Draytek Vigor2120 Series, User Manual

Page 1: ......

Page 2: ...Vigor2120 Series User s Guide ii...

Page 3: ...Vigor2120 Series User s Guide iii Vigor2120 Series Broadband Firewall Router User s Guide Version 2 0 Firmware Version V3 8 4 For future update please visit DrayTek web site Date June 13 2017...

Page 4: ...vation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of...

Page 5: ...vice pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can ra...

Page 6: ...Vigor2120 Series User s Guide vi The antenna transmitter should be kept at least 20 cm away from human body More update please visit www draytek com...

Page 7: ...mon Used Menu 20 1 7 4 GUI Map 21 1 7 5 Web Console 22 1 7 6 Config Backup 22 1 7 7 Logout 23 1 8 Online Status 24 1 8 1 Physical Connection for IPv4 Protocol 24 1 8 2 Physical Connection for IPv6 Pro...

Page 8: ...h Vigor2120 series 100 Advanced Configuration 101 4 1 WAN 101 4 1 1 Basics of Internet Protocol IP Network 101 4 1 2 General Setup 103 4 1 3 Internet Access 105 4 1 4 Multi VLAN 131 4 2 LAN 135 4 2 1...

Page 9: ...ice 261 4 9 9 Bonjour 263 4 10 VPN and Remote Access 266 4 10 1 Remote Access Control 266 4 10 2 PPP General Setup 267 4 10 3 IPsec General Setup 269 4 10 4 IPsec Peer Identity 271 4 10 5 Remote Dial...

Page 10: ...361 4 15 14 Activation 362 4 16 Diagnostics 364 4 16 1 Dial out Triggering 364 4 16 2 Routing Table 365 4 16 3 ARP Cache Table 366 4 16 4 IPv6 Neighbour Table 366 4 16 5 DHCP Table 367 4 16 6 NAT Ses...

Page 11: ...mmand ip telnet 410 Telnet Command ip rip 410 Telnet Command ip wanrip 411 Telnet Command ip route 412 Telnet Command ip igmp_proxy 413 Telnet Command ip igmp_snoop 413 Telnet Command ip wanaddr 415 T...

Page 12: ...imWINS 452 Telnet Command msubnet secWINS 453 Telnet Command msubnet tftp 454 Telnet Command msubnet mtu 454 Telnet Command object ip obj 455 Telnet Command object ip grp 456 Telnet Command object ipv...

Page 13: ...mmand sys bonjour 491 Telnet Command sys cfg 492 Telnet Command sys cmdlog 492 Telnet Command sys ftpd 493 Telnet Command sys domainname 493 Telnet Command sys iface 494 Telnet Command sys name 495 Te...

Page 14: ...s2nat 526 Telnet Command wan ppp_mru 527 Telnet Command wan mtu 527 Telnet Command wan DF_check 528 Telnet Command wan disable 528 Telnet Command wan enable 528 Telnet Command wan forward 528 Telnet C...

Page 15: ...uide xv Telnet Command wl dual restart 550 Telnet Command wl dual security 551 Telnet Command wl dual stalist 552 Telnet Command wl dual wds 552 Telnet Command wl dual wps 554 Telnet Command wol 555 T...

Page 16: ......

Page 17: ...and hardware encryption of AES DES 3DES the router increases the performance of VPN greatly and offers several protocols such as IPsec PPTP L2TP with up to 2 VPN tunnels The object based design used i...

Page 18: ...s Cancel current settings and recover to the previous saved settings Clear all the selections and parameters settings including selection from drop down list All the values must be reset with factory...

Page 19: ...is failed ACT Blinking The system is ready and can work normally On A USB device is connected and active USB Blinking The data is transmitting VPN On The VPN tunnel is active WCF On The profile s of C...

Page 20: ...tton and keep for more than 6 seconds Then the router will restart with the factory default configuration WAN Connector for accessing the Internet LAN 1 4 Connecters for local network devices LAN PWR...

Page 21: ...active USB Blinking The data is transmitting On Wireless function is ready Off Wireless function is not ready 2 4G Blinking Data is transmitting sending receiving On Wireless function is ready Off Wi...

Page 22: ...will be off WPS When WPS function is enabled by web user interface press this button for more than 2 seconds The router will wait for any wireless client connecting to it through WPS Restore the defau...

Page 23: ...of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect one end of the power adapter to the router s po...

Page 24: ...The example provided here is made based on Windows XP 2000 For Windows 98 SE Vista please visit www DrayTek com Before using it please follow the steps below to configure settings for connected comput...

Page 25: ...Vigor2120 Series User s Guide 9 5 In this dialog choose Create a new port In the field of Type of port use the drop down list to select Standard TCP IP Port Then click Next...

Page 26: ...User s Guide 10 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Hostname or IP Address and type 192 168 1 1 as the Port name Then click Next 7 Click Standard and choose Gene...

Page 27: ...your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next 9 Type a...

Page 28: ...Vigor2120 Series User s Guide 12 10 Choose Do not share this printer and click Next 11 Then in the following dialog click Finish...

Page 29: ...uide 13 12 The new printer has been added and displayed under Printers and Faxes Click the new printer icon and click Printer server properties 13 Edit the property of the new printer you have added b...

Page 30: ...l type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name The printer can be used for printing now Most of the printers with...

Page 31: ...r your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ Application Notes find out the link of USB Printer Server and click it Then click the What...

Page 32: ...the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1...

Page 33: ...sword for the original security of the router 1 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password 2 Please type admin admin as Username...

Page 34: ...ci in ng g D Da as sh hb bo oa ar rd d Dashboard shows the connection status including System Information IPv4 Internet Access IPv6 Internet Access Interface physical connection Security and Quick Acc...

Page 35: ...er displays the physical interface connection It will be refreshed every five seconds For detailed information about the LED display refer to 1 2 LED Indicators and Connectors 1 1 7 7 2 2 N Na am me e...

Page 36: ...ions grouped under Quick Access The function links of System Status Dynamic DDNS TR 069 IM P2P Block Schedule Syslog Mail Alert RADIUS Firewall Object Setting and Data Flow Monitor are displayed here...

Page 37: ...indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s 1 1 7 7 4 4 G GU UI I M Ma ap p All the functions t...

Page 38: ...can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen 1 1 7 7 6 6 C Co on nf fi ig g B Ba ac ck ku up p There is one way to st...

Page 39: ...Vigor2120 Series User s Guide 23 Click Save to store the setting 1 1 7 7 7 7 L Lo og go ou ut t Click this icon to exit the web user interface...

Page 40: ...I IP Pv v4 4 P Pr ro ot to oc co ol l 1 1 8 8 2 2 P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n f fo or r I IP Pv v6 6 P Pr ro ot to oc co ol l Detailed explanation for IPv4 is shown below...

Page 41: ...octets at the WAN interface Detailed explanation for IPv6 is shown below Item Description LAN Status IP Address Displays the IPv6 address of the LAN interface TX Packets Displays the total transmitte...

Page 42: ...field of Application will list the purpose of such WAN connection 1 1 9 9 S Sa av vi in ng g C Co on nf fi ig gu ur ra at ti io on n Each time you click OK on the web page for saving the configuration...

Page 43: ...r establishing VPN tunnel the router is treated as a VPN server 2 2 1 1 Q Qu ui ic ck k S St ta ar rt t W Wi iz za ar rd d The Quick Start Wizard is designed for you to easily set up your router for I...

Page 44: ...Vigor2120 Series User s Guide 28 WAN1 and WAN2 will bring up different configuration page Refer to the following for detailed information...

Page 45: ...please specify physical type Then click Next 2 2 1 1 1 1 1 1 P PP PP Po oE E 1 Open Wizards Quick Start Wizard Finish the password settings and click Next 2 Choose WAN1 as the WAN Interface and click...

Page 46: ...n Service Name Type the service information for identifying ISP Username Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Ret...

Page 47: ...Vigor2120 Series User s Guide 31 6 Click Finish A page of Quick Start Wizard Setup OK will appear 7 Now you can enjoy surfing on the Internet...

Page 48: ...specify Internet Access Type Click PPTP L2TP as the Internet Access Type Then click Next to continue 4 Please type in the IP address mask gateway information originally provided by your ISP Then click...

Page 49: ...ddress of the gateway Primary DNS Type in the primary IP address for the router Second DNS Type in secondary IP address for necessity in the future PPTP Server L2TP Server Type the IP address of the s...

Page 50: ...u to specify Internet Access Type Click Static IP as the Internet Access Type Then click Next to continue 4 Please type in the IP address information originally provided by your ISP Then click Next fo...

Page 51: ...Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 5 A summary page will be displayed as follows 6 Clic...

Page 52: ...Click DHCP as the Internet Access Type Then click Next to continue 4 Click DHCP as the Internet Access type Simply click Next to continue Then click Next for viewing summary of such connection Availab...

Page 53: ...to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 5 A summary page will be displayed as follows 6 Click Finish A page of Quick...

Page 54: ...the information for 3G 4G USB Modem Available settings are explained as follows Item Description Internet Access Choose a protocol for accessing the Internet 3G 4G USB Modem PPP mode SIM Pin code Type...

Page 55: ...access Internet Network Mode Force Vigor router to connect Internet with the mode specified here If you choose 4G 3G 2G as network mode the router will choose a suitable one according to the actual w...

Page 56: ...se trial version of WCF directly without accessing into the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Pro...

Page 57: ...de There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets BPjM is WCF for German Speaking users The fragfINN is whitelis...

Page 58: ...l be activated and applied as the default rule configured in Firewall General Setup 6 Now the web page will display the service that you have activated according to your selection s The valid time for...

Page 59: ...r to client step by step 1 Open VPN and Remote Access VPN Client Wizard The following page will appear Available settings are explained as follows Item Description LAN to LAN Client Mode Selection Cho...

Page 60: ...owing page In this page you have to select suitable VPN type for the VPN client profile There are six types provided here Different type will lead to different configuration page After making the choi...

Page 61: ...g descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will see the following graphic When yo...

Page 62: ...Vigor2120 Series User s Guide 46 When you choose L2TP you will see the following graphic When you choose L2TP over IPsec Nice to Have or L2TP over IPsec Must you will see the following graphic...

Page 63: ...tions such as L2TP over IPsec and IPsec tunnel Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Confirm the pre shared key Digital Signature X 509 Click Digital Signature to...

Page 64: ...lding VPN connection Remote Network Mask Please type the network mask according to the real location of the remote host for building VPN connection 3 After finishing the configuration please click Nex...

Page 65: ...Available settings are explained as follows Item Description VPN Server Mode Selection Choose the direction for the VPN server Site to Site VPN To set a LAN to LAN profile automatically please choose...

Page 66: ...dial in type for the VPN server profile There are several types provided here similar to VPN Client Wizard Different Dial in Type will lead to different configuration page In addition adjustable items...

Page 67: ...es User s Guide 51 When you check PPTP you will see the following graphic When you check PPTP IPsec L2TP three types or PPTP IPsec two types or L2TP with Policy Nice to Have Must you will see the foll...

Page 68: ...L2TP with or without IPsec policy above The length of the name is limited to 11 characters Pre Shared Key For IPsec L2TP IPsec authentication you have to type a pre shared key The length of the name i...

Page 69: ...f there is no problem you can click one of the radio buttons listed on the page and click Finish to execute the next action Available settings are explained as follows Item Description Go to the VPN C...

Page 70: ...register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router b...

Page 71: ...following page will be displayed after you logging in MyVigor From this page please click Add or Product Registration 5 When the following page appears please type in Nickname for the router and choo...

Page 72: ...Vigor2120 Series User s Guide 56 4 After clicking OK you will see the following page Your router has been registered to myvigor website successfully...

Page 73: ...ll be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive the border between IPv4 and IPv6 the header of IPv4 on the pack...

Page 74: ...rent connection types will bring out different configuration page Refer to the following PPP Dual Stack application IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the info...

Page 75: ...Vigor2120 Series User s Guide 59 Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time...

Page 76: ...formation for TSPC service Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after app...

Page 77: ...te While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the servi...

Page 78: ...s Guide 62 DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection wi...

Page 79: ...es User s Guide 63 Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be sh...

Page 80: ...ing page Note Only the subnet of LAN1 supports IPv6 feature 2 In the field of Router Advertisement Server the default setting is Enable The client s PC will ask RADVD service for the Prefix of IPv6 ad...

Page 81: ...mmand of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 webs...

Page 82: ...pe an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a...

Page 83: ...If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through or FTP server 1 Plug the USB device to the USB port on the router Make sure Dis...

Page 84: ...ng properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login 5 When the following screen appears it means the FTP service is running properly 6 Return to USB Application U...

Page 85: ...d dq qu ua ar rt te er r v vi ia a I IP Ps se ec c T Tu un nn ne el l M Ma ai in n M Mo od de e C Co on nf fi ig gu ur ra at ti io on n o on n V Vi ig go or r R Ro ou ut te er r f fo or r H He ea ad d...

Page 86: ...Check the box of Specify Remote and type the Peer VPN Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security meth...

Page 87: ...er interface of Vigor router 2 Open VPN and Remote Access LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection 3 Click any index number to open the confi...

Page 88: ...ervice and type the remote server IP host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 5 Continue to...

Page 89: ...Vigor2120 Series User s Guide 73 7 Open VPN and Remote Access Connection Management to check the dial in connection status from head office...

Page 90: ...of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512...

Page 91: ...de 75 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the settings and exit the window 6 Click OK...

Page 92: ...r2120 Series User s Guide 76 7 The class rule for VoIP has been set Click OK to return to previous page 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below...

Page 93: ...ck the box of Enable the QoS Control Type 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively Check the box of Enable UDP Bandwidth Control Note The rate of outbound inbound must be sm...

Page 94: ...Vigor2120 Series User s Guide 78 11 Click OK to save the settings The class rules for WAN1 are defined as shown below...

Page 95: ...Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for M...

Page 96: ...ies User s Guide 80 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and...

Page 97: ...ries User s Guide 81 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue 7 Now you have created an account successfully...

Page 98: ...the account that you created The following screen will be shown to verify the register process is finished Please click Login 10 When you see the following page please type in the account and password...

Page 99: ...Ac cc co ou un nt t v vi ia a M My yV Vi ig go or r W We eb b S Si it te e 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into nex...

Page 100: ...ries User s Guide 84 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue 5 Now you have created an account successfully...

Page 101: ...n will be shown to verify the register process is finished Please click Login 8 When you see the following page please type in the account and password that you just created in the fields of UserName...

Page 102: ...erface of Vigor router 2 Configure relational objects first Open Object Settings SMS Mail Server Object to get the following page Index 1 to Index 8 allows you to choose the built in SMS service provi...

Page 103: ...ofile setting 5 Open Object Settings Notification Object to configure the event conditions of the notification 6 Choose any index number e g Index 1 in this case to configure conditions for sending th...

Page 104: ...choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS 9 Click OK to save the settings Later...

Page 105: ...P Pr ro ov vi id de er r Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password...

Page 106: ...ng to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only The way we can use is to set two rules under Firewall For Rule 1 of Set...

Page 107: ...ilter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the...

Page 108: ...Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet 7 Now check the...

Page 109: ...Series User s Guide 93 8 Both filter rules have been created Click OK 9 Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to...

Page 110: ...t te er r There are two ways to block the facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to bloc...

Page 111: ...Vigor2120 Series User s Guide 95 2 Open CSM Web Content Filter Profile to create a WCF profile Check Social Networking with Action Block 3 Enable this profile in Firewall General Setup Default Rule...

Page 112: ...o on nt te en nt t F Fi il lt te er r A Block the web page containing the word of Facebook 1 Open Object Settings Keyword Object Click an index number to open the setting page 2 In the field of Conten...

Page 113: ...configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside B Disallow users to play games on Facebook 1 Open Object Setting...

Page 114: ...er s Guide 98 3 Open CSM URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure 5 When you finished the above steps please open Fire...

Page 115: ...Series User s Guide 99 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word faceb...

Page 116: ...of Vigor2120 for using SmartMonitor 1 Please go to LAN LAN Port Mirror to setup the mirror port 2 Please enable the Port Mirror function first 3 Select the Mirror port and Mirrored port the traffics...

Page 117: ...different WAN modes please go to WAN group 4 4 1 1 1 1 B Ba as si ic cs s o of f I In nt te er rn ne et t P Pr ro ot to oc co ol l I IP P N Ne et tw wo or rk k IP means Internet Protocol Every device...

Page 118: ...cant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to...

Page 119: ...ion service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operati...

Page 120: ...e tag value and specify the priority for the packets sending by WAN1 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority T...

Page 121: ...tup Physical Mode It shows the physical connection for WAN1 Ethernet WAN2 USB according to the real network connection Access Mode Use the drop down list to choose a proper access mode Then click Deta...

Page 122: ...d all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your IS...

Page 123: ...ter offers PPPoE dial up connection Besides you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router When PPPoA protocol is selected the PPPoE package t...

Page 124: ...re please click OK to activate them 4 4 1 1 3 3 2 2 D De et ta ai il ls s P Pa ag ge e f fo or r S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P i in n W WA AN N1 1 For static IP mode you usual...

Page 125: ...n certain periods of time Check Enable PING to keep alive box to activate this function PING to the IP If you enable the PING function please specify the IP address for the system to PING it for keepi...

Page 126: ...s judged MTU It means Max Transmit Unit for packet RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP f...

Page 127: ...Gateway IP Address Type the gateway IP address Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specif...

Page 128: ...ecify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field The maximum length of the user name you can set is...

Page 129: ...can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Addres...

Page 130: ...r 3G 4G USB Modem PPP mode Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code...

Page 131: ...5 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in...

Page 132: ...s that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet The maximum length of the PIN code you can set is 15 characters Network...

Page 133: ...or Ping Detect for the system to execute for WAN detection If you choose Ping Detect as the detection mode you have to type required settings for the following items Primary Secondary Ping IP If you c...

Page 134: ...se DHCPv6 or accept RA to acquire the IPv6 prefix address such as 2001 B010 7300 200 64 offered by the ISP In addition PCs under LAN also can have the public IPv6 address for Internet access by means...

Page 135: ...de you have to type TTL value RIPng Protocol RIPng RIP next generation offers the same functions and benefits as IPv4 RIP v2 Below shows an example for successful IPv6 connection based on PPP mode Not...

Page 136: ...ter advertisement daemon RADVD the PC behind this router can directly connect to IPv6 the Internet Available settings are explained as follows Item Description Username Type the name obtained from the...

Page 137: ...N2 2 Available settings are explained as follows Item Description Always On Check this box to keep the network connection always Username Type the name obtained from the broker Please apply new accoun...

Page 138: ...connection is alive or not through Ping Detect Mode Choose Always On Ping Detect or NS Detect for the system to execute for WAN detection With NS Detect mode the system will check if network connecti...

Page 139: ...lows you to verify whether network connection is alive or not through NS Detect or Ping Detect Mode Choose Always On Ping Detect or NS Detect for the system to execute for WAN detection With NS Detect...

Page 140: ...e Mode Enable Bridge Mode If the function is enabled the router will work as a bridge modem Bridge Subnet Make a bridge between the selected LAN subnet and such WAN interface After finished the above...

Page 141: ...ss Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Current IPv6 Address Table Display current interface IPv6 address Sta...

Page 142: ...g Detect as detection mode you have to type TTL value RIPng Protocol RIPng RIP next generation offers the same functions and benefits as IPv4 RIP v2 Bridge Mode Enable Bridge Mode If the function is e...

Page 143: ...l with the value for prefix length LAN Routed Prefix Type the static IPv6 address for LAN routing with the value for prefix length Tunnel TTL Type the number for the data lifetime in tunnel WAN Connec...

Page 144: ...Vigor2120 Series User s Guide 128 Below shows an example for successful IPv6 connection based on 6in4 Static Tunnel mode...

Page 145: ...IPv4 addresses within a given 6rd domain It may be any value between 0 and 32 6rd Prefix Type the 6rd IPv6 address 6rd Prefix Length Type the IPv6 prefix length for the 6rd IPv6 prefix in number of b...

Page 146: ...120 Series User s Guide 130 detection mode you have to type TTL value After finished the above settings click OK to save the settings Below shows an example for successful IPv6 connection based on 6rd...

Page 147: ...ss web user interface and can not be configured here Channels 3 8 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium t...

Page 148: ...Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the...

Page 149: ...guration of this channel WAN Type The connections and interfaces created in every channel may select a specific WAN type to be built upon In the Multi VLAN application only the Ethernet WAN type is av...

Page 150: ...orresponding check box es for applying the port based bridge connection Open WAN Interface for this Channel Check the box to enable relating function WAN for Router borne Application Management can be...

Page 151: ...does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assign...

Page 152: ...St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simp...

Page 153: ...etup Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled in default LAN2 LAN3 LAN3 and IP Routed Subnet can be observed...

Page 154: ...bled the specified values for DHCP option will be seen in DHCP reply packets Interface Choose the interface for applying such option Option Number Type a number for such function DataType Choose the t...

Page 155: ...P protocol It will lead to a stoppage of the exchange of routing information between routers Default Enable activates the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configurat...

Page 156: ...of time e g 1 day However even if this client only uses the IP for say 5 minutes the server still reserves 1 day for that client Because a DHCP server only has a limited number of IPs to lease to its...

Page 157: ...please click OK to save and exit this page 4 4 2 2 2 2 2 2 D De et ta ai il ls s P Pa ag ge e f fo or r I IP P R Ro ou ut te ed d S Su ub bn ne et t Available settings are explained as follows Item De...

Page 158: ...f PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Lease Time Enter the time to determine how long the IP address assigned by DHCP server can be use...

Page 159: ...Ethernet TCP IP and DHCP Setup based on IPv4 and IPv6 Setup Click the tab for each type and refer to the following explanations for detailed information Below shows the settings page for IPv6 It prov...

Page 160: ...ULA Prefix A user can type the ULA IPv6 address manually Current IPv6 Address Table Display current used IPv6 addresses DNS Server IPv6 Address Primary DNS Sever Type the IPv6 address for Primary DNS...

Page 161: ...der the Advance setting Click Edit to open the pop up window Router Advertisement Server Click Enable to enable router advertisement server The router advertisement daemon sends Router Advertisement m...

Page 162: ...Router Advertisement packets are transmitted MTU It means Max Transmit Unit for packet If Auto is selected the router will determine the MTU value for LAN RIPng Protocol RIPng RIP next generation off...

Page 163: ...c R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings View Routi...

Page 164: ...his profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Gateway IP Address Type the IP address as the gatew...

Page 165: ...ngs and return to factory default settings Viewing IPv6 Routing Table Displays the routing table for your reference Index The number 1 to 40 under Index allows you to open next page to set up static r...

Page 166: ...works properly use the Main Router to surf the Internet create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 create a public subnet 211 100 88 0 via an internal Router B 192 168...

Page 167: ...ulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which...

Page 168: ...different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet P Po or rt t B Ba as se ed d V VL LA AN N Relative to tag ba...

Page 169: ...cify the priority for the packets sending by LAN VID Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 No...

Page 170: ...N Routing by checking the box between LAN1 and LAN2 Vigor router supports up to six private IP subnets on LAN Each can be independent isolated or common able to communicate with each other This is ide...

Page 171: ...Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the...

Page 172: ...e or the IP MAC address typed in Add and Edit to the table of IP Bind List Update It allows you to edit and modify the selected IP address and MAC address that you create before Delete You can remove...

Page 173: ...his feature First it is more economical without other detecting equipments to be set up Second it may be able to view traffic on one or more ports within a VLAN at the same time Third it can transfer...

Page 174: ...t or the desired web page through this router That is a company which wants to have an advertisement for its products to users can specify the URL in this page to reach its goal For the telnet command...

Page 175: ...purpose of advertisement For example force the wireless user s in hotel to access into the web page that the hotel wants the user s to visit Message Type words or sentences here The message will be d...

Page 176: ...button to proceed Check it to force the user to click the button with the word defined on Button box to proceed the operation Applied Interfaces Check the box es representing different interfaces to b...

Page 177: ...address thus you can have only one IP address on behalf of the entire internal hosts Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based o...

Page 178: ...page The Port Redirection Table provides 20 port mapping entries for the internal hosts Each item is explained as follows Item Description Index Display the number of the profile Service Name Display...

Page 179: ...art port and end port and the starting IP of private IP had been entered the system will calculate and display the ending IP of private IP automatically Service Name Enter the description of the speci...

Page 180: ...ttings here please click OK to save the configuration Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers...

Page 181: ...le host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be tota...

Page 182: ...of the DMZ host or click Choose PC to select one Choose IP Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all...

Page 183: ...P address of the DMZ host or click Choose PC to select one Choose IP Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP address...

Page 184: ...ant to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Displ...

Page 185: ...list to specify an IP object Or click IP Object link to create a new one for applying Private IP Enter the private IP address of the local host or click Choose IP to select one Choose IP Click this b...

Page 186: ...1 WAN2 203 98 200 10 Without address mapping feature when a NAT host with an IP say 192 168 1 10 sends a packet to the WAN side or the Internet the source address of the NAT host will be mapped into e...

Page 187: ...ng Public IP Display the public IP address selected for this entry e g 172 16 3 102 Private IP Display the private IP set for this address mapping e g 192 168 1 10 Mask Display the subnet mask selecte...

Page 188: ...tings here please click OK to save the configuration 4 4 3 3 5 5 P Po or rt t T Tr ri ig gg ge er ri in ng g Port Triggering is a variation of open ports function The key difference between open port...

Page 189: ...rt Display the port of the triggering packets Incoming Protocol Display the protocol for the incoming data of such triggering profile Incoming Port Display the port for the incoming data of such trigg...

Page 190: ...CP UDP for such triggering profile Triggering Port Type the port or port range for such triggering profile Incoming Protocol When the triggering packets received it is expected the incoming packets wi...

Page 191: ...lled PPA in DrayTek for it is based on Protocol Processing Engine PPE of Infinion It can only support 128 sessions for network traffic IN OUT When the data traffic is heavy and data transmission is ge...

Page 192: ...tion SPI tracks packets and denies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an exis...

Page 193: ...stem s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router t...

Page 194: ...al setup page 4 4 5 5 2 2 1 1 G Ge en ne er ra al l S Se et tu up p P Pa ag ge e Such page allows you to enable disable Call Filter and Data Filter determine general rule for filtering the incoming an...

Page 195: ...er server does not make any response pass or block for these packets then the router s firewall will block the packets directly Block routing packet from WAN Usually IPv6 network sessions traffics fro...

Page 196: ...r router Available settings are explained as follows Item Description Filter Select Pass or Block for the packets that do not match with the filter rules Sessions Control The number typed here is the...

Page 197: ...new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert f...

Page 198: ...choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Window size It determines the size of TCP protoco...

Page 199: ...Active to enable the rule Available settings are explained as follows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web p...

Page 200: ...settings for filter rule via several setting pages Advance Mode Allow to configure detailed settings of filter rule To use Wizard Mode simple do the following steps 1 Click the Wizard Mode radio butt...

Page 201: ...oup drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Protocol Specify the protocol s which this filter rule will apply to Sou...

Page 202: ...d information URL Content Filter Select one of the URL Content Filter profile settings created in CSM URL Content Filter for applying with this router Please set at least one profile for choosing in C...

Page 203: ...east one profile in CSM Web Content Filter web page first Or click the DNS Filter link from the drop down list in this page to create a new profile Block Immediately Packets matching the rule will be...

Page 204: ...ength is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The defau...

Page 205: ...ress Single Address Range Address Subnet Address as the Address Type and type them in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Obj...

Page 206: ...st values are different it indicates that all the ports except the range defined here are available for this service type the port number greater than this value is available the port number less than...

Page 207: ...ing such filter rule No Strict no limitation Quality of Service Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section l...

Page 208: ...an specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information DNS Filter Sele...

Page 209: ...e data flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web page The default setting is Enabled Strict Se...

Page 210: ...cting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeo...

Page 211: ...2000 packets per second That means when 2000 packets per second received they will be regarded as attack event Block IP options Check the box to activate the Block IP options function The Vigor router...

Page 212: ...This attack involves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets r...

Page 213: ...Vigor2120 Series User s Guide 197 After finishing all the settings here please click OK to save the configuration...

Page 214: ...oups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address 4 4 6 6 1 1 I...

Page 215: ...ng Download Then the user can open the CSV file through Microsoft Excel and modify all the IP objects at the same time Backup the current IP Objects with a CSV file Click it to backup current IP objec...

Page 216: ...ess if this object contains several IPs within a range Select Subnet Address if this object contains one subnet for IP address Select Any Address if this object contains any IP address Select Mac Addr...

Page 217: ...Vigor2120 Series User s Guide 201...

Page 218: ...explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile...

Page 219: ...ified interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the c...

Page 220: ...Range Address if this object contains several IPv6s within a range Select Subnet Address if this object contains one subnet for IPv6 address Select Any Address if this object contains any IPv6 address...

Page 221: ...s into one IPv6 group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the na...

Page 222: ...his box 3 After finishing all the settings please click OK to save the configuration 4 4 6 6 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects...

Page 223: ...rt number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first...

Page 224: ...ed as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please...

Page 225: ...dd the selected IP objects in this box 3 After finishing all the settings please click OK to save the configuration 4 4 6 6 7 7 K Ke ey yw wo or rd d O Ob bj je ec ct t You can set 200 keyword object...

Page 226: ...e explained as follows Item Description Name Type a name for this profile e g game Type a name for this profile e g game Contents Type the content for such profile For example type gambling as Content...

Page 227: ...Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of t...

Page 228: ...ects in this box 3 After finishing all the settings please click OK to save the configuration 4 4 6 6 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight...

Page 229: ...s 2 The configuration page will be shown as follows Available settings are explained as follows Item Description Profile Name Type a name for this profile The maximum length of the name you can set is...

Page 230: ...Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile number that you can configure Profi...

Page 231: ...use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum...

Page 232: ...Index 10 to make customized SMS service The profile name for Index 9 and Index 10 are fixed You can click the number e g 9 under Index column for configuration in details Available settings are expla...

Page 233: ...es that the router will send out Sending Interval Type the shortest time interval for the system to send SMS After finishing all the settings here please click OK to save the configuration M Ma ai il...

Page 234: ...e the IP address of the mail server SMTP Port Type the port number for SMTP server Sender Address Type the e mail address of the sender Use SSL Check this box to enable such function Authentication Th...

Page 235: ...ith different monitoring situation Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile...

Page 236: ...ion Profile Name Type a name for such notification profile The maximum length of the name you can set is 15 characters Category Display the types that will be monitored Status Display the status for t...

Page 237: ...t checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can...

Page 238: ...For the telnet command usage please refer to Telnet Command csm appe prof in the chapter of Telnet Command Reference Available settings are explained as follows Item Description Set to Factory Default...

Page 239: ...e for the CSM profile The maximum length of the name you can set is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Enable Check it t...

Page 240: ...gor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed...

Page 241: ...Feature below passing through When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Both Block The router will block all the package...

Page 242: ...this field and ignore the action specified under Restrict Web Feature Prevent web access from IP address Check the box to deny any web surfing activity using IP address such as http 202 6 3 2 The reas...

Page 243: ...lected Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below I...

Page 244: ...k No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currentl...

Page 245: ...le server Test a site to verify whether it is categorized Click this link to do the verification Set to Factory Default Click this link to retrieve the factory settings Default Message You can type th...

Page 246: ...the URL with fast processing rate combining the feature of L1 and L2 Eight profiles are provided here as Web content filters Simply click the index number under Profile to open the following web page...

Page 247: ...ions If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage wit...

Page 248: ...ilter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect on packets Available settings are explained as follows Item Description DNS Filter Profile...

Page 249: ...Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog WCF Set the filtering conditions UCF Set the filtering conditions Administratio...

Page 250: ...lways need many sessions for procession and also they will occupy over resources which might result in important accesses impacted To solve the problem you can use limit session to limit the session p...

Page 251: ...cific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected setting...

Page 252: ...ge To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Available settings are explained as follows Item Description Bandwidth Limit Enable...

Page 253: ...ot set the limit in this field the system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit...

Page 254: ...to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header For instance to ensure t...

Page 255: ...bandwidth setting for the WAN interface Direction Display which direction that such function will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth...

Page 256: ...This feature is available only when the Quality of Service for WAN interface is enabled G Ge en ne er ra al l S Se et tu up p f fo or r W WA AN N I In nt te er rf fa ac ce e When you click Setup you c...

Page 257: ...ease set 256kbps for this box The default value is 10000kbps Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandw...

Page 258: ...lass rules can be adjusted for your necessity To add edit or delete the class rule please click the Edit link of that one 2 After you click the Edit link you will see the following page Now you can de...

Page 259: ...s you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePo...

Page 260: ...of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edi...

Page 261: ...er finishing all the settings here please click OK to save the configuration By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio bu...

Page 262: ...ber However there is no effect of bandwidth management on the service such as IM or P2P without fixed IP or port number APP QoS employs the function of APP Enforcement to detect several types of softw...

Page 263: ...Vigor2120 Series User s Guide 247 Open Bandwidth Management APP QoS to display the following page The following shows web page under Traceable The following shows web page under Untraceable...

Page 264: ...address mappings on the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It...

Page 265: ...form auto update for DDNS service Index Click the number below Index to access into the setting page of DDNS setup to set account s Domain Name Display the domain name that you set on the setting page...

Page 266: ...d Type in the password that you set for applying domain Wildcard and Backup MX The Wildcard and Backup MX Mail Exchange features are not supported for all Dynamic DNS providers You could get more deta...

Page 267: ...p menu click the Index number you want to delete and then push Clear All button to delete the account 4 4 9 9 2 2 L LA AN N D DN NS S The LAN DNS lets the network administrators host servers with priv...

Page 268: ...factory settings Enable Check the box to enable the selected profile Index Click the number below Index to access into the setting page Profile Display the name of the LAN DNS profile Domain Name Disp...

Page 269: ...ith the domain name specified above In general one domain name maps with one IP address If required you can configure two IP addresses mapping with the same domain name Add Click it to open a dialog t...

Page 270: ...et only during certain hours say business hours The schedule is also applicable to other functions You have to set your time before set schedule In System Maintenance Time and Date menu press Inquire...

Page 271: ...the schedule Start Date yyyy mm dd Specify the starting date of the schedule Start Time hh mm Specify the starting time of the schedule Duration Time hh mm Specify the duration or period for the sched...

Page 272: ...nfigure the Force Down from 18 00 to next day 9 00 for whole week 4 Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to p...

Page 273: ...d Secret for confirmation After finished the above settings click OK button to save the settings 4 4 9 9 5 5 U UP Pn nP P The UPnP Universal Plug and Play protocol is supported to bring to network con...

Page 274: ...ause these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider...

Page 275: ...tion such function is available in NAT mode Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snoo...

Page 276: ...le settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host...

Page 277: ...rovider who will get the SMS what the content is and when the SMS will be sent Available settings are explained as follows Item Description Index Check the box to enable such profile SMS Provider Use...

Page 278: ...he drop down list to choose mail service provider You can click Mail Service link to define the mail server Recipient Type the e mail address of the one who will receive the notification message Notif...

Page 279: ...jour driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjou...

Page 280: ...d click OK 4 Next open Applications Bonjour Check the service that you want to use via Bonjour 5 Open the DNSSD page again The available items will be changed as the follows It means the Vigor router...

Page 281: ...Vigor2120 Series User s Guide 265 6 Now any page or document can be printed out through Vigor router installed with a printer...

Page 282: ...c network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access 4 4 1 10 0 1 1 R Re em mo ot te e A Ac cc ce es ss s C Co on nt...

Page 283: ...f the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Requir...

Page 284: ...s from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address PPP Authentication Methods Select the meth...

Page 285: ...nal IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPsec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP h...

Page 286: ...ser which does not match the rule defined in VPN and Remote Access Remote Dial In User will be applied with the method specified here IPsec Security Method Medium AH Authentication Header AH means dat...

Page 287: ...certificates for peer dial in users Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into...

Page 288: ...ck to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type...

Page 289: ...the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of R...

Page 290: ...PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPsec Tunnel Allow the remote dial in user...

Page 291: ...on to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router User Name This field is applicable when you select...

Page 292: ...Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Optional Specify a local ID to...

Page 293: ...een enabled Status Online means such LAN to LAN profile is in use Offline means such LAN to LAN profile isn t in use even if the profile has been enabled To edit each profile 1 Click each index to edi...

Page 294: ...h sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Pac...

Page 295: ...o the remote host the Vigor router can know the true existence of this VPN connection and react accordingly This is independent of DPD dead peer detection PING to the IP Enter the IP address of the re...

Page 296: ...a local ID Alternative Subject Name First or Subject Name First to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode Local C...

Page 297: ...To propose the local available algorithms to the VPN peers and get its feedback to find a match Three combinations are available for both modes We suggest you select the combination that covers the mo...

Page 298: ...igger an IPsec VPN connection through Internet L2TP with IPsec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPsec Se...

Page 299: ...dwidth utilization IKE Authentication Method This group of fields is applicable for IPsec Tunnels and L2TP with IPsec Policy when you specify the IP address of the remote node The only exception is Di...

Page 300: ...the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do not select PPTP or L2TP Remote Network IP Remote Ne...

Page 301: ...IP Mapping list After checking the box of IPSec VPN with the Same subnet the options under TCP IP Network Settings will be changed as shown below Remote Network IP Remote Network Mask Add a static ro...

Page 302: ...o types for you to choose Whole Subnet Specific IP Address Virtual IP Mapping A pop up dialog will appear for you to specify the local IP address and the mapping virtual IP address 2 After finishing a...

Page 303: ...s an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing a...

Page 304: ...ile as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request Delete Click this bu...

Page 305: ...r router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it dire...

Page 306: ...ate whose extensions are usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing private keys and certificates securely It is used in among other things...

Page 307: ...the information into it and submit a request A new certificate will be issued to you by the CA server You can save it D De el le et te e Click this button to remove the selected certificate 4 4 1 11...

Page 308: ...Im mp po or rt ti in ng g a a T Tr ru us st te ed d C CA A To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then...

Page 309: ...Vigor2120 Series User s Guide 293...

Page 310: ...tificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in b...

Page 311: ...LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN int...

Page 312: ...ata transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been...

Page 313: ...he wireless channel Please refer to the following figure for more information Available settings are explained as follows Item Description Enable Wireless LAN Check the box to enable wireless function...

Page 314: ...SSID or just cannot see any thing about Vigor wireless router while site surveying The system allows you to set four sets of SSID for different usage In default the first set of SSID will be enabled Y...

Page 315: ...se click OK to save the configuration 4 4 1 12 2 3 3 S Se ec cu ur ri it ty y This page allows you to set security with different modes for SSID 1 2 3 and 4 respectively After configuring the correct...

Page 316: ...Disable Turn off the encryption mechanism WEP Accepts only WEP clients and the encryption key should be entered in WEP Key WEP 802 1x Only Accepts only WEP clients and the encryption key is obtained...

Page 317: ...ated via authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde Type Select from Mixed WPA WPA2 or WPA2 only Pre Shared Key PSK Eith...

Page 318: ...n Enable Mac Address Filter Select to enable the MAC Address filter for wireless LAN identified with SSID 1 to 4 respectively All the clients expressed by MAC addresses listed in the box can be groupe...

Page 319: ...ure to make network connection between wireless station and wireless access point vigor router with the encryption of WPA and WPA2 Note Such function is available for the wireless station with WPS sup...

Page 320: ...rt PBC button of network card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor r...

Page 321: ...de of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless cli...

Page 322: ...idge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be r...

Page 323: ...ollowing page will be shown Available settings are explained as follows Item Description Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fu...

Page 324: ...ng mode please type in the peer MAC address in these fields Four peer MAC addresses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If y...

Page 325: ...ess data transmission 2 4G 5G Available settings are explained as follows Item Description Operation Mode Mixed Mode the router can transmit data with the ways supported in both 802 11a b g and 802 11...

Page 326: ...egation MSDU can combine frames with different sizes It is used for improving MAC layer s performance for some brand s clients The default setting is Enable Long Preamble This option is to define the...

Page 327: ...sms supported by Wi Fi networks It allows devices to take more time in sleeping state and consume less power to improve the performance by minimizing transmission latency The default setting is Disabl...

Page 328: ...k for a long time Note Up to 300 Wireless Station records are supported by Vigor router Available settings are explained as follows Item Description SSID Display the SSID that the wireless station wil...

Page 329: ...the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover APs in the neighborhood Available settings are explained as follows I...

Page 330: ...IEEE802 11 channel access mechanisms is that each station has equal probability to access the channel When wireless stations have similar data rate this principle leads to a fair result In this case s...

Page 331: ...ns 2 All stations mainly use download traffic 3 The performance bottleneck is wireless connection Available settings are explained as follows Item Description Enable Airtime Fairness Try to assign sim...

Page 332: ...at frequency It helps to leave 2 4GHz band available for legacy clients and improves users experience by reducing channel utilization If dual band is detected the AP will let the wireless client conne...

Page 333: ...ent is capable of dual band or not within the time limit Check Time If the wireless station does not have the capability of 5GHz network connection the system shall wait and check for several seconds...

Page 334: ...box of Enable Band Steering and use the default value 15 for check time setting 3 Click OK to save the settings 4 Open Wireless LAN 2 4GHz General Setup and Wireless LAN 5GHz General Setup Configure...

Page 335: ...d Wireless LAN 5GHz Security Configure Security as 12345678 for both pages Click OK to save the settings 6 Now Vigor router will let the wireless clients connect to less congested wireless LAN such as...

Page 336: ...with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as...

Page 337: ...settings are explained as follows Item Description Bind to WAN Choose and check WAN interface s for SSL VPN tunnel establishement Port Such port is set for SSL VPN server It will not affect the HTTPS...

Page 338: ...th access to Internet and a web browser Each item is explained as follows Item Description Name Display the application name of the profile that you create Host Address Display the IP address for VNC...

Page 339: ...l a remote PC through RDP protocol SMB Application It allows you to access and control a remote PC through RDP protocol IP Address If you choose VNC or RDP you have to type the IP address for this pro...

Page 340: ...even in a guest network or web cafe The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode...

Page 341: ...he Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP with IPSec Policy Al...

Page 342: ...ta transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through...

Page 343: ...s group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node Check the Medium DES 3DES or AES box as the security method Medium Authentication Header AH me...

Page 344: ...ess into Draytek SSL VPN portal interface Next users can open SSL VPN Online Status to view logging status of SSL VPN Available settings are explained as follows Item Description Active User Display c...

Page 345: ...ports on Vigor router are allowed to connect to USB modem Models of the modems supported by Vigor router can be seen from USB Application Modem Support List For network connection via USB modem refer...

Page 346: ...rset At present Vigor router supports four types of character sets Default Charset is for English based file name SMB File Sharing Service Click Enable to invoke SMB file sharing service via the route...

Page 347: ...nishing all the settings here please click OK to save the configuration 4 4 1 14 4 2 2 U US SB B U Us se er r M Ma an na ag ge em me en nt t This page allows you to set profiles for FTP users Any user...

Page 348: ...en FTP client software and type the password specified here for accessing into USB storage disk The length of the password is limited to 11 characters Confirm Password Type the password again to make...

Page 349: ...to the upper directory Create Click this icon to add a new folder Current Path Display current folder Upload Click this button to upload the selected file to the USB storage disk The uploaded file in...

Page 350: ...ee Capacity It displays the free space of the USB storage disk Click Refresh at any time to get new status for free capacity Index It displays the number of the client connecting to FTP server IP Addr...

Page 351: ...ries User s Guide 335 4 4 1 14 4 5 5 M Mo od de em m S Su up pp po or rt t L Li is st t Such page provides the information about the brand name and model name of the USB modems which are supported by...

Page 352: ...s Guide 336 4 4 1 14 4 6 6 S SM MB B C Cl li ie en nt t S Su up pp po or rt t L Li is st t SMB Client Support List provides the test status information for applications with file sharing operated unde...

Page 353: ...Page Greeting Configuration Backup Syslog Mail Alert Time and Date SNMP Management Reboot System Firmware Upgrade and Activation Below shows the menu items for System Maintenance 4 4 1 15 5 1 1 S Sy y...

Page 354: ...er Display the current status of DHCP server of the LAN interface DNS Display the assigned IP address of the primary DNS WAN Link Status Display current connection status MAC Address Display the MAC a...

Page 355: ...onfiguration Server e g VigorACS Available settings are explained as follows Item Description Tr069 Click Enable to activate the settings on this page ACS Server On Choose the interface for the router...

Page 356: ...ust send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is 60 seconds Maximum Keep Alive Period...

Page 357: ...gth of the password is limited to 23 characters Confirm Password Type in the new password again When you click OK the login window will appear Please use the new password to access into the web user i...

Page 358: ...bove Set to Factory Default Click to return to the factory default setting When you click OK the login window will appear Please use the new password to access into the web user interface again Below...

Page 359: ...password in the filed of Password and click Login 6 The main screen with User Mode will be shown as follows Settings to be configured in User Mode will be less than settings in Admin Mode Only basic c...

Page 360: ...equirement Available settings are explained as follows Item Description Enable Check this box to enable the login customization function Login Page Title Type a brief description e g Welcome to DrayTe...

Page 361: ...Vigor2120 Series User s Guide 345 Below shows an example of login customization with the information typed in Login Description and Bulletin...

Page 362: ...Choose File Click it to specify a file to be restored Click Restore to restore the configuration If the file is encrypted the system will ask you to type the password to decrypt the configuration file...

Page 363: ...will download automatically to your computer as a file named config cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows...

Page 364: ...enance Configuration Backup The following windows will be popped up as shown below 2 Click the Choose File button to choose the correct configuration file for uploading to the router 3 Click the Resto...

Page 365: ...torage disk Router Name Display the name for such router configured in System Maintenance Management If there is no name here simply lick the link to access into System Maintenance Management to set t...

Page 366: ...this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to t...

Page 367: ...Vigor2120 Series User s Guide 351...

Page 368: ...system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the IP address or domain name of the time server Priority IPv...

Page 369: ...Daylight Saving Check the box to enable the daylight saving Such feature is available for certain area Automatically Update Interval Select a time interval for updating from the NTP server Send NTP R...

Page 370: ...thentication method support MD5 and SHA for the management needs Available settings are explained as follows Item Description Enable SNMP Agent Check it to enable this function Get Community Set the n...

Page 371: ...unity Notification Host IP IPv6 Set the IPv6 address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds Enable SNMPV3 Agent Check it to enable this functio...

Page 372: ...er is used to send receive SIP message for building a session The management pages for IPv4 and IPv6 protocols are different F Fo or r I IP Pv v4 4 Available settings are explained as follows Item Des...

Page 373: ...orce Protection Any client trying to access into Internet via Vigor router will be asked for passing through user authentication Such feature can prevent Vigor router from attacks when a hacker tries...

Page 374: ...or r I IP Pv v6 6 Available settings are explained as follows Item Description Management Access Control Allow management from the Internet Enable the checkbox to allow system administrators to login...

Page 375: ...self signed certificate is signed with its own private key The self signed certificate will be applied in SSL VPN HTTPS and so on In addition it can be created for free by using a wide variety of tool...

Page 376: ...dule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To r...

Page 377: ...his example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and FTP sit...

Page 378: ...mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate...

Page 379: ...Vigor2120 Series User s Guide 363 Below shows the successful activation of Web Content Filter...

Page 380: ...ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the sour...

Page 381: ...Guide 365 4 4 1 16 6 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Available settings are explained as follows Item Description Refresh Clic...

Page 382: ...ss and an IP address Available settings are explained as follows Item Description Refresh Click it to reload the page 4 4 1 16 6 4 4 I IP Pv v6 6 N Ne ei ig gh hb bo ou ur r T Ta ab bl le e The table...

Page 383: ...nflicts etc Click Diagnostics and click DHCP Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays...

Page 384: ...ist page Available settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router...

Page 385: ...displayed on Diagnostics DNS Cache Table Available settings are explained as follows Item Description Clear Click this link to remove the result on the window Refresh Click it to reload the page When...

Page 386: ...xplained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping to Use the drop down list to choose the destination that you want to ping IP Address Type the IP address of t...

Page 387: ...listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoking Data Flow Monitor If not a notification dialog box will appear to remind y...

Page 388: ...red device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock The device with the I...

Page 389: ...lick Reset to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meani...

Page 390: ...the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen And Available settings are explained as follows...

Page 391: ...check Enable Web Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference Available settings are explained...

Page 392: ...the information for each event F Fo or r U US SB B S Sy ys sl lo og g This page displays the syslog recorded on the USB storage disk Available settings are explained as follows Item Description Time D...

Page 393: ...16 6 1 14 4 D Do oS S F Fl lo oo od d T Ta ab bl le e This page can display content of IP connection detected by DoS Flooding Defense mechanism It is useful and convenient for network engineers e g M...

Page 394: ...Vigor2120 Series User s Guide 378 Note The icon means there is something wrong e g attacking the system with that IP address...

Page 395: ...to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec ck ki i...

Page 396: ...link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Windows 7 As to the examples for oth...

Page 397: ...btain an IP address automatically and Obtain DNS server address automatically Finally click OK F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Applicatio...

Page 398: ...Vigor2120 Series User s Guide 382...

Page 399: ...er correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista 7 The DOS command dialog will...

Page 400: ...If the problem of LEDs cannot be solved by the above measures please contact with the nearest reseller or send an e mail to DrayTek FAE for technical support Check if the settings offered by ISP are c...

Page 401: ...Notebook with 3G 4G USB Modem to test the connection speed to verify if the problem is caused by Vigor2120 In addition please refer to the manual of 3G 4G USB Modem for LED Status to make sure if the...

Page 402: ...ll the settings to the factory settings H Ha ar rd dw wa ar re e R Re es se et t While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you s...

Page 403: ...Series User s Guide 387 5 5 7 7 C Co on nt ta ac ct ti in ng g D Dr ra ay yT Te ek k If the router still cannot work correctly after trying many efforts please feel free to send e mail to support Dra...

Page 404: ...Vigor2120 Series User s Guide 388 This page is left blank...

Page 405: ...Windows 7 user please make sure the Windows Features of Telnet Client has been turned on under Control Panel Programs Type cmd and press Enter The Telnet terminal will be open later In the following w...

Page 406: ...This command allows to configure a network setting specified for Australia s ISP bpa m command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description m Available settings...

Page 407: ...v n NAME S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX It means to specify the index number of CSM profile from 1 to 32 v It means to view the configuration of the C...

Page 408: ...pe show a i p t m S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description a It means to show configuration for All groups i It means to show configuration for IM group p It means to...

Page 409: ...g configuration for the specified profile m It means to show MISC group setting configuration for the specified profile ACTION Specify the action of the application 0 or 1 0 Block All of the applicati...

Page 410: ...f the profile msg MSG It means de set the administration message MSG means the content less than 255 characters of the message itself obj It means to specify the object for the profile INDEX It means...

Page 411: ...ject_Index csm ucf obj INDEX uac g KEY_WORD_Group_Index S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description INDEX It means to specify the index number of CSM profile from 1 to 8...

Page 412: ...1 Profile Name game Log none Priority Select Bundle Pass Enable URL Access Control Action pass v Prevent web access from IP address No Obj NO Object Name No Grp NO Group Name csm ucf obj 1 uac a B Pro...

Page 413: ...ion of the CSM profile e It means to enable the restriction of web feature d It means to disable the restriction of web feature a Set the action of web feature P or B B Block The web access meets the...

Page 414: ...Index csm wcf obj INDEX g KEY_WORD Group Index csm wcf obj INDEX w E D P B csm wcf obj INDEX s CATEGORY WEB_GROUP csm wcf obj INDEX u CATEGORY WEB_GROUP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io...

Page 415: ...k s It means to choose the items under CATEGORY or WEB_GROUP u It means to discard items under CATEGORY or WEB_GROUP WEB_GROUP Child_Protection Leisure Business Chating Computer Internet Other CATEGOR...

Page 416: ...ion v Tasteless v Child Abuse Images leisure Group Entertainment Games Sports Travel Leisure Recreation Fashion Beauty T Te el ln ne et t C Co om mm ma an nd d c cs sm m d dn ns sf f It means to confi...

Page 417: ...r system will send a message page to describe that the page is not allowed to be visisted ON Enable the function of displaying message page OFF Disable the function of displaying message page SHOW Dis...

Page 418: ...t its parameter s ATTACK_F It means to specify the name of flooding attack s or portscan e g synflood udpflood icmpflood or postscan THRESHOLD It means the packet rate packet second that a flooding at...

Page 419: ...t username max 49 characters for Internet accessing p password It means to set password max 49 characters for Internet accessing a n It means to set PPP Authentication Type and n means different types...

Page 420: ...u link1 p link1 a 0 WAN1 Internet Mode set to PPPoE PPPoA WAN1 Username set to link1 WAN1 Password set successful WAN1 PPP Authentication Type set to PAP CHAP T Te el ln ne et t C Co om mm ma an nd d...

Page 421: ...ubmask public subnet mask S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Display an IP address which allows users set as the public subnet mask public subnet IP address Spe...

Page 422: ...dress IP pool 1 Enable 172 16 3 229 Yes 2 Enable 172 16 3 56 No 3 Enable 172 16 3 113 No T Te el ln ne et t C Co om mm ma an nd d i ip p a ad dd dr r This command allows users to set add a specified L...

Page 423: ...current status for the arp table arp accept allows to accept or reject the source destination MAC address arp setCacheLife allows users to configure the duration in which ARP caches can be stored on t...

Page 424: ...n e 1 or 0 w wan unmber c option number x option value ip dhcpc option u idx unmber ip dhcpc release ip dhcpc renew ip dhcpc status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Descr...

Page 425: ...on n Parameter Description IP address It means the WAN IP address WAN1 PVC3 PVC4 PVC5 It means the WAN port PVC that the above IP address passes through E Ex xa am mp pl le e ip ping 172 16 3 229 WAN...

Page 426: ...ddress Port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IP address Type the WAN or LAN IP address of the remote device Port Type a port number e g 23 Available settings...

Page 427: ...pecified WAN interface 1 Enable the function of setting RIP of WAN IP 0 Disable the function E Ex xa am mp pl le e ip wanrip Valid ex ip wanrip ifno e 0 1 ifno 1 WAN1 2 WAN2 3 PVC3 4 PVC4 5 PVC5 e 0 1...

Page 428: ...the destination netmask It means the netmask of the specified IP address gateway It means the gateway of the connected router ifno It means the connection interface 3 WAN1 5 WAN3 6 WAN4 7 WAN5 Howeve...

Page 429: ...tion of the T_home service query It means to set IGMP general query interval The default value is 125000 ms ppp 0 No need to set IGMP with PPP header 1 Set IGMP with PPP header status It means to disp...

Page 430: ...ave status On enable the IGMP snoop leave checking function Off it will drop LEAVE if still clients on the same group separate It means to set IGMP packets being separated by NAT Bridge On The packets...

Page 431: ...et t C Co om mm ma an nd d i ip p w wa an nt tt tr r This command is used to setup the time to return WAN1 from backup WAN ip wanttr time in seconds S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on...

Page 432: ...t C Co om mm ma an nd d i ip p s se es ss si io on n This command allows users to set maximum session limit number for the specified IP set message for exceeding session limit and set how many seconds...

Page 433: ...means the number of the session limits e g 50 for P2P E Ex xa am mp pl le e ip session default 100 ip session add 192 168 1 5 192 168 1 100 100 50 ip session on ip session status IP range 192 168 1 5...

Page 434: ...default 200 800 ip bandwidth add 192 168 1 50 192 168 1 100 10 60 ip bandwidth status IP range 192 168 1 50 192 168 1 100 Tx 10K Rx 60K Current ip Bandwidth limit is turn off Auto adjustment is off T...

Page 435: ...ddress for binding with specified MAC address MAC It means to type the MAC address for binding with the IP address specified Comment It means to type words as a brief description All It means to delet...

Page 436: ...and parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description a IP Address It is used to configure IP address mapping IPv4 IPv6 Address or multiple subnet addresses IP Addre...

Page 437: ...e ip lanDNSRes i 1 n ftp drayTek com Configure Set1 s DomainName ftp drayTek com ip lanDNSRes i 1 n ftp drayTek com ip lanDNSRes i 1 a 172 16 2 10 s 1 ip lanDNSRes i 1 a 172 16 3 10 s 1 ip lanDNSRes...

Page 438: ..._ _o op pt t This command is used to configure option request settings for DHCPv6 client ip6 dhcp req_opt LAN WAN1 WAN2 iface command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Par...

Page 439: ...er Description client It means the dhcp client settings command parameter The available commands with parameters are listed below means that you can type in several commands in one line a It means to...

Page 440: ...a It means to show current DHCPv6 status i pool_min_addr It means to set the start IPv6 address of the address pool x pool_max_addr It means to set the end IPv6 address of the address pool d addr It m...

Page 441: ...parameter The available commands with parameters are listed below means that you can type in several commands in one line m n It means to set IPv6 MTU N any value 0 means unspecified u username It mea...

Page 442: ...inet6_addr LAN WAN1 WAN2 ip6 neigh a inet6_addr N LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description s It means to add a neighbour d It means to delete a neighbo...

Page 443: ...ed T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ro ou ut te e This command allows you to ip6 route s prefix prefix length gateway LAN WAN1 WAN2 iface D ip6 route d prefix prefix length ip6 rou...

Page 444: ...ip6 ping IPV6 address Host LAN WAN1 WAN2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description IPV6 address Host It means to specify the IPv6 address or host for ping LAN WAN1 WA...

Page 445: ...roker Amsterdam freenet net Status Connected T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 r ra ad dv vd d This command allows you to enable or disable RADVD server Ip6 radvd s 1 0 lifetime ip6 r...

Page 446: ...s which can be used to execute management through Internet index It means the number 1 2 and 3 allowed to be configured for IPv6 management prefix It means to type the IPv6 address which will be used...

Page 447: ...Interface UP IPv6 DNS Server Static IPv6 DNS Server Static IPv6 DNS Server Static Tx packets 408 Tx bytes 32160 Rx packets 428 Rx bytes 33636 ip6 online 1 WAN 1 online status IPv6 WAN1 Disabled Defaul...

Page 448: ...onnecting ip6 aiccu subnet show 2 IPv6 WAN2 AICCU Subnet Prefix Config 2001 1111 1111 64 T Te el ln ne et t C Co om mm ma an nd d i ip p6 6 n nt tp p This command allows you to set IPv6 settings for N...

Page 449: ...available T Te el ln ne et t C Co om mm ma an nd d i ip pf f s se et t This command is used to set general rule for firewall ipf set Options ipf set SET_NO rule RULE_NO Options S Sy yn nt ta ax x D D...

Page 450: ...t means to configure the advanced settings f VALUE It means to accept large incoming fragmented UDP or ICMP packets E VALUE It means to set the maximum count for session limitation F VALUE It means to...

Page 451: ...arameters e It means to enable or disable the rule setting 0 disable 1 enable s o g obj It means to specify source IP object and IP group o indicates object g indicates group obj indicates index numbe...

Page 452: ...rom 1 192 For example d g 1 means the first destination IP group profile S o g obj It means to specify Service Type object and IP group o indicates object g indicates group obj indicates index number...

Page 453: ...index Available settings range from 0 8 0 means no profile will be applied c It means to set code page Different number represents different code page 0 None 1 ANSI 1250 Central Europe 2 ANSI 1251 Cy...

Page 454: ...P Group1 Destination IP Group2 Service Type TCP UDPGroup1 Fragments Don t Care Pass or Block Block Immediately Branch to Other Filter Set None Max Sessions Limit 32000 Current Sessions 0 Mac Bind IP N...

Page 455: ...Available settings include tcp udp icmp E Ex xa am mp pl le e ipf flowtrack set r Refresh the flowstate ok ipf flowtrack view f Start to show the flowtrack sessions state ORIGIN 192 168 1 11 59939 8 8...

Page 456: ...mp pl le e log w 25 36 25 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP 0 0 0 0 Your IP 0 0 0 0 Next server IP 0 0 0 0 Relay agent IP 0 0 0 0 25 36 33 580 DHCP WAN 5 Len 548XID 0x7880fdd4 Client IP...

Page 457: ...mmand allows users to set HTTP port for management mngt httpport Http port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description Http port It means to enter the number for HTTP po...

Page 458: ...ers to set SSH port for management mngt sshport ssh port S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description ssh port It means to type the number for SSH port The default settin...

Page 459: ...ewlog mngt noping clearlog S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description on All PING packets will be forwarded from LAN PC to Internet off All PING packets will be blocked...

Page 460: ...viewlog It means to display a log of defense worm packet including source MAC and source IP clearlog It means to remove the log of defense worm packet E Ex xa am mp pl le e mngt defenseworm add 21 Add...

Page 461: ...ho oi ic cm mp p This command is used to reject or accept PING packets from the Internet mngt echoicmp enable mngt echoicmp disable S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Descr...

Page 462: ...parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several comman...

Page 463: ...nterface 2 LAN2 On Off On means turning on the subnet for the specified LAN interface Off means turning off the subnet E Ex xa am mp pl le e msubnet switch 2 On LAN2 Subnet On This setting will take e...

Page 464: ...t command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t s st ta at tu us s This command is used to display current status of subnet msubnet status 2 S Sy yn nt ta...

Page 465: ...be configured for Routing usage E Ex xa am mp pl le e msubnet nat 2 off LAN2 Subnet is for Routing usage Note If you have multiple WAN connections please be reminded to setup a Load Balance policy so...

Page 466: ...to 220 E Ex xa am mp pl le e msubnet ipcnt 2 15 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn...

Page 467: ...ng Please use sys reboot command to reboot the router msubnet startip msubnet startip 2 Gateway IP Now LAN2 192 168 2 90 T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t p pp pp pi ip p...

Page 468: ...pl le e msubnet nodetype 2 1 Set LAN2 Dhcp Node Type done msubnet nodetype msubnet nodetype 2 count Now LAN2 1 count 1 B node 2 P node 4 M node 8 H node T Te el ln ne et t C Co om mm ma an nd d m ms...

Page 469: ...secondary WINS server msubnet secWINS 2 WINS IP S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description 2 It means LAN interface 2 LAN2 WINS IP Type the IP address as the WINS IP E...

Page 470: ...publish Set LAN2 TFTP Server Name done msubnet tftp msubnet tftp 2 TFTP server name Now LAN2 publish T Te el ln ne et t C Co om mm ma an nd d m ms su ub bn ne et t m mt tu u This command allows you to...

Page 471: ...ns the index number of the specified object profile v It means to view the information of the specified object profile Example object ip obj 1 v n NAME It means to define a name for the IP object NAME...

Page 472: ...oup profile object ip grp setdefault object ip grp INDEX v object ip grp INDEX n NAME object ip grp INDEX i INTERFACE object ip grp INDEX a IP_OBJ_INDEX S Sy yn nt ta ax x D De es sc cr ri ip pt ti io...

Page 473: ...er such profile E Ex xa am mp pl le e object ip grp 2 n First IP Group Profile 2 Name First Interface Any Included ip object index 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 object ip grp 2 i 1 object ip grp 2 a...

Page 474: ...v n NAME It means to define a name for the IP object NAME Type a name with less than 15 characters Example object ip obj 9 n bruce i INTERFACE It means to define an interface for the IP object INTERFA...

Page 475: ...cr ri ip pt ti io on n Parameter Description setdefault It means to return to default settings for all profiles INDEX It means the index number of the specified group profile v It means to view the in...

Page 476: ...el ln ne et t C Co om mm ma an nd d o ob bj je ec ct t s se er rv vi ic ce e o ob bj j This command is used to create service object profile object service obj setdefault object service obj INDEX v o...

Page 477: ...port values are different it indicates that all the ports except the range defined here are available for this service type 2 larger the port number greater than this value is available 3 less the po...

Page 478: ...ified group profile v It means to view the information of the specified group profile Example object service grp 1 v n NAME It means to define a name for the service group NAME Type a name with less t...

Page 479: ...w the contents of the specified profile PAGE type the page number show It means to show the contents for all of the profiles INDEX It means the index number of the specified keyword profile v It means...

Page 480: ...ject profile v It means to view the information of the specified file extension object profile n NAME It means to define a name for the file extension object profile NAME Type a name with less than 15...

Page 481: ...pic pict png tif tiff Video category asf avi mov mpe mpeg mpg v mp4 qt rm v wmv 3gp 3gpp 3gpp2 3g2 Audio category v aac v aiff v au v mp3 v m4a v m4p v ogg v ra v ram v vox v wav v wma Java category c...

Page 482: ...a ap pt ti im me e This command allows you to set a time of keeping the session connection for specified protocol portmaptime command parameter S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Par...

Page 483: ...ax x D De es sc cr ri ip pt ti io on n Parameter Description command parameter The available commands with parameters are listed below means that you can type in several commands in one line h Type i...

Page 484: ...ory default for all WANs It means that you can type in several commands in one line E Ex xa am mp pl le e qos setup m 3 i 9500 o 8500 r 3 20 u 1 p 50 t 1 WAN1 QOS mode is both Wan 1 is XDSL model don...

Page 485: ...de It means to enable or disable the specified rule 0 disable 1 enable l addr Set the local address Addr1 It means Single address Please specify the IP address directly for example l 172 16 3 9 addr1...

Page 486: ...2 name set to draytek Add a rule in class2 Class2 the 1 rule enabled Set local address type to Range 192 168 1 50 192 168 1 80 T Te el ln ne et t C Co om mm ma an nd d q qo os s t ty yp pe e This comm...

Page 487: ...displays current status of LAN IP address settings E Ex xa am mp pl le e show lan The LAN settings ip mask dhcp star_ip pool gateway V LAN1 192 168 1 1 255 255 255 0 V 192 168 1 10 200 192 168 1 1 X L...

Page 488: ...el ln ne et t C Co om mm ma an nd d s sh ho ow w o op pe en np po or rt t This command displays current status of open port setting E Ex xa am mp pl le e show openport Openport settings Index Status...

Page 489: ...the eighth of the default setting E Ex xa am mp pl le e show pmtime Level0 TCP 86400001 UDP 300001 ICMP 10001 Level1 TCP 600000 UDP 90000 ICMP 7000 Level2 TCP 60000 UDP 30000 ICMP 5000 T Te el ln ne...

Page 490: ...tx weekly0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...

Page 491: ...It menas to turn off the flag of LAN port 1 2 3 4 v It menas to view current status E Ex xa am mp pl le e srv dhcp dhcp2 l 1 e 1 srv dhcp dhcp2 v 2nd DHCP server flag status Server works on specified...

Page 492: ...xa am mp pl le e Vigor ip route add 192 168 1 56 255 255 255 0 192 168 1 12 3 default Vigor srv dhcp public status Index MAC Address T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p d...

Page 493: ...This command can force the router to invoke DNS Server IP address srv dhcp frcdnsmanl on srv dhcp frcdnsmanl off S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description It means to...

Page 494: ...hc cp p o of ff f This function allows users to turn off DHCP server It needs rebooting router please type sys reboot command to reboot router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh...

Page 495: ...l le e srv dhcp startip 192 168 1 53 This setting will take effect after rebooting Please use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s...

Page 496: ...ns the lease time that DHCP server can use The unit is second E Ex xa am mp pl le e srv dhcp leasetime srv dhcp leasetime Lease Time sec Now 86400 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d...

Page 497: ...hcp primWINS 192 168 1 88 srv dhcp primWINS srv dhcp primWINS WINS IP address srv dhcp primWINS clear Now 192 168 1 88 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p s se ec cW WI IN...

Page 498: ...250 T Te el ln ne et t C Co om mm ma an nd d s sr rv v d dh hc cp p t tf ft tp p This command can set the TFTP server as the DHCP server srv dhcp tftp TFTP server name S Sy yn nt ta ax x D De es sc cr...

Page 499: ...all the user defined DHCP options d idx It means to delete the option number by specifying its index number e 1 or 0 It means to enable disable custom option feature 1 enable 0 disable i It means to...

Page 500: ...ne line e enable It means to enable or disable the address mapping rule profile 0 disable 1 enable l ip It means private IP address LAN IP w idx It means to specify the public IP 1 WAN1 Default 2 WAN1...

Page 501: ...can type in several commands in one line e It means to enable disable such feature 1 enable 0 disable i It means to specify the private IP address of the DMZ host r It means to remove DMZ host settin...

Page 502: ...pe in several commands in one line a enable It means to enable or disable the open port rule profile 0 disable 1 enable c comment It means to type the description less than 23 characters for the defin...

Page 503: ...port pri ip pri port wan1 wan2 srv nat portmap del idx srv nat portmap disable idx srv nat portmap enable idx proto srv nat portmap flush srv nat portmap table S Sy yn nt ta ax x D De es sc cr ri ip...

Page 504: ...otocol Public Port Private IP Private Port ifno 1 game 6 80 192 168 1 11 100 1 2 0 0 0 2 3 0 0 0 2 4 0 0 0 2 5 0 0 0 2 6 0 0 0 2 7 0 0 0 2 8 0 0 0 2 9 0 0 0 2 10 0 0 0 2 11 0 0 0 2 12 0 0 0 2 13 0 0 0...

Page 505: ...eans to set the protocol for incomming port The range is from 0 to 65535 d It means to delete the specified profile v It means to display port trigger setting E Ex xa am mp pl le e srv nat trigger 1 c...

Page 506: ...0 0 0 0 18 0 0 0 0 0 0 0 19 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C Co om mm ma an nd d s sr rv v n na at t s sh ho ow wa al ll l This comma...

Page 507: ...itch i 1 traffic on External Device NO 1 traffic statistic function is enable T Te el ln ne et t C Co om mm ma an nd d s sw wi it tc ch h s st ta at tu us s This command is used to display current sta...

Page 508: ...factory default settings When a user types this command all the configuration will be reset to default setting sys cfg default sys cfg status S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Param...

Page 509: ...n set and remove the domain name of the system when DHCP mode is selected for WAN sys domainname wan1 wan2 Domain Name Suffix sys domainname wan1 wan2 clear S Sy yn nt ta ax x D De es sc cr ri ip pt t...

Page 510: ...terface 4 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 02 Interface 5 Ethernet Status DOWN IP Address 0 0 0 0 Netmask 0x00000000 MAC 00 50 7F 00 00 03 Interface 6 Ethe...

Page 511: ...e sys name wan1 wan2 ASCII string max 39 characters sys name wan1 wan2 clear Now wan1 drayrouter wan2 Note Such name can be used to recognize router s identification in SysLog dialog T Te el ln ne et...

Page 512: ...m mp pl le e sys autoreboot on autoreboot is ON sys autoreboot 2 autoreboot is ON autoreboot time is 2 hour s T Te el ln ne et t C Co om mm ma an nd d s sy ys s c co om mm mi it t This command allows...

Page 513: ...mory Status and Leakage List Buf sk_buff 200B used 1647 cached 30 Buf KMC4088 4088B used 0 cached 8 Buf KMC2552 2552B used 1641 cached 42 Buf KMC1016 1016B used 7 cached 1 Buf KMC504 504B used 8 cache...

Page 514: ...nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description get parm option It means to get parameters for tr 069 option nextlevel only gets nextlevel for GetParameterNames set parm value It me...

Page 515: ...etGatewayDevice DeviceInfo InternetGatewayDevice ManagementServer InternetGatewayDevice Time InternetGatewayDevice Layer3Forwarding InternetGatewayDevice LANDevice InternetGatewayDevice WANDevice Inte...

Page 516: ...n ns se e This command can process the system license sys license licmsg sys license licauth sys license regser sys license licera sys license licifno sys license lic_wiz set reg qry sys license dev_c...

Page 517: ...ing time and message sys fr_log E Ex xa am mp pl le e sys fr_log 2015 01 30 10 50 29 Telnet Login success from IP 192 168 3 50 2015 01 30 10 50 05 Admin Mode save System Maintenance Management 2015 01...

Page 518: ...nd d u up pn np p o on n This command can enable UPnP function E Ex xa am mp pl le e upnp on UPNP start T Te el ln ne et t C Co om mm ma an nd d u up pn np p n na at t This command can display IGD NA...

Page 519: ...ceId OSInfo1 SCPDURL upnp OSInfo xml controlURL OSInfo1 eventURL OSInfoEvent1 UDN uuid 774e9bbe 7386 4128 b627 001daa843464 SERVICE TABLE2 serviceType urn schemas upnp org service WANCommonInterfaceCo...

Page 520: ...subscribe Vigor upnp subscribe 1 serviceType urn schemas microsoft com service OSInfo 1 Subscribtion1 sid 7a2bbdd0 0047 4fc8 b870 4597b34da7fb eventKey 1 ToSendEventKey 1 expireTime 6926 active 1 Del...

Page 521: ...he protocol TCP time 0 1 real_addr 0 0 0 0 pseudo_addr 0 0 0 0 real_port 0 pseudo_port 0 hit_portmap_index 0 The protocol 0 time 0 MORE q Quit Enter New Lines Space Bar Next Page T Te el ln ne et t C...

Page 522: ...Y Huawei Huawei E303D 3 5G Y Huawei Huawei E3131 3 5G Y Huawei Huawei E3372 LTE Y Huawei Huawei E392 LTE Y Huawei Huawei E398 LTE Y Huawei Huawei K3772 3 5G M Huawei Huawei K4605 3 5G Y Sony Erics Son...

Page 523: ...rs to manage the router E Ex xa am mp pl le e vigbrg cfgip 192 168 1 15 vigbrg cfgip Vigor Bridge Config IP Now 192 168 1 15 T Te el ln ne et t C Co om mm ma an nd d v vi ig gb br rg g w wa an ns st t...

Page 524: ...r LAN4 under one VLAN group please type the port number s you want s1 s2 s3 s4 It is only available for WALN models 5gs1 5gs2 5gs3 5gs4 It is only available for WLAN n plus model E Ex xa am mp pl le e...

Page 525: ...restarted with newest configuration vlan restart E Ex xa am mp pl le e vlan restart VLAN restarts T Te el ln ne et t C Co om mm ma an nd d v vl la an n s st ta at tu us s This command display current...

Page 526: ...use sys reboot command to reboot the router T Te el ln ne et t C Co om mm ma an nd d v vl la an n s su ub bm mo od de e This command changes the VLAN encapsulation mechanisms in the LAN driver vlan s...

Page 527: ...on It allows the incoming of untagged packets even all VLAN are tagged unlimited off It does not allows the incoming of untagged packets E Ex xa am mp pl le e vlan tagged unlimited on unlimited mode i...

Page 528: ...he system VLAN ID is in range 200 263 T Te el ln ne et t C Co om mm ma an nd d v vp pn n l l2 2l ls se et t This command allows users to set advanced parameters for LAN to LAN function vpn l2lset list...

Page 529: ...op p This command allows users to terminate current LAN to LAN VPN connection E Ex xa am mp pl le e vpn l2lDrop T Te el ln ne et t C Co om mm ma an nd d v vp pn n d di in ns se et t This command allo...

Page 530: ...mp pl le e vpn dinset 1 Dial in profile index 1 Profile Name Status Deactive Mobile OTP Disabled Password Idle Timeout 300 sec vpn dinset 1 on set profile active vpn dinset 1 motp on Enable Mobile OT...

Page 531: ...mand allows users to specify a subnet selection for the specified remote dial in VPN profile vpn subnet index 1 2 S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description index It me...

Page 532: ...ile ip It means the IP address to dial to usr pwd It means the user and the password required for the PPTP connection nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 pptp_o...

Page 533: ...nnection key It means the value of IPsec Pre Shared Key nip nmask It means the remote network IP and the mask e g vpn setup 1 name1 dialin 1 2 3 4 vigor 1234 abc 192 168 1 0 255 255 255 0 E Ex xa am m...

Page 534: ...es through Available settings are wlf wlo w2f and w2o w1f WAN1 First w1o WAN1 Only w2f WAN2 First w2o WAN2 Only nnpkt It means the NetBios Naming Packet on Enable the function to pass the packet off D...

Page 535: ...th p means to set PPP Authentication PAP Only ovj It means VJ Compression ovj on off means to enable disable VJ Compression okey It means IKE Pre Shared Key okey abcd means to set IKE Pre Shared Key a...

Page 536: ...means to set IKE Pre Shared Key abcd imeth It means IPSec Security Method imeth h means Allow AH imeth d means Allow DES imeth 3 means Allow 3DES imeth a means Allow AES For TCP IP Settings mywip It...

Page 537: ...yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description list It means to display all of the route settings add It means to add a new route del It means to delete specified route index I...

Page 538: ...1 32 E Ex xa am mp pl le e vpn list 32 all Common Settings Profile Name Profile Status Disable Netbios Naming Packet Pass Call Direction Both Idle Timeout 300 PING to keep alive off Dial out Settings...

Page 539: ...l ln ne et t C Co om mm ma an nd d v vp pn n 2 2n nd ds su ub bn ne et t This command allows users to enable second subnet IP as VPN server IP vpn 2ndsubnet on vpn 2ndsubnet off S Sy yn nt ta ax x D D...

Page 540: ...m mm ma an nd d v vp pn n m ms ss s This command allows users to configure the maximum segment size MSS for different TCP types vpn mss show vpn mss default vpn mss set connection type TCP maximum seg...

Page 541: ...fer 529 minimum 529 leak 3 of free S Buffer 1199 minimum 1198 leak 1 of free Msgid Buffer 1024 minimum 1024 T Te el ln ne et t C Co om mm ma an nd d v vp pn n M Mu ul lt ti ic ca as st t This command...

Page 542: ...he packets cannot pass through NAT E Ex xa am mp pl le e vpn pass2nd on 2nd subnet is allowed to pass VPN tunnel T Te el ln ne et t C Co om mm ma an nd d v vp pn n p pa as ss s2 2n na at t This comman...

Page 543: ...0 E Ex xa am mp pl le e wan ppp_mru 1 Now 1500 wan ppp_mru 1 1490 wan ppp_mru 1 Now 1490 wan ppp_mru 1 1492 wan ppp_mru 1 Now 1492 T Te el ln ne et t C Co om mm ma an nd d w wa an n m mt tu u This com...

Page 544: ...AN connection E Ex xa am mp pl le e wan disable WAN WAN disabled T Te el ln ne et t C Co om mm ma an nd d w wa an n e en na ab bl le e This command allows you to disable wan connection E Ex xa am mp p...

Page 545: ...C_WAN4 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packets 0 RX Rate Bps 0 PVC_WAN5 Offline stall N Mode Up Time 00 00 00 IP GW IP TX Packets 0 TX Rate Bps 0 RX Packet...

Page 546: ...keup off It means to wake up the modem by Vigor router wakeup value It means the commands used to wakup modem The format shall be heximal digits vid Set device VID belong to this interface for multipl...

Page 547: ...ion on It means to enable ping detection The IP address of the target shall be set off It means to enable ARP detection default always_on disable link detect always connected only support static IP ta...

Page 548: ...xa am mp pl le e wan lb status WAN1 on WAN2 on WAN3 on WAN4 on WAN5 on T Te el ln ne et t C Co om mm ma an nd d w wa an n m mv vl la an n This command allows you to configure multi VLAN for WAN and L...

Page 549: ...map to LAN port 2 3 4 in bridge mode service type is Normal No tag added wan mvlan 7 on p2 p3 p4 PVC Bridge p1 p2 p3 p4 Service Type Tag Priority 7 ON 0 0 1 1 Normal 0 OFF 0 T Te el ln ne et t C Co om...

Page 550: ...es sc cr ri ip pt ti io on n Parameter Description It means the number of WAN interface 1 means WAN1 2 means WAN2 value It means the number to be tagged on packets The range of the value is between 3...

Page 551: ...as 100Mbps 1000 means 1000Mbps E Ex xa am mp pl le e wan fiber status Fiber is not detected T Te el ln ne et t C Co om mm ma an nd d w wp pt tl l This command is used to set the profile for wireless a...

Page 552: ...lient access into the Internet The client must click on the button to proceed url type the url of the web page e It means to enable such profile d It means to disnable such profile i It means to show...

Page 553: ...SID3 and SSID4 add MAC ssid1 ssid2 ssid3 ssid4 isolate It means to associate a MAC address to certain SSID interfaces access control settings The isolate setting will limit the wireless client s netwo...

Page 554: ...ode wl config ratectl ssid_num enable upload download wl config isolate ssid_num lan member wl config dtim value wl config dtim show wl config beaconperiod wl config radio enable S Sy yn nt ta ax x D...

Page 555: ...SSID_NUMBER Type 1 2 3 or 4 to specify SSID1 SSID2 SSID3 or SSID4 mode Available settings are disable No security wpa1x WPA 802 1x Only wpa21x WPA2 802 1x Only wpamix1x Mixed WPA WPA2 802 1x only wep1...

Page 556: ...ay current beaconperiod value radio enable It means to enable wireless Wi Fi function 1 enable 0 disable raido show It means to display current status of Wi Fi function E Ex xa am mp pl le e wl config...

Page 557: ...to disable the function txburst enable It means to enhance the performance in data transmission about 40 more by enabling Tx Burst It is active only when both sides of Access Point and Station in wire...

Page 558: ...ip pt ti io on n Parameter Description enable disable It means to enable disable the station management control ssid_num It means channel selection Available channel for 2 4G 0 1 2 3 Available channe...

Page 559: ...and allows users to set WMM for wireless connection It defines the priority levels for four access categories derived from 802 1d prioritization tabs wl wmm ap QueIdx Aifsn Cwmin Cwmax Txop ACM wl wmm...

Page 560: ...1 0 1 0 WMM_SSID0 1 WMM_SSID1 0 WMM_SSID2 1 WMM_SSID3 0 wl wmm show Enable WMM SSID0 1 SSID1 0 SSID2 1 SSID3 0 APSD 0 QueIdx 0 APAifsn 3 APCwmin 4 APCwmax 6 APTxop 0 APACM 0 QueIdx 1 APAifsn 7 APCwmi...

Page 561: ...r enabling wl ht txpower value The value you can type ranges from 1 6 level wl ht antenna value The value you can type ranges from 0 3 0 2T3R 1 2T2R 2 1T2R 3 1T1R wl ht greenfield value The value you...

Page 562: ...settings wl dual acl enable ssid1 ssid2 ssid3 ssid4 wl dual acl disable ssid1 ssid2 ssid3 ssid4 wl dual acl add MAC ssid1 ssid2 ssid3 ssid4 isolate wl dual acl del MAC wl dual acl mode ssid1 ssid2 ssi...

Page 563: ...D3 None SSID4 None wl dual acl add 00 50 70 ff 12 80 wl acl add 00 50 70 ff 12 80 ssid1 ssid2 isolate Set Done wl acl show Enable Mac Address Filter ssid1 dis ssid2 dis ssid3 dis ssid4 dis MAC Address...

Page 564: ...wl dual config ratectl ssid_num enable upload download wl dual config ratectl show wl dual config isolate lan ssid_num enable wl dual config isolate member ssid_num enable wl dual config isolate vpn...

Page 565: ...a table of SSID configuration ratectl ssid_num enable upload download It means to set the rate control for the specified SSID ssid_num Choose 1 2 3 or 4 to specify SSID1 SSID2 SSID3 or SSID4 enable I...

Page 566: ...ou set the channel wl dual config preamble 1 Long preamble is enabled Note Please restart 5G wireless after you set the parameters wl dual config ssid 1 enable dray SSID Enable Hide_SSID Name 1 1 0 dr...

Page 567: ...x1x Mixed WPA WPA2 802 1x only wep1x WEP 802 1x Only wpapsk WPA PSK wpa2psk WPA2 PSK wpamixpsk Mixed WPA WPA2 PSK wep WEP key index Moreover you have to add keys for wpapsk wpa2psk wpamixpsk and wep a...

Page 568: ...d w wl l d du ua al l w wd ds s This command allows users to configure WDS for wireless connection 5GHz wl dual wds mode value wl dual wds security value wl dual wds ap value wl dual wds hello value w...

Page 569: ...o remote end peer Value 1 enable the function 0 disable the function status It means to display WDS link status for 5GHz connection show It means to display current WDS settings mac add index addr add...

Page 570: ...configure WPS for wireless connection 5GHz wl dual wps enable value wl dual wps pbc wl dual wps pin code wl dual wps show S Sy yn nt ta ax x D De es sc cr ri ip pt ti io on n Parameter Description en...

Page 571: ...enable or disable the function of WOL from WAN on enable off disable any It means any source IP address can pass through NAT and wake up the LAN client This command will allow the user to choose whet...

Page 572: ...isplay all of the untraceable APS with speficed index number e It menas to enable QoS for application s and assign QoS class AP_INDEX Each index number represents one application Index number 50 51 52...