Address Type and type them in this dialog. In addition, if you want to use the IP range from defined groups or objects, please choose Group and Objects as the Address Type.
Item Description To set the service type manually, please choose User defined as the Service Type and type them in this dialog. In addition, if you want to use the service type from defined groups or objects, please choose Group and Objects as the Service Type. Protocol - Specify the protocol(s) which this filter rule will apply to.
Item Description Pass Immediately - Packets matching the rule will be passed immediately. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped. Pass If No Further Match - A packet matching the rule, and that does not match further rules, will be passed through. Branch to other Filter Set If the packet matches the filter rule, the next filter rule will branch to the specified filter set. Select next filter rule to branch from the drop-down menu.
Item Description APP Enforcement profile setup. For troubleshooting needs, you can specify to record information for IM/P2P by checking the Log box. It will be sent to Syslog server. Please refer to section Syslog/Mail Alert for more detailed information. URL Content Filter Select one of the URL Content Filter profile settings (created in CSM>> URL Content Filter) for applying with this router. Please set at least one profile for choosing in CSM>> URL Content Filter web page first.
Item Description Window size – It determines the size of TCP protocol (0~65535). The more the value is, the better the performance will be. However, if the network is not stable, small value will be proper. Session timeout–Setting timeout for sessions can make the best utilization of network resources. However, Queue timeout is configured for TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule.
Example As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first.
4.4.4 DoS Defense As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Available settings are explained as follows: Item Description Enable Dos Defense Check the box to activate the DoS Defense Functionality. Select All Click this button to select all the items listed below.
Item defense Description Similar to the UDP flood defense function, once if the Threshold of ICMP packets from Internet has exceeded the defined value, the router will discard the ICMP echo requests coming from the Internet. The default setting for threshold and timeout are 50 packets per second and 10 seconds, respectively. Enable PortScan detection Port Scan attacks the Vigor router by sending lots of packets to many ports in an attempt to find ignorant services would respond.
Item Description fragmented ICMP packets with a length greater than 1024 octets. Block Ping of Death Check the box to activate the Block Ping of Death function. This attack involves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re-construct the packets. The Vigor routers will block any packets realizing this attacking activity. Block ICMP Fragment Check the box to activate the Block ICMP fragment function.
4.5 User Management User Management is a security feature which disallows any IP traffic (except DHCP-related packets) from a particular host until that host has correctly supplied a valid username and password. Instead of managing with IP address/MAC address, User Management function manages hosts with user account. Network administrator can give different firewall policies or rules for different hosts with different User Management accounts. This is more flexible and convenient for network management.
4.5.1 General Setup General Setup can determine the standard (rule-based or user-based) for the users controlled by User Management. The mode (standard) selected here will influence the contents of the filter rule(s) applied to every user. Available settings are explained as follows: Item Description Mode There are two modes offered here for you to choose. Each mode will bring different filtering effect to the users involved.
4.5.2 User Profile This page allows you to set customized profiles (up to 200) which will be applied for users controlled under User Management. Simply open User Management>>User Profile. To set the user profile, please click any index number link to open the following page. Notice that profile 1 (admin) and profile 2 (System Reservation) are factory default settings. Profile 2 is reserved for future use.
Available settings are explained as follows: Item Description Enable this account Check this box to enable such user profile. User Name Type a name for such user profile (e.g., LAN_User_Group_1, WLAN_User_Group_A, WLAN_User_Group_B, etc). When a user tries to access Internet through this router, an authentication step must be performed first. The user has to type the User Name specified here to pass the authentication. When the user passes the authentication, he/she can access Internet via this router.
Item Description For the detailed configuration, simply refer to Firewall>>Filter Rule. The firewall filter rules that are not selected in Firewall>>General>>Default rule can be available for use in User Management>>User Profile. External Service Authentication The router will authenticate the dial-in user by itself or by external service such as LDAP server or Radius server. If LDAP or Radius is selected here, it is not necessary to configure the password setting above.
Item Description type the user name and password for authentication. A window with remaining time of connection for such user will be displayed. Next, the user can access Internet through any browser on Windows. Note that Alert Tool can be downloaded from DrayTek web site. Telnet – If it is selected, the user can use Telnet command to perform the authentication job.
Available settings are explained as follows: Item Description Name Type a name for this user group. Available User Objects You can gather user profiles (objects) from User Profile page within one user group. All the available user objects that you have created will be shown in this box. Notice that user object, Admin and Dial-In User are factory settings. User defined profiles will be numbered with 3, 4, 5 and so on. Selected User Objects Click box.
Item Description Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically. Refresh Click this link to refresh this page manually. Index Display the number of the data flow. Active User Display the users which connect to Vigor router currently. You can click the link under the username to open the user profile setting page for that user. IP Address Display the IP address of the device.
4.6 Objects Settings For IPs in a range and service ports in a limited range usually will be applied in configuring router’s settings, therefore we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). 4.6.1 IP Object You can set up to 192 sets of IP Objects with different conditions.
Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose a proper interface. For example, the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address.
Item Description Start IP Address Type the start IP address for Single Address type. End IP Address Type the end IP address if the Range Address type is selected. Subnet Mask Type the subnet mask if the Subnet Address type is selected. Invert Selection If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. After finishing all the settings here, please click OK to save the configuration. Below is an example of IP objects settings. 4.6.
Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose WAN, LAN or Any to display all the available IP objects with the specified interface. Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box. Selected IP Objects Click >> button to add the selected IP objects in this box.
4.6.3 IPv6 Object You can set up to 64 sets of IPv6 Objects with different conditions. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Name Type a name for this profile. Maximum 15 characters are allowed.
Address Type Determine the address type for the IPv6 address. Select Single Address if this object contains one IPv6 address only. Select Range Address if this object contains several IPv6s within a range. Select Subnet Address if this object contains one subnet for IPv6 address. Select Any Address if this object contains any IPv6 address. Select Mac Address if this object contains Mac address. MAC Address Type the MAC address of the network card which will be controlled.
4.6.4 IPv6 Group This page allows you to bind several IPv6 objects into one IPv6 group. Available settings are explained as follows: Item Description Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail.
Name Type a name for this profile. Maximum 15 characters are allowed. Available IPv6 Objects All the available IPv6 objects with the specified interface chosen above will be shown in this box. Selected IPv6 Objects Click >> button to add the selected IPv6 objects in this box. After finishing all the settings here, please click OK to save the configuration. 4.6.5 Service Type Object You can set up to 96 sets of Service Type Objects with different conditions.
Available settings are explained as follows: Item Description Name Type a name for this profile. Protocol Specify the protocol(s) which this profile will apply to. Source/Destination Port Source Port and the Destination Port column are available for TCP/UDP protocol. It can be ignored for other protocols. The filter rule will filter out any port number.
4.6.6 Service Type Group This page allows you to bind several service types into one group. Available settings are explained as follows: Item Description Name Display a name for this profile. Set to Factory Default Clear all profiles.
Click the number under Index column for settings in detail. Available settings are explained as follows: Item Description Name Type a name for this profile. Available Service Type Objects All the available service objects that you have added on Objects Setting>>Service Type Object will be shown in this box. Selected Service Type Objects Click >> button to add the selected IP objects in this box. After finishing all the settings here, please click OK to save the configuration.
4.6.7 Keyword Object You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Available settings are explained as follows: Item Description Name Display a name for this profile. Set to Factory Default Clear all profiles. Click the number under Index column for setting in detail.
Item Description Name Type a name for this profile, e.g., game. Contents Type the content for such profile. For example, type gambling as Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. After finishing all the settings here, please click OK to save the configuration. 4.6.8 Keyword Group This page allows you to bind several keyword objects into one group.
Available settings are explained as follows: Item Description Name Type a name for this group. Available Keyword Objects You can gather keyword objects from Keyword Object page within one keyword group. All the available Keyword objects that you have created will be shown in this box. Selected Keyword Objects Click this box. button to add the selected Keyword objects in After finishing all the settings here, please click OK to save the configuration. 4.6.
Set to Factory Default Clear all profiles. Click the number under Profile column for configuration in details. Available settings are explained as follows: Item Description Profile Name Type a name for this profile. Type a name for such profile and check all the items of file extension that will be processed in the router. Finally, click OK to save this profile.
4.7 CSM Profile Content Security Management (CSM) CSM is an abbreviation of Content Security Management which is used to control IM/P2P usage, filter the web content and URL content to reach a goal of security management. APP Enforcement Filter As the popularity of all kinds of instant messenger application arises, communication cannot become much easier.
Note: The priority of URL Content Filter is higher than Web Content Filter. 4.7.1 APP Enforcement Profile You can define policy profiles for IM (Instant Messenger)/P2P (Peer to Peer)/Protocol/Misc application. This page allows you to set 32 profiles for different requirements. The APP Enforcement Profile will be applied in Default Rule of Firewall>>General Setup for filtering. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles.
Available settings are explained as follows: Item Description Profile Name Type a name for the CSM profile. Select All Click it to choose all of the items in this page. Clear All Uncheck all the selected boxes. After finishing all the settings here, please click OK to save the configuration. The profiles configured here can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow.
The items categorized under P2P ----- The items categorized under Protocol.
The items categorized under Misc ----- 4.7.2 URL Content Filter Profile To provide an appropriate cyberspace to users, Vigor router equips with URL Content Filter not only to limit illegal traffic from/to the inappropriate web sites but also prohibit other web feature where malicious code may conceal. Once a user type in or click on an URL with objectionable keywords, URL keyword blocking facility will decline the HTTP request to that web page thus can limit user’s access to the website.
For example, if you add key words such as “sex”, Vigor router will limit web access to web sites or web pages such as “www.sex.com”, ”www.backdoor.net/images/sex/p_386.html”. Or you may simply specify the full or partial URL such as “www.sex.com” or “sex.com”. Also the Vigor router will discard any request that tries to retrieve the malicious code. Click CSM and click URL Content Filter Profile to open the profile setting page.
You can set eight profiles as URL content filter. Simply click the index number under Profile to open the following web page. Available settings are explained as follows: Item Description Profile Name Type a name for the CSM profile. Priority It determines the action that this router will apply. Both: Pass – The router will let all the packages that match with the conditions specified in URL Access Control and Web Feature below passing through.
Item Description Log None – There is no log file will be recorded for this profile. Pass – Only the log about Pass will be recorded in Syslog. Block – Only the log about Block will be recorded in Syslog. All – All the actions (Pass and Block) will be recorded in Syslog. URL Access Control Enable URL Access Control - Check the box to activate URL Access Control. Note that the priority for URL Access Control is higher than Restrict Web Feature.
Item Description noticed that the more simplified the blocking keyword list is, the more efficiently the Vigor router performs. Web Feature Enable Restrict Web Feature - Check this box to make the keyword being blocked or passed. Action - This setting is available only when Either: URL Access Control First or Either: Web Feature Firs is selected. Pass allows accessing into the corresponding webpage with the keywords listed on the box below.
4.7.3 Web Content Filter Profile Note: Web Content Filter (WCF) service is powered by Commtouch, the partner of DrayTek. The product name is GlobalView WCF. There are three ways to activate WCF on vigor router, using Service Activation Wizard, by means of CSM>>Web Content Filter Profile or via System Maintenance>>Activation. Service Activation Wizard allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com.
Item Description searching when you type URL in browser based on the web content filter profile. Such server is powered by Commtouch. Setup Test Server It is recommended for you to use the default setting, auto-selected. Such server is powered by Commtouch. Find more Click it to open http://myvigor.draytek.com for searching another qualified and suitable server. Set to Factory Default Click this link to retrieve the factory settings.
Note: If the Web Content Filter (WCF) powered by Commtouch is not activated, the above settings will not be valid. Available settings are explained as follows: Item Description Black/White List Enable – Activate white/black list function for such profile. Group/Object Selections – Click Edit to choose the group or object profile as the content of white/black list. Pass - allow accessing into the corresponding webpage with the characters listed on Group/Object Selections.
Item Description Action Pass - allow accessing into the corresponding webpage with the categories listed on the box below. Block - restrict accessing into the corresponding webpage with the categories listed on the box below. If the web pages do not match with the specified feature set here, it will be processed with reverse action. Log None – There is no log file will be recorded for this profile. Pass – Only the log about Pass will be recorded in Syslog.
To activate the function of limit session, simply click Enable and set the default session limit. Available settings are explained as follows: Item Description Enable Click this button to activate the function of limit session. Disable Click this button to close the function of limit session. Default session limit Defines the default session number used for each computer in LAN. Limitation List Displays a list of specific limitations that you set on this web page.
Item Description Delete Remove the selected settings existing on the limitation list. Administration Message Type the words which will be displayed when reaches the maximum number of Internet sessions permitted. Default Message Click this button to apply the default message offered by the router. Index (1-15) in Schedule Setup You can type in four sets of time schedule for your request.
To activate the function of limit bandwidth, simply click Enable and set the default upstream and downstream limit. Available settings are explained as follows: Item Description Bandwidth Limit Enable - Click this button to activate the function of limit bandwidth. IP Routed Subnet – Check this box to apply the bandwidth limit to the second subnet specified in LAN>>General Setup. Disable - Click this button to close the function of limit bandwidth.
you set for each index. Time Schedule Index (1-15) in Schedule Setup - You can type in four sets of time schedule for your request. All the schedules can be set previously in Application >> Schedule web page and you can use the number that you have set in that web page. After finishing all the settings here, please click OK to save the configuration.
4.8.3 Quality of Service Deploying QoS (Quality of Service) management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network. One reason for QoS is that numerous TCP-based applications tend to continually increase their transmission rate and consume all available bandwidth, which is called TCP slow start.
However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. In the Bandwidth Management menu, click Quality of Service to open the web page.
Item Description service type. Enable the First Priority for VoIP SIP/RTP When this feature is enabled, the VoIP SIP/UDP packets will be sent with highest priority. SIP UDP Port – Set a port number used for SIP. This page displays the QoS settings result of the WAN interface. Click the Setup link to access into next page for the general setup of WAN interface. As to class rule, simply click the Edit link to access into next for configuration.
Available settings are explained as follows: Item Description Enable the QoS Control The factory default for this setting is checked. Please also define which traffic the QoS Control settings will apply to. IN- apply to incoming traffic only. OUT-apply to outgoing traffic only. BOTH- apply to both incoming and outgoing traffic. Check this box and click OK, then click Setup link again. You will see the Online Statistics link appearing on this page.
Item Description bandwidth. Outbound TCP ACK Prioritize The difference in bandwidth between download and upload are great in ADSL2+ environment. For the download speed might be impacted by the uploading TCP ACK, you can check this box to push ACK of upload faster to speed the network traffic. Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application. Edit the Class Rule for QoS 1.
3. For adding a new rule, click Add to open the following page. Available settings are explained as follows: Item Description ACT Check this box to invoke these settings. Ethernet Type Please specify which protocol (IPv4 or IPv6) will be used for this rule. Local Address Click the Edit button to set the local IP address (on LAN) for the rule. Remote Address Click the Edit button to set the remote IP address (on LAN/WAN) for the rule. Edit It allows you to edit source address information.
Item 4. Description that you want for using by current QoS. After finishing all the settings here, please click OK to save the configuration. By the way, you can set up to 20 rules for one Class. If you want to edit an existed rule, please select the radio button of that one and click Edit to open the rule edit page for modification. Edit the Service Type for Class Rule 1. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. 2.
3. For adding a new service type, click Add to open the following page. Available settings are explained as follows: 4. Item Description Service Name Type in a new service for your request. Service Type Choose the type (TCP, UDP or TCP/UDP) for the new service. Port Configuration Click Single or Range as the Type. If you select Range, you have to type in the starting port number and the end porting number on the boxes below.
4.9 Applications Below shows the menu items for Applications. 4.9.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address. It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server.
3. Item Setup Description Auto-Update interval Set the time for the router to perform auto update for DDNS service. View Log Display DDNS log status. Force Update Force the router updates its information to DDNS server. Index Click the number below Index to access into the setting page of DDNS setup to set account(s). WAN Interface Display the WAN interface used. Domain Name Display the domain name that you set on the setting page of DDNS setup.
4. Item Description for such account. Service Provider Select the service provider for the DDNS account. Service Type Select a service type (Dynamic, Custom or Static). If you choose Custom, you can modify the domain that is chosen in the Domain Name field. Domain Name Type in one domain name that you applied previously. Use the drop down list to choose the desired domain. Login Name Type in the login name that you set for applying domain.
time. You can inquiry an NTP server (a time server) on the Internet to synchronize the router’s clock. This method can only be applied when the WAN connection has been built up. Each item is explained as follows: Item Description Set to Factory Default Clear all profiles and recover to factory settings. Index Click the number below Index to access into the setting page of schedule. Status Display if this schedule setting is active or inactive. You can set up to 15 schedules.
2. The detailed settings of the call schedule with index 1 are shown below. Available settings are explained as follows: 3. Item Description Enable Schedule Setup Check to enable the schedule. Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time of the schedule. Duration Time (hh:mm) Specify the duration (or period) for the schedule. Action Specify which action Call Schedule should apply during the period of the schedule.
Example Suppose you want to control the PPPoE Internet access connection to be always on (Force On) from 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down). Office Hour: (Force On) Mon - Sun 9:00 am to 6:00 pm 1. Make sure the PPPoE connection and Time Setup is working properly. 2. Configure the PPPoE always on from 9:00 to 18:00 for whole week. 3. Configure the Force Down from 18:00 to next day 9:00 for whole week. 4.
Item Description authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. After finished the above settings, click OK button to save the settings. 4.9.
The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application.
The UPnP function dynamically adds port mappings on behalf of some UPnP-aware applications. When the applications terminate abnormally, these mappings may not be removed. 4.9.5 IGMP IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. Available settings are explained as follows: Item Description Enable IGMP Proxy Check this box to enable this function.
4.9.6 Wake on LAN A PC client on LAN can be woken up by the router it connects. When a user wants to wake up a specified PC through the router, he/she must type correct MAC address of the specified PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting.
4.9.7 Short Message Service The function of Short Message Service is that Vigor router sends a message to user’s mobile through specified service provider to assist the user knowing the real-time abnormal situations. Vigor router allows you to set up to 8 SMS profiles which will be sent out according to different conditions. Click any index number line to access into the web page for detailed configuration.
Password Type a password that the sender can use to register to selected SMS provider. Destination Number Type the telephone number that you want it to receive the SMS. Quota Type the total number of the messages that the router will send out. Sending Interval Type the shortest time interval for the system to send SMS. For example, it is set with 60 (seconds). If WAN1 disconnects for three times within 60 seconds, the system will send the SMS notification just for once.
Available settings are explained as follows: Item Description LAN-to-LAN Client Mode Selection Choose the client mode. Route Mode/NAT Mode – If the remote network only allows you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. Please choose a LAN-to-LAN Profile There are 32 VPN profiles for users to set.
Item Description When you finish the mode and profile selection, please click Next to open the following page. In this page, you have to select suitable VPN type for the VPN client profile. There are six types provided here. Different type will lead to different configuration page. After making the choices for the client profile, please click Next. You will see different configurations based on the selection(s) you made.
z When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic: z When you choose IPSec, you will see the following graphic: 231 Vigor2920 Series User’s Guide
z When you choose L2TP, you will see the following graphic: z When you choose L2TP over IPSec (Nice to Have) or L2TP over IPSec (Must), you will see the following graphic: Available settings are explained as follows: Item Description Profile Name Type a name for such profile. The length of the file is limited to 10 characters.
Item Description VPN Dial-Out Through Use the drop down menu to choose a proper WAN interface for this profile. This setting is useful for dial-out only. WAN1 First - While connecting, the router will use WAN1 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. WAN1 Only - While connecting, the router will use WAN1 as the only channel for VPN connection. WAN2 First - While connecting, the router will use WAN2 as the first channel for VPN connection.
Item Description select PPTP or L2TP with or without IPSec policy above. Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above. Remote Network IP Please type one LAN IP address (according to the real location of the remote host) for building VPN connection. Remote Network Mask Please type the network mask (according to the real location of the remote host) for building VPN connection.
4.10.2 VPN Server Wizard Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set the LAN-to-LAN profile for VPN dial in connection (from client to server) step by step. Available settings are explained as follows: Item Description VPN Server Mode Selection Choose the direction for the VPN server. Site to Site VPN – To set a LAN-to-LAN profile automatically, please choose Site to Site VPN.
Please choose a Dial-in User Accounts This item is available when you choose Remote Dial-in User (Teleworker) as VPN server mode. There are 32 VPN tunnels for users to set. Allowed Dial-in Type This item is available after you choose any one of dial-in user account profiles. Next, you have to select suitable dial-in type for the VPN server profile. There are several types provided here (similar to VPN Client Wizard). Different Dial-in Type will lead to different configuration page. 1.
z When you check PPTP, you will see the following graphic: z When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must), you will see the following graphic: 237 Vigor2920 Series User’s Guide
z When you check IPSec, you will see the following graphic: Available settings are explained as follows: Item Description Profile Name Type a name for such profile. The length of the file is limited to 10 characters. User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above. Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above.
4. After finishing the configuration, please click Next. The confirmation page will be shown as follows. Available settings are explained as follows: 5. Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access>>Connection Management for viewing VPN Connection status. Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard.
4.10.3 Remote Access Control Enable the necessary VPN service as you need. If you intend to run a VPN server inside your LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through, as well as the appropriate NAT settings, such as DMZ or open port. After finishing all the settings here, please click OK to save the configuration. 4.10.4 PPP General Setup This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec.
Item Description Dial-In PPP Encryption (MPPE Optional MPPE Optional MPPE - This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial-in user. If the remote dial-in user does not support the MPPE encryption algorithm, the router will transmit “no MPPE encrypted packets”. Otherwise, the MPPE encryption scheme will be used to encrypt the data.
¾ Phase 2: negotiation IPSec security methods including Authentication Header (AH) or Encapsulating Security Payload (ESP) for the following IKE exchange and mutual examination of the secure tunnel establishment. There are two encapsulation methods used in IPSec, Transport and Tunnel. The Transport mode will add the AH/ESP payload and use original IP header to encapsulate the data payload only. It can just apply to local packet, e.g., L2TP over IPSec.
4.10.6 IPSec Peer Identity To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 32 entries of digital certificates for peer dial-in users. Each item will be explained as follows: Item Description Set to Factory Default Click it to clear all indexes. Index Click the number below Index to access into the setting page of IPSec Peer Identity.
Available settings are explained as follows: Item Description Profile Name Type the name of the profile. Accept Any Peer ID Click to accept any peer regardless of its identity. Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value. The field can be IP Address, Domain, or E-mail Address. The box under the Type will appear according to the type you select and ask you to fill in corresponding setting.
4.10.7 Remote Dial-in User You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. You may set parameters including specified connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides 32 access accounts for dial-in users.
Available settings are explained as follows: Item Description User account and Authentication Enable this account - Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds. Allowed Dial-In Type PPTP - Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below.
Item Description Specify Remote Node - Check the checkbox to specify the IP address of the remote dial-in user, ISDN number or peer ID (used in IKE aggressive mode). If you uncheck the checkbox, the connection type you select above will apply the authentication methods and security methods in the general settings. Netbios Naming Packet z Pass – Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting.
Item Description Pre-Shared Key - Check the box of Pre-Shared Key to invoke this function and type in the required characters (1-63) as the pre-shared key. Digital Signature (X.509) – Check the box of Digital Signature to invoke this function and Select one predefined Profiles set in the VPN and Remote Access >>IPSec Peer Identity. IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node.
4.10.8 LAN to LAN Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router supports up to 32 VPN tunnels simultaneously. The following figure shows the summary table.
To edit each profile: 1. Click each index to edit each profile and you will get the following page. Each LAN-to-LAN profile includes 4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Available settings are explained as follows: Item Description Profile Name Specify a name for the profile of the LAN-to-LAN connection.
Item Description WAN1 /WAN2 /WAN3 First - While connecting, the router will use WAN1 /WAN2 /WAN3 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. WAN1 /WAN2 /WAN3 Only - While connecting, the router will use WAN1 /WAN2 /WAN3 as the only channel for VPN connection. WAN1 /WAN2 /WAN3 First - While connecting, the router will use WAN1 /WAN2 /WAN3 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead.
Item Description PING packets to a specified IP address. Enable PING to keep alive is used to handle abnormal IPSec VPN connection disruption. It will help to provide the state of a VPN connection for router’s judgment of redial. Normally, if any one of VPN peers wants to disconnect the connection, it should follow a serial of packet exchange procedure to inform each other. However, if the remote peer disconnect without notice, Vigor router will by no where to know this situation.
Item Method Description with IPSec Policy. Medium AH (Authentication Header) means data will be authenticated, but not be encrypted. By default, this option is active. High (ESP-Encapsulating Security Payload)- means payload (data) will be encrypted and authenticated. Select from below: DES without Authentication -Use DES encryption algorithm and not apply any authentication scheme. DES with Authentication-Use DES encryption algorithm and apply MD5 or SHA-1 authentication algorithm.
Item Description You may specify a value in between 900 and 86400 seconds. IKE phase 2 key lifetime-For security reason, the lifetime of key should be defined. The default value is 3600 seconds. You may specify a value in between 600 and 86400 seconds. Perfect Forward Secret (PFS)-The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2. The default value is inactive this function.
Item Description IPSec Tunnel- Allow the remote dial-in user to trigger an IPSec VPN connection through Internet. L2TP with IPSec Policy - Allow the remote dial-in user to make a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPSec. Select from below: z None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection.
Item Description IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node. Medium- Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active. High- Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES.
Item Description Network Mask through the VPN connection. More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router. RIP Direction - The option specifies the direction of RIP (Routing Information Protocol) packets. You can enable/disable one of direction here. Herein, we provide four options: TX/RX Both, TX Only, RX Only, and Disable.
4.10.9 VPN TRUNK Management VPN Backup Management is a backup mechanism to set multiple VPN tunnels for using as backup tunnel. It can assure the network connection would not be cut off due to network environment blocked by any reason. Features of VPN TRUNK – VPN Backup Mechanism ¾ VPN TRUNK-VPN Backup mechanism can judge abnormal situation for the environment of VPN server and correct it to complete the backup of VPN Tunnel in real-time.
Item Description Backup Profile List Set to Factory Default - Click to clear all VPN TRUNK-VPN Backup mechanism profile. No – The order of VPN TRUNK-VPN Backup mechanism profile. Status - “v” means such profile is enabled; “x” means such profile is disabled. Name - Display the name of VPN TRUNK-VPN Backup mechanism profile. Member1 - Display the dial-out profile selected from the Member1 drop down list below. Member2 - Display the dial-out profile selected from the Member2 drop down list below.
Item Description z VPN ServerIP (Private Network) - VPN Server IP of LAN-to-LAN dial-out profiles. Active Mode - Display available mode for you to choose. Choose Backup for your router. Add Add and save new profile to the backup profile list. The corresponding members (LAN-to-LAN profiles) grouped in such new VPN TRUNK – VPN Backup mechanism profile will be locked. The profiles in LAN-to-LAN will be displayed in red. VPN TRUNK – VPN Load Balance mechanism profile will be locked.
4. Take a look for LAN-to-LAN profiles. Index 1 is chosen as Member1; index 2 is chosen as Member2. For such reason, LAN-to-LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed. If you delete the VPN TRUNK – VPN Backup mechanism profile, the selected LAN-to-LAN profiles will be released and expressed in black. How can you set a GRE over IPSec profile? 1. Please go to LAN to LAN to set a profile with IPSec. 2. If the router will be used as the VPN Server (i.e.
Advanced Backup After setting profiles for load balance, you can choose any one of them and click Advanced for more detailed configuration. The windows for advanced load balance and backup are different. Refer to the following explanation: Available settings are explained as follows: Item Description Profile Name List the backup profile name. ERD Mode ERD means “Environment Recovers Detection”. Normal – choose this mode to make all dial-out VPN TRUNK backup profiles being activated alternatively.
4.10.10 Connection Management You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Available settings are explained as follows: Item Description Dial-out Tool General Mode - This filed displays the profile configured in LAN to LAN (with Index number and VPN Server IP address). The VPN connection built by General Mode does not support VPN backup function.
Item Description Dial - Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. VPN Connection Status Display current connected VPN status. VPN – Display the name of the VPN profile. Type – Display the VPN connection mode such as PPTP or IPSec. Remote IP – Display the IP address of remote peer.
4.11 Certificate Management A digital certificate works as an electronic ID, which is issued by a certification authority (CA). It contains information such as your name, a serial number, expiration dates etc., and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Here Vigor router support digital certificates conforming to standard X.509.
Item Description Type in all the information that the window requests. Then click Generate again. Import Click this button to import a saved file as the certification information. Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request.
4.11.2 Trusted CA Certificate Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file. For viewing each trusted CA certificate, click View to open the certificate detail information window.
4.11.3 Certificate Backup Local certificate and Trusted CA certificate for this router can be saved within one file. Please click Backup on the following screen to save them. If you want to set encryption password for these certificates, please type characters in both fields of Encrypt password and Confirm password. Also, you can use Restore to retrieve these two settings to the router whenever you want. 4.12 VoIP Note: This function is used for “V” models.
z Calling via SIP Servers First, the Vigor V models of yours will have to register to a SIP Registrar by sending registration messages to validate. Then, both parties’ SIP proxies will forward the sequence of messages to caller to establish the session. If you both register to the same SIP Registrar, then it will be illustrated as below: The major benefit of this mode is that you don’t have to memorize your friend’s IP address, which might change very frequently if it’s dynamic.
4.12.1 DialPlan This page allows you to set phone book and digit map for the VoIP function. Click the Phone Book and Digit Map links on the page to access into next pages for dialplan settings. Available settings are explained as follows: Item Description Enable Secure Phone It allows users to have encrypted RTP stream with the peer side using the same protocol (ZRTP+SRTP). Check this box to have secure call. Enable SAS Voice Prompt If it is enabled, SAS prompt will be heard every time.
Phone Book In this section, you can set your VoIP contacts in the “phonebook”. It can help you to make calls quickly and easily by using “speed-dial” Phone Number. There are total 60 index entries in the phonebook for you to store all your friends and family members’ SIP addresses. Loop through and Backup Phone Number will be displayed if you are using Vigor 2920V for setting the phone book. Click any index number to display the dial plan setup page.
Dial Out Account Choose one of the SIP accounts for this profile to dial out. It is useful for both sides (caller and callee) that registered to different SIP Registrar servers. If caller and callee do not use the same SIP server, sometimes, the VoIP phone call connection may not succeed. By using the specified dial out account, the successful connection can be assured. Loop through Choose PSTN to enable loop through function.
Digit Map For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface. Available settings are explained as follows: Item Description Enable Check it to enable this entry. Match Prefix The phone number set here is used to add, strip, or replace the OP number. Mode None - No action.
Item Description OP Number The front number you type here is the first part of the account number that you want to execute special function (according to the chosen mode) by using the prefix number. Min Len Set the minimal length of the dial number for applying the prefix number settings. Take the above picture (Prefix Table Setup web page) as an example, if the dial number is between 7 and 9, that number can apply the prefix number settings here.
Item Description Index Display the number link that you can click for configuration. Call Direction Display the direction (IN, OUT, or IN & OUT) for the phone call Barring Type Display the type of the VoIP phone call. Barring Number/URL/URI Display the number, URL or URI of this entry. Route Display if all the phone calls will be blocked with such mechanism. Schedule Display the schedule profiles applied to this entry. Status Display such entry is enabled or not.
Item Description Specific URI/URL or Specific Number This field will be changed based on the type you selected for barring Type. Route All means all the phone calls will be blocked with such mechanism. Index (1-15) in Schedule Enter the index of schedule profiles to control the call barring according to the preconfigured schedules. Refer to section Applications>>Schedule for detailed configuration.
Regional This page allows you to process incoming or outgoing phone calls by regional. Default values (common used in most areas) will be shown on this web page. You can change the number based on the region that the router is placed. Available settings are explained as follows: Item Description Enable Regional Check this box to enable this function. Last Call Return [Miss] Sometimes, people might miss some phone calls.
Item Description Call Forward [All][Act] Dial the number typed in this field to forward all the incoming calls to the specified place. Call Forward [Deact] Dial the number typed in this field to release the call forward function. Call Forward [Busy][Act] Dial the number typed in this field to forward all the incoming calls to the specified place while the phone is busy.
PSTN Setup Some emergency phone (e.g., 911) or special phone cannot be dialed out by using VoIP and can be called out through PSTN line only. To solve this problem, this page allows you to set five sets of PSTN number for dialing without passing through Internet. Please type the number in the field of phone number for PSTN relay. Then, check the Enable box to make the PSTN number available for dial whenever you need. 4.12.2 SIP Accounts In this section, you set up your own SIP settings.
Available settings are explained as follows: Item Description Index Click this link to access into next page for setting SIP account. Profile Display the profile name of the account. Domain/Realm Display the domain name or IP address of the SIP registrar server. Proxy Display the domain name or IP address of the SIP proxy server. Account Name Display the account name of SIP address before @. Codec Display the codec type for the account.
Item Description STUN Server Type in the IP address or domain of the STUN server. External IP Type in the gateway IP address. SIP PING interval The default value is 150 (sec). It is useful for a Nortel server NAT Traversal Support. Available settings are explained as follows: Item Description Profile Name Assign a name for this profile for identifying. You can type similar name with the domain. For example, if the domain name is draytel.org, then you might set draytel-1 in this field.
SIP Port Set the port number for sending/receiving SIP message for building a session. The default value is 5060. Your peer must set the same value in his/her Registrar. Domain/Realm Set the domain name or IP address of the SIP Registrar server. Proxy Set domain name or IP address of SIP proxy server. By the time you can type :port number after the domain name to specify that port as the destination of data transmission (e.g., nat.draytel.
Call Forwarding There are four options for you to choose. Disable is to close call forwarding function. Always means all the incoming calls will be forwarded into SIP URL without any reason. Busy means the incoming calls will be forwarded into SIP URL only when the local system is busy. No Answer means if the incoming calls do not receive any response, they will be forwarded to the SIP URL by the time out. SIP URL – Type in the SIP URL (e.g., aaa@draytel.org or abc@iptel.
Voice Active Detector This function can detect if the voice on both sides is active or not. If not, the router will do something to save the bandwidth for other using. Click On to invoke this function; click off to close the function. 4.12.3 Phone Settings This page allows user to set phone settings for Phone 1 and Phone 2 respectively. However, it changes slightly according to different model you have.
Item Description DTMF Relay – Display DTMF mode that configured in the advanced settings page of Phone Index. RTP Symmetric RTP – Check this box to invoke the function. To make the data transmission going through on both ends of local router and remote router not misleading due to IP lost (for example, sending data from the public IP of remote router to the private IP of local router), you can check this box to solve this problem. Dynamic RTP Port Start - Specifies the start port for RTP stream.
Detailed Settings for Phone Port Click the number link for Phone port, you can access into the following page for configuring Phone settings. Available settings are explained as follows: Item Description Hotline Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set. Session Timer Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically.
Call Transfer Check this box to invoke this function. Click hook flash to initiate another phone call. When the phone call connection succeeds, hang up the phone. The other two sides can communicate, then. Default SIP Account You can set SIP accounts (up to six groups) on SIP Account page. Use the drop down list to choose one of the profile names for the accounts as the default one for this phone setting. Play dial tone only when account registered - Check this box to invoke the function.
Item Description Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Volume Gain Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10. The larger of the number, the louder the volume is. MISC Dial Tone Power Level - This setting is used to adjust the loudness of the dial tone. The smaller the number is, the louder the dial tone is.
Item Description This function is very useful when the network traffic congestion occurs and it still can remain the accuracy of DTMF tone. z SIP INFO- Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode.
4.12.4 Status From this page, you can find codec, connection and other important call status for each port. Each item is explained as follows: Item Description Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information. The information will update immediately when the Refresh button is clicked. Port It shows current connection status for Phone(s) and ISDN ports. Status It shows the VoIP connection status. IDLE - Indicates that the VoIP function is idle.
PeerID The present in-call or out-call peer ID (the format may be IP or Domain). Elapse The format is represented as hours:minutes:seconds. Tx Pkts Total number of transmitted voice packets during this connection session. Rx Pkts Total number of received voice packets during this connection session. Rx Losts Total number of lost packets during this connection session. Rx Jitter The jitter of received voice packets. In Calls Accumulation for the times of in call.
Multiple SSIDs Vigor router supports four SSID settings for wireless connections. Each SSID can be defined with different name and download/upload rate for selecting by stations connected to the router wirelessly. Security Overview Real-time Hardware Encryption: Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience.
the confidential information leakage. For a more flexible deployment, you may add filters of MAC addresses to isolate users’ access from wired LAN. Manage Wireless Stations - Station List will display all the station in your wireless network and the status of their connection. Below shows the menu items for Wireless LAN. 4.13.2 General Setup By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel.
Available settings are explained as follows: Item Description Enable Wireless LAN Check the box to enable wireless function. Mode At present, the router can connect to 11n Only, 11g Only, Mixed (11b+11g), Mixed (11a+11n), Mixed (11g+11n), and Mixed (11b+11g+11n) stations simultaneously. Simply choose Mix (11b+11g+11n) mode. In which, 802.11b/g operates on 2.4G band, 802.11a operates on 5G band, and 802.11n operates on either 2.4G or 5G band.
Item Description Long Preamble This option is to define the length of the sync field in an 802.11 packet. Most modern wireless network uses short preamble with 56 bit sync field instead of long preamble with 128 bit sync field. However, some original 11b wireless network devices only support long preamble. Check it to use Long Preamble if needed to communicate with this kind of devices.
Item Description environment of the network. Rate Control It controls the data transmission rate through wireless connection. Upload – Check Enable and type the transmitting rate for data upload. Default value is 30,000 kbps. Download – Type the transmitting rate for data download. Default value is 30,000 kbps.
4.13.3 Security This page allows you to set security with different modes for SSID 1, 2, 3 and 4 respectively. After configuring the correct settings, please click OK to save and invoke it. The default security mode is Mixed (WPA+WPA2)/PSK. Default Pre-Shared Key (PSK) is provided and stated on the label pasted on the bottom of the router. For the wireless client who wants to access into Internet through such router, please input the default PSK value for connection.
Available settings are explained as follows: Item Description Mode There are several modes provided for you to choose. Note: You should also set RADIUS Server simultaneously if 802.1x mode is selected. Disable - Turn off the encryption mechanism. WEP-Accepts only WEP clients and the encryption key should be entered in WEP Key. WEP/802.1x Only - Accepts only WEP clients and the encryption key is obtained dynamically from RADIUS server with 802.1X protocol. WPA/802.
Item Description as "0x321253abcde..."). WEP 64-Bit - For 64 bits WEP key, either 5 ASCII characters, such as 12345 (or 10 hexadecimal digitals leading by 0x, such as 0x4142434445.) 128-Bit - For 128 bits WEP key, either 13 ASCII characters, such as ABCDEFGHIJKLM (or 26 hexadecimal digits leading by 0x, such as 0x4142434445464748494A4B4C4D). All wireless devices must support the same WEP encryption bit size and have the same key. Four keys can be entered here, but only one key can be selected at a time.
Item Description (expressed by MAC addresses) listed in the box can be grouped under different wireless LAN. For example, they can be grouped under SSID 1 and SSID 2 at the same time if you check SSID 1 and SSID 2. MAC Address Filter Display all MAC addresses that are edited before. Client’s MAC Address Manually enter the MAC address of wireless client. Apply SSID After entering the client’s MAC address, check the box of the SSIDs desired to insert this MAC address into their access control list.
4.13.5 WPS WPS (Wi-Fi Protected Setup) provides easy procedure to make network connection between wireless station and wireless access point (vigor router) with the encryption of WPA and WPA2. Note: Such function is available for the wireless station with WPS supported. It is the simplest way to build connection between wireless network clients and vigor router. Users do not need to select any encryption mode and type any long encryption passphrase to setup a wireless client every time.
z If you want to use PIN code, you have to know the PIN code specified in wireless client. Then provide the PIN code of the wireless client you wish to connect to the vigor router. For WPS is supported in WPA-PSK or WPA2-PSK mode, if you do not choose such mode in Wireless LAN>>Security, you will see the following message box. Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Below shows Wireless LAN>>WPS web page.
Item Description WPS Status Display related system information for WPS. If the wireless security (encryption) function of the router is properly configured, you can see ‘Configured’ message here. SSID Display the SSID1 of the router. WPS is supported by SSID1 only. Authentication Mode Display current authentication mode of the router. Only WPA2/PSK and WPA/PSK support WPS. Configure via Push Button Click Start PBC to invoke Push-Button style WPS setup procedure.
4.13.6 WDS WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application: y y Provide bridge traffic between two LANs through the air. Extend the coverage range of a WLAN. To meet the above requirement, two WDS modes are implemented in Vigor router. One is Bridge, the other is Repeater.
The major difference between these two modes is that: while in Repeater mode, the packets received from one peer AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding. In the following examples, hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links.
Available settings are explained as follows: Item Description Mode Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Bridge mode is designed to fulfill the first type of application. Repeater mode is for the second one. Security There are three types for security, Disable, WEP and Pre-shared key. The setting you choose here will make the following WEP or Pre-shared key field valid or not. Choose one of the types for the router.
Item Description Key - Type 8 ~ 63 ASCII characters or 64 hexadecimal digits leading by “0x”. Bridge If you choose Bridge as the connecting mode, please type in the peer MAC address in these fields. Four peer MAC addresses are allowed to be entered in this page at one time. Yet please disable the unused link to get better performance. If you want to invoke the peer MAC address, remember to check Enable box in the front of the MAC address after typing.
4.13.7 Advanced Setting This page allows users to set advanced settings such as operation mode, channel bandwidth, guard interval, and aggregation MSDU for wireless data transmission. Available settings are explained as follows: Item Description Operation Mode Mixed Mode – the router can transmit data with the ways supported in both 802.11a/b/g and 802.11n standards. However, the entire wireless transmission will be slowed down if 802.11g or 802.11b wireless client is connected.
4.13.8 WMM Configuration WMM is an abbreviation of Wi-Fi Multimedia. It defines the priority levels for four access categories derived from 802.1d (prioritization tabs). The categories are designed with specific types of traffic, voice, video, best effort and low priority data. There are four accessing categories - AC_BE , AC_BK, AC_VI and AC_VO for WMM. APSD (automatic power-save delivery) is an enhancement over the power-save mechanisms supported by Wi-Fi networks.
Item Description smaller; however, the difference between AC_BE and AC_BK categories must be greater. Txop It means transmission opportunity. For WMM categories of AC_VI and AC_VO that need higher priorities in data transmission, please set greater value for them to get highest transmission opportunity. Specify the value ranging from 0 to 65535. ACM It is an abbreviation of Admission control Mandatory. It can restrict stations from using specific category class if it is checked.
Available settings are explained as follows: Item Description Scan It is used to discover all the connected AP. The results will be shown on the box above this button. Statistics It displays the statistics for the channels used by APs. Add to If you want the found AP applying the WDS settings, please type in the AP’s MAC address on the bottom of the page and click Bridge or Repeater. Next, click Add to. Later, the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page.
4.13.10 Station List Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Available settings are explained as follows: Item Description Refresh Click this button to refresh the status of station list. Add Click this button to add current typed MAC address into Access Control.
4.13.11 Web Portal This page allows you to specify an URL for accessing into or display a message when a wireless user connects to Internet through this router. No matter what purpose of the wireless client is, he/she will be forced into the URL configured here while trying to access into the Internet or the desired web page through this router. That is, a company which wants to have an advertisement for its products to the users, can specify the URL in this page to reach its goal.
4.14 USB Application USB storage disk connected on Vigor router can be regarded as a server. By way of Vigor router, clients on LAN can access, write and read data stored in USB storage disk with different applications. After setting the configuration in USB Application, you can type the IP address of the Vigor router and username/password created in USB Application>>USB User Management on the client software.
Item Description Default Charset is for English based file name. For Simplified Chinese file/directory names, please choose GB2312; for Traditional Chinese file/directory names, choose BIG5. Samba Service Settings Click Enable to invoke samba service via the router. Access Mode LAN Only – Users coming from internet cannot connect to the samba server of the router. LAN And WAN - Both LAN and WAN users can access samba server of the router.
Set to Factory Default Click it to clear all profiles settings. Click any index number to access into the configuration page. Available settings are explained as follows: Item Description FTP/Samba User Enable – Click this button to activate this profile (account) for FTP service or Samba User service. Later, the user can use the username specified in this page to login into FTP server. Disable – Click this button to disable such profile.
Item Description ON, you cannot type any new folder name in this field. Only “/” can be used in such case. You can click to open the following dialog to add any new folder which can be specified as the Home Folder. Access Rule It determines the authority for such profile. Any user, who uses such profile for accessing into USB storage disk, must follow the rule specified here. File – Check the items (Read, Write and Delete) for such profile.
Available settings are explained as follows: Item Description Click this icon to refresh files list. Refresh Back Click this icon to return to the upper directory. Click this icon to add a new folder. Create Current Path Display current folder. Upload Click this button to upload the selected file to the USB storage disk. The uploaded file in the USB storage disk can be shared for other user through FTP. 4.14.
4.14.5 Syslog Explorer Such page provides real-time syslog and displays the information on the screen. For Web Syslog Available parameters are explained as follows: Item Description Enable Web Syslog Check this box to enable the function of Web Syslog. Syslog Type Use the drop down list to specify a type of Syslog to be displayed. Display Mode There are two modes for you to choose. Stop record when fulls – when the capacity of syslog is full, the system will stop recording.
For USB Syslog This page displays the syslog recorded on the USB storage disk. Each item is explained as follows: Item Description Time Display the time of the event occurred. Log Type Display the type of the record. Message Display the information for each event.
4.15 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, Firmware Upgrade. Below shows the menu items for System Maintenance. 4.15.1 System Status The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.
Item Description LAN MAC Address - Display the MAC address of the LAN Interface. IP Address - Display the IP address of the LAN interface. Subnet Mask - Display the subnet mask address of the LAN interface. DHCP Server - Display the current status of DHCP server of the LAN interface DNS - Display the assigned IP address of the primary DNS. Wireless LAN MAC Address - Display the MAC address of the wireless LAN. Frequency Domain - It can be Europe (13 usable channels), USA (11 usable channels) etc.
4.15.2 HTTPS Encryption Setup The encryption methods configured in this page would influence the access of HTTP web site and the encryption algorithm used by SSL Tunnel. Available parameters are explained as follows: Item Description High Choose this option to have high security. Default If you have no idea of this setting, simply use the default setting as HTTPS encryption mode. Low Choose this option to have high performance.
4.15.3 TR-069 This device supports TR-069 standard. It is very convenient for an administrator to manage a TR-069 device through an Auto Configuration Server, e.g., VigorACS. Available parameters are explained as follows: Item Description ACS Server On Choose the interface for the router connecting to ACS server. ACS Server URL/Username/Password – Such data must be typed according to the ACS (Auto Configuration Server) you want to link.
Item Description Server Port – Type the port number of the STUN server. Minimum Keep Alive Period – If STUN is enabled, the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway. Please type a number as the minimum period. The default setting is “60 seconds”. Maximum Keep Alive Period – If STUN is enabled, the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway. Please type a number as the maximum period.
4.15.5 User Password Sometimes, you may want to access into User Mode to configure the web settings for some reason. Vigor router allows you to set new user password to login into the WUI to fit your request. Simply open System Maintenance>>User Password. Available parameters are explained as follows: Item Description Enable User Mode for simple web configuration Check this box to enable user mode operation.
3. The following screen will appear. Simply click OK. 4. Log out Vigor router Web Configurator. 5. The following window will be open to ask for username and password. Type the new user password in the filed of Password and click Login. 6. The main screen with User Mode will be shown as follows.
Settings to be configured in User Mode will be less than settings in Admin Mode. Only basic configuration settings will be available in User Mode. Setting in User Mode can be configured as same as in Admin Mode. 4.15.6 Login Customization When you want to access into the web configurator of Vigor router, the system will ask you to offer username and password first. At that moment, the background of the web page is blank and no heading will be displayed on the Login window.
Available settings are explained as follows: Item Description Enable Check this box to enable the login customization function. Login Description Type a brief description (e.g., Welcome to DrayTek) which will be shown on the heading of the login dialog. Bulletin Type words or sentences here. It will be displayed for bulletin message. In addition, it can be displayed on the login dialog at the bottom.
2. Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. 3. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. 4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples.
Restore Configuration 1. Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. 2. Click Browse button to choose the correct configuration file for uploading to the router. 3. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. 4.15.8 Syslog/Mail Alert SysLog function is provided for users to monitor router.
Item Description Syslog server. Check USB Disk to save the log to the attached USB storage disk. Router Name Display the name for such router configured in System Maintenance>>Management. If there is no name here, simply lick the link to access into System Maintenance>>Management to set the router name. Server IP Address The IP address of the Syslog server. Destination Port Assign a port for the Syslog protocol.
3. From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. 4.15.9 Time and Date It allows you to specify where the time of the router should be inquired from. Available parameters are explained as follows: Item Description Current System Time Click Inquire Time to get the current time.
Item Description Server IP Address Type the IP address of the time server. Time Zone Select the time zone where the router is located. Enable Daylight Saving Check the box to enable the daylight saving. Such feature is available for certain area. Automatically Update Interval Select a time interval for updating from the NTP server. Click OK to save these settings. 4.15.10 Management This page allows you to manage the settings for access control, access list, port setup, and SMP setup.
Item Description specify. Disable PING from the Internet - Check the checkbox to reject all PING packets from the Internet. For security issue, this function is enabled by default. Access List You could specify that the system administrator can only login from a specific host or network defined in the list. A maximum of three IPs/subnet masks is allowed. List IP - Indicate an IP address allowed to login to the router. Subnet Mask - Represent a subnet mask allowed to login to the router.
4.15.11 Reboot System The Web Configurator may be used to restart your router. Click Reboot System from System Maintenance to open the following page. Index (1-15) in Schedule Setup - You can type in four sets of time schedule for performing system reboot. All the schedules can be set previously in Applications >> Schedule web page and you can use the number that you have set in that web page.
4.15.12 Firmware Upgrade You have to visit DrayTek website periodically to check if there is any new released firmware offered for your Vigor router to have newest features. If yes, download the file into your computer first. Next, access into web interface of this router and open System Maintenance>> Firmware Upgrade. In the following web page, click Browse.. to locate file downloaded from DrayTek web site. Then, click the Upgrade button to perform the firmware upgrade operation.
4.15.13 Activation There are three ways to activate WCF on vigor router, using Service Activation Wizard, by means of CSM>>Web Content Filter Profile or via System Maintenance>>Activation. After you have finished the setting profiles for WCF (refer to Web Content Filter Profile), it is the time to activate the mechanism for your computer. Click System Maintenance>>Activation to open the following page for accessing http://myvigor.draytek.com. Note that such service mechanism is powered by Commtouch.
Below shows the successful activation of Web Content Filter: 4.16 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics.
4.16.1 Dial-out Triggering Click Diagnostics and click Dial-out Triggering to open the web page. The internet connection (e.g., PPPoE) is triggered by a package sending from the source IP address. Each item is explained as follows: Item Description Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page.
4.16.2 Routing Table Click Diagnostics and click Routing Table to open the web page. Each item is explained as follows: Item Description Refresh Click it to reload the page.
4.16.3 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Each item is explained as follows: Item Description Clear Click it to clear the whole table. Refresh Click it to reload the page. 4.16.4 IPv6 Neighbour Table The table shows a mapping between an Ethernet hardware address (MAC Address) and an IPv6 address.
Item Description Refresh Click it to reload the page. 4.16.5 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click DHCP Table to open the web page. Available settings are explained as follows: Item Description Index It displays the connection item number. IP Address It displays the IP address assigned by this router for specified PC.
Refresh Click it to reload the page. 4.16.6 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the list page. Each item is explained as follows: Item Description Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. Interface It displays the representing number for different interface.
4.16.7 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page.
Item Description Refresh Click this link to refresh this page manually. Index Display the number of the data flow. IP Address Display the IP address of the monitored device. TX rate (kbps) Display the transmission speed of the monitored device. RX rate (kbps) Display the receiving speed of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Action Block - can prevent specified PC accessing into Internet within 5 minutes.
4.16.8 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page. Choose WAN1/WAN2/WAN3 Bandwidth, Sessions, daily or weekly for viewing different traffic graph. Click Refresh to renew the graph at any time. The horizontal axis represents time. Yet the vertical axis has different meanings. For WAN1/WAN2/WAN3 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past.
4.16.9 Ping Diagnosis Click Diagnostics and click Ping Diagnosis to pen the web page. Each item is explained as follows: Item Description IPV4 /IPV6 Choose the protocol for such function. Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically.
want to ping. IP Address Type in the IP address of the Host/IP that you want to ping. Ping IPv6 Address Type the IPv6 address that you want to ping. Run Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. 4.16.10 Trace Route Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host.
Each item is explained as follows: Item Description IPv4 / IPv6 Choose the protocol for such function. Trace through Use the drop down list to choose the interface that you want to ping through. Protocol Use the drop down list to choose the protocol that you want to ping through. Host/IP Address It indicates the IPv4 address of the host if IPv4 protocol is selected. Trace Host/IP Address It indicates the IPv6 address of the host if IPv6 protocol is selected.
4.16.11 Syslog Explorer Such page provides real-time syslog and displays the information on the screen. For Web Syslog This page displays the time and message for User/Firewall/call/WAN/VPN settings. You can check Enable Web Syslog, specify the type of Syslog and choose the display mode you want. Later, the event of Syslog with specified type will be shown for your reference.
For USB Syslog This page displays the syslog recorded on the USB storage disk. Available parameters are explained as follows: Item Description Time Display the time of the event occurred. Log Type Display the type of the record. Message Display the information for each event. 4.16.12 TSPC Status IPv6 TSPC status web page could help you to diagnose the connection status of TSPC.
4.17 External Devices Vigor router can be used to connect with many types of external devices. In order to control or manage the external devices conveniently, open External Devices to make detailed configuration. From this web page, check the box of External Device Auto Discovery. Later, all the available devices will be displayed in this page with icons and corresponding information. You can change the device name if required or remove the information for off-line device whenever you want.
This page is left blank.
Trouble Shooting situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Checking if the hardware status is OK or not. z Checking if the network connection settings on your computer are OK or not. z Pinging the router from your computer. z Checking if the ISP settings are OK or not. z Backing to factory default setting if necessary.
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.DrayTek.com. 1.
4. Select Obtain an IP address automatically and Obtain DNS server address automatically. For Mac OS 1. Double click on the current used Mac OS on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
5.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 5.2) Please follow the steps below to ping the router correctly.
5.4 Checking If the ISP Settings are OK or Not Open WAN >> Internet Access page and then check whether the ISP settings are set correctly. Click Details Page of WAN1/WAN2/WAN3 to review the settings that you configured previously. 5.5 Problems for 3G Network Connection When you have trouble in using 3G network transmission, please check the following: Check if USB LED lights on or off You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2920.
Transmission Rate is not fast enough Please connect your Notebook with 3G USB Modem to test the connection speed to verify if the problem is caused by Vigor2920. In addition, please refer to the manual of 3G USB Modem for LED Status to make sure if the modem connects to Internet via HSDPA mode. If you want to use the modem indoors, please put it on the place near the window to obtain better signal receiving. 5.
Hardware Reset While the router is running (ACT LED blinking), press the Factory Reset button and hold for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the button. Then, the router will restart with the default configuration. After restore the factory default setting, you can configure the settings for the router again to fit your personal request. 5.
Vigor2920 Series User’s Guide 362
