VigorIPPBX 2820 Series User’s Guide Version: 2.6 Based on Firmware Version: V3.5.
Copyright Information Copyright Declarations Copyright 2011 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: z Microsoft is a registered trademark of Microsoft Corp.
European Community Declarations Manufacturer: Address: DrayTek Corp. No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan 303 Product: VigorIPPBX 2820 DrayTek Corp. declares that VigorIPPBX 2820 of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC.
Table of Contents Chapter 1: Preface .............................................................................................................1 1.1 Web Configuration Buttons Explanation ................................................................................. 1 1.2 LED Indicators and Connectors .............................................................................................. 2 1.2.1 For VigorIPPBX 2820 .................................................................................
4.1 Create a LAN-to-LAN Connection Between Remote Office and Headquarter ..................... 49 4.2 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter........ 57 4.3 QoS Setting Example............................................................................................................ 61 4.4 LAN – Created by Using NAT ............................................................................................... 65 4.5 Upgrade Firmware for Your Router ..................
5.4 Firewall ................................................................................................................................ 185 5.4.1 Basics for Firewall......................................................................................................... 185 5.4.2 General Setup............................................................................................................... 187 5.4.3 Filter Setup .............................................................................
5.12.5 PBX Status ................................................................................................................. 317 5.13 Wireless LAN .................................................................................................................... 318 5.13.1 Basic Concepts........................................................................................................... 318 5.13.2 General Setup....................................................................................
Chapter 1: Preface VigorIPPBX 2820, an ADSL router with IPPBX feature, provides policy-based load-balance, fail-over and BOD (Bandwidth on Demand), also it integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth. By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DS, the router increases the performance of VPN greatly, and offers several protocols (such as IPSec/PPTP/L2TP) with up to 32 VPN tunnels.
1.2 LED Indicators and Connectors Before you use the Vigor router, please get acquainted with the LED indicators and connectors first. The displays of LED indicators and connectors for the routers are different slightly. The following sections will introduce them respectively. If the model of router you have does not support ISDN and/or VoIP function, simply ignore the relational description.
1.2.1 For VigorIPPBX 2820 LED Status Explanation ACT (Activity) Blinking Off On Blinking On The router is powered on and running normally. The router is powered off. A USB device is connected and active. The data is transmitting. The profile of CSM (Content Security Management) for IM/P2P application is enabled from Firewall >> General Setup. (Such profile is established under CSM menu). VPN tunnel is up and down. The router is ready to access Internet through DSL link. Slowly: The modem is ready.
LAN 2/3/4 Left LED (Green) Right LED (Green) WAN 2 Left LED (Green) Right LED (Green) On Off Blinking On Off On Off Blinking On Off The port is connected. The port is disconnected. The data is transmitting. The port is connected with 100Mbps. The port is connected with 10Mbps. The port is connected. The port is disconnected. The data is transmitting. The port is connected with 100Mbps. The port is connected with 10Mbps.
1.2.2 For VigorIPPBX 2820n LED Status Explanation ACT (Activity) Blinking Off On Blinking On The router is powered on and running normally. The router is powered off. A USB device is connected and active. The data is transmitting. The profile of CSM (Content Security Management) for IM/P2P application is enabled from Firewall >> General Setup. (Such profile is established under CSM menu). Wireless access point is ready. It will blink while wireless traffic goes through.
LAN 1(Giga) Left LED (Green) Right LED (Green) LAN 2/3/4 Left LED (Green) Right LED (Green) WAN 2 Left LED (Green) Right LED (Green) Off On Off Blinking On Off On Off Blinking On Off On Off Blinking On Off It will be off if there is nothing connected. The port is connected. The port is disconnected. The data is transmitting. The port is connected with 1000Mbps. The port is connected with 10/100Mbps. The port is connected. The port is disconnected. The data is transmitting.
1.3 Hardware Installation Before starting to configure the router, you have to connect your devices correctly. 1. Connect the ADSL interface to the external ADSL splitter with an ADSL line cable. Also, connect Line interface to an external ADSL splitter. For second WAN, connect the cable Modem/DSL Modem/Media Converter to WAN2 port of router with Ethernet cable (RJ-45). 2.
Caution: Each of the Phone ports can be connected to an analog phone only. Do not connect the phone ports to the telephone wall jack. Such connection might damage your router. 1.4 ISDN Phone Adapter Installation ISDN1/2 port is configurable as NT or TE mode. When the user configures ISDN port as NT mode in IP PBX>>PBX System>>Phone Settings, the orange LED will light on to indicate ISDN-NT is selected.
Note: ISDN Phone MUST be connected to ISDN port via an ISDN Phone Adapter. Do not connect the ISDN phone(s) to the ISDN port of the router directly for it cannot be used normally. 1.5 Printer Installation You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE, please visit www.draytek.com.
3. Open File>>Add a New Computer. A welcome dialog will appear. Please click Next. 4. Click Local printer attached to this computer and click Next. 5. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next.
6. In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. 7. Click Standard and choose Generic Network Card. 8. Then, in the following dialog, click Finish.
9. Now, your system will ask you to choose right name of the printer that you installed onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next. 10. For the final stage, you need to go back to Control Panel >> Printers and edit the property of the new printer you have added. 11. Select LPR on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and LPR name.
Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support >>FAQ; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link. Note 2: Vigor router supports printing request from computers via LAN ports but not WAN port.
This page is left blank.
Chapter 2: Configuring Basic Settings For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator, how to adjust basic settings for accessing Internet successfully and how to configure IPPBX settings via IPPBX wizard. Note that only the administrator can change the router configuration. 2.
3. Now, the Main Screen will pop up. Note: The home page will change slightly in accordance with the router you have. 4. Go to System Maintenance page and choose Administrator Password. 5. Enter the login password (the default is blank) on the field of Old Password. Type New Password. Then click OK to continue. 6. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router.
2.2 Quick Start Wizard If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. On the next page as shown below, please select the WAN interface (WAN 1 or WAN2) that you use. If DSL interface is used, please choose WAN1; if WAN2 interface is used, please choose WAN2.
On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step. In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE/PPPoA, 1483 Bridged IP or 1483 Routed IP. The router supports the DSL WAN interface for Internet access. 2.2.
If your ISP provides you the PPPoE connection, please select PPPoE for this router. The following page will be shown: User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.
2.2.2 1483 Bridged IP Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.
2.2.3 1483 Routed IP Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.
2.3 IPPBX Wizard IPPBX Wizard can guide the user to configure the required settings for this router within several steps. All the settings, also, can be configured by using IP PBX menu. However, the wizard is the most convenient and easy method for users. 2.3.1 Extension & Group Setup Click IPPBX Wizard. You can get the first screen as shown below. Extension Group Name Type a name as a display for this extension group.
Extension Group Number Type the number of extension for such group. Start Number of the extension Group Type the start extension number for such group. Number of extension in this group Type the total number of the extension for such group. Extension Password in this group Type the password for this extension group, which will be used in registration done by IP Phone. When you finish the settings of group name, group number, start number, number of extension fields, please click OK to save them.
2.3.2 SIP Trunk Setup This page allows you to set profiles for six SIP outside lines at one time. Profile Name Type a name for this profile for identifying. Domain/Realm Set the domain name or IP address of the SIP Registrar server. Proxy Set domain name or IP address of SIP proxy server. By the time you can type :port number after the domain name to specify that port as the destination of data transmission (e.g., nat.draytel.org:5065) Account Number/Name Enter your account name of SIP Address, e.g.
You can set 6 profiles for using in different conditions. Then click Next to access into next web page. 2.3.3 Office Hours Setup This page allows you to set office hours including starting point, ending point on duty day(s). When do you start working Use the drop down menu to choose the time as the starting point in the morning. in the morning When do you have a rest at Use the drop down menu to choose the time as the ending point in the morning.
When you finish the settings, click Finish to save the settings and exit the wizard.
2.4 Service Activation Wizard Service Activation Wizard can guide you to set WCF (Web Content Feature) feature with a quick way. Note: There are three ways to activate WCF on vigor router, using Service Activation Wizard, by means of CSM>>Web Content Filter Profile or via System Maintenance>>Activation. Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com.
3. In the following page, please check the box of “I have read and accept the above Agreement” and click Next. 4. Setting confirmation page will be displayed as follows, please click Next. 5. Wait for a moment till the following page appears. When such page appears, you can enable or disable these services for your necessity. Then, click Finish. Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup.
6. Now, the web page will display the service that you have activated according to your selection(s). The valid time for the free trial of these services is one month. Later, if you need to extend the license valid time, you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next.
2.5 Online Status The online status shows the system status, WAN status, ADSL Information and other status related to this router within one page. If you select PPPoE/PPPoA as the protocol, you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page.
Online status for Static IP (for WAN1) Online status for DHCP (WAN1) VigorIPPBX 2820 Series User’s Guide 31
Online status for ISDN enabled Detailed explanation is shown below: Primary DNS Displays the IP address of the primary DNS. Secondary DNS Displays the IP address of the secondary DNS. LAN Status IP Address Displays the IP address of the LAN interface. TX Packets Displays the total transmitted packets at the LAN interface. RX Packets Displays the total number of received packets at the LAN interface. WAN1/2 Status Line Displays the physical connection (Ethernet) of this interface.
RX Pkts Displays the total number of received packets at the ISDN interface. RX Rate Displays the speed of received octets at the ISDN interface. Up Time Displays the total uptime of the interface. AOC Displays the charge information of the interface. Note: The words in green mean that the WAN connection of that interface (WAN1/WAN2) is ready for accessing Internet; the words in red mean that the WAN connection of that interface (WAN1/WAN2) is not ready for accessing Internet. 2.
This page is left blank.
Chapter 3: Applications This chapter shows several scenarios for your reference to configure IP PBX for different purposes. 3.1 The Registration of 50 IP-based Telephone/Extensions z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) are registered on the VigorIPPBX 2820.
3.2 The IP Registration from Remote Site (through WAN Connection) z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site.
3.3 The Integration IP Registration with SIP Server z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.4 The Integration VoIP Communications via SIP Server z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.5 The Integration with PSTN telephony z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.6 The Added ISDN Telephony z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.7 The Integrated ISDN line z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.8 The 4 B Channels of Two ISDN Lines z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.9 The Integration of ISDN PBX with One ISDN Line z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered On the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.10 The Integration of ISDN PBX with One ISDN Line-2 z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (201, 202, and 203) and remote IP-based phone are registered on the VigorIPPBX 2820. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server). z The ISDN PBX is connected to S0-interface of the VigorIPPBX 2820.
3.11 The Deployment of ISDN PBX and PSTN Network z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on the VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.12 The Integration of ISDN Telephony and PSTN Network z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones are connected to LAN ports and set with ext. no. 101, 102 & 103. z The IP-based telephones (101, 102, and 103) and remote IP-based phone are registered on VigorIPPBX 2820. z The IP-based phone with ext. no. 201 is at remote site. z The VigorIPPBX 2820 seamlessly integrate with ITSP services (allow you to register at a SIP server).
3.13 The Integration of ISDN Telephony, PSTN Network and VoIP Connection z The establishment through DSL Internet. z Flexible second WAN for back-up. z IP-based telephones with ext. no. 101 & 102 are connected to LAN ports of the VigorSwitch. Analog telephones with ext. no. 701, 702 & 703 are connected to the VigorTalk ATA24 and are registered at the VigorIPPBX 2820. z The IP-based telephone with ext. no. 103 and remote IP-based phone ext. no. 201 are registered on the VigorIPPBX 2820.
This page is left blank.
Chapter 4: Tutorial 4.1 Create a LAN-to-LAN Connection Between Remote Office and Headquarter The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address. Settings in Router A in headquarter: 1.
For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. 3. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection.
5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection.
6. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection.
7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: 1. Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. 2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup.
4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. 5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection.
4.2 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host. Settings in VPN Router in the enterprise office: 1.
3. Go to Remote Dial-In User. Click on one index number to edit a profile. 4. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Settings in the remote host: 1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel to Vigor router. For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.
3. In Step 2. Connect to VPN Server, click Insert button to add a new entry. If an IPSec-based service is selected as shown below, You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method.
4. Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. 4.3 QoS Setting Example Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in the restroom. 1.
3. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name E-mail for Class 1. 4. For this index, the user will set reserved bandwidth (e.g., 25%) for E-mail using protocol POP3 and SMTP.
5. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserved bandwidth for HTTPS. And click OK. 6. Click Setup link for WAN1. 7. Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of VoIP influent other application. Click OK.
8. If the worker has connected to the headquarter using host to host VPN tunnel, he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel. 9. Click Edit to open the following window. Check the ACT box, first.
10. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s IP address. Leave other fields and click OK. 4.4 LAN – Created by Using NAT An example of default setting and the corresponding deployment are shown below. The default Vigor router private IP address/Subnet Mask is 192.168.1.1/255.255.255.0. The built-in DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10.
To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.
4.5 Upgrade Firmware for Your Router Before upgrading your router firmware, you need to install the Router Tools. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 1. Go to www.draytek.com. 2. Access into Support >> Downloads. Please find out Firmware menu and click it. Search the model you have and click on it to download the newly update firmware for your router. 3. Access into Support >> Downloads. Please find out Utility menu and click it.
5. Double click on the icon of router tool. The setup wizard will appear. 6. Follow the onscreen instructions to install the tool. Finally, click Finish to end the installation. 7. From the Start menu, open Programs and choose Router Tools XXX >> Firmware Upgrade Utility. 8. Type in your router IP, usually 192.168.1.1. 9. Click the button to the right side of Firmware file typing box. Locate the files that you download from the company web sites.
11. Now the firmware update is finished.
4.6 Request a certificate from a CA server on Windows CA Server 1. Go to Certificate Management and choose Local Certificate.
2. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. 3. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. 4. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate.
Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it.
5. Back to Vigor router, go to Local Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------.....” 6. You may review the detail information of the certificate by clicking View button.
4.7 Request a CA Certificate and Set as Trusted on Windows CA Server 1. Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list.
2. In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. 3. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration. 4. You may review the detail information of the certificate by clicking View button.
4.8 How to achieve DID (Direct Inward Dialing) with SIP Alias? SIP Alias is an alternative address for your main SIP Address. Normally, when you have a user account for one ITSP, you have one SIP address provided by the ITSP. However, with SIP alias, you can own multiple SIP addresses over one user account. When you register with a regular user account, alias are registered as well as the main SIP address. Then, when somebody dials the alias, the SIP URI bound to the alias will ring.
Follow the steps below to setup SIP Alias and achieve DID. 1. Create a SIP Alias. First of all, make sure your VoIP Service Provider supports SIP Alias. For example, iptel.org provides such service. When you register an SIP account 866668@iptel.org on iptel.org, you will be provided with a sip alias 3400017904@iptel.org as well. See below. 2. Setup SIP account on VigorIPPBX 2820. Open the IP PBX>>Line Setting>>SIP Trunk page and configure the SIP account as follows.
3. Setup SIP Alias on VigorIPPBX 2820. Open the IP PBX>>SIP Trunk List page and click on Alias List to enter the SIP Alias setup page. 4. Press one index and input the SIP Alias in the Alias Number fields. Select the associated SIP account from Alias of SIP Trunk, which was created in step 2. Route the call to Jacky by selecting Forward To Extension and the extension profile 1-101.
5. The configuration is completed. Make sure the extension number 101 is registered. Next, Benson can make a direct call to Jacky by calling 3400017904@iptel.org .
4.9 How to use Call Parking? Call parking allows you to hold the call on a telephone set and pick it up at a different phone. Below shows a brief illustration for call parking application. Benson calls extension 222. Stephen picks IP Phone A up and tells Benson that he wants to park the call for transferring to another phone to continue the conversation. To park a call, Stephen can perform the following actions on IP Phone A: 1. Press the transfer button on IP Phone A. 2. Dial the call park number, 777.
1. When an incoming call is parked, a certain extension will be assigned to it temporarily and the number will be announced to you. In this example, the announcement “Your parking number is 22201” informs you of the new extension 22201. Next, you can dial the new extension to retrieve the call from a different phone. The new extension number may also be displayed on your IP phone. 2.
4.10 How to set up VigorPhone 350 with VigorIPPBX2820 series by using Auto-Provisioning? DrayTek VigorIPPBX 2820/VigorIPPBX 2820n supports the function of auto-provisioning. VigorPhone 350 is also capable of auto-provisioning, it can get a configuration text file from the VigorIPPBX 2820 series. The configuration file contains SIP settings that the SIP devices can register with VigorIPPBX 2820 series. 1. Configure the extension number and password for each IP phone on VigorIPPBX 2820.
2. Click IPPBX Wizard to get the first screen as shown below. Type the extension group name, group number, start number, and number of extension fields. Click OK to save them. The new added group will be displayed on the screen. Then click Next to access into next web page. 3. In the SIP Trunk Setup page, you can set up to six SIP profiles outside lines at one time. Type the profile name, domain/realm, proxy, account number/name, password and trunk number fields, then click OK to save them.
4. Click Next to access into office hours setup page. Please specify office hours including starting point and ending point on duty day(s).Then, click Finish to save the settings and exit the wizard.
5. After finishing the Wizard, please go to IPPBX>Extension to configure the Extension Number and the Password settings. 6. Then connect VigorPhone to the network. Each user of VigorPhone can get the extension number/password respectively. 7. The log-in request will be displayed on the screen of the phone. Please input the extension number. Press OK.
8. Next, input the password. Press OK. 9. VigorPhone can automatically configure itself with settings coming from VigorIPPBX 2820. Successful message will be shown as below. Now, all the configurations have been done. 10. Now, the extension number has been registered by VigorPhone successfully. (See the number on the right side of the arrow.
4.11 How to configure Hunt Group? Hunt Group allows a caller to automatically find an available callee from among a group of extensions. You may assign some extensions to a Hunt Group. The incoming call will search for the first available extension. Each extension will be tried until a “free” extension is reached. If an IP phone is busy or hasn’t registered its extension to VigorIPPBX 2820 yet, its extension will be skipped. The caller hears the busy tone only when all lines are engaged.
How to setup Hunt Group for Example 1 and 2 ? 1. Configure extensions for IP phones. 2. Open IP PBX >> PBX System >> Hunt Group. Configure the following two groups.
For the Hunt Group of Sales department, Hunt Group Name is locally significant for identification. Hunt Group Extension must be different from all the other extension numbers. Select Simultaneously as Hunt Rule. For the Hunt Group of RD department, Hunt Group Name is locally significant for identification. Hunt Group Extension must be different from all the other extension numbers. Select Sequentially as Hunt Rule. You can use Move Up and Move Down buttons to adjust the sequence of the extensions.
How to call a Hunt Group? Method 1: You may call the VigorIPPBX 2820 first, and dial the Hunt Group Extension number. In the above two examples, when you dial 100, extensions 101, 102 and 103 ring at the same time. When you dial 200, extension 201 rings first, then 202, next 203 and finally 204 rings. Method 2: With auto-attendant, after hearing the greeting, you may dial 1. The extensions 101, 102 and 103 ring simultaneously.
4.12 How to use Auto Attendant? IVR, Interactive Voice Response, is a technology that allows callers to interact with the communication system over the telephone. Auto Attendant is a technology that automates interactions with telephone callers. It allows callers to be automatically transferred to an extension without the intervention from a receptionist or telephone operator. VigorIPPBX 2820 supports IVR and Auto Attendant.
extension of the person you’d like to reach, you may dial it now. Otherwise, please choose from the following options. For technical support, press “1”. For sales, press “2”. For new products introduction, press “3”. Otherwise press “0” for the receptionist.” z When you finish the record, press #. z Dial 1255# to hear the office hours greeting (Prompt 5) that you have recorded. If you are not satisfied with the result, dial 1155# to record it again.
2. After the sounds have been recorded, you have to create the extensions that needed in the IVR. Extensions for each phone are configured as follows. Configure extension for the support department. It is a hunt group. If the hunt rule is set with Sequentially, the extension 201 ring first, then 202, 205, 203 and finally 204 rings one by one when someone calls 200. If the hunt rule is set with Simultaneously, extensions 201, 202, 203, 204 and 205 ring at the same time when someone calls 200.
3. Choose Auto Attendant for Office hours and Non-office hours for the SIP trunk. In this example, when you call 866669@iptel.org during the office hours, you will hear office hours greeting (Prompt 5): during the non-office hours, you will hear the non-office hours greeting (Prompt 6). 4. Make sure the system time is synchronized from the System Maintenance >> Time and Date page.
5. Configure the Office hours from the IP PBX >> PBX System >> Office Hours setup page. Suppose the holidays are January 1 to January 3, January 20 and February 15. Based on the above configuration, the router will configure the settings for the non-office hours automatically. 6. Open Auto Attendant Wizard and configure the Office hours rule. The rule is set as follows: z z z z Key 1 for support department - Press 1 for technical support. Key 2 for sales department - Press 2 for sales.
7. Press Next to configure settings for Non-office hours. Key 0 is designated for Ring Extension and here it is set for receptionist. For other keys, we let the users to listen to new product introduction. 8. Then click OK to finish the auto attendant wizard. Note: If a caller dials the wrong extension number, VigorIPPBX 2820 will play the greeting once more to let he/she dials the right extension again.
4.13 How to use Voice Mail? With voice mail, callers can leave messages when you are busy, unable to answer phone calls, or when the IP phone is off-line. Then, at your leisure time, you can listen to the voice messages. This avoids missing important phone calls. VigorIPPBX 2820 supports voice mail feature. When someone leaves a message to you, you can listen to it from the IP phone. Furthermore, you can have an email sent to you with a .WAV file for the voice message attached to this mail if you want.
1. Open Graham’s extension profile. Below shows the explanation of basic configuration. Graham’s Extension Number is 211. Display Name is locally significant for identification. Make sure the Type is SIP. Enable Authentication and type a Password for this extension. 2. Input an E-mail address for Graham to receive voice mails. E-mail Address: Input Graham’s email address for receiving voicemail. Voice mail Password: If you want to listen the voice mail by using IP phone, you must a voice mail password.
4. Input an e-mail address for Jacky to receive voice mails. In this case, no e-mail address is specified. E-mail Address: Don’t input any email address here. Jacky will not receive a voice mail via email. Voice mail Password: If you want to listen the voice mail by IP phone, you must setup a voice mail password. This can prevent someone else to listen to your voice message. Only digit characters (0-9) are accepted as voice mail password. Answer Mode: Select Voice Mail.
Additional Configuration for Voice Mail Open the IP PBX >> PBX System >> Voice Mail Configuration page and setup the system properties of voice mail. Extension for checking message: If you want to listen to a voice mail, you need to dial the number which is set in the field of Extension for checking messages. The default value is 888. You can change it manually. Send Voice Message by Email: Tick it to enable sending voicemail via email.
Ways to Listen voice messages Method 1 When there is a voice mail, Graham will receive an email with a WAV file attached. This WAV file records the voice message. By double clicking on the WAV file, Graham can listen to the message leaved by Benson. Method 2 Graham can listen to his voice messages via his IP phone as follows: 1. Pick up the IP phone which has registered to VigorIPPBX 2820 with the extension number 211. 2. Dial 888.
Since Jacky configures to listen to voice messages from IP Phone, no email will be sent to Jacky.
4.14 How to configure and use the MWI on VigorIPPBX 2820? MWI is namely Message Waiting Indication. Messaging Waiting Indication is a common feature of telephone networks. It typically involves an audible or visible indication that messages are waiting, such as playing a special dial tone (which in telephone network is called message-waiting dial tone), lighting a light or indicator on the phone, displaying icons or text, or some combination (draft-ietf-sipping-mwi-04.txt).
2. Select either Notify User who Subscribed or Force Notify User for MWI. Voice mail Password: If you want to listen to the voice mail by phone via VigorIPPBX 2820, you must configure the voice mail password. It can prevent someone else listening to your voice mail. Namely, users need to input the voice mail password before they listen to the voice mail. Notify User who Subscribed: Most IP Phones support MWI feature. You can enable or disable it for your requirement.
Additional Configuration for Voice Mail Go to the IP PBX >> PBX System >> Voice Mail Configuration page and configure the following items. Extension for checking messages: If you want to listen to a voice mail, you need to dial the number which is set in the field of Extension for checking messages. The default value is 888. You can change it manually. Day for keeping voice mail: It means the time for keeping a voice mail in VigorIPPBX 2820. The default value is 3 (days).
4.15 How to register extensions to VigorIPPBX 2820? VigorIPPBX 2820 supports Software based SIP phones, Hardware based SIP Phones and Analogue phones attached to ATA (Analog Telephone Adapter). In this document we will introduce how to use these clients to register extensions to VigorIPPBX 2820. Basic Network Connection for VigorIPPBX 2820 In this document we will use the scenario illustrated in the following graphic. 1. VigorIPPBX 2820 acts as an SIP server with WAN IP: 218.242.132.26 and LAN IP: 192.
Setup the extensions on VigorIPPBX 2820 1. Enter the IP PBX >> Extension Profile setup page and configure the relevant extension profile. 2. After finishing the settings, you may have the following table.
Setup the VoIP clients to register extensions z Software based IP Phone (e.g. DrayTek Soft Phone) Jacky is using Soft Phone, a VoIP softphone, for registering his extension 101 to VigorIPPBX 2820. Start the Soft Phone. Click the Setting>>SIP tab from the DrayTek Soft Phone dialog. Click Add to open the following dialog. Type the information for Jacky.
z Software based IP Phone (e.g. SJphone) Jacky is using SJphone, a VoIP softphone, for registering his extension 101 to VigorIPPBX 2820. Start the SJphone. Open the Options windows and click the Profiles tab. Create a new profile. Make sure the Profile type is Call through SIP Proxy. Finally, press OK. You will get the Profile Options window. Open the SIP Proxy tab and configure the address of IPPBX. The computer is located in the local network of VigorIPPBX 2820, therefore the LAN IP address (192.168.1.
Next, the account setup page pops up. Enter the extension in the Account field and its corresponding password in the Password field. The password must be the same as set in VigorIPPBX 2820. z Hardware based IP Phone (e.g. VigorPhone 350) Stephen is using VigorPhone 350, a hard IP telephone, for registering his extension 222 to VigorIPPBX 2820. The VigorPhone 350 is connected behind VigorIPPBX 2820, therefore the LAN IP address (192.168.1.
z Analogue Phone attached to an ATA (e.g. VigorTalk) Joseph is using VigorTalk, an analog telephony adapter, for registering his extension 223 to VigorIPPBX 2820. Since he is on the Internet, the WAN IP address (218.242.132.36 in this example) of VigorIPPBX 2820 must be set as Registrar and Proxy addresses. Enter other settings as figure shown below. The password must be the same as set in VigorIPPBX 2820.
4.16 How to configure and use ISDN-S0 MSN on VigorIPPBX 2820 Why need ISDN-S0 MSN? The ISDN S0 port of Vigor2820VS/VigorIPPBX 2820 can connect with two ISDN phones or connect to an ISDN PBX with multiple ISDN devices connected. For there are so many ISDN devices, we can set different MSN numbers for mapping different ISDN devices. Below shows an example of connection structure for your reference.
How to configure ISDN S0 MSN? 1. Access into the web configuration page of VigorIPPBX 2820. 2. Open IPPBX>>Extension and click one of the index links to set extension profile. 3. Select ISDN1-S0 and relevant MSN (from 30-39) for the Type setting. It means When someone calls ext:1001, VigorIPPBX 2820 will forward such call to the device connected to VigorIPPBX 2820 ISDN S0 port with MSN number “30”. The MSN number for the connected ISDN device also must be set with 30.
How to dial out through the device connected ISDN port To dial out an SIP call, please dial the trunk number for SIP Trunk (e.g., dial 001 if you want to use iptel SIP account) first and then dial the SIP number of the peer. To dial out an ISDN call, please dial the extension number (e.g., 904) for ISDN TE port first and then the ISDN number of the peer.
4.17 Creating an Account for MyVigor The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filter the web pages for protecting your system. To access into MyVigor for getting more information, please create an account for MyVigor. 4.17.1 Creating an Account via Vigor Router 1. Click CSM>> Web Content Filter Profile. The following page will appear.
4. Check to confirm that you accept the Agreement and click Accept. 5. Type your personal information in this page and then click Continue. 6. Choose proper selection for your computer and click Continue.
7. Now you have created an account successfully. Click START. 8. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 9. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login.
10. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password. 11. Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want. 4.17.2 Creating an Account via MyVigor Web Site 1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click the link Click here! to access into next page.
2. Check to confirm that you accept the Agreement and click Accept. 3. Type your personal information in this page and then click Continue. 4. Choose proper selection for your computer and click Continue.
5. Now you have created an account successfully. Click START. 6. Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor.draytek.com. 7. Click the Activate my Account link to enable the account that you created. The following screen will be shown to verify the register process is finished. Please click Login. 8. When you see the following page, please type in the account and password (that you just created) in the fields of UserName and Password.
Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want 4.18 How to use mOTP feature through the router and iPhone Draytek provides one-time password support for build-in PPTP and L2TP connection. All Draytek customers can use one-time password to authenticate VPN connections. To generate a one-time password, the user has to enter his personal PIN code into the device.
For the user, please perform the steps listed below for one time. 1. Suppose that mOTP has been successfully installed on your iPhone (we will not introduce the installation here). Open it and press the button Generate Secret to initialize your secret key. Don’t do this if there already is a secret key existed, otherwise it will re-initialize your secret key. 2. Shake your iPhone to generate a random secret key.
3. Keep this secret key down and report it to your administrator. In this example the secret key is e759bb6f0e94c7ab4fe689ebf00c5202. 4. Make sure the system time of your iPhone is correct. Once the Secret Key is generated and your system time is synced, mOTP is ready to generate one time password. For the administrator, please do the following: 1. Setup a remote-dial-in VPN profile and check Enable Mobile One-Time Passwords (mOTP). Setup a username. Setup a PIN code (e.g.
Below steps are for end user to dial the VPN connection. Each time you start a new VPN connection, you must perform the following steps to generate a valid password. 1. 2. Open mOTP. Enter the PIN code. In this example it is 1111. Then press “Generate Password”. Note: Each time you enter the PIN code you will get a different password. Here the password is 3dcecd.
3. Enter the password on your VPN client and start the connection as soon as possible. The password is valid only for 1 minute. 4. When the connection is dropped, you must generate a new password then redial the connection. Summary: 1. End user generates a secret key and reports it to the administrator. 2. Administrator enters this secret key in a teleworker profile. 3. Administrator setups a username and PIN code and provides them to the end user. 4. End user uses the PIN code to generate a password.
4.19 How to use call pickup via IPPBX router Call pickup is a convenient function which allows a user to pick up incoming call of other extension by using his phone. For example, extension A is ringing, a user can pick up this call by using another phone (e.g., extension B). There are two operation modes for call pickup in practical use: z Group Call Pickup There are three extension numbers 201, 202 and 203 for sales department; and there are two extension numbers 204 and 205 for engineering department.
The default value for call pickup number is *1 in VigorIPPBX.. Users can modify the number by accessing into IPPBX > PBX System > SIP Proxy Setting whenever they want.
4.20 How to Configure Hunt Group in VigorIPPBX Series VigorIPPBX supports the function of Hunt Group. It can group extensions in the same department with a hunt group that will be represented with a group extension number. When someone dials this number, all the extensions within such group will ring together. For example, there are three extensions, 101, 102 and 103 used for Sales department. They can be grouped within one hunt group represented by 200 (in this case) in VigorIPPBX.
4. There are two options, Simultaneously and Sequentially for Hunt Rule. Simultaneously means when someone dials 200, the three extensions belong to 200 will ring at the same time. If Sequentially is selected, every extensions in such group will ring one by one. The ringing time for each extension is determined by Timeout setting. 5. When no one answers the phone call, the following action will be determined by Overflow Rule. There are five selections for people to choose.
4.21 How to make a phone call for extensions in different IPPBX routers A company uses VigorIPPBX 3510 as a telephone system in place A and uses IPPBX 2820 as a telephone system in place B. There are two extensions 202 and 203 registered to VigorIPPBX 3510, and two extensions 102 and 103 registered to VigorIPPBX 2820. Refer to the following figure.
5. After finished the configuration, VigorIPPBX 3510 will be registered to VigorIPPBX 2820 as an extension (101). Press OK to save the settings. 6. If the registration is successfully, the field of Status in IP PBX>>SIP Trunk List will be displayed with R.
7. VigorIPPBX 2820 also needs to be registered to VigorIPPBX 3510 with extension number 201. The method of registration is the same as used in VigorIPBPX 3510. However, the registration must be done with the web configuration interface of VigorIPPBX 2820. The Way of Operation After finished the above configuration, there are three ways to make a phone call between VigorIPPBX 3510 and VigorIPPBX 2820.
z Dial 201 (the SIP trunk number in VigorIPPBX 2820) from 202 in IPPBX 3510. You will hear a voice reply first. Then, dial 102 and wait for a moment to communicate with 102. z Dial 101 (the SIP trunk number in VigorIPPBX 3510) from 202 in IPPBX 3510. Then, dial 102 and wait for a moment to communicate with 102. z Set one digit map rule in VigorIPPBX 3510. Make all the dialing number with prefix number “1” will be dialed out from SIP trunk 1.
4.22 How to enhance the security for extensions' registration By default, VigorIPPBX 2820 does not allow registration of extensions from WAN or VPN due to security consideration. You may find this option from the IP PBX >> PBX System >> SIP Proxy Setting page. Note: The network security will be higher for the extension registered from VPN. However, if it is required, please untick the Disable registration from WAN option then register the extension via VPN tunnel for higher security.
Disable registration from WAN and allow registration from VPN for specific extensions 1. Please uncheck Disable registration from WAN from the IP PBX >> PBX System >> SIP Proxy Setting page. 2. Then open IP PBX>>Extension. Click any one of the index numbers. 3. Now, you will get the following setup page for an extension. Note that the Allow Registration from option has two check boxes, one for WAN and the other for VPN.
This page is left blank.
Chapter 5: Reference Advanced Web Configuration After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to chapter 4. 5.1 WAN Quick Start Wizard offers user an easy method to quick setup the connection mode for the router.
via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. 5.1.2 Network Connection by 3G USB Modem For 3G mobile communication through Access Point is popular more and more, VigorIPPBX 2820 adds the function of 3G network connection for such purpose. By connecting 3G USB Modem to the USB port of VigorIPPBX 2820, it can support HSDPA/UMTS/EDGE/GPRS/GSM and the future 3G standard (HSUPA, etc).
Enable Choose Yes to invoke the settings for this WAN interface. Choose No to disable the settings for this WAN interface. Display Name Type the description for the WAN1/WAN2 interface. Physical Mode For WAN1, the physical connection is done through ADSL port; yet the physical connection for WAN2 is done through an Ethernet port (P1) or USB port. You cannot change it. To use 3G network connection through 3G USB Modem, choose 3G USB Modem as the physical mode in WAN2. Next, go to WAN>> Internet Access.
Load Balance Mode If you know the practical bandwidth for your WAN interface, please choose the setting of According to Line Speed. Otherwise, please choose Auto Weigh to let the router reach the best load balance. Line Speed If your choose According to Line Speed as the Load Balance Mode, please type the line speed for downloading and uploading through WAN1/WAN2. The unit is kbps.
for 15 seconds. 5.1.4 Internet Access For the router supports dual WAN function, the users can set different WAN settings (for WAN1/WAN2) for Internet Access. Due to different physical mode for WAN1 and WAN2, the Access Mode for these two connections also varies slightly. Index It shows the WAN modes that this router supports. WAN1 is the default WAN interface for accessing into the Internet. WAN2 is the optional WAN interface for accessing into the Internet when WAN 1 is inactive for some reason.
PPPoE/PPPoA for WAN1 To use PPPoE/PPPoA as the accessing protocol of the Internet, select PPPoE/PPPoA mode. The following web page will appear. Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. DSL Modem Settings Set up the DSL parameters required by your ISP. These are vital for building DSL connection to your ISP.
Modulation – Default setting is Multimode. Choose the one that fits the requirement of your router. PPPoE Pass-through The router offers PPPoE dial-up connection. Besides, you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router. When PPPoA protocol is selected, the PPPoE package transmitted by PC will be transformed into PPPoA package and sent to WAN server. Thus, the PC can access Internet through such direction.
value is set by telnet command. ISP Access Setup Enter your allocated username, password and authentication parameters according to the information provided by your ISP. If you want to connect to Internet all the time, you can check Always On. Username – Type in the username provided by ISP in this field. Password – Type in the password provided by ISP in this field. PPP Authentication – Select PAP only or PAP or CHAP for PPP.
Default MAC Address – You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. Index (1-15) in Schedule Setup - You can type in four sets of time schedule for your request. All the schedules can be set previously in Applications >> Schedule web page and you can use the number that you have set in that web page.
determined by the page of Internet Access – Multi PVCs. Select M-PVCs Channel means no selection will be chosen. Encapsulating Type - Drop down the list to choose the type provided by ISP. VPI - Type in the value provided by ISP. VCI - Type in the value provided by ISP. Modulation –Default setting is Multimode. Choose the one that fits the requirement of your router. ISDN Dial Backup Setup This setting is available for the routers supporting ISDN function only.
Bridge Mode If you choose Bridged IP as the protocol, you can check this box to invoke the function. The router will work as a bridge modem. WAN IP Network Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually. Obtain an IP address automatically – Click this button to obtain the IP address automatically. Router Name – Type in the router name provided by ISP. Domain Name – Type in the domain name that you have assigned.
After finishing all the settings here, please click OK to activate them. PPPoE for WAN2 To use PPPoE as the accessing protocol of the Internet, select PPPoE mode. The following web page will appear. Enable/Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid.
Note: This feature is available for ISDN 2 port only. None - Disable the backup function. Packet Trigger -The backup line is not on until a packet from a local host triggers the router to establish a connection. WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect. Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection.
Fixed IP – Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address. Fixed IP Address -Type a fixed IP address. Default MAC Address – You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router. Specify a MAC Address – Type the MAC address for the router manually. After finishing all the settings here, please click OK to activate them.
Enable/ Disable Click Enable for activating this function. If you click Disable, this function will be closed and all the settings that you adjusted in this page will be invalid. ISDN Dial Backup Setup This setting is available for the routers supporting ISDN function only. Before utilizing the ISDN dial backup feature, you must create a dial backup profile first. Please click ISDN > Dialing to a Single ISP to create the backup profile. Note: This feature is available for ISDN 2 port only.
PING to the IP - If you enable the PING function, please specify the IP address for the system to PING it for keeping alive. PING Interval - Enter the interval for the system to execute the PING operation. WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect. Mode – Choose Always On, ARP Detect or Ping Detect for the system to execute for WAN detection.
Domain Name: Type in the domain name that you have assigned. Specify an IP address – Click this radio button to specify some data if you want to use Static IP mode. IP Address: Type the IP address. Subnet Mask: Type the subnet mask. Gateway IP Address: Type the gateway IP address. Default MAC Address: Click this radio button to use default MAC address for the router. Specify a MAC Address: Some Cable service providers specify a specific MAC address for access authentication.
ISP Access Setup Username -Type in the username provided by ISP in this field. Password -Type in the password provided by ISP in this field. Index (1-15) in Schedule Setup - You can type in four sets of time schedule for your request. All the schedules can be set previously in Application >>Schedule web page and you can use the number that you have set in that web page. ISDN Dial Backup Setup This setting is available for the routers supporting ISDN function only.
Click Yes to use this function and type in a fixed IP address in the box. Fixed IP - Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address. Fixed IP Address -Type a fixed IP address. WAN IP Network Settings Obtain an IP address automatically – Click this button to obtain the IP address automatically. Specify an IP address – Click this radio button to specify some data. IP Address – Type the IP address. Subnet Mask – Type the subnet mask.
PPP for WAN2 Such mode is active only 3G USB Modem was chosen as the physical mode in General Setup. PPP Client Mode Click Enable to activate this mode for WAN2. SIM PIN code Type PIN code of the SIM card that will be used to access Internet. Modem Initial String Such value is used to initialize USB modem. Please use the default value. If you have any question, please contact to your ISP. APN Name APN(Access Point Name) is provided by your ISP for identifying different access points.
5.1.5 Multi-PVCs This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. General The system allows you to set up to eight channels which are ready for choosing as the first PVC line that will be used as multi-PVCs. Enable Check this box to enable that channel. The channels that you enabled here will be shown in the Multi-PVC channel drop down list on the web page of Internet Access.
Encapsulation Choose a proper type for this channel. The types will be different according to the protocol setting that you choose. WAN link for Channel 3, 4, 5 are provided for router-borne application such as TR069 and VoIP. The settings must be applied and obtained from your ISP. For your special request, please contact with your ISP and then click WAN link of Channel 3, 4 or 5 to configure your router. WAN for Router-borne Application Choose the router service for channel 3, 4 or 5.
this function will be closed and all the settings that you adjusted in this page will be invalid. DSL Modem Settings Set up the DSL parameters required by your ISP. These are vital for building DSL connection to your ISP. VPI - Type in the value provided by ISP. VCI - Type in the value provided by ISP. QoS Type -Select a proper QoS type for the channel. Protocol - Select a proper protocol for this channel. There are three options, PPPoE, PPPoA and MPoA for you to select.
ATM QoS Such configuration is applied to upstream packets. Such information will be provided by ISP. Please contact with your ISP for detailed information. QoS Type Select a proper QoS type for the channel according to the information that your ISP provides. PCR It represents Peak Cell Rate. The default setting is “0”. SCR It represents Sustainable Cell Rate. The value of SCR must be smaller than PCR. MBS It represents Maximum Burst Size. The range of the value is 10 to 50.
Port-based Bridge General page lets you set the first PVC. As to set the second PVC line, please click the Port-based Bridge tab to open Bridge configuration page. Enable Check this box to enable that channel. Only channel 3 to 8 can be set in this page, for channel 1 to 4 are reserved for NAT using. P1 to P4 It means the LAN port 1 to 4. Check the box to designate the LAN port for channel 3 to 8. Service Type Normally, service type is used for the service of video stream (e.g., IPTV).
5.1.6 Load-Balance Policy This router supports the function of load balancing. It can assign traffic with protocol type, IP address for specific host, a subnet of hosts, and port range to be allocated in WAN1 or WAN2 interface. The user can assign traffic category and force it to go to dedicate network interface based on the following web page setup. Twenty policies of load-balance are supported by this router. Note: Load-Balance Policy is running only when both WAN1 and WAN2 are activated.
Src IP End Displays the IP address for the end of the source IP. Dest IP Start Displays the IP address for the start of the destination IP. Dest IP End Displays the IP address for the end of the destination IP. Dest Port Start Displays the IP address for the start of the destination port. Dest Port End Displays the IP address for the end of the destination port. Move UP/Move Down Use Up or Down link to move the order of the policy.
will be passed through the WAN interface. Dest IP Start Type the destination IP start for the specified WAN interface. Dest IP End Type the destination IP end for the specified WAN interface. If this field is blank, it means that all the destination IPs will be passed through the WAN interface. Dest Port Start Type the destination port start for the destination IP. Dest Port End Type the destination port end for the destination IP.
In some special case, you may have a public IP subnet from your ISP such as 220.135.240.0/24. This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts.
5.2.2 General Setup This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. 1st IP Address Type in private IP address for connecting to a local private network (Default: 192.168.1.1). 1st Subnet Mask Type in an address code that determines the size of the network. (Default: 255.255.255.0/ 24) For IP Routing Usage Click Enable to invoke this function. The default setting is Disable.
(Default: 255.255.255.0/ 24) nd 2 DHCP Server You can configure the router to serve as a DHCP server for the 2nd subnet. Start IP Address: Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.135.240.1, the starting IP address must be 220.135.240.2 or greater, but smaller than 220.135.240.254. IP Pool Counts: Enter the number of IP addresses in the pool. The maximum is 10.
configured as a DHCP client. It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network. If you want to use another DHCP server in the network other than the Vigor Router’s, you can let Relay Agent help you to redirect the DHCP request to the specified location. Enable Server - Let the router assign IP address to every host in the LAN. Disable Server – Let you manually assign IP address to every host in the LAN.
If both the Primary IP and Secondary IP Address fields are left empty, the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache. If the IP address of a domain name is already in the DNS cache, the router will resolve the domain name immediately. Otherwise, the router forwards the DNS query packet to the external DNS server by establishing a WAN (e.g. DSL/Cable) connection. There are two common scenarios of LAN settings that stated in Chapter 4.
z use the Main Router to surf the Internet. z create a private subnet 192.168.10.0 using an internal Router A (192.168.1.2) z create a public subnet 211.100.88.0 via an internal Router B (192.168.1.3). z have set Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. 1.
3. Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. 4. Go to Diagnostics and choose Routing Table to verify current routing table.
5.2.4 VLAN Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical ports. You can also manage the in/out rate of each port. Go to LAN page and select VLAN. The following page will appear. Click Enable to invoke VLAN function. To add or remove a VLAN, please refer to the following example. 1. If, VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4.
2. After checking the box to enable VLAN function, you will check the table according to the needs as shown below. To remove VLAN, uncheck the needed box and click OK to save the results. 5.2.5 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed.
Internet. Disable Click this radio button to disable this function. All the settings on this page will be invalid. Strict Bind Click this radio button to block the connection of the IP/MAC which is not listed in IP Bind List. ARP Table This table is the LAN ARP table of this router. The information for IP and MAC will be displayed in this field. Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below.
z Enhance security of the internal network by obscuring the IP address. There are many attacks aiming victims based on the IP address. Since the attacker cannot be aware of any private IP addresses, the NAT function can protect the internal network. On NAT page, you will see the private IP address defined in RFC-1918. Usually we use the 192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services.
Press any number under Index to access into next page for configuring port redirection. Enable Check this box to enable such port redirection setting. Mode Two options (Single and Range) are provided here for you to choose. To set a range for the specific service, select Range. In Range mode, if the public port (start port and end port) and the starting IP of private IP had been entered, the system will calculate and display the ending IP of private IP automatically.
one will be assigned automatically later. Private IP Specify the private IP address of the internal host providing the service. If you choose Range as the port redirection mode, you will see two boxes on this field. Type a complete IP address in the first box (as the starting point) and the fourth digits in the second box (as the end point). Private Port Specify the private port number of the service offered by the internal host.
5.3.2 DMZ Host As mentioned above, Port Redirection can redirect incoming TCP/UDP or other traffic on particular ports to the specific private IP address/port of host in the LAN. However, other IP protocols, for example Protocols 50 (ESP) and 51 (AH), do not travel on a fixed port. Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN.
If you previously have set up WAN Alias for PPPoE/PPPoA or MPoA mode, you will find them in Aux. WAN IP for your selection. Enable Check to enable the DMZ Host function. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one. Choose PC Click this button and then a window will automatically pop up, as depicted below. The window consists of a list of private IP addresses of all hosts in your LAN network. Select one private IP address in the list to be the DMZ host.
5.3.3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits. Click Open Ports to open the following page: Index Indicate the relative number for the particular entry that you want to offer service in a local host.
Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. WAN Interface Specify the WAN interface that will be used for this entry. Local Computer Enter the private IP address of the local host or click Choose PC to select one. Choose PC Click this button and, subsequently, a window having a list of private IP addresses of local hosts will automatically pop up. Select the appropriate IP address of the local host in the list.
5.3.4 Address Mapping This page is used to map specific private IP to specific WAN IP address. If you have "a group of IP Addresses" and want to apply to the router, please use WAN IP alias function to record these IPs first. Then, use address mapping function to map specific private IP to specific WAN IP alias. For example, you have IP addresses ranging from 86.123.123.1 ~ 86.123.123.8. However, your router uses 86.123.123.1, and the rest of the IPs are recorded in WAN IP alias.
Protocol Specify the transport layer protocol. It could be TCP, UDP, or ALL for selection. WAN Interface Specify the WAN interface that will be used for this entry. WAN IP Select an IP address (the selections provided here are set in IP Alias List of WAN>>Internet Access ). Local host can use this IP to connect to Internet. If you want to choose any on of the Public IP settings, you must specify some IP addresses in the IP Alias List of the Static/DHCP Configuration page first.
Click the index number link to open the configuration page. Enable Check to enable this entry. Service Choose the predefined service to apply for such trigger profile. Comment Type the text to memorize the application of this rule. Trigger Protocol Select the protocol (TCP, UDP or TCP/UDP) for such trigger profile. Trigger Port Type the port or port range for such trigger profile.
5.4 Firewall 5.4.1 Basics for Firewall While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet. Furthermore, it can filter out specific packets that trigger the router to build an unwanted outgoing connection.
Stateful Packet Inspection (SPI) Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy static packet filtering, which examines a packet based on the information in its header, stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid. The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection.
5.4.2 General Setup General Setup allows you to adjust settings of IP Filter and common options. Here you can enable or disable the Call Filter or Data Filter. Under some circumstance, your filter set can be linked to work in a serial manner. So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, and Accept large incoming fragmented UDP or ICMP packets. Click Firewall and click General Setup to open the general setup page.
sent to Syslog server. Please refer to section System Maintenance>>Syslog/Mail Alert for more detailed information. Web Content Filter Select one of the Web Content Filter Profile settings (created in CSM>> Web Content Filter Profile) for applying with this router. Please set at least one profile for anti-virus in CSM>> Web Content Filter Profile web page first. For troubleshooting needs, you can specify to record information for Web Content Filter Profile by checking the Log box.
If you do not have any idea of choosing suitable codepage, please open Syslog. From Codepage Information of Setup dialog, you will see the recommended codepage listed on the dialog box. Window size – It determines the size of TCP protocol (0~65535). The more the value is, the better the performance will be. However, if the network is not stable, small value will be proper. Session timeout–Setting timeout for sessions can make the best utilization of network resources.
Filter Rule Click a button numbered (1 ~ 7) to edit the filter rule. Click the button will open Edit Filter Rule web page. For the detailed information, refer to the following page. Active Enable or disable the filter rule. Comment Enter filter set comments/description. Maximum length is 23–character long. Move Up/Down Use Up or Down link to move the order of the filter rules. Next Filter Set Set the link to the next filter set to be executed after the current filter run.
To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Address Type and type them in this dialog. In addition, if you want to use the IP range from defined groups or objects, please choose Group and Objects as the Address Type. From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want.
Type. Protocol - Specify the protocol(s) which this filter rule will apply to. Source/Destination Port (=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this service type.
APP Enforcement Profile web page first. For troubleshooting needs, you can specify to record information for APP Enforcement Profile by checking the Log box. It will be sent to Syslog server. Please refer to section System Maintenance>> Syslog/Mail Alert for more detailed information. URL Content Filter Select one of the URL Content Filter profile settings (created in CSM>> URL Content Filter) for applying with this router.
dialog box. Window size – It determines the size of TCP protocol (0~65535). The more the value is, the better the performance will be. However, if the network is not stable, small value will be proper. Session timeout–Setting timeout for sessions can make the best utilization of network resources. However, Queue timeout is configured for TCP protocol only; session timeout is configured for the data flow which matched with the firewall rule.
Example As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first.
5.4.4 DoS Defense As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Enable Dos Defense Check the box to activate the DoS Defense Functionality. Enable SYN flood defense Check the box to activate the SYN flood defense function.
Enable PortScan detection Port Scan attacks the Vigor router by sending lots of packets to many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever detecting this malicious exploration behavior by monitoring the port-scanning Threshold rate, the Vigor router will send out a warning. By default, the Vigor router sets the threshold as 150 packets per second. Block IP options Check the box to activate the Block IP options function.
block any packets realizing this attacking activity. Block ICMP Fragment Check the box to activate the Block ICMP fragment function. Any ICMP packets with more fragment bit set are dropped. Block Unknown Protocol Check the box to activate the Block Unknown Protocol function. Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer. However, the protocol types greater than 100 are reserved and undefined at this time.
5.5 Objects Settings For IPs in a range and service ports in a limited range usually will be applied in configuring router’s settings, therefore we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). 5.5.1 IP Object You can set up to 192 sets of IP Objects with different conditions.
allowed. Interface Choose a proper interface (WAN, LAN or Any). For example, the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address. If you choose LAN as the Interface here, and choose LAN as the direction setting in Edit Filter Rule, then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page. Address Type Determine the address type for the IP address.
5.5.2 IP Group This page allows you to bind several IP objects into one IP group. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose WAN, LAN or Any to display all the available IP objects with the specified interface. Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box.
5.5.3 Service Type Object You can set up to 96 sets of Service Type Objects with different conditions. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Name Type a name for this profile. Protocol Specify the protocol(s) which this profile will apply to. Source/Destination Port Source Port and the Destination Port column are available for TCP/UDP protocol. It can be ignored for other protocols. The filter rule will filter out any port number.
(=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this profile. (!=) – when the first and last value are the same, it indicates all the ports except the port defined here; when the first and last values are different, it indicates that all the ports except the range defined here are available for this service type. (>) – the port number greater than this value is available.
Name Type a name for this profile. Available Service Type Objects All the available service objects that you have added on Objects Setting>>Service Type Object will be shown in this box. Selected Service Type Objects Click box. button to add the selected IP objects in this 5.5.5 Keyword Object You can set 200 keyword object profiles for choosing as black /white list in CSM >>URL Web Content Filter Profile. Set to Factory Default Clear all profiles.
Name Type a name for this profile, e.g., game. Contents Type the content for such profile. For example, type gambling as Contents. When you browse the webpage, the page with gambling information will be watched out and be passed/blocked based on the configuration on Firewall settings. 5.5.6 Keyword Group This page allows you to bind several keyword objects into one group. The keyword groups set here will be chosen as black /white list in CSM >>URL Web Content Filter Profile.
Name Type a name for this group. Available Keyword Objects You can gather keyword objects from Keyword Object page within one keyword group. All the available Keyword objects that you have created will be shown in this box. Selected Keyword Objects Click this box. button to add the selected Keyword objects in 5.5.7 File Extension Object This page allows you to set eight profiles which will be applied in CSM>>URL Content Filter.
Profile Name Type a name for this profile. Type a name for such profile and check all the items of file extension that will be processed in the router. Finally, click OK to save this profile.
5.6 CSM CSM is an abbreviation of Content Security Management which is used to control APP enforcement, filter the web content and URL content to reach a goal of security management. APP Enforcement As the popularity of all kinds of instant messenger application arises, communication cannot become much easier.
Note: The priority of URL Content Filter is higher than Web Content Filter. 5.6.1 APP Enforcement Profile You can define policy profiles for different policy of IM (Instant Messenger)/P2P (Peer to Peer)/Protocol and miscellaneous application. Such profile will be used in Firewall>>General Setup and Firewall>>Filter Setup pages. Set to Factory Default Clear all profiles. Profile Display the number of the profile which allows you to click to set different policy.
Below shows the items which are categorized under IM. Profile Name Type a name for the CSM profile. Action Block – All the items selected in this page will be blocked. Users will not access into related web pages or use the applications. Pass – All the items selected in this page will not be blocked. User can access into related web pages or use the applications. Select All Click it to choose all of the items in this page.
The items categorized under P2P ----- Below shows the items which are categorized under Protocol VigorIPPBX 2820 Series User’s Guide 211
The items categorized under Misc ----- 5.6.2 URL Content Filter Profile To provide an appropriate cyberspace to users, Vigor router equips with URL Content Filter not only to limit illegal traffic from/to the inappropriate web sites but also prohibit other web feature where malicious code may conceal. Once a user type in or click on an URL with objectionable keywords, URL keyword blocking facility will decline the HTTP request to that web page thus can limit user’s access to the website.
For example, if you add key words such as “sex”, Vigor router will limit web access to web sites or web pages such as “www.sex.com”, ”www.backdoor.net/images/sex/p_386.html”. Or you may simply specify the full or partial URL such as “www.sex.com” or “sex.com”. Also the Vigor router will discard any request that tries to retrieve the malicious code. Click CSM and click URL Content Filter Profile to open the profile setting page. You can set eight profiles as URL content filter.
Control and Web Feature will be inactive. Both: Block –The router will block all the packages that match with the conditions specified in URL Access Control and Web Feature below. When you choose this setting, both configuration set in this page for URL Access Control and Web Feature will be inactive. Either: URL Access Control First – When all the packages matching with the conditions specified in URL Access Control and Web Feature below, such function can determine the priority for the actions executed.
Action – This setting is available only when Either : URL Access Control First or Either : Web Feature First is selected. Pass - Allow accessing into the corresponding webpage with the keywords listed on the box below. Block - Restrict accessing into the corresponding webpage with the keywords listed on the box below. If the web pages do not match with the keyword set here, it will be processed with reverse action.
Pass - Allow accessing into the corresponding webpage with the keywords listed on the box below. Block - Restrict accessing into the corresponding webpage with the keywords listed on the box below. If the web pages do not match with the specified feature set here, it will be processed with reverse action. Cookie - Check the box to filter out the cookie transmission from inside to outside world to protect the local user's privacy. Proxy - Check the box to reject any proxy transmission.
Activate Click it to access into MyVigor for activating WCF service. Setup Query Server It is recommended for you to use the default setting, auto-selected. You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile. Setup Test Server It is recommendedor you to use the default setting, auto-selected. By the way, you can click the link of Test a site to verify whether it is categorized to access into the test server selected.
the fastest rate. L1+L2 Cache – the router will check the URL with fast processing rate combining the feature of L1 and L2. Eight profiles are provided here as Web content filters. Simply click the index number under Profile to open the following web page. The items listed in Categories will be changed according to the different service providers. If you have and activate another web content filter license, the items will be changed simultaneously.
Profile Name Type a name for such profile. Log None – There is no log file will be recorded for this profile. Pass – Only the log about Pass will be recorded in Syslog. Block – Only the log about Block will be recorded in Syslog. All – All the actions (Pass and Block) will be recorded in Syslog. White/Black List Enable – Activate white/black list function for such profile. Group/Object Selections – Click Edit to choose the group or object profile as the content of white/black list.
5.7 Bandwidth Management Below shows the menu items for Bandwidth Management. 5.7.1 Sessions Limit A PC with private IP address can access to the Internet via NAT router. The router will generate the records of NAT sessions for such connection. The P2P (Peer to Peer) applications (e.g., BitTorrent) always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted.
End IP Defines the end IP address for limit session. Maximum Sessions Defines the available session number for each host in the specific range of IP addresses. If you do not set the session number in this field, the system will use the default session limit for the specific limitation you set for each index. Add Adds the specific session limitation onto the list above. Edit Allows you to edit the settings for the selected limitation.
second subnet. Disable Click this button to close the function of limit bandwidth. Default TX limit Define the default speed of the upstream for each computer in LAN. Default RX limit Define the default speed of the downstream for each computer in LAN. Limitation List Display a list of specific limitations that you set on this web page. Start IP Define the start IP address for limit bandwidth. End IP Define the end IP address for limit bandwidth.
z Scheduling: Based on classification of service level to assign packets to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header. For instance, to ensure the connection with the headquarter, a teleworker may enforce an index of QoS Control to reserve bandwidth for HTTPS connection while using lots of application at the same time.
This page displays the QoS settings result of the WAN interface. Click the Setup link to access into next page for the general setup of WAN interface. As to class rule, simply click the Edit link to access into next for configuration. You can configure general setup for the WAN interface, edit the Class Rule, and edit the Service Type for the Class Rule for your request. General Setup for WAN Interface When you click Setup, you can configure the bandwidth ratio for QoS of the WAN interface.
You will see the Online Statistics link appearing on this page. WAN Inbound Bandwidth It allows you to set the connecting rate of data input for WAN. For example, if your ADSL supports 1M of downstream and 256K upstream, please set 1000kbps for this box. The default value is 1000kbps. WAN Outbound Bandwidth It allows you to set the connecting rate of data output for WAN. For example, if your ADSL supports 1M of downstream and 256K upstream, please set 256kbps for this box. The default value is 1000kbps.
Edit the Class Rule for QoS The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. To add, edit or delete the class rule, please click the Edit link of that one. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. For adding a new rule, click Add to open the following page. ACT Check this box to invoke these settings.
Remote Address Click the Edit button to set the remote IP address (on LAN/WAN) for the rule. Edit It allows you to edit source address information. Address Type – Determine the address type for the source address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address. For Subnet Address, you have to fill in Start IP address and Subnet Mask.
Edit the Service Type for Class Rule To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. For adding a new service type, click Add to open the following page. Service Name Type in a new service for your request. Service Type Choose the type (TCP, UDP or TCP/UDP) for the new service. Port Configuration Click Single or Range as the Type.
Port Number – Type in the starting port number and the end porting number here if you choose Range as the type. By the way, you can set up to 40 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. 5.8 Applications Below shows the menu items for Applications. 5.8.1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP.
Default 3. 4. Enable Dynamic DNS Setup Check this box to enable DDNS function. Index Click the number below Index to access into the setting page of DDNS setup to set account(s). WAN Interface Display current WAN interface used for accessing Internet. Domain Name Display the domain name that you set on the setting page of DDNS setup. Active Display if this account is active or inactive. View Log Display DDNS log status. Force Update Force the router updates its information to DDNS server.
5.8.2 Schedule The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours. The schedule is also applicable to other functions. You have to set your time before set schedule.
Enable Schedule Setup Check to enable the schedule. Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time of the schedule. Duration Time (hh:mm) Specify the duration (or period) for the schedule. Action Specify which action Call Schedule should apply during the period of the schedule. Force On -Force the connection to be always on. Force Down -Force the connection to be always down.
5.8.3 RADIUS Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users. The built-in RADIUS client feature enables the router to assist the remote dial-in user or a wireless station and the RADIUS server in performing mutual authentication.
5.8.4 UPnP The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”. This enables applications inside the firewall to automatically open the ports that they need to pass through a router.
The reminder as regards concern about Firewall and UPnP Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats. You should consider carefully these risks before activating the UPnP function.
5.8.5 IGMP IGMP is the abbreviation of Internet Group Management Protocol. It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups. For invoking IGMP Snooping function, you have to check the Enable IGMP Proxy box first for activating the IGMP proxy function. Enable IGMP Proxy Check this box to enable this function. The application of multicast will be executed through WAN port you specified.
5.8.6 Wake on LAN A PC client on LAN can be woken up by the router it connects. When a user wants to wake up a specified PC through the router, he/she must type correct MAC address of the specified PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting. Wake by Two types provide for you to wake up the binded IP.
5.9 VPN and Remote Access A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link. Below shows the menu items for VPN and Remote Access. 5.9.1 Remote Access Control Enable the necessary VPN service as you need.
5.9.2 PPP General Setup This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Dial-In PPP Authentication PAP Only - Select this option to force the router to authenticate dial-in users with the PAP protocol. PAP or CHAP - Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first. If the dial-in user does not support this protocol, it will fall back to use the PAP protocol for authentication.
and Password of the mutual authentication peer. Enter a start IP address for the dial-in PPP connection. You should choose an IP address from the local private network. For example, if the local private network is 192.168.1.0/255.255.255.0, you could choose 192.168.1.200 as the Start IP Address. But, you have to notice that the first two IP addresses of 192.168.1.200 and 192.168.1.201 are reserved for ISDN remote dial-in user. Start IP Address 5.9.
Method (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key -Currently only support Pre-Shared Key for IKE authentication Confirm Pre-Shared Key- Retype the characters to confirm the pre-shared key. IPSec Security Method Medium - Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active.
Profile Name Type in a name in this file. Accept Any Peer ID Click to accept any peer regardless of its identity. Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value. The field can be IP Address, Domain, or E-mail Address. The box under the Type will appear according to the type you select and ask you to fill in corresponding setting.
5.9.5 Remote Dial-in User You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via ISDN or build the VPN connection. You may set parameters including specified connection peer ID, connection type (ISDN Dial-In connection, VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides 32 access accounts for dial-in users.
Enable this account Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds. ISDN Allow the remote ISDN dial-in connection. You can further set up Callback function below. You should set the User Name and Password of remote dial-in user below PPTP Allow the remote dial-in user to make a PPTP VPN connection through the Internet.
becomes one pure L2TP connection. Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Specify Remote Node Check the checkbox-You can specify the IP address of the remote dial-in user, ISDN number or peer ID (used in IKE aggressive mode). Uncheck the checkbox-This means the connection type you select above will apply the authentication methods and security methods in the general settings.
authenticated, but not be encrypted. By default, this option is invoked. You can uncheck it to disable it. High - Encapsulating Security Payload (ESP) means payload (data) will be encrypted and authenticated. You may select encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. Local ID - Specify a local ID to be used for Dial-in setting in the LAN-to-LAN Profile setup. This item is optional and can be used only in IKE aggressive mode.
5.9.6 LAN to LAN Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router supports 2 VPN tunnels and provides up to 32 profiles simultaneously. The following figure shows the summary table.
Profile Name Specify a name for the profile of the LAN-to-LAN connection. Enable this profile Check here to activate this profile. Netbios Naming Packet Pass – click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting. Block – When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting, such function can block data transmission of Netbios Naming Packet inside the tunnel.
WAN1 First - While connecting, the router will use WAN1 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. WAN1 Only - While connecting, the router will use WAN1 as the only channel for VPN connection. WAN2 First - While connecting, the router will use WAN2 as the first channel for VPN connection. If WAN2 fails, the router will use another WAN interface instead.
and Password for the authentication of remote server. You can further set up Callback (CBCP) function below. PPTP Build a PPTP VPN connection to the server through the Internet. You should set the identity like User Name and Password below for the authentication of remote server. IPSec Tunnel Build an IPSec VPN connection to the server through Internet. L2TP with IPSec Policy Build a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPSec.
IPSec Security Method Medium Advanced Pre-Shared Key - Input 1-63 characters as pre-shared key. Digital Signature (X.509) - Select one predefined Profiles set in the VPN and Remote Access >>IPSec Peer Identity. This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy. Medium (AH) means data will be authenticated, but not be encrypted. By default, this option is active. High (ESP-Encapsulating Security Payload)- means payload (data) will be encrypted and authenticated.
The default value in Vigor router is Main mode. IKE phase 1 proposal-To propose the local available authentication schemes and encryption algorithms to the VPN peers, and get its feedback to find a match. Two combinations are available for Aggressive mode and nine for Main mode. We suggest you select the combination that covers the most schemes. IKE phase 2 proposal-To propose the local available algorithms to the VPN peers, and get its feedback to find a match.
Allowed Dial-In Type Determine the dial-in connection with different types. ISDN Allow the remote ISDN LAN-to-LAN connection. You should set the User Name and Password of remote dial-in user below. In addition, you can further set up Callback function below. PPTP Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below.
Must - Specify the IPSec policy to be definitely applied on the L2TP connection. Specify CLID or Remote VPN Gateway You can specify the IP address of the remote dial-in user or peer ID (should be the same with the ID setting in dial-in type) by checking the box. Enter Peer ISDN number if you select ISDN above. Also, you should further specify the corresponding security methods on the right side.
Callback budget- By default, the callback function has limitation of callback period. Once the callback budget is exhausted, the function will be disabled automatically. Callback Budget (Unit: minutes)- Specify the time budget for the dial-in user. The budget will be decreased automatically per callback connection. The default value 0 means no limitation of callback period. My WAN IP This field is only applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above. The default value is 0.
5.9.7 Connection Management You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status.
5.10 Certificate Management A digital certificate works as an electronic ID, which is issued by a certification authority (CA). It contains information such as your name, a serial number, expiration dates etc., and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Here Vigor router support digital certificates conforming to standard X.509.
Type in all the information that the window request. Then click Generate again. Import Click this button to import a saved file as the certification information. Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request.
5.10.2 Trusted CA Certificate Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file. For viewing each trusted CA certificate, click View to open the certificate detail information window.
5.10.3 Certificate Backup Local certificate and Trusted CA certificate for this router can be saved within one file. Please click Backup on the following screen to save them. If you want to set encryption password for these certificates, please type characters in both fields of Encrypt password and Confirm password. Also, you can use Restore to retrieve these two settings to the router whenever you want. 5.11 ISDN 5.11.
5.11.2 General Setup This page provides some basic ISDN settings such as enabling the ISDN port or not, MSN numbers and blocked MSN numbers, etc. ISDN Port Click Enable to open the ISDN port and Disable to close it. Country Code For proper operation on your local ISDN network, you should choose the correct country code.
Point-to-Point - Configure ISDN port to use static TEI (Terminal Endpoint Identifier). Point-to-Multipoint - Configure ISDN port to use Dynamic TEI. Own Number Enter your ISDN number. Every outgoing call will carry the number to the receiver. Blocked MSN Numbers for the router Enter the specified MSN number into the fields to prevent the router from dialing the specific MSN number. MSN Numbers for the Router MSN Numbers mean that the router is able to accept only number-matched incoming calls.
Example: Below shows an example of TE port MSN number: Refer to the following explanation: a. If you setup "MSN numbers for the router" as the above figure, it means the Vigor router only accepts MSN numbers of 5972727 / 5972728 / 5972729. b. If someone dials to the router with 5972727, the call would be picked up automatically. You could hear IVR voice to remind you to dial the extension number you want to reach. c.
5.11.3 Dial to Single ISP Select Dialing to a Single ISP if you access the Internet via a single ISP. ISP Access Setup ISP Name - Enter your ISP name such as Seednet, Hinet and so on. Dial Number -Enter the ISDN access number provided by your ISP. Username - Enter the username provided by your ISP. Password - Enter the password provided by your ISP. Require ISP Callback (CBCP) -If your ISP supports the callback function, check this box to activate the Callback Control Protocol during the PPP negotiation.
disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. IP Address Assignment Method (IPCP) In most environments, you should not change these settings as most ISPs provide a dynamic IP address for the router when it connects to the ISP. If your ISP provides a fixed IP address, check Yes and enter the IP address in the field of Fixed IP Address. 5.11.
configure the PPP session to use the PAP or CHAP protocols to negotiate the username and password with the ISP. Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Primary ISP Setup ISP Name - Enter your ISP name. Dial Number -Enter the ISDN access number provided by your ISP. Username - Enter the username provided by your ISP.
5.11.5 Call Control Some applications require that the router be remotely activated, or be able to dial up to the ISP via the ISDN interface. Vigor routers provide this feature by allowing user to make a phone call to the router and then ask it to dial up to the ISP. Accordingly, a teleworker can access the remote network to retrieve resources. Of course, a fixed IP address is required for WAN connection and some internal network resource has to be exposed for remote users, such as FTP, and WWW.
PPP Authentication - It specifies the PPP authentication method for PPP/MP connections. Normally you can set it to PAP/CHAP for better compatibility. TCP Header Compression - VJ Compression: It is used for TCP/IP protocol header compression. Normally it is set to Yes to improve bandwidth utilization. Idle Timeout - Because our IDSN link type is Dial On Demand, the connection will be initiated only when needed. Bandwidth-On-Demand (BOD) Setup Bandwidth-On-Demand is for Multiple-Link PPP \(ML-PPP or MP).
This menu can assist users to configure most of settings in IP PBX. Below shows menu items for IP PBX: 5.12.1 Extension The system allows you to set 50 extension numbers for ISDN/SIP/Phone call. Please open IP PBX>>Extension to get the following page. There are 50 extension profiles that you can configure. Please click any number under Index to set detailed configuration.
Internal Phone Extension Active Allow Registration from Click Enable to invoke such profile. If Disable registration from WAN in IP PBX >> PBX System >> SIP Proxy Setting page is unchecked, there are two options offered here (WAN / VPN) for extension registration. For getting the highest network security, please check VPN only. In addition, refer to section 3.14 How to enhance the security for extensions' registration for detailed information. Type Determine the type for such extension profile.
Display Name Type a name as a display for this extension profile. Authentication Check this box to make the IP PBX executing authentication while the number is dialed. Use Display Name as authentication ID – Check this box to use the Display Name as the authentication ID for such extension profile. Password Type a number for the IP PBX to execute authentication. When an IP phone connects to network, IP PBX will use such password for authentication.
forwarding to certain extension or group, or forwarding to SIP Trunk. Please determine the way you want to process. Not on-line – When this extension number is not online, the incoming phone call will be processed by leaving voice mail, forwarding to certain extension or group, or forwarding to SIP Trunk. Please determine the way you want to process.
VigorIPPBX 2820 Series User’s Guide 273
5.12.2 Line Setting There are six SIP outside lines and one ISDN line provided by this IP PBX device. Users can set them respectively from SIP Trunk and ISDN Trunk. DID (Direct Inward Dialing) is a service provided by SIP providers. It allows one main SIP account (SIP Trunk) attached with several sub-accounts (defined in Alias List under SIP Trunk). When the main accounts have been registered on VigorIPPBX 2820, it means the router owns these sub-accounts at the same time.
Profile Name Assign a name for this profile for identifying. You can type similar name with the domain. For example, if the domain name is draytel.org, then you might set draytel-1 in this field. Register via If you want to make VoIP call without register personal information, please choose None and check the box to achieve the goal. Some SIP server allows user to use VoIP function without registering. Choosing Auto is recommended. The system will select a proper way for your VoIP call.
Account Number/Name Enter your account name of SIP Address, e.g. every text before @.. Authentication ID Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar. If this setting value is the same as Account Name, it is not necessary for you to check the box and set any value in this field. Password The password provided to you when you registered with a SIP service.
Alias List Click the Alias List link to access into the configuration page as shown below. Profile Name Display the alias name for such sub account. Number Display the phone number of such account. Office Hours Display the selected answer mode for office hours. Non Office Hours Display the selected answer mode for non office hours. Active Display current activation status for such account, enabled or disabled. Trunk Display the SIP Trunk for such sub account attached.
Alias Number Type a number for such account. Alias of SIP Trunk Choose one of the items listed in SIP Trunk List for this alias profile. Out-going call CLI Determine which phone number will be shown to the remote end. Main number – Choose this item to display the SIP trunk number. Alias number – Choose this item to display the alias phone number, that is, the sub account. Office hours answer mode Set the answering mode for such outside line in office time.
Office hours answer mode IPPBX>PBX System> Phone Setting page to change the port type. Set the answering mode for such outside line in office time. You can specify it with Auto Attendant (AA), or forward it to any Extension or Group directly. Non-office hours answer mode Set the answering mode for such outside line in non-office time. You can specify it with Auto Attendant, or forward it to any Extension or Group directly.
Non-office hours answer mode Set the answering mode for such outside line in non-office time. You can specify it with Auto Attendant, or forward it to any Extension or Group directly. Off-Net Pin Code If a user needs to do off-net (from VoIP to PSTN) call, he has to input the PIN code number to do the authentication for checking if the call is off-net or not. Select Enable and type the number as a Pin Code.
5.12.3 Dial Plan 5.12.3.1 Digit Map For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface. Enable Check this box to invoke this setting. Match Prefix It is used to match with the number you dialed and can be modified with the OP Number by the mode (add, strip or replace). Mode None - No action.
Strip - When you choose this mode, partial or the whole prefix number will be deleted according to the OP number. Take the above picture (Prefix Table Setup web page) as an example, the OP number of 886 will be deleted completely for the prefix number is set with 886. Replace - When you choose this mode, the OP number will be replaced by the prefix number for calling out through the specific VoIP interface.
Backup Route It will be triggered when the original route is not registered or receives failed response. 5.12.3.2 Phone Book In this section, you can set your VoIP contacts in the “phonebook”. It can help you to make calls quickly and easily by using Speed Dial Number. There are total 20 index entries in the phonebook for you to store all your friends and family members’ phone numbers. Enable VigorIPPBX 2820 Series User’s Guide Check the box to enable the entry.
Speed Dial Number Type the digit number (maximum 6) in this field which can dial to the client with the phone number specified later. Phone Number Type the complete phone number (maximum 19) for the client that you want to dial out. Route Choose the interface (from VoIP 1 to VoIP 6) for the phone call to dial out. 5.12.3.3 Call Barring Call barring is used to block phone calls coming from the one that is not welcomed. Click any index number to display the dial plan setup page.
Apply To Call barring can be applied to specific extension number (set in IP PBX >>Extension) or group (IP PBX>>PBX System>>Hunt Group) respectively or applied to all of extensions/groups completely. Barring Type Determine the type of the VoIP phone call, URI/URL or number. It will bring out different setting options. Specific Number/Specific URI/URL This field will be changed based on the type you selected for barring Type.
For Block Unknown Domain – this function can block incoming calls from unrecognized domain that is not specified in SIP accounts. Such controlling also can be done based on preconfigured schedules. 5.12.4 PBX System This page allows you to set relational (advanced) settings for PBX 5.12.4.1 SIP Proxy Setting To make the IP phone to be registered in IP PBX device successfully, it is necessary for the users to configure settings in this page. SIP Local Port Set a port number as SIP local port.
5060. SIP Proxy Realm Type SIP service domain name. In full SIP URI, such is the part after @ symbol. Parking Server Number This number is used to communicate with the parking server and invoke the parking function. The default setting number is “777”. 1. When you receive a phone call and need to go to the remote end to talk with the same caller, you have to hold the phone call and transfer the call to this number from VoIP phone set. 2. The parking sever will give you another voice number (e.g.
5.12.4.2 Hunt Group This page allows you to make several extension numbers under certain group. Thus, when a phone call incomes, all the extension numbers under such group will ring. Index You can set 10 groups for using in different conditions. Simply click the number under Index to specify detailed information. Group Name Display the name of such group. Group Extension Display the extension number of such group. Hunt List Display the members inside the group.
Hunt Group Name Type suitable name for such group. Hunt Group Extension Type extension number for such group. Hunt Rule Use the drop down menu to choose rule for such group. Simultaneously – Choose such rule can make all the phones in the groups ring while receiving incoming calls. Sequentially - Choose such rule can make all the phones in the groups ring one by one while receiving incoming calls. Timeout Set the timeout for such group. The default setting is 60 seconds.
Add>> Click this button to move the selected item in Available area to Chosen area. Add All Click this button to move all of the items in Available area to Chosen area. Remove<< Click this button to move the selected item in Chosen area to Available area. Remove All Click this button to clear all of the selections in Chosen area. Move Up Click this button to move the selected item to the upper place. Move Down Click this button to move the selected item to the lower place.
5.12.4.3 Voice Mail Configuration This page allows users to set actions for voices mails. Extension for checking messages The number specified here is used for the user to listen personal voice mail from IP PBX device. Send Voice Message by Email IP PBX can send the voice mail to the specified e-mail address for the incoming call if you check this box.
5.12.4.4 Office Hours You can set ten groups of office hours including starting point, ending point on duty day(s). Office Hour Start Use the drop down menu to choose the time as the starting point. Office Hour End Use the drop down menu to choose the time as the ending point. Weekdays Check the day(s) to apply the office hour for that index. Date Specify date(s) for applying the office hour settings in holiday, for example, type 2,4 6 & 7 in the field of Date for Month 1.
5.12.4.5 Auto Attendant Wizard The first page is configured for phone calls in office hours. Click Next. The second page is configured for phone calls in non-office hours. Key 0-9 Key 0 is fixed with Ring Extension. Key 1 – 9 can be set with different actions. Action VigorIPPBX 2820 Series User’s Guide Drop down menu 1 contains Ring Extension /Plays Prompt/Ring Hunt Group/Not Used.
Ring Extension - Only the extension number selected here will ring. Plays Prompt - Audio file will be played automatically. Ring Hunt Group – Only the extension number within the Hunt Group will ring. Not Used – Nothing will be done for the key. Drop down menu 2 contains extension name (ex. Tom, Mike)] or prompt [Prompt 1~ Prompt 10, audio files] or Hunt Group Name [(ex. Sales, RD2)]. It will be changed according to drop down menu 1. Finally, the following window will appear.
5.12.4.6 Prompt Maintenance The IP PBX system provides several audio files for users to choose for playing. Moreover, users can upload other audio files from USB storage or hard disk or others to make the IP PBX system playing. Users can record audio files and upload to router or download to PC. However, the file format of the audio file must follow the rule stated on the web page. Users can record the audio files through a phone set connected to the router or use audio record program on PC.
Prompt 1 to prompt 10 will be used for user-defined audio files (file format must be .WAV). System Prompt file is provided by router firmware. Upload System Prompt file is provided by router firmware. To use such audio file, you have to upload it to flash memory of the router after finishing firmware update. Click this Browse button to browse and choose other audio files. Restore Click this button to save the file to the router. Next time, the audio file will be played in IP PBX system.
Record audio file Below shows a flow chart for using a phone set to record audio file. IVR Greeting 1151#~1160# ( Record user-defined prompt file within 20 sec.
5.12.4.7 Phone Setting This page allows user to set phone settings. Phone List Port – There are four phone ports provided here for you to configure. Index 1 and Index 4 are fixed and two (Index 2 & 3) are configurable. Phone port allows you to set general settings for analog phones. FXO port allows you to configure settings for PBX line. ISDN port allows you to set common settings for ISDN network connection. ISDN1 and ISDN2 port are configurable.
to change SIP account for each phone port. DTMF Relay – Display DTMF mode that configured in the advanced settings page of Phone Index. RTP Symmetric RTP – Check this box to invoke the function. To make the data transmission going through on both ends of local router and remote router not misleading due to IP lost (for example, sending data from the public IP of remote router to the private IP of local router), you can check this box to solve this problem.
Detailed Settings for Phone Port Click the number link of Phone port, you can access into the following page for configuring Phone settings. Below is the sample page for Phone port. Hotline Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set. Session Timer Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically.
good voice quality. If the upstream speed is only 64Kbps, do not use G.711 codec. It is better for you to have at least 256Kbps upstream if you would like to use G.711. Single Codec – If the box is checked, only the selected Codec will be applied. Packet Size - The amount of data contained in a single packet. The default value is 20 ms, which means the data packet will contain 20 ms voice information. Voice Active Detector - This function can detect if the voice on both sides is active or not.
Region Select the proper region which you are located. The common settings of Caller ID Type, Dial tone, Ringing tone, Busy tone and Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication.
from 1- 10. The larger of the number, the louder the volume is. MISC Dial Tone Power Level - This setting is used to adjust the loudness of the dial tone. The smaller the number is, the louder the dial tone is. It is recommended for you to use the default setting. Ring Frequency - This setting is used to drive the frequency of the ring tone. It is recommended for you to use the default setting. DTMF DTMF Mode – There are four DTMF modes for you to choose.
Detailed Settings for ISDN1/2-S0 Port Click the number link of Index 2 or Index 3 (ISDN1-S0 or ISDN2-S0), you can access into the following page for configuring Phone settings. Hotline Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set. Session Timer Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically.
good voice quality. If your upstream speed is only 64Kbps, do not use G.711 codec. It is better for you to have at least 256Kbps upstream if you would like to use G.711. Single Codec – If the box is checked, only the selected Codec will be applied. Packet Size - The amount of data contained in a single packet. The default value is 20 ms, which means the data packet will contain 20 ms voice information. Voice Active Detector - This function can detect if the voice on both sides is active or not.
Region Select the proper region which you are located. The common settings of Caller ID Type, Dial tone, Ringing tone, Busy tone and Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Also, you can specify each field for your necessity.
communication. Volume Gain Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10. The larger of the number, the louder the volume is. MISC Dial Tone Power Level - This setting is used to adjust the loudness of the dial tone. The smaller the number is, the louder the dial tone is. It is recommended for you to use the default setting. Ring Frequency - This setting is used to drive the frequency of the ring tone.
Session Timer Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically. DND (Do Not Disturb) mode Set a period of peace time without disturbing by VoIP phone call. During the period, the one who dial in will listen busy tone, yet the local user will not listen any ring tone. Index (1-15) in Schedule - Enter the index of schedule profiles to control the DND mode according to the preconfigured schedules.
Voice Active Detector - This function can detect if the voice on both sides is active or not. If not, the router will do something to save the bandwidth for other using. Click On to invoke this function; click off to close the function. In addition, you can press the Advanced button to configure tone settings, volume gain, MISC and DTMF mode. Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed.
Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Volume Gain Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10. The larger of the number, the louder the volume is. Authentication PIN Code Check for ISDN to VoIP Calls – Set a pin code for the router to authenticate which one is allowed to dial ISDN to VoIP call.
be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Detailed Settings for FXO Port Click the number link of FXO port, you can access into the following page for configuring Phone settings. Below is the sample page for FXO port. Session Timer Check the box to enable the function.
Single Codec – If the box is checked, only the selected Codec will be applied. Packet Size-The amount of data contained in a single packet. The default value is 20 ms, which means the data packet will contain 20 ms voice information. Voice Active Detector - This function can detect if the voice on both sides is active or not. If not, the router will do something to save the bandwidth for other using. Click On to invoke this function; click off to close the function.
Region Select the proper region which you are located. The common settings of Caller ID Type, Dial tone, Ringing tone, Busy tone and Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, and congestion tone by yourself for VoIP phone. Also, you can specify each field for your necessity.
Volume Gain Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10. The larger of the number, the louder the volume is. MISC Dial Tone Power Level - This setting is used to adjust the loudness of the dial tone. The smaller the number is, the louder the dial tone is. It is recommended for you to use the default setting.
Four ISDN Channels Application There are two ISDN physical connectors for connecting to ISDN phones. However, if these two ISDN connectors are configured with ISDN-TE port from the web page, LAN users can connect to four ISDN phones at one time through ISDN PBX system. Follow the steps below to configure the phone ports with features of ISDN-TE. 1. Open IP PBX>>PBX System. 2. Click Phone Settings to open the configuration page. 3.
When you finished the configuration, four ISDN lines are ready for the user to communicate with others. 5.12.4.8 SIP Trunk and Extension Configuration Backup This page allows you to backup or restore SIP Trunk and Extension Configuration to the host and restore them to the router if required. Backup the Configuration for SIP Trunk or Extension Settings Follow the steps below to backup your configuration. 1. Click Backup button. A dialog appears for you to confirm the settings backup.
5.12.5 PBX Status 5.12.5.1 Call Detail Records This page displays call records of IP PBX such as failed call, successful call, no-answer call, date of the call and the duration of each call, and so on. Such records can be exported as a file (with file format .csv) and stored in the host. Simply click Export.
5.12.5.2 Extension Monitor This page displays owner’s name, IP address, status and peer ID for each extension number. Refresh Click it to reload the page. 5.13 Wireless LAN This function is used for “n” models only. 5.13.1 Basic Concepts Over recent years, the market for wireless communications has enjoyed tremendous growth. Wireless technology now reaches or is capable of reaching virtually every location on the surface of the earth.
Security Overview Real-time Hardware Encryption: Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience. Complete Security Standard Selection: To ensure the security and privacy of your wireless communication, we provide several prevailing standards on market. WEP (Wired Equivalent Privacy) is a legacy method to encrypt each frame transmitted via radio using either a 64-bit or 128-bit key.
5.13.2 General Setup By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Enable Wireless LAN Check the box to enable wireless function.
(11b+11g+11n) stations simultaneously. Simply choose Mix (11b+11g+11n) mode. Index(1-15) Set the wireless LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup. The default setting of this filed is blank and the function will always work. Hide SSID Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN.
Long Preamble This option is to define the length of the sync field in an 802.11 packet. Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field. However, some original 11b wireless network devices only support long preamble. Check it to use Long Preamble if needed to communicate with this kind of devices. Packet-OVERDRIVE This feature can enhance the performance in data transmission about 40% for 11g (5% for 11n) by checking Tx Burst.
Download – Type the transmitting rate for data download. Default value is 30,000 kbps. 5.13.3 Security This page allows you to set security with different modes for SSID 1, 2, 3 and 4 respectively. After configuring the correct settings, please click OK to save and invoke it. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Mode There are several modes provided for you to choose. Disable - Turn off the encryption mechanism.
WPA/802.1x Only- Accepts only WPA clients and the encryption key is obtained dynamically from RADIUS server with 802.1X protocol. WPA2/802.1x Only- Accepts only WPA2 clients and the encryption key is obtained dynamically from RADIUS server with 802.1X protocol. Mixed (WPA+WPA2/802.1x only) - Accepts WPA and WPA2 clients simultaneously and the encryption key is obtained dynamically from RADIUS server with 802.1X protocol. WPA/PSK-Accepts only WPA clients and the encryption key should be entered in PSK.
5.13.4 Access Control In the Access Control, the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list. The user may block wireless clients by inserting their MAC addresses into a black list, or only let them be able to connect by inserting their MAC addresses into a white list. In the Access Control web page, users may configure the white/black list modes used by each SSID and the MAC addresses applied to their lists.
5.13.5 WPS WPS (Wi-Fi Protected Setup) provides easy procedure to make network connection between wireless station and wireless access point (vigor router) with the encryption of WPA and WPA2. Note: Such function is available for the wireless station with WPS supported. It is the simplest way to build connection between wireless network clients and vigor router. Users do not need to select any encryption mode and type any long encryption passphrase to setup a wireless client every time.
z If you want to use PIN code, you have to know the PIN code specified in wireless client. Then provide the PIN code of the wireless client you wish to connect to the vigor router. For WPS is supported in WPA-PSK or WPA2-PSK mode, if you do not choose such mode in Wireless LAN>>Security, you will see the following message box. Please click OK and go back Wireless LAN>>Security to choose WPA-PSK or WPA2-PSK mode and access WPS again. Below shows Wireless LAN>>WPS web page.
Authentication Mode Display current authentication mode of the router. Only WPA2/PSK and WPA/PSK support WPS. Configure via Push Button Click Start PBC to invoke Push-Button style WPS setup procedure. The router will wait for WPS requests from wireless clients about two minutes. The WPS LED on the router will blink fast when WPS is in progress. It will return to normal condition after two minutes.
The application for the WDS-Repeater mode is depicted as below: The major difference between these two modes is that: while in Repeater mode, the packets received from one peer AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding.
Mode Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Bridge mode is designed to fulfill the first type of application. Repeater mode is for the second one. Security There are three types for security, Disable, WEP and Pre-shared key. The setting you choose here will make the following WEP or Pre-shared key field valid or not. Choose one of the types for the router. WEP Check this box to use the same key set in Security Settings page.
MAC addresses are allowed to be entered in this page at one time. Yet please disable the unused link to get better performance. If you want to invoke the peer MAC address, remember to check Enable box in the front of the MAC address after typing. Repeater If you choose Repeater as the connecting mode, please type in the peer MAC address in these fields. Four peer MAC addresses are allowed to be entered in this page at one time.
long guard interval for data transmit based on the station capability. Aggregation MSDU Aggregation MSDU can combine frames with different sizes. It is used for improving MAC layer’s performance for some brand’s clients. The default setting is Enable. 5.13.8 AP Discovery Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Also, it can be used to facilitate finding an AP for a WDS link.
result field, and click Bridge or Repeater. Next, click Add to. Later, the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page. 5.13.9 Station List Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Refresh Click this button to refresh the status of station list.
5.14 USB Application USB diskette can be regarded as a server. By way of Vigor router, clients on LAN can access, write and read data stored in USB diskette. After setting the configuration in USB Application, you can type the IP address of the Vigor router and username/password created in USB Application>>USB User Management on the client software. Thus, the client can use the FTP site (USB diskette) or share the Samba service through Vigor router. 5.14.
Default Charset is for English based file name. For Simplified Chinese file/directory names, please choose GB2312; for Traditional Chinese file/directory names, choose BIG5. Samba Service Settings Click Enable to invoke samba service via the router. Access Mode LAN Only – Users coming from internet cannot connect to the samba server of the router. LAN And WAN - Both LAN and WAN users can access samba server of the router.
FTP/Samba User Enable – Click this button to activate this profile (account) for FTP service or Samba User service. Later, the user can use the username specified in this page to login into FTP server. Disable – Click this button to disable such profile. Username Type the username for FTP/Samba users for accessing into FTP server (USB storage disk). Be aware that users cannot access into USB storage disk in anonymity.
Access Rule It determines the authority for such profile. Any user, who uses such profile for accessing into USB storage disk, must follow the rule specified here. File – Check the items (Read, Write and Delete) for such profile. Directory –Check the items (List, Create and Remove) for such profile. Before you click OK, you have to insert a USB diskette into the USB interface of the Vigor router. Otherwise, you cannot save the configuration. 5.14.
Current Path Display current folder. Upload Click this button to upload the selected file to the USB diskette. The uploaded file in the USB diskette can be shared for other user through FTP.
5.14.4 Disk Status This page is to monitor the status for the users who accessing into FTP or Samba server (USB diskette) via the Vigor router. If you want to remove the diskette from USB port in router, please click Disconnect USB Disk first. And then, remove the USB diskette later. Connection Status If there is no USB diskette connected to Vigor router, “No Disk Connected” will be shown here.
5.15 System Maintenance For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, and Firmware Upgrade. Below shows the menu items for System Maintenance. 5.15.1 System Status The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.
1st IP Address st Display the IP address of the LAN interface. 1 Subnet Mask Display the subnet mask address of the LAN interface. DHCP Server Display the current status of DHCP server of the LAN interface. DNS Display the assigned IP address of the primary DNS. WAN------Link Status Display current connection status. MAC Address Display the MAC address of the WAN Interface. Connection Display the connection type. IP Address Display the IP address of the WAN interface.
5.15.2 TR-069 This device supports TR-069 standard. It is very convenient for an administrator to manage a TR-069 device through an Auto Configuration Server, e.g., VigorACS. ACS Server On Choose the interface for the router connecting to ACS server. ACS Server URL/Username/Password – Such data must be typed according to the ACS (Auto Configuration Server) you want to link. Please refer to Auto Configuration Server user’s manual for detailed information.
5.15.3 Administrator Password This page allows you to set new password. Old Password Type in the old password. The factory default setting for password is blank. New Password Type in new password in this filed. Confirm Password Type in the new password again. When you click OK, the login window will appear. Please use the new password to access into the web configurator again. 5.15.4 Configuration Backup Backup the Configuration Follow the steps below to backup your configuration. 4.
6. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. 7. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently.
5.15.5 Syslog/Mail Alert SysLog function is provided for users to monitor router. There is no bother to directly get into the Web Configurator of the router or borrow debug equipments. Enable Check Enable to activate function of syslog. Syslog Save to Check Syslog Server to save the log to Syslog directly. Check USB Disk to save the log to the attached USB diskette. Router Name Type in the router name provided by ISP. Server IP Address The IP address of the Syslog server.
Authentication Check this box to activate this function while using e-mail application. User Name Type the user name for authentication. Password Type the password for authentication. Enable E-mail Alert Check the box to send alert message to the e-mail box while the modem detecting the item(s) you specify here. Click OK to save these settings. For viewing the Syslog, please do the following: 1. Just set your monitor PC’s IP address in the field of Server IP Address 2.
5.15.6 Time and Date It allows you to specify where the time of the router should be inquired from. Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as router’s system time. Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol. Time Protocol Select a time protocol. Server IP Address Type the IP address of the time server.
5.15.7 Management This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Router Name Type in the router name provided by ISP. Allow management from the Internet Enable the checkbox to allow system administrators to login from the Internet.
Get Community Set the name for getting community by typing a proper character. The default setting is public. Set Community Set community by typing a proper name. The default setting is private. Manager Host IP Set one host as the manager to execute SNMP function. Please type in IP address to specify certain host. Trap Community Set trap community by typing a proper name. The default setting is public. Notification Host IP Set the IP address of the host that will receive the trap community.
5.15.9 Firmware Upgrade Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools. The following web page will guide you to upgrade firmware by using an example. Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.
5.15.10 Activation There are three ways to activate WCF on vigor router, using Service Activation Wizard, by means of CSM>>Web Content Filter Profile or via System Maintenance>>Activation. After you have finished the setting profiles for WCF, it is the time to activate the mechanism for your computer. Click System Maintenance>>Activation to open the following page for accessing http://myvigor.draytek.com. Note: Such service mechanism is powered by Commtouch.
Below shows the successful activation of Web Content Filter: Status Display the mechanism (represented with code number, e.g., CT-CF) adopted by such router. Start Date Display the starting date of WCF license activated successfully. Expire Date Display the ending date of WCF license activated successfully. Activate Click this link to access into http://myvigor.draytek.com for activating WCF function. 5.
5.16.1 Dial-out Trigger Click Diagnostics and click Dial-out Trigger to open the web page. The internet connection (e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address. Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. 5.16.2 Routing Table Click Diagnostics and click Routing Table to open the web page.
5.16.3 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page. Clear Click it to clear the whole table. 5.16.4 DHCP Table The facility provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc.
5.16.5 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. #Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. Interface It displays the representing number for different interface. Refresh Click it to reload the page. 5.16.
Ping to Use the drop down list to choose the destination that you want to ping. IP Address Type in the IP address of the Host/IP that you want to ping. Run Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. 5.16.7 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds.
refreshing data flow that will be done by the system automatically. Refresh Index IP Address TX rate (kbps) RX rate (kbps) Sessions Action Click this link to refresh this page manually. Display the number of the data flow. Display the IP address of the monitored device. Display the transmission speed of the monitored device. Display the receiving speed of the monitored device. Display the session number that you specified in Limit Session web page.
5.16.8 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page. Choose WAN1 Bandwidth/WAN2 Bandwidth, Sessions, daily or weekly for viewing different traffic graph. Click Refresh to renew the graph at any time. 5.16.9 Trace Route Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run. The result of route trace will be shown on the screen.
Protocol Choose a protocol (ICMP or UDP) for such route. Host/IP Address It indicates the IP address of the host. Run Click this button to start route tracing work. Clear Click this link to remove the result on the window.
This page is left blank.
Chapter 6: Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Checking if the hardware status is OK or not. z Checking if the network connection settings on your computer are OK or not. z Pinging the router from your computer. z Checking if the ISP settings are OK or not.
6.2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. For Windows The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. 1.
4. Select Obtain an IP address automatically and Obtain DNS server address automatically. For MacOs 1. Double click on the current used MacOs on the desktop. 2. Open the Application folder and get into Network. 3. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.
6.3 Pinging the Router from Your Computer The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer. We suggest you setting the network connection as get IP automatically. (Please refer to the section 6.2) Please follow the steps below to ping the router correctly.
VigorIPPBX 2820 Series User’s Guide 365
6.4 Checking If the ISP Settings are OK or Not Click WAN>> Internet Access and then check whether the ISP settings are set correctly. Click WAN1 or WAN2 link to review the settings that you configured previously. 6.5 Problems for 3G Network Connection When you have trouble in using 3G network transmission, please check the following: Check if USB LED lights on or off You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2820.
Transmission Rate is not fast enough Please connect your Notebook with 3G USB Modem to test the connection speed to verify if the problem is caused by VigorIPPBX 2820. In addition, please refer to the manual of 3G USB Modem for LED Status to make sure if the modem connects to Internet via HSDPA mode. If you want to use the modem indoors, please put it on the place near the window to obtain better signal receiving. 6.
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. 6.7 Contacting Your Dealer If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com.
Appendix: Hardware Specifications Temperature Operating : 0°C ~ 45°C Storage : -25°C ~ 70°C Humidity 10% ~ 90% ( non-condensing ) Max.
