271
Vigor300B Multi-WAN Load Balancer User’s Guide Version: 2.1 Firmware Version: V1.2.
Intellectual Property Rights (IPR) Information Copyrights © All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: Microsoft is a registered trademark of Microsoft Corp.
European Community Declarations Manufacturer: Address: Product: DrayTek Corp. No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan 303 Vigor300B DrayTek Corp. declares that Vigor300B of routers are in compliance with the following essential requirements and other relevant provisions of EC, Directive 2004/108/EC.
Table of Contents Chapter 1: Introduction .....................................................................................................1 1.1 LED Indicators and Connectors ................................................................................................... 2 1.2 Hardware Installation.................................................................................................................... 4 1.2.1 Network Connection ..............................................................
4.5.1 Filter Setup ..........................................................................................................................133 4.5.2 DoS Defense .......................................................................................................................157 4.5.3 MAC Block ...........................................................................................................................161 4.5.4 Filter Counter ..............................................................
4.11.5 Time and Date ...................................................................................................................288 4.11.6 Access Control...................................................................................................................289 4.11.7 SNMP Setup ......................................................................................................................293 4.11.8 Reboot System .......................................................................
Chapter 1: Introduction Note: This is a generic International version of the user guide. Specification, compatibility and features vary by region. For specific user guides suitable for your region or product, please contact local distributor. Vigor300B, a firewall broadband router with multi-WAN interface, can connect to xDSL/cable/VDSL2/Ethernet FTTx. The multi-WAN and LAN switch facilitate unified communication applications in business CO/remote site to handle large data from subscribed fatter pipe.
1.1 LED Indicators and Connectors Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. The displays of LED indicators and connectors for the routers are different slightly.
Connectors Interface Factory Reset LAN1/2 (Giga) WAN1/2/3/4 (Giga) USB1/2 Description Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration. Connecters for local networked devices. Connecters for remote networked devices. Connecter for Mobile HDD, 3G Modem or printer.
1.2 Hardware Installation 1.2.1 Network Connection Before starting to configure the router, you have to connect your devices correctly. 1. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of Vigor300B. 2. Connect the other end of the cable (RJ-45) to the Ethernet port on your computer (that device also can connect to other computers to form a small area network). The LAN LED for that port on the front panel will light up. 3.
1.2.2 Rack-Mounted Installation The Vigor300B Series can be mounted on the wall by using standard brackets shown below. Before mounting the router on the wall or the rack, you have to make sure that power is OFF. Remember to remove the power cable and all network interface cables, and consider the cable limitations and the wall structure when choosing a wall for mounting. Do the following steps to mount the router on rack: 1. Attach the brackets to the chassis of a rack.
Do the following steps to mount the router on wall: 1. Attach the brackets on each side of the chassis by using the machine screws. Each side requires two screws. 2. Locate the wall studs for attaching the router. Drill wall-mount screw holes and put the studs on the holes first. 3. Make the reserved holes on the brackets align to the studs on the wall. Use machine screws to fasten the brackets on the wall. Each side requires two screws.
Chapter 2: Basic Setup For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully. Be aware that only the administrator can change the router configuration. 2.1 Changing Password To change the password for this device, you have to access into the web browse with default password first. 1.
3. Now, the Main Screen will pop up. 4. Go to System Maintenance page and choose Administrator Password. 5. Enter the login password (admin) on the field of Original Password. Type a new one in the field of New Password and retype it on the field of Confirm Password. Then click Apply to continue. 6. Now, the password has been changed. Next time, use the new password to access the Web User Interface for this router.
2.2 Quick Start Wizard Quick Start Wizard is a wizard which is designed for configuring your router accessing Internet with simply steps. In the Quick Start Wizard group, you can configure the router to access the Internet with different modes such as Static, DHCP, PPPoE, or PPTP modes. For most users, Internet access is the primary application. The router supports the Ethernet WAN interface for Internet access. Click Quick Start Wizard from the home page.
Item Description PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem. All the users over the Ethernet can share a common connection. PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode.
2.2.2 Step 2 - Configuring the Selected Protocol This page will be changed according to the IPv4 Protocol Type selected on last page. If Static is selected If Static is selected, the following screen will appear. You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings. Available parameters are listed as follows: Item Description IP Address Type a public IP address for such WAN profile.
Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish. If DHCP is selected DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP address for Vigor300B automatically. It is not necessary for you to assign any setting. (Host Name is required for some ISPs).
If PPPoE is selected PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem. All the users over the Ethernet can share a common connection. PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet.
When the following screen appears, it means you have finished the Quick Start Wizard configuration.
2.3 Register Vigor Router Please follow the steps below to register the router. 1 Before using such function, please register your router online first. Log into the Web User Interface of Vigor300B and click Product Registration. 2 A Login page will be shown on the screen. Please type the account and password that you created previously. And click Login. Note: If you haven’t an accessing account, please create a new one first.
3 The following page will be displayed after you logging in MyVigor. From this page, please click Add. Note: Below the field of Your Device List, all the Vigor routers that you have registered to MyVigor website will be displayed in sequence. 4 When the following page appears, please type in Nick Name (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date).
5 Now, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. 6 Take a look at the page of My Information, the new added Vigor300B is listed under Your Device List.
This page is left blank.
Chapter 3: Application and Tutorial 3.1 How to Use Web Content Filter (WCF)? There are many kinds of benefits of Web Content Filtering, such as productivity enhancement, bandwidth regulation, HR policy compliance, and preventing web threats. Plus, with the pre-categorized items, IT staff can save plenty of time from creating firewall rules for unwanted contents. Note: The Web Content Filter (WCF) is license-required with the annual renewal fee.
Note: We can check out which category the URL belongs to by visiting the following website. http://www.cyren.com/url-category-check.html. 3. Go to Firewall >> Filter Setup, select “URL/Web Category Filter”, and click “Add”. 4. Type Profile name, tick Enable and enable Filter HTTPS. Tick DrayTek_WCF in Web Category Policy under the Action Policy. Click Apply. 5. The message window will be shown when we try to access facebook.
Every time the connection matches the category we selected to block, the user will see the block message above.
3.2 How to Configure WAN Inbound Load Balance? The document introduces Inbound Load Balance, which is a feature allows Vigor 2960/300B/3900, when acting as a DNS Server, to distribute the traffic across multiple WAN interfaces. There will be five parts of setting: enabling Web/FTP services on the router, setting weight for the Web server, setting weight for the FTP server, and setting CNAME for the FILE server, and setting NS Record (optional). A. Enabling Web/FTP services on the router 1.
2. Go to WAN >> Load Balance to enable the services. B. Setting weight for the Web server 1. Add a profile for domain name “jos.com” and “www.jos.tw”, then assign a weight of 1 to WAN 1 and 2 for WAN2. This meas that when receiving three DNS queries, DNS server will return WAN1's IP for the first time, and WAN'2 IP for the next two times. 2. Click Detail tab to add Additional A Record for Host Name “www.jos.com” to corresponds with “jos.com” with same weight 1:2.
After the settings have done, we do “nslookup” to query the domain name for 3 times, and the results are reflecting the Interface Weights. The test of query for “jos.com” First DNS query >jos.com Server: [77.77.77.77] Address: 77.77.77.77 Name: jos.com Address: 77.77.77.77 Second DNS query >jos.com Server: [77.77.77.77] Address: 77.77.77.77 Name: jos.com Address: 88.88.88.88 Third DNS query >jos.com Server: [77.77.77.77] Address: 77.77.77.77 Name: jos.com Address: 88.88.88.88 The test of query for “www.
Address: 88.88.88.88 Aliases: www.jos.com Third DNS query >www.jos.com Server: [77.77.77.77] Address: 77.77.77.77 Name: jos.com Address: 88.88.88.88 Aliases: www.jos.com C. Setting weight for the File server (Sub-domain) 1. Add a profile for Sub-domain “fileserver.jos.com" with Load Balance Mode, and assign a weight of 1 to WAN 1 and 2 for WAN2. Note: “Use Domain Setting” Mode means the weight will be the same as the weight of Domain Name “jos.com”.
>fileserver.jos.com Server: [77.77.77.77] Address: 77.77.77.77 Name: fileserver.jos.com Address: 88.88.88.88 D. Setting CNAME for the File server (Sub-domain) 1. After creating profile for Sub-domain “fileserver.jos.com", we may add CNAME Record for Sub-domain “fileserver.jos.com" via Inbound Load Balance >> Detail page. 2. Click Add then input host "ftp" and select "fileserver" as Reference. After the settings we do nslookup and query “ftp.jos.
>ftp.jos.com Server: [77.77.77.77] Address: 77.77.77.77 Name: fileserver.jos.com Address: 88.88.88.88 Aliases: ftp.jos.com E. Setting up NS Records (Optional) 1. NS Record is not necessary since the NS records should be already available in the upper DNS servers. 2. When NS server is with different domain name, such as “vivian.com”, please add the NS Record with name server field and end it with “.” (a dot) 3. When NS server is with same domain name, such as “jos.
3.3 How to Configure WAN Load Balancing with Policy Route on Vigor300B? This document demonstrates how to do WAN load balancing with Policy Route feature in Routing. In the firmware before version 1.0.9, this is a feature in WAN menu called Load Balance Rule. After upgrading firmware to version 1.0.9, the Rules set in WAN >> Load Balance will be transferred to Policy Rule automatically. In this example, we have WAN1 and WAN2 connected on Vigor3900, and we would like to balance the traffic across them.
a. Enter rule name. b. Enable this rule. c. Select Source Type as Subnet, and enter the IP address and Subnet Mask of LAN1. d. Select Out-Going Rule as User Defined, and Interface as WAN1. e. Enable Failover to Next Rule so that when WAN1 fails, it will follow the next rule. f. Click Apply to save the configuration. With the above configuration, traffic from LAN1 will be sent to WAN1.
Default Pool can be configured at Routing>>Load Balance Pool. By default, every WAN interface has the same weight. So that when Default Route is applied, every available WAN interface will be used equally. 4. If you want to use a specific WAN interface to be the failover interface, please create another Policy Rule. For example, you can create a second rule for LAN2 to go to the Internet via WAN1. Now there are two policy rules with the same Source but different Out-going Rule.
Chapter 4: Advanced Web Configuration After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to chapter 3. 4.1 WAN Setup Quick Start Wizard offers user an easy method to quick setup the connection mode for the router.
via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. 4.1.1 General Setup This section will introduce some general settings of Internet and explain the connection modes for WAN profiles in details. This router supports multi-WAN function. It allows users to access Internet and combine the bandwidth of the WAN profiles to speed up the transmission through the network.
Profile Number Limit Display the total number (50) of the profiles to be created. Profile (max length:7) Display the profile name. Enable Display the status of the profile. False means disabled; True means enabled. Description Display a brief explanation for such profile. Port Display the physical WAN interface for such profile. IPv4 Protocol Type Display the IPv4 protocol selected by the profile. IPv6 Protocol Type Display the IPv6 protocol selected by the profile.
Port Display the physical WAN interface for such profile. Default MAC Address Enable – Click it to enable the default MAC address for such profile. Disable – Click it to type the MAC address manually for such profile. MAC Address Specify the MAC address for such profile. In default, the system will determine it automatically. IPv4 Protocol There are several connection modes for you to specify for IPv4 protocol type. Each mode will bring up different web page.
Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. General Settings allows you to enable the profile, give a brief explanation for such profile, specify the VLAN ID, specify MAC address, choose IPv4 and IPv6 protocol, and specify the mode of the data transmission (NAT or Routing). Note: The DMZ tab is available for WAN4 profile only.
Address cursor on this filed. The following dialog will appear. Add – click this button to have a field for adding a new IP address. Save – click this button to save the setting. – click the icon to remove the selected entry. IP Alias Type other IP addresses to be bound to this interface. This setting is optional. If you have typed addresses here, you can see and choose it in later web page settings (e.g., NAT>>Port Redirection/DMZ Host).
destination to be detected whether the host is active (sending reply to the router) or not. If not, the connection of WAN interface will be regarded as breaking down. Save – click this button to save the setting. – click the icon to remove the selected entry. Connection Detection Interval Assign an interval period of time for each detecting. Connection Detection Retry Assign detecting times to ensure the connection of the WAN interface.
setting is optional. If you have typed addresses here, you can see and choose it in later web page settings (e.g., NAT>>Port Redirection/DMZ Host). Add – To add a new IP address, click Add. Type the IP address and use the drop down list to specify the subnet mask. Next, click Save. The new one will be added and displayed on the field under the box. Save – click this button to save the setting. – click the icon to remove the selected entry. MTU/MRU It means Max Transmit Unit for packet.
interface will be regarded as breaking down. Vendor Class ID (option 60) It is used to identify the vendor type and the configuration of a DHCP client. DHCP Client ID (option 61) It used to specify a DHCP client identifier in a host declaration, so that DHCP can find the host record by matching against the client identifier. Specify DNS Enable – Click it to enable the function of DNS specified. It is used for local service (e.g., NTP, ping diagnostic) or used for forwarding packets to PC on LAN/VPN.
If you choose PPPoE as IPv4 protocol type, click the PPPoE Tab to open the following page: Available parameters are listed as follows: Item Description Username Type the user name offered by your ISP. Password Type the password offered by your ISP. MTU/MRU Type the value of MTU/MRU. The default value is 1492. Service Name This is an optional setting. Some ISP will offer such information and ask you to type the same data on this field.
Add – Click this button to have a field for adding a new IP address. Assign an IP address or Domain name as a destination to be detected whether the host is active (sending reply to the router) or not. If not, the connection of WAN interface will be regarded as breaking down. Save – click this button to save the setting. – click the icon to remove the selected entry. Connection Detection Interval Assign an interval period of time for each detecting.
DNS Add – click this button to have a field for adding a new IP address. Save – click this button to save the setting. – click the icon to remove the selected entry. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration.
router will keep network connection all the time. Disable – Click it to disable the function of Always On. Connection Detection Mode Select a detecting mode for this WAN interface. There are two ways PING and HTTP supported in Vigor router for you to choose to send the request out. Connection Detection Host If you choose PING/HTTP as Connection Detection Mode, you have to specify the detection host address in this field. Use the default setting.
If you choose Static as IPv6 protocol type, click the StaticV6 tab to open the following page: Available parameters are listed as follows: Item Description IPv6 Address Type the IP address for such protocol. IPv6 Prefix Length Type your IPv6 address prefix length. IPv6 Gateway Address Type your IPv6 gateway address. IPv6 DNS Server Address Type your IPv6 primary DNS Server address. Add – click this button to have a field for adding a new IP address.
If you choose DHCP-IA_NA as IPv6 protocol type, click the DHCPV6 Tab to open the following page: Available parameters are listed as follows: Item Description DHCP (IA_NA) Gateway Address Type the gateway IP address for IPv6 DHCP IA_NA mode. DHCP (IA_NA) DNS Address Type your IPv6 primary DNS Server address. Add – click this button to have a field for adding a new IP address. Save – click this button to save the setting. – click the icon to remove the selected entry.
4.1.1.2 USB WAN Profiles Open WAN>>General Setup and click the USB WAN tab. Each item will be explained as follows: Item Description Edit Modify the selected USB WAN profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Refresh Renew current web page. Profile Display the profile name. Enable Display the status of the profile.
How to edit a USB WAN profile 1. Choose one of the USB WAN profiles and click Edit. 2. The settings under Global tab are listed as below: Available parameters are listed as follows: Item Description Profile Display the name of the USB WAN profile. Enable Check it to enable the USB WAN profile. Description Give the brief description for such profile. Port Display the physical WAN interface for such profile. Protocol Choose the connection mode for USB WAN.
3. Default Click it to restore the default settings. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything.
3G/4G PPP SIM PIN code -Type PIN code of the SIM card that will be used to access Internet. Modem Initial String 1-Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. Modem Initial String 2-The initial string 1 is shared with APN. In some cases, user may need another initial AT command to restrict 3G band or do any special settings. APN -APN means Access Point Name which is provided and required by some ISPs. Type the name.
4.1.2 Inbound Load Balance Vigor300B can offer the mapped IP address to respond the DNS query coming from the remote end through the designate domain to reduce the loading of the network traffic. Open WAN>>Load Balance and click the Inbound Load Balance tab. Each item will be explained as follows: Item Description Enable Check the box the enable inbound load balance function. Add Add a new WAN profile for inbound load balance. Edit Modify the selected WAN profile.
Delete Remove the selected WAN profile. To delete a profile, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the profiles to be created. Enable Display the status of the profile. False means disabled; True means enabled. Domain Name Display the domain name used by the profile. Mode Display the mode (failover or load balance) applied by the profile.
Mode Specify the type (Load Balance or Failover) of the WAN profile for inbound load balance Priority Setting It is available only when Failover is selected as the Mode. There are five levels (Top, 2, 3, 4 and 5) which can be specified for WAN profiles (including default WAN profiles and user-defined WAN profiles). Interface Mapping/Weight The domain name will inform the remote end with the IP address for DNS query asked by the remote end.
3. After finished the settings on the Basic page, click the Detail Tab to open the following dialog. Available parameters are listed as follows: Item Description DNS Parameter To configure Vigor router as a DNS server, type the related information for applying the function of DNS. TTL – It means Time to live of a DNS response. Available setting range is from 0 to 2147483647. Refresh – Set the time for the PC in LAN to refresh the data.
address. Save – Click it to save the settings. Host –Type the name (URL) of the mail server. Mail Server – Type the name (URL) of the mail server. IP Address – Type the IP address of the mail server. Preference – Set a number for the priority of such mail server. 4. Additional A Record It is used to record the DNS query by IPv4 address. Add –Click it to add a new host with specified IP address. Save – Click it to save the settings. Host –Set a domain name.
4.1.3 Switch This page allows you to configure Mirroring Port, Mirrored Port, enable/disable WAN interface, and configure 802.1Q VLAN ID for different WAN interfaces, and so on. 4.1.3.1 802.1Q VLAN Packets passing through the WAN interface might be tagged or untagged with VLAN ID number. It depends on the setting configured in this page for VLAN ID configured in WAN >>General Setup>>Profile relates to the VLAN ID setting configured here. This page simply displays current status of 802.
4.1.3.2 Mirror Configuration The administrator can monitor all the packets passing through mirrored port with the mirroring port. It is useful for the administrator to analyze the troubles on Network. Available parameters are listed as follows: Item Description Enable This Profile Check the box to enable the Mirror function for the switch. Mirroring Port Select a port for the administrator to use for viewing traffic sent from mirrored ports.
4.1.3.3 Interface Configuration This page allows you to modify the status (enable / disable), duplex (Half/Full), speed and 802.3az for the WAN ports respectively. Each item will be explained as follows: Item Description Edit Choose the interface listed below and click the Edit button to modify the settings. A pop up window will appear for you to change the settings. Interface – Display the name of WAN interface. Enable – Check it to enable such interface.
power/energy saving function if required. Apply – Click it to save and exit the dialog. Cancel – Click it to exit the dialog without saving anything. Refresh Renew current web page. Interface Display the name of the WAN port on the router. Enable Display the status of the profile. False means disabled; True means enabled. Duplex Display the duplex used (full or half) by such profile. Speed Display the transmission rate (10M, 100M, 1000M or Auto) of the date for such profile. 802.
4.2 LAN Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected LAN profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page Profile (max length:7) Display the name of the LAN profile. Enable Display the status of the profile. False means disabled; True means enabled.
2. Click the Add button to open the following dialog. Different protocol type selected will bring up different configuration web page. Available parameters are listed as follows: Item Description Profile (max length:7) Type the name of the LAN profile. Enable Check this box to enable such profile. Description Type the description for the new LAN profile. VLAN ID Type a number as the VLAN ID to make the data be identified while performing data transmission. Priority(802.
address manually with the format like “00:1d:aa:b2:69:80”. IPv4 Protocol Display the fixed type (static) for the IPv4 protocol for such profile. Mode Choose NAT or ROUTING as the operation mode for such profile. IP Address Type the IP address (with the format like 192.168.1.25) of the router for the LAN profile. Subnet Mask Use the drop down list to choose a suitable mask for the LAN profile. Connection Detection Mode Select a detecting mode for this LAN interface.
DHCP IP Lease Time Set a lease time for the DHCP server. The time unit is minute. DHCP Routers In general, this box will be blank. It means Vigor300B will be regarded as the gateway for the user. However, if you want to use other gateway, please assign the IP address in this field. DHCP Next Server Type the IP address of the secondary DHCP server. DHCP Options DHCP packets can be processed by adding option number and data information when such function is enabled.
subnet. When it is enabled, you have to specify the IP range to be assigned by the DHCP server for such subnet. Start IP – Type an IP address as a starting point. End IP – Type an IP address as an ending point. 3. DNS Redirection Enable – It can redirect DNS queries from such LAN profile to router's DNS Server. It must work with LAN DNS function. IPv6 Protocol It defines the IPv6 connection types for LAN interface. Possible types contain Link-Local, Static and DHCP-SLA.
4.2.1.2 DHCP Relay DHCP stands for Dynamic Host Configuration Protocol. The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network.
Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. DHCP Server Location Choose the interface for the DHCP server. DHCP Server IP Type the IP address of DHCP Server. DHCP Relay Agent IP Type the IP address of DHCP Relay Agent. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 3.
4.2.1.3 Inter-LAN Route To make the users in different LAN communicating with each other, please check the box to enable Inter-LAN route function.
4.2.1.4 RADVD The router advertisement daemon (radvd) sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless auto-configuration. Each item will be explained as follows: Item Description Edit Modify the selected LAN profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to edit a LAN profile for RADVD 1. Open LAN>>General Setup and click the RADVD tab. 2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog. Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. Advertisement Lifetime Type a value for advertisement lifetime.
4.2.1.5 DHCP6 DHCP6 Server could assign IPv6 address to PC according to the Start/End IPv6 address configuration. Each item will be explained as follows: Item Description Edit Modify the selected LAN profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Refresh Renew current web page. Profile Display the name of the LAN profile.
How to edit a LAN profile for DHCPv6 1. Open LAN>>General Setup and click the DHCPv6 tab. 2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog. Available parameters are listed as follows: Item Description Profile Display the name of the LAN profile. Enable Check this box to enable this profile. Mode Choose Automatic Setting or Manual Setting. Automatic Setting – It is not necessary to configure Start IP, End IP and DNS setting.
End IP Set the ending IP address of the IP address pool for DHCP server. The format the IP address shall be similar to the following example: 2000:0000:0000:0000:0000:0000:0000:10 or 2000::10. DNS It is available when Manual Setting is selected as Mode. Set the private IP address for DNS server. If this field is blank, users on LAN will treat Vigor300B as the DNS server. Add – Click it to add a new IP address for DNS server. Save – Click it to save the setting.
4.2.2 PPPoE Server This feature makes the router working like an ISP, providing PPPoE connections to LAN PCs. The only difference is that local PCs don't need an ADSL modem. There are several advantages of using PPPoE connections on the LAN. Firstly, the PPPoE server can secure the LAN PC connections with username/password authentication. Secondly, it can prevent ARP attack by nature. Thirdly, the system administrator can configure quota (time/traffic based) for each user as ISP does.
4.2.2.1 Online Client Status This page displays general information for PPPoE server; allows you to disconnect the network connection to PPPoE server. Each item will be explained as follows: Item Description Disconnect Click it to disconnect the profile connection. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page.
4.2.2.2 General Setting Available parameters are listed as follows: Item Description PPPoE Server Disable – Click it to disable this function. Enable – Click it to enable the function of PPPoE server. PPPoE User Isolation Disable – Click it to disable this function. Enable – Click it to isolate the PPPoE users who access into Internet via Vigor router.. Deny Internet Access Except PPPoE User Disable –Click it to disable this function.
LDAP profiles It is available when LDAP is selected as User Authentication Type. If you choose LDAP as the authentication type, use the drop down list to specify the LDAP profile. DHCP From It is available when RADIUS is selected as User Authentication Type. DHCP Relay Enable - If you want to use another DHCP server in the network other than the Vigor Router’s, you can let Relay Agent help you to redirect the DHCP request to the specified location.
Time Display the connection time. If the action is “Down”, such field will display the total connection time. If the action is “up”, such field will display the time point that the user account access into the PPPoE server. 4.2.3 Switch This page allows you to configure Mirroring Port, Mirrored Port, enable/disable LAN interface, and configure 802.1Q VLAN ID for different LAN interfaces, and so on. 4.2.3.1 802.1Q VLAN Virtual LANs (VLANs) are logical, independent workgroups within a network.
Modify the selected VLAN ID setting. Edit To edit VALN ID setting, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected VLAN ID setting. To delete a VLAN ID setting, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the profiles to be created.
profile, please exit this dialog to release that selection from its original VLAN profile, than return this page and make the selection again. Untag Determine if the packets transmitted to Internet through such LAN profile with the VLAN ID number is tagged or not. If the icon appears in front of the drop down list, it means one of the selections has been chosen by other profile. You cannot choose it.
Item Description Enable This Profile Check the box to enable the Mirror function for the switch. Mirroring Port Select a port to view traffic sent from mirrored ports. Mirrored Port Select which port is necessary to be mirrored. Refresh Renew current web page. Apply Click it to save the settings.
4.2.3.3 Interface This page allows you to modify the status (enable / disable), speed(Auto,10M,100M,1000M) and duplex (Half/Full) for the LAN ports respectively. Each item will be explained as follows: Item Description Edit Choose the interface listed below and click the Edit button to modify the settings. A pop up window will appear for you to change the settings. Refresh Renew current web page. Interface Display the profile name of the interface. Enable Display the status of the profile.
How to edit an Interface profile 1. Open LAN>>Switch and click the Interface tab. 2. Please select a profile and click the Edit button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Interface Display the name of LAN interface profile. Enable Check the box to enable the Mirror function for the switch. Speed Use the drop down list to specify the transmission rate for such profile. 802.3az It is a function of energy-efficient Ethernet.
4.2.3.4 Jumbo Frame The purpose of Jumbo Frame is to increase the transmission rate for the packets coming from LAN via enlarging data size. MTU (Max Transmit Unit) determines the largest size of a packet. When a packet with large size is transmitted through Vigor router, the router will cut it into several segments to facilitate the transmission. It always takes a lot of time.
4.2.4 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthen control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet. Each item will be explained as follows: Item Description ARP Table This table is the LAN ARP table of this router. The information for IP and MAC will be displayed in this field.
display on the table of IP Bind List. Edit -It allows you to edit and modify the selected IP address and MAC address that you create before. Delete -You can remove any item listed in IP Bind List. Simply click and select the one, and click Delete. The selected item will be removed from the IP Bind List. Select All -Choose all of the selections at one time. Rename -Allow to modify the selected profile name. Export – The list for the IP bind to MAC information can be stored as a text file.
3. Click Add. 4. The following dialog appears. Available parameters are listed as follows: Item Description Profile Type the name of the profile. IP Address Type the IP address that will be used for the specified MAC address. MAC Type the MAC address that is used to bind with the assigned IP address. Comment Type a brief description for such profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 5.
4.2.5 LAN DNS LAN DNS is a simple version of DNS server. It is not necessary for the user to build another DNS server in LAN. With such feature, the user can configure some services (such as ftp, www or database) with domain name which is easy to be accessed. Each item will be explained as follows: Item Description Add Add a new VLAN ID setting. Edit Modify the selected VLAN ID setting. To edit VALN ID setting, simply select the one you want to modify and click the Edit button.
To delete a VLAN ID setting, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the profiles to be created. Profile Display the name of the profile. Status Display if such profile is enabled (true) or disabled (false). Domain Name Display the domain name configured for such profile. Alias Domain Name Display the alias domain name for such profile.
4. Domain Name Type the domain name for such profile. Alias Domain Name Type several domain names in this field. LAN DNS will redirect both Domain name and Alias Domain Name to an assigned IP. For example, Domain Name is set with “www.draytek.com”, and the Alias Domain Name is set as “www.dray.com”. If the IP address is set with “192.168.1.123”, then both “www.draytek.com” and “www.dray.com” will be directed to “192.168.1.123”.
4.3 Routing This menu contains Static Route, RIP Configuration, OSPF Configuration and BGP Configurations. 4.3.1 Load Balance Pool Vigor300B supports a load balancing function. It can assign traffic with protocol type, IP address for specific host, a subnet of hosts, and port range to be allocated in WAN interface. User can assign traffic category and force it to go to dedicate network interface based on the following web page setup. In the Routing group, click the Load Balance Pool option.
you to modify the corresponding settings for the selected rule. Delete Remove the selected rule profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Display the name of the load balance profile. Mode Display the mode (failover or load balance) used by the pool profile. Interface Display the name of the WAN profiles for Load Balance rule.
How to add a Pool profile for Load Balance 1. Open Routing>>Load Balance Pool. 2. Simply click the Add button to open the following dialog. Type a name (e.g., LB_1) for such profile. Available parameters are listed as follows: 3. Item Description Profile Type the name of the profile. Mode Choose Load Balance as the Mode selection. Interface Click Add. A new line for adding new entry will appear.
How to add a Pool profile for Backup Such page allows you to set a backup profile which will be activated when the primary profile is invalid by any reason. 1. Open Routing >>Load Balance Pool. 2. Simply click the Add button to open the following dialog. Type a name (e.g., FL_1) for such profile. Choose Backup as the Mode selection. Available parameters are listed as follows: 3. Item Description Profile Type the name of the profile. Mode Choose Backup as the Mode selection.
4.3.2 Static Route When there are several subnets in LAN, a more effective and quicker way for connection is static route rather than other methods. Simply set rules to forward data from one specified subnet to another specified subnet. 4.3.2.1 Static Route The router offers IPv4 and IPv6 for you to configure the static route. Both protocols bring different web pages. Each item will be explained as follows: Item Description Add Add a new static route setting.
WAN/LAN Profile Display the subnet / LAN or WAN profile of the gateway. Metric Display the distance to the target. How to add a new Static Route profile 1. Open Routing>>Static Routing and click the Static Route tab. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 5. Item Description Profile Type the name of the static route profile. Enable Check this box to enable such profile.
4.3.2.2 IPv6 Static Route For IPv6 protocol, click the IPv6 Static Route tab to configure detailed settings. Each item will be explained as follows: Item Description Add Add a new static route setting. Edit Modify the selected static route setting. To edit static route setting, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected static route setting.
How to add a new IPv6 Static Route profile 1. Open Routing>>Static Route and click the IPv6 Static Route tab. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Profile Name Type the name of the static route profile. Enable Check this box to enable such profile. Destination IP Address Type the IP address for such static route profile. Prefix Length Type the prefix length for such profile.
4.3.2.3 LAN/WAN Proxy ARP To make local device in LAN accessing into external network without passing NAT or let the remote device access into the local device without passing NAT behind the router, please use IP routing function to complete the work. Usually, the local device might be assigned with a public IP address or an IP address with the same subnet as certain WAN.
Mask Display the mask address used by such ARP profile. How to add a new Proxy ARP profile 1. Open Routing>>Static Route and click the LAN/WAN Proxy ARP tab. 2. Click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Profile Type the name of the static route profile. Enable Check this box to enable such profile. WAN Profile Choose one of the WAN/USB profiles of the gateway for such profile.
4.3.3 Policy Route Policy Route (also well known as PBR, policy-based routing) is a feature where you may need to get a strategy for routing. Then packets will be directed to the specified interface if they match one of the rules. You can setup your routing in various reasons such as load balance, security, routing decision, and etc. Through protocol, mode, IP address, port number and interface configuration, Policy Route can be used to configure any routing rules to fit actual request.
rule. Delete Remove the selected rule profile. To delete a rule, simply select the one you want to delete and click the Delete button. Move Up / Move Down Move the selected profile up or down. Rename Allow to modify the selected profile name. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Refresh Renew current web page. Profile Display the name of the rule.
How to add a new policy rule 1. Open Routing>>Policy Route. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the rule. Enable Check this box to enable such profile. Priority Choose the priority for such profile (top, high and normal). Protocol Choose a protocol (ALL, TCP, UDP, TCP/UDP and ICMP) for such rule applied to load balance. All is the default setting.
Each type will bring different settings for configuration. When Subnet is selected as Source Type IP Address - Type an IP address here as the source IP address for such rule. Subnet Mask - Use the drop down list on the right to choose a suitable mask for the source. When Object is selected as Source Type IP Object – Use the drop down list to choose the source IP object(s) for such rule profile. IP Group –Use the drop down list to choose the source IP group(s) for such rule profile.
PPTP – The incoming traffic will be forwarded to specified PPTP profile. When Load Balance Pool is selected as Out-going Rule Load Balance Rule - Choose one of the profiles to be used by such rule. In which, wan1 to wan2 profiles are configured in default. In addition, profiles configured in Routing>>Load Balance Pool also will be displayed here. Mode – Specify which mode (NAT or Routing) will be used for such route rule. Use IP Alias - Click Enable to enable such function.
Outgoing Interface - Choose one of the profiles to be used by such rule. In which, wan1 to wan2 profiles are configured in default. Out-going (Gateway) – Type an IP address as the gateway. Notice that LAN interface does not have default gateway. You MUST specify a gateway if you choose LAN as out-going interface. Mode – Specify which mode (NAT or Routing) will be used for such route rule. Use IP Alias - Click Enable to enable such function. Or, click Disable to disable such function.
4. Enter all of the settings and click Apply. The new rule profile will be added on the screen. Example 1: How to Setup Address Mapping by Using Policy Route Address mapping is used to map a specified private IP or a range of private IPs of NAT subnet into a specified WAN IP (or WAN IP alias IP). Refer to the following figure. Suppose the WAN settings for a router are configured as follows: WAN1: 202.211.100.10, WAN1 alias: 202.211.100.11 WAN2: 203.98.200.
2. Open WAN>>General Setup. For WAN1, choose wan1 item and click Edit. Choose Static as the IPv4 Protocol. 3. From the following page, set main WAN IP address as 202.211.100.10. Click Add on IP Alias to configure the other IP address which is 202.211.100.11. 4. After finished configuration for WAN1, continue to configure WAN2. At this time, the IP switch shall be set as “203.98.200.10”.
5. Open Objects Setting>>Object and click Add to create a new IP object profile. Type the required information as shown below. Click Apply to save the settings. 6. Open Routing>> Policy Route and click Add to create a new profile.
7. In the following page, check the box of Enable. Choose Object as the Source Type and choose IP range object profile from the drop down list of IP Object. Click Apply to save the settings. And, 8. Upon completing the above configuration, you have specified the outgoing IP address(es) for some specific computers. Now, you bind some specific computers to some WAN IP alias for outgoing traffic.
Example 2: How to Setup Load Balance by Using Policy Route The following figure shows a simple application of load balance. WAN1 and WAN2 can be used to access into Internet. The PC in LAN1 can send the data to the remote PC through the specified WAN1. 1. Access into web user interface of Vigor300B. 2. Open Routing>> Policy Route and click Add to create a new profile.
3. In the following page, type a name for such profile; check Enable; choose Subnet as Destination Type; type 203.65.1.35 as IP address; choose Load Balance Pool as Out-going Rule; choose WAN1 as the Load Balance Rule; click Disable for Failover to Next Rule. 4. After finished the above settings, click Apply to save the configuration. Now, any packets from LAN1 sent to the remote PC (IP address: 203.65.1.35) will be forcefully to pass through WAN1.
Example 3: How to Customize a Secure Route between Headquarter and Branch by Using Policy Route A LAN to LAN VPN tunnel is built between DrayTek VPN router (e.g., Vigor300B) and the remote router. Enterprise firewall router (in Headquarter) can control the all of the traffic coming from the remote PC (in Branch) which wants to access into Internet. 1. Access into web user interface of Vigor300B. 2. Open Routing>> Policy Route and click Add to create a new profile.
3. In the following page, type a name for such profile (e.g., Secure_route); choose Subnet as Source Type and type the source IP address with 172.16.3.25; choose User Defined as Out-going Rule; choose lan1 as the Out-going Interface; type 192.168.1.2 as the Out-going (Gateway); and click Disable for Failover to Next Rule. 4. After finished the above settings, click Apply to save the configuration.
4.3.4 Default Route This page allows you to assign a WAN profile or a Load Balance profile as the default route. Available parameters are listed as follows: Item Description WAN Profile /Load Balance Pool Name Display the WAN profiles for user to choose as a default route. In which, wan1 to wan5 are factory default settings. Auto Failover to Active WANs Enable – Check it to let the network connection being established through any active WAN interface. Disable – Check it to disable the function.
4.3.5 RIP Configuration The Routing Information Protocol (RIP) is a dynamic routing protocol used in local and wide area networks. The routing information packet will be sent out by web server or router periodically, and can be used to communicate with other routers. It will calculate the number of network nodes on the route to ensure there is no obstruction on the network routine.
Available parameters are listed as follows: Item Description Enable Check the box to enable the Mirror function for the switch. Profile Choose the LAN/WAN profile(s). Apply Click it to save the settings. Cancel Click it to exit the dialog without saving anything. After finished the settings, click Apply to save them. 4.3.6 OSPF Configuration OSPF (Open Shortest Path First) uses the algorithm of SPF (Shortest Path First) to calculate the route metric.
Profile - Choose a LAN/WAN profile from the drop down list to apply for such configuration. Area – An AS will be divided into several areas. Each area must be assigned with a dedicated number. Note: For the detailed information of OSPF application, refer to section “3.2 How to Configure OSPF?”. Apply Click it to save the settings. Cancel Click it to discard the settings configured in this page. How to add a new profile 1. Open Routing>>OSPF Configuration. 2. Check Enable. 3.
If you are not satisfied the settings, simply click re-type the settings. 5. to remove the entry, and then Click Apply to save the settings and exit the dialog. A new profile is created and displayed on the screen.
4.3.7 BGP Configuration BGP means Border Gateway Protocol. It is a standardized exterior gateway protocol which can exchange routing and reachability information between autonomous systems (AS) on Internet. The protocol TCP is used by two routers supporting BGP for data transmission. They can exchange the BGP routing information for each other. A BGP router is the “neighbor” of other BGP routers.
Item Description Refresh Renew current web page. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. BGP Neighbor Display the neighbor profile name configured successfully in the Neighbor tab in Routing >>BGP configuration. Neighbor IP Display the neighbor IP address configured successfully in the Neighbor tab in Routing >>BGP configuration.
4.3.7.2 BGP Configuration This page is used to configure the general settings for the host which is ready for using BGP. Available parameters are listed as follows: Item Description Enable Check the box to enable BGP function. Autonomous System number Type the autonomous system number for the host in BGP application. Static Networks Define the IP addresses (forming network range) which allow to be connected by other clients through static route.
4.3.7.3 Neighbor This page is used to configure the IP address and AS number for the neighbor which will exchange BGP routing information with your Vigor router. Available parameters are listed as follows: Item Description Add Add a new port redirect profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule.
Neighbor IP Address Display the IP address of the neighbor. Autonomous System Number Display the autonomous system number of the neighbor in BGP application. How to add a new BGP profile 1. Open Routing>> BGP Configuration and click the Neighbor tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check the box to enable this profile.
4.4 NAT NAT (Network Address Translation) is a method of mapping one or more IP addresses and/or service ports into different specified services. It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple public IP addresses. It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet.
Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a profile, simply select the one you want to delete and click the Delete button. Move Up Change the order of selected profile by moving it up. Move Down Change the order of selected profile by moving it down.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check the box to enable this profile. Port Redirection Mode Specify the direction for the port to be redirected. WAN Profile Specify the WAN profile for such profile. Use IP Alias When All is selected as WAN Profile, such feature is unavailable. Use the drop down list to select the type you want.
Alias WAN IP alias that can be selected and used for port redirection. Before using it, please go to WAN>>General Setup and enable the wan1 profile. Add several IP addresses under Static mode for wan1. Protocol Choose the protocol used for the entry. Public Port Start/ Public Port End It is available when Range to One or Range to Range (port) or Range to Range (IP) is selected as Port Redirection Mode. Type the starting/ending number of the public port.
4.4.2 DMZ Host In computer networks, a DMZ (De-Militarized Zone) is a computer host or small network inserted as a neutral zone between a company’s private network and the outside public network. It prevents outside users from getting direct access to company network. A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well.
Rename Allow to modify the selected profile name. Refresh Renew current web page. Profile Display the name of the profile. Enable Display the status of the profile. False means disabled; True means enabled. Outgoing WAN Profile Display the WAN profile that such DMZ host profile will be applied to. IP Alias Display the selected WAN IP address if Use IP Alias is enabled. DMZ Host IP Display the IP address of the DMZ host.
Enable Check the box to enable the DMZ Host profile. Outgoing WAN Profile Choose a WAN profile for such entry. Use IP Alias Click Enable to invoke IP Alias function. IP Alias IP alias that can be selected and used for port redirection. Before using it, please go to WAN>>General Setup and enable the wan1 profile. Add several IP addresses under Static mode for wan1. DMZ Host IP Type the IP address of the DMZ host. Allow DMZ Host to Access Network Click Enable to make DMS host accessing network.
4.4.3 ALG 4.4.3.1 SIP ALG SIP ALG means Session Initiation Protocol, Application Layer Gateway. This page allows you to choose LAN and WAN profiles for Vigor router to make SIP message and RTP packets of voice being transmitting and receiving correctly via NAT. Available parameters are listed as follows: Item Description Enable SIP ALG Check the box to enable the Mirror function for the switch. Refresh Renew current web page. Apply Click it to save the settings. Click Apply to save the settings.
4.4.4 Connection Timeout This feature is used to configure timeout setting for sessions established by TCP/UDP. When a session is idle for a period of time, the connection will be terminated after reaching the time limit configured in such page. Available parameters are listed as follows: Item Description TCP Timeout Set a time limit for sessions established by TCP (except Port 80 and Port 443). UDP Timeout Set a time limit for sessions established by UDP.
4.5 Firewall The firewall controls the allowance and denial of packets through the router. The Firewall Setup in the Vigor300B Series mainly consists of packet filtering, Denial of Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These firewall filters help to protect your local network against attack from outsiders.
To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Move Up Change the order of selected profile by moving it up. Move Down Change the order of selected profile by moving it down.
6. You can create filter rule by clicking on the left side of the selected IP filter group profile. A setting page will appear for you to add new IP filter rule profile. 7. Move your mouse to click Add.
8. The following page for configuration will appear. Available parameters are listed as follows: Item Description Profile Type the name of the IP filter rule. Enable Check the box to enable this profile. Block Action The action to be taken when packets match the rule. Block - Packets matching the rule will be dropped immediately Accept- Packets matching the rule will be passed immediately.
Limit Packets When you choose Connection Limit as Action, you have to configure limit packets number to determine how many packets per second will be passed through. Limit Mode When you choose Connection Limit as Action, you have to choose Share or Each in addition to the number of packets limits. Share – It means the total IP addresses in a segment will be limited with certain packets number per second. Each –It means each IP will be limited with certain packets number per second.
the profile selection box. Choose one or more service type group profiles from the drop down list. The selected profile will be treated as service type. You can click to create another new service type group profile. Incoming Country Filter Source Country Object (At most accept 15 countries) Click the triangle icon to display the profile selection box. Choose one or more country object profiles from the drop down list. The selected profile will be treated as an to create another incoming country filter.
will be treated as destination target. You can click to create another new IP group profile. to Destination DNS Object- Click the triangle icon display the profile selection box. Choose one or more DNS object profiles from the drop down list. The selected profile will be treated as destination target. You can click to create another new DNS object profile. to Destination User Profile –Click the triangle icon display the profile selection box. Choose one or more user profiles from the drop down list.
4.5.1.2 IPv6 Filter This page allows you to create new IPv6 filter group for your request. Each item will be explained as follows: Item Description Add Add a new group profile for IPv6 filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Available parameters are listed as follows: Item Description Group Type the name of the IP filter group. Enable Check the box to enable this profile. Comment Give a brief description for the profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 4. Enter all of the settings and click Apply. 5. A new filter group has been added. 6. on the left side of the selected IP filter group You can create filter rule by clicking profile.
8. The following page for configuration will appear. Available parameters are listed as follows: Item Description Profile Type the name of the IP filter rule. Enable Check the box to enable this profile. Action The action to be taken when packets match the rule. Block - Packets matching the rule will be dropped immediately Accept- Packets matching the rule will be passed immediately. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped.
Accept If No Further Match - A packet matching the rule, and that does not match further rules, will be passed through. Next Group When you choose Block If No Further Match or Accept If No Further Match as Block Action, you have to specify next IP filter group for further matching. Syslog Click Enable to make the history of firewall actions appearing on the System Maintenance >> Syslog/Mail Alert >> Syslog File. Input Interface Choose one of the LAN or WAN profiles as data receiving interface.
9. Destination IP Destination IPv6 Object- Click the triangle icon to display the profile selection box. Choose one or more IP object profiles from the drop down list. The selected profile to will be treated as destination target. You can click create another new IP object profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. 10.
4.5.1.3 Application Filter Application Filter can integrate several application objects within one profile for restricting the usage of application. For example, it can block people defined in IP object profile not using IM application, not using P2P for file sharing, and not downloading files via certain protocol. Each item will be explained as follows: Item Description Add Add a new group profile for Application filter. Edit Modify the selected profile.
IP Group Display the IP group profile selected for such application profile. User Profile Display the user object profile selected for such application profile. User Group Display the user group profile selected for such application profile. APP Block Display the APP object profile selected for such application profile. How to create an Application Filter profile 1. Open Firewall>>Filter Setup and click the Application Filter tab. 2. Simply click the Add button. 3.
Time Schedule Time Object - Click the triangle icon to display the profile selection box. Choose a schedule profile to be applied on such application filter profile. The router will perform the filtering job based on the time object selected. You can click to create another new time object profile, or you can click the edit icon to modify the existed object profile. to display the Time Group - Click the triangle icon profile selection box. Choose a schedule group profile to be applied on such rule.
new LDAP group profile. Action Policy APP Block - Click the triangle icon to display the profile selection box. Choose one or more APP object profiles from the drop down list which will be allowed / not be allowed to pass through the router. You can click to create another new APP object profile, or you can click the edit icon to modify the existed object profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 4.
4.5.1.4 URL/Web Category Filter URL Filter can integrate URL, Keyword, File extension and WCF object profiles within one profile for restricting certain people accessing into Internet. Each item will be explained as follows: Item Description Add Add a new group profile for URL filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule.
Item Description Profile Number Limit Display the total number of the object profiles to be created. Profile Display the name of the application filter profile. Enable Display the status of the profile. False means disabled; True means enabled. Filter Https Display if the HTTPs filter is enabled or not. Time Object If no time schedule is set, None will be shown in this field. Time Group Display the Time group profile selected for such application profile.
Item Description Cancel Click it to discard the settings configured in this page. How to create a URL Filter profile 1. Open Firewall>>Filter Setup and click the URL/Web Category Filter tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the URL filter profile. Enable Check the box to enable this profile. Filter https Enable – Click it to enable the HTTPS filtering job.
Item Description Time Schedule Time Object - Click the triangle icon to display the profile selection box. Choose a schedule profile to be applied on such application filter profile. The router will perform the filtering job based on the time object selected. You can click to create another new time object profile, or you can click the edit icon to modify the existed object profile. to display the Time Group - Click the triangle icon profile selection box.
Item Description through the router. You can click to create another new File Extension object profile, or you can click the edit icon to modify the existed object profile. Keyword Accept / Keyword Block - Click the triangle icon to display the profile selection box. Choose e one or more keyword object profiles from the drop down list which will be allowed / not be allowed to pass through the router.
4.5.1.5 QQ Filter This page is designed for the user in China only. For people outside China, skip this section. Each item will be explained as follows: Item Description Add Add a new group profile for QQ filter. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. How to create a QQ Filter profile 1. Open Firewall>>Filter Setup and click the QQ Filter tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the QQ filter profile. Enable This Profile Check the box to enable this profile.
Item Description You can click to create another new QQ account. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page. 4. Enter all the settings and click Apply. 5. A new QQ filter profile has been added. 4.5.1.6 Default Policy Default policy will be applied to all of the incoming packets, if IP Filter, Application Filter, URL/Web Category Filter and QQ Filter are not suitable for the incoming packets.
information for the blocked packets being recorded in Syslog. The above three policies also can be configured in Firewall>>Filter Setup>>IP Filter/Application Filter. Packet Inspection Disable – No inspection will be performed. Enable – Packet inspection will be performed. Packets Number If Packet Inspection is enabled, choose a packet number for filtering. Available settings are from 4 to 16. For example, “8” is selected as packet number setting.
Available parameters are listed as follows: Item Description Interface Display the interface selected. Port Rate Limit Enable Ingress Rate Limit (All Packets) – Check the box to make all packets will be limited by the rate limit. Rate Limit – The default setting is “-1”. It means no limit. Storm Filter Broadcast - Click Enable to block the packets attacks coming from broadcast storm. Multicast - Click Enable to block the packets attacks coming from multicast storm.
Available parameters are listed as follows: Item Description Enable Check the box to enable this profile. Block SYN Flood Click Enable to activate the SYN flood defense function. If the amount of TCP SYN packets from the Internet exceeds the user-defined threshold value, the router will be forced to randomly discard the subsequent TCP SYN packets within the user-defined timeout period. SYN Flood Threshold The default setting for threshold is 2000 packets per second.
Item Description Port Scan Threshold The default threshold is 2000 pps (packets per second). Block IP Options Click Enable to activate the Block IP options function. The router will ignore any IP packets with IP option field appearing in the datagram header. Block Land Click Enable to activate the Block Land function. A Land attack occurs when an attacker sends spoofed SYN packets with identical source address, destination addresses and port number as those of the victim.
4.5.3 MAC Block MAC Block allows you to set lots of proprietary MAC Address. Packets will be dropped if the source or destination MAC Address of packets is matched with these assigned MAC Addresses. The advantage of MAC Block is that it can filter some unnecessary packets or attacking packets on LAN network. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile.
Available parameters are listed as follows: Item Description Profile Type the name which can briefly describe the reason of the MAC block of such profile. Enable Check the box to enable this profile. MAC Address Type the MAC address which will be blocked by the system for such profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. 4. Enter all the settings and click Apply. 5. A new MAC Block profile has been created.
4.5.4 Filter Counter Such page will display log or status for firewall group, rule information for IP Filter, IPv6 Filter, Application Filter and URL/Web Category Filter. Simply click the tab of IP Filter, IPv6 Filter, Application Filter or URL/Web Category Filter to get the status for each filter. If there is no data (counter number is “0”) for certain rule displayed on such page, that means such rule might be configured wrong or blocked by other rules.
4.6 Objects Setting Vigor300B allows users to set different filter profiles based on IP, service type, keyword, file extension, instant message application, P2P application, protocol application, web category, QQ application, time setting, SMS service, mail service and notification. These objects setting profiles can be applied in Firewall.
4.6.1 IP Object For IPs in a limited range usually will be applied in configuring router’s settings, we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). This page allows you to specify certain IP address, range of IP addresses or subnet mask as an object which will be applied in Firewall.
How to create a new IP object profile 1. Open Objects Setting>>IP Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of such profile. Address Type Choose the address type (Single / Range /Subnet) for such profile. Start IP Address Type the IP address of the starting point for such profile.
4.6.2 IP Group To manage conveniently, several IP object profiles can be grouped under a group. Different IP group can contain different IP object profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
How to create a new IP group profile 1. Open Objects Setting>>IP Group. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Group Name Type the name of the object group. The number of the characters allowed to be typed here is 10. Description Make a brief explanation for such profile if the group name is set not clearly. Objects Use the drop down list to check the IP object profiles under such group.
4.6.3 IPv6 Object You can set up to 200 sets of IPv6 Objects with different conditions. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Profile Type the name of the object. Address Type There are three types: List – Allow to specify IP address. Range – Allow to specify a range of IP addresses. Subnet – Allow to specify subnet mask. Address Pool This field allows you to type IP address, specify Tag number and type subnet mask based on IPv6 protocol.
4.6.4 MAC/Vendor Object MAC/Vendor object profile can determine which MAC address of vendor shall be blocked by the Vigor router’s Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Available parameters are listed as follows: Item Description Profile Type a name for such profile. MAC Address Click Add to have the fields of MAC Address and Mask. Type the address with the correct format (will be shown automatically when the mouse cursor is on it). Choose a suitable mask selection. Apply Click it to save the configuration. Vendor Edit – Click it to open a table of vendor list. Check the one(s) you want. The names for selected vendors will be shown later.
4.6.5 Country Object To country object profile can determine which country/countries shall be blocked by the Vigor router’s Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Available parameters are listed as follows: 9. Item Description Profile Type a name for such profile. Countries Check the box(es) for the country/countries to be blocked by Firewall. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. 10. A new Country Object profile has been created.
4.6.6 Service Type Object TCP and UDP service with specified port range can be saved with different service type object profiles. Later, it can be applied to Firewall as a filter rule. In default, common used service type object profiles have been created in this page. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such profile. The number of the characters allowed to be typed here is 10. Protocol Specify one of the protocols for such profile. Source Port Start It is available for TCP/UDP protocol. It can be ignored for ICMP. Type a port number (0 – 65535) as the starting source port. Source Port End It is available for TCP/UDP protocol. It can be ignored for ICMP.
4.6.7 Service Type Group This page allows you to bind several service types into one group. To manage conveniently, several service type profiles can be grouped under a service type group. Different service type group can contain different service type profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new service type group profile 1. Open Objects Setting>> Service Type Group. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Group Name Type the name of the service type object group. The number of the characters allowed to be typed here is 10. Description Type some words to describe such group. Objects Use the drop down list to check the service type object profiles under such group.
4.6.8 Keyword /DNS Object 4.6.8.1 Keyword Object Keyword can be set as a filter rule to be applied in Firewall. Vigor300B allows users to set keyword profile with several keywords. Even, it allows users to group several keyword profiles within a keyword group. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new keyword object profile 1. Open Objects Setting>> Keyword /DNS Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the Keyword Object. Member Type the content for such profile. For example, type gambling as Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings.
4.6.8.2 DNS Object DNS can be set as a filter rule to be applied in Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button.
Available parameters are listed as follows: Item Description Profile Type the name of the DNS object profile. Member Table Type the domain name of the DNS that you want to filter. Add – Type the word in the box of Member and click this button to add the new word as DNS object. Save – Click it to save the setting. – click the icon to remove the selected entry. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4.
4.6.9 File Extension Object This page allows you to set file extension profiles which will be applied in Firewall. All the files with the extension names specified in these profiles will be processed according to the chosen action. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new file extension object profile 1. Open Objects Setting>>File Extension Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the File Extension Object group.. Image Several file extensions for Image offered for you to choose. Use the drop down list to check the box (es) to select the file extension you need.
the file extension you need. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all the settings and click Apply. 5. A new File Extension Object profile has been created. 4.6.10 APP Object The IM, P2P, Protocol and Others types can be integrated as an APP object which can be used in Firewall to block certain applications.
Profile Number Limit Display the total number (32) of the object profiles to be created. Profile Display the name of the IM object profile. IM Display the IM application specified in such profile. P2P Display the P2P specified in such profile. Protocol Display the protocol specified in such profile. Others Display other types specified in such profile. How to create a new APP Object Profile 1. Open Objects Setting>>APP Object. 2. Simply click the Add button. 3.
IM Application Several IM applications offered for you to choose. Check the one(s) you want to add for such profile. WebIM It lists a package of IM application based on web page. You may check the box to include all of them. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Click P2P to get the following page. Vigor300B can block P2P application for users, especially for the ones who always upload or download improper files to Internet.
Click Others to get the following page. Item Description Tunneling/ Streaming/Remote Control/Web HD Several protocols offered for you to choose. Check the one (s) you want to add for such profile. 4. Enter all of the settings and click Apply. 5. A new APP Object profile has been created. 4.6.11 Web Category Object We all know that the content on the Internet just like other types of media may be inappropriate sometimes.
Note 3: fragFINN service will be terminated from 2015. 4.6.11.1 Web Category Object Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
Item Description block. How to create a new web category object profile 1. Open Objects Setting>> Web Category Object and click the Web Category Object tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the web category object profile. The number of the characters allowed to be typed here is 10.
Chatting Simply check the one(s) that you don’t want the user to use for gossip with remote people. Computer Simply check the one(s) that you don’t want the user to visit. Other Simply check the one(s) that you don’t want the user to visit. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all the settings and click Apply. 5. A new Web Category Object profile has been created. 4.6.11.
4.6.12 QQ Object Note: This page is designed for Chinese IM "Tencent QQ" users (especially for China) only. For people who do not use QQ, skip this section. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the QQ object profile. The number of the characters allowed to be typed here is 10. id Create the account name for such QQ object profile. Add – Click this button to add a new account. Save – Click this button o save the new account. - Click this button to remove the selected account. Description Type a brief explanation for the QQ object profile.
4.6.13 QQ Group This page allows you to group several QQ object profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button.
Available parameters are listed as follows: Item Description Profile Type the name of the time group. The number of the characters allowed to be typed here is 10. Description Make a brief explanation for such profile if the group name is set not clearly. Objects Use the drop down list to select the object profiles under such group. All the available objects that you have added on Objects Setting>>QQ Object will be seen here. To clear the selected one, click selections.
4.6.14 Time Object You restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours. The schedule is also applicable to other functions, e.g., Firewall. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new time object profile 1. Open Objects Setting>> Time Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the time object profile. The number of the characters allowed to be typed here is 10. Frequency Specify how often (Weekdays or Once) the schedule will be applied. Start Date Specify the starting date of the time object profile.
Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all the settings and click Apply. 5. A new Time Object profile has been created. 4.6.15 Time Group This page allows you to group several time object profiles. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
How to create a new time group profile 1. Open Objects Setting>> Time Group. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the time group. The number of the characters allowed to be typed here is 10. Description Make a brief explanation for such profile if the group name is set not clearly. Objects Use the drop down list to check the time object profiles under such group.
4.6.16 SMS Service Object This page allows you to set ten profiles which will be applied in Application>>SMS/Mail Alert Service. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile.
How to create a new SMS service profile 1. Open Objects Setting>> SMS Service Object. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type a name for such SMS profile. The maximum length of the name you can set is 20 characters. Enable Check this box to enable such profile. SMS Service Provider Use the drop down list to specify the service provider which offers SMS service.
Cancel Click it to exit the dialog without saving the configuration. 4. Enter all the settings and click Apply. 5. A new SMS object profile has been created. 4.6.17 Mail Service Object This page allows you to set ten profiles which will be applied in Application>>SMS/Mail Alert Service. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button.
Item Description SSL/TLS Display the status of SSL/TLS service. Authentication Enable means such profile must be authenticated by the server. Disable means such profile will not be authenticated by the server. User Name Display the name used for authentication. How to create a new mail service profile 1. Open Objects Setting>> Mail Service Object. 2. Simply click the Add button. 3. The following dialog will appear.
User Password – Type a password for authentication. The maximum length of the password you can set is 31 characters. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. 4. Enter all the settings and click Apply. 5. A new mail service object profile has been created. 4.6.18 Notification Object This page allows you to set ten profiles which will be applied in Application>>SMS/Mail Alert Service. 4.6.18.
Item Description WAN Reconnection Display if such function is enabled or disabled. VPN Disconnection Display if such function is enabled or disabled. VPN Reconnection Display if such function is enabled or disabled. Temperature Display if such function is enabled or disabled. Router Reboot Display if such function is enabled or disabled. Syslog Display if such function is enabled or disabled. How to create a new notification profile 1. Open Objects Setting>> Mail Service Object. 2.
Router Reboot Enable - When the router reboots, the router system will send the alert message to the recipient. CPU Usage Enable – When the CPU usage reaches a certain value, the router system will send the alert message to the recipient. Memory Usage Enable – When the memory usage reaches a certain value, the router system will send the alert message to the recipient. TX Usage/RX Usage Enable – When TX/RX usage reaches a certain value, the router system will send the alert message to the recipient.
4.7 User Management User Management can manage all the accounts (user profiles) to connect to Internet via different protocols.
4.7.1 Web Portal Web Portal is a gateway which organizes the network access of LAN hosts. The identity of LAN host can be recognized by web portal mechanism and then be managed for functions like firewall or load balance. This page can determine the general rule for the users controlled by User Management. The mode selected in this page will influence the contents of the filter rule(s) applied to every user. 4.7.1.
Item Description Login Time Display the starting time of the network connection. End Time Display the ending time of the network connection. Rest Time Display the rest time of the network connection. Auth Type Display the authentication type (local, RADIUS, LDAP, Login Disable, Guest) used by such user. LDAP Group Display the LDAP group used by such user. Logout/Clear It is a button which is used to disconnect the connection manually. 4.7.1.
LDAP Profiles - It is available when LDAP is selected as Authentication Type. You have to specify one profile (defined in User Management>>LDAP/Active Directory) from the drop down list for LDAP authentication. Bulletin Board Disable – The function of Bulletin Board is disabled. Enable – The function of Bulleting Board is enabled. The message on the Bulleting Board will be displayed on the screen when the user logs into the web user interface of Vigor router.
URL Redirection After Login User Requested – After passed the authentication made by Vigor router, the user will be redirected to original requested web page. Bulletin – If it is selected, users will be forced to see the information displayed on bulletin after passing through web portal. Custom URL - Any user who wants to access into Internet through this router will be forcefully redirected to the URL specified here first no matter what URL he types. It is a useful method for the purpose of advertisement.
Cancel Click it to exit the dialog without saving the configuration. Note: To turn off the web portal function, disable Login Mode and Bulletin Board at the same time. 4.7.1.3 Portal Page Setup This page allows you to configure specified messages (HTML-supported) in web portal pages, and shows them to users accessing into Internet via web portal.
Item Description Upload Login Image – Choose a file to upload to Vigor300B. It is useful for advertisement. Customized Background Image Specify an image file which will be display on the login page as a background. It is useful for advertisement. Upload Background Image – Choose a file to upload to Vigor300B. Login Page Preview Click it to have a preview of login page (including welcome message, and bulletin message). Reset All to Default Reset the above message fields to default settings.
Item Description Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number of the user profiles to be created. Username Display the name of the user. Enable Display the status of the profile. False means disabled; True means enabled. System User Display the status of the System User. False means disabled; True means enabled.
Available parameters are listed as follows: Item Description Username Type a name for such user profile (e.g., LAN_User_Group_1, WLAN_User_Group_A, WLAN_User_Group_B, etc). When a user tries to access Internet through this router, an authentication step must be performed first. The user has to type the Username specified here to pass the authentication. When the user passes the authentication, he/she can access Internet via this router.
Admin has the greatest authority for router operation; User has the smallest authority for router operation. User Management Allow Web Portal Login Enable – Click it to enable web portal login with such profile. Disable – Click it to disable the option. Time Quota Enable – Click it to enable time quota function. Set Time Quota (min) – Type the time value. Remaining Time – Display the remaining time for the user profile. Disable – Click it to disable the function.
MAC Binding Specify a MAC address which is limited and used for such PPPoE account. Enable – Click it to enable the function. MAC Address – If MAC Binding is enabled, simply type the MAC address of the router in this field. Idle Timeout (sec) If the user is idle over the limitation of the timer, the network connection will be stopped for such user. By default, the Idle Timeout is set to 300 seconds. DHCP from Choose a LAN profile for DHCP server IP dispatching.
4.7.2.2 Apply All This page allows you to modify many options for ALL user profiles in one apply operation. It is useful for administrator to edit the options of all users without opening profile one by one. You can click Apply to save the settings and apply all of the modifications to all user profiles. Available parameters are listed as follows: Item Description Modify Web Portal Login Status Check the box to configure detailed setting.
Example: How to Generate Mass LAN Clients with User Management on Vigor300B The following table shows the function differences between User Profile and Guest Profile (created by using Mass Guest Generator): User Profile Mass User Generator Number of Account Create at most 500 user accounts Create at most 255 user accounts at a time at a time Account Manually Auto-generated with regularity Password Distinct password created by Administrator Randomly generated, and the length is defined by Administra
3. Open Objects Setting >> IP Object, and click Add. 4. Set up IP Object for Executive. Type the name of the Profile (e.g., boss in this case); choose Single as the Address Type; and type 192.168.1.11 as Start IP Address. Click Apply to save the settings. 5. Open User Management >> Guest Profile and click the Mass Guest Generator tab to open the following page.
6. Open User Management >> Guest Profile and click Guest Group to check the mass user account group. By clicking each account (e.g., choose Room1 and click Edit), we can check the information for this account, and we may also modify the account name and password manually.
Note that Administrator is able to Export the information for the whole group to a .csv file, which is useful to redistribute the account and password combinations to guests. 7. Open User Management >> Web Portal and click the General Setup tab to open the following page. Check Local and Guest as Authentication Type. Check IP object named of Boss to put it into the white list, and this will allow this IP address to access to the Internet without authentication.
8. After finishing configuration, Vigor300B will redirect users to the authentication page when they try accessing to the Internet.
4.7.3 User Group The User Group can consist of several us er profiles, which help the administrator to manage a large number of users conveniently. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile.
How to create a new User Group Profile 1. Open User Management>>User Group. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Usergroup Type the name of such profile. Enable Check this box to enable such profile. Member Use the drop down list to check the user profile(s) under such group. To clear the selected one, click selections. to remove current object Apply Click it to save the configuration.
4.7.4 Guest Profile Guest Profile allows the users to access Internet within validity period and limit the user accessing into the specified URL configured by web portal. 4.7.4.1 Guest Group Available parameters are listed as follows: Item Description Add Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule.
How to create a new Guest Group Profile 1. Open User Management>>Guest Group. Click the Guest Group tab. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: 4. Item Description Group Type the name of such profile. Enable Check this box to enable such profile. Comment Give a brief description for the profile. Usage Period It determines the usage time for the guest accessing into Internet each time.
5. A new guest group profile has been created. 6. on the left side of the selected guest You can create several guest names by clicking group profile. A setting page will appear for you to add new guest list. 7. Move your mouse to click Add. 8. The following page for configuration will appear. Available parameters are listed as follows: Item Description Guest Name Type the name of the guest under the guest group. Comment Give a brief description for the guest.
9. Portal portal. Disable – Click it to disable the option. Clean Deadline The guest profile can be unlocked to be used by other users. Enter all of the settings and click Apply. 10. A new guest has been added under the Guest Group (named Carrie in this case).
4.7.4.2 Mass Guest Generator This option is useful to create a lot of guest profiles with the most expeditious manner. Available parameters are listed as follows: Item Description Name Settings Group Name – Type the name of the guest group. Guest Name Prefix – The guest names created with such manner requires a prefix as the basis of name input. Note: Guest Name Prefix disallows these 6 characters "^?$%.&".
Item Description Usage Settings Usage Period –It determines the usage time for the guest accessing into Internet each time. Click Enable to enable such option. Usage Time(min)-The default setting is 180 minutes. Validity Period –It determines the valid period for the guest accessing into Internet. That is, the guest cannot access into the Internet anytime outside the valid period. Click Enable to enable such option.
4.7.5 RADIUS Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users. The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication.
4.7.5.2 Internal Radius Server In addition to specifying an external RADIUS server for security authentication, Vigor router also can be treated as a RADIUS server for performing security authentication and offer the RADIUS service for wireless clients. Available parameters are listed as follows: Item Description Enable RADIUS Server Check this box to make Vigor router as a RADIUS server. Interface Only the clients from the selected interface can be authenticated by Vigor RADIUS server.
4.7.6 LDAP/Active Directory Lightweight Directory Access Protocol (LDAP) is a communication protocol for using in TCP/IP network. It defines the methods to access distributing directory server by clients, work on directory and share the information in the directory by clients. The LDAP standard is established by the work team of Internet Engineering Task Force (IETF).
Item Description Common Name Identifier Display the name for identification. Base DN Display the configured Base DN if Bind Type is set with Simple Mode. Group DN Display the configured Group DN if Bind Type is set with Simple Mode. Regular DN Display the configured regular DN if Bind Type is set with Regular Mode. Logout After(min) Display the maximum usage duration for RADIUS authentication. How to create a new LDAP/Active Directory Profile 1. Open User Management>>LDAP/Active Directory. 2.
Bind Type There are three types of bind type supported. Simple Mode – Just simply do the bind authentication without any search action. Anonymous – Perform a search action first with Anonymous account then do the bind authentication. Regular Mode– Mostly it is the same with anonymous mode. The different is that, the server will firstly check if you have the search authority. For the regular mode, you’ll need to type in the Regular DN and Regular Password.
4.8 Application Below shows the menu items for Applications. 4.8.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address. It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server.
4.8.1.1 Status This page displays the status for all the available DDNS profiles. Each item will be explained as follows: Item Description Refresh Renew current web page. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Profile Display the name of the DDNS. Status Display the connection status for the DDNS sever. Domain Name Display the domain name for the DDNS server.
4.8.1.2 Setting This page allows you to configure DDNS profiles for your request. Each item will be explained as follows: Item Description Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Force Update Force the router updates its information to DDNS server immediately. Profile Display the name of the profile.
2. Choose one of the DDNS profiles and click the Edit button. Available parameters are listed as follows: Item Description Profile Display the name of the profile. Enable Check this box to enable such profile. WAN Profile Choose a WAN interface that such profile will apply to. Routing Policy Choose a routing policy applied to the DDNS profile. selected wan first – The DDNS profile will be applied to the traffic via WAN interface first, then applied to other interface.
Service Type Select a service type (Dynamic, Custom or Static). If you choose Custom, you can modify the domain that is chosen in the Domain Name field. Domain Name Type in one domain name that you applied previously. Use the drop down list to choose the desired domain. User Login Name Type in the login name that you set for applying domain. Password Type in the password that you set for applying domain. IP Source Choose My WAN IP or My Internet IP as the source for the DDNS profile.
4.8.1.3 DDNS Log This page displays the information related to all DDNS. 4.8.2 GVRP This function can define the method for the changing the VLAN information among devices. With supporting GVRP, the device can receive the VLAN information coming from other devices. Available parameters are listed as follows: Item Description Enable Check this box to enable GVRP function. Interface Choose LAN and/or WAN profiles. To clear the selected one, click selections.
Item Description Cancel Click it to discard the settings configured in this page. 4.8.3 IGMP Proxy IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. Available parameters are listed as follows: Item Description Enable Check this box to enable IGMP proxy function. IGMP Proxy Channel The application of multicast will be executed through WAN port.
4.8.4 UPnP The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”. This enables applications inside the firewall to automatically open the ports that they need to pass through a router.
Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats. You should consider carefully these risks before activating the UPnP function.
Item Description IP to MAC) from the drop down list. IP Address - The IP addresses that have been configured in Firewall>>Bind IP to MAC will be shown in this drop down list. Choose the IP address from the drop down list that you want to wake up. MAC Address - Type any one of the MAC address of the bind PCs. LAN Profile – Use the drop down list to choose one of the LAN profiles. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box.
Profile Display the name of the profile. Enable Display the status of profile (true means Enable/ false means Disable). Bind Table Display the profile name from Bind Table. MAC Address Display the MAC address of the computer to be woke on LAN. Time Object Display the name of the time object selected for WOL. LAN Profile Display the name of LAN profile. How to create a new schedule profile for WOL 1. Open Applications>>Wake on LAN and click the Schedule Wake on LAN tab. 2.
4. Apply Click it to save the configuration and exit the page. Cancel Click it to exit the dialog without saving the configuration. Enter all of the settings and click Apply.
4.8.6 SMS / Mail Alert Service The function of SMS (Short Message Service)/Mail Alert is that Vigor router sends a message to user’s mobile or e-mail box through specified service provider to assist the user knowing the real-time abnormal situations. Vigor router allows you to set up to 10 SMS profiles which will be sent out according to different conditions. 4.8.6.1 SMS Alert Service This page allows you to specify SMS provider, who will get the SMS, what the content is and when the SMS will be sent.
How to edit the SMS alert service profile 1. Open Applications>> SMS/Mail Alert Service and click the SMS Alert Service tab. 2. Choose one of the index numbers and click the Edit button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Enable Check this box to enable such profile. SMS Provider Choose the SMS provider object profile from the drop down list. Such profiles can be created from Object Setting>>SMS Service Object.
4.8.6.2 Mail Alert Service This page allows you to specify Mail Server profile, who will get the notification e-mail, what the content is and when the message will be sent. Each item will be explained as follows: Item Description Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Refresh Renew current web page.
Available parameters are listed as follows: Item Description Enable This Profile Check this box to enable such profile. Mail Profile Choose the mail service object profile from the drop down list. Such profiles can be created from Object Setting>>Mail Service Object. Recipient Type the e-mail address for receiving the mail. Notify Profile Choose a profile (specify the timing for sending SMS) from the drop down list. Such profiles can be created from Object Setting>>Notification Object.
4.9 Bandwidth Management Below shows the menu items for Bandwidth Management. The QoS (Quality of Service) guaranteed technology in the Vigor router allows the network administrator to monitor, analyze, and allocate bandwidth for various types of network traffic in real-time and/or for business-critical traffic. Thus, timing-sensitive applications will not be impacted by web surfing traffic or other non-critical applications, such as file transfer.
4.9.1.2 Software QoS This page displays current software QoS status and allows you to edit related settings, including bandwidth, queue (high, medium, normal and low) for each QoS WAN. Available parameters are listed as follows: Item Description Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Refresh Renew current web page.
3. The QoS settings page appears. Available parameters are listed as follows: Item Description QoS WAN Use the drop down list to set WAN interface for QoS by choosing one of the WAN interfaces. Status Enable – Click it to enable such profile. Disable – Click it to disable the QoS profile. Bandwidth Type the number as the total transmission rate for the outgoing /incoming data. The range can be set from 64000 to 10000000. Click the unit (Kbps or Mbps) for such rate.
4. High/Medium/ Normal/Low There are several available outgoing queues. All queues in the data group to be initialized with weights of zero, resulting in a strict service to completion (STC) mechanism across all queues.0. Type the weight of queues in bytes, range from 0 to 1000000. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. 4.9.1.
queues.0. Type the weight of queues in bytes, range from 0 to 1000000. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all of the settings and click Apply. 4.9.2 QoS Rule There are 32 filter rules that can be configured in such page for incoming and outgoing data. 4.13.2.1 QoS Rule Available parameters are listed as follows: Item Description Add Add a new rule profile. Edit Modify the selected profile.
Remote IP Object Display the destination IP address for the filter. Service Type Display the service type (e.g., IKE, HTTP, AUTH and etc) for the filter. Match Type Display the match type (e.g., TOS or DSCP) for the filter. DSCP Display the setting of DSCP. TOS Display the setting of TOS. Traffic Class Display the queue number that such filter is categorized. How to add a QoS rule profile 1. Open Bandwidth Management>> QoS Rule. 2. Simply click the Add button. 3.
DSCP It is available when DSCP is selected as the Match type. TOS It is available when TOS is selected as the Match type. Traffic Class Choose the traffic class to category the packets matching with the condition configured as above. High is the highest; Normal is the lowest. Local Address Click on the left side of the Source IP Object/Source IP Group profile. Check the object profile(s) as the source target.
Remote Address Profile – type a new name for such IP object. Address Type –Choose the address type (Single or Range) for such rule. Each type will bring different settings for configuration. Start IP Address - Type the IP address of the starting point for such profile. End IP Address - Type the IP address of the ending point for such profile if you choose Range as Address Type. Subnet Mask – Choose the subnet mask from the drop down list if you choose Subnet as Address Type.
Service Type End IP Address - Type the IP address of the ending point for such profile if you choose Range as Address Type. Subnet Mask – Choose the subnet mask from the drop down list if you choose Subnet as Address Type. Service Type - Choose one of the service types from the drop down list. If you want to create a new service type, simply click open the following dialog. Profile – type a new name for such service type. Protocol –There are two options: TCP, UDP and TCP/UDP.
4.9.2.2 VoIP QoS When this feature is enabled, the VoIP SIP/UDP packets will be sent with highest priority during the process of data transmission. Each item will be explained as follows: Item Description Enable Enable - Click it to enable VoIP QoS function. SIP UDP Port Set a port number used for SIP. Apply Click it to save and exit the dialog. Cancel Click it to discard the settings configured in this page.
4.9.2.3 DSCP Re-Tag Packets coming from LAN IP can be retagged through QoS setting. When the packets sent out through WAN interface, all of them will be tagged with certain header and that will be easily to be identified by server on ISP. Each item will be explained as follows: Item Description Enable Enable – Click it to enable DSCP Re-Tag function. High / Medium / Normal / Low There are four queues allowed for QoS control.
4.9.3 Sessions Limit A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted. To solve the problem, you can use limit session to limit the session procession for specified Hosts.
Source IP Group Display the source IP group profile name. Time Object If no time schedule is set, None will be shown in this field. Time Group Display the Time group profile selected for such application profile. Default Session Limit Display the default session number used for each computer in LAN. Default Max Sessions Display the default maximum session number used for each computer in LAN.
Item Description Profile Type the name of the profile. Enable Check this box to enable such profile. Max Sessions Defines the available session number for each host in the specific range of IP addresses. If you do not set the session number in this field, the system will use the default session limit for the specific limitation you set for each index. This field cannot be typed with “0”, otherwise the profile cannot be saved.
4.9.4 Bandwidth Limit The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs. Please use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. Each item will be explained as follows: Item Description Add Add a new profile. Edit Modify the selected profile.
Source IP Group Display the source IP group profile name. Time Object If no time schedule is set, None will be shown in this field. Time Group Display the Time group profile selected for such application profile. Default TX/RX Limit The default limit will apply to LAN IP(s) not in the above configuration profiles Default TX Limit – Define the limitation for the speed of the upstream. Default RX Limit –Define the limitation for the speed of the downstream.
How to add a bandwidth limit profile 1. Open Bandwidth Management>>Bandwidth Limit. 2. Simply click the Add button. 3. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Enable Check this box to enable such profile. TX Limit(Kbps) Define the limitation for the speed of the upstream. If you do not set the limit in this field, the system will use the default speed for the specific limitation you set for each index.
general target Time Object - Click the triangle icon to display the profile selection box. Choose a schedule object profile to be applied on such rule. You can click to create another new time object profile. to display the Time Group - Click the triangle icon profile selection box. Choose a schedule group profile to be applied on such rule. You can click to create another new time group profile. source target Source IP Object - Click the triangle icon to display the profile selection box.
4.10 USB Application By way of Vigor router, clients on LAN can access, write and read data stored in USB storage disk with different applications. After setting the configuration in USB Application, you can type the IP address of the Vigor router and username/password created in User Management>>User Profile on the client software. Then, the client can use the FTP site (USB storage disk) through Vigor router. Note: USB ports on Vigor router are allowed to connect to USB modem.
Size Display the total disk capacity of the USB device. Free Capacity Display the remaining disk space of the USB device. Status Display the status of the USB device. (Remove Icon) At present, FAT, EXT2, EXT3 USB format can be supported by Vigor router. If such USB is inserted into the USB slot, the Status field will display “In Use” and the remove icon will appear on the screen. If you want to remove the USB disk, simply click this icon. 4.10.
Access Rights It displays the access right for the connected USB disk. Enable FTP Check the box to enable FTP server. Port Type required port number for FTP server. Or, use the default value. Maximum Number of Connections It means the maximum session limit for the FTP server. The default setting is “4” for downloading, uploading and keeping network connection. Maximum Connection per IP It means the maximum session limit for the FTP server per each IP address.
to be located by Windows system. Default name will be offered for Windows XP user. 4.10.3.2 SAMBA Folder Due to the file sharing feature of SAMBA server, this page allows you to create any profile which can be shared by clients on the network. How to add/edit a SMABA folder profile 1. Open USB Application>>SMABA Server and click SAMBA Folder tab. 2. Click the Add button. For an existed profile, simply choose that profile and click the Edit button. 3. The following dialog will appear.
Enable Check this box to enable such profile. Visible Check this box to make such profile be seen by users. If not, the user must know and type the path of the folder name to access into that folder. Comment Type any text to describe such profile if required. Volume Use the drop down list to specify the proper volume for the connected USB disk. Path It indicates the directory name for the connected USB disk. The default setting is “/”. Access There are three options for you to specify.
4.10.4 Printer This page is used to enable the printer server state when a printer device is connected via USB port. Available settings are explained as follows: Item Description Printer Server State Auto- It’s the default setting. Vigor router will detect if the connected device is printer or not. If yes, the printer server will be enabled automatically to activate the printer. Enable – The printer server will be enabled. Disable – The printer server will be disabled.
4.10.5 Temperature Sensor A USB Thermometer is now available that complements your installed DrayTek router installations that will help you monitor the server or data communications room environment and notify you if the server room or data communications room is overheating. During summer in particular, it is important to ensure that your server or data communications equipment are not overheating due to cooling system failures.
4.10.5.2 General Setup Available settings are explained as follows: Item Description Enable Temperature Sensor Check this box to enable such function. Display Unit Choose Celsius or Fahrenheit as the display unit. Temperature Alert Lower limit / Temperature Alert Upper limit Type the upper limit and lower limit for the system to send out temperature alert. Calibration Type a value used for correcting the temperature error. Temperature Alert Time Interval The default setting is one minute.
4.10.6 Modem Support List Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router.
4.11 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog/Mail Alert, Time and Date, Access Control, SNMP Setup, Reboot System, and Firmware Upgrade. Below shows the menu items for System Maintenance. 4.11.1 TR-069 This device supports TR-069 standard. It is very convenient for an administrator to manage a TR-069 device through an Auto Configuration Server, e.g., VigorACS.
WANs connection when the original WAN interface fails. ACS Server URL/ ACS Server Username / ACS Server Password Such data must be typed according to the ACS (Auto Configuration Server) you want to link. Please refer to Auto Configuration Server user’s manual for detailed information. Last Inform Response Time Display the response time informed by VigorACS. ACS Connection Status When it lights in green, it means the router has been detected and can be managed by VigorACS.
4.11.2 Administrator Password This page allows you to set new password for accessing into the web user interface of the router. Each item will be explained as follows: Item Description Original Password Type the old password. New Password Type the new password. Confirm Password Re-type the new password for confirmation. Apply Click this button to save the configuration and exit the web page. Enter all of the settings and click Apply.
4.11.3 Configuration Backup Most of the settings can be saved locally as a configuration file, and can be applied to another router. The router supports functions of restore and backup for the configuration file. 4.11.3.1 Backup Each item will be explained as follows: Item Description Encrypt None – No encryption will be used. Encrypt Config File – Choose it to encrypt the whole configuration file. Password – Type a password for encrypting the file.
Backup Execute the file downloading job to the computer. 4.11.3.2 Restore Each item will be explained as follows: Item Description Decrypt Config Check this box to decrypt an encrypted configuration file. You can specify a password for decrypting the file for restoring it for use next time. Password – Type a password for encrypting the file. Confirm Password – Retype the password for confirmation. Restore Type Choose one of the types to determine where the file will be downloaded from.
4.11.3.3 Analysis Such analysis page will show user defined settings result. In comparing the default settings with information displayed in this page, it will be convenient for administrator, user or RD member for debug possible error. 4.11.4 Syslog / Mail Alert SysLog function is provided for users to monitor router. There is no bother to directly get into the Web User Interface of the router or borrow debug equipments. 4.11.4.1 SysLog File This page displays all the operation logs for the router.
Clear Syslog Remove all of the records. Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. 4.11.4.2 Syslog Access Setup Available parameters are listed as follows: Item Description Status Choose one of the selections to determine current status for Syslog access. If you choose Local as Status, you don’t need to type any server IP and port. Just give a name for the router.
Syslog. User Access Log Click Enable to make the user access log recorded in the Syslog. WAN Log Click Enable to make the WAN log recorded in the Syslog. Others Log Click Enable to make other logs recorded in the Syslog. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.11.4.
User Password Type the password for authentication. Send A Test Mail Click it to send a test mail to the specified address. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.11.5 Time and Date This page allows you to specify where the time of the router should be inquired from.
Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.11.6 Access Control 4.11.6.1 Access Control This page allows you to open or close the Web User Interface of Vigor300B by using Telnet, SSH, HTTP, HTTPS… and etc… Available parameters are listed as follows: Item Description Default: Disable Auto-Logout Enable – Vigor router will auto logout based on the specified time setting (e.g., 1, 3, 5 and 10 minutes). Disable – Default setting.
Web Allow Click Enable to allow system administrator to login from the Internet and management the web page of the router. Telnet Allow Click Enable to allow system administrator to login from the telnet and management the web page of the router. SSH Allow Click Enable to allow system administrator to login from the SSH server and management the web page of the router. HTTPS Allow Click Enable to allow system administrator to login from the HTTPS server and management the web page of the router.
Web Port Type the port number for the management through web page. Telnet Port Type the port number for the management through telnet page. SSH Port Type the port number for the management through SSH server. HTTPS Port Type the port number for the management through HTTPS server. FTP Port Type the port number for the management through FTP server. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page.
Penalty Time – This field is used to configure the blocking time. The default setting is 60 seconds. It means, when a user tries to login Vigor router with a user account for many times (defined in Login Max-failed Times) but fails, he/she will be prohibited to login for a period of time. When the penalty time limit is up, he/she is allowed to login into Vigor router again. Disable - Disable the function of Fail to Ban for Web UI/SSH/FTP/TELNET/PPTP/SSL. Apply Click this button to save the configuration.
4.11.7 SNMP Setup This page allows you to manage the settings for SNMP setup. The SNMPv3 is more secure than SNMP through the encryption method (support AES and DES) and authentication method (support MD5 and SHA) for the management needs. Available parameters are listed as follows: Item Description Enable SNMP Check the box to enable the function. Get Community Set the name for getting community by typing a proper character. The default setting is public.
Privacy Algorithm (Min. Length:8) Choose one of the methods listed below as the privacy algorithm. Privacy Password Type a password for privacy. The maximum length of the text is limited to 23 characters. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Enter all of the settings and click Apply. 4.11.8 Reboot System The Vigor router system can be restarted from a Web browser.
Reboot with Customized Configurations Click it to reboot the router using the current configuration (only the configuration settings listed and selected below). If you choose this option, Select Config File will be available for you to select. After choosing the configuration files, click Reboot. Reboot Click this button to execute the rebooting job. 4.11.8.2 Schedule Reboot Vigor router can be rebooted based on schedule setting.
and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Display the name of the schedule profile. Frequency Display the type (Once or Weekdays) of frequency selected for the profile. Start Date Display the starting date of the profile.
Weekdays -Specify which days in one week should perform the schedule. Start Date Specify the starting date of the schedule. Start Time Specify the starting time of the schedule. End Date Specify the ending date of the schedule. End Time Specify the ending time of the schedule. 4. Enter all the settings and click Apply. 5. A schedule profile has been created. 4.11.9 Firmware Upgrade The following web page will guide you to upgrade firmware by using such page.
Available parameters are listed as follows: Item Description Current Firmware Version Display current version of the firmware. Select File Use the Select button to locate and select the new firmware. Upgrade Click it to perform the firmware upgrade. 4.11.9.2 Auto Firmware Upgrade By clicking Check Update/Install Update, Vigor router can download/upgrade firmware directly from website (http://www.draytek.com.tw/ftp) automatically.
Upgrade from Server Check Update –Vigor router will inquire to website (http://www.draytek.com.tw/ftp) if there is any newest firmware available for use. If yes, Vigor router will download the newest firmware from the website to the host (Vigor router) automatically. Install Update –If the firmware version stored on the website (http://www.draytek.com.tw/ftp) is newer than the version used by the host (Vigor router), then Vigor router will download and install the newest firmware version automatically.
4.11.9.4 Auto Firmware Patch A firmware contains hundreds of files, and a firmware patch could be a single file or several files of a firmware. Since firmware 1.2.0, Vigor300B supports Firmware Patch feature which allows upgrading a specific firmware patch only, but not the whole firmware. The benefit is Vigor300B doesn't need to reboot the system after updating the firmware patch. Auto Firmware Patch is similar to Auto Firmware Upgrade.
router will download and upgrade the newest information automatically. Server Use the drop down list to specify a suitable server. Syslog Check the box to store the patch log into Syslog. Patch Log This area will show log related to firmware patch automatically if firmware patch is executed. When the router is doing daily firmware patch check, Syslog will have the logs below: <13>Dec 18 13:59:18 Vigor: [patupgrade_auto][1] Check latest patch version from server ...
4.11.10 APP Signature Upgrade The APP object profile adopted by Vigor router will be treated as the APP signature. DrayTek will periodically upgrade versions for all of the APPs supported by Vigor router. However, it might be inconvenient for users to upgrade the APP version one by one. This feature is specially designed to offer a quick method to execute APP version upgrade.
4.11.10.2 Auto APP Signature Upgrade This page allows Vigor router to execute signature upgrade automatically. Available parameters are listed as follows: Item Description Current Signature Date Display the date of current signature installed on Vigor300B. Server Signature Date Display the newest signature version recorded on server (myvigor.draytek.com or myvigoreu.draytek.com). Upgrade from Server Get the newest signature from MyVigor server (myvigor.draytek.com or myvigoreu.draytek.com).
the user logs into the router’s web user interface, the system will give a hint to notify the user in the logging window. Auto upgrade when new signature is available - If the signature information stored on MyVigor server is newer than information stored in the host (Vigor router), then Vigor router will download and upgrade the newest information automatically. Server Choose a proper server for signature upgrade from the drop down list. At present, only two servers (myvigor.draytek.com or myvigoreu.
4.12 Diagnostics In some cases, a user may need to know some information about the router, such as static or dynamic databases, or other routing information. The Vigor300B supports five functions, Routing Table, ARP Cache Table, DHCP Assignment Table, Sessions Table and Traffic Graph for the user to review such information. 4.12.1 Routing Table Click Diagnostics and click Routing Table to open the web page. 4.12.1.2 Routing Table Display the information for each route.
system will display the records relating to the keyword. Destination Display the destination IP address for various routings. Gateway Display the default gateway. Genmask Display the subnet mask for various routings. Flags Display the flag of the routing entry.
4.12.1.2 IPv6 Routing Table Display the information for each route with IPv6 protocol. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Destination Display the destination IP address for various routings.
Metric Display the distance to the target (usually counted in hops). It may be needed by routing daemons. Iface Display the direction of such route represented with LAN/WAN profile (starting from LAN/WAN profile to LAN/WAN profile). 4.12.2 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. 4.16.2.
Item Description MAC Address Display the MAC address for different ARP cache. Interface Display the LAN profiles used. User Display the name of the user. Netbios Name Display the Netbios name used by such device. Vendor Display the identity the vendor type. Clear Delete the selected profile. 4.12.2.2 IPv6 Neighbor Table Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search.
Item Description Status Display the status for such neighbor. INCOMPLETE - Address resolution is in progress and the link-layer address of the neighbor has not yet been determined. REACHABLE - The neighbor is reachable recently (within tens of seconds ago). STALE-The neighbor is no longer to be reachable. Yet, until traffic is sent to the neighbor, no attempt should be made to verify its reachability.
4.12.3 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. 4.12.3.1 DHCP Table Click Diagnostics and click DHCP Table to open the web page. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box.
4.12.3.2 DHCPv6 Table Click DHCPv6 Table to open the web page. Each item will be explained as follows: Item Description Refresh Renew the web page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Interface Display the interface used by the DHCP server. IPv6 Address Display the IPv6 address of the static DHCP server.
4.12.4 Session Table This table can display about 30000 sessions with 20 pages. Each item will be explained as follows: Item Description Refresh Renew the web page. Clear Clear all of the information in this page. Search Move the mouse cursor onto the box of Search. Click the mouse button and type the keyword inside the box. The system will display the records relating to the keyword. Source Display the source IP address and port of local PC.
4.12.5 MAC Address Table The MAC Address Table contains up to 8192 entries, and is sorted first by VLAN ID, then by MAC address. Each page shows up to 999 entries from the MAC table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the MAC Table. The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table.
Refresh Click it to reload the page. Clear Click it to clear the counters for all ports. Port Display the interface that data transmission passing through. Receive/Transmit (Packets) Display the packet sizes for data transmission in receiving and sending. Receive/Transmit (Bytes) Display the number of received and transmitted bytes per port. Receive/Transmit (Error) Display the number of the error occurred in data receiving and data sending.
4.12.7 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page. Choose the Setup tab to specify LAN and WAN profiles to display corresponding graphs for CPU, Memory, LAN, WAN configurations and session. Click Refresh to renew the graph at any time. Each item will be explained as follows: Item Description Setup In this page, simply specify which LAN profile and WAN profile will be applied. The traffic graph will be drawn based on the profiles selected.
Item Description operation about recent 4 weeks. LAN Click the LAN tab. Network Interface – Display the information of LAN operation. There are three selections provided for you to specify. Recent 24 Hours – Display the information of LAN operation about recent 24 hours. Recent 7 Days – Display the information of LAN operation about recent 7 days. Recent 4 Weeks – Display the information of LAN operation about recent 4 weeks. WAN Click the WAN tab.
Below show a graphic for CPU: 318 Vigor300B Series User’s Guide
4.12.8 Web Console Click Diagnostics and click Web Console to pen the web page for typing commands used in console connection. A remote user can operate Vigor300B from this web page without installing and opening other connection utility. 4.12.9 Ping/Trace Route This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Start. The result of route trace will be shown on the screen.
4.12.10 Data Flow Monitor This page displays the running procedure (such as IP address, session number, transmission rate, receiving rate, and duration of the time block) by list or by chart for the IP address monitored and refreshes the data in an interval of several seconds. 4.12.10.1 Data Flow Monitor Each item will be explained as follows: Item Description Enable Dataflow Monitor Check this box to enable dataflow monitor performed by the router. Refresh Click it to renew the web page.
button is clicked. IP Address Display the IP address of the monitored device. RX Rate (kbps) Display the receiving speed of the monitored device. TX Rate (kbps) Display the transmission speed of the monitored device. RX Bytes Display the receiving file size of the monitored device. TX Bytes Display the transmitted file size of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Block Time Display the time for the duration of the block.
4.12.11 User Status This page displays related information of user status, PPPoE Server, and User Management, for reference.
4.13 External Devices Vigor router can be used to connect with many types of external devices. In order to control or manage the external devices conveniently, open External Devices to make detailed configuration. Each item will be explained as follows: Item Description Enable External Devices Check the box to detect the external device connected to Vigor300B. Refresh Click it to renew the web page. Status Display the status (on line or off line) of the external device.
4.14 Product Registration Please refer to section 2.3 Register Vigor Router for more detailed information.
Chapter 5: Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. Checking if the hardware status is OK or not. Checking if the network connection settings on your computer are OK or not. Pinging the router from your computer. Checking if the ISP settings are OK or not.
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 1.
4. Select Internet Protocol Version 4 (TCP/IP) and then click Properties. 5. Select Obtain an IP address automatically and Obtain DNS server address automatically. Finally, click OK.
For Mac OS 1. Double click on the current used Mac OS on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
5.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 5.2) Please follow the steps below to ping the router correctly.
5.4 Checking If the ISP Settings are OK or Not Open Online Status to check current network status. Be careful to check if the settings coming from your ISP have been typed correctly or not.
If there is something wrong with the configuration, please go to WAN page and choose General Setup again to modify the WAN connection. 5.5 Backing to Factory Default Setting If Necessary Sometimes, a wrong connection can be improved by returning to the default settings. Try to reset the router by software or hardware. Warning: After pressing factory default setting, you will lose all settings you did before. Make sure you have recorded all useful settings before you pressing.
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. 5.6 Contacting DrayTek If the router settings are correct at all, and the router still does not connect to internet, please contact your ISP technical support representative to help you for configuration. Also, if the router still cannot work correctly, please contact your dealer for help. For any further questions, please send e-mail to support@draytek.com.
